Help migrating from Italian tiscali provider's router to freepbx and pfsense


(Silvered Dragon) #1

Hi to all, I have an ftth + voip connectivity provided by tiscali isp in italy. The plan comes with a free of charge locked/brand zyxel router, but the provider also releases the pppoe and sip parameters in an email in this way:

PPPoE static 
USER-VLAN 8/35 in 802.1Q
user ID PPP (Internet) userppp@ftth.tiscali.it
Password PPP (Internet) passwordppp
Username SIP (Voice) 0039XXXXXXXXXX@ims.tiscali.net
Password SIP (Voice) passwordsip
URI 0039XXXXXXXXXX
outbound proxy/proxy server:
srv:  srvmi.p.ims.tiscali.net
fqdn:  core1.p.ims.tiscali.net
IP:  213.205.21.8
Protocol UDP:  port 5060
Protocol Voip: SIP RFC 3261
Domain/Registrar: ims.tiscali.net
Codec list: g711alaw; g729
DTMF rfc2833 payload type 97 symmetric implementation
Fax g 711 pass-through (T38 disabled)
Session refresh Update method
PRACK Supported 100rel|
MWI notify unsolicited ( subscribe disable)
CLIP PAI-FROM

now I want to migrate from this zyxel router to a pfsense box for the pppoe interface and to freepbx for the sip trunk. no problems with pfsense, but I cannot figure out a way for configuring these parameters in my freepbx box (only chan_pjsip).
in my pjsip trunk I have added username, password, outbound proxy and sip server as above but I’m always receiving something like error 171005 missing route set.
Hope someone can give to me a starting point.
many thanks


#2

At the Asterisk command prompt, type
pjsip set logger on
and post the log of an attempted registration (if you can’t register) or an attempted incoming or outgoing call (if you can register but can’t call).

Also, post your trunk settings with username and password masked, but all else intact.


(Silvered Dragon) #3

Sorry for the late answer and yes I cannot register, I enabled the logger like this

localhost*CLI>core set verbose 4
localhost*CLI>core set debug 4
localhost*CLI>pjsip set logger on

And this is the only related trunk log I can see every 60 seconds

[2019-10-03 10:25:00] ERROR[17495]: res_pjsip.c:4051 endpt_send_request: Error 171005 
'Missing route set (for tel: URI) (PJSIP_ENOROUTESET)' sending OPTIONS request to endpoint 
0039XXXXXXXXXX
[2019-10-03 10:25:00] ERROR[17495]: res_pjsip/pjsip_options.c:911 sip_options_qualify_contact: 
Unable to send request to qualify contact sip:0039XXXXXXXXXX@ims.tiscali.net:5060 on AOR 
0039XXXXXXXXXX

this is my pjsip trunk configs files

pjsip.aor.conf

[0039XXXXXXXXXX]
type=aor
qualify_frequency=60
contact=sip:0039XXXXXXXXXX@ims.tiscali.net:5060
outbound_proxy=core1.p.ims.tiscali.net:5060

pjsip.auth.conf

[0039XXXXXXXXXX]
type=auth
auth_type=userpass
password=passwordsip
username=0039XXXXXXXXXX

pjsip.endpoint.conf

[0039XXXXXXXXXX]
type=endpoint
transport=0.0.0.0-udp
context=from-pstn
disallow=all
allow=alaw,g729
aors=0039XXXXXXXXXX
language=it
outbound_proxy=core1.p.ims.tiscali.net:5060
outbound_auth=0039XXXXXXXXXX
from_domain=ims.tiscali.net
from_user=0039XXXXXXXXXX
t38_udptl=no
t38_udptl_ec=none
fax_detect=no
trust_id_inbound=no
t38_udptl_nat=no
direct_media=no
rewrite_contact=yes
rtp_symmetric=yes
dtmf_mode=auto

pjsip.identify.conf

[0039XXXXXXXXXX]
type=identify
endpoint=0039XXXXXXXXXX
match=ims.tiscali.net

pjsip.registrations.conf

[0039XXXXXXXXXX]
type=registration
transport=0.0.0.0-udp
outbound_auth=0039XXXXXXXXXX
retry_interval=60
fatal_retry_interval=0
forbidden_retry_interval=10
max_retries=10
expiration=3600
line=yes
endpoint=0039XXXXXXXXXX
auth_rejection_permanent=yes
server_uri=sip:ims.tiscali.net:5060
client_uri=sip:0039XXXXXXXXXX@ims.tiscali.net:5060
outbound_proxy=core1.p.ims.tiscali.net:5060

from this particular connection I can ping core1.p.ims.tiscali.net (this is not possibile from other isps)
but I cannot ping srvmi.p.ims.tiscali.net. I have searched a lot around but I cannot find nothing related to this isp, but I found that on 3cx is possible to register this kind of trunk.
many thanks


#4

I believe that the Outbound Proxy setting for the trunk should be
sip:core1.p.ims.tiscali.net

See https://issues.freepbx.org/browse/FREEPBX-19643 .

Regarding the domain srvmi.p.ims.tiscali.net , there is no NAPTR record, but there are SRV records:

$ dig -t SRV _sip._udp.srvmi.p.ims.tiscali.net

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -t SRV _sip._udp.srvmi.p.ims.tiscali.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46708
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;_sip._udp.srvmi.p.ims.tiscali.net. IN  SRV

;; ANSWER SECTION:
_sip._udp.srvmi.p.ims.tiscali.net. 21599 IN SRV 10 100 5060 core2.p.ims.tiscali.net.
_sip._udp.srvmi.p.ims.tiscali.net. 21599 IN SRV 20 100 5060 core1.p.ims.tiscali.net.

and I believe that pjsip should be able to deal with that.

As you noted, the Tiscali servers are firewalled off, including from here in France (and from any other sites I have access to), so I can’t do any meaningful probing.


(Silvered Dragon) #5

thank you @Stewart1 for your reply, I have edited the outbound proxy as you suggest, but I didn’t understand where to place in my configuration the srvmi.p.ims.tiscali.net . Anyway now the error is different, I’m receiving the following

[2019-10-04 08:06:19] WARNING[1807]: res_pjsip_outbound_registration.c:993 handle_registration_response: 403 Forbidden fatal response received from 'sip:ims.tiscali.net:5060' on registration attempt to 'sip:0039XXXXXXXXXX@ims.tiscali.net:5060', retrying in '10' seconds

<--- Transmitting SIP request (623 bytes) to UDP:213.205.21.8:5060 --->
REGISTER sip:core1.p.ims.tiscali.net:5060 SIP/2.0
Via: SIP/2.0/UDP 82.84.72.XX:5060;rport;branch=z9hG4bKPje8eeb917-0188-4f0b-ac17-e85c305a3f13
From: <sip:0039XXXXXXXXXX@ims.tiscali.net>;tag=d48ea4b8-88b1-49fd-8944-c5e79b57d735
To: <sip:0039XXXXXXXXXX@ims.tiscali.net>
Call-ID: e4462ce5-b0b2-4d17-8df0-fcbbe2506ae9
CSeq: 20364 REGISTER
Contact: <sip:s@82.84.72.33:5060;line=qzyzcgz>
Expires: 3600
Allow: OPTIONS, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, REGISTER, REFER, MESSAGE
Route: <sip:ims.tiscali.net:5060>
Max-Forwards: 70
User-Agent: FPBX-14.0.13.4(13.26.0)
Content-Length:  0

<--- Transmitting SIP request (503 bytes) to UDP:213.205.21.8:5060 --->
OPTIONS sip:core1.p.ims.tiscali.net:5060 SIP/2.0
Via: SIP/2.0/UDP 82.84.72.XX:5060;rport;branch=z9hG4bKPjcc61d4dc-1c5f-4dcc-85b9-61bb5a85ef70
From: <sip:0039XXXXXXXXXX@192.168.1.99>;tag=a30fc92e-c57b-412f-89a1-4d33c42dfc86
To: <sip:0039XXXXXXXXXX@ims.tiscali.net>
Contact: <sip:0039XXXXXXXXXX@82.84.72.33:5060>
Call-ID: 67701b88-74d2-40b9-9e53-13af39265a99
CSeq: 20100 OPTIONS
Route: <sip:0039XXXXXXXXXX@ims.tiscali.net:5060>
Max-Forwards: 70
User-Agent: FPBX-14.0.13.4(13.26.0)
Content-Length:  0

(Asteriskadmin) #6

your log only shows you sending a REGISTER and OPTIONS to the core1.p.ims.tiscali.net which resolved to 213.205.21.8

doesnt look like they are responding

that first line refers to something which is not in your log


(Silvered Dragon) #7

exactly, there is no response in the log… I cannot figure out this


(Asteriskadmin) #8

there’s lines prior to all this, related to that warning with 403 forbidden, what are they ?

if your proxy is not responding to REGISTER, you’re using the wrong proxy or they are ignoring you


(Silvered Dragon) #9

sorry in my log there is this response that I didn’t noticed:

<--- Received SIP response (445 bytes) from UDP:213.205.21.8:5060 --->
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 82.84.72.XX:5060;rport=60000;branch=z9hG4bKPj22e297f7-8c97-43ed-99b1-4f1af2082907
To: <sip:0039XXXXXXXXXX@ims.tiscali.net>;tag=ztesiprMnrgvtl*3-7-16648*degh.3
From: <sip:0039XXXXXXXXXX@ims.tiscali.net>;tag=e576f041-1619-43ad-ba3c-dc4a554e0a6e
Call-ID: 90b24124-b24f-4118-83c9-8b5f0f2a7ff8
CSeq: 59478 REGISTER
X-ZTE-Cause: "CSCF-BC005027.BC0056B9.BC0053A1.rmicscf1.ims.tiscali.net"
Content-Length: 0

(Asteriskadmin) #10

theyre responding to this. where’s your initial request that they are rejecting?


(Silvered Dragon) #11

I analyzed a new log from the the beginning here is the complete request/response, what I noticed is that I have to place ims.tiscali.net in “from domain” field or I will not receive any kind of response, and I still didn’t understand where to place srvmi.p.ims.tiscali.net

<--- Transmitting SIP request (923 bytes) to UDP:213.205.21.8:5060 --->
REGISTER sip:core1.p.ims.tiscali.net SIP/2.0
Via: SIP/2.0/UDP 82.84.72.XX:5060;rport;branch=z9hG4bKPj7095f76a-c0e7-4596-b530-faf980fa455c
From: <sip:0039XXXXXXXXXX@ims.tiscali.net>;tag=f59c2a58-67d8-4594-8653-bbdcfa0b6e7a
To: <sip:0039XXXXXXXXXX@ims.tiscali.net>
Call-ID: 2635f82e-76da-4ac6-9f53-e3c81a937955
CSeq: 2801 REGISTER
Contact: <sip:s@82.84.72.33:5060;line=vtgejqo>
Expires: 3600
Allow: OPTIONS, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, REGISTER, REFER, MESSAGE
Max-Forwards: 70
User-Agent: FPBX-14.0.13.4(13.26.0)
Authorization: Digest username="0039XXXXXXXXXX", realm="ims.tiscali.net", nonce="528d8ab21df7a8e44ac88ec41860c044", uri="sip:core1.p.ims.tiscali.net", response="4437b1537661cc40eb2ecff6f1359059", algorithm=MD5, cnonce="abffcaea-1eff-4e05-be02-2223652e8d49", opaque="aW1zLmNvbS5jbg==", qop=auth, nc=00000001
Route: <sip:ims.tiscali.net:5060>
Content-Length:  0


<--- Received SIP response (447 bytes) from UDP:213.205.21.8:5060 --->
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 82.84.72.XX:5060;rport=60000;branch=z9hG4bKPj7095f76a-c0e7-4596-b530-faf980fa455c
To: <sip:0039XXXXXXXXXX@ims.tiscali.net>;tag=ztesipnIm9aFoj_kP*3-7-16648*eecf.3
From: <sip:0039XXXXXXXXXX@ims.tiscali.net>;tag=f59c2a58-67d8-4594-8653-bbdcfa0b6e7a
Call-ID: 2635f82e-76da-4ac6-9f53-e3c81a937955
CSeq: 2801 REGISTER
X-ZTE-Cause: "CSCF-BC005027.BC0056B9.BC0053A1.rmicscf1.ims.tiscali.net"
Content-Length: 0


[2019-10-04 08:43:03] WARNING[8700]: res_pjsip_outbound_registration.c:993 handle_registration_response: 403 Forbidden fatal response received from 'sip:ims.tiscali.net:5060' on registration attempt to 'sip:0039XXXXXXXXXX@ims.tiscali.net:5060', retrying in '10' seconds

(Asteriskadmin) #12

im guessing this is the second part because you are sending the NONCE in this REGISTER, so hopefully before this you already did this dance
-> REGISTER
<- SIP/2.0 100 Trying
<- SIP/2.0 407 Proxy Authentication Required
-> REGISTER (this is what we are seeing?)

if that’s the case, a few things come to mind, other than incorrect password or username.
the realm is case sensitive and sometimes it has to be something specific and not in your config, like the word “Realm” itself

realm=“Realm”

EDIT: sorry they will tell you what the realm is in 407, make sure it matches and you’re not overriding somehow

also you posted username is a full URI not just the phone number portion?


(Silvered Dragon) #13

Sorry @asteriskadmin but I’m not so good with analyzing sip logs so I will try… first off all I cannot see in the log any 407 status and the real in the authorization string that I reported is realm=“ims.tiscali.net” so I think that is right… about the username

they send to me an email with the username in this format 0039XXXXXXXXXX@ims.tiscali.net but I cannot place this under the username field cause I will receive the error

res_pjsip.c:3628 create_out_of_dialog_request: Unable to create outbound OPTIONS request to 
endpoint  0039XXXXXXXXXX as URI 'sip:0039XXXXXXXXXX@ims.tiscali.net@ims.tiscali.net:5060' 
is not valid

so I removed the domain from the username. Here in Italy, in the last mounths, Tiscali is the first isp that has changed the modem management policy and released access to the sip credentials, so it will be very usefull for us to find a way to make this works. many thanks


(system) closed #14

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.