How do I make an outbound SIP URI call?

The company I work for just contracted with an answering service that handles our overflow and after-hours calls. We’re running FreePBX and Asterisk 13.22. The answering service also runs Asterisk. (I’m adding spaces in the domains in this post since they this forum thinks they’re links and new users aren’t allowed to post links). They gave us a URI to send calls to, which is [email protected] domain. com (replacing “domain” with their actual domain). They use our IP address for authentication, so we don’t have a username or password. They also only accept the ULAW codec. I’ve spent countless hours trying to figure out how to get this to work.

I’ve tried adding a line to the extensions_custom.conf file, but get a “Your call cannot be completed as dialed” message when trying to call extension 1000:

exten => 1000,1,Dial(SIP/asterisk. domain. com,30)

I also get the following in the Asterisk log:

[2019-08-27 09:02:51] VERBOSE[12096][C-000000ca] netsock2.c: Using SIP RTP TOS bits 184
[2019-08-27 09:02:51] VERBOSE[12096][C-000000ca] netsock2.c: Using SIP RTP CoS mark 5
[2019-08-27 09:02:51] VERBOSE[18422][C-000000ca] pbx.c: Executing [[email protected]:1] Dial(“SIP/101-00000045”, “SIP/asterisk. domain. com,30”) in new stack
[2019-08-27 09:02:51] VERBOSE[18422][C-000000ca] netsock2.c: Using SIP RTP TOS bits 184
[2019-08-27 09:02:51] VERBOSE[18422][C-000000ca] netsock2.c: Using SIP RTP CoS mark 5
[2019-08-27 09:02:51] VERBOSE[18422][C-000000ca] app_dial.c: Called SIP/asterisk. domain. com
[2019-08-27 09:02:51] WARNING[12096][C-000000ca] chan_sip.c: Received response: “Forbidden” from ‘“Ryan Test” <sip:[email protected][masked IP address]:5070>;tag=as5370cc75’
[2019-08-27 09:02:51] VERBOSE[18422][C-000000ca] app_dial.c: Everyone is busy/congested at this time (1:0/0/1)

They won’t be making any calls into our PBX. We will only be sending calls to them. To make things a little more confusing, we use PJSIP and they use CHAN_SIP. I have both enabled on our server and run CHAN_SIP on port 5070. But their server knows we’re at port 5070 and responds correctly to that port, so I don’t think that’s an issue? The phone I’m using to test this has a CHAN_SIP extension. Do I need to create a trunk and/or outbound route? This is what they have on their server for us:

host=[masked IP address]
permit=[masked IP]/

For the time being, we have a workaround in place… They gave us a DID to forward calls to. But that’s not ideal since they then get our caller ID info (not the customer’s), it uses 2 of our 8 channels with our VOIP provider, and we get charged long distance for each call. Any help would be greatly appreciated!!

Have you looked at them as if they were an extension?

Set up a Miscellaneous Destination (I think) and your IVR/Time Condition at that. Then, in the MiscDest, point the dial string to their URI. That way they look like a “more or less” local extension and you avoid the SIP trunks entirely. This should also solve your Caller ID problem, since you won’t be forwarding a call, they are just an extension off your network. You can then set them up as a destination for your time group (or anything else that accepts various destinations) and not have to dial them using one of your extension numbers.

Custom ext with dial string of SIP/[email protected]


I did try to set up a Misc Destination. Everything I try in the “Dial” field comes up with an error that says “Please enter a valid Dial string” when trying to submit it. I’ve tried the following:

Dial(SIP/asterisk.domain. com,30)
Dial(SIP/asterisk.domain. com)
SIP/asterisk.domain. com,30
SIP/asterisk.domain. com
[email protected] com
SIP/[email protected] com

I also tried adding this to the extensions_custom.conf file:
exten => 1000,1,Dial(SIP/[email protected] com,30)

Do you have one space too much between “.” and “com”?

Yeah, I have to type it this way just in the forum. I’m a new user and if I type the domain out, I get an error that says “New users cannot post links”, even though it isn’t a link. On the PBX, I don’t have any spaces

Lorne’s suggestion of a Custom Extension should also work, but this approach doesn’t use an extension in your system.

My expectation was that that should have worked. If that’s the case, your next bit of code might make it work.

If you add this in a custom context, you can make the destination
custom-context-name,1000,1 which would complete the circuit. You’ll probably need something to terminate the context (a hangup, for example) so the call drops when the external call is over, but that’s just debugging.

On your spaces: put a backslash ( \ ) in front of the periods and the strings won’t be interpreted as URIs.

As @lgaetz says. You don’t need to manually edit extensions_custom.conf or any other files. Delete anything there that’s related to this issue. Use an extension number other than 1000 to simplify debuggging.

The Dial parameter should be
SIP/[email protected]

Call that extension locally and confirm that it works. Then, set up your Time Condition to route to the Custom Extension and test. If you have trouble, post a new log.

Perhaps think about a new provider. If you’re paying by the minute, they should give you however many channels you need at no additional cost. If you’re paying by the channel, minutes should be free (up to some limit). And a decent provider should let you send the number of the original caller as your outbound caller ID.

I didn’t know you could add a Custom Extension right through the GUI. Just tried it now though. I removed everything I created in the conf files, created an extension of 1234 with “SIP/[email protected] domain. com” (without the space) in the Dial parameter, then tried dialing it. I actually get a ringback tone, but my phone says “Call failed: 503 Service Unavailable”. Still getting a “Forbidden” message back from their server:

[2019-08-27 10:53:30] VERBOSE[2758][C-000000f1] app_stack.c: Spawn extension (from-sip-external, 1234, 1) exited non-zero on ‘SIP/asterisk.domain .com-00000056’
[2019-08-27 10:53:30] VERBOSE[2758][C-000000f1] app_stack.c: SIP/asterisk.domain .com-00000056 Internal Gosub(func-apply-sipheaders,s,1) complete GOSUB_RETVAL=
[2019-08-27 10:53:30] VERBOSE[2758][C-000000f1] app_dial.c: Called SIP/[email protected] .com
[2019-08-27 10:53:30] WARNING[12096][C-000000f1] chan_sip.c: Received response: “Forbidden” from ‘“Ryan Test” <sip:[email protected][Our IP]:5070>;tag=as5f4ad17b’
[2019-08-27 10:53:30] VERBOSE[2758][C-000000f1] app_dial.c: Everyone is busy/congested at this time (1:0/0/1)

When I brought that “Forbidden” error to the IT admin at the answering service, he said “403 means you are trying to authenticate with a user/password and it’s being rejected since there is no user/password required”. I don’t see where I’m trying to authenticate with a user/pass, unless the “1000” in the URI is considered a user.

I just asked to look at one of our bills and it actually looks like we’re just paying for inbound calls to our toll-free numbers. We’re not paying for outbound calls like I thought I’ve seen before. But it would be nice to be able to send the original caller’s number.

At the Asterisk command prompt, type
sip set debug ip (the address that resolves to)
This will cause the SIP traffic to/from that address to be included in the Asterisk log. Make a failing test call and post the result.

1 Like

Just tried that and I’ll paste the response below. I did a “replace all” in Notepad on their IP, our IP, and their domain to include the spaces. Not sure if I really need to do that since our servers only accept SIP traffic from certain IP’s. But this is what I got back when trying to make a test call:

freepbx*CLI> sip set debug ip [Their PBX IP]
SIP Debugging Enabled for IP: [Their PBX IP]
Audio is at 19404
Adding codec ulaw to SDP
Adding codec g722 to SDP
Adding codec g726 to SDP
Adding codec gsm to SDP
Adding non-codec 0x1 (telephone-event) to SDP
Reliably Transmitting (NAT) to [Their PBX IP]:5060:
INVITE sip:[email protected] .com SIP/2.0
Via: SIP/2.0/UDP [Our PBX IP]:5070;branch=z9hG4bK444aa9cb;rport
Max-Forwards: 70
From: “Ryan Test” <sip:[email protected][Our PBX IP]:5070>;tag=as6e155d47
To: <sip:[email protected] .com>
Contact: <sip:[email protected][Our PBX IP]:5070>
Call-ID: [email protected][Our PBX IP]:5070
CSeq: 102 INVITE
User-Agent: FPBX-
Date: Tue, 27 Aug 2019 16:21:37 GMT
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 332

o=root 1442309129 1442309129 IN IP4 [Our PBX IP]
s=Asterisk PBX 13.22.0
c=IN IP4 [Our PBX IP]
t=0 0
m=audio 19404 RTP/AVP 0 9 111 3 101
a=rtpmap:0 PCMU/8000
a=rtpmap:9 G722/8000
a=rtpmap:111 G726-32/8000
a=rtpmap:3 GSM/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16

<— SIP read from UDP:[Their PBX IP]:5060 —>
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP [Our PBX IP]:5070;branch=z9hG4bK444aa9cb;received=[Our PBX IP];rport=5070
From: “Ryan Test” <sip:[email protected][Our PBX IP]:5070>;tag=as6e155d47
To: <sip:[email protected] .com>;tag=as60f8ffa8
Call-ID: [email protected][Our PBX IP]:5070
CSeq: 102 INVITE
Server: Asterisk PBX SVN–rexported
Supported: replaces, timer
Content-Length: 0

— (10 headers 0 lines) —
Transmitting (NAT) to [Their PBX IP]:5060:
ACK sip:[email protected] .com SIP/2.0
Via: SIP/2.0/UDP [Our PBX IP]:5070;branch=z9hG4bK444aa9cb;rport
Max-Forwards: 70
From: “Ryan Test” <sip:[email protected][Our PBX IP]:5070>;tag=as6e155d47
To: <sip:[email protected] .com>;tag=as60f8ffa8
Contact: <sip:[email protected][Our PBX IP]:5070>
Call-ID: [email protected][Our PBX IP]:5070
CSeq: 102 ACK
User-Agent: FPBX-
Content-Length: 0

[2019-08-27 11:21:37] WARNING[12096][C-000000fb]: chan_sip.c:24055 handle_response_invite: Received response: “Forbidden” from ‘“Ryan Test” <sip:[email protected][Our PBX IP]:5070>;tag=as6e155d47’
Scheduling destruction of SIP dialog ‘[email protected][Our PBX IP]:5070’ in 32000 ms (Method: INVITE)

1 Like

Do I need to enable “Allow SIP Guests”? Or is that only if they were to send calls to us?

That’s incoming only.

They might be limiting you to calls from your trunk (and not from extensions)? If they are expecting calls from/through your DID, that would explain the Forbidden.

I’m just guessing.

I emailed their System Administrator and this is what he wrote back:

“We are expecting calls from your PBX through the trunk, We are expecting a call to come through to extension s or 1000”

We have the DID also set up until we can send calls directly to their PBX. But they aren’t limiting calls to one or the other.

Show them the Invite you are sending, which they are rejecting and ask them what’s wrong with it.

1 Like

Temporarily change the Dial field for your custom extension to
SIP/[email protected]
call it and confirm that you get the echo test.

Assuming that works, my next guess is that either you or they have your public IP wrong. Visit

from a PC on the same LAN as your PBX. Are there any special network configs that we should be aware of (dual WAN on your router, more than one NIC on the PBX)?

Next, something in your network may be altering the SIP packets. Modem make/model? Router/firewall make/model? Running PBX in a VM with other than bridged networking? Any special settings for SIP?

Just gave that echo test a try and it worked. I opened WhatIsMyIp\ .com from the PBX’s command line using the “links” Linux program and it shows the correct IP that I gave them. I looked a screenshot of what he has configured for us to confirm the IP’s match. I tried both the DNS address and IP address for their Asterisk PBX.

We actually don’t have a modem. We’re an internet service provider. Our PBX is hosted on one of our VMware hosts, which is directly connected to our core switch. Our core routers that connect to our upstream providers (Hurrican Electric and MICE) are also directly connected to that switch. Our routers and PBX are in the Cologix building in Minneapolis, where we have direct connections to our upstream providers. Our core routers are also virtualized and reside on two other VMware hosts. The routers are Mikrotik. The firewall settings are identical to what we have for our VOIP provider, so I wouldn’t think there would be an issue with the one VOIP provider has been working just fine.

I sent him the Invite that shows they’re rejecting us, like avayax suggested. I just heard back from him while typing this. This is what he says:

[2019-08-27 10:55:02] SECURITY[15385] res_security_log.c:
AccountID=“asterisk. domain. com”,
LocalAddress=“IPV4/UDP/[Their IP]/5060”,
RemoteAddress=“IPV4/UDP/[Our IP]/5070”,

[2019-08-27 10:55:02] NOTICE[15417][C-00027b25] acl.c: SIP Peer ACL: Rejecting ‘[Our IP]’ due to a failure to pass ACL ‘(BASELINE)’
[2019-08-27 10:55:02] NOTICE[15417][C-00027b25] chan_sip.c: Failed to authenticate device “Ryan Test” <sip:[email protected][Our IP]:5070>;tag=as78e0b786

Have you added our public IP to your ACL rules? FreePBX has ACL rules enabled by default if I remember correctly.

It looks to me that their PBX is rejecting us. But maybe I’m reading that wrong.

I can’t believe we all missed that. allow is for codecs, for the ACL it should be
permit=[masked IP]/

That was an error on my part when copying what his config was. He actually has “permit=[Our IP]/”. Not “allow”. I didn’t catch that until you wrote that, then looked at what I typed in my initial post. Does the “permit” need to go above the “deny” on his end? Or does that not matter?