How to Configure SIP TRUNK by Peer to Peer (IP Authentication)

Hello everyone, good afternoon!
I apologize for my bad english, it’s not my first language and I’m using a translator.

I’m setting up a FreePBX server for the company I work for (thanks!) and we hired a SIP Trunk from the telephone provider VIVO (Telefônica Brasil) that delivers the voice link through a router/modem that is now next to the server.

I received an e-mail with the information for registering the trunk on the server, which contains the Gateway IP, the IP that must be assigned to the PABX (in an exclusive secondary NIC for the SIP TRUNK), the IP of the routes to be created in linux and things alike.

What I’ve done so far is define the information regarding the network (I installed a secondary network card) and set the IPs, after that the server already sees the modem and there is communication (ping).

However, when trying to add the trunk in the graphical interface, it is OFFLINE in the asterisk information, and I also did not see the option to set that the interface that receives the link is eth0.

How should I proceed with this SIP Trunk installation?

If you want, I can post the settings that VIVO gave me, to make it easier to understand.

I thank the attention!

BELOW IS THE TEXT THAT THE TELEPHONE PROVIDER SENT ME BY EMAIL (TRANSLATED):

Below is information for configuring the PABX.

PABX network card IP: 172.16.4.114
Gateway IP: 172.16.4.113
Mask: 255,255,255,248 ( /29 )

IP Proxy (to forward outgoing calls): 192.168.25.1
Port: UDP 5060 (SIP default)

Route to be created on Linux / PABX: Audio traffic
Network 192.168.25.0, Mask 255.255.255.0 (/24) for gateway IP 172.16.4.113

Range of branches:
7130348350-8449

Identification:
pilot 7130348350

Channels:
30 (3MB)

• When making outgoing calls, always send us the “A” number (Example 2135594500) with 10 digits (if you send something different from the contracted range (or pilot if identified by pilot) the call will not complete);
• When receiving calls, the PABX must be prepared to receive with 10 digits.
• When dialing a local number, send us only the number of “B” with 8 / 9 digits as the dialed number;
• When dialing a long distance number, send us as dialed number 015 + Cod. DDD + “B” number.
• When dialing an international number, send us 0015 + Cod. Country + “B” number.
• Regarding the codecs supported by our network, we recommend using the main codec G.729 and secondary codec G.711 alaw, and if you use fax, machine. card, the T.38 codec.
• Enable INVITE support for 100rel, PRACK and UPDATE.
• DTMF use in-band / RFC2833.
• Authentication is not mandatory for the service to work as it is a point-to-point circuit with fixed IP’s, but if you want to authenticate, use the pilot number (if identification by pilot), or any number from the contracted range (if identification by extension ) as username and password.

Your starting assumption should be that 192.16.25/24 is a local network.

For the headline question, both authentication and registration should be set to none.

I suspect the proxy isn’t actually a proxy, as they haven’t given you the domain name for the real server. In any case, there isn’t any information that allows you to configure for its not being the real destination.

There is no mention of OPTIONs. Whilst unlikely, it is possible that qualify will fail, causing the endpoint to appear offline.

Can you confirm that you have added a static route within the OS itself, for 192.168.25/24?

The interface should be determined by the address to which you are sending. The route tells it that 192.168.25/24 is reached through 172.16.4.114, which is on the same sub-net as 172.16.4.113, so the interface for the latter will be used.

Have you set the caller ID to be in the specified range.

Screen shots of the configuration are almost certainly going to be necessary to understand what is wrong.

If, as you should be, you are using chan_pjsip, it is possible to define a transport for the specific interface, but not, I believe, through the GUI, and, unless it is ambiguous, the static route should be enough.

1 Like

Hi David!

Many thanks for the reply.

I didn’t add any route on linux; about the settings I made, I just set the settings on the NIC (set the IP, mask and Gateway) and did a ping test, which worked.
But I didn’t get to create routes, my knowledge in linux is still limited.
If necessary, I can look up how to do it or ask a colleague at the company for help.

About chan_pjsip, it doesn’t appear for me as a trunk option: when clicking on create trunk, only the “PJSIP” option appears along with others, such as DAHDI, IAX, custom, among others.

Which screens do you want a screenshot of?

I’ll post all we need to understand what’s wrong.

Particularly the bit about making the route permanent, by editing system files.

Without the static route, it is not going to work (and you should not be able to ping their 192.168.25.x address.

chan_pjsip is PJSIP. I say it that way because people confuse the use of SIP to refer to chan_sip with the actual SIP protocol.

Although I don’t have a Red Hat account, and the page worked for me, the synoopsis provided by Discourse suggests it got a please become a customer page. Just in case:

also has the information.

1 Like

I added the route using the following command:
“ip route add 192.168.25.0/255.255.255.248 via 172.16.4.113 dev eth0”

and when using the route-n command, there is the following line:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface

192.168.25.0 172.16.4.113 255.255.255.248 UG 0 0 0 eth0

However, when I try to ping to the address 192.168.25.1 (which from what I understand, is the “SIP SERVER” and 192.168.25.0 is the network that linux needs to access to be able to see it), I don’t have any response - only when I use ctrl c do I see that no packets were received by the server.

By the ip route command I can see the following line:
192.168.25.0/29 via 172.16.4.113 dev eth0

I believe I am doing something wrong.
I tried to post some screenshots however the forum won’t allow me to post due to my status as a new member.

What am I doing incorrectly?

It is possible that they block pings.

1 Like

This should be
ip route add 192.168.25.0/255.255.255.0 via 172.16.4.113 dev eth0
to allow the range specified for RTP, but this would not affect pinging 192.168.25.1

Use tcpdump to see whether your ping is sent over the the correct interface to the correct MAC address (the one for 172.16.4.113) and IP address (192.168.25.1) and whether there is any reply. If not, see whether there are any replies to the OPTIONS requests your trunk is presumably sending.

Also, try calling in to one of your numbers and see what traffic, if any, arrives at 172.16.4.114 from 192.168.25.1.

1 Like

My friends, good afternoon!

Thanks for all the help you’ve given me! It was essential for me to succeed.

Anyway, in fact, the problem was physical - the cable that comes from the provider was connected to the wrong port of the modem, after connecting correctly (and configuring the route in linux as you guys guided me) the server managed to ping to 192.168.25.1 (sip server), and I was able to connect the sip trunk to the server.

(Almost) everything working fine!

I’ve tested outbound and inbound calls - inbound calls work perfecly (the audio quality is supreme), but drop out by themselves after 32 seconds of call.

Outgoing calls show the message “all circuits are busy now”, no matter how hard i try.
I believe that both problems are some mistake I made in the trunk/dialplan configuration, and I requested support from the provider.

Did you declare the special network as local? 32 seconds is the timeout you get when an ACK gets lost, as can happen if you send the wrong address in a Contact header.

1 Like

I went to the Asterisk SIP Settings menu and used the “Detect Network Settings” option, after doing that the incoming and outgoing calls behaved much better, but still a little peculiar.

I did several tests with several incoming and outgoing calls, and the incoming calls worked without any problems. fact. I will never get tired of praising the quality of voice calls made on freepbx, it’s incredible.

However, my mission with outbound calls is at, say, 95%.

Of the 20 calls I made, 4 (or 5) gave the message “all circuits are busy now”, even though they were free.

And it was a momentary thing - when I disconnected the call and turned it on again, it went out through the trunk at the same time.

What do you guys think it could be?

You need to provide the logs. See

https://wiki.freepbx.org/display/SUP/Providing+Great+Debug

1 Like

Log of a sucessful call: Just Paste Me

Log of a failed call with the message “all circuits are busy now - please try call later”: Just Paste Me

Captured those logs with asterisk -rvvvvvv and enable pjsip debug

both calls were to the same number, and were made at close times (2 minutes apart)

I noticed a strange thing on the server (which is running the freepbx distro/sangoma linux) - I checked the NAT option in the asterisk SIP settings and when detecting the network changes, it is not identifying the public ip:

And when trying to ping something external I get this error: (image comparing external and internal ping)

image

Could this have something to do with this instability with outgoing calls?

Could you please upload it to the FreePBX pastebin site. The site you gave above gave a popup which triggers red lights and loud bells to me. It said a security fix for Adobe Flash has been issued, please download, but Flash is abandonware, and I never had it on my system as it was never acceptable for Debian, so I assume it is phishing, either from the site, or because they don’t vet their adverts properly. I am not going to proceed with your original site.

1 Like

Of course!
I apologize for the first site, I didn’t know about freepbx pastebin.

Log of a Sucessful Call - FreePBX Pastebin sucessful call
Log of a Failed Call - FreePBX Pastebin failed call

The address used here indicates that the router is a SIP proxy, not a router! (That means the address they quote as being a proxy is bogus.)

https://pastebin.freepbx.org/view/1732e1c8#L200

It’s not a well behaved proxy though, as it hasn’t set a Via line here:

https://pastebin.freepbx.org/view/1732e1c8#L248

I think you are dealing with a dreaded SIP Application Level Gateway.

Nonetheless, you seem to be getting through to the the actually SIP system.

(There is a retransmission of PRACK at:

https://pastebin.freepbx.org/view/1732e1c8#L390

which indicates something is slow or losing packets.)

The problem in the failed case appears to be on the remote side, as you are successfully talking to it, but it has responded with a server timeout error.

https://pastebin.freepbx.org/view/7b2ec9e1#L363

I don’t see that there is anything you can do from your end about that.

You don’t seem to have any time stamps, so I can’t tell how long it took to get there. A lack of time stamps is normally the result of using screen scrapes, rather than actually enabling and copying the full log file.

hello david, good afternoon!
sorry for the delay in answering you, I had some unforeseen events and I was away from the internet in the last few days.

about this problem of some outgoing calls not working, I will open a ticket with the provider, so they can check if there is something wrong.

I believe it is, because we went through some cases of dialing a number and the provider returned “that number does not exist”, and then dialing again and the call completed lol :stuck_out_tongue:

I’ve seen this happening with the providers of some companies that I provide services, and usually after opening the tickets they apply a correction to the circuits and it goes back to working normally.

about the SIP ALG, is this something I should ask the provider to disable?

I did some research on google and saw that its use is not recommended due to some complications and problems it can cause… what do you think?

oh, and thanks for all the help you’ve been giving me!

After contacting the provider everything worked perfectly.

Thanks to all for your help!