How-To Guide for Google Voice with Freepbx 14 & asterisk gvsip, Ubuntu 18.04

make sure all 3 match in the pjsip_custom_post.conf file.
In the below example I use “gvsip7775551234” replace the digits with your phone number or a random string of numbers, so long as all 3 match and are very unique, so that nobody else would be using the same thing.

client_uri=sip:[email protected]

contact_additional_params=obn=gvsip7775551234

username=gvsip7775551234

See what that does for you. If that does not work then the only thing I can guess is that its an issue with the oauth Tokens, you made sure that you generated the tokens for the correct account that has the google voice number right? being logged into more than one account in the top right corner can goof things up if your not careful. (When generating tokens I log out of all accounts and log into only the account I am trying to generate the tokens for.)

Added my second gvsip account with 702 extension and moved everything in the instructions stating 1 to 2 but getting this:

[2018-07-26 04:39:23] ERROR[8837] res_pjsip_endpoint_identifier_ip.c: Identify '701-identify' is not configured to match anything.
[2018-07-26 04:39:23] ERROR[8837] res_sorcery_config.c: Could not create an object of type 'identify' with id '701-identify' from configuration file 'pjsip.conf'
[2018-07-26 04:39:23] ERROR[8837] res_pjsip_endpoint_identifier_ip.c: Identify '702-identify' is not configured to match anything.
[2018-07-26 04:39:23] ERROR[8837] res_sorcery_config.c: Could not create an object of type 'identify' with id '702-identify' from configuration file 'pjsip.conf'

I’m still getting the same response. Thank you for your help.

I’ll try rebuilding the box from the ground up. I may have missed something critical in the original build.

Another issue. Had storms, lost internet…it came back with a new IP and now I get this and busy tone:

[2018-07-26 18:48:18] ERROR[32285] res_pjsip.c: Endpoint 'gvsip1': Could not create dialog to invalid URI 'gvsip1'. Is endpoint registered and reachable?
[2018-07-26 18:48:18] ERROR[32285] chan_pjsip.c: Failed to create outgoing session to endpoint 'gvsip1'
[2018-07-26 18:48:18] WARNING[23979][C-00000016] app_dial.c: Unable to create channel of type 'PJSIP' (cause 3 - No route to destination)
[2018-07-26 18:48:18] WARNING[23979][C-00000016] app_macro.c: No such context 'macro-outisbusy' for macro 'outisbusy'. Was called by 8887777777@from-internal

EDIT:
So a reboot restored it to working status. I think there may be some work yet to be done as the implementation seems to be stateful and not recreating the registrations when the network changes. Upon the reboot, I notice these but didn’t see them when the the new IP should have been detected.

[2018-07-26 19:02:02] DEBUG[1743] res_pjsip_outbound_registration.c: Stored service-route: <sip:...
[2018-07-26 19:02:02] DEBUG[1743] res_pjsip_outbound_registration.c: Stored service-route: <sip:...
[2018-07-26 19:02:02] DEBUG[1743] res_pjsip_outbound_registration.c: Stored associated uri: <sip:...

@2devnull under Settings -> Asterisk Sip Settings, under the section labled “NAT” part of the install guide is to hit "Detect Network Settings, this fills in your External IP address, as well as your Subnet settings.

If either of these things are things that would change for you after reboots or power outages then you may be better off leaving those fields blank and instead using the google stun address as outlined in the guide.

My Public IP never changes, and I have the asterisk machine setup as a static IP in my router, so I do not have to worry about things changing.

It is also possible you found a new issue, but I cannot say for sure, if after further testing you think that you might have found a new issue, you can report the relevant info to Naf’s thread, along with logs so that he can try to determine whats happening. I would try to get a very good sense of what is causing it though, because if you or he cannot reproduce it then its hard to say exactly what the cause is.

For example, you could try unplugging your cable modem for 10 minutes, plug it back in, wait a few minutes then see if the phone still works or not, try things like this to figure out what triggers the problem, then you can also get the relevant sections of the logs that Naf would need.

I’ll try it without the External Address set (although I have Dynamic IP set on the Chan SIP Settings tab with a Dynamic Host address that is updated when my IP changes).

What confuses me is that since I don’t need any ports opened to the outside world from the FreePBX server, why is the external address necessary, i.e. all connections are created from FreePBX outward (and the other side of the connection, e.g. google therefore would already know my external address).

I haven’t had to deal with NAT issues when I was using PBXinaflash, IncrediblePBX and Wazo so not sure why it is relevant now. I know if you have extensions externally then they obviously would need to know how to get to your FreePBX but why is it necessary in the regular “everything is in-home” case?

I apologize, this issue may not be applicable to this thread and probably one in the regular pbx support thread.

I had the same thought about that 2devnull, I am not sure either, this setup is just what has worked for me.

For those particular errors you might be able to ignore them. I have those same errors for my endpoints, and I am not sure what they are about, but my phone has been working without issue.

@billsimon do you know what would cause this particular error? It happens for the configured pjsip extensions.

I did this install thanks for the hard work in figuring it out.

Some problem observations:

Firewall will not install says it must have:
The File “/usr/lib/sysadmin/includes.php” must exist.
The Module Named “manager” is required.
I installed every module with the word “manager” and no joy still.

PJSIP although I set UDP to the port you indicated , did not allow me to put Chan_SIP on Port 5060 as PJSIP was taking over on 5060 despite being explicitly set otherwise in the GUI. I did not check the actual config files just disabled UDP on pjsip and it now allows chan_sip to work on 5060

I wanted to use this as a plug -in relacement for an older Elastix , but really need a firewall if you have any ideas what the cryptic messages mean.

I observed similar issues with PJSIP taking over the connections! That is the reason that I have my extensions configured as PJSIP instead of chan_sip, so thank you for your find there!

I cannot speak to setting up the firewall through the module admin, I have not tried that one.

Being that it is a Linux system you can use any number of firewalls, such as UFW, iptables, etc. you can also install fail2ban on top of whatever firewall you choose.

If you do not have physical access to the machine, make sure you configure ufw (or whatever firewall you choose) to allow your ssh connection beforehand.

sudo ufw enable

Also to anyone that reads this, I recommend making sure you have a working phone system PRIOR to setting up a firewall, that way if things stop working you can be pretty sure the reason is that the firewall is blocking something and just needs to be configured to let the appropriate connections through.

The motivation for doing this install with freePBX was the FreePBX firewall and GVSIP together.

thanks anyway

1 Like

no problem, if you do figure out or resolve anything, be sure to post back how you fixed it, that way it can help anyone else in the same boat. (I am not a FreePBX developer, just a guy that wanted to get google voice working with FreePBX)

From what I see the Firewall is for systems with License on Cent OS , like the ISO but that does not work for me so here dead in the water

UFW has no way that I can see to integrate as an “active” firwall , so mighty just toss this install , toobad its good but no good firewall is a bad thing.

We are in the 21 Century now we need active firewalls.

@markosjal, I use pFsense as my primary line of defense. Is there not a way to have an active firewall without installing it through module admin?

I am not sure what you mean by active firewall because I know there are many different firewalls available for linux.

when you type from the command line:
sudo ufw enable

that makes it active (always on). UFW is a front end tool to linux firewall IPTABLES which is a great firewall.

appreciate your feedback.

an “Active” firewall is a firewall on the lookout for attacks, like what Fail2Ban does , but that would probably take a lot of work to make it work on this. As I recall or last I checked (years ago) Fail2Ban parsed log files but the formatting of asterisk logs made it difficult for fail2ban to parse.

Issabel has a great bult-in active firewall and its free but no GVSIP.

These are for virtual machines in a data center and it surprises me that to this day, there is no firewall that I have found that you can install on the host to protect the VMs . It is easy enough to share the log files arcoss A LAN and if an attacker goes after xxx.xxx.xxx.5 the same hacker goes after xxx.xxx.xxx.4 and xxx.xxx.xxx.6 so it make sense to block them from all VMs after attaching the fist VM. It would oprobably require some ethernet “FU” for “bridged” connections to the host but can not believe it to be impossible. Maybe someone will read my plea and run with it. Maybe someone from Oracle is listening?

1 Like

Appreciate the response, will do a little reading on some of this, thanks.

of course if this was buit on Cent OS, I think the licence could might then be installed?

Of course alien might do it it has worked where I thought it would not before.

What apparently is needed is the sysadmin module which is an RPM, and oprobably nopt available stand-alone

probably other centos specific dependencies

you mean this one?

If thats what your after goto admin → Module Admin, select Commercial for repositories and select check online, just because its commercial dont mean you have to pay to install it, just that you have to pay to use some features maybe, but since you only need it as a dependency you can probably install it to get the firewall up and going, maybe… I have not tried.

EDIT: I just tried it and its looking for zend guard loader and incrond, these would likely be installed from the ubuntu command line. I am about to eat supper, will take a look later tonight.

That module when I try to install says:

Errors with selection:
System Admin cannot be installed:
PHP Component Zend Guard Loader is required but missing from you PHP installation.
The File “/usr/sbin/incrond” must exist.
Please try again after the dependencies have been installed.
No actions to perform
Please select at least one action to perform by clicking on the module, and selecting an action on the “Action” tab.

That may be recoverable But firewall says:

Description: Integrated PBX Firewall. Currently works with RHEL 6 and RHEL 7 compatible distributions. Note: This requires the Sysadmin RPM. Please see wiki for further information.

The FreePBX Firewall requires System Admin to be installed. System Admin can only be installed via the Distro and perhaps CentOS/RHEL OS variations. It will not work at all on Ubuntu/Debian. So this solution would never work for that.