I want to use my FreePBX in very restricted network and I believe it’s working fine most of the time.
One thing, sometimes I see CDRs that calls coming from unknown peer and “Not in Service” is announced to the caller.
VERBOSE[2987] pbx.c: – Executing [[email protected]:1] NoOp(“SIP/4.3.2.1-000000bf”, “Received incoming SIP connection from unknown peer to 100”) in new stack
VERBOSE[2987] pbx.c: – Executing [[email protected]:2] Set(“SIP/4.3.2.1-000000bf”, “DID=100”) in new stack
VERBOSE[2987] pbx.c: – Executing [[email protected]:3] Goto(“SIP/4.3.2.1-000000bf”, “s,1”) in new stack
VERBOSE[2987] pbx.c: – Goto (from-sip-external,s,1)
VERBOSE[2987] pbx.c: – Executing [[email protected]:1] GotoIf(“SIP/4.3.2.1-000000bf”, “0?checklang:noanonymous”) in new stack
VERBOSE[2987] pbx.c: – Goto (from-sip-external,s,5)
VERBOSE[2987] pbx.c: – Executing [[email protected]:5] Set(“SIP/4.3.2.1-000000bf”, “TIMEOUT(absolute)=15”) in new stack
VERBOSE[2987] func_timeout.c: Channel will hangup at 2012-06-27 10:01:48.559 KST.
VERBOSE[2987] pbx.c: – Executing [[email protected]:6] Answer(“SIP/4.3.2.1-000000bf”, “”) in new stack
VERBOSE[2987] pbx.c: – Executing [[email protected]:7] Wait(“SIP/4.3.2.1-000000bf”, “2”) in new stack
VERBOSE[2987] pbx.c: – Executing [[email protected]:8] Playback(“SIP/4.3.2.1-000000bf”, “ss-noservice”) in new stack
VERBOSE[2987] file.c: – <SIP/4.3.2.1-000000bf> Playing ‘ss-noservice.gsm’ (language ‘en’)
VERBOSE[2987] pbx.c: – Executing [[email protected]:9] PlayTones(“SIP/4.3.2.1-000000bf”, “congestion”) in new stack
VERBOSE[2987] pbx.c: – Executing [[email protected]:10] Congestion(“SIP/4.3.2.1-000000bf”, “5”) in new stack
VERBOSE[2987] pbx.c: == Spawn extension (from-sip-external, s, 10) exited non-zero on 'SIP/4.3.2.1-000000bf’
VERBOSE[2987] pbx.c: – Executing [[email protected]:1] Hangup(“SIP/4.3.2.1-000000bf”, “”) in new stack
VERBOSE[2987] pbx.c: == Spawn extension (from-sip-external, h, 1) exited non-zero on ‘SIP/4.3.2.1-000000bf’
I don’t want any unknown calls like this to be in CDRs.
Question :
-Deleting “from-sip-external” context affects any inbound call?
-If not how can I delete it from GUI?
My Config
Allow Anonymous Inbound SIP Calls?: No
Inbound calls allowed from DAHDI and SIP Trunk(voip provider)
Hi, as per what Sky is suggesting, the box should not even be exposed in such a way in the first place. But in case you get audited (like what we had), you may wish to completely obfuscate this generic message in all FreePBX installs.
You can try to override and create your own from-sip-external (in /etc/asterisk/extensions_override_freepbx.comf) that simply hangup calls.
e.g.
Or whatever you please. In my case, i just hangup like above. I keep this context so that i have CDR logs for these calls (although the logs are pretty useless as they may not contain IP address).
In your case, you can set the NoCDR function like in the above dialplan.
The place where this context is defined is in /etc/asterisk/sip_general_additional.conf
So much misinformation in this thread Has anyone looked at the “Allow SIP Guests” setting ? Also fail2ban does not protect asterisk boxen from attacks:
I got a FBX2.10, i got Ast10, plain setup. I set Allow SIP guest=no in General and SIP general allow sip guest to NO, i dial sip:[email protected] and i get this ss-noservice from any SIP phone (unregistered) and the entry is in CDR too…
I must be doing something wrong :S
[2012-06-28 15:42:12] VERBOSE[2198] netsock2.c: == Using SIP RTP CoS mark 5
[2012-06-28 15:42:12] VERBOSE[21979] pbx.c: – Executing [[email protected]:1] GotoIf(“SIP/101-00000014”, “0?checklang:noanonymous”) in new stack
[2012-06-28 15:42:12] VERBOSE[21979] pbx.c: – Goto (from-sip-external,s,5)
[2012-06-28 15:42:12] VERBOSE[21979] pbx.c: – Executing [[email protected]:5] Set(“SIP/101-00000014”, “TIMEOUT(absolute)=15”) in new stack
[2012-06-28 15:42:12] VERBOSE[21979] func_timeout.c: Channel will hangup at 2012-06-28 15:42:27.441 MYT.
[2012-06-28 15:42:12] VERBOSE[21979] pbx.c: – Executing [[email protected]:6] Answer(“SIP/101-00000014”, “”) in new stack
[2012-06-28 15:42:12] VERBOSE[21979] pbx.c: – Executing [[email protected]:7] Wait(“SIP/101-00000014”, “2”) in new stack
[2012-06-28 15:42:14] VERBOSE[21979] pbx.c: – Executing [[email protected]:8] Playback(“SIP/101-00000014”, “ss-noservice”) in new stack
[2012-06-28 15:42:14] VERBOSE[21979] file.c: – <SIP/101-00000014> Playing ‘ss-noservice.gsm’ (language ‘en’)
Did you notice “SIP/101-00000014” as the channel name ? It means your phone - 101 - either is registered or replied successfully to authentication challenge from asterisk. Delete extension 101 and repeat your test.
I am not sure how is this related to the original post ?
Way to muddy the waters
Is asterisk 10 even supported at this point ? You either discovered a bug in asterisk 10 or have autocreatepeer set to yes.
Thanks again for wasting everybody’s time
Asterisk 10 is support by FreePBX 2.10 i’ve been running flawlessly for months.
BTW, i am also here to learn. If you’re not interested to help, then please by all means don’t, but do not say its wasting time, its my valuable time too i put here too just like yours. So i wont waste my time if there’s something not to discuss. This is called a help forum and this is what we are doing.
So please, if you feel irritated to help, then this is not your place …:), but i value your input and i shall get on more research.
Thank you for your comments to my thread and sorry if I made you guys confused. I am not a native English speaker and not an expert of Asterisk.
It’s good to know now that I can change “from-sip-external” not have CDRs and to hangup immediately. Thanks. I will try this later.
Another thing, am I having wrong idea for the meaning of “Disallow Anonymous Inbound SIP Calls”?
My config is like this.
1.Extensions are IP restricted but only one SIP extension outside NW uses dynamic IP with complex PW.
2.Installed Fail2ban for the purpose of rejectecting SIP registration.
3.Extension numbers start from 5xxxxx so 100 should not exist.
4.I purchased several DIDs from my voip provider and register it as a SIP Trunk.
5. 5060 port is open on FW.
In this environment, I want to block SIP direct calls to non-existing numbers like
I want my Asterisk only receive inbound call to specified DID forwared from my Voip Proivder.
My understanding is disallowing “Anonymous Inbound SIP Calls” rejects the SIP calls like above but seems not. And there is no way to block those calls except iptables setting?
Am I wrong?
I believed that “Security Settings Allow Anonymous Inbound SIP Calls?:NO” in General Setting is enough to block the anonymous calls but it seems I’m wrong.
I found another “allowsipgeuest=yes” in /etc/asterisk/sip_general_additional.conf so just change the value to “no” from “Asterisk SIP Settings” page. I hope it reacts the way I expect.
Yes. I changed allow guest setting from Tools - Asterisk SIP Settings - Allow SIP Guests: No on FreePBX and reloaded. Asterisk keeps “allowguest=no” setting in sip_general_additional.conf even after reloading. Looks nice.
So in conclusion, “Allow Anonymous Inbound SIP Calls?:NO” in General Setting doesn’t really work and changing allowguest in Asterisk SIP Settings is the key.
Has anyone looked at the “Allow SIP Guests” setting ? Also fail2ban does not protect asterisk boxen from attacks: