IAX2 Link going down in one direction

amartin13 · November 10, 2015, 5:24pm

Hello all, I’m having a problem with my PBXs that are linked via IAX2.

I have two PBXs running Asterisk 11, and FreePBX 2.11. One of the PBXs is hosted by Amazon t1.Micro and a second is onsite. The goal being fault tolerance if the cloud PBX can’t reach the onsite PBX it just takes a message and forwards the voicemail to the correct person. All outgoing and incoming calls from the sip trunking provider goes through the cloud PBX. The trouble is the link between the two PBXs stops working in the direction of cloud to onsite frequently. (every other day or so) The PBXs say the IAX2 trunk is still up, and running via the CLI, the on-site server can make outgoing calls via the cloud PBX, But, the incoming calls go to voicemail because the cloud PBX can’t place a call to the on-site PBX. Rebooting the cloud PBX fixes the issue.

Peer Details: Cloud
host=OnsiteServerIP
username=200
secret=xxxx
qualify=yes
trunk=yes
type=friend
context=from-internal

Peer Details: Onsite
host=CloudServerIP
username=300
secret=xxxx
qualify=yes
trunk=yes
type=friend
context=from-internal

Any help or pointers would be greatly appreciated.

danielf · November 10, 2015, 9:01pm

Hi,

First, your IAX2 trunk configuration is wrong. You should configure it like this:

Trunk name: Cloud

Peer Details:
host=OnsiteServerIP
username=Onsite
secret=xxxx
qualify=no
type=friend
context=from-internal

Trunk name: Onsite

Peer Details:
host=CloudServerIP
username=Cloud
secret=xxxx
qualify=yes
type=friend
context=from-internal

Please notice that I have left the keep alive (qualify=yes) just for one side (Onsite trunk) in order to keep the session open and cancelled the trunk=yes option. Also notice to the user name and trunk name configuration. Most of the times the problem with IAX trunk, is that they loose the open session in the firewalls and then the Asterisk reports this trunk as unknown. You can test it for few days, replacing the keep alives between the trunks. As a last resort you can reduce the keep alive to 30 seconds.

And, if after all of these games you will still suffer from this, switch to SIP trunks.

Thank you,

Daniel Friedman
Trixton LTD.

amartin13 · November 11, 2015, 6:32pm

Thank you, if this works I’ll be the happiest guy in the whole world! I’ll make the changes to qualify and remove trunk.

My trunk names are correct 300/200, I just conveyed it incorrectly. The cloud vs onsite were for description not a setting. I have a feeling it could be my firewall onsite, It’s a checkpoint has been a constant headache since purchase.

danielf · November 11, 2015, 9:18pm

Hi,

If you have a Checkpoint firewall on site, you should raise the qualify to 30 seconds (qualify=30000) because the qualify=yes is 2 seconds (2000 ms). This situation may cause to session closing after a while. Also check the smart defense settings and remove everything that relates to voip (SIP, IAX etc.).

Thank you,

Daniel Friedman
Trixton LTD.