Inbound DID's from itsp via sbc unauthorized 401

Hi All,

I’m having issues with my external inbound calls being rejected with a 401 unauthorized and hoping the experts on this form my be able to point me in the right direction. I’m rather new to FreePBX

Senario:

I have installed a Sangoma Enterpise SBC with the following configuration:

ETH0: DMZ
ETH1: LAN
ETH2: ITSP (direct connect)

FreePBX 13.0.190.11 (Distro)

I have remote phones which I have registering through eth0 on the SBC and are able to make and receive calls with both internal extensions as well as other remote phones.

When dialing the DDI the call routes through SBC eth2 to eth1 but and is rejected by the PBX with 401 unauthorized.

both anonymous and guest calls are enabled.

Any ideas on where I should look. As mentioned calls are routing with no issues between both remote anbd external extensions.

Thanks

Chris

The trunk peer details need work, my guess is you need

insecure=port,invite

Thanks igaetz, quick response

These are my SIP incoming settings on the trunk.

type=peer
insecure=port,invite
host=10.100.1.11
dtmfmode=rfc2833
context=from-pstn

Chan-SIP or PJ-SIP? Unless something changed and I didn’t hear about it, you can’t connect to PJ-SIP without a username and password. Only Chan-SIP allows for host-based connections.

BTW - you really need to turn off anonymous and guest calls. That’s just asking for trouble. Expensive, time-consuming, maddening trouble.

Thanks for the advice.

I’m using Chan-sip.

Here is my debug info from the trace I did. One thing I have noticed the the SBC is inserting Remote-Party-I: and X-FS-Support: headers into the Invite when sending it on to the PBX. Could this be causing the issue?

In the trace below I have replaced the DID’s with *** for the number I’m making the call with and ### for the number I’m calling.

IP: 10.100.1.11 = SBC
IP: 10.100.1.33 = PBX

<— SIP read from UDP:10.100.1.11:5060 —>
INVITE sip:###########@10.100.1.33 SIP/2.0
Via: SIP/2.0/UDP 10.100.1.11;rport;branch=z9hG4bKScXQv5Fa8Ur5a
Max-Forwards: 48
From: “" sip:***********@10.100.1.11;tag=0mtZmD2r4rmyQ
To: sip:###########@10.100.1.33
Call-ID: cb032282-5b42-1235-28b4-00900b3d3f5f
CSeq: 102208349 INVITE
Contact: sip:[email protected]:5060;transport=udp;gw=pbxsvr03
User-Agent: NetBorder Session Controller
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Supported: precondition, path, replaces
Allow-Events: talk, hold, presence, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer
Content-Type: application/sdp
Content-Disposition: session
Content-Length: 285
Recv-Info: x-broadworks-client-session-info
X-FS-Support: update_display
Remote-Party-ID: "” sip:***********@10.100.1.11;party=calling;screen=yes;privacy=off

v=0
o=nsc 1485099655 1485099656 IN IP4 10.100.1.11
s=nsc
c=IN IP4 10.100.1.11
t=0 0
m=audio 10828 RTP/AVP 0 8 101 13
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
m=audio 10828 RTP/AVP 0 8 101 13
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:30
<------------->
— (18 headers 13 lines) —
Sending to 10.100.1.11:5060 (no NAT)
Sending to 10.100.1.11:5060 (no NAT)
Using INVITE request as basis request - cb032282-5b42-1235-28b4-00900b3d3f5f
Found peer ‘from_sbc’ for ‘***********’ from 10.100.1.11:5060
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
Found RTP audio format 0
Found RTP audio format 8
Found RTP audio format 101
Found RTP audio format 13
Found audio description format telephone-event for ID 101
[2017-01-22 12:40:27] WARNING[1796][C-0000004c]: chan_sip.c:10304 process_sdp: Declining non-primary audio stream: audio 10828 RTP/AVP 0 8 101 13
Capabilities: us - (ulaw|alaw|gsm|g726), peer - audio=(ulaw|alaw)/video=(nothing)/text=(nothing), combined - (ulaw|alaw)
Non-codec capabilities (dtmf): us - 0x1 (telephone-event|), peer - 0x3 (telephone-event|CN|), combined - 0x1 (telephone-event|)
Peer audio RTP is at port 10.100.1.11:10828
Looking for ########### in from-pstn (domain 10.100.1.33)
sip_route_dump: route/path hop: sip:[email protected]:5060;transport=udp;gw=pbxsvr03

<— Transmitting (no NAT) to 10.100.1.11:5060 —>
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.100.1.11;branch=z9hG4bKScXQv5Fa8Ur5a;received=10.100.1.11;rport=5060
From: “***********” sip:***********@10.100.1.11;tag=0mtZmD2r4rmyQ
To: sip:###########@10.100.1.33
Call-ID: cb032282-5b42-1235-28b4-00900b3d3f5f
CSeq: 102208349 INVITE
Server: FPBX-13.0.190.11(13.12.1)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Contact: sip:###########@10.100.1.33:5060
Content-Length: 0

<------------>
– Executing [###########@from-pstn:1] Set(“SIP/from_sbc-0000001d”, “__FROM_DID=###########”) in new stack
– Executing [###########@from-pstn:2] NoOp(“SIP/from_sbc-0000001d”, “Received an unknown call with DID set to ###########”) in new stack
– Executing [###########@from-pstn:3] Goto(“SIP/from_sbc-0000001d”, “s,a2”) in new stack
– Goto (from-pstn,s,2)
– Executing [[email protected]:2] Answer(“SIP/from_sbc-0000001d”, “”) in new stack
Audio is at 10196
Adding codec ulaw to SDP
Adding codec alaw to SDP
Adding non-codec 0x1 (telephone-event) to SDP

<— Reliably Transmitting (no NAT) to 10.100.1.11:5060 —>
SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.100.1.11;branch=z9hG4bKScXQv5Fa8Ur5a;received=10.100.1.11;rport=5060
From: “***********” sip:***********@10.100.1.11;tag=0mtZmD2r4rmyQ
To: sip:###########@10.100.1.33;tag=as2295cf11
Call-ID: cb032282-5b42-1235-28b4-00900b3d3f5f
CSeq: 102208349 INVITE
Server: FPBX-13.0.190.11(13.12.1)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Contact: sip:###########@10.100.1.33:5060
Content-Type: application/sdp
Content-Length: 304

v=0
o=root 2064796726 2064796726 IN IP4 10.100.1.33
s=Asterisk PBX 13.12.1
c=IN IP4 10.100.1.33
t=0 0
m=audio 10196 RTP/AVP 0 8 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv
m=audio 0 RTP/AVP 0 8 101 13

<------------>

<— SIP read from UDP:10.100.1.11:5060 —>
ACK sip:###########@10.100.1.33:5060 SIP/2.0
Via: SIP/2.0/UDP 10.100.1.11;rport;branch=z9hG4bKtNpgy00D54erp
Max-Forwards: 70
From: “***********” sip:***********@10.100.1.11;tag=0mtZmD2r4rmyQ
To: sip:###########@10.100.1.33;tag=as2295cf11
Call-ID: cb032282-5b42-1235-28b4-00900b3d3f5f
CSeq: 102208349 ACK
Contact: sip:[email protected]:5060;transport=udp;gw=pbxsvr03
Content-Length: 0

<— SIP read from UDP:10.100.1.11:5060 —>
BYE sip:###########@10.100.1.33:5060 SIP/2.0
Via: SIP/2.0/UDP 10.100.1.11;rport;branch=z9hG4bKUyF9ZUHH2D5aj
Max-Forwards: 70
From: “***********” sip:***********@10.100.1.11;tag=0mtZmD2r4rmyQ
To: sip:###########@10.100.1.33;tag=as2295cf11
Call-ID: cb032282-5b42-1235-28b4-00900b3d3f5f
CSeq: 102208350 BYE
Contact: sip:[email protected]:5060;transport=udp;gw=pbxsvr03
Reason: Q.850;cause=16;text="NORMAL_CLEARING"
Content-Length: 0

<------------->
— (10 headers 0 lines) —
Sending to 10.100.1.11:5060 (no NAT)
Scheduling destruction of SIP dialog ‘cb032282-5b42-1235-28b4-00900b3d3f5f’ in 32000 ms (Method: BYE)

<— Transmitting (no NAT) to 10.100.1.11:5060 —>
SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.100.1.11;branch=z9hG4bKUyF9ZUHH2D5aj;received=10.100.1.11;rport=5060
From: “***********” sip:***********@10.100.1.11;tag=0mtZmD2r4rmyQ
To: sip:###########@10.100.1.33;tag=as2295cf11
Call-ID: cb032282-5b42-1235-28b4-00900b3d3f5f
CSeq: 102208350 BYE
Server: FPBX-13.0.190.11(13.12.1)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0

<------------>
– Executing [[email protected]:1] Macro(“SIP/from_sbc-0000001d”, “hangupcall,”) in new stack
– Executing [[email protected]:1] GotoIf(“SIP/from_sbc-0000001d”, “1?theend”) in new stack
– Goto (macro-hangupcall,s,3)
– Executing [[email protected]:3] ExecIf(“SIP/from_sbc-0000001d”, “0?Set(CDR(recordingfile)=)”) in new stack
– Executing [[email protected]:4] Hangup(“SIP/from_sbc-0000001d”, “”) in new stack
== Spawn extension (macro-hangupcall, s, 4) exited non-zero on ‘SIP/from_sbc-0000001d’ in macro ‘hangupcall’
== Spawn extension (from-pstn, h, 1) exited non-zero on ‘SIP/from_sbc-0000001d’

Do you have a catchall route set up for your inbound, or are all of your routes set up with DIDs?

No catch all route. All my routes are set up with DID’s

Just for grins, could you set up a catch-all route?

No DID, no CID, just there to catch the incoming DIDs that don’t match a current connection. If it gets used, it will show up in the logs with a message something like “You should probably add a route for this DID.”

Playing a hunch.

YUP!!! That’s what I call a hunch Me really now not understanding lol

<------------>
– Executing [[email protected]:1] NoOp(“SIP/from_sbc-0000002a”, “Catch-All DID Match - Found 01332973252 - You probably want a DID for this.”) in new stack
– Executing [[email protected]:2] Log(“SIP/from_sbc-0000002a”, “WARNING,Friendly Scanner from 10.100.1.11;rport;branch=z9hG4bKvyaFXmNX7QSHa”) in new stack
[2017-01-22 21:45:14] WARNING[21047][C-0000005f]: Ext. 01332973252:2 @ from-pstn: Friendly Scanner from 10.100.1.11;rport;branch=z9hG4bKvyaFXmNX7QSHa
– Executing [[email protected]:3] Set(“SIP/from_sbc-0000002a”, “__FROM_DID=01332973252”) in new stack
– Executing [[email protected]:4] Goto(“SIP/from_sbc-0000002a”, “ext-did,s,1”) in new stack

You have a couple of choices:

1. Set up a DID for that.
2. Send the incoming number to the E186 (E168, E192, E=MC2, crap I can never remember) inbound context that normalizes all of the incoming numbers.

Edit: from-pstn-e164-us instead of from-pstn

Hi Dave!

I always thought this only worked for North America and with the weird DID he is getting I doubt he is from North America…

Doesn’t this assume your country code is +1?

I forgot to take my daily caffeine intake so I could definitely be wrong about this though…

Have a nice day!

Nick

He will need to write context [from-pstn-e164-fr] (presumably) using as a template [from-e164-us] to suit french dialing, then stick it in extensions_custom.conf, the context is pretty well self explanatory

If he is in NANP land , then it should work as written.

I would note that 01332973252 is not a legitimate French number it should be 0133ZXXXXXXXXX

When these comments came in I was tucked up in my sweet little bed as I’m actually in the U.K. 01332 is a Derby local area code so E.164 is +441332XXXXXX.

The context would then need to end with gb or uk? I will test both this morning.

Is there a list of contexts in the wiki? For the life of me I couldn’t find it.

BTW I’m actually from NZ living in the U.K. for the past 17 years. Worked for Sprint as there Global IT manager for the past 14 years but was made redundant last April. Now working for myself and I must say it’s great being back on the tools

Actually neither gb nor uk is fully nclusive as the channel islands nor the isle if man belong to either yet use that dial plan, but that is pedantic I would use GB.

As to contexts, no not fully in the wiki but if you egrep out everything that starts with an opening square bracket avd ends with a closing (escaping as necessary) in /etc/asterisk/extent* you would see them all

Here’s my attempt at creating a context for the UK.

I don’t fully understand what each line is doing but I have replaced what looks to be US with UK.

Have I barked up the wrong tree?

; from-pstn-e164-gb:
;
; This context is designed for UK numbers. UK geographical numbers are 11 digits
; starting with 01 or 02. County code is 0044 and E.164 is +44. When using country
; or E.164 the leading 0 is dropped. e.g. 01332100100 translates to +441332100100
;
; DDIs in any other format will be delivered as they are, including e164 non NPA
; DDIs which means they will need the full format including the + in the inbound
; route.
;
; CallerID(number) presented in e164 NPA format will be trimmed to an 11 digit CID
; prefixed with 0
;
; CallerID(number) presented in e164 non-NPA (country code other than 1) will be
; reformated from: + to 011
[from-pstn-e164-gb]
exten => +44ZXXXXXXXXX/+44ZXXXXXXXXX,1,Set(CALLERID(number)=${CALLERID(number):2})
exten => _+44ZXXXXXXXXX/_0ZXXXXXXXXX,2,Goto(from-pstn,${EXTEN:2},1)
exten => +44ZXXXXXXXXX/+ZX.,1,Set(CALLERID(number)=0044${CALLERID(number):1})
exten => _+44ZXXXXXXXXX/_0044ZX.,n,Goto(from-pstn,${EXTEN:2},1)
exten => _+44ZXXXXXXXXX,1,Goto(from-pstn,${EXTEN:2},1)
exten => [0-9+]./+44ZXXXXXXXXX,1,Set(CALLERID(number)=${CALLERID(number):2})
exten => _[0-9+]./_44ZXXXXXXXXX,1,Set(CALLERID(number)=${CALLERID(number):1})
exten => _[0-9+]./_0ZXXXXXXXXX,n,Goto(from-pstn,${EXTEN},1)
exten => [0-9+]./+ZZ.,1,Set(CALLERID(number)=001${CALLERID(number):1})
exten => _[0-9+]./_00ZZ.,n,Goto(from-pstn,${EXTEN},1)
exten => [0-9+].,1,Goto(from-pstn,${EXTEN},1)
exten => s/+44ZXXXXXXXXX,1,Set(CALLERID(number)=${CALLERID(number):2})
exten => s/0ZXXXXXXXX,n,Goto(from-pstn,${EXTEN},1)
exten => s/+ZX.,1,Set(CALLERID(number)=0044${CALLERID(number):1})
exten => s/_00ZX.,n,Goto(from-pstn,${EXTEN},1)
exten => s,1,Goto(from-pstn,${EXTEN},1)

I added this to the extensions_custom.conf and restarted Asterisk. Still have the same issue.

Hello,

Please send us a screenshot of your sip trunk settings.
There is a context from-sbc that is not clear for me where it is set.
Thank you,

Daniel Friedman
Trixton LTD.

Hi!

If the number you receive are already in the format you must dial them you don’t need this…

For us, in North America, “from-pstn-e164-us” converts a number in an e164 format (ie with a country code) to one without… We never ever dial the country code locally and “1” in front of a number commonly had another usage here (long distance calls).

We thought “33” in your example phone number was the country code (hence why we thought you might be in France). If the phone number you receive doesn’t have the country code in it you don’t need “from-pstn-e164-gb”…

Good luck and have a nice day!

Nick

Hi Daniel,

My VM host is currently being cloned so don’t have access at the moment. If you’re referring to from_sbc as in the following line that is the User Context for the inbound settings

Executing [[email protected]:4] Goto(“SIP/from_sbc-0000002a”, “ext-did,s,1”) in new stack.

Cheers

Chris

Thanks for that Nick, yes the numbers are already coming in the format I want them to. Struggling to understand why the pbx is rejecting calls with inbound routes to extensions. If I set up an inbound route to a queue it works fine.