Background: I’ve never setup SIP trunks before but was able to find answers to all my questions and get everything working …except the following by simply searching around, reading, and educating myself.
Platform: This is a fresh, brand new install of Elastix 2.0.
Provider: Level 3
Problem: When an incoming call comes in the only trace I have of the call is these two lines in my logs, and the call doesn’t register on my CDR reports.
[Oct 20 11:02:45] VERBOSE[3419] netsock.c: == Using SIP RTP TOS bits 184
[Oct 20 11:02:45] VERBOSE[3419] netsock.c: == Using SIP RTP CoS mark 5
I called my provider and they see a 401 unauthorized error and said that the problem is that the box is trying to authenticate the incoming call and level 3 does not authenticate.
On that note I’ve searched everywhere for answers and to my knowledge the PBX shouldn’t be trying to authenticate as I have enabled anonymous incoming sip calls. I’ve been as thorough as possible but I don’t know the in’s and out’s so maybe someone here can enlighten me to what I’m missing. My configs are bellow, my sip.conf file is basically just a bunch of includes so I listed all the includes and there respective file contents below the include in an effort to be as specific as possible regarding how it is setup. Please let me know if I should include anything else.
I am facing a similar challenge - accepting inbound SIP calls from a provider. The calls are hitting Asterisk, get into from-sip-external, hence it plays Not In Service.
There is no authorization with this provider, but provider’s ip addresses are known (there are 4 IPs). Where do I add these addresses?
I read the thread up and down , but can’t find the place to add the addresses to : (
allow anonymous is a good start to just plane let the call in no matter what, that way you know the call is reaching you.
However - if you must leave it as anonymous then it indicates that you are missing a SIP section where the call should be directed. Only in cases where you can’t define conclusively one or more servers where the SIP signaling will originate from should you be required to leave anonymous on.
(For example, if you allow anonymous SIP calls in general which usually indicates you don’t know where the calls will be coming from, or if you have a provider who can’t conclusively tell you all the IP addresses where SIP calls may be signaled from).
Anyhow - glad you got it working, though as you pointed out, it would be nice to know why it wasn’t. (And from the first traces you had, it was hitting the proper SIP section so the only thing that comes to my mind is you had never applied configuration changes and/or had the reload occur properly on Asterisk, so there was a stale SIP section in there. (note if in doubt, “sip show peer PEERNAME” at the CLI, to see what Asterisk is actually seeing, vs. what you think it is seeing).
Bad news first, I got so frustrated trying every possible thing that I ended up doing a fresh install of elastix 2.0 so I never figured out what the underlying problem was.
Good news, well the obvious, it works! Beyond that my understanding of SIP technology has increased vastly by trial and error and hours of research.
If anyone finds themselves with a similar problem there’s two things I would suggest checking:
Make sure that: Allow Anonymous Inbound SIP Calls? is set to yes. I understand this is not always ideal but once you get it working you can always work backwards. ‘Elastix: without tears’ has a great section about securing your PBX
Best advice I can give though is if you see something in a forum or site that says ‘try this…’ research what they are telling you, this way even if it doesn’t work it will help you pinpoint the problem.
I’m viewing the asterisk logs with full turned on and also using the CLI,which seams to display the same info as the asterisk logs just realtime. And I’ve the calls are not even getting to my CDR.
Is SIP Debug different from what I’m currently doing, and if so how can I run it?
Well my provider does require auth for outbound calls but does not auth for inbound. Regardless I took out the user/pass and gave it a shoot both with =peer and =friend and still can’t get incoming calls, but also got all circuits busy when trying to go out.
As a side note I also tried =peer and =friend with user and password and my outgoing worked regardless of that value, but again, no incoming.
Thanks for the heads up on the extensions secrets, I do plan on doing this, just haven’t got around to it yet, because I’ve been trying to figure this out for 20+ hours
I had looked up sip debuging before and figured it was the same thing as enabling debugging in the asterisk logs config file…I stand corrected, and thanks for letting me know to re-examine
<--- SIP read from UDP:HOSTIP:5070 --->
INVITE sip:MYSIPNUMBER@PBXIP:5060 SIP/2.0
Via: SIP/2.0/UDP HOSTIP:5070;branch=z9hG4bKj9lihr20b07hagsdq7k0.1
From: <sip:MYCELLPHONE@HOSTIP;user=phone>;tag=SDgkgpd01-1382283929-1287607505759-
To: "MYCOMPANYNAME"<sip:MYSIPNUMBER@PBXIP>
Call-ID: SDgkgpd01-5c177d19d268d30aa0e079682e347584-v3000i1
CSeq: 632400304 INVITE
Contact: <sip:MYCELLPHONE@HOSTIP:5070;transport=udp>
Allow: ACK,BYE,CANCEL,INFO,INVITE,OPTIONS,PRACK,REFER,NOTIFY,UPDATE
Accept: multipart/mixed,application/media_control+xml,application/sdp
Supported:
Max-Forwards: 9
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 279
v=0
o=BroadWorks 29327 1 IN IP4 HOSTIP
s=-
c=IN IP4 HOSTIP
t=0 0
m=audio 49738 RTP/AVP 0 8 18 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
a=maxptime:20
<------------->
--- (14 headers 14 lines) ---
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
Sending to HOSTIP : 5070 (no NAT)
Using INVITE request as basis request - SDgkgpd01-5c177d19d268d30aa0e079682e347584-v3000i1
Found peer 'level3' for 'MYCELLPHONE' from HOSTIP:5070
<--- Reliably Transmitting (no NAT) to HOSTIP:5070 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP HOSTIP:5070;branch=z9hG4bKj9lihr20b07hagsdq7k0.1;received=HOSTIP
From: <sip:MYCELLPHONE@HOSTIP;user=phone>;tag=SDgkgpd01-1382283929-1287607505759-
To: "MYCOMPANYNAME"<sip:MYSIPNUMBER@PBXIP>;tag=as73a7cebb
Call-ID: SDgkgpd01-5c177d19d268d30aa0e079682e347584-v3000i1
CSeq: 632400304 INVITE
Server: Asterisk PBX 1.6.2.10
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="6a04eafb"
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog 'SDgkgpd01-5c177d19d268d30aa0e079682e347584-v3000i1' in 32000 ms (Method: INVITE)
<--- SIP read from UDP:HOSTIP:5070 --->
ACK sip:MYSIPNUMBER@PBXIP:5060 SIP/2.0
Via: SIP/2.0/UDP HOSTIP:5070;branch=z9hG4bKj9lihr20b07hagsdq7k0.1
CSeq: 632400304 ACK
From: <sip:MYCELLPHONE@HOSTIP;user=phone>;tag=SDgkgpd01-1382283929-1287607505759-
To: "MYCOMPANYNAME"<sip:MYSIPNUMBER@PBXIP>;tag=as73a7cebb
Call-ID: SDgkgpd01-5c177d19d268d30aa0e079682e347584-v3000i1
Max-Forwards: 9
Content-Length: 0
<------------->
--- (8 headers 0 lines) ---
Really destroying SIP dialog '[email protected]' Method: REGISTER
Really destroying SIP dialog '[email protected]' Method: OPTIONS
I’m sorting through this now, trying to make sense of everything thats going on but figured I would also post it up here. I replaced any private info such as phone numbers and IPs with statements such as ‘MYSIPNUMBER’. Again thanks for all the help
A concern of mine is that I need to use port 5070 to go out and port 5060 for incoming, will that be an issue if I only setup the peer details section?
Ok the adding port should fix my concerns about having different incoming and outgoing ports from what I read, thanks for the link as well.
However the root problem still persists. When I check my asterisk logs this is still all I get when I try to call into the trunk:
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
Same thing as before. Level 3 ran a incoming test and got a 401 unauthorized error. But that makes no sense because from what I can tell, I’m ordering asterisk to accept all incoming calls and not challenge them. I really feel like I missing something here…