Firstly I would like to say that I have a basic knowledge of VoIP systems and asterisk/freepbx. I have encountered an odd issue with a new pbx setup. The issue is that randomly a phone will become an unknown device and as such asterisk recognises the phone as anonymous so will not allow any internal or external calls to be made from the phone.
Upon checking the PJSip information for the phone, it is still registered within freepbx/asterisk. Also when looking at the details for that extension in freepbx the context is still defined as from-internal. The phone display also still states that the SIP account is registered. However when a call is attempted, the call log states the call is being made from anonymous and the context is sip-external. I have attached a screenshot of the call log.
I have tried searching the forums for an similar issues, and have checked network configurations, re-register times etc. but everything seems normal. This is backed up by the fact that this issue occurs randomly to random phones. Our current fix is to factory reset the phone, re-configure it and it will re-register to asterisk and work again.
The asterisk version is: 13.22.0
Phone model is: Grandstream GXP2140
Any suggestions would be greatly appreciated, and any further information you need let me know.
First: remove anonymous access to your PBX. You need to turn it off. Not kidding. Right now. This is a hugely expensive potential mistake. If someone starts making calls on your system to overseas locations or start doing drug deals through your server, you are on the hook financially and legally.
Second: I doubt that your analysis is correct. If the extension’s context is set correctly, the call isn’t probably coming from that phone. It’s more likely coming from outside your network.
Hence: Disable access to your SIP ports (your config will tell you, but probably 5060 and 5160) through the Integrated Firewall and lock the port down to people that need to access the port from your local network and through your ITSP.
Apologies if my original post was unclear. So I have anonymous access disabled, and only internal phones authorised to make calls.
The issue is, that this phone is an internal phone one of our users has been using for a while that worked perfectly fine. This morning she could not make any internal (calling other internal extensions) or external calls, as asterisk is now flagging her phone as being an external/anonymous device. This is despite it having an IP address on the internal range and the SIP account still showing as registered.
This has now happened to a few phones seemingly at random, and as mentioned in the original post, the only way I have found to resolve it is to factory reset the phone and re-configure it.
Then you need to disable Allow SIP Guests because by default PJSIP has no concept of “anonymous” endpoints. In order for there to be one then you have to have “Allow SIP Guests” on so it creates it. Turn it off.
IMO, this problem is unrelated to hacker traffic (though you may have some of that also).
Assuming that the affected phones are not on the same LAN or are not at the same location as the PBX (please confirm that and describe the network setup):
I suspect that a NAT router or firewall, either at the phone site or the PBX site, is losing the association for SIP traffic from an affected phone, such that a new INVITE comes in from a different IP address or source port number and therefore is not matched to the registration in force.
However, this is very strange:
I assume that implies “rebooting the phone doesn’t help”, since rebooting would be much easier to try.
And that would imply that either something cached in a router or firewall is somehow blocking or corrupting the post-reboot registration attempt, or that the phone itself somehow gets its persistent data corrupted.
Some things to try: Set a short registration expiry, e.g. 2 minutes. Note the address/port from which the phone registered. After an ‘anonymous’ call, wait two minutes and see if the address or port has changed, and whether outbound calls work again.
After an anonymous call, power off the phone, wait 10 minutes (long enough for normal UDP NAT associations to time out), boot the phone back up (without reset) and see whether it works again.
@k_marr Show the actual CDR report for this that will show where the actual source of those calls are coming from. You’re looking at Call Events not CDRs so this isn’t showing us exactly where the calls are sourcing from. You could be reading these events and correlating an issue with another.
Show in the CDRs or even better a call trace from the system from one of these phones that is having a problem so we can see exactly what is being presented to the PBX.
