IP change on SIP trunk

Hi, not sure if I’m posting in the right place but let’s try !

When you configure a trunk without authentication, and you enter an FQDN in the “SIP Server” section of the PJSIP Settings, it makes it possible to connect a trunk without authentication.

But, what if the FQDN is a dyndns and the ip change from time to time ?
Is there a mecanism to make sure the the “match” header in the PJSIP contact adjust iteslf ?
From my experience it looks like not.

When the IP associated to the dyndns change, the trunk stop accepting request because the “match” header is still binded to the ip address it resolved when the trunk started.
The only way to make it work after an IP change, is to hit “submit” in the trunk and it will “refresh” it’s infos.

Is it a bug or is it intended to work like that ?

Get a new SIP trunk provider…

Edit: Exception if it is a SIP trunk to another PBX for interoffice calling. But then, don’t use IP Authentication.

I’d say it was a reasonable optimisation based on people using the appropriate type of SIP account for their usage. Accounts with highly dynamic addresses are only really intended to be used as clients, and then for short sessions. They are basically consumer products.

Especially with IPv6, it should be possible for businesses to have static addresses, and even with dynamic addresses, the only real reason for periodically changing addresses is to prevent he operation of servers. If you keep your xDSL connection up, it should be possible to renew your address indefinitely. Even if there are temporary disconnections, you should be able to reclaim an old address for a reasonable amount of time (although there is some risk of connecting to a different router at the ISP end and the routers not coordinating addresses).

Should and real world are different things. All of the national (United States) DSL providers cycle IP addresses quite often.

What is on the other end of the trunk (SIP provider, branch office, etc.)? Does your PBX have a static IP address?

Yes the pbx has a static IP, it’s the other end that does not.
We provide the service for the trunk, so the other side with the dyndns is the “client”.

Is there any mecanism that make sure the FQDN is updated every x seconds or minutes or whenever the IP change we have to reset the trunk ? Because it can happen that the IP change even on a normal FQDN.

Yes, this is what SIP registration is for. Set them as dynamic on your side with a set of credentials and have them register to you.

Yeah I am aware of this but I can’t use it for some reason, it is very complicated why and I can’t enter in the details of this.
I wish we could find a way that the FQDN refresh itself from time to time.

Most people controlling both ends would use a VPN, which pushes the problem of the unstable network topology onto the VPN.

Incidentally, unless you never make any calls out through the problem trunk, the end with the broken address has to act like a server as well as like a client. If it were just acting as a client, you could allow promiscuous addresses and authenticate by TLS or by SIP authentication, even without using registration. For PJSIP, I think you can also do this for the whole ISPs address range, not completely promiscuously. Things will still break, as one cannot, sensibly, do a DNS query before every single RTP packet.

SIP was designed to work in a first class internet environment where all relevant addresses are part of the internet. It’s like SMTP email, which was designed for point to point operation, and, at least in the UK was even used that way , in the early days, even by hobbyists, although it is now restricted to medium to large business users. Nowadays consumers and small businesses only use SMTP outbound and suck incoming mail from a central mailbox using IMAP. Telephone calls have to be immediate, so polling for them like with IMAP doesn’t work (I know some mail clients now have a connection open waiting for new mail to arrive, so they can pull in near real time).

I lot of work has gone into making consumer grade internet connections do things best done with first class connections, but they all introduce fragility.

One of the reasons, originally, was a shortage of IPv4 addresses, but there really should be enough IPv6 infrastructure to avoid that problem now. Another shortage issues was that people were dialling up so addresses can shared across multiple customers, but that doesn’t work now, because everyone is up all the time now. (Someone on either this or the Asterisk forum does seem be having problems with a mobile network that multiplexes and NATs several customers over the same public address, and I guess people using anonymisation services also have that problem.)

Many years ago, when I first became aware of the unstable address problem, one of the theories as that it was done to discourage servers, so ISPs could charge more for server capable accounts. I suspect there is also an element of that. Thee may also be an element of laziness in the way that DSL routers are operated.

I presume that this ISP doesn’t give advance warning of an address change, so that DNS time to live times can be run down. I don’t know what dynamic DNS services use as a time to live, but I can imagine that a lot of people ignore very low values, to avoid large amounts of DNS traffic. Dynamic DNS is a hack to get round the use of an unsuitable product. DNS was never intended to be used with no notice address changes.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.