Issues replacing Fritzbox - Incoming calls working, Outgoing forbidden

Hi!

I’m trying to replace a provider delivered AVM Fritzbox on an Annex-J port with a FreePBX machine. For various reasons. :wink:

I’ve managed to get incoming calls working, but when trying do call outgoing I always receive a 403 Forbidden Response. As debugging the SIP session does not lead me any further, I’ve started to sniff the SIP packets with tcpdump.
The scheme is always the same: FreePBX sends a INVITE packet, the proxy replies with a TRYING and the next packet seen is a 403 FORBIDDEN.

Examing the captured invite-packets, I’ve found some differences between Fritzbox and FreePBX. Some I’ve managed to resolve. But some not. And I’m not sure whether it’s re the reason why I do receive the 403 errors or not.

So here we go. Phone numbers, usernames and addresses anomynized by myself.
This is the original Fritzbox Invite:

Internet Protocol Version 4, Src: 10.10.x.x (10.10.x.x), Dst: 172.x.y.z (172.x.y.z)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
    Total Length: 1154
    Identification: 0x788a (30858)
    Flags: 0x00
        0... .... = Reserved bit: Not set
        .0.. .... = Don't fragment: Not set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: UDP (17)
    Header checksum: 0x78b4 [validation disabled]
        [Good: False]
        [Bad: False]
    Source: 10.10.x.x (10.10.x.x)
    Destination: 172.x.y.z (172.x.y.z)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: sip (5060), Dst Port: sip (5060)
    Source port: sip (5060)
    Destination port: sip (5060)
    Length: 1134
    Checksum: 0x963d [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
Session Initiation Protocol (INVITE)
    Request-Line: INVITE sip:[email protected] SIP/2.0
        Method: INVITE
        Request-URI: sip:[email protected]
            Request-URI User Part: 016xxxxxxxx
            Request-URI Host Part: 172.x.y.z
        [Resent Packet: False]
    Message Header
        Via: SIP/2.0/UDP 10.10.x.x:5060;rport;branch=z9hG4bK876C3F368B0D4065
            Transport: UDP
            Sent-by Address: 10.10.x.x
            Sent-by port: 5060
            RPort: rport
            Branch: z9hG4bK876C3F368B0D4065
        Route: 
            Route URI: sip:172.x.y.z;lr
                Route Host Part: 172.x.y.z
                Route URI parameter: lr
        From: ;tag=A451F7F057995ECF
            SIP from address: sip:[email protected]
                SIP from address User Part: 2xxx3xxxxxx
                SIP from address Host Part: 172.x.y.z
            SIP from tag: A451F7F057995ECF
        To: 
            SIP to address: sip:[email protected]
                SIP to address User Part: 016xxxxxxxx
                SIP to address Host Part: 172.x.y.z
        Call-ID: [email protected]
        CSeq: 9 INVITE
            Sequence Number: 9
            Method: INVITE
        Contact: 
            Contact URI: sip:[email protected];uniq=42127CCE7A7A466621DAE696E2365
                Contact URI User Part: 2xxx3xxxxxx
                Contact URI Host Part: 10.10.x.x
                Contact URI parameter: uniq=42127CCE7A7A466621DAE696E2365
        Max-Forwards: 70
        Expires: 120
        User-Agent: AVM FRITZ!Box Fon WLAN 7360 124.06.20 TAL (Oct 14 2014)
        Supported: 100rel,replaces
        Allow-Events: telephone-event,refer
        Allow: INVITE,ACK,OPTIONS,CANCEL,BYE,UPDATE,PRACK,INFO,SUBSCRIBE,NOTIFY,REFER,MESSAGE,PUBLISH
        Content-Type: application/sdp
        Accept: application/sdp, multipart/mixed
        Accept-Encoding: identity
        Content-Length:   369
    Message Body
        Session Description Protocol
            Session Description Protocol Version (v): 0
            Owner/Creator, Session Id (o): user 1232535 1232535 IN IP4 10.10.x.x
                Owner Username: user
                Session ID: 1232535
                Session Version: 1232535
                Owner Network Type: IN
                Owner Address Type: IP4
                Owner Address: 10.10.x.x
            Session Name (s): call
            Connection Information (c): IN IP4 10.10.x.x
                Connection Network Type: IN
                Connection Address Type: IP4
                Connection Address: 10.10.x.x
            Time Description, active time (t): 0 0
                Session Start Time: 0
                Session Stop Time: 0
            Media Description, name and address (m): audio 7078 RTP/AVP 8 0 2 102 100 99 97 101
                Media Type: audio
                Media Port: 7078
                Media Protocol: RTP/AVP
                Media Format: ITU-T G.711 PCMA
                Media Format: ITU-T G.711 PCMU
                Media Format: ITU-T G.721
                Media Format: DynamicRTP-Type-102
                Media Format: DynamicRTP-Type-100
                Media Format: DynamicRTP-Type-99
                Media Format: DynamicRTP-Type-97
                Media Format: DynamicRTP-Type-101
            Media Attribute (a): sendrecv
            Media Attribute (a): rtpmap:2 G726-32/8000
                Media Attribute Fieldname: rtpmap
                Media Format: 2
                MIME Type: G726-32
                Sample Rate: 8000
            Media Attribute (a): rtpmap:102 G726-32/8000
                Media Attribute Fieldname: rtpmap
                Media Format: 102
                MIME Type: G726-32
                Sample Rate: 8000
            Media Attribute (a): rtpmap:100 G726-40/8000
                Media Attribute Fieldname: rtpmap
                Media Format: 100
                MIME Type: G726-40
                Sample Rate: 8000
            Media Attribute (a): rtpmap:99 G726-24/8000
                Media Attribute Fieldname: rtpmap
                Media Format: 99
                MIME Type: G726-24
                Sample Rate: 8000
            Media Attribute (a): rtpmap:97 iLBC/8000
                Media Attribute Fieldname: rtpmap
                Media Format: 97
                MIME Type: iLBC
                Sample Rate: 8000
            Media Attribute (a): fmtp:97 mode=30
                Media Attribute Fieldname: fmtp
                Media Format: 97 [iLBC]
                Media format specific parameters: mode=30
            Media Attribute (a): rtpmap:101 telephone-event/8000
                Media Attribute Fieldname: rtpmap
                Media Format: 101
                MIME Type: telephone-event
                Sample Rate: 8000
            Media Attribute (a): fmtp:101 0-15
                Media Attribute Fieldname: fmtp
                Media Format: 101 [telephone-event]
                Media format specific parameters: 0-15
            Media Attribute (a): rtcp:7079
                Media Attribute Fieldname: rtcp
                Media Attribute Value: 7079
            Media Attribute (a): ptime:20
                Media Attribute Fieldname: ptime
                Media Attribute Value: 20

This were the first packets sent from FreePBX:

Internet Protocol Version 4, Src: 10.10.x.x (10.10.x.x), Dst: 172.x.y.z (172.x.y.z)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x60 (DSCP 0x18: Class Selector 3; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0110 00.. = Differentiated Services Codepoint: Class Selector 3 (0x18)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
    Total Length: 828
    Identification: 0xbcf6 (48374)
    Flags: 0x00
        0... .... = Reserved bit: Not set
        .0.. .... = Don't fragment: Not set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 63
    Protocol: UDP (17)
    Header checksum: 0x461a [validation disabled]
        [Good: False]
        [Bad: False]
    Source: 10.10.x.x (10.10.x.x)
    Destination: 172.x.y.z (172.x.y.z)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: sip (5060), Dst Port: sip (5060)
    Source port: sip (5060)
    Destination port: sip (5060)
    Length: 808
    Checksum: 0x787a [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
Session Initiation Protocol (INVITE)
    Request-Line: INVITE sip:[email protected] SIP/2.0
        Method: INVITE
        Request-URI: sip:[email protected]
            Request-URI User Part: 016xxxxxxxx
            Request-URI Host Part: 172.x.y.z
        [Resent Packet: False]
    Message Header
        Via: SIP/2.0/UDP 10.10.x.x:5060;branch=z9hG4bK7c0b6ee6;rport
            Transport: UDP
            Sent-by Address: 10.10.x.x
            Sent-by port: 5060
            Branch: z9hG4bK7c0b6ee6
            RPort: rport
        Max-Forwards: 70
        From: ;tag=as15bcab5e
            SIP from address: sip:[email protected]
                SIP from address User Part: 2xxx3xxxxxx
                SIP from address Host Part: 10.10.x.x
            SIP from tag: as15bcab5e
        To: 
            SIP to address: sip:[email protected]
                SIP to address User Part: 016xxxxxxxx
                SIP to address Host Part: 172.x.y.z
        Contact: 
            Contact URI: sip:[email protected]:5060
                Contact URI User Part: 2xxx3xxxxxx
                Contact URI Host Part: 10.10.x.x
                Contact URI Host Port: 5060
        Call-ID: [email protected]:5060
        CSeq: 102 INVITE
            Sequence Number: 102
            Method: INVITE
        User-Agent: AVM FRITZ!Box Fon WLAN 7360 124.06.20 TAL (Oct 14 2014)
        Date: Sun, 20 Sep 2015 13:19:24 GMT
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        Content-Type: application/sdp
        Content-Length: 180
    Message Body
        Session Description Protocol
            Session Description Protocol Version (v): 0
            Owner/Creator, Session Id (o): root 1165603241 1165603241 IN IP4 10.10.x.x
                Owner Username: root
                Session ID: 1165603241
                Session Version: 1165603241
                Owner Network Type: IN
                Owner Address Type: IP4
                Owner Address: 10.10.x.x
            Session Name (s): Asterisk PBX 11.19.0
            Connection Information (c): IN IP4 10.10.x.x
                Connection Network Type: IN
                Connection Address Type: IP4
                Connection Address: 10.10.x.x
            Time Description, active time (t): 0 0
                Session Start Time: 0
                Session Stop Time: 0
            Media Description, name and address (m): audio 11548 RTP/AVP 0
                Media Type: audio
                Media Port: 11548
                Media Protocol: RTP/AVP
                Media Format: ITU-T G.711 PCMU
            Media Attribute (a): rtpmap:0 PCMU/8000
                Media Attribute Fieldname: rtpmap
                Media Format: 0
                MIME Type: PCMU
                Sample Rate: 8000
            Media Attribute (a): ptime:20
                Media Attribute Fieldname: ptime
                Media Attribute Value: 20
            Media Attribute (a): sendrecv

I’ve changed the following attributes because I could imagine they might filter on this:
UserAgent
SDP session owner
SDP session name
Now my packets look like:

Internet Protocol Version 4, Src: 10.10.x.x (10.10.x.x), Dst: 172.x.y.z (172.x.y.z)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x60 (DSCP 0x18: Class Selector 3; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0110 00.. = Differentiated Services Codepoint: Class Selector 3 (0x18)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
    Total Length: 837
    Identification: 0xf821 (63521)
    Flags: 0x00
        0... .... = Reserved bit: Not set
        .0.. .... = Don't fragment: Not set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 63
    Protocol: UDP (17)
    Header checksum: 0xd4d6 [validation disabled]
        [Good: False]
        [Bad: False]
    Source: 10.10.x.x (10.10.x.x)
    Destination: 172.x.y.z (172.x.y.z)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: sip (5060), Dst Port: sip (5060)
    Source port: sip (5060)
    Destination port: sip (5060)
    Length: 817
    Checksum: 0xae92 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
Session Initiation Protocol (INVITE)
    Request-Line: INVITE sip:[email protected] SIP/2.0
        Method: INVITE
        Request-URI: sip:[email protected]
            Request-URI User Part: 016xxxxxxxx
            Request-URI Host Part: 172.x.y.z
        [Resent Packet: False]
    Message Header
        Via: SIP/2.0/UDP 10.10.x.x:5060;branch=z9hG4bK63514c34
            Transport: UDP
            Sent-by Address: 10.10.x.x
            Sent-by port: 5060
            Branch: z9hG4bK63514c34
        Max-Forwards: 70
        From: ;tag=as307f3e23
            SIP from address: sip:[email protected]:5060
                SIP from address User Part: 2xxx3xxxxxx
                SIP from address Host Part: 10.10.x.x
                SIP from address Host Port: 5060
            SIP from tag: as307f3e23
        To: 
            SIP to address: sip:[email protected]
                SIP to address User Part: 016xxxxxxxx
                SIP to address Host Part: 172.x.y.z
        Contact: 
            Contact URI: sip:[email protected]:5060
                Contact URI User Part: 2xxx3xxxxxx
                Contact URI Host Part: 10.10.x.x
                Contact URI Host Port: 5060
        Call-ID: [email protected]:5060
        CSeq: 102 INVITE
            Sequence Number: 102
            Method: INVITE
        User-Agent: AVM FRITZ!Box Fon WLAN 7360 124.06.20 TAL (Oct 14 2014)
        Date: Tue, 22 Sep 2015 16:09:56 GMT
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        Content-Type: application/sdp
        Content-Length: 190
    Message Body
        Session Description Protocol
            Session Description Protocol Version (v): 0
            Owner/Creator, Session Id (o): user 17803359 17803359 IN IP4 10.10.x.x
                Owner Username: user
                Session ID: 17803359
                Session Version: 17803359
                Owner Network Type: IN
                Owner Address Type: IP4
                Owner Address: 10.10.x.x
            Session Name (s): call
            Connection Information (c): IN IP4 10.10.x.x
                Connection Network Type: IN
                Connection Address Type: IP4
                Connection Address: 10.10.x.x
            Time Description, active time (t): 0 0
                Session Start Time: 0
                Session Stop Time: 0
            Media Description, name and address (m): audio 9518 RTP/AVP 0 111
                Media Type: audio
                Media Port: 9518
                Media Protocol: RTP/AVP
                Media Format: ITU-T G.711 PCMU
                Media Format: DynamicRTP-Type-111
            Media Attribute (a): rtpmap:0 PCMU/8000
                Media Attribute Fieldname: rtpmap
                Media Format: 0
                MIME Type: PCMU
                Sample Rate: 8000
            Media Attribute (a): rtpmap:111 G726-32/8000
                Media Attribute Fieldname: rtpmap
                Media Format: 111
                MIME Type: G726-32
                Sample Rate: 8000
            Media Attribute (a): ptime:20
                Media Attribute Fieldname: ptime
                Media Attribute Value: 20
            Media Attribute (a): sendrecv

But it still is not working. :frowning:
Still different is the codec list, but this can’t lead to a 403 - can it? What I do see is the Fritzbox contains a route - which the FreePBX doesn’t.

 Route: 
            Route URI: sip:172.x.y.z;lr
                Route Host Part: 172.x.y.z
                Route URI parameter: lr

And the Fritzbox contains a further contact parameter:

Contact: 
            Contact URI: sip:[email protected];uniq=42127CCE7A7A466621DAE696E2365
                Contact URI User Part: 2xxx3xxxxxx
                Contact URI Host Part: 10.10.x.x
                Contact URI parameter: uniq=42127CCE7A7A466621DAE696E2365

I think one (or both) might be the possible solution, but I didn’t find a way to change the FreePBX behaviour on this.

Any ideas are welcome! :smiley:
Thanks in advance.

Stefan

No one any idea on this? :frowning: