Migrating OBi110 and Linksys SPA3102 to current (V14) distro: Firewall issue?

LesD · April 20, 2018, 8:47am

I’m just migrating from 2.11 PIAF system to a reasonably current distro (PBX Firmware:12.7.3-1708-1.sng7). All modules are up to date.

I have two PSTN lines connected via two adapters (OBi110 and SPA3102) and trying to switch them over to the new system.

Copied over trunks and incoming and outgoing routes without making any changes.

I have logged into the two adapters and changed the IP of the server (one reference in each case as far as I can see) but they do not work (tested incoming calls only).

The only relevant log entry I can find is in the fail2ban log:

[2018-04-20 11:36:22] WARNING[2518] res_pjsip_registrar.c: Endpoint 'anonymous' has no configured AORs
[2018-04-20 11:36:22] SECURITY[2920] res_security_log.c: SecurityEvent="FailedACL",EventTV="2018-04-20T11:36:22.653+0300",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="anonymous",SessionID="[email protected]",LocalAddress="IPV4/UDP/10.27.27.247/5060",RemoteAddress="IPV4/UDP/10.27.27.192/5061",ACLName="registrar_attempt_without_configured_aors"

The IP is that of the OBi110 adapter I am testing.

Can anyone interpret the meaning of the messages?

Is the reference to ‘pjsip’ an issue as I believe the trunk is defined as ‘sip’?

Chan_Sip Peers shows:

Name/username             Host                                    Dyn Forcerport Comedia    ACL Port     Status      Description
1-pstn/1-pstn             (Unspecified)                            D  No         No             0        UNKNOWN

LesD · April 20, 2018, 9:20am

I have put back both adapters on the old system and they show up as follows

Name/username              Host                                    Dyn Forcerport ACL Port     Status     
1-pstn/1-pstn              10.27.27.192                             D   N             5061     OK (4 ms)  
2-pstn/2-pstn              10.27.27.191                             D   N             5061     OK (9 ms)

Note port 5061. The trunk on the PIAF system was set up with port 5061 - I do not know why.

Looking at the OBi it shows at first

Status	Registration Not Required

but then a bit later it shows

Status	Registered (server=10.27.27.245:5060; expire in 30s)

which is odd as it shows port 5060 while the PIAF system shows 5061.

Also on the OBi setup I cannot find any reference to port 5061

So I wonder if there is some initial miss-configuration on the old system which nevertheless worked but works no longer.

I’m going to try different ports.

arielgrin · April 20, 2018, 11:11am

Not sure about the Obi because I never used one, but for the SPA3102, if you didn’t change anything from the default configuration (except Server IP and credentials, of course) the FXO port runs on port 5061, 5060 is for the FXS port. This means that your trunk for the SPA3102 must use port 5061.

LesD · April 20, 2018, 11:55am

Thanks for that, you got me thinking about ports and it turns out its this sip/pjsip business.

I set up the trunk originally as a sip trunk so I did the same here. But the ports associated with sip have changed.

So I tried out various permutations on a pjsip trunk and based on error messages in the log ended up with the following working (tested only for incoming calls at the moment).

pjsip Settings on the trunk:

Authentication: Outbound
Registration: None
SIP Server: 10.27.27.191 (the SPA3102)
SIP Server Port: 5060
Context: from-trunk (as used on the original trunk)

Incoming calls now work.

LesD · April 20, 2018, 12:35pm

The above settings also work for outgoing.

I changed the authentication setting from Outbound to None and it also works.

I wonder if there is a security issue with that.

I was actually testing the above using the line connected to the SPA3102.

The settings there are:

SIP port: 5060
Proxy: my PBX
Register: No

I will now try the OBi again using the same settings.

LesD · April 21, 2018, 7:37pm

Summary:

I now have both working but with different settings.

The OBi I can’t get to work with a pjsip trunk. In the end all it needed was to leave the sip trunk alone and change port 5060 on the OBi to 5160.

As to the SPA3102 I can’t get it to work with the old sip trunk (a change to port 5160 did not work) but leaving the original settings and creating a new pjsip trunk with the settings:

Authentication: None
Registration: None

works for both incoming and outgoing.

I have change the SPA3102 from Register: Yes to No to save it from retrying.

All seems to be working now.

system · April 21, 2019, 7:37pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.