Need help configuring SIP trunks

cmhxaktsoft · March 17, 2008, 9:18pm

I’ve been at this for weeks now, but I have an asterisk box running FreePBX, and have been unable to get SIP trunks to work incoming. I can make outgoing calls just fine, but incoming fails 100%.

Outgoing config looks like this: (private details obscured)

host=voip.host.net nat=yes secret=xxx type=peer username=1xxxxxxxxx

Outgoing config varies, but I’ve tried many variations on this:

context=from-pstn fromdomain=voip.host.net fromuser=1xxxxxxxxx host=voip.host.net insecure=very secret=xxx type=peer username=1xxxxxxxxx

In the CLI, I set the debug to 10, and usually get something like this: (private details obscured)

[code]<— SIP read from 65.94.x.x:5060 —>
INVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 65.94.x.x:5060;branch=z9hG4bK708ed979;rport
From: “UNAVAILABLE” sip:[email protected];tag=as010c6b06
To: sip:[email protected]
Contact: sip:[email protected]
Call-ID: [email protected]
CSeq: 102 INVITE
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Date: Mon, 17 Mar 2008 20:37:45 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Content-Type: application/sdp
Content-Length: 332

v=0
o=root 10276 10276 IN IP4 65.94.x.x
s=session
c=IN IP4 65.94.x.x
t=0 0
m=audio 46046 RTP/AVP 0 18 4 3 8 101
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:4 G723/8000
a=rtpmap:3 GSM/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -

<------------->
[Mar 17 16:40:26] — (13 headers 15 lines) —
[Mar 17 16:40:26] Sending to 65.94.x.x : 5060 (NAT)
[Mar 17 16:40:26] Using INVITE request as basis request - [email protected]
[Mar 17 16:40:26] Found peer ‘VOIPHOST2’
[Mar 17 16:40:26]
<— Reliably Transmitting (NAT) to 65.94.x.x:5060 —>
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 65.94.x.x:5060;branch=z9hG4bK708ed979;received=65.94.x.x;rport=5060
From: “UNAVAILABLE” sip:[email protected];tag=as010c6b06
To: sip:[email protected];tag=as5c726278
Call-ID: [email protected]
CSeq: 102 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Proxy-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce="58995dfb"
Content-Length: 0

<------------>
[Mar 17 16:40:26] Scheduling destruction of SIP dialog ‘[email protected]’ in 6400 ms (Method: INVITE)
[Mar 17 16:40:26]
<— SIP read from 65.94.x.x:5060 —>
ACK sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 65.94.x.x:5060;branch=z9hG4bK708ed979;rport
From: “UNAVAILABLE” sip:[email protected];tag=as010c6b06
To: sip:[email protected];tag=as5c726278
Contact: sip:[email protected]
Call-ID: [email protected]
CSeq: 102 ACK
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Content-Length: 0

<------------->
[Mar 17 16:40:26] — (10 headers 0 lines) —
[Mar 17 16:40:26]
<— SIP read from 65.94.x.x:5060 —>
INVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 65.94.x.x:5060;branch=z9hG4bK752123c9;rport
From: “UNAVAILABLE” sip:[email protected];tag=as010c6b06
To: sip:[email protected]
Contact: sip:[email protected]
Call-ID: [email protected]
CSeq: 103 INVITE
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Proxy-Authorization: Digest username=“1xxxxxxxxx”, realm=“asterisk”, algorithm=MD5, uri="sip:[email protected]", nonce=“58995dfb”, response=“6332ef9b353a065fa4bc7e6e6405a64b”, opaque=""
Date: Mon, 17 Mar 2008 20:37:45 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Content-Type: application/sdp
Content-Length: 332

v=0
o=root 10276 10277 IN IP4 65.94.x.x
s=session
c=IN IP4 65.94.x.x
t=0 0
m=audio 46046 RTP/AVP 0 18 4 3 8 101
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:4 G723/8000
a=rtpmap:3 GSM/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -

<------------->
[Mar 17 16:40:26] — (14 headers 15 lines) —
[Mar 17 16:40:26] Sending to 65.94.x.x : 5060 (NAT)
[Mar 17 16:40:26] Using INVITE request as basis request - [email protected]
[Mar 17 16:40:26] Found peer ‘VOIPHOST2’
[Mar 17 16:40:26]
<— Reliably Transmitting (NAT) to 65.94.x.x:5060 —>
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 65.94.x.x:5060;branch=z9hG4bK752123c9;received=65.94.x.x;rport=5060
From: “UNAVAILABLE” sip:[email protected];tag=as010c6b06
To: sip:[email protected];tag=as5c726278
Call-ID: [email protected]
CSeq: 103 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Content-Length: 0[/code]

I believe the problem is related to the line(s) that say sip:[email protected] as the @192.168.0.50 is my internal IP address for the asterisk server. I’ve tried unsuccessfully to put my domain name in the configuration, as well as nat=yes in 10 different places, but I haven’t found the magic combination yet. I would think that it should say something more along the lines of sip:[email protected] or even sip:[email protected] (public IP address)

Any help would be greatly appreciated. Thanks in advance!

cosmicwombat · March 18, 2008, 3:37am

sip_nat.conf up yet? If not google sip_nat.conf and see where you may be off.

cmhxaktsoft · March 18, 2008, 4:11pm

It is configured. Here are the values:

localnet=192.168.0.50/255.255.255.0 externhost=28.162.x.x externrefresh=10 fromdomain=asterisk.mydomain.com nat=yes qualify=yes canreinvite=no

At one time, externhost was set to asterisk.mydomain.com, but internally, that resolves to an internal IP address, and externally, it resolves to a public IP address.

I think we might be getting at the root of the problem, though. I think my internal/external DNS resolution might be part of the problem. Where should I have it set to the external IP address vs. the DNS name?

fskrotzki · March 18, 2008, 5:49pm

does the fromdomain value resolve externally to your external ip? It needs to.

cmhxaktsoft · March 18, 2008, 7:15pm

fromdomain=asterisk.mydomain.com DOES resolve to the external address externally. If anyone in the internet resolves that hostname, it resolves to a public IP address that forwards port 5060 (and ONLY port 5060) to the Asterisk server.

If the asterisk server itself resolves asterisk.mydomain.com, it resolves to 192.168.0.50.

I also had externhost set to asterisk.mydomain.com, but I changed it to the public IP address where port 5060 is forwarded to the Asterisk box. That helped, in that the debug log now says “sip:[email protected]” but I still can’t receive incoming SIP calls.

It’s worth noting here that when I configure x-lite (or any softphone) to use the same SIP server, I can make outgoing calls and receive incoming calls without issue. That client is also behind the same firewall, without port 5060 forwarded.

cosmicwombat · March 18, 2008, 7:48pm

localnet=192.168.0.50/255.255.255.0

needs to be

localnet=192.168.0.0/255.255.255.0
externhost= whatever

loose the rest.

cmhxaktsoft · March 18, 2008, 7:52pm

In my attempt to obscure my internal IP address, I changed the values that I posted here. (My internal address isn’t really 192.168.x.x)

On the actual config, the network entry is correct.

Regarding your comment to lose the rest, are you saying that I don’t need the following entires?

externrefresh=10 fromdomain=asterisk.mydomain.com nat=yes qualify=yes canreinvite=no

Thanks again for all the time you’ve spent helping out.

cosmicwombat · March 18, 2008, 8:00pm

externhost=asterisk.host.com
localnet=192.168.0.0/255.255.255.0

Nothing more.

nat=yes exists in the trunk set up, so it doesn’t need to be here.