No Audio for remote extensions


(Nathan) #1

I’ve just rolled out all of our remote extensions that are now connecting and registering with our PBX. We have no audio in either direction.

  • Our PBX is hosted in our main office, i have the in built firewall enabled and then it goes through a USG Pro which is forwarding all ports to our PBX.
  • On the remote extensions, they have all ports allowed to the external PBX.
  • I have NAT enabled at both ends with the external IP of the PBX being used.
  • I’ve double checked the correct ports are open.

I’m not sure what next steps to take. Here is a snapshot of a call;

[2020-02-10 10:02:54] VERBOSE[12066] chan_sip.c: --- (9 headers 0 lines) ---
[2020-02-10 10:02:54] VERBOSE[12066] chan_sip.c: Really destroying SIP dialog '4fe2eb1a63d3b78d356bcb7d7f56a303@212.88.88.8:5160' Method: OPTIONS
[2020-02-10 10:02:54] VERBOSE[12066] chan_sip.c: Retransmitting #2 (NAT) to 85.00.00.19:65476:
OPTIONS sip:1352@10.58.65.221:5060;transport=UDP SIP/2.0
Via: SIP/2.0/UDP 00.00.47.35:5160;branch=z9hG4bK430ca9d9;rport
Max-Forwards: 70
From: "Unknown" <sip:Unknown@212.00.00.35:5160>;tag=as10607e18
To: <sip:1352@10.58.65.221:5060;transport=UDP>
Contact: <sip:Unknown@212.00.00.35:5160>
Call-ID: 23d42d6d223f68da08f3a41f0f49c641@212.00.00.35:5160
CSeq: 102 OPTIONS
User-Agent: FPBX-15.0.16.42(16.6.2)
Date: Mon, 10 Feb 2020 10:02:52 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0

Using sngrep (it’s a great tool, wish i knew about it before). i have the following;

[ ] 426  INVITE     1151@pbx.domain 1056@pbx.domain 8     REMOTE_EXT_IP:26571     Internal_PBX_IP:5160     IN CALL

I’m guessing i shouldnt have the internal PBX IP in the destination and it should be the pbx external IP?


(So Fi Comunications) #2

I believe you’re correct there. I think the issue is in the routing, not in the firewall. How are IP Addresses/Hosts communicated across your locations? I think that it’s safe to assume that the remote endpoints are incorrectly being pointed to XXX@pbx.local and that they should be pointed to the IP Address and/or FQDN of your PBX.


(Nathan) #3

I’m also getting the following on a remote extension invite, 192.168.1.241 is the internal IP of the pbx at our head office.

xFrom: <sip:1117@192.168.1.241>;tag=3d5eaebc-d4ad-4cb9-95bf-8ddc128b7835

How are IP Addresses/Hosts communicated across your locations?

I’m not sure what you mean by this?

Under SIP Settings i have;
External Address: the correct external IP for the pbx
Local Networks: 192.168.1.0/24 (do i need to add the local IPs ranges of remote sites?)


(Nathan) #4

Strangely, the following now works;

  • External calls inbound to any extension, local or remote
  • Calls from remote handsets to local handsets

What doesn’t work is;

  • Calls remote extension to a remote extension.

(Joshua Cadman) #5

There are a few checks to ensure that the audio works in remote extensions.

  1. Ensure NAT is enabled on the trunk details
  2. Ensure NAT is enabled on the extension/user
  3. Ensure that the RTP port(s) under the Advanced SIP Settings are open on your firewall

(Nathan) #6

We have since changed this and now have the remote extensions using the OpenVPN. They connect fine and register, we can hear audio but get cut off at 30 seconds. I guess this is the RTP traffic not getting through.

I thought it would just tunnel that traffic through to the pbx and so wouldn’t be an issue other ports being opened.

The local IP of the VPN clients is added the local networks - do i need to disable NAT anywhere else? I can’t get access to SSH at the moment so can’t produce the logs


(Joshua Cadman) #7

Is NAT enabled in the trunk? I had it where it would cut off and some calls would be one way audio due to not having NAT enabled for the trunk.


(Nathan) #8

I can’t see any options for NAT at the trunk level. I’ve been digging around and now have SSH access. Looking at a call, i get the below at 32 seconds.

BYE sip:1260@10.8.0.54:5060;transport=UDP SIP/2.0
xVia: SIP/2.0/UDP External_IP:5060;rport;branch=z9hG4bKPj5faf3ddc-6515-4f7c-b263-241f07e9a35a
xFrom: <sip:Mobile_number@10.8.0.1>;tag=65eff96d-a5ca-4d15-a4b4-b1d7819eff2a
xTo: "1260" <sip:1260@10.8.0.1>;tag=1b279428810a094
xCall-ID: 41467cd95b394e9@10.8.0.54
xCSeq: 29899 BYE
xMax-Forwards: 70
xUser-Agent: FPBX-15.0.16.42(16.6.2)
xContent-Length:  0

I’m not sure the external IP should be there, strange as there are lots of SDP 200 OK before with the correct internal IP.


#9

if you’re getting cut off after 30 seconds, check the UDP timeout on your router/firewall


(Nathan) #10

I’ve already looked at that, on the USG Pros theres both UDP Other and UDP stream. I set both to 50 seconds and still got cut off at 32.

Would things like that effect it, as the remote extensions are VPN’d in? I thought they would only communicate via the internal (VPN) network of 10.8.0.* but as posted above, the 2nd line contains the external IP address.

NAT wise;
NAT = No
IP Config Override = External IP

A reminder of the route our traffic takes. PBX > PBX Firewall > USG PRO > Remote Firewall > Remote Extension. The remote extensions VPN into the the PBX. In my (simple) mind, so long as the VPN connection is live all data should be passed through that tunnel and i should have any other issues. Other than the provisioning data, does any other traffic get sent outside of the tunnel?


(Joshua Cadman) #11

Try changing NAT to Yes


(Nathan) #12

But surely it wouldn’t be needed as phones are on a 10. range connecting to the pbx on 10. range through a VPN tunnel?

I’ve tried it anyway and i still get cut off at 32 seconds on a outbound call only.

EDIT: This is any outbound call, either to an external DDI or another remote extension.


(Joshua Cadman) #13

Is this just a problem with remote extensions? All local extensions work with no issues?


(Nathan) #14

That was correct.

We have since ditched the VPN. Remote extensions connect fine.

  • They can receive external calls and they work fine.
  • They can dial out for external calls and they work fine.
  • They have no audio when a remote extension calls another remote extension, or forwards a external call to another remote extension.

I always though no audio was a NAT/Firewall issue, but this can’t be the case is external calls are working fine.


#15

I think it would still help to see a packet capture of a remote ext to remote ext call. I agree that it might not be a nat/firewall issue based on what we know so far, but it still might lead to some clues. In this case, I wouldn’t filter for only sip since it could help to see any rtp packets involved.