No SIP Register Response

asterisk
Tags: #<Tag:0x00007f24c195f5c8>

(Praveen B V) #1

Hi,

I’ve a FreePBX which is setup on Azure Cloud ( Using the FreePBX from Azure Marketplace)
Here i’m trying to register an extension to FreePBX, i can see Register Messages coming into the asterisk, but i’m unable to see responses. Below is the SIP request.

can anyone help?

172.Z.Z.Z.14920 > freepbx.sip: SIP, length: 801
REGISTER sip:20.Y.Y.Y SIP/2.0
Via: SIP/2.0/UDP 106.X.X.X:14920;branch=z9hG4bK7EF3C868B036A355A8972E3592C5D209;rport
From: “+35312312312” sip:35312312312@20.20.Y.Y.Y;tag=93279972953069E3C871E7A1CCAE1945
To: “+35312312312” sip:35312312312@20.20.Y.Y.Y
Contact: sip:35312312312@192.168.A.A:5060;transport=udp
Call-ID: 0F8EE46A862A531CA5E6C3B0EDBEC2825A04@20.Y.Y.Y
User-Agent: Softphone Desktop Windows 1.0
Supported: timer, replaces
CSeq: 1 REGISTER
Max-Forwards: 70
Event: registration
Allow-Events: message-summary, registration
Expires: 3600
Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE
Content-Length: 0

where 172.Z.Z.Z is my FW IP
20.Y.Y.Y Public Facing IP of FreePBX
192.168.A.A is my Laptop IP
106.X.X.X my public address

20.Y.Y.Y is configured as part of my SIP Settings


#2

I assume that this is a packet captured at the PBX with tcpdump, sngrep, etc. If not, please explain.

This capture is ahead of the FreePBX firewall, which may be blocking the packet. At the Asterisk command prompt, type
pjsip set logger on
if a pjsip extension, or
sip set debug on
for chan_sip. If you don’t see the REGISTER requests, it’s a FreePBX firewall issue. If you do see them, are there responses? If so, are they sent to the correct IP address and port?

However, I don’t understand the 172.Z.Z.Z. Is this a firewall that is part of the Azure cloud? If so, I wouldn’t expect it to rewrite the source IP address but would expect to see the packet coming from 106.X.X.X. Please explain.

Also, the Via header is strange; I would expect to see the 192.168.A.A address. Confirm that anything related to NAT in the softphone is turned off. What router/firewall do you have between 192.168.A.A and 106.X.X.X?


(David55) #3

Because it has set rport, any reply will be addressed to the firewall, not to the 160… address.

I suspect there is an application level gateway in the firewall, and all the reports I see of those are that they are broken, and it is best to disable them.


(Praveen B V) #4

Hi,
Yes these packets are captured using TCPDUMP, using the Asterisk command prompt “pjsip set logger on”, we do not see any Register requests.
Also do not see any responses from the FreePBX on the TCPDUMP.

20.Y.Y.Y Public Facing IP of the Azure FW and 172.Z.Z.Z is the Azure Firewall private IP
And a DNAT rule has been applied on the Azure FW where the source is 106.X.X.X and destination is 20.Y.Y.Y to be translated to the interface IP of FreePBX 10.200.B.B ( which is not seen in the SIP request here)

As part of the FreePBX firewall Config, we have marked 20.Y.Y.Y, 172.Z.Z.Z, 106.X.X.X and 10.B.B.B as trusted.

106.X.X.X is my public IP and 192.168.A.A is Wireless LAN wifi adapter IP assigned to the laptop automatically while we connect to WiFi router.


(Praveen B V) #5

Disabled rport and and tried again, but no luck.


(Itzik) #6

Check intrusion detection under system admin if the IP is banned.


(Praveen B V) #7

20.Y.Y.Y, 172.Z.Z.Z, 106.X.X.X and 10.B.B.B are part of Whitelist in Intrusion detection settings and also have restarted it post config.


#8

Is Asterisk actually listening on the correct ports? Please post the output of
netstat -lun
and the contents of
/etc/asterisk/pjsip.transports.conf

Also, confirm that Admin->System Admin->Intrusion Detection shows
No Banned IP's

Seeing 172.Z.Z.Z as the source address is a separate problem. I know nothing about Azure, but possibly


will help, specifically the “Enable direct server return” option.


(Praveen B V) #9

Here is the output of

  1. netstat -lun
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State
    udp 0 0 0.0.0.0:5353 0.0.0.0:*
    udp 0 0 0.0.0.0:40599 0.0.0.0:*
    udp 0 0 0.0.0.0:53 0.0.0.0:*
    udp 0 0 0.0.0.0:68 0.0.0.0:*
    udp 0 0 0.0.0.0:68 0.0.0.0:*
    udp 0 0 0.0.0.0:69 0.0.0.0:*
    udp 0 0 0.0.0.0:111 0.0.0.0:*
    udp 0 0 0.0.0.0:123 0.0.0.0:*
    udp 0 0 127.0.0.1:323 0.0.0.0:*
    udp 0 0 0.0.0.0:4569 0.0.0.0:*
    udp 0 0 0.0.0.0:60000 0.0.0.0:*
    udp 0 0 0.0.0.0:737 0.0.0.0:*
    udp 0 0 0.0.0.0:45995 0.0.0.0:*
    udp 0 0 10.B.B.B:5060 0.0.0.0:*
    udp 0 0 0.0.0.0:5160 0.0.0.0:*
    udp6 0 0 :::40675 :::*
    udp6 0 0 :::53 :::*
    udp6 0 0 :::111 :::*
    udp6 0 0 :::123 :::*
    udp6 0 0 ::1:323 :::*
    udp6 0 0 :::737 :::*

  2. /etc/asterisk/pjsip.transports.conf

#include pjsip.transports_custom.conf
[10.B.B.B-udp]
type=transport
protocol=udp
bind=10.B.B.B:5060
external_media_address=20.Z.Z.Z
external_signaling_address=20.Z.Z.Z
allow_reload=no
tos=cs3
cos=3
local_net=10.B.B.0/24
local_net=172.Z.Z.0/25

[10.B.B.B-tls]
type=transport
protocol=tls
bind=10.B.B.B:5061
external_media_address=20.Z.Z.Z
external_signaling_address=20.Z.Z.Z
ca_list_file=/etc/pki/tls/certs/ca-bundle.crt
cert_file=/etc/asterisk/keys/default.pem
priv_key_file=/etc/asterisk/keys/default.key
method=default
verify_client=yes
verify_server=yes
allow_reload=no
tos=cs3
cos=3
local_net=10.B.B.0/24
local_net=172.Z.Z.0/25

  1. Yes there are no banned IP’s in intrustion detection, attached snap.

(Praveen B V) #10

Hi,
Posted the details below


#11

I’m fairly puzzled here. Netstat does show something listening on UDP port 5060, and transports.conf shows that properly configured, yet pjsip logger shows nothing.

One possibility is that FreePBX firewall is not working as expected.

Do a test with both Intrusion Detection and System Firewall disabled. Confirm with
iptables -vL
that iptables is no longer blocking anything.

If still nothing in pjsip logger:

Conceivably the REGISTER packet is going to the wrong IP or port and tcpdump was rendering those as ‘freepbx’ and ‘sip’ incorrectly. Repeat the tcpdump with -n as an additional option; the packet should now show as
172.Z.Z.Z.14920 > 10.B.B.B.5060: SIP, length: 801

If that is also correct, I’d suspect that the logging is not working correctly. Do you see any suspicious errors in the Asterisk log?

I see that you have chan_sip listening on port UDP port 5160. As a test, you could set the Azure firewall to forward UDP 5160 (as you have done for 5060), do a
sip set debug on
in Asterisk, set your softphone to register to port 5160 and see whether sip debug shows anything.


(Praveen B V) #12

Couple of error messages seen

Reloading module ‘res_pjsip_endpoint_identifier_ip.so’ (PJSIP IP endpoint identifier)
ERROR[26272]: res_pjsip_config_wizard.c:1090 object_type_loaded_observer: Unable to load config file ‘pjsip_wizard.conf’

ERROR[26272]: config_options.c:710 aco_process_config: Unable to load config file ‘cdr.conf’


#13

These errors are normal and not related to your issue.


(Praveen B V) #14

Hi Stewart,

Another point, which we’ve noticed is while we click on the Detect Network Settings on Settings > Asterisk SIP Settings > NAT Settings

Returns HTTP error 470 on the TCPDUMP, is this an issue here? Why is FreePBX unable to detect from myip.freepbx.org

freepbx.internal..46028 > 199.102.239.170.http: Flags [P.], cksum 0xa897 (incorrect -> 0x135b), seq 1:70, ack 1, win 229, options [nop,nop,TS val 410047

632 ecr 2385302208], length 69: HTTP, length: 69
GET /whatismyip.php HTTP/1.1
Host: myip.freepbx.org
Accept: /

07:48:50.078336 IP (tos 0x0, ttl 64, id 32918, offset 0, flags [DF], proto TCP (6), length 52)
199.102.239.170.http > freepbx.internal…46028: Flags [.], cksum 0x99b9 (correct), seq 1, ack 70, win 509, options [nop,nop,TS val 2385302210 ecr 410047
632], length 0
07:48:50.078803 IP (tos 0x0, ttl 64, id 32919, offset 0, flags [DF], proto TCP (6), length 344)
199.102.239.170.http > freepbx.internal…46028: Flags [P.], cksum 0x612a (correct), seq 1:293, ack 70, win 509, options [nop,nop,TS val 2385302210 ecr 4
10047632], length 292: HTTP, length: 292
HTTP/1.1 470 status code 470
Date: Wed, 30 Jun 2021 07:48:58 GMT
Content-Length: 161
Content-Type: text/plain; charset=utf-8

HTTP request from 172.16.69.10:46028 to myip.freepbx.org:80. Url: myip.freepbx.org/whatismyip.php. Action: Deny. No rule matched. Proceeding with default action[!http]
07:48:50.078818 IP (tos 0x0, ttl 64, id 42352, offset 0, flags [DF], proto TCP (6), length 52)
freepbx.internal…46028 > 199.102.239.170.http: Flags [.], cksum 0xa852 (incorrect -> 0x99a3), seq 70, ack 293, win 237, options [nop,nop,TS val 41004


(David55) #15

HTTP response 470 is unassigned, according to IANA. You will have to ask whatismyip what they mean by it. A random guess would be that you had exceeded an acceptable use limit.


(Praveen B V) #16

The request is going to http://myip.freepbx.org/whatismyip.php, which returns http error 470,
is this URL need to be configured somewhere?
Where is this URL basically pointing to? or If the interface is open to Internet, should this be automatically taken as part of the FreePBX code?

Or am i missing something here?