Any ideas what would break it when going from 5 to 6?
Someone else setup the system so I don’t know much about the trunks.
I guess they’re going through Kazoo with some middleman in between.
None of the trunk info changed, it all got migrated, so why did my main in-bound number break?
OK I think I figured it out.
In the CLI I noticed this warning: "from-sip-external: "Rejecting unknown SIP connection from x.x.x.x"
I then turned on “Allow Anonymous Inbound SIP Calls” to get the existing trunks to work again. Is this a security risk?
Is there anywhere I can specify this IP address as where the calls should be coming from & then turn this setting back off?
I have this in my trunk’s peer details: host=xxxxx.s.zswitch.net
From what I understand it’s coming from Bandwidth: https://www.bandwidth.com
Is that still a HUGE security risk?
How do I get it to work with “Allow Anonymous Inbound SIP Calls” turned off?
First, you went through the effort to upgrade from an old system, but you stopped short of the current supported version. You should be running Distro firmware 10.13.66, or have a good reason why you can’t.
In and of itself, this need not be a security risk. You have configured your system to direct all inbound SIP requests to a specific context, so as long as you limit access to Asterisk SIP services to trusted hosts, there is no issue. Since you are running 12, you don’t have the benefit of the FreePBX Firewall, which means securing your system is harder than it could be if running 13.
I don’t have a good understanding of this parameter, but I believe ‘very’ is deprecated. Try setting:
Thanks very much for the reply.
Actually, I did finish the update path. I’m now on: 10.13.66-17.
I think I forgot to mention that part as I noticed the trunk stopped working after version 6.
I now have FreePBX 18.104.22.168 running with the firewall on.
I’ll try changing the “insecure” parameter tonight after hours.
Thanks very much for the help.
I currently have Asterisk Version: 11.25.1 running.
What are the advantages/disadvantages of using the “asterisk-version-switch” command?
Should I switch to version 12 or 13?
OK, I set “insecure=port,invite” & I could still call into the PBX, but when I turn ‘allow anonymous’ off, I still got “The number I’ve dialed is no longer in service”.
Just an FYI, I signed up for a free trial of SIPStation & it had “insecure=very” in the PEER details.
Another security issue I think I have is, my eth1 public IP address interface has to be set to “trusted”. If I change it to “External”, I don’t get anything at all when I call the PBX, just dead air.
What happened? I was getting great support yesterday, then it all stopped.
I’m getting a tune of these in my CLI:
[2017-01-24 13:42:36] WARNING[C-0000079c]: Ext. s:3 @ from-trunk: Friendly Scanner from 22.214.171.124
[2017-01-24 13:43:07] WARNING: chan_sip.c:4038 retrans_pkt: Retransmission timeout reached on transmission b04367a0700a872b75c8a8d8b318f9bb for seqno 1 (Critical Response) – See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
If I turn off ‘Allow Anonymous Inbound SIP Calls’ I get “The number I’ve dialed is no longer in service”.
If I change my eth1 public facing interface to “External”, no calls are connected, nothing from the PBX…
If these two things are related, it probably means your trunk is misconfigured. Inbound calls from your provider are coming from an unrecognized host. The call appears to come from 126.96.36.199, does that IP correspond to any of the host settings for your trunk?
No that IP isn’t realted to our trunk.
I actully just banned it with iptables.
The trunk settings didn’t change when we upgrated from the old system to the latest.
Only when we swtiched from the old iptables to the new firewall system did these issues start.
I think it unlikely that the Firewall module is somehow causing your inbound calls to arrive as anonymous (but am prepared to be proven wrong), if you disable the Firewall does it solve anything? I am out of ideas, Asterisk thinks the calls are anonymous, and as far as I know, that is always trunk configuration.
OK, I guess these are 2 different issues.
When I disabled the firewall & turned off “Allow Anonymous Inbound SIP Calls” I still get "Number, not in service"
I guess I was just mentioning the firewall, because of all the “Friendly Scanner” messages I was getting.
I can’t help any further. At the asterisk CLI, if you run sip show peers you will see the IP addresses associated with your trunk peers. If an inbound SIP invite comes from a host other than that IP, then you will see what you are describing. My experience tells me this is trunk misconfig, but am heartily prepared to be wrong.
OK I think you might be right.
I setup a SIPStation acct/trunk.
I turned off “Allow Anonymous Inbound SIP Calls” & I put my public facing interface as “External”.
I called the PBX & everything worked fine.
Any way to compare the SIPStation vs. my existing trunk to figure out the diff.
Or is it an upstream issue?