Outbound trunks unreachable

Have had FreePBX working for years at old address. Recently moved and have internet service through UVerse. Have 3 outbound trunks configured. 2 for voicepulse.com and 1 with voip.ms. Phones were working with intermittant loss of connection to trunks but as of a few days ago all trunks went down and stayed down. All attempts to reboot routers, servers, unsuccessful.

My setup: router behind router…Uverse residential gateway (192.168.2.254) has DMZ set for Buffalo wireless router (192.168.1.1) which is acting as my DHCP server. PBX IAF server is on static address 192.168.1.50

I have port forwarded UDP 560-585 and 10000-20000 to 192.168.1.50 on Buffalo router.

From SSH session on pbx server I can successfully ping all the SIP server addresses by name (‘ping voip.sm’ for example)

SIP SHOW PEERS:

Name/username Host Dyn Forcerport ACL Port Status
103/103 192.168.1.22 D A 5060 Unmonitored
104/104 192.168.1.27 D A 5060 Unmonitored
701/701 192.168.1.53 D N A 5060 OK (41 ms)
703/703 192.168.1.22 D A 5060 Unmonitored
704/704 192.168.1.27 D A 5060 Unmonitored
VP-SIPSJCA/Fwq72tAP16 209.31.18.12 N 5060 UNREACHABLE
VP-SIPSJCB/Fwq72tAP16 64.61.93.190 5060 UNREACHABLE
voipms/119595 67.215.241.250 N 5060 UNREACHABLE
8 sip peers [Monitored: 1 online, 3 offline Unmonitored: 4 online, 0 offline]


SIP SHOW REGISTRY

Host dnsmgr Username Refresh State Reg.Time
losangeles.voip.ms:5060 N hidden1 120 Request Sent
sjc-backup.voicepulse.com:5060 N hidden2 120 Request Sent
sjc-primary.voicepulse.com:5060 N hidden3 120 Request Sent
3 SIP registrations.


SIP SHOW SETTINGS:

Global Settings:

UDP Bindaddress: 0.0.0.0:5060
TCP SIP Bindaddress: Disabled
TLS SIP Bindaddress: Disabled
Videosupport: No
Textsupport: No
Ignore SDP sess. ver.: No
AutoCreate Peer: No
Match Auth Username: No
Allow unknown access: Yes
Allow subscriptions: Yes
Allow overlap dialing: Yes
Allow promisc. redir: No
Enable call counters: No
SIP domain support: No
Realm. auth: No
Our auth realm asterisk
Use domains as realms: No
Call to non-local dom.: Yes
URI user is phone no: No
Always auth rejects: Yes
Direct RTP setup: No
User Agent: FPBX-2.8.1(1.8.6.0)
SDP Session Name: Asterisk PBX 1.8.6.0
SDP Owner Name: root
Reg. context: (not set)
Regexten on Qualify: No
Legacy userfield parse: No
Caller ID: Unknown
From: Domain:
Record SIP history: Off
Call Events: Off
Auth. Failure Events: Off
T.38 support: No
T.38 EC mode: Unknown
T.38 MaxDtgrm: -1
SIP realtime: Disabled
Qualify Freq : 60000 ms
Q.850 Reason header: No

Network QoS Settings:

IP ToS SIP: CS3
IP ToS RTP audio: EF
IP ToS RTP video: AF41
IP ToS RTP text: CS0
802.1p CoS SIP: 4
802.1p CoS RTP audio: 5
802.1p CoS RTP video: 6
802.1p CoS RTP text: 5
Jitterbuffer enabled: No

Network Settings:

SIP address remapping: Enabled using externaddr
Externhost:
Externaddr: my-hidden-ip-address:0
Externrefresh: 10
Localnet: 192.168.1.0/255.255.255.0

Global Signalling Settings:

Codecs: 0x10e (gsm|ulaw|alaw|g729)
Codec Order: ulaw:20,gsm:20,alaw:20,g729:20
Relax DTMF: No
RFC2833 Compensation: No
Symmetric RTP: No
Compact SIP headers: No
RTP Keepalive: 0 (Disabled)
RTP Timeout: 30
RTP Hold Timeout: 300
MWI NOTIFY mime type: application/simple-message-summary
DNS SRV lookup: No
Pedantic SIP support: Yes
Reg. min duration 60 secs
Reg. max duration: 3600 secs
Reg. default duration: 120 secs
Outbound reg. timeout: 20 secs
Outbound reg. attempts: 10
Notify ringing state: Yes
Include CID: No
Notify hold state: Yes
SIP Transfer mode: open
Max Call Bitrate: 384 kbps
Auto-Framing: No
Outb. proxy:
Session Timers: Accept
Session Refresher: uas
Session Expires: 1800 secs
Session Min-SE: 90 secs
Timer T1: 500
Timer T1 minimum: 100
Timer B: 32000
No premature media: Yes
Max forwards: 70

Default Settings:

Allowed transports: UDP
Outbound transport: UDP
Context: from-sip-external
Force rport: No
DTMF: rfc2833
Qualify: 0
Use ClientCode: No
Progress inband: Never
Language:
MOH Interpret: default
MOH Suggest:
Voice Mail Extension: *97

In the regular logfiles I am seeing this:

[2012-02-09 22:04:35] NOTICE[2411] chan_sip.c: – Registration for ‘[email protected]’ timed out, trying again (Attempt #2)
[2012-02-09 22:04:35] NOTICE[2411] chan_sip.c: – Registration for ‘[email protected]’ timed out, trying again (Attempt #2)
[2012-02-09 22:04:35] NOTICE[2411] chan_sip.c: – Registration for ‘[email protected]’ timed out, trying again (Attempt #2)


When I perform a SIP SET DEBUG IP 209.31.18.12 (this is one of the voicepulse accounts) I get this in the logfile:

[2012-02-09 22:16:51] VERBOSE[2411] chan_sip.c: Reliably Transmitting (NAT) to 209.31.18.12:5060:
OPTIONS sip:sjc-primary.voicepulse.com SIP/2.0
Via: SIP/2.0/UDP my-hidden-ip-address:5060;branch=z9hG4bK1ad4fdf8;rport
Max-Forwards: 70
From: “Unknown” sip:[email protected];tag=as274096f2
To: sip:sjc-primary.voicepulse.com
Contact: sip:[email protected]:5060
Call-ID: [email protected]:5060
CSeq: 102 OPTIONS
User-Agent: FPBX-2.8.1(1.8.6.0)
Date: Fri, 10 Feb 2012 06:16:51 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Content-Length: 0

[2012-02-09 22:16:52] VERBOSE[2411] chan_sip.c: Retransmitting #1 (NAT) to 209.31.18.12:5060:
OPTIONS sip:sjc-primary.voicepulse.com SIP/2.0
Via: SIP/2.0/UDP my-hidden-ip-address:5060;branch=z9hG4bK1ad4fdf8;rport
Max-Forwards: 70
From: “Unknown” sip:[email protected];tag=as274096f2
To: sip:sjc-primary.voicepulse.com
Contact: sip:[email protected]:5060
Call-ID: [email protected]:5060
CSeq: 102 OPTIONS
User-Agent: FPBX-2.8.1(1.8.6.0)
Date: Fri, 10 Feb 2012 06:16:51 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Content-Length: 0

[2012-02-09 22:16:53] VERBOSE[2411] chan_sip.c: Retransmitting #2 (NAT) to 209.31.18.12:5060:
OPTIONS sip:sjc-primary.voicepulse.com SIP/2.0
Via: SIP/2.0/UDP my-hidden-ip-address:5060;branch=z9hG4bK1ad4fdf8;rport
Max-Forwards: 70
From: “Unknown” sip:[email protected];tag=as274096f2
To: sip:sjc-primary.voicepulse.com
Contact: sip:[email protected]:5060
Call-ID: [email protected]:5060
CSeq: 102 OPTIONS
User-Agent: FPBX-2.8.1(1.8.6.0)
Date: Fri, 10 Feb 2012 06:16:51 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Content-Length: 0

[2012-02-09 22:16:54] VERBOSE[2411] chan_sip.c: Retransmitting #3 (NAT) to 209.31.18.12:5060:
OPTIONS sip:sjc-primary.voicepulse.com SIP/2.0
Via: SIP/2.0/UDP my-hidden-ip-address:5060;branch=z9hG4bK1ad4fdf8;rport
Max-Forwards: 70
From: “Unknown” sip:[email protected];tag=as274096f2
To: sip:sjc-primary.voicepulse.com
Contact: sip:[email protected]:5060
Call-ID: [email protected]:5060
CSeq: 102 OPTIONS
User-Agent: FPBX-2.8.1(1.8.6.0)
Date: Fri, 10 Feb 2012 06:16:51 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Content-Length: 0

Please help… after 3 years of using PBX IAF Im about to throw in the towel!!
Robert

Why do you need the two routers? You will probably never get this to work. Can’t you put the uverse router in bridge mode?

The UVerse gateway cannot be put in bridge mode, it is not possible to turn off its DHCP server, and it does not allow adding “option whatever-it-is” to point to the TFTPBOOT server for my SIP phones.

But regardless of that, I DID have it working for the past 2 months with this setup. I have no idea why it suddenly stopped accessing the trunks a few days ago.

Out of curiosity, try clearing your “localnet” settings in sip_nat.conf

I’ve seen that clear up this issue before (which doesn’t make any sense to me!)

“Why do you need the two routers? You will probably never get this to work. Can’t you put the uverse router in bridge mode?”

Because the U-Verse router is garbage for someone who knows what they are doing. I’d personally never suggest using it. Can’t even connect perfectly fine wireless printers to it.

I know this comment is slightly off topic, but I’d suggest doing exactly what Robert is doing for anyone who gets U-verse (regardless if you’re using FreePBX or not). You’ll likely have a much better experience all around.

Unless your u-verse router has a specific role, I agree with the above. Get yourself a standard Speedstream DSL modem that you can put into bridged mode.
It may have worked in the past, but you are balancing a plate on the edge of a stick, ontop of a table… You are fighting a clean network layout from the beginning and adding latency to your voip traffic (even if it is just a little)
A $40 DSL modem can make your life easier.
I know the problem solver in you is probably trying to figure out the initial problem, but if you are down, you are down. Get it back to working in a quick, cheap way.

atcomsystems.ca: Thanks for the suggestion but clearing the “localnet” settings has no effect

batt4u: If only it was that simple…the Uverse gateway is an intrinsic component of the UVerse service. It is made specifically for Uverse by the company 2wire. The serial number of the gateway is recorded into the database of the Uverse system by the installer and is tied to the UVerse account. No UVerse RG (residential gateway) = No Uverse service.

Any other suggestions?

I have a suggestion but it will cost some money. Find a local ISP that will sell you a VPN with a public IP.

You can then put a real router behind the turd and tunnel out a real honest to goodness netblock. Find an ISP that is peered with AT&T locally and you will be connected to a better backbone with your net latency should be lower.

I run this setup at my house. If the uverse router doesn’t offer ipsec traversal (I can’t imagine it doesn’t) then you are SOL.

Option 2 - Find a provider that supports IAX. It’s single port protocol will tunnel through the most convoluted NAT setups.

Forget it …I just set up to have Uverse ripped out and switching to TimeWarner for internet. Arranging to have it done tomorrow.

I don’t even qualify customers on DSL…