I did an install of FreePBX 17 on Debian 12.
I cannot get anything to register SIP.
I get an auth error but looking at the packet capture it is actually “Destination Unreachable”.
It states Code: 3 (Port unreachable in the reply to the INVITE.
I’m sure it’s just a setting but I have setup two separate servers and they both react the same.
I can provide the packet captures if that would help.
I’m confused by the mixing of register and INVITE, in this report. However, I suspect that the destination unreachable is the result of fail2ban kicking in because of multiple authentication errors.
The IP where the phones are at is TRUSTED so Fail2Ban is not blocking.
I have also turned off the firewall temporarily and the same thing happens.
One thing that I have noticed is the Message header contains the natted IP Address at the phones location.
Internet Control Message Protocol
Type: Destination unreachable (3)
\[Expert Info (Note/Response): Type indicates an error\]
Code: 3 (Port unreachable)
Checksum: 0x80c9 \[correct\]
\[Checksum Status: Good\]
Unused: 00000000
Internet Protocol Version 4, Src: 76.XX.XX.XX, Dst: 45.XX.XX.XX
User Datagram Protocol, Src Port: 1066, Dst Port: 5060
Source Port: 1066
Destination Port: 5060
Length: 596
Checksum: 0x50ae \[unverified\]
\[Checksum Status: Unverified\]
\[Stream index: 5\]
UDP payload (520 bytes)
Session Initiation Protocol
Request-Line: REGISTER sip:{domain}.net:5060 SIP/2.0
Method: REGISTER
Request-URI: sip:{domain}.net:5060
Message Header
Via: SIP/2.0/UDP 192.168.10.35:5060;branch=z9hG4bK1346327960
From: “Cynthia” <sip:210@>{domain}<.net:5060>;tag=1346228870
To: “Cynthia” <sip:210@>{domain}<.net:5060>
Call-ID: [email protected]
\[Generated Call-ID: [email protected]\]
CSeq: 1 REGISTER
Contact: <sip:[email protected]:5060>
Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE
Max-Forwards: 70
User-Agent: Yealink SIP-T53W 96.86.0.75
Expires: 3600
\[Expert Info (Warning/Malformed): Header has no colon after the name\]
With Chan-SIP there was a setting for the phone being behind NAT, I’m not sure I have found that in PJSIP.
The server is not behind NAT.
That means that the phone isn’t properly designed for use behind NAT
There are three setting for working around phones that are behind NAT, but do not compensate for that: force rport, symmetric RTP, and rewrite contact.
These are not obviously related to your port unreachable. That means that there is no process running on port 5060 on the addressed machine (or the firewall is pretending that is the case, to confuse blocked attakers).
The phones were working on a FreePBX 16 system for a year, at the same location.
Pretty much my idea but I need to know how to tell Debian or FreePBX to allow that.
I have checked and there is no default firewall running on the server.
This was installed using the standard script that they tell you to install on Debian 12, and I did.
We were able to get a phone to register on IAX2 but the carrier does not support that protocol.
I have installed 17 twice on two different server and they both show the same issue.
I can do an external UDP Port Scan and it shows open.
I imagine they showed the same failure to include the right address. FreePBX, I think as the default setting, does try to work round this, although there are some cases in which it won’t work (e.g. it requires the phone to send the first media in the call).
I have an older test bed Asterisk Server, running FreePBX 15.
It has PJSIP on it and I cannot register a SIP phone on it either.
I changed to CHAN-SIP and everything is fine. I changed no settings, just the driver.
It appears not Debian, not FreePBX 17, not the phones, not the location of the phones, not the network or anything else like that causing the issue but it’s some setting in PJSIP that eludes me.
PJSIP has been out for many years and I don’t understand why I can’t find many people out there that are having similar issues. And the posts I do find give no answers but end and expire without a conclusion. Did they fix it and not want to share the solution?
If you have FreePBX with both Chan Sip and PJ Sip active, they are on different ports. ChanSip on 5060 and PJSip on 5160 (I think that is the defaults). That may be your issue. If you use only PJSip and disable chan sip, you can use 5060 and the phones should register. We had the same problem when we switched several of our clients from Legacy Chan sip over to PJ Sip.
On FPBX 17, only has PJSIP and it is port 5060 and it does not work.
On FPBX 15, I enabled PJSIP only on port 5060 and it does not work.
Switched to Chan-SIP on FPBX 15 only on port 5060 and it works fine.
There is something about my settings in PJSIP, I’m guessing.
Settings → SIP Settings → SIP Settings {chan_pjsip}
Allow Transports Reload: No
Enable Debug: No
Keep Alive Interval: 90
Caller ID into Contact Header: No
Taskprocessor Overload Trigger: pjsip_only
Show Advanced Settings: No
Endpoint Identifier Order: ip username anonymous header auth_username
TLS: None
Transport: UDP - 0.0.0.0 0 All
Port to Listen On: 5060
Not much there to go wrong???
Honestly, this sounds like a network issue, not a FreePBX issue. Almsot every time i have had problems like that it was not FreePBX, especially if you did a brand new installation of 17. What are you trying to register ? Desk phones, soft phones ? Have you tried to factory reset a phone and see if it registers then ?
Three different servers on a network that has 13 other FPBX 15/16 server using Chan-SIP running just fine.
Phones, from 3 different locations, Polycom, Yealink and I forget the other location. The phone register just fine on the Chan-SIP FPBX systems.