Pjsip trunk configuration with ISP


(Ntranx) #1

hello everyone, i’m kinda new to this so
I explain my problem I have a freepbx central in operation which has a main IP and everything works correctly, my service provider gave me a SIP line to configure said trunk, perfect previously, I have already configured trunks in the cloud and I have not had any problem , My provider gives me the trunk by Ethernet cable with a certain IP (it assigns me the IP that I must have), and connection to a certain IP (IP of the SIP server) I normally configure a pjsip and I have the ringtone inside my PBX but I don’t have Audio and I can’t call either, it tells me that the line is not registered. It should be clarified that the provider only gives me the IP that my central had to have, the IP of their server, and the user, there is no password or anything else. They do the tests to test this line with microsip, and I’ve been trying everything but I can’t make it work to make calls and listen to the audio, I think it may be a NAT problem but I don’t know how to solve it, they can help me


(TheWebMachine Networks (Sangoma Software Development Partner)) #2

You’ll want to ensure that Asterisk is aware of this other network connection so that it handles the routing of audio properly:

  1. Go to Settings > Asterisk SIP Settings
  2. Click the Detect Network Settings button and/or manually enter the subnet information for this special trunking connection in the Local Networks fields
  3. You may also want to try setting Strict RTP = NO in the RTP Settings section. This may not be necessary, but it won’t break anything if you change it to NO anyway.
  4. Submit and Apply Config, test to see if your audio is working

You may also need to adjust your Trunk config and experiment with the following settings that might be at play here (pjsip settings tab; Advanced sub-tab). I specify the defaults here, as they should work for you and in case you altered them by mistake…but you may wish to toggle them to test:

  • Direct Media = NO
  • RTP Symmetric = YES
  • Force rport = YES

Failing that, it would be useful to see a pastebin or snip here of Asterisk output from a call attempt that isn’t getting audio. Either extract from /var/log/asterisk/full or grab it live via asterisk console with some verbosity: asterisk -vvvvvr

You’ll want to remain on the call for 20-30 seconds, if you can…this allows time for Asterisk to make every attempt to establish the media and report some important debugging information while it tries. Hanging up in less than 15 seconds would likely preclude us from seeing such details…but if Asterisk force disconnects you before that, that is fine.


#4

The local networks should only be the networks directly connected to your PBX.
The provider’s network blocks/IP’s should be on the firewall tab for “networks” and you set a type for them (probably “other” or maybe “local” but local opens up more ports).
Also, you have a type of putting 100 instead of 10 in the first octet in box row 2…


(Ntranx) #5

ok excellent thanks for the help, now how do I tell Asterisk that the network I am connecting to is local and not on the internet
because I think it starts looking to connect the extension via the internet and it is a local network, and I tried to put nat = no and without results


#6

You don’t say what you are running on, but if using a freepbx distro OS and a recent freepbx, the Connectivity/firewall menu has tabs for all of this. The interfaces tab is where you set the ethernet’s firewall zone, then in the networks tab you setup all the non-directly connected networks.


#8

That image showing
10.65.5.76/29
doesn’t match your earlier message saying it is 10.65.5.72/29.
But other than that, you may want to break out tcpdump or ngrep and monitor the traffic between you and the provider as well as increase logging on the asterisk side to monitor.


#9

There are several issues:

First, trunks of this type generally do not use registration. Your trunk config should have Registration None and Authentication None. If you are certain that registration is required, please post the working MicroSIP setting and I’ll try to give the equivalent for Asterisk.


(Ntranx) #10

10.65.5.76/29 is the ISP’s SIP Server and this is the 10.65.5.72/29 network of the Server


#12

10.65.5.76/29 is a network block, not a single IP. I would expect it to be /32 if you are indicating a single server.

hmm, ok, using a cidr block calculator, I see that 10.65.5.76/32 is in the block 10.65.5.72/29 (range 10.65.5.72 to 10.65.5.79)
So I would just use the network 10.65.5.72/29 in your network list for them. I suppose the 10.65.5.76/29 format works too, but looks odd to not use the 10.65.5.72/29.


#14

At this point I would be checking asterisk logs to see what it is logging about that connection since is not registering.


#16

ok, so if using one of those IPs, you would use a /32 to indicate it on the firewall. i.e. the SIP Movistar subnet is 10.65.5.72/29 and the proxy host is at 10.65.5.76/32.

Oh, and they are using standard ports like 5060 correct? As the fpbx firewall uses standard ports out of the box.


#17

If your IP address on eth1 is 100.64.128.178 and you must use that address to contact the ISP’s proxy at 10.65.5.76, then you need a route at the OS level to send those packets. I suspect that is missing.

From a root shell prompt on the PBX, please post the output of
ifconfig
and
ip route


(Ntranx) #18

yes I use standard ports but I got a bit lost with the addresses, in the firewall I put 10.65.5.72/29 and the host connection address 10.65.5.76/32?


#19

If you put 10.65.5.72/29 as a local network, that will include the proxy in that network block. I would mark it as ‘other’ as I believe ‘local’ also allows non-SIP traffic like ssh’


#20

I now realize that the first image you pasted 3 hours ago is probably from the ‘Advanced Settings’ page where ‘NAT Settings’ are done. I would think that should only have your local LAN specified as a local network (not those 100.64.128.176/30 and 10.65.5.72/29 lines).


#21

Please try these trunk settings:
Authentication None
Registration None
SIP Server: 10.65.5.76
SIP Server Port: 5060
From Domain: 10.65.5.76
From User: (your user name)
Match (Pemit): 10.65.5.76

If required, add a route from a root shell prompt:
ip route add 10.65.5.72/29 via 100.64.128.177 dev eth1

If no luck, at the Asterisk command prompt, type
pjsip set logger on
make a failing test call, paste the Asterisk log (which should now include a SIP trace) at pastebin.freepbx.org and post the link here.


#23

If your default route successfully routes to the internet, e.g. ping 8.8.8.8 works, then your route table is fine.

If the trunk settings don’t work, post logs of attempted incoming and outgoing calls, including SIP traces as previously described.


#26

The INVITE starting on line 263 got a 400 Bad Request response on line 297.
This is unfortunate in that it doesn’t say what’s wrong, but at least we know that it’s not a firewall issue.

One problem is that Asterisk is substituting its public IP address in the Contact header and the SDP. Your Local Networks settings should prevent that, but changes don’t take affect unless you restart (not just reload) Asterisk. If you haven’t done that since changing Local Networks, reboot the server and test again. If you still see the public IP address being sent, recheck Local Networks.

Though unlikely, a possible issue is the codecs offered. On the Codecs tab of your trunk settings, try unchecking everything except ulaw and alaw.

If you still have trouble, the destination number format may be different from what the provider expects. Possibly, instead of 025xxxxxx, they expect 50325xxxxxx, +50325xxxxxx. If your incoming is working, the format they send you is likely what they want on outbound.

If incoming calls are still not working, post a log (including SIP trace) of a failing call, as well as a new log for an attempted outgoing call.


#27

Maybe confirm your localnet settings - I actually don’t know how to see them via the asterisk console for pjsip - but can pull them from the config files I guess?


#28

I took a look at what MicroSIP does with the settings you gave. Not surprisingly, it adds a Route header:
Route: <sip:10.65.5.76;lr>

Possibly, your provider requires that. Try adding to your trunk settings:
Outbound Proxy: sip:10.65.5.76\;lr