Hello everybody,

we are trying to connect two trixbox servers, which are in two different offices.
We have used the “friend method”.
The problem is I can call the extensions of the other office, but they can’t call my extension…
So I’m wondering if there is something wrong in my firewall configuration…
I have created this rule:

_ Packet Direction: WAN to LAN
_ Source IP Address: the IP of the other office
_ Destination Address: the internal IP of our Asterisk server
_ Selected Services: *Asterisk(UDP:4569)
_ Day to Block: Saturday and Sunday
_ Time of day to block: All day
_ Action for matched packets: Forward

Are these settings correct?

Thanks!

My understanding is that UDP 4569 is the default IAX2 port.

There are a few good tutorial abouts for making IAX ports. It’s easiest if both are on fixed IP, or have dynamic DNS.

1. Create IAX trunk, call it ToSecondServer
   2 Edit the default details you can pick any user/pass you llke.
2. In peer details:-
   host=1.2.3.4 ; the other end’s IP address/Hostnane
   username=Server1
   secret=server1auth
   type=peer
   qualify=yes

At the other end

4 Create an IAX trunk
5. Call it ToFirstServer
6 In user context type Server1 ; the username you are sending from the first trunk
7 In user details type
secret=Server1Auth ; from the secret you are sending
type=user
context=from-internal.
qualify=yes

Now repeat the other way round In the ToFirstServer trunk

host=4.3.2.1 ; the other end’s IP address/Hostnane
username=Server2
secret=server2auth
type=peer
qualify=yes
In user context at the other end, the first server type Server2

In user details
secret=Server1Auth ; from the secret you are sending
type=user
context=from-internal
qualify=yes

Now set up outbound routes to use these trunks at each end.

Assuming a 4 digit numbering system for extensions, Server 1 has extesions in the range 2201 onwards, and server 2 has 3201 onwards.

In Server 1 setup an inbound route that selects the trunk ToSecondServer with the dial pattern 32XX

In Server 2, outbound route has a dial plan that selects ToFirstServer with the dial pattern 22XX

Job done.

You can add trunk=yes to both ends if you want to enjoy the efficiencies of IAX trunking and you have a timing source at each end, e.g. a TDM400.

Leave your firewall open with 4569 UDP forwarded, and no other rules until you get calling each way.

Joe

You have provided some good information but missing some basic info.

How are you attempting to connect? SIP, IAX, etc. 4569 is not the default port for either of those protocols.

fskrotzki, here the information:

I have created an IAX2 trunk.

TrunkName: InterOffice
Peer Details: host=ip.of.other.office
qualify=yes
type=friend

Then I’ve created an outbound route:

Name: InterOffice
DialPatterns: 5XXX
Trunk Sequence: IAX2/InterOffice

The other office has created a trunk and an outbound route too

I’m able of call the other office from my extension (I have an IAX2 client on my pc), but the other office can’t call my extension…

Another info:
in Asterisk -> asterisk Info I’ve got this line:
Name/Username Host Mask Port Status
InterOffice 83.216.164.209 (S) 255.255.255.255 4569 OK (72 ms)
So, it seems all OK…
But the other office has UNREACHABLE as status… Why the other office can’t reach me???

jroper, thank you very much for your help! I’ll try your configuration.

Arg, thanks for the slap Joe, I was thinking IAX port 5038 and not IAX2 which is in 4569. I don’t know where my head was the other day.

you need the context line context=from-internal so when the other system connects it knows it is a internal call and will act like it is another local phone calling.

“But the other office has UNREACHABLE as status… Why the other office can’t reach me???”

I reckon this is probably a network problem.

Go back and recheck the IP address you are pointing at, and make sure you have the firewall at the unreachable end open and pointing to your PBX.

Joe

Thanks for your replies!

fskrotzki, I’ve add the line “context=from-internal”, but it doesn’t work…

jroper, I think it’s a network problem too, but my firewall rule seems to be ok (you can see it in my previous post)…

Any other suggestions?

Building on this question, as a I have a very similar config, we’d like callers into either location to get an IVR, get the option of a company directory and then get the full list from both sites, e.g. 32xx and 22xx and be able to dial directly.

As it is right now, if I come in via the IVR at 22xx and even if I know the 32xx extension I want, it won’t let me dial it, and of course the company directory at 22xx doesn’t have the names for 32xx.

I’m guessing a solution is to set up 32xx extensions on the 22xx box and vice versa, but I’m wonder what the implications are (and also the exact syntax to use - presumably its the custom extension pointing to the IAX2 trunk somehow). However, if I go that route, I wonder what the tradeoffs are, if any?

thx! michael

Directory service between boxes is a bit of a trick. Which directory are you refering to the pbdirectory (dial #411) or directory (press #).

If it is directory. I submitted a patch that will allow it if you are willing do do some work on setup past that it becomes transparent. See Patch http://www.freepbx.org/trac/ticket/2386

Hello everybody, I’ve solved the problem.
The problem wasn’t the firewall, but the router…
Thanks to all!

I also have the same problem… Could you please post how you solved it… I really appreciate it…

Thanks

What version of asterisk are you running? We had a problem with 1.2 where it would register, but after a while it would become unreachable… and that is because if there is a ping time that is too high it will drop the connection and not try to re-establish it.

IAX2 is working much better for us since we went to 1.4.20

Also, there is an CLI> iax2 debug command you can run (asterisk -r to get to CLI …) and that may help you track down your problem.

I’m running asterisk version 1.4… I have 2 asterisk servers in two offices… asterisk servers are connected using a IAX trunk… All extensions are connected to the asterisk using SIP…
In this office B can call office A
but Office A can’t call Office B

the two offices are connected through openvpn… below is a simple diagram of the setup

sip client--------------office A asterisk----------office A gw--------------vpn-------------office b gw/asterisk---------sip client

below is the verbose output i get when i call office B from office A

– Executing [[email protected]:1] Macro(“SIP/1006-081eca50”, “user-callerid|SKIPTTL|”) in new stack
– Executing [[email protected]:1] NoOp(“SIP/1006-081eca50”, “user-callerid: device 1006”) in new stack
– Executing [[email protected]:2] Set(“SIP/1006-081eca50”, “AMPUSER=1006”) in new stack
– Executing [[email protected]:3] GotoIf(“SIP/1006-081eca50”, “0?report”) in new stack
– Executing [[email protected]:4] ExecIf(“SIP/1006-081eca50”, “1|Set|REALCALLERIDNUM=1006”) in new stack
– Executing [[email protected]:5] NoOp(“SIP/1006-081eca50”, “REALCALLERIDNUM is 1006”) in new stack
– Executing [[email protected]:6] Set(“SIP/1006-081eca50”, “AMPUSER=1006”) in new stack
– Executing [[email protected]:7] Set(“SIP/1006-081eca50”, “AMPUSERCIDNAME=xxxxx”) in new stack
– Executing [[email protected]:8] GotoIf(“SIP/1006-081eca50”, “0?report”) in new stack
– Executing [[email protected]:9] Set(“SIP/1006-081eca50”, “AMPUSERCID=1006”) in new stack
– Executing [[email protected]:10] Set(“SIP/1006-081eca50”, “CALLERID(all)=“xxxxxx” <1006>”) in new stack
– Executing [[email protected]:11] Set(“SIP/1006-081eca50”, “REALCALLERIDNUM=1006”) in new stack
– Executing [[email protected]:12] ExecIf(“SIP/1006-081eca50”, “0|Set|CHANNEL(language)=”) in new stack
– Executing [[email protected]:13] NoOp(“SIP/1006-081eca50”, “TTL: ARG1: SKIPTTL”) in new stack
– Executing [[email protected]:14] GotoIf(“SIP/1006-081eca50”, “1?continue”) in new stack
– Goto (macro-user-callerid,s,23)
– Executing [[email protected]:23] NoOp(“SIP/1006-081eca50”, “Using CallerID “xxxxxx” <1006>”) in new stack
– Executing [[email protected]:2] Set(“SIP/1006-081eca50”, “_NODEST=”) in new stack
– Executing [[email protected]:3] Macro(“SIP/1006-081eca50”, “record-enable|1006|OUT|”) in new stack
– Executing [[email protected]:1] GotoIf(“SIP/1006-081eca50”, “0?2:4”) in new stack
– Goto (macro-record-enable,s,4)
– Executing [[email protected]:4] AGI(“SIP/1006-081eca50”, “recordingcheck|20080605-094249|1212655369.4”) in new stack
– Launched AGI Script /usr/share/asterisk/agi-bin/recordingcheck
recordingcheck|20080605-094249|1212655369.4: Outbound recording not enabled
– AGI Script recordingcheck completed, returning 0
– Executing [[email protected]:5] NoOp(“SIP/1006-081eca50”, “No recording needed”) in new stack
– Executing [[email protected]:4] Macro(“SIP/1006-081eca50”, “dialout-trunk|2|2001||”) in new stack
– Executing [[email protected]:1] Set(“SIP/1006-081eca50”, “DIAL_TRUNK=2”) in new stack
– Executing [[email protected]:2] ExecIf(“SIP/1006-081eca50”, “0|Authenticate|”) in new stack
– Executing [[email protected]:3] GotoIf(“SIP/1006-081eca50”, “0?disabletrunk|1”) in new stack
– Executing [[email protected]:4] Set(“SIP/1006-081eca50”, “DIAL_NUMBER=2001”) in new stack
– Executing [[email protected]:5] Set(“SIP/1006-081eca50”, “DIAL_TRUNK_OPTIONS=tr”) in new stack
– Executing [[email protected]:6] Set(“SIP/1006-081eca50”, “GROUP()=OUT_2”) in new stack
– Executing [[email protected]:7] GotoIf(“SIP/1006-081eca50”, “1?nomax”) in new stack
– Goto (macro-dialout-trunk,s,9)
– Executing [[email protected]:9] GotoIf(“SIP/1006-081eca50”, “0?skipoutcid”) in new stack
– Executing [[email protected]:10] Set(“SIP/1006-081eca50”, “DIAL_TRUNK_OPTIONS=”) in new stack
– Executing [[email protected]:11] Macro(“SIP/1006-081eca50”, “outbound-callerid|2”) in new stack
– Executing [[email protected]:1] GotoIf(“SIP/1006-081eca50”, “1?start”) in new stack
– Goto (macro-outbound-callerid,s,3)
– Executing [[email protected]:3] NoOp(“SIP/1006-081eca50”, “REALCALLERIDNUM is 1006”) in new stack
– Executing [[email protected]:4] GotoIf(“SIP/1006-081eca50”, “1?normcid”) in new stack
– Goto (macro-outbound-callerid,s,9)
– Executing [[email protected]:9] Set(“SIP/1006-081eca50”, “USEROUTCID=”) in new stack
– Executing [[email protected]:10] Set(“SIP/1006-081eca50”, “EMERGENCYCID=”) in new stack
– Executing [[email protected]:11] Set(“SIP/1006-081eca50”, “TRUNKOUTCID=”) in new stack
– Executing [[email protected]:12] GotoIf(“SIP/1006-081eca50”, “1?trunkcid”) in new stack
– Goto (macro-outbound-callerid,s,16)
– Executing [[email protected]:16] GotoIf(“SIP/1006-081eca50”, “1?usercid”) in new stack
– Goto (macro-outbound-callerid,s,18)
– Executing [[email protected]:18] GotoIf(“SIP/1006-081eca50”, “1?report”) in new stack
– Goto (macro-outbound-callerid,s,22)
– Executing [[email protected]:22] NoOp(“SIP/1006-081eca50”, “CallerID set to “xxxxxx” <1006>”) in new stack
– Executing [[email protected]:12] AGI(“SIP/1006-081eca50”, “fixlocalprefix”) in new stack
– Launched AGI Script /usr/share/asterisk/agi-bin/fixlocalprefix
== fixlocalprefix: Dialpattern 2XXX matched. 2001 -> 2001
– AGI Script fixlocalprefix completed, returning 0
– Executing [[email protected]:13] Set(“SIP/1006-081eca50”, “OUTNUM=2001”) in new stack
– Executing [[email protected]:14] Set(“SIP/1006-081eca50”, “custom=IAX2/InterOffice”) in new stack
– Executing [[email protected]:15] GotoIf(“SIP/1006-081eca50”, “1?gocall”) in new stack
– Goto (macro-dialout-trunk,s,17)
– Executing [[email protected]:17] Macro(“SIP/1006-081eca50”, “dialout-trunk-predial-hook|”) in new stack
– Executing [[email protected]:18] GotoIf(“SIP/1006-081eca50”, “0?bypass|1”) in new stack
– Executing [[email protected]:19] GotoIf(“SIP/1006-081eca50”, “0?customtrunk”) in new stack
– Executing [[email protected]:20] Dial(“SIP/1006-081eca50”, “IAX2/InterOffice/2001|300|”) in new stack
– Called InterOffice/2001
– Call accepted by (format ulaw)
– Format for call is ulaw
– Hungup ‘IAX2/InterOffice-2’
– No one is available to answer at this time (1:0/0/0)
– Executing [[email protected]:21] Goto(“SIP/1006-081eca50”, “s-NOANSWER|1”) in new stack
– Goto (macro-dialout-trunk,s-NOANSWER,1)
– Executing [[email protected]:1] NoOp(“SIP/1006-081eca50”, “Dial failed due to trunk reporting NOANSWER - giving up”) in new stack
– Executing [[email protected]:2] PlayTones(“SIP/1006-081eca50”, “congestion”) in new stack
– Executing [[email protected]:3] Congestion(“SIP/1006-081eca50”, “20”) in new stack
== Spawn extension (macro-dialout-trunk, s-NOANSWER, 3) exited non-zero on ‘SIP/1006-081eca50’ in macro ‘dialout-trunk’
== Spawn extension (macro-dialout-trunk, s-NOANSWER, 3) exited non-zero on ‘SIP/1006-081eca50’
– Executing [[email protected]:1] Macro(“SIP/1006-081eca50”, “hangupcall|”) in new stack
– Executing [[email protected]:1] ResetCDR(“SIP/1006-081eca50”, “w”) in new stack
– Executing [[email protected]:2] NoCDR(“SIP/1006-081eca50”, “”) in new stack
– Executing [[email protected]:3] GotoIf(“SIP/1006-081eca50”, “1?skiprg”) in new stack
– Goto (macro-hangupcall,s,6)
– Executing [[email protected]:6] GotoIf(“SIP/1006-081eca50”, “1?skipblkvm”) in new stack
– Goto (macro-hangupcall,s,9)
– Executing [[email protected]:9] GotoIf(“SIP/1006-081eca50”, “1?theend”) in new stack
– Goto (macro-hangupcall,s,11)
– Executing [[email protected]:11] Hangup(“SIP/1006-081eca50”, “”) in new stack
== Spawn extension (macro-hangupcall, s, 11) exited non-zero on ‘SIP/1006-081eca50’ in macro ‘hangupcall’
== Spawn extension (macro-hangupcall, s, 11) exited non-zero on ‘SIP/1006-081eca50’

I still couldn’t figure out why its working only one way… any help regarding this really appreciate…

Thanks

I managed to solve the problem…

Recently I updated the freepbx in office B from 2.3 to 2.4… but i haven’t replaced the agi scripts with the new ones… since i replaced them… it worked without any issues…

thanks…