Well… This same customer has thrown me a curve ball. So, now they want to use ZULU. It wasn’t part of the original spec, but now they want to add it. I have ZULU mostly working, but I believe some of the quirks Im having are related to me using legacy chan_SIP with the physical phones and the provider. SO, the reason I replied on this thread is because it directly relates back to getting the SIP trunk working. As you all pointed out - this providers trunk does work with PJSIP. I have moved PJSIP back to port 5060, and disabled chan_sip… All trunk settings are the same. Outbound calls work perfect. Inbound calls immediately drop - in fact I don’t even see anything in the CLI with SIP debugging enabled…If I enable anonymous inbound SIP and SIP guests - inbound calls work perfect. But, I immediately start getting a bunch of bogus calls from random numbers, so I really don’t think I want to leave it that way. This machine is using a direct external IP on the internet, and a LAN internal connection. Gateway is set to the external IP gateway - which is also the interface that the SIP provider uses. The SIP provider does not use any authentication at all. I do have an exception rule in the firewall for the IP address of the SIP gateway. I have tried a multitude of settings in the inbound SIP settings on the trunk, including leaving it blank, and it all works the same. Works great with anonymous and guest allowed, calls don’t come inbound if anonymous and guest are disabled. How can I fix it so that I can only allow “anonymous” inbound SIP traffic from that one address? Or, more generically, how do I make sure the box is secure and my channels don’t get tied up with tons of bogus calls? I think this is part of the “technical debt” you spoke of @lgaetz… Thanks again in advance for any guidance you can give.
This makes for a very simple pjsip trunk. Just enter the name or ip the provider has given you and set Auth and Registration to None. Then disable the guest access and anonymous.
Jeez. I feel stupid… Thanks for putting me on the right path… Ill be the first to admit what I did. So - even though I had disabled chan_sip and set everything to PJSIP, what I didn’t do was recreate the SIP trunk to the provider as a PJSIP trunk…It was still a standard SIP trunk and I was messing with the settings in there… So, I made a new PJSIP trunk - with barely any settings and it works exactly as I expect, inbound and outbound work fine. And as a bonus, I don’t see the ;npdi appended to all the DIDs now either… Thanks so much…
Remember to add all of the possible inbound call sources to your Permit list (in the Advanced tab) so that you don’t start dropping calls.
That picture shows a bad configuration.
You need Authentication and Registration set to “None” like this.
As @cynjut stated, you also need to go to the advanced tab, look for Match (Permit) and populate it like this. Obviously with your providers sending IP blocks.
FirstComm needs to update ARIN because
whois 22.214.171.124 still shows the entire /24 reassigned to a company in Illinois that is out of business.