Hello,
I have setup GoIP gateway which using chan_sip. I want to use pjsip instead. Please can somebody let me know what is the pjsip equivalent of:
#### Outgoing Settings
Trunk Name: GoIP1
host=192.168.1.75
port=5060
type=peer
context=from-internal
dtmfmode=rfc2833
insecure=very
qualify=yesand
#### Incoming Settings
USER Context:goip_1
secret=password
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
type=friend
qualify=yesThanks
The webpage with the config is at http://samyantoun.50webs.com/asterisk/goip/
Your original configuration doesn’t make sense. Either the goip has a static address and there is no authentication in either direction, or it registers dynamically, under the name of goip_1 and is capable of authenticating itself. It can’t really do both. Which context actually receives the incoming calls? Is the other side of the gateway permitted to originate chargeable calls through you.
Most configurations do not need both incoming and outgoing sections. Generally, if you have host=dynamic, there is an intention to use it outgoing.
insecure=very, which is the obsolete form of insecure=port,invite makes no sense, as you’ve used it on an outgoing section, so there should be no incoming INVITEs to treat insecurely, if it really were only used outgoing, and because you can’t not request a password (insecure=invite) if you don’t have one to request in the first place. I suspect the port is also fixed.
This configuration looks typical of the incorrect and out dated configurations typically provided by ITSPs, who are copying other people’s bad configurations.
Is there documentation on how the GOIP actually works on the SIP side, rather than a canned configuration? I think it is always important to work out Asterisk configurations from first principles, but in this case it is more important than normal, as it looks like there may be only IP authentication for chargeable calls.
Assuming http://www.hybertone.com/uploadfile/download/20140304125509964.pdf is valid, I would suggest that, if you trust the security of your internal network against IP spoofing, you set the GOIP to trunk mode, and its outbound authentication to IP only. If not, you should probably be setting the call out authentication mode to 4 (both). You could still keep trunk mode, if your from-internal context is safe, which would basically look like the standard ITSP configuration, i.e. with only outbound authentication on the Asterisk side, for which there are good sample configurations for PJSIP, That would be simplest, as it looks like the GOIP might not be able to authenticate towards Asterisk without also trying to register. In that case, for simplicity, you would want to make the GOIP dynamic and ignore that you actually knew its address.
Only password authenticating outbound calls (the opposite of what I think you are currently doing) is generally safe, because incoming calls should normally be directed to a context that cannot do anything costly.
Thanks you for your response. I redid the configuration following your advise, and was able to get both outgoing and incoming calls.
Here are screenshots of my setting for others.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
