Specific SIP trunk per extension but if in use, use the "main" trunk, easiest way to do this

Hi all,

I have my machine all up and running it’s working a treat.
I have 5 SIP Trunks connected to my providers asterisk box.
Each is registered trunk.

I have 10 remote sip extensions again all working perfectly. (combinations of cisco7960, pap2, xlite etc)

1 of the SIP trunks is our main inbound number the other 4 are for direct inbound dial for 4 of the extensions (again all working perfectly), now comes the part I don’t know how to do.

I want each of the 4 extensions to use there own sip trunk for outbound calls.
I want the other 6 extensions to use the “main” sip trunk as theres.

I tried to install and setup custom contexts but couldn’t get it to work (I think it is more there isn’t any real guide I could find that actually made sense for what I want to do).

Any help would be greatly appreciated.

Cheers
Ad

Ohh I’m running
FreePBX 2.5…5
Asterisk 1.4.21.2~dfsg-3ubuntu2 built by buildd @ crested on a x86_64 running Linux

First things first… have you read:

How to give a particular extension different or restricted trunk access for outgoing calls

CustomContexts (documentation)

Outbound Route Permissions (documentation)

N.B. Don’t use BOTH of the above modules; pick one or the other.

Keep in mind that within an individual Outbound Route you can specify the trunk order you prefer.

Ok I have installed the Outbound Router Permissions module and again can’t seem to get this one to work either…

I tried to roll this down to it’s simplest form.
I have 2 outbound routes (which each use there own single sip trunk).

I have put on the main Outbound Permissions page ALL in the allow on both routes.
I then went to my specific extension and put one route as No and the other as Yes, reloaded and when dialing out I get a barred signal.

What I have I missed here?

Extension Changed 5855[ext-local] new state InUse for Notify User 5860
– Executing [0XXXXXXXXX@from-internal:1] Macro(“SIP/5855-01bf9000”, “user-callerid|SKIPTTL|”) in new stack
– Executing [s@macro-user-callerid:1] Set(“SIP/5855-01bf9000”, “AMPUSER=5855”) in new stack
– Executing [s@macro-user-callerid:2] GotoIf(“SIP/5855-01bf9000”, “0?report”) in new stack
– Executing [s@macro-user-callerid:3] ExecIf(“SIP/5855-01bf9000”, “1|Set|REALCALLERIDNUM=5855”) in new stack
– Executing [s@macro-user-callerid:4] Set(“SIP/5855-01bf9000”, “AMPUSER=5855”) in new stack
– Executing [s@macro-user-callerid:5] Set(“SIP/5855-01bf9000”, “AMPUSERCIDNAME=User01”) in new stack
– Executing [s@macro-user-callerid:6] GotoIf(“SIP/5855-01bf9000”, “0?report”) in new stack
– Executing [s@macro-user-callerid:7] Set(“SIP/5855-01bf9000”, “AMPUSERCID=5855”) in new stack
– Executing [s@macro-user-callerid:8] Set(“SIP/5855-01bf9000”, “CALLERID(all)=“User01” <5855>”) in new stack
– Executing [s@macro-user-callerid:9] Set(“SIP/5855-01bf9000”, “REALCALLERIDNUM=5855”) in new stack
– Executing [s@macro-user-callerid:10] ExecIf(“SIP/5855-01bf9000”, “0|Set|CHANNEL(language)=”) in new stack
– Executing [s@macro-user-callerid:11] GotoIf(“SIP/5855-01bf9000”, “1?continue”) in new stack
– Goto (macro-user-callerid,s,20)
– Executing [s@macro-user-callerid:20] NoOp(“SIP/5855-01bf9000”, “Using CallerID “User01” <5855>”) in new stack
– Executing [0XXXXXXXXX@from-internal:2] Set(“SIP/5855-01bf9000”, “__ROUTENAME=Test”) in new stack
– Executing [0XXXXXXXXX@from-internal:3] Set(“SIP/5855-01bf9000”, “_NODEST=”) in new stack
– Executing [0XXXXXXXXX@from-internal:4] Macro(“SIP/5855-01bf9000”, “record-enable|5855|OUT|”) in new stack
– Executing [s@macro-record-enable:1] GotoIf(“SIP/5855-01bf9000”, “1?check”) in new stack
– Goto (macro-record-enable,s,4)
– Executing [s@macro-record-enable:4] AGI(“SIP/5855-01bf9000”, “recordingcheck|20090526-114033|asterisk-1243302033.267”) in new stack
– Launched AGI Script /usr/share/asterisk/agi-bin/recordingcheck
recordingcheck|20090526-114033|asterisk-1243302033.267: Outbound recording not enabled
– AGI Script recordingcheck completed, returning 0
– Executing [s@macro-record-enable:5] MacroExit(“SIP/5855-01bf9000”, “”) in new stack
– Executing [0XXXXXXXXX@from-internal:5] Macro(“SIP/5855-01bf9000”, “dialout-trunk|8|0XXXXXXXXX||”) in new stack
– Executing [s@macro-dialout-trunk:1] Set(“SIP/5855-01bf9000”, “DIAL_TRUNK=8”) in new stack
– Executing [s@macro-dialout-trunk:2] AGI(“SIP/5855-01bf9000”, “checkperms.agi”) in new stack
– Launched AGI Script /usr/share/asterisk/agi-bin/checkperms.agi
checkperms.agi: Starting checkperms.agi
– AGI Script Executing Application: (Goto) Options: (invalid-dest-set-default-fail|barred|1)
– Goto (invalid-dest-set-default-fail,barred,1)
– AGI Script checkperms.agi completed, returning 0
== Channel ‘SIP/5855-01bf9000’ jumping out of macro ‘dialout-trunk’

0XXXXXXXXX = my mobile I’m trying to call from my extension (5855)

Cheers
Ad

Quoting from the documentation AND the module page:

[QUOTE]Note that Asterisk is incapable of having two identical routes and trying to force calls to use the other route if one of them is banned by this module. It will not work. You must have unique outbound routes for the proper selection to work

If you wish to emulate this functionality, you can use the ‘Redirect’ function. …[/QUOTE]

Note that just having a different trunk selection does NOT make the routes non-identical!

Perhaps it will help if I explain it this way. When you place a call, irregardless of what you may or may not have done in routepermissions, Asterisk goes through your routes one by one and tries to match the number called to the patterns in your routes. It stops searching on the FIRST match it finds, and that’s it - under no circumstances will it look at any other route once it’s found a match. Only AFTER it has found a match (actually, only after it’s already sent the call to a trunk) does it check to see if the user has permission to use that route. If yes, the call goes through, but if no, the call stops dead in its tracks.

Let’s say you have a second route with identical dial patterns as the first. Your outbound calls will never use it, no matter what you do. Remember: Asterisk stops searching on the FIRST match, and it doesn’t check to see if the user is allowed to use the route until AFTER it’s made that match.

So that’s the point of the redirect prefix. Let’s say your first route has the pattern 1NXXNXXXXXX (not something I’d recommend unless you want to allow some really high-cost calls to the Caribbean, but it’s just an example here). If in your second route you also put 1NXXNXXXXXX, that pattern will never be matched. It HAS to be unique. So what I might do is instead use something like 0001|1NXXNXXXXXX for the second route. Then when you deny access to that first route, you put the 0001 prefix in the “redirect” text entry box. Now let’s say you make a call to 1-800-555-1212 from an “alternate route” extension:

● User dials 1-800-555-1212

● 18005551212 is sent to from-internal context which begins looking for a match on the number in the route dial patterns.

● A match for 18005551212 is found in a route, the one and only route that will ever be used for the number 18005551212.

● The call is then sent to the first trunk in the list associated with that route.

● One of the first things the trunk does is to determine if the user (identified by Caller ID number) is allowed to place calls via the route that the call just came from (which is still available in a variable). In this case it finds that no, the user is NOT allowed to place a call on this route, BUT that a redirect prefix of 0001 has been supplied

● The called number is then modified to be 000118005551212

● 000118005551212 is sent back to the from-internal context which begins looking for a match on that number in the route dial patterns.

● A match for 000118005551212 is found in a route (hopefully NOT the same one that would match 18005551212), the one and only route that will ever be used for the number 000118005551212.

● Because of the bar character in the dial pattern, the digits 0001 are removed from the called number - note that at this point the route has already been selected - so the number again becomes 18005551212 before being passed to the trunk.

● The call is then sent to the first trunk in the list associated with that route.

● One of the first things the trunk does is to determine if the user (identified by Caller ID number) is allowed to place calls via the route that the call just came from (which is still available in a variable). In this case it finds that yes, the user IS allowed to place a call on this route.

● The call then goes out the selected trunk - or if that trunk is busy, it will try any other trunks associated with that route.

If you are truly following along up to this point, you might realize there’s a slight inefficiency here if a trunk is busy, because the user’s permission to place the call is checked each time the use of another trunk is attempted. However as a practical matter you’d never notice the additional time because the check is very quick.

I hope that helps you understand why you can’t use the same pattern in two different routes and expect it to work. You must use a redirect prefix on at least one of the patterns so that it will be recognized as unique.

Off-topic comment: I know how some of you must feel when I’m rattling off these explanations and maybe you’re just not getting it. I’ve been in the same position the last couple of days, trying to set up a VPN using OpenVPN, and most of the explanations I see assume a whole lot of knowledge that I don’t have, and therefore the instructions make absolutely no sense whatsoever. I try to simplify some of these explanations as best I can, and I’m truly sorry if some of them are still “clear as mud.”

Indeed yes wiseoldowl you are wise (not sure bout old) but very wise…

I now totally get how this works, I’ll wait for knock off time tonight to implement how I think it works and will keep you posted.

Thank you for you detailed response that is exactly what I needed.

P.S Maybe I can return the favor, pm me your email I can help with your vpn issues if you like (have implemented many openvpn and ipsec setups).
Currenlty rolling an openswan to cisco ASA as we speak…