Trunk configuration error on DYNAMIC IP

dagnabbit · August 31, 2025, 5:56pm

I have an older version of Freepbx that I’d rather not discuss at the moment. It’s a small (2 phone, 2 DID) system that has been installed and running for a number of years with no problems and working exactly as needed. I use BulkVS as the provider.

A year ago I decided to downsize my IT setup to a Dynamic (dhcp) installation using DDNS. I consulted BulkVS and they told me that only one change was needed: adding an SRV record the the nameserver: _sip._udp SRV 5 0 5060 {domain.com} which we added and all worked well. EXCEPT that we never actually changed the IP address so this was a change with no effect. Flash forward to last week when the old ISP was out and the new is in. Everything works EXCEPT incoming calls return “all circuits busy” and the log file says “chan_sip.c fobidden”

BulkVS tech support has put in the effort but the results have not been productive.
Here is what was changed on their end: the IP trunk was deleted and replaced with a SIP Trunk that named “nnnnnn_domain” and a password "{password}

I guessed from the Internet to add this to the outbound trunk Peer details:
host=sip.bulkvs.com
type=friend
nat=yes
disallow=all
allow=ulaw
insecure=port,invite
context=from-trunk
dtmfmode=rfc2833
user=nnnnnn_{domain}
secret={password}
register=nnnnnnn_domain:{password}@sip.bulkvs.com/{did}

and then this in the Registration String:
nnnnnn_domain:{password}@sip.bulkvs.com with and without the /{did}

After this change, the BulkVS shows that the SIP trunk is registered …

now incoming calls show “chan_sip.c: Failed to authenticate device”

And this is as far as I can go by randomly banging on keys in the hopes of stumbling on a solution, so I’m asking for help.

The entire setup worked fine under the Static IP
Outgoing calls, intercom, messages, etc all work fine - just outgoing calls.

What did I miss?

david55 · August 31, 2025, 7:54pm

This means the source IP address isn’t the one from which the request is being received. Note that because you are using SRV with chan_sip, only the first candidate from the SRV lookup will be used (also you will not be able to upgrade Aserisk, without using a third party source for chan_sip. (You haven’t provided the section name, but I assume that the From user isn’t going to be fixed.)

General points. type=friend should be type under, except in rare cases where you need to actually match on the section name. bulkvs.com has a somewhat broken configuration, if you actually need nat=yes. If you are behind NAT, you need your external address and local networks, in the general section. It is unlikely that you need to make port insecure. I don’t think user exists, and if you need anything there, it is likely to be fromuser, not user. register must be in the general section.

chan_pjsip is supported by the main project, and has better SRV support, and more generally better handling of cases where more than one address is used by the remote side.

david55 · August 31, 2025, 8:01pm

Also, if the IP is very dynamic (some ISPs disrupt the use of servers by changing IPs when there has been no down time in the customer system), you will need chan_pjsip, as chan_sip only resolves the external domain name at startup.

system · October 1, 2025, 8:01pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.