Hello, I need a little help with setup. I do not have any idea what can be wrong.
Here is my config: Trunks:
Name:Twilio_In
Outbound CallerID: +1********** PJSIP Settings
Authentication/Registration-Disabled
SIP Server - added sever from twilio
SIP Server Port - 5060
Context - from-pstn-e164-us
Transport - 0.0.0.0-udp
DTMF Mode - RFC4733
Send Line in Registration - Yes
Match (Permit) - 54.172.60.0/23,34.203.250.0/23,34.203.254.0/24,54.244.51.0/24,52.41.63.0/24
Codecs : ulaw, g729
Inbound Roures:
DID Number: same like - Outbound CallerID: +1**********
Set Destination : Extention, and zoiper in the end
NAT Settings
External Address: Public IP
Local Networks: 182.17.1.1 / 24 ( fake address like example)
My server is behind the NAT, I think that it is make some problems. In case if I will add internal address of freebpx to the Match (Permit) - first call works well, you can call, and accept the call. And you can hear the person, but all next time does not work with - [401 Unauthorized]
Please, help to find out where I am wrong. Thank you
Which side is sending Please authenticate? If it is your side, look at the source address of the request, and work out why it doesn’t match your match permit settings. If it is the remote side, they haven’t recognised you, for some reason. (Please authenticate can mean we don’t know you, but we don’t want you to know that we don’t.)
This setting has no effect, given your other settings.
Gemerally you don’t need to obfjuscate local addresses, but if you do, you should obfuscate with an address in the IANA private use range. If you are not using such an address for your local network, you should fix that.
Thank you.
So, 188.22.18.5.5060 - this is FreePBX address , and what can be that - 188.22.24.7.65477 in this case?
If I will do ip a - I got inet 188.22.18.5/24 brd 188.22.18.255 scope global ens3
So, how can I find out what is that?
I disabled Zoiper - no changes, same error.
Thank you so much for your help!
Your examples are showing real IP ranges. You need to be more clear on what the private IP range is. You claim you’re behind NAT but nothing indicates that you are in your examples.
Maybe I am wrong about that.
So, if I am not correct about that - to what should I pay my attention?
I just do not have ideas what can be wrong…
And I just replace real IP with that - what I have looks like 182.18.8.5
Thank you
Where did you take the tcpdump (on the PBX, on the WAN interface of the router, somewhere else)?
What does the address 188.22.18.5 represent (the LAN address of your PBX, the public IP of your PBX, something else)?
Is the address represented by 188.22.24.7 an address on your LAN, a public IP that you don’t recognize, something else)? If it’s a public IP that you don’t recognize, it’s probably just an attempted attack (if you are listening on UDP port 5060 you will get lots of those) and not causing any trouble. However, your capture is not relevant to the trouble(s) you are having, so post another capture that covers a failing incoming or outgoing call.
Hello, looks like I found the problem with my NAT
Can you please help with setup. I will try to provide the best example now.
External Server IP :65.38.55.183
Internal Server IP: 172.1.8.9
Sip Settings in Settings - NAT Settings
External Server IP :65.38.55.183
Local Networks - 172.1.8.0/24
In trunk I have Twilio Match Permit
54.172.60.0/23,34.203.250.0/23,34.203.254.0/24,54.244.51.0/24,52.41.63.0/24,172.1.0.0/24
With 172.1.0.0/24 - that works, and I can accept many calls, sometimes that dropped.
And After coupe calls - my softphone (zoiper) got 404 and do not want to make any registration - twilio still good.
I know that I am wrong. Can you please explain where?
Thank you
It’s a problem with your router. Instead of routing the SIP, it is running a hidden proxy (a SIP Application Level Gateway). As a result, the nearest SIP entity is the router, not the provider. The general advice is that most SIP ALGs are broken, so it is better to disable them, rather than configure around them.
Hello, thank you.
Nothing help, only this things works when I added internal IP.
What can be a problems? Can it be NAT?
I have no idea how to fix that.
Thank you so much!
So, all calls should go from twilio ip to my freepbx?
And it looks like some NAT problems, like some device has not correct IP change? Am I right?
Can you please describe more detailed? I am really sorry for this basic questions.
The source IP should not be changed, by your router, but it appears to be being changed to one on your local network. That is almost certainly being done by your router, but you should check the address that Asterisk is receiving (use “pjsip set logger on” to enable detailed logging). That would only happen if the “router” was acting as a SIP proxy, rather than a router. Routers normally get this wrong, so this feature should be disabled in the router, which should be easier than to work round the resulting problems.
The problem feature can go under various names, but one of them is SIP Application Level Gateway (SIP ALG).
It would help to have the full “pjsip set logger on” type output, and you may need it to confirm the diagnosis.