Update external address automatically on failover - Q for a dev

nickzed · March 16, 2024, 4:33am

Some clients have vdsl with static IP, the LAN is of course NAT and their pbx box doesnt change LAN IP, this is all flawless.

But their isp supplied modem/router now also has auto failover to 4G, however, this is with a dynamic CGNAT IP, the failover works great for normal internet usage in a vdsl outage, however freepbx does not, because unlike a VoIP handset that does not care about ext addresses, freepbx does.

I’m not a php guru, but since “detect network settings” is a buttonable option in GUI, there is a way to do this by calling it in script which I can easily write and test for (in perl)
So my question to someone who knows for sure, what is the /bin/php /path/script/option it needs for this?

Some of these clients live in ruralish areas and if vdsl goes dark it can take hours or days to be restored.

(I should add this isnt for external sip users logins - they are not permitted in most cases, especiall health care centres, just onNET users, this is needed so the trunk can work)

Of course I’d also suggest this as a configurable (time wise checking) feature request, but no doubt I’ll get pointed to some obscure expensive comemrcial module

Stewart1 · March 16, 2024, 6:48am

You may not need this, and if you do, it may not work.

Some trunking providers, e.g., Callcentric, handle NAT traversal on their servers, i.e. they send calls to the address/port from which the REGISTER request was received. Provided that you reregister frequently, you should be fine.

Most providers will send calls to the address/port in the REGISTER Contact header. A few providers, e.g., VoIP.ms allow you to select the desired behavior on their portal. If the provider is not doing NAT traversal, the PBX must supply the correct address/port in Contact.

The problem is that many CGNAT implementations rewrite the source port. You can test yours to see whether this is the case. If so, give up and use another solution (different trunking provider, cloud PBX, etc.) However, even if the CGNAT preserves the source port when possible, there is always a chance that the port is in use by another user and it will be rewritten. You can minimize this by choosing a high random Port to Listen On. If this is the case, do some testing to see whether reliability is acceptable.

nickzed · March 16, 2024, 11:01am

I’m not sure it will work either, we’ve played with this from our office at night with no CGNAT, we’ve got 2 vdsl links from multiple carriers, one dedicated for our office trunk and the other our normal internet usages, dumping the trunk primary vdsl, the pbx box could after the routers failover ping out to our trunk carriers network, but freepbx left untouched, for near on 30 mins calls failed because the trunks failed, if we used the refresh button thingy, it picked up new address and calls worked.

So it certainly needs human intervention, but that clicking button calls ajax function command getnetwork foo, which wont work if I try call it directly by using php binary, but the black magic it does should be able to be called direct, once we figure out what needs calling.

Stewart1 · March 16, 2024, 11:55am

Assuming that your CGNAT doesn’t cause an issue with source port rewriting, see

for a way to automatically update Asterisk when your public IP address changes.

My perl script in that thread uses a list of public STUN servers to detect IP address changes. This was made several years ago, so I ran a test to see how many are still working. I found 64; you may wish to update the stunlist.txt file with this data:

77.72.169.211:3478
77.72.169.212:3478
212.227.67.34:3478
81.187.30.115:3478
85.17.88.164:3478
85.214.119.212:3478
88.218.220.40:3478
94.23.17.185:3478
91.151.52.200:3478
217.74.179.29:3478
213.140.209.236:3478
212.227.67.33:3478
77.72.169.213:3478
138.201.60.199:3478
213.251.48.147:3478
216.93.246.18:3478
45.15.102.34:3478
83.125.8.47:3478
138.201.243.186:3478
23.253.102.137:3478
143.198.60.79:3478
193.43.148.37:3478
52.76.91.67:3478
195.242.206.1:3478
77.72.169.210:3478
194.169.214.30:3478
193.28.184.4:3478
176.62.31.10:3478
142.250.21.127:19302
51.89.71.129:3478
111.206.174.2:3478
92.222.127.114:3478
185.88.7.40:3478
109.68.96.189:3478
139.162.62.29:3478
185.39.86.17:3478
195.254.254.20:3478
23.21.92.55:3478
35.158.233.7:3478
91.217.201.14:3478
104.45.13.239:3478
212.45.38.40:3478
212.101.4.120:3478
52.24.174.49:3478
161.53.1.100:3478
217.0.12.1:3478
85.93.219.114:3478
82.97.157.254:3478
82.113.193.63:3478
154.73.34.8:3478
64.131.63.217:3478
70.42.198.30:3478
66.51.128.11:3478
20.93.239.173:3478
83.211.9.232:3478
185.125.180.70:3478
194.61.59.25:3478
195.35.115.37:3478
193.22.119.20:3478
185.45.152.22:3478
74.125.197.127:19302
172.217.199.127:19302
142.251.2.127:19302
172.253.127.127:19302

If you modify the perl script to make it more robust or otherwise improve it, I would greatly appreciate it if you post the update here.

billsimon · March 16, 2024, 3:09pm

Here’s a bash script I am using that works well. Schedule it to run every X minutes in cron. (whatever interval you prefer)

gist.github.com

https://gist.github.com/billsimon/30f9ac809694eae95a8db339b267ba15

gistfile1.txt

#!/bin/bash

CURR_EXT_IP=$( /usr/sbin/fwconsole kvstore --action get --key externip Sipsettings )
REAL_EXT_IP=\"$( curl -s http://whatismyip.akamai.com )\"

if ! [[ $REAL_EXT_IP =~ ^\"[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\"$ ]] ; then
        # echo "Got a bad response from fwconsole extip"
        exit
fi

This file has been truncated. show original

BlazeStudios · March 16, 2024, 8:32pm

Dynamic DNS would solve this. You would need to set up a Dynamic DNS service for the network so that when the IP changes, the DNS record is updated. You then set the external_ settings to the domain which will resolve to the IP.

system · April 16, 2024, 8:33pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.