Use FreePBX with Deutsche Telekom "DeutschlandLAN Cloud PBX"


(Oops7812) #1

Has someone experience or even better a working configuration?

Please note: there are many advices and working configurations for the Deutsche Telekom, but all I found not belongs to this contract type “Cloud PBX”.

I found many examples for “DeutschlandLAN All-IP”, “DeutschlandLAN IP-Start” or “DeutschlandLAN Sip-Trunk” and so on…

And please don’t ask why we choose this contract type. Our old contract was terminated and we have done the wrong decision. Now I try to make the best of it and FreePBX is my choice, but I can’t get registered :frowning:


#2

I’m not familiar with Deutche Telekom, but if what you bought is a PBX setup, they are probably not expecting Asterisk to register to it, but endpoints.


(Oops7812) #3

Yes I know. I’ve tried some SIP Apps (Windows and Android Smartphone), to get a connection as an endpoint directly to our Cloud PBX, but no application are able to connect.

And the support told me: they are giving no support to external applications. The official app for Android is a status presentation: you can see your call log, who is online, and so on. But you cannot start or receive a call with this app. The only possibility: call back or call forward. And that’s not what I wanted or expected.

My last chance is Asterisk/FreePBX. Because here I have the chance to set all options. But I found no working example.


#4

It sounds as if the product only provides call forwarding, not sure you will be able to connect to it in any way…


(Joshua C. Colp) #5

I vaguely recall a few threads on the Asterisk forum about them, and people running into problems including them not actually implementing SIP behaviour like everyone else does.


(Oops7812) #6

I’m sorry not to mention: we have hardware SIP phones and even cordless SIP phones connecting to the Cloud PBX. For example the Yealink T48S is running fine. The Cloud PBX support call forwarding and SIP.

I also have credentials for a universal SIP profile. With these credentials, I should be able to connect with my Cloud PBX. Support technician: “we can’t support not supported hardware or apps”. Why they give me the credentials and don’t tell me the specifications how to connect with them :frowning:

@jcolp: you’re right, they have implemented a SIP behaviour not like everyone else does.

My issue: I’m a mobile user and need an app on my cell phone and my notebook. My intention: if I’m able to connect Asterisk/FreePBX to the Cloud PBX, it’s easier to connect an app to FreePBX than to the Cloud PBX from Deutsche Telekom.


#7

If you have admin access to the Yealink’s web interface, you should be able to view the entire setup except for the password. Combined with the credentials they gave you, that may allow FreePBX to connect.

On the mobile, can you receive calls by forwarding to the mobile number (or is that missing important metadata)? Do they have a DISA or similar function for making calls?

On the notebook, what network connectivity to you have (Wi-Fi, LTE dongle, etc.)?


#8

What goes wrong when you attempt to register from FreePBX or a softphone (no response, 401 unAuthorized, 403 Forbidden, etc.)?

Can you post a sample of the credentials they supplied? Show the password as xxxxxxxx, username as aaaaaaaa, phone number as 11111111, etc., but include all server names, IP addresses and other non-personal parameters.


(Oops7812) #9

My Phone Number is 111111111111

These are the informations I got from my provider (translated into english):
Note:
The SIP client must support DNS queries of NAPTR and SRV records (regarding the proxy server).
For the communication in the unencrypted case SIP over TCP and RTP, with encryption SIP over TLS and SRTP is necessary.
Registration requests should be directed to the proxy server with the registration server passed in the username.

Authentication Name=aaaaaaaaaaaaaaa@tel.t-online.de
Authentication Password=xxxxxxxx
Username=uuuuuuuuuuuuuuu@tel.t-online.de
SIP-Domain=tel.t-online.de
Proxy-Server=hpbx.deutschland-lan.de (no encryption)
hpbxsec.deutschland-lan.de (with encryption)
Proxy-Server Port=5060 (no encryption)
5061 (with encryption)
Registration-Server=tel.t-online.de
Port=5060

With my current configuration, I got some error messages, shown in the asterisk log:
[2019-09-10 18:06:09] WARNING[5706] res_pjsip_outbound_registration.c: No response received from 'sip:tel.t-online.de:5060' on registration attempt to 'sip:uuuuuuuuuuuuuuu@tel.t-online.de:5060', retrying in '60'
[2019-09-10 18:06:18] ERROR[32411] res_pjsip.c: Error 320047 'No answer record in the DNS response (PJLIB_UTIL_EDNSNOANSWERREC)' sending OPTIONS request to endpoint Telekom_20

Asterisk CLI Output:
pjsip show registration Telekom_20

<Registration/ServerURI..............................> <Auth..........> <Status.......>
Telekom_20/sip:tel.t-online.de:5060 Telekom_20 Rejected
ParameterName : ParameterValue

auth_rejection_permanent : true
client_uri : sip:uuuuuuuuuuuuuuuuu@tel.t-online.de:5060
contact_user : uuuuuuuuuuuuuu
endpoint : Telekom_20
expiration : 3600
fatal_retry_interval : 0
forbidden_retry_interval : 10
line : true
max_retries : 10
outbound_auth : Telekom_20
outbound_proxy : sip:hpbxsec.deutschland-lan.de:5061
retry_interval : 60
server_uri : sip:tel.t-online.de:5060
support_path : false
transport : 0.0.0.0-tls


(Oops7812) #10


(Oops7812) #11


#12

Although the information given shows the option of connecting without encryption, the only NAPTR record for hpbx.deutschland-lan.de is for SIPS, so an encrypted connection is mandatory.

Because of various difficulties debugging that on FreePBX, please first try to register from a softphone with easy debug features; I recommend
https://lite.phoner.de/index_de.htm
Try these settings first; if it won’t register, post the log shown on the debug tab.

Server tab:
Proxy/Registrar: hpbxsec.deutschland-lan.de
Register: (checked)
MWI: (not checked)
900 seconds
STUN server: (leave blank)
Domain/Realm: tel.t-online.de

User tab:
User name: uuuuuuuu
Password: xxxxxxxx
Displayed name: (as desired)
Authentication name: aaaaaaaa@tel.t-online.de
Mailbox number: (leave blank)
Phone number: (leave blank)

Network tab:
Local port: 5060
Preferred connection type: TLS
connection type is fixed: (checked)
Multicast DNS: (checked)
QoS: (checked)
All other boxes: (not checked)

Codecs: (G.711 A-Law checked, all others unchecked)
All other settings: (leave at defaults, but if you can register but get no audio, try checking SRTP)

Certificate: (leave at defaults)

Sound: (leave at defaults)


(Oops7812) #13

Thanks for the note with Phoner Lite and the Debug output. Now I’m able to register with Phoner Lite, but I cannot make phone calls.

Error message: SIP/2.0 488 Not Acceptable Here

I’ve search in the forum, but I don’t found an answer to this specific problem. I suspect, that something is wrong with one of these settings:
m=audio 5062 RTP/AVP 8
a=rtpmap:8 PCMA/8000

I changed the supported codecs, but this doesn’t solve the issue. Somewhere I’ve read, that I have to use specific audio codecs and the correct sorting with the SIP server. But this was a few days ago and I couldn’t find the site any more.

Any ideas or hints?

Full debug log of my call:

-------------------------------------------
19:32:24,998: T: 217.0.30.196:5061 (TLS)
INVITE sip:00000000000000@tel.t-online.de SIP/2.0
Via: SIP/2.0/TLS 
192.168.111.234:54074;branch=z9hG4bK0004f2c827d3e91193cff157bed3494b;rport;alias
From: <sip:uuuuuuuu@tel.t-online.de>;tag=4086440956
To: <sip:00000000000000@tel.t-online.de>
Call-ID: 0004F2C8-27D3-E911-93CE-F157BED3494B@192.168.111.234
CSeq: 3 INVITE
Contact: <sip:uuuuuuuu@192.168.111.234:5061;transport=tls>
Content-Type: application/sdp
Allow: INVITE, ACK, BYE, CANCEL, INFO, MESSAGE, NOTIFY, OPTIONS, REFER, UPDATE, PRACK
Max-Forwards: 70
User-Agent: SIPPER for PhonerLitePortable
Session-Expires: 1800
Supported: 100rel, replaces, from-change, timer
P-Preferred-Identity: <sip:uuuuuuuu@tel.t-online.de>
Content-Length:   188

v=0
o=- 1792170179 1 IN IP4 192.168.111.234
s=SIPPER for PhonerLitePortable
c=IN IP4 192.168.111.234
t=0 0
m=audio 5062 RTP/AVP 8
a=rtpmap:8 PCMA/8000
a=ssrc:639273762
a=sendrecv

-------------------------------------------
19:32:25,022: R: 217.0.30.196:5061 (TLS)
SIP/2.0 488 Not Acceptable Here
Via: SIP/2.0/TCP 192.168.111.234:54074;rport;branch=z9hG4bK0004f2c827d3e91193cff157bed3494b;alias
To: <sip:00000000000000@tel.t-online.de>;tag=huac513t66f
From: <sip:uuuuuuuu@tel.t-online.de>;tag=4086440956
Call-ID: 0004F2C8-27D3-E911-93CE-F157BED3494B@192.168.111.234
CSeq: 3 INVITE
Content-Length: 0

-------------------------------------------
19:32:25,023: T: 217.0.30.196:5061 (TLS)
ACK sip:00000000000000@tel.t-online.de SIP/2.0
Via: SIP/2.0/TLS 192.168.111.234:54074;branch=z9hG4bK0004f2c827d3e91193cff157bed3494b;rport;alias
From: <sip:uuuuuuuu@tel.t-online.de>;tag=4086440956
To: <sip:00000000000000@tel.t-online.de>;tag=huac513t66f
Call-ID: 0004F2C8-27D3-E911-93CE-F157BED3494B@192.168.111.234
CSeq: 3 ACK
Content-Length: 0

19:32:25,855: Info Indication: 11 00 01 00 08 82 2E 00 01 01 00 00 45 80 02 81 88
19:32:25,855: Info Indication: disconnect, in-band information or an appropriate pattern is now available
19:32:25,855: Connect B3 Request: 0D 00 01 00 82 80 08 00 01 01 00 00 00 
19:32:25,855: Connect B3 Request
19:32:25,859: Info Response: 0C 00 01 00 08 83 2E 00 01 01 00 00 
19:32:25,859: Info Response
19:32:25,859: Connect B3 Confirm: 0E 00 01 00 82 81 08 00 01 01 01 00 00 00 
19:32:25,859: Connect B3 Confirm
19:32:25,859: Connect B3 Active Indication: 0D 00 01 00 83 82 30 00 01 01 01 00 00 
19:32:25,859: Connect B3 Active Indication
19:32:25,859: Connect B3 Active Response: 0C 00 01 00 83 83 30 00 01 01 01 00 
19:32:25,859: Connect B3 Active Response
19:32:25,859: Facility Request: 19 00 01 00 80 80 09 00 01 01 01 00 01 00 0A 01 00 64 00 3C 00 00 00 00 00
19:32:25,859: Facility (DTMF on/off) Request
19:32:25,886: Facility Confirm: 11 00 01 00 80 81 09 00 01 00 00 00 00 00 01 00 00 
19:32:25,886: Facility Confirm (DTMF)
19:32:29,822: Disconnect B3 Indication: 0E 00 01 00 84 82 FE 00 01 01 01 00 00 00 
19:32:29,822: Disconnect B3 Indication
19:32:29,822: Disconnect B3 Response: 0C 00 01 00 84 83 FE 00 01 01 01 00 
19:32:29,822: Disconnect B3 Response
19:32:29,822: Disconnect Request: 12 00 01 00 04 80 F9 00 01 01 00 00 05 00 00 00 00 00 
19:32:29,822: Disconnect Request
19:32:29,831: render sound device closed
19:32:29,868: capture sound device closed
19:32:29,868: Disconnect Indication: 0E 00 01 00 04 82 FF 00 01 01 00 00 00 34 
19:32:29,868: Disconnect Indication: 
19:32:30,037: Disconnect Response: 0C 00 01 00 04 83 FF 00 01 01 00 00 
19:32:30,037: Disconnect Response
-------------------------------------------
19:32:29,823: R: close UDP port (RTP): 5062
-------------------------------------------
19:32:29,824: R: close UDP port (RTCP): 5063

(Dave Burgess) #14

If I was a betting man, I’d put money on “We don’t allow Asterisk to connect as the User Agent.”


#15

Look at the SDP in the INVITE for an incoming call. That should tell us what is expected.


(Oops7812) #16

Sorry for my late answer, but I was unexpectedly away from my office for a few days.

A good hint to look at the INVITE message when an incoming call arrives. But incoming calls did now work either.

My next idea: use a network sniffer to debug the INVITE message from our hardware SIP phone. Bad idea: the traffic is encrypted, you have to use tls :frowning:

I used the forum from PhonerLite and found the following with my search “488: NotAccetable here”:
Deutsche Telekom changed the encryption beginning of august 2019: MediaSec
In PhonerLite you have to right click on the SRTP checkbox and only there you can activate the MediaSec Header.

PhonerLite is running and I can make incoming and outgoing calls. I’m happy :slight_smile:

Now, with a working configuration I was able to update my FreePBX configuration. Next issue: NAPTR. This are four lines of log (more lines are at the end):

res_pjsip/pjsip_resolver.c: [0x7f474c910348] NAPTR record received on target ‘hpbxsec.deutschland-lan.de
res_pjsip/pjsip_resolver.c: [0x7f474c910348] NAPTR service sips+d2t skipped as transport is unavailable
res_pjsip/pjsip_resolver.c: [0x7f474c910348] Resolution completed - 0 viable targets
res_pjsip/pjsip_resolver.c: [0x7f474c910348] Invoking user callback with ‘0’ addresses

I checked the DNS config:

# host -t NAPTR hpbxsec.deutschland-lan.de
hpbxsec.deutschland-lan.de has NAPTR record 10 0 “s” “SIPS+D2T” “” _sips._tcp.hpbxsec.deutschland-lan.de.
# host -t SRV _sips._tcp.hpbxsec.deutschland-lan.de
_sips._tcp.hpbxsec.deutschland-lan.de has SRV record 30 0 5061 h2-epp-652.edns.t-ipnet.de.
_sips._tcp.hpbxsec.deutschland-lan.de has SRV record 20 0 5061 d-epp-652.edns.t-ipnet.de.
_sips._tcp.hpbxsec.deutschland-lan.de has SRV record 10 0 5061 f-epp-652.edns.t-ipnet.de.

From my point of view, the DNS is resolving correct. Why is the transport for FreePBX/Asterisk unavailable. Where do I have to configure the transport?

I am using FreePBX 14.0.14.4 with Asterisk 16.3.0.

More lines of debug log:

[2019-09-16 16:46:42] DEBUG[25500] res_pjsip/pjsip_options.c: Qualifying all contacts on AOR ‘Telekom_20’
[2019-09-16 16:46:42] DEBUG[25500] res_pjsip/pjsip_options.c: Qualifying contact ‘Telekom_20@@887a2eda230b5d911226bb317d688723’ on AOR ‘Telekom_20’
[2019-09-16 16:46:42] DEBUG[25500] res_pjsip.c: 0x7f474c742980: Wrapper created
[2019-09-16 16:46:42] DEBUG[25500] res_pjsip.c: 0x7f474c742980: Set timer to 3000 msec
[2019-09-16 16:46:42] DEBUG[25500] res_pjsip/pjsip_resolver.c: Performing SIP DNS resolution of target ‘hpbxsec.deutschland-lan.de
[2019-09-16 16:46:42] DEBUG[25500] res_pjsip/pjsip_resolver.c: Transport type for target ‘hpbxsec.deutschland-lan.de’ is ‘TLS’
[2019-09-16 16:46:42] DEBUG[25500] res_pjsip/pjsip_resolver.c: [0x7f474c910348] Created resolution tracking for target ‘hpbxsec.deutschland-lan.de
[2019-09-16 16:46:42] DEBUG[25500] res_pjsip/pjsip_resolver.c: [0x7f474c910348] Added target ‘hpbxsec.deutschland-lan.de’ with record type ‘35’, transport ‘TLS’, and port ‘5061’
[2019-09-16 16:46:42] DEBUG[25500] res_pjsip/pjsip_resolver.c: [0x7f474c910348] Starting initial resolution using parallel queries for target ‘hpbxsec.deutschland-lan.de
[2019-09-16 16:46:42] DEBUG[29530] res_pjsip/pjsip_resolver.c: [0x7f474c910348] All parallel queries completed
[2019-09-16 16:46:42] DEBUG[29530] res_pjsip/pjsip_resolver.c: [0x7f474c910348] NAPTR record received on target ‘hpbxsec.deutschland-lan.de
[2019-09-16 16:46:42] DEBUG[29530] res_pjsip/pjsip_resolver.c: [0x7f474c910348] NAPTR service sips+d2t skipped as transport is unavailable
[2019-09-16 16:46:42] DEBUG[29530] res_pjsip/pjsip_resolver.c: [0x7f474c910348] Resolution completed - 0 viable targets
[2019-09-16 16:46:42] DEBUG[24979] res_pjsip/pjsip_resolver.c: [0x7f474c910348] Invoking user callback with ‘0’ addresses
[2019-09-16 16:46:42] DEBUG[24979] res_pjsip.c: 0x7f474c742980: PJSIP tsx response received
[2019-09-16 16:46:42] DEBUG[24979] res_pjsip.c: 0x7f474c742980: Cancelling timer
[2019-09-16 16:46:42] DEBUG[24979] res_pjsip.c: 0x7f474c742980: Timer cancelled
[2019-09-16 16:46:42] DEBUG[24979] res_pjsip.c: 0x7f474c742980: Callbacks executed
[2019-09-16 16:46:42] DEBUG[24979] res_pjsip.c: 0x7f474c742980: wrapper destroyed
[2019-09-16 16:46:42] DEBUG[24979] res_pjsip/pjsip_options.c: Contact Telekom_20/sip:uuuuuuuuuuuuuu@tel.t-online.de:5060 status didn’t change: Unreachable, RTT: 0.000 msec
[2019-09-16 16:46:42] DEBUG[24979] res_pjsip/pjsip_options.c: AOR ‘Telekom_20’ now has 0 available contacts


#17

I’m stumped.

Go to Settings -> Asterisk SIP Settings -> Chan PJSIP Settings. Under Transports, check that TLS is set to Yes. (If it’s not, set it to Yes, Submit and Apply.) Then, check that the settings for 0.0.0.0 (tls) are correct. Unless you have a complex network setup, leaving the defaults of port 5061 and the other fields blank should be ok. After changing these settings, restart (not just reload) Asterisk.

If you still have trouble, do you have any extensions or other trunks using pjsip and TLS? If not, try setting up a pjsip TLS extension and report whether that works.