PBXinaFlash on eth0 w/ 172.24.10.0/23 (255.255.254.0) ==> NET1
Endpoint/Phones on 172.30.50.0/22 (255.255.252.0) ==> NET2
Unable to Connect to PBX when Endpoint/phone is on a separate subnet.
If the endpoint/phone is on the same subnet as the PBX itself, I can
successfully connect; However, if the endpoint is on a separate subnet,
the connection attempt fails (X-Lite error log included below)
- Endpoint/PCs on NET2 can successfully ping, traceroute, access FreePBX
- For troubleshooting purpose, the IPTABLES/firewall was disabled
- Under FreePBX Web => Extenstions =>
* deny field set to the default: 0.0.0.0/0.0.0.0
* allow field set to the default 172.24.10.0/255.255.255.0
I had also tried several permutations for the value of the above two
fields (eg: deny=, allow=0.0.0.0/0.0.0.0
- The User account/credentials are verified/correct by looking at the
password/secret for the given extension.
ERROR LOG (X-LITE V4):
=> "SIP registration failed; reason: 'SipError'; SIP error-code: 403; error-phrase: 'Forbidden (Bad auth)'"|psi::AccountImpl::OnRegistrationStatusChanged
Any help/guidance would be greatly appreciated.
- The externhost is verified & correct. That is, the FQDN specified in the
Externhost field resolves to the correct IP.
- There is no ALG between the two subnets.
- A Layer-3 switch exists between the two subnets for inter VLAN routing.
- No Firewall exists (at present) between the two subnets (other than the one
installed on the PinaF itself during installation). For testing purposes,
I had even disabled iptables on the PBX server. But no go.
How can I enable detailed debugging logs to see what’s happening (something more than the SIP 403)?
Note, if I put a laptop w/ X-Lite on the same subnet as the PBX – I can successfully login & make/receive calls. In this scenario, I do not get any auth/403 errors. It’s only when I move the sipclient/laptop to another subnet I get auth errors.
As per suggestion, I added the localnets information from FreePBX GUI (Submitted & Applied Changes). However, still no go. That is, I am not able to connect to the PBX across subnet.
One interesting observation was that even though I made changes through the FreePBX->Tools->Asterisk SIP Settings, it doesn’t look like the underlying file: /etc/asterisk/sip.conf got changed with the localnet entries. I’m guessing that localnet entries are saved some place else as the FreePBX GUI does show the added localnets; it’s just the sip.conf file that doesn’t have the localnet entries.