Re: [asterisk-users] Asterisk 11.17.0 Now Available
Hi list can i ask U does this release solved my problem https://github.com/versatica/JsSIP/issues/311 (already try on a last FREEPBX --same issue) Regards 2015-04-01 22:01 GMT+03:00 Asterisk Development Team asteriskt...@digium.com: The Asterisk Development Team has announced the release of Asterisk 11.17.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 11.17.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: New Features made in this release: --- * ASTERISK-17899 - Handle crypto lifetime in SDES-SRTP negotiation (Reported by Dwayne Hubbard) Bugs fixed in this release: --- * ASTERISK-24742 - [patch] Fix ast_odbc_find_table function in res_odbc (Reported by ibercom) * ASTERISK-22436 - [patch] No BYE to masqueraded channel on INVITE with replaces (Reported by Eelco Brolman) * ASTERISK-24479 - Enable REF_DEBUG for module references (Reported by Corey Farrell) * ASTERISK-24701 - Stasis: Write timeout on WebSocket fails to fully disconnect underlying socket, leading to events being dropped with no additional information (Reported by Matt Jordan) * ASTERISK-24772 - ODBC error in realtime sippeers when device unregisters under MariaDB (Reported by Richard Miller) * ASTERISK-24451 - chan_iax2: reference leak in sched_delay_remove (Reported by Corey Farrell) * ASTERISK-24799 - [patch] make fails with undefined reference to SSLv3_client_method (Reported by Alexander Traud) * ASTERISK-24787 - [patch] - Microsoft exchange incompatibility for playing back messages stored in IMAP - play_message: No origtime (Reported by Graham Barnett) * ASTERISK-24814 - asterisk/lock.h: Fix syntax errors for non-gcc OSX with 64 bit integers (Reported by Corey Farrell) * ASTERISK-24796 - Codecs and bucket schema's prevent module unload (Reported by Corey Farrell) * ASTERISK-24724 - 'httpstatus' Web Page Produces Incomplete HTML (Reported by Ashley Sanders) * ASTERISK-24797 - bridge_softmix: G.729 codec license held (Reported by Kevin Harwell) * ASTERISK-24800 - Crash in __sip_reliable_xmit due to invalid thread ID being passed to pthread_kill (Reported by JoshE) * ASTERISK-17721 - Incoming SRTP calls that specify a key lifetime fail (Reported by Terry Wilson) * ASTERISK-23214 - chan_sip WARNING message 'We are requesting SRTP for audio, but they responded without it' is ambiguous and wrong in some cases (Reported by Rusty Newton) * ASTERISK-15434 - [patch] When ast_pbx_start failed, both an error response and BYE are sent to the caller (Reported by Makoto Dei) * ASTERISK-18105 - most of asterisk modules are unbuildable in cygwin environment (Reported by feyfre) * ASTERISK-24828 - Fix Frame Leaks (Reported by Kevin Harwell) * ASTERISK-24838 - chan_sip: Locking inversion occurs when building a peer causes a peer poke during request handling (Reported by Richard Mudgett) * ASTERISK-24825 - Caller ID not recognized using Centrex/Distinctive dialing (Reported by Richard Mudgett) * ASTERISK-24739 - [patch] - Out of files -- call fails -- numerous files with inodes from under /usr/share/zoneinfo, mostly posixrules (Reported by Ed Hynan) * ASTERISK-23390 - NewExten Event with application AGI shows up before and after AGI runs (Reported by Benjamin Keith Ford) * ASTERISK-24786 - [patch] - Asterisk terminates when playing a voicemail stored in LDAP (Reported by Graham Barnett) * ASTERISK-24808 - res_config_odbc: Improper escaping of backslashes occurs with MySQL (Reported by Javier Acosta) * ASTERISK-20850 - [patch]Nested functions aren't portable. Adapting RAII_VAR to use clang/llvm blocks to get the same/similar functionality. (Reported by Diederik de Groot) * ASTERISK-19470 - Documentation on app_amd is incorrect (Reported by Frank DiGennaro) * ASTERISK-21038 - Bad command completion of core set debug channel (Reported by Richard Kenner) * ASTERISK-18708 - func_curl hangs channel under load (Reported by Dave Cabot) * ASTERISK-16779 - Cannot disallow unknown format '' (Reported by Atis Lezdins) * ASTERISK-24876 - Investigate reference leaks from tests/channels/local/local_optimize_away (Reported by Corey Farrell) * ASTERISK-24817 - init_logger_chain: unreachable code block (Reported by Corey Farrell) * ASTERISK-24880 - [patch]Compilation under OpenBSD (Reported by snuffy) * ASTERISK-24879 - [patch]Compilation fails due to 64bit time under OpenBSD (Reported by snuffy) Improvements made in this release:
Re: [asterisk-users] Update peer IP address
On 4/2/15 3:28 PM, Daniel Heckl wrote: Scott, I have changed the configuration as said it and will test it. I’m curious. Can you briefly explain what insecure=invite,port does? ;insecure=port ; Allow matching of peer by IP address without ; matching port number ;insecure=invite ; Do not require authentication of incoming INVITEs ;insecure=port,invite ; (both) Do I understand correctly that in this mode the IP address is not checked and no authentication is required? Not correct, the IP address is checked but not the port and if the ip address matches no password authentication is performed for the Invite. Am 02.04.2015 um 20:11 schrieb Scott Griepentrog sgriepent...@digium.com mailto:sgriepent...@digium.com: I'd be curious if setting insecure=invite,port makes any difference either (without alllowguest on). On Thu, Apr 2, 2015 at 9:03 AM, Daniel Heckl daniel.he...@gmail.com mailto:daniel.he...@gmail.com wrote: Ok, I have tested dnsmgr. This is not a solution, the situation has not changed. With dnsmgr I can not place outbound calls. I do not know why and what dnsmgr really do. My current solution is as follows: Say allowguest=yes, configure the default context that there can not be placed outbound calls. Use iptables to DROP all at your SIP port and allow only your local phones and the sip trunk ip range. I think srvlookup must be set to yes to place outbound calls if there is an ip address change. I think with the restriction of the firewall that should be a secure solution. Am 01.04.2015 um 19:23 schrieb Sebastian Kemper sebastian...@gmx.net mailto:sebastian...@gmx.net: On Wed, Apr 01, 2015 at 11:00:56AM -0400, Andres wrote: On 4/1/15 10:48 AM, Daniel Heckl wrote: John, thank you four your answer. I think you have misunderstood the problem. It’s about a ip address change of the sip trunk, not of my asterisk server. You would probably benefit by enabling the DNS Manager to allow for dynamic IP changes: # cat dnsmgr.conf [general] enable=yes ; enable creation of managed DNS lookups ; default is 'no' refreshinterval=180 ; refresh managed DNS lookups every n seconds ; default is 300 (5 minutes) Hello Andres, I read that same suggestion elsewhere in connection with Deutsche Telekom, so it seems there's some benefit in it. Daniel, did you try it out already? Kind regards, Sebastian -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com http://www.api-digital.com/ -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com http://www.api-digital.com/ -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Digium logo Scott Griepentrog Digium, Inc · Software Developer 445 Jan Davis Drive NW · Huntsville, AL 35806 · US direct/fax: +1 256 428 6239 · mobile: +1 256 580 6090 Check us out at: http://digium.com http://digium.com/ · http://asterisk.org http://asterisk.org/ -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Technical Support http://www.cellroute.net -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Update peer IP address
Okay, Scott, I think we are on the wrong path. Maybe I'm wrong though. I will summarize again briefly the problems together: The peer ip address could be another than the ip address of incoming invites After an re-register the REGISTER is send to the new SIP server, answered with OK. But the peer ip address is still the old one (sip show peers). If now is a INVITE, the request is answered with 401 Unauthorized. That’s why I would say, the problem is not the port or a needed authentication. My Asterisk works behind a NAT without port forwarding and nat=no, I have qualify=yes that it does not come to a NAT timeout. Here is an example. The peer ip address was at this time 217.0.23.100, the INVITE came from 217.0.23.68 an was rejected with 401 Unauthorized: INVITE sip:06123456789@80.000.111.222:45061 SIP/2.0 Max-Forwards: 58 Via: SIP/2.0/UDP 217.0.23.68:5060;branch=z9hG4bKg3Zqkv7ib7h2smv8whryjnos88srot1i7 To: sip:6123456...@telekom.de From: sip:+49123456...@tel.t-online.de;user=phone;tag=h7g4Esbg_44c62525 Call-ID: af71bbfbf269b895@62.155.0.75 CSeq: 3950540 INVITE Contact: sip:sgc_c@217.0.23.68;transport=udp Record-Route: sip:217.0.23.68;transport=udp;lr Min-Se: 900 P-Asserted-Identity: sip:+49123456...@tel.t-online.de;user=phone Session-Expires: 3600 Supported: histinfo Supported: timer Supported: norefersub Content-Type: application/sdp Content-Disposition: session Content-Length: 204 Allow: ACK, BYE, CANCEL, INFO, INVITE, OPTIONS, PRACK, REFER, REGISTER, UPDATE v=0 o=- 0 0 IN IP4 217.0.23.68 s=- c=IN IP4 217.0.4.134 t=0 0 m=audio 36480 RTP/AVP 9 8 102 a=rtpmap:9 G722/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:102 telephone-event/8000 a=maxptime:20 a=ptime:20 Am 02.04.2015 um 22:00 schrieb Scott Griepentrog sgriepent...@digium.com: Actually, the IP address is still used to identify the incoming invite. With the insecure=port option set, Asterisk will presume the invite to still match the trunk account even if the NAT router has mangled (changed) the port number. My suspicion is that when the new register goes out, it's creating a new state in the firewall, resulting in a new port number, which is why you would have to allow anonymous calls to then accept it without insecure=port. The other possibility is that you have a port forward in the router set, which is similarly mangling the port number. With a valid registration being held, and assuming the router does not drop UDP states faster than 30 minutes, and also assuming that the provider is sending you invites on the registered port rather than always on 5060, there should not be a need for an inbound port forward to Asterisk, and you should not need insecure=port. The invite option disables authentication - which means only that Asterisk will not force a check of the password on the other end. Where the IP address is well known and trusted, the extra overhead and delay of authenticating incoming INVITEs is not needed. On Thu, Apr 2, 2015 at 2:28 PM, Daniel Heckl daniel.he...@gmail.com mailto:daniel.he...@gmail.com wrote: Scott, I have changed the configuration as said it and will test it. I’m curious. Can you briefly explain what insecure=invite,port does? ;insecure=port ; Allow matching of peer by IP address without ; matching port number ;insecure=invite; Do not require authentication of incoming INVITEs ;insecure=port,invite ; (both) Do I understand correctly that in this mode the IP address is not checked and no authentication is required? Am 02.04.2015 um 20:11 schrieb Scott Griepentrog sgriepent...@digium.com mailto:sgriepent...@digium.com: I'd be curious if setting insecure=invite,port makes any difference either (without alllowguest on). On Thu, Apr 2, 2015 at 9:03 AM, Daniel Heckl daniel.he...@gmail.com mailto:daniel.he...@gmail.com wrote: Ok, I have tested dnsmgr. This is not a solution, the situation has not changed. With dnsmgr I can not place outbound calls. I do not know why and what dnsmgr really do. My current solution is as follows: Say allowguest=yes, configure the default context that there can not be placed outbound calls. Use iptables to DROP all at your SIP port and allow only your local phones and the sip trunk ip range. I think srvlookup must be set to yes to place outbound calls if there is an ip address change. I think with the restriction of the firewall that should be a secure solution. Am 01.04.2015 um 19:23 schrieb Sebastian Kemper sebastian...@gmx.net mailto:sebastian...@gmx.net: On Wed, Apr 01, 2015 at 11:00:56AM -0400, Andres wrote: On 4/1/15 10:48 AM, Daniel Heckl wrote: John, thank you four your answer. I think you have misunderstood the problem. It’s about a ip address change of the sip trunk, not of my asterisk server. You would probably benefit by enabling the DNS Manager to allow for dynamic IP changes: # cat dnsmgr.conf [general]
[asterisk-users] Asterisk 13.3.0 IAX trunk issue with Yeastar
Hello, I have a weird problem between Asterisk 13.3 and a Yeastar U200 pbx over IAX trunk. Should I call from Yeastar to my asterisk 13.3 the call goes through without issues. Should I call from asterisk 13.3 to Yeastar I can hear a ring tone however the yeastar does not show any activities. On the yeastar I initiated a debug commandiax2 set debug peer my trunk name While I hear the ring from my side nothing appears in the debug of Yeastar pbx. On the asterisk 13.3 debug terminal I see that the call was initiated . Same setting is working between an asterisk 13.2 and the Yeastar. Can anyone help ? I will try IAX trunk between Asterisk 13.3 and asterisk 13.2 to check if it works. Regards Toufic -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Update peer IP address
That sounds like asterisk was working 100% correctly. If you receive an INVITE from an unknown IP address, then it should fail. Unless you want to allow anonymous, which is genearlly a very bad idea. If you are registering to IP X, but the provider may be transmitting invites from any number of other IP addresses, then you need a list of IP addresses, and have a trunk configuration set up for each one so that they are all recognized (with insecure=port,invite). If the provider is requiring you to accept invites from random IP addresses, get a new provider. On Thu, Apr 2, 2015 at 3:23 PM, Daniel Heckl daniel.he...@gmail.com wrote: Okay, Scott, I think we are on the wrong path. Maybe I'm wrong though. I will summarize again briefly the problems together: - The peer ip address could be another than the ip address of incoming invites - After an re-register the REGISTER is send to the new SIP server, answered with OK. But the peer ip address is still the old one (sip show peers). - If now is a INVITE, the request is answered with 401 Unauthorized. That’s why I would say, the problem is not the port or a needed authentication. My Asterisk works behind a NAT without port forwarding and nat=no, I have qualify=yes that it does not come to a NAT timeout. Here is an example. The peer ip address was at this time 217.0.23.100, the INVITE came from 217.0.23.68 an was rejected with 401 Unauthorized: INVITE sip:06123456789@80.000.111.222:45061 SIP/2.0 Max-Forwards: 58 Via: SIP/2.0/UDP 217.0.23.68:5060 ;branch=z9hG4bKg3Zqkv7ib7h2smv8whryjnos88srot1i7 To: sip:6123456...@telekom.de From: sip:+49123456...@tel.t-online.de;user=phone;tag=h7g4Esbg_44c62525 Call-ID: af71bbfbf269b895@62.155.0.75 CSeq: 3950540 INVITE Contact: sip:sgc_c@217.0.23.68;transport=udp Record-Route: sip:217.0.23.68;transport=udp;lr Min-Se: 900 P-Asserted-Identity: sip:+49123456...@tel.t-online.de;user=phone Session-Expires: 3600 Supported: histinfo Supported: timer Supported: norefersub Content-Type: application/sdp Content-Disposition: session Content-Length: 204 Allow: ACK, BYE, CANCEL, INFO, INVITE, OPTIONS, PRACK, REFER, REGISTER, UPDATE v=0 o=- 0 0 IN IP4 217.0.23.68 s=- c=IN IP4 217.0.4.134 t=0 0 m=audio 36480 RTP/AVP 9 8 102 a=rtpmap:9 G722/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:102 telephone-event/8000 a=maxptime:20 a=ptime:20 Am 02.04.2015 um 22:00 schrieb Scott Griepentrog sgriepent...@digium.com : Actually, the IP address is still used to identify the incoming invite. With the insecure=port option set, Asterisk will presume the invite to still match the trunk account even if the NAT router has mangled (changed) the port number. My suspicion is that when the new register goes out, it's creating a new state in the firewall, resulting in a new port number, which is why you would have to allow anonymous calls to then accept it without insecure=port. The other possibility is that you have a port forward in the router set, which is similarly mangling the port number. With a valid registration being held, and assuming the router does not drop UDP states faster than 30 minutes, and also assuming that the provider is sending you invites on the registered port rather than always on 5060, there should not be a need for an inbound port forward to Asterisk, and you should not need insecure=port. The invite option disables authentication - which means only that Asterisk will not force a check of the password on the other end. Where the IP address is well known and trusted, the extra overhead and delay of authenticating incoming INVITEs is not needed. On Thu, Apr 2, 2015 at 2:28 PM, Daniel Heckl daniel.he...@gmail.com wrote: Scott, I have changed the configuration as said it and will test it. I’m curious. Can you briefly explain what insecure=invite,port does? ;insecure=port ; Allow matching of peer by IP address without ; matching port number ;insecure=invite ; Do not require authentication of incoming INVITEs ;insecure=port,invite ; (both) Do I understand correctly that in this mode the IP address is not checked and no authentication is required? Am 02.04.2015 um 20:11 schrieb Scott Griepentrog sgriepent...@digium.com : I'd be curious if setting insecure=invite,port makes any difference either (without alllowguest on). On Thu, Apr 2, 2015 at 9:03 AM, Daniel Heckl daniel.he...@gmail.com wrote: Ok, I have tested dnsmgr. This is not a solution, the situation has not changed. With dnsmgr I can not place outbound calls. I do not know why and what dnsmgr really do. My current solution is as follows: Say allowguest=yes, configure the default context that there can not be placed outbound calls. Use iptables to DROP all at your SIP port and allow only your local phones and the sip trunk ip range. I think srvlookup must be set to yes to place outbound calls if there is an ip address change. I think with the restriction of
Re: [asterisk-users] Update peer IP address
Actually, the IP address is still used to identify the incoming invite. With the insecure=port option set, Asterisk will presume the invite to still match the trunk account even if the NAT router has mangled (changed) the port number. My suspicion is that when the new register goes out, it's creating a new state in the firewall, resulting in a new port number, which is why you would have to allow anonymous calls to then accept it without insecure=port. The other possibility is that you have a port forward in the router set, which is similarly mangling the port number. With a valid registration being held, and assuming the router does not drop UDP states faster than 30 minutes, and also assuming that the provider is sending you invites on the registered port rather than always on 5060, there should not be a need for an inbound port forward to Asterisk, and you should not need insecure=port. The invite option disables authentication - which means only that Asterisk will not force a check of the password on the other end. Where the IP address is well known and trusted, the extra overhead and delay of authenticating incoming INVITEs is not needed. On Thu, Apr 2, 2015 at 2:28 PM, Daniel Heckl daniel.he...@gmail.com wrote: Scott, I have changed the configuration as said it and will test it. I’m curious. Can you briefly explain what insecure=invite,port does? ;insecure=port ; Allow matching of peer by IP address without ; matching port number ;insecure=invite ; Do not require authentication of incoming INVITEs ;insecure=port,invite ; (both) Do I understand correctly that in this mode the IP address is not checked and no authentication is required? Am 02.04.2015 um 20:11 schrieb Scott Griepentrog sgriepent...@digium.com : I'd be curious if setting insecure=invite,port makes any difference either (without alllowguest on). On Thu, Apr 2, 2015 at 9:03 AM, Daniel Heckl daniel.he...@gmail.com wrote: Ok, I have tested dnsmgr. This is not a solution, the situation has not changed. With dnsmgr I can not place outbound calls. I do not know why and what dnsmgr really do. My current solution is as follows: Say allowguest=yes, configure the default context that there can not be placed outbound calls. Use iptables to DROP all at your SIP port and allow only your local phones and the sip trunk ip range. I think srvlookup must be set to yes to place outbound calls if there is an ip address change. I think with the restriction of the firewall that should be a secure solution. Am 01.04.2015 um 19:23 schrieb Sebastian Kemper sebastian...@gmx.net: On Wed, Apr 01, 2015 at 11:00:56AM -0400, Andres wrote: On 4/1/15 10:48 AM, Daniel Heckl wrote: John, thank you four your answer. I think you have misunderstood the problem. It’s about a ip address change of the sip trunk, not of my asterisk server. You would probably benefit by enabling the DNS Manager to allow for dynamic IP changes: # cat dnsmgr.conf [general] enable=yes ; enable creation of managed DNS lookups ; default is 'no' refreshinterval=180 ; refresh managed DNS lookups every n seconds ; default is 300 (5 minutes) Hello Andres, I read that same suggestion elsewhere in connection with Deutsche Telekom, so it seems there's some benefit in it. Daniel, did you try it out already? Kind regards, Sebastian -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- [image: Digium logo] Scott Griepentrog Digium, Inc · Software Developer 445 Jan Davis Drive NW · Huntsville, AL 35806 · US direct/fax: +1 256 428 6239 · mobile: +1 256 580 6090 Check us out at: http://digium.com · http://asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com --
Re: [asterisk-users] Update peer IP address
I do not want set allowguest=yes. The problem is, there is no official list with ip addresses of Telekom Germany. But I think all ip addresses comes from the ip range 217.0.0.0/13. I have now the following addition to sip.conf. I think it is the only safe option. Or what would you say? [telekom](!) context=from-trunk type=peer defaultuser= authuser= remotesecret= fromdomain=tel.t-online.de qualify=no dtmfmode=rfc2833 directmedia=no sendrpid=pai trustrpid=no insecure=port,invite disallow=all allow=g722 allow=alaw allow=gsm deny=0.0.0.0/0 permit=217.0.0.0/13 [DTAG-IP_IN18_016](telekom) host=217.0.18.16 [DTAG-IP_IN18_036](telekom) host=217.0.18.36 etc. Am 02.04.2015 um 23:21 schrieb Scott Griepentrog sgriepent...@digium.com: That sounds like asterisk was working 100% correctly. If you receive an INVITE from an unknown IP address, then it should fail. Unless you want to allow anonymous, which is genearlly a very bad idea. If you are registering to IP X, but the provider may be transmitting invites from any number of other IP addresses, then you need a list of IP addresses, and have a trunk configuration set up for each one so that they are all recognized (with insecure=port,invite). If the provider is requiring you to accept invites from random IP addresses, get a new provider. On Thu, Apr 2, 2015 at 3:23 PM, Daniel Heckl daniel.he...@gmail.com mailto:daniel.he...@gmail.com wrote: Okay, Scott, I think we are on the wrong path. Maybe I'm wrong though. I will summarize again briefly the problems together: The peer ip address could be another than the ip address of incoming invites After an re-register the REGISTER is send to the new SIP server, answered with OK. But the peer ip address is still the old one (sip show peers). If now is a INVITE, the request is answered with 401 Unauthorized. That’s why I would say, the problem is not the port or a needed authentication. My Asterisk works behind a NAT without port forwarding and nat=no, I have qualify=yes that it does not come to a NAT timeout. Here is an example. The peer ip address was at this time 217.0.23.100, the INVITE came from 217.0.23.68 an was rejected with 401 Unauthorized: INVITE sip:06123456789@80.000.111.222:45061 SIP/2.0 Max-Forwards: 58 Via: SIP/2.0/UDP 217.0.23.68:5060;branch=z9hG4bKg3Zqkv7ib7h2smv8whryjnos88srot1i7 To: sip:6123456...@telekom.de From: sip:+49123456...@tel.t-online.de;user=phone ;tag=h7g4Esbg_44c62525 Call-ID: af71bbfbf269b895@62.155.0.75 mailto:af71bbfbf269b895@62.155.0.75 CSeq: 3950540 INVITE Contact: sip:sgc_c@217.0.23.68;transport=udp Record-Route: sip:217.0.23.68;transport=udp;lr Min-Se: 900 P-Asserted-Identity: sip:+49123456...@tel.t-online.de;user=phone Session-Expires: 3600 Supported: histinfo Supported: timer Supported: norefersub Content-Type: application/sdp Content-Disposition: session Content-Length: 204 Allow: ACK, BYE, CANCEL, INFO, INVITE, OPTIONS, PRACK, REFER, REGISTER, UPDATE v=0 o=- 0 0 IN IP4 217.0.23.68 s=- c=IN IP4 217.0.4.134 t=0 0 m=audio 36480 RTP/AVP 9 8 102 a=rtpmap:9 G722/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:102 telephone-event/8000 a=maxptime:20 a=ptime:20 Am 02.04.2015 um 22:00 schrieb Scott Griepentrog sgriepent...@digium.com mailto:sgriepent...@digium.com: Actually, the IP address is still used to identify the incoming invite. With the insecure=port option set, Asterisk will presume the invite to still match the trunk account even if the NAT router has mangled (changed) the port number. My suspicion is that when the new register goes out, it's creating a new state in the firewall, resulting in a new port number, which is why you would have to allow anonymous calls to then accept it without insecure=port. The other possibility is that you have a port forward in the router set, which is similarly mangling the port number. With a valid registration being held, and assuming the router does not drop UDP states faster than 30 minutes, and also assuming that the provider is sending you invites on the registered port rather than always on 5060, there should not be a need for an inbound port forward to Asterisk, and you should not need insecure=port. The invite option disables authentication - which means only that Asterisk will not force a check of the password on the other end. Where the IP address is well known and trusted, the extra overhead and delay of authenticating incoming INVITEs is not needed. On Thu, Apr 2, 2015 at 2:28 PM, Daniel Heckl daniel.he...@gmail.com mailto:daniel.he...@gmail.com wrote: Scott, I have changed the configuration as said it and will test it. I’m curious. Can you briefly explain what insecure=invite,port does? ;insecure=port ; Allow matching of peer by IP address without ; matching port number ;insecure=invite; Do not require authentication of incoming INVITEs
Re: [asterisk-users] PJSIP Sends BYE with Wrong IP
On Wed, Apr 1, 2015 at 9:08 AM, Trey Hilyard kct...@gmail.com wrote: Hello - I am trying to decide if I have stumbled across a bug in PJSIP or I am just missing something. My Asterisk has two interfaces, an internal eth0 and an external eth1. In pjsip.conf, I define the following transports: [trusted] type=transport protocol=udp bind=10.xx.yy.zz:5060 [untrusted] type=transport protocol=udp bind=12.4.aa.bb:5060 My internal endpoints use transport=internal and external endpoints use transport=external. I guess that's obvious. You show transports trusted and untrusted, you don't show any transports named internal and external... so that is confusing. Everything works fine, most of the time. INVITEs, 1XX, 2XX are sent to the right interface using the right source IP. But, when Asterisk tries to send a BYE to any internal endpoint, it sends using the external IP, but it is sent of the correct internal interface eth0. Only the IP layer is incorrect. The SIP layer has the correct IP in the Via header. From what I can tell, only BYE is affected. I didn't have this problem with chan_sip. Am I just missing some configuration? This sounds like improper configuration, or a bug. If you can pastebin a full (sanitized) pjsip.conf as well as an Asterisk log with verbose turned up[1], plus a SIP packet trace then we can take a look at it. [1]: https://wiki.asterisk.org/wiki/display/AST/Collecting+Debug+Information -- Rusty Newton Digium, Inc. | Community Support Manager445 Jan Davis Drive NW - Huntsville, AL 35806 - USdirect: +1 256 428 6200 Check us out at: http://digium.com http://asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PJSIP Sends BYE with Wrong IP
On Thu, Apr 2, 2015 at 10:43 AM, Rusty Newton rnew...@digium.com wrote: On Wed, Apr 1, 2015 at 9:08 AM, Trey Hilyard kct...@gmail.com wrote: Hello - I am trying to decide if I have stumbled across a bug in PJSIP or I am just missing something. My Asterisk has two interfaces, an internal eth0 and an external eth1. In pjsip.conf, I define the following transports: [trusted] type=transport protocol=udp bind=10.xx.yy.zz:5060 [untrusted] type=transport protocol=udp bind=12.4.aa.bb:5060 My internal endpoints use transport=internal and external endpoints use transport=external. I guess that's obvious. You show transports trusted and untrusted, you don't show any transports named internal and external... so that is confusing. You are right. That is my fault that I was sanitizing the configuration for the purpose of this email and uses different names. Everything works fine, most of the time. INVITEs, 1XX, 2XX are sent to the right interface using the right source IP. But, when Asterisk tries to send a BYE to any internal endpoint, it sends using the external IP, but it is sent of the correct internal interface eth0. Only the IP layer is incorrect. The SIP layer has the correct IP in the Via header. From what I can tell, only BYE is affected. I didn't have this problem with chan_sip. Am I just missing some configuration? This sounds like improper configuration, or a bug. If you can pastebin a full (sanitized) pjsip.conf as well as an Asterisk log with verbose turned up[1], plus a SIP packet trace then we can take a look at it. [1]: https://wiki.asterisk.org/wiki/display/AST/Collecting+Debug+Information I actually got the issue resolved by upgrading to 13.3.rc-1, since this is just my development system. I assume that the problem was resolved between the two releases. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk 13.2.0 Video issues
Hello Matthew, The asterisk crashing issue was solved with the Asterisk 13.3.0, now video calls are okay between all devices. The only issue left is with the Grandstream GXV3175 where video is still very slow (downstream), it shows on the LCD 1 frame every few seconds. Hope this helps and should someone has a suggestion on how to solve the GXV3175 video would be great. Best regards Toufic -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Matthew Jordan Sent: Wednesday, March 18, 2015 4:45 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Asterisk 13.2.0 Video issues On Tue, Mar 17, 2015 at 5:53 PM, Toufic Khreish (Gmail) toufic.khre...@gmail.com wrote: I see that my asterisk is started with the -g option, the core file I cannot find on my system (find / -name core*) I would suspect one of the following: (1) Asterisk is not actually crashing. (2) Something is deleting the core files. (3) The core files are hiding really, really well. Either way, if you can't get a backtrace, there isn't much we can do to help with that problem. -- Matthew Jordan Digium, Inc. | Director of Technology 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: http://digium.com http://asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Update peer IP address
Ok, I have tested dnsmgr. This is not a solution, the situation has not changed. With dnsmgr I can not place outbound calls. I do not know why and what dnsmgr really do. My current solution is as follows: Say allowguest=yes, configure the default context that there can not be placed outbound calls. Use iptables to DROP all at your SIP port and allow only your local phones and the sip trunk ip range. I think srvlookup must be set to yes to place outbound calls if there is an ip address change. I think with the restriction of the firewall that should be a secure solution. Am 01.04.2015 um 19:23 schrieb Sebastian Kemper sebastian...@gmx.net: On Wed, Apr 01, 2015 at 11:00:56AM -0400, Andres wrote: On 4/1/15 10:48 AM, Daniel Heckl wrote: John, thank you four your answer. I think you have misunderstood the problem. It’s about a ip address change of the sip trunk, not of my asterisk server. You would probably benefit by enabling the DNS Manager to allow for dynamic IP changes: # cat dnsmgr.conf [general] enable=yes ; enable creation of managed DNS lookups ; default is 'no' refreshinterval=180 ; refresh managed DNS lookups every n seconds ; default is 300 (5 minutes) Hello Andres, I read that same suggestion elsewhere in connection with Deutsche Telekom, so it seems there's some benefit in it. Daniel, did you try it out already? Kind regards, Sebastian -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PJSIP Sends BYE with Wrong IP
On Thu, Apr 2, 2015 at 11:07 AM, Trey Hilyard kct...@gmail.com wrote: I actually got the issue resolved by upgrading to 13.3.rc-1, since this is just my development system. I assume that the problem was resolved between the two releases. Sweet, glad to hear! -- Rusty Newton Digium, Inc. | Community Support Manager445 Jan Davis Drive NW - Huntsville, AL 35806 - USdirect: +1 256 428 6200 Check us out at: http://digium.com http://asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Update peer IP address
I'd be curious if setting insecure=invite,port makes any difference either (without alllowguest on). On Thu, Apr 2, 2015 at 9:03 AM, Daniel Heckl daniel.he...@gmail.com wrote: Ok, I have tested dnsmgr. This is not a solution, the situation has not changed. With dnsmgr I can not place outbound calls. I do not know why and what dnsmgr really do. My current solution is as follows: Say allowguest=yes, configure the default context that there can not be placed outbound calls. Use iptables to DROP all at your SIP port and allow only your local phones and the sip trunk ip range. I think srvlookup must be set to yes to place outbound calls if there is an ip address change. I think with the restriction of the firewall that should be a secure solution. Am 01.04.2015 um 19:23 schrieb Sebastian Kemper sebastian...@gmx.net: On Wed, Apr 01, 2015 at 11:00:56AM -0400, Andres wrote: On 4/1/15 10:48 AM, Daniel Heckl wrote: John, thank you four your answer. I think you have misunderstood the problem. It’s about a ip address change of the sip trunk, not of my asterisk server. You would probably benefit by enabling the DNS Manager to allow for dynamic IP changes: # cat dnsmgr.conf [general] enable=yes ; enable creation of managed DNS lookups ; default is 'no' refreshinterval=180 ; refresh managed DNS lookups every n seconds ; default is 300 (5 minutes) Hello Andres, I read that same suggestion elsewhere in connection with Deutsche Telekom, so it seems there's some benefit in it. Daniel, did you try it out already? Kind regards, Sebastian -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- [image: Digium logo] Scott Griepentrog Digium, Inc · Software Developer 445 Jan Davis Drive NW · Huntsville, AL 35806 · US direct/fax: +1 256 428 6239 · mobile: +1 256 580 6090 Check us out at: http://digium.com · http://asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Update peer IP address
Scott, I have changed the configuration as said it and will test it. I’m curious. Can you briefly explain what insecure=invite,port does? ;insecure=port ; Allow matching of peer by IP address without ; matching port number ;insecure=invite; Do not require authentication of incoming INVITEs ;insecure=port,invite ; (both) Do I understand correctly that in this mode the IP address is not checked and no authentication is required? Am 02.04.2015 um 20:11 schrieb Scott Griepentrog sgriepent...@digium.com: I'd be curious if setting insecure=invite,port makes any difference either (without alllowguest on). On Thu, Apr 2, 2015 at 9:03 AM, Daniel Heckl daniel.he...@gmail.com mailto:daniel.he...@gmail.com wrote: Ok, I have tested dnsmgr. This is not a solution, the situation has not changed. With dnsmgr I can not place outbound calls. I do not know why and what dnsmgr really do. My current solution is as follows: Say allowguest=yes, configure the default context that there can not be placed outbound calls. Use iptables to DROP all at your SIP port and allow only your local phones and the sip trunk ip range. I think srvlookup must be set to yes to place outbound calls if there is an ip address change. I think with the restriction of the firewall that should be a secure solution. Am 01.04.2015 um 19:23 schrieb Sebastian Kemper sebastian...@gmx.net mailto:sebastian...@gmx.net: On Wed, Apr 01, 2015 at 11:00:56AM -0400, Andres wrote: On 4/1/15 10:48 AM, Daniel Heckl wrote: John, thank you four your answer. I think you have misunderstood the problem. It’s about a ip address change of the sip trunk, not of my asterisk server. You would probably benefit by enabling the DNS Manager to allow for dynamic IP changes: # cat dnsmgr.conf [general] enable=yes ; enable creation of managed DNS lookups ; default is 'no' refreshinterval=180 ; refresh managed DNS lookups every n seconds ; default is 300 (5 minutes) Hello Andres, I read that same suggestion elsewhere in connection with Deutsche Telekom, so it seems there's some benefit in it. Daniel, did you try it out already? Kind regards, Sebastian -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com http://www.api-digital.com/ -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com http://www.api-digital.com/ -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users http://lists.digium.com/mailman/listinfo/asterisk-users -- Scott Griepentrog Digium, Inc · Software Developer 445 Jan Davis Drive NW · Huntsville, AL 35806 · US direct/fax: +1 256 428 6239 · mobile: +1 256 580 6090 Check us out at: http://digium.com http://digium.com/ · http://asterisk.org http://asterisk.org/ -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users