Do we have any Asterisk 13.6 PJSIP command line gurus here?

#1
While I managed to connect OK using "old school" sip.conf, I really need to use the more modern (and supported) pjsip.conf as I'm going to need to be templating and doing all sorts of stuff.

However, I'm having trouble completing an incoming call - basically, the SIP trunk registers just fine with Voipfone, but incoming calls fail with error 481. I'm pretty sure it's something to do with the identifier section of the config not tying up with the incoming call.

If there are any Asterisk/PJSIP gurus here, I'd massively appreciate it if you could take a look at my post at http://forums.asterisk.org/viewtopic.php?f=1&t=96148 where I've posted configs, logs and diagnostics, and let me know where I might be going wrong.

If I can get this thing sorted, I promise in return to post a complete guide to installing and connecting a modern Asterisk implementation to Voipfone :)

Thanks

Re: Do we have any Asterisk 13.6 PJSIP command line gurus he

#3
Hello! I've got some good news for you! I figured it all out.

But you'll need to be on 13.6 I think (the current version).

Are you able to compile it for your OS? What are you running it on?

What I'm going to do is fire up a new VPS, start from scratch, ensure I can duplicate everything, and then write the whole lot up. Also, how to use IPTABLES. Because I've discovered that your box will instantly become a magnet for attackers.

I logged 24 hours of SIP traffic that attempted to hit my Asterisk box - here's a summary of the top 10 of the 340 attempted hacks over that period (#attempts, IP). Most IPs belong to VPN providers like Redstation, Brinkster, and the top one was our old favourite, poneytelecom in France, source of a ridiculous amount of hack attempts.

1090 62.210.246.67
1157 199.168.141.86
1170 37.8.20.179
1224 88.208.194.15
1352 5.152.216.226
2326 88.150.240.13
4036 31.3.230.210
4512 5.152.222.194
7498 204.152.246.113
1768403 195.154.62.25

Re: Do we have any Asterisk 13.6 PJSIP command line gurus he

#4
Yes, I found your posts on the asterisk forum: it looked like your issue was with identifying the incoming traffic? (we already have an identify in the config that seems to be working but I have also tested with the anonymous endpoint as it would suit our needs).

I think iptables rules are an excellent idea as a second level of security (we currently do this at the gateway / router so that the port is only open to the expected IPs - I *hope* that is reliable).

I am using Certified Asterisk 13.1 at the moment (we avoid bleeding edge because stability is a key build criteria) and am compiling myself on CentOS so 13.6 isn't out of the question - are you specifying this because it is what you are using or because there is a specific fix that you believe is required for PJSIP and voipfone to work together?

The specific issue that currently has me engaged in trying to demolish an internal partition with my cranium is that our incoming calls do not seem to pass the initial negotiation. Our INVITE requests get a 100 - Trying response but the media pathway never progresses to a ringing call or hits the asterisk dialplan (though there are no errors, so I don't think it is a dialplan issue).

One of the challenges I am facing is that I don't know what a correct PJSIP conversation looks like (I've been spoilt by 5+ years of chan_sip just working at this stage!) - any chance you could send me a trace of an incoming call with PJSIP Logger on and debug at 5 - this might also be beneficial to anyone who follows this post later on...

Suggest you pipe your log through a sed line to protect the sensitive bits (I typically make a sed one-liner for this purpose, you can always use as many -e "s/SENSITIVEINFO/replaceWith/g" switches as you want).

Re: Do we have any Asterisk 13.6 PJSIP command line gurus he

#5
Well I thought I replied to this 2 days ago but it doesn't appear to have posted (sorry).

Saw your asterisk forum posts - as I understand it you solved the issue using an Identify. I have been doing this and also using the anonymous endpoint as that it is just as suitable to my purposes. As a point of style, I believe voipfone recommended putting their IPs as 195.189.172.1/23 in firewall rules to future proof!

I firewall at the gateway (router) to block non-voipfone sip traffic from passing through the open ports (all my users are on lan or vpn subnets). IPTables on the box as well is probably a good idea, but I tend to be cautious with this and/or use it as a secondary solution (I have colleagues who tend to turn off the firewall when they test - he forgot and left it off once, which was the nearest we ever got to actually having a hostile intrusion / toll fraud on our system).

Our asterisk is the Certified 13.1 branch as we value stability but I am compiling it on CentOS6.

The issue I am having (now) is slightly different: incoming calls (INVITEs) are getting received and identified but then get a 100 - Trying response but never progress from there until the call is cancelled. I am trying to deep debug it, but I'm not 100% what a valid PJSIP conversation looks like (having spent 5+ years on chan_sip).

Any chance you could post a sanitised version of an incoming call with debug 5 and pjsip set logger on?

I'm happy to contribute to, review and/or edit your HOWTO post btw.

Re: Do we have any Asterisk 13.6 PJSIP command line gurus he

#6
Tried to do it this weekend but other work too over. I'll try and do it by midweek.

As you're on 13.1, I'll try and do both a "vanilla" pjsip.conf, but also a wizard version for people on the current release (or above 13.2 anyway).

I'll also do a complete "built from scratch" and some examples for Voipfone. There's a whole bunch of outdated stuff around, so hopefully this might make it easier for others!

Oh, as well as those SIP headers, minus the hackable info of course!

Thanks for your offers of input, too - there's bound to be things I'm doing wrong!

Re: Do we have any Asterisk 13.6 PJSIP command line gurus he

#7
At last! OK, quick start solution - if you follow these exact instructions, this will work.

If you've not added any extensions, start by buying one for a whole £1+VAT.
Attach it to your chosen Landline number. This guide assumes your extension is 200.

TOTAL TIME < 20 mins, most of it is just watching the server compile Asterisk.

PART 1: Install the current version of Asterisk

I'm going to be using a $5/month London-based DigitalOcean droplet here - if you find this guide useful or need a VPS to experiment with, sign-up via this link and you'll get $10 credit (ie: 2 months) and if you stick around after that, I get a little bonus too!

So, connect to your VPS and let's install the basics plus a couple of useful extras:

Code: Select all

sudo apt-get update; sudo apt-get upgrade -y; sudo apt-get dist-upgrade -y; sudo apt-get install -y build-essential git-core pkg-config subversion libjansson-dev sqlite autoconf automake libtool libxml2-dev libncurses5-dev unixodbc unixodbc-dev libasound2-dev libogg-dev libvorbis-dev libneon27-dev libsrtp0-dev libspandsp-dev libmyodbc uuid uuid-dev sqlite3 libsqlite3-dev libgnutls-dev htop iftop silversearcher-ag nmap
sudo shutdown -r now
Log back in and continue...

Code: Select all

cd /usr/src/
wget http://www.pjsip.org/release/2.4.5/pjproject-2.4.5.tar.bz2
tar -xjvf pjproject-2.4.5.tar.bz2
cd pjproject-2.4.5/
cd ../
./configure --prefix=/usr --enable-shared --disable-sound --disable-resample --disable-video --disable-opencore-amr CFLAGS='-O2 -DNDEBUG'
make dep && make && make install
ldconfig
ldconfig -p | grep pj
cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz
tar xvfz asterisk-13-current.tar.gz
cd asterisk-*
./configure
contrib/scripts/get_mp3_source.sh #If you want mp3 support
make menuselect
go to Add-ons and choose mp3
go to channel drivers and deselect sip from the EXTENDED menu below

Install the extra sounds you want, remember we're in the UK, using G711a, so for example CORE-SOUNDS-EN_GB-ALAW and the extra sounds, too.

When done, press s to save. Now continue - the first line is the compile - takes a few minutes.

Code: Select all

make && make install && make config && make samples && make install-logrotate
ldconfig
asterisk
asterisk -rvvvddd
Note that asterisk autostarts at boot time, so you'll normally just need

Code: Select all

asterisk -rvvvddd
PART 2: Make a connection to VOIPFONE

Using your favourite editor (I find winscp on Windows easiest as no ftp is required), goto /etc/asterisk and rename pjsip.conf and extensions.conf to pjsip.sample.conf etc.

Make new files with those names and paste the following into pjsip.conf - This guide assumes your extension is 200.

Code: Select all

[simpletrans]
type = transport
protocol = UDP
bind = 0.0.0.0

[acl]
type = acl
deny = 0.0.0.0/0.0.0.0
permit = 195.189.173.27

;====================VOIPFONE==200==============

[voipfone-200]
type = registration
retry_interval = 20
max_retries = 10
contact_user = VOIPFONEUSERNAME*200
transport = simpletrans
outbound_auth = voipfone-200-auth
server_uri = sip:VOIPFONEUSERNAME*200@sip.voipfone.net:5060
client_uri = sip:VOIPFONEUSERNAME*200@YOUR.IP.ADDRESSE:5060

[voipfone-200-auth]
type = auth
auth_type = userpass
username = VOIPFONEUSERNAME*200
password = YOURPASSWORD

[voipfone-200-identify]
type = identify
endpoint = voipfone-200-endpoint
; You cannot use FQDNs or hostnames. You must use IP addresses.
match = 195.189.173.27

[voipfone-200-endpoint]
type = endpoint
transport=simpletrans
context = fromvoipfone
disallow = all
allow = alaw
then into an empty file called extensions.conf, paste the following

Code: Select all

[fromvoipfone]
exten => _X.,1,Answer()
same => n,Playback(en_GB/hello-world)
same => n,Playback(en_GB/echo-test)
same => n,Echo()
then

Code: Select all

asterisk -rx core restart now
Now give it a minute to register and go to your extension setup in the Voipfone control panel and make sure it's registered. Then dial in and let me know what happens!

It should say a couple of things to you, and then if you speak, you should hear your voice coming back to you.

LOTS more to come tomorrow about the pjsip wizard, security etc, but this should get you started.

If I've missed anything or not explained it clearly, please let me know where you get stuck! If anyone knows a better way, post here too!

Once we've got a perfect config after tomorrow, I'll email support so they can update their (non-working) guide.

Re: Do we have any Asterisk 13.6 PJSIP command line gurus he

#8
It looks a good start for sure!

See my point above about best practice on the identify line.

Only other major omission (I am afraid!) is NAT support - your VPS is using a public IP, hence no NAT configuration is required, but I fear that the majority of users will want to run an IP-PBX on their LAN (otherwise voipfone do a pretty cracking job of providing PBX features in the cloud). That usually means port forwarding for the SIP and media ports and a couple of extra settings in the pjsip.conf.

I am posting my own sanitised trace to the asterisk forums to try and get a second opinion on why I am banging my head on a brick wall!

Re: Do we have any Asterisk 13.6 PJSIP command line gurus he

#9
Hold your fire! I'm literally right now typing up a "proper" guide on Github - I found a couple of other things about "identify" which may help here.

What is bogging me down is that SO much asterisk info is hopelessly out of date, and a lot of it just plain wrong! The asterisk forums themselves are dead quiet, so it's like feeling my way in the dark. It's almost like people want to keep all the secrets to themselves ;)

I can't help you with your port forwarding, but for the time being, ignore the previous post. I didn't realise that you can't edit posts here, so from now on I'm going to post them as "gists", which can be kept up to date and others can "pull" and submit corrections with.

You are also right about PBX features - if I didn't have incredibly specialist needs which only custom-programmed Asterisk could fulfill, then Voipfone would have everything I need. However, I'm not using Asterisk as a PBX at all - just a media server. So it's all one way traffic!

OK, give me until mid-day, or earlier. Will post again.

Re: Do we have any Asterisk 13.6 PJSIP command line gurus he

#10
No intent to rush at all, posting it elsewhere sounds sensible as long as we can get the link into here for others...

Totally understand and share your frustrations on asterisk documentation - part of the problem is that the branches still develop at quite a pace (relatively). Historically asterisk has been very poor at identifying what has changed from one version to the next - even the v13 docs refer you back to v12 for lots of the info...

In a sense, asterisk is a victim of its own strengths - people have a working config, so they leave well alone, hence you still have 1.4 in the wild and being re-configured / needing docs.

We likewise use asterisk for quite a specialised series of local applications (yes I do mean hacks) as well as unifying a few different trunk technologies in a quest for reliability and flexibility!

Re: Do we have any Asterisk 13.6 PJSIP command line gurus he

#11
Real Life Work is preventing me from polishing these files off completely, but here's a github repo with some files you might find useful - especially pjsip_wizard and extensions.conf.

https://github.com/lardconcepts/asteris ... one-config

I've also added two files with successful registrations as well as a successful incoming call.

Have a look and see what differs from yours.

If you've got any questions or want me to post anything else, just ask.

BTW, pjsip_wizard is for Asterisk 13.2+. If you're stuck on 13.1, you might want the configs I posted above.
As you can see, the wizard massively simplifies things though!

Re: Do we have any Asterisk 13.6 PJSIP command line gurus he

#13
ijh_uk wrote: The specific issue that currently has me engaged in trying to demolish an internal partition with my cranium is that our incoming calls do not seem to pass the initial negotiation. Our INVITE requests get a 100 - Trying response but the media pathway never progresses to a ringing call or hits the asterisk dialplan (though there are no errors, so I don't think it is a dialplan issue).
Hi ijh_uk,

I am having exactly the same problem as you: getting 100 Trying but nothing else after. When I remove the extension from the dialplan completely, then I get an error. But with the extension properly defined, the call gets stuck in "100 Trying".

Did you manage to solve it?

Asterisk PJSIP nothing after 100 Trying

#15
Hello,

Just an update (not to vanish myself) :-), I have finally discovered the issue that causes this behaviour.

First, full description of the problem:
Asterisk 13 (configured with pjsip) receives an INVITE from an external endpoint. PJSIP stack answers with 100 Trying but nothing else after that. Running the core with verbose/debug level 9 there is no warning/error message, as if everything would be ok. Just that the call is never processed further.

The cause is missing chan_pjsip. My asterisk was compiled with res_pjsip but not chan_pjsip. I have rerun make menuselect, chosen chan_pjsip to be compiled, reinstalled and everything went ok.

Re: Do we have any Asterisk 13.6 PJSIP command line gurus he

#17
Vixtor / Lardconcepts:
(thanks and Happy New Year in case I forget btw)

I have been exploring my issues on the asterisk board with a dev there.

Very interested by what solved the same issue for you: it doesn't look to be the same issue (I have chan_pjsip in my menuselect) but I suspect it is related.

Does chan_pjsip show up in your modules show output? (it doesn't in mine).

With regard the github posted configs, my thoughts were:
1) The majority of voipfone users are likely to want a NAT configuration I suspect - I will contribute as soon as get past this!
2) I would do all IP matching for the voipfone subnet (in identity and any acl sections) using 195.189.172.1/23 as this covers the whole of the front-facing subnets they use (as stated somewhere or other) and covers any future move of sip.voipfone.net to a different IP (you correctly noted you cannot use the hostname directly in the config) or other changes in behaviour such as using multiple IPs to load balance.
3) I have some good dialplan tips an tricks that I have used in the past to match multiple incoming routes etc: I will post those as well once I have my issue sorted!

Re: Do we have any Asterisk 13.6 PJSIP command line gurus he

#18
After struggling for a bit, I got some great help from David on the support chat. I now have inbound and outbound calls working. I have Asterisk running on digital ocean, with my handset in my home office, behind NAT

I thought it might help if I published my various config files.

In all of these, I have put ** ** around the things that need to be changed to your own configs e.g. userids, passwords, ip adresses, local STD codes etc.

First, here is the pjsip.conf

[acl]
type = acl
deny = 0.0.0.0/0.0.0.0
permit = 195.189.173.27,**myipaddress**

[transport-udp]
type=transport
protocol=udp
bind=0.0.0.0

[6001]
type=endpoint
context=internal
disallow=all
allow=ulaw
allow=alaw
transport=transport-udp
auth=6001_auth
aors=6001
rtp_symmetric=yes
force_rport=yes
rewrite_contact=yes
language=en
direct_media=no

[6001_auth]
type=auth
auth_type=userpass
password=**password**
username=**username**

[6001]
type=aor
max_contacts=1
mailboxes=6001@default

[voipfone]
type = registration
retry_interval = 20
max_retries = 10
contact_user = **voipfoneid**
transport = transport-udp
outbound_auth = voipfone_auth
server_uri = sip:**voipfoneid**@sip.voipfone.net:5060
client_uri = sip:**voipfoneid**@**myipaddress**:5060

[voipfone_auth]
type = auth
auth_type = userpass
username = **voipfoneid**
password = **voipfonepassword**

[voipfone]
type = identify
endpoint = voipfone
match = 195.189.173.27

[voipfone]
type=aor
contact=sip:195.189.173.27:5060

[voipfone]
type = endpoint
transport=transport-udp
context = VOIPFone
disallow = all
allow = alaw
allow = ulaw
outbound_auth=voipfone_auth
aors=voipfone
from_user=**voipfoneid**
direct_media=no


Now these are sections from extensions.conf, with pattern matching for the various numbers that are permitted.

[internal]
exten => 6001,1,Dial(PJSIP/6001)
exten=>_01Z.,1,Dial(PJSIP/${EXTEN}@voipfone,60,tr)
exten => _01Z.,2,Congestion
exten => _01Z.,3,Busy
exten => _01Z.,4,Hangup
exten=>_020Z.,1,Dial(PJSIP/${EXTEN}@voipfone,60,tr)
exten => _020Z.,2,Congestion
exten => _020Z.,3,Busy
exten => _020Z.,4,Hangup
exten=>_07.,1,Dial(PJSIP/${EXTEN}@voipfone,60,tr)
exten => _07.,2,Congestion
exten => _07.,3,Busy
exten => _07.,4,Hangup
exten=>_08.,1,Dial(PJSIP/${EXTEN}@voipfone,60,tr)
exten => _08.,2,Congestion
exten => _08.,3,Busy
exten => _08.,4,Hangup
exten=>_N.,1,Dial(PJSIP/**localSTD**${EXTEN}@voipfone,60,tr)
exten => _N.,2,Congestion
exten => _N.,3,Busy
exten => _N.,4,Hangup

[VOIPFone]
exten => **voipfoneid**,1,Answer
exten => **voipfoneid**,2,Ringing
exten => **voipfoneid**,3,Wait(1)
exten => **voipfoneid**,4,Dial(PJSIP/6001,15,r)

Who is online

Users browsing this forum: No registered users and 1 guest

Copyright 2004 - 2017, iNet Telecoms® Ltd. All rights reserved.


cron