PDA

View Full Version : freePBX Asterisk problem



john
05-12-2008, 07:43 AM
I have had my VOIPo residential test account setup on my Asterisk freePBX box and has worked fine up to a couple of weeks ago. Incoming still works fine, but out going calls receive this error: WARNING[2331] chan_sip.c: Forbidden - wrong password on authentication for INVITE to '"305777xxxx". Here are my settings:

Outgoing Settings
host=codeblue.voipo.com
insecure=invite
qualify=yes
secret=password
type=peer
username=305777xxxx

Incoming Settings
context=from-sip-external
host=codeblue.voipo.com
secret=password
type=user

It has been working fine in the past using the settings and the device shows registered in vpanel.

Any suggestions on what needs to be changed?

dswartz
05-12-2008, 10:42 AM
Guessing someone changed something wrt your account?

VOIPoDanielC
05-12-2008, 12:58 PM
Outgoing calls via my asterisk box also have the same problems.

<--- SIP read from 74.52.213.178:5060 --->
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 64.246.18.157:5060;branch=z9hG4bK2a628c43;rport=50 60
From: "171357414XX" <sip:171357414XX@64.246.18.157>;tag=as2bbc5018
To: <sip:1281297XXXX@codeblue.voipo.com>;tag=8d52d559480975178c22acc225f58a64.4841
Call-ID: 604765d517d3fbdd7bf43ea731e3141a@64.246.18.157
CSeq: 102 INVITE
Server: OpenSER (1.3.0-notls (x86_64/linux))
Content-Length: 0
Warning: 392 74.52.213.178:5060 "Noisy feedback tells: pid=8336 req_src_ip=64.246.18.157 req_src_port=5060 in_uri=sip:1281297XXXX@codeblue.voipo.com out_uri=sip:281297XXXX@codeblue.voipo.com via_cnt==1"


This is still failing regardless of what I've tried.

I've even tried autocreatedpeer on in asterisk as suggested by the OpenSER people, and it's not helping.

fisamo
05-12-2008, 04:31 PM
Outbound is working for me. Here are my settings:


host=codeblue.voipo.com
username=9192491xxx
secret=(not telling, then it wouldn't be a secret anymore. ;) )
type=peer
insecure=very
qualify=yes
nat=yes
port=5080

I don't know if the port or the "insecure" setting makes the difference, but that's how my settings are different than yours... I don't see how the nat setting would matter (I'm behind a home router, hence the 'yes').

VOIPoDanielC
05-12-2008, 05:21 PM
Even with those settings, I still get an error.

I don't have a router. I have a direct connection to the internet on that server.

Could you tar up all of the confs without your credentials for me? Then I'll figure out what variable I have set wrong.

Freepbx keeps its configuration in multiple .conf files, that's why I'm asking for a tar.

I use plain asterisk. I am NOT moving to freepbx unless I get struck by lightning. Well, I'll try it on my VirtualMachine then I might do it.

I have a lot of custom things on my system. :)

Insecure is tricky on what it means.
very
yes
no
port
invite

:)

john
05-13-2008, 07:26 AM
Outbound is working for me. Here are my settings:


Thanks for your settings fisamo. I tried them and still no luck. I still receive the error: WARNING[2350] chan_sip.c: Forbidden - wrong password on authentication for INVITE to '"305777xxxx". I think it has something to do with the CID I am sending has to match the number on VOIPo (which it does). I will try some other settings and report back.

John.

dswartz
05-13-2008, 08:42 AM
Here is my outgoing context:

username=508481XXXX
type=peer
secret=XXXXXXXX
qualify=yes
host=codeblue.voipo.com
dtmf=auto
disallow=all
allow=ulaw

fisamo
05-13-2008, 09:02 AM
Not at home right now to tar up my config files, but I'll try to get to it tonight.

VOIPoRay
05-13-2008, 05:32 PM
I was able to reproduce the problem with my asterisk box here (unable to authenticate on outbound calls). Adding a fromuser the same as the username fixed the issue in this particular instance. If the settings posted below don't help, feel free to email support@voipo.com with details and we'll take a look at your specific issue.

[voipo.com]
username=NPANXXXXXX
secret=SUPER_DUPER_SECRET_PASS
host=codeblue.voipo.com
type=friend
context=voipo
port=5060
insecure=invite
fromuser=NPANXXXXXX
fromdomain=codeblue.voipo.com ; this line was edited from the original post which mistakenly had the TN as the fromdomain also

dswartz
05-13-2008, 07:30 PM
Ray, what did you guys change? I have had no issues with outbound calls, suddenly today, I'm having the same problem (no outbound.) I added the fromuser and it works? Whatever you did, wow. I had to add fromuser, fromdomain AND change the context to specifically voipo.com :(

VOIPoTim
05-13-2008, 07:33 PM
Ray, what did you guys change? I have had no issues with outbound calls, suddenly today, I'm having the same problem (no outbound.) I added the fromuser and it works? Whatever you did, wow. I had to add fromuser, fromdomain AND change the context to specifically voipo.com :(

I don't know of any changes today, but there could have been. Since the residential service is designed to make sure there's no Caller ID spoofing and things along those lines, security has been tightened a lot lately. Sorry :(

fisamo
05-14-2008, 05:06 AM
Wow. No kidding on the security tightening. I had to make the same changes. Your system is much less forgiving to * users now. :( I do understand why, and my comment isn't intended as criticism, just an observation.

If you're going to allow * users with a system this 'tight' (especially if you put in more restrictions), you will need to either post in your knowledgebase known-working config settings or, at least, have a canned ticket response for * setup requests. ("These settings are known to work, but beyond providing this information to you, we cannot provide specific support for * users.")

john
05-14-2008, 08:43 AM
FWIW, I made all the suggested changes and still get the same error: WARNING[2350] chan_sip.c: Forbidden - wrong password on authentication for INVITE to '"305777xxxx". Security sure has been tightened! If I can't figure it out I will create a ticket.

BTW: I like what the Gizmo5 is doing. For $4/yr they let you set your Outgoing Caller ID. Setting the Caller ID to the home phone number is a must for the wife factor.

dswartz
05-14-2008, 08:56 AM
John, one gotcha you may have missed: the outbound context MUST now be called voipo.com. I had been using VOIPO for outbound and VOIPO_in for inbound and even with all the other changes, still no joy. I noticed Ray had the outbound context as voipo.com and changed to that and was good to go.

dswartz
05-14-2008, 09:09 PM
Well, this sucks. Just tried making a call, and it went through, but then I got an email from the script that alerts me when a trunk is down. Checked, and sure enough, no voipo. I have NOT changed anything...

Looking at 'sip show peers', codeblue is showing as unreachable, so maybe something's going on. I'll check again tomorrow.

Update this AM: still down. codeblue.voipo.com is still showing as UNREACHABLE. At least inbound still works :(

john
05-15-2008, 07:44 AM
Shows UNREACHABLE for me also this morning.

VOIPoNorm
05-15-2008, 08:00 AM
John,

Can you please open a ticket at http://support.voipo.com

Please include the sip.conf context you are using to connect.

Also, please include the SIP phone number you're using to connect.

Regards,
Norm

dswartz
05-15-2008, 08:31 AM
Norm, I opened a ticket too. The sip info is exactly the working one I PM'ed you...

fisamo
05-15-2008, 10:05 AM
I was just able to place a few outbound calls (via DISA) on my Residential line. I used the outbound trunk settings posted earlier in the thread, copied below:

host=codeblue.voipo.com
username=919249xxxx
secret=(secret, of course)
type=friend
insecure=invite
qualify=yes
nat=yes
port=5060
fromuser=919249xxxx
fromdomain=919249xxxx
context=voipo

I have not played with other settings (that I recall) to significantly change them from the default PBX-in-a-Flash setup. (I recently backed up my Trixbox, then over-wrote with PIAF to see if I like PIAF better.) However, I'll see if I can sanitize and retrieve my entire config files so I can post them.

VOIPoNorm
05-15-2008, 10:12 AM
Hi,

I think there may be Asterisk (and FreePBX is just a wrapper around Asterisk) is sending OPTIONS messages. These messages were being rejected by some enhanced security we put in place.

The "qualify" setting turns this "feature" on: http://www.voip-info.org/wiki/view/Asterisk+sip+qualify

The problem here is that we need to authenticate these messages. This is going to take some more investigative work to resolve. In the mean time, I have relaxed this particular security setting.

Thanks for your help in this matter.

Regards,
Norm

dswartz
05-15-2008, 04:02 PM
This now works. Can't you accept SIP OPTIONS packets from a host that is registered to you? I'm now groveling through the source to see why unknown is being sent.

VOIPoNorm
05-15-2008, 08:08 PM
I've developed a fix that matches the IP address of the sender of the OPTIONS (Asterisk in this case) against the IP address of registered/authenticated users. Upon a good match, the OPTIONS is replied to. If there is no match, the OPTIONS will not be answered.

There are some cases where Asterisk is sending us OPTIONS without first having a valid registration. In the future, these requests will not be answered. I'm going to look into what is causing this particular condition. These are a minority of the total number of OPTIONS requests.

Regards,
Norm

john
05-16-2008, 12:40 PM
Thanks to VOIPoNorm I now have outgoing working! Turns out it had something to do with my old carrier account being transferred to express.

dswartz
05-17-2008, 08:24 AM
Norm, I'm down *again*. Starting yesterday afternoon. Your IP check is still working, since I'm showing you as reachable, but outbound calls fail with CONGESTION. I am registered (according to codeblue). This is getting frustrating, to say the least :(

fisamo
05-17-2008, 11:06 AM
Are you still down? I just made a test call to my mobile# from my Residential line, and it went through OK. I was also able to make a call a bit earlier (about 15 mins after you posted, just got called away from the PC and couldn't finish the message).

dswartz
05-17-2008, 11:22 AM
Nope, now it's working :(

VOIPoNorm
05-17-2008, 01:09 PM
I checked the logs and didn't see any major failures around the time you mentioned.

To anyone that may be monitoring this thread. In the ticket you open at http://support.voipo.com please include the calling number, the called number and the approximate time that the call was attempted. That will help us track down the call in the logs.

The suggestion about creating a template that requires these items before creating a support ticket is great.

Regards,
Norm

dswartz
05-17-2008, 01:15 PM
Aughhh!!!!!!!! Now it's happening again! I'll update the ticket... If you want a copy of the wireshark trace, let me know...

VOIPoDanielC
05-19-2008, 11:58 AM
I never got mine working again after troubleshooting for days.

dswartz
05-19-2008, 12:17 PM
Norm indicated my from SIP info is wrong. Dunno why, I'll have to check when I get home.

dswartz
05-19-2008, 12:51 PM
I think I may know what the problem was. I had sent Norm a cut&paste of my formerly working config. Norm says that my SIP from invite header said NPAN@NPAN rather than NPAN@codeblue.voipo.com. I just looked at my config, and somehow I had set fromdomain=codeblue.voipo.com to fromdomain@NPAN, which would explain things. I can't confirm this until I get home, but danielc, you may want to make sure (if not already) that you have your config set up per the knowledgebase article:

http://support.voipo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=2

VOIPoDanielC
05-19-2008, 01:13 PM
It is just as stated in the KB.

dswartz
05-19-2008, 01:49 PM
Have you opened a ticket? Any chance you can get a sniffer trace? Sorry I don't know better what to ask, since I don't know how knowledgeable you are about wireshark, etc...

dswartz
05-19-2008, 03:55 PM
Well, my problem was in fact the cut&paste error, sorry for the false alarm.