need some advise regarding the sip registration via pub ip

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

need some advise regarding the sip registration via pub ip

Postby sarxiejr » Tue Jan 20, 2015 2:33 pm

I just want to knw if what could be the possible problem if we encounter the registration error 408 when were trying to connect to a specific server.

I was enable the nat into yes already, setting up the externip to our ip, port forward properly directly to the server..

what else do I need to configure to enable the sip registration using the public ip

any help? :D
VERSION: 2.4-309a
BUILD: 110430-1642
Asterisk Version: 1.4.38-vici
Goautodial.iso installation(version 2.1)
Single Server
sarxiejr
 
Posts: 25
Joined: Fri Feb 07, 2014 1:46 pm

Re: need some advise regarding the sip registration via pub

Postby GDelkos » Wed Jan 21, 2015 10:20 am

Make sure that our not having the nat=yes 2 times!(one on router and one on vicibox)!
if you have nat enabled on the router then on your vici has to be off!
GDelkos
 
Posts: 67
Joined: Tue Dec 02, 2014 8:50 am

Re: need some advise regarding the sip registration via pub

Postby sarxiejr » Tue Jan 27, 2015 5:35 pm

I did that also..same thing.

cant find any solution yet...



here's what I did n my firewall to open port in the local dialer ip

Image
VERSION: 2.4-309a
BUILD: 110430-1642
Asterisk Version: 1.4.38-vici
Goautodial.iso installation(version 2.1)
Single Server
sarxiejr
 
Posts: 25
Joined: Fri Feb 07, 2014 1:46 pm

Re: need some advise regarding the sip registration via pub

Postby GDelkos » Thu Jan 29, 2015 6:37 am

can u please post ur sip.conf?
there is a entry there for the port!is it properly set?
GDelkos
 
Posts: 67
Joined: Tue Dec 02, 2014 8:50 am

Re: need some advise regarding the sip registration via pub

Postby sarxiejr » Fri Jan 30, 2015 11:49 am

Code: Select all
[general]
context=default                 ; Default context for incoming calls
allowguest=no                   ; Allow or reject guest calls (default is yes)
allowoverlap=no                 ; Disable overlap dialing support. (Default is yes)
allowtransfer=no               ; Disable all transfers (unless enabled in peers or u$
;realm=mydomain.tld             ; Realm for digest authentication
bindport=5060                   ; UDP Port to bind to (SIP standard port is 5060)
bindaddr=0.0.0.0                ; IP address to bind to (0.0.0.0 binds to all)
srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
;domain=mydomain.tld            ; Set default domain for this host
;pedantic=yes                   ; Enable checking of tags in headers,
tos_sip=cs3                    ; Sets TOS for SIP packets.
tos_audio=ef                   ; Sets TOS for RTP audio packets.
tos_video=af41                 ; Sets TOS for RTP video packets.
;maxexpiry=3600                 ; Maximum allowed time of incoming registrations
;minexpiry=60                   ; Minimum length of registrations/subscriptions (def$
;defaultexpiry=120              ; Default length of incoming/outgoing registration
;t1min=100                      ; Minimum roundtrip time for messages to monitored h$
;notifymimetype=text/plain      ; Allow overriding of mime type in MWI NOTIFY
;checkmwi=10                    ; Default time between mailbox checks for peers
;buggymwi=no                    ; Cisco SIP firmware doesn't support the MWI RFC
;vmexten=voicemail              ; dialplan extension to reach mailbox sets the
disallow=all                    ; First disallow all codecs
allow=ulaw                      ; Allow codecs in order of preference
allow=gsm
mohinterpret=default
mohsuggest=default
language=en                     ; Default language setting for all users/peers
relaxdtmf=yes                   ; Relax dtmf handling
trustrpid = no                  ; If Remote-Party-ID should be trusted
sendrpid = yes                  ; If Remote-Party-ID should be sent
progressinband=no               ; If we should generate in-band ringing always
;useragent=Asterisk PBX         ; Allows you to change the user agent string
;promiscredir = no              ; If yes, allows 302 or REDIR to non-local SIP addre$
;usereqphone = no               ; If yes, ";user=phone" is added to uri that contains
dtmfmode = rfc2833              ; Set default dtmfmode for sending DTMF. Default: rf$
;compactheaders = yes           ; send compact sip headers.
videosupport=no                 ; Turn on support for SIP video. You need to turn th$
;maxcallbitrate=384             ; Maximum bitrate for video calls (default 384 kb/s)
callevents=yes                  ; generate manager events when sip ua
alwaysauthreject = yes         ; When an incoming INVITE or REGISTER is to be reject$
;g726nonstandard = yes          ; If the peer negotiates G726-32 audio, use AAL2 pac$
matchexterniplocally = yes     ; Only substitute the externip or externhost setting $
;regcontext=sipregistrations
;rtptimeout=60                   ; Terminate call if 60 seconds of no RTP or RTCP ac$
rtptimeout=600
rtpholdtimeout=300             ; Terminate call if 300 seconds of no RTP or RTCP act$
rtpkeepalive=60            ; Send keepalives in the RTP stream to keep NAT open
;sipdebug = yes                 ; Turn on SIP debugging by default, from
;recordhistory=yes              ; Record SIP history by default
;dumphistory=yes                ; Dump SIP history at end of SIP dialogue
;allowsubscribe=no              ; Disable support for subscriptions. (Default is yes)
;subscribecontext = default     ; Set a specific context for SUBSCRIBE requests
notifyringing = yes             ; Notify subscriptions on RINGING state (default: no)
notifyhold = yes                ; Notify subscriptions on HOLD state (default: no)
limitonpeers = yes              ; Apply call limits on peers only. This will improve
;t38pt_udptl = yes            ; Default false
;register => 1234:password@mysipprovider.com
;registertimeout=20             ; retry registration calls every 20 seconds (default)
;registerattempts=10            ; Number of registration attempts before we give up
externip=[my public ip]       ; Address that we're going to put in outbound SIP
;externhost=test.test.com     ; Alternatively you can specify a domain
;externrefresh=10               ; How often to refresh externhost if
localnet=192.168.0.0/255.255.0.0; All RFC 1918 addresses are local networks
localnet=10.0.0.0/255.0.0.0     ; Also RFC1918
localnet=172.16.0.0/12          ; Another RFC1918 with CIDR notation
localnet=169.254.0.0/255.255.0.0 ;Zero conf local network
localnet=192.168.1.0/255.255.255.0
nat=yes                         ; Global NAT settings  (Affects all peers and users)
canreinvite=no          ; Asterisk by default tries to redirect the
;directrtpsetup=yes             ; Enable the new experimental direct RTP setup. This$
;rtcachefriends=yes             ; Cache realtime friends by adding them to the inter$
;rtsavesysname=yes              ; Save systemname in realtime database at registrati$
;rtupdate=yes                   ; Send registry updates to database using realtime? $
;rtautoclear=yes                ; Auto-Expire friends created on the fly on the same$
;ignoreregexpire=yes            ; Enabling this setting has two functions:
;domain=mydomain.tld,mydomain-incoming
;domain=1.2.3.4                 ; Add IP address as local domain
;allowexternaldomains=no        ; Disable INVITE and REFER to non-local domains
;autodomain=yes                 ; Turn this on to have Asterisk add local host
;fromdomain=mydomain.tld        ; When making outbound SIP INVITEs to
jbenable = yes              ; Enables the use of a jitterbuffer on the receiving sid$
jbforce = no                ; Forces the use of a jitterbuffer on the receive side o$
jbmaxsize = 100             ; Max length of the jitterbuffer in milliseconds.
jbresyncthreshold = 1000    ; Jump in the frame timestamps over which the jitterbuff$
jbimpl = fixed              ; Jitterbuffer implementation, used on the receiving sid$
jblog = no                  ; Enables jitterbuffer frame logging. Defaults to "no".
qualify=yes             ; By default, qualify all peers at 2000ms
limitonpeer = yes       ; enable call limit on a per peer basis, different from limi$
; register SIP account on remote machine if using SIP trunks
; register => testSIPtrunk:test@10.10.10.16:5060
;
; setup account for SIP trunking:
; [SIPtrunk]
; disallow=all
; allow=ulaw
; allow=alaw
; type=friend
; username=testSIPtrunk
; secret=test
; host=10.10.10.16
; dtmfmode=inband
; qualify=1000
VERSION: 2.4-309a
BUILD: 110430-1642
Asterisk Version: 1.4.38-vici
Goautodial.iso installation(version 2.1)
Single Server
sarxiejr
 
Posts: 25
Joined: Fri Feb 07, 2014 1:46 pm

Re: need some advise regarding the sip registration via pub

Postby GDelkos » Tue Feb 03, 2015 6:45 am

you can actually turn that nat=yes to no cause u got double nat if your router has it on also!
GDelkos
 
Posts: 67
Joined: Tue Dec 02, 2014 8:50 am

Re: need some advise regarding the sip registration via pub

Postby sarxiejr » Fri Feb 06, 2015 12:13 pm

i did it already..same thing i cant register thru public ip
VERSION: 2.4-309a
BUILD: 110430-1642
Asterisk Version: 1.4.38-vici
Goautodial.iso installation(version 2.1)
Single Server
sarxiejr
 
Posts: 25
Joined: Fri Feb 07, 2014 1:46 pm

Re: need some advise regarding the sip registration via pub

Postby GDelkos » Mon Feb 09, 2015 10:19 am

have u port forwarded the ports that you are using from your router?

you can easy change the bind port on your sip.conf to something else(i personally use 9981) and port forward that on your router so u can communicate!
GDelkos
 
Posts: 67
Joined: Tue Dec 02, 2014 8:50 am

Re: need some advise regarding the sip registration via pub

Postby sarxiejr » Mon Feb 16, 2015 11:13 am

not yet sir,,

so if Im going to do that the domain should be like this [public ip]:[port] if i want to register thru softphone

Am i right?
VERSION: 2.4-309a
BUILD: 110430-1642
Asterisk Version: 1.4.38-vici
Goautodial.iso installation(version 2.1)
Single Server
sarxiejr
 
Posts: 25
Joined: Fri Feb 07, 2014 1:46 pm

Re: need some advise regarding the sip registration via pub

Postby GDelkos » Mon Feb 16, 2015 12:19 pm

yes!

like 192.168.1.1:8891

:)
GDelkos
 
Posts: 67
Joined: Tue Dec 02, 2014 8:50 am

Re: need some advise regarding the sip registration via pub

Postby sarxiejr » Mon Feb 16, 2015 12:39 pm

Sir.., same thing it wont register..

it says " Request Time out"

I did everthing...
VERSION: 2.4-309a
BUILD: 110430-1642
Asterisk Version: 1.4.38-vici
Goautodial.iso installation(version 2.1)
Single Server
sarxiejr
 
Posts: 25
Joined: Fri Feb 07, 2014 1:46 pm

Re: need some advise regarding the sip registration via pub

Postby GDelkos » Mon Feb 16, 2015 12:54 pm

on your sip.conf is bind port set to 8891?
bindport=8891
GDelkos
 
Posts: 67
Joined: Tue Dec 02, 2014 8:50 am

Re: need some advise regarding the sip registration via pub

Postby sarxiejr » Mon Feb 16, 2015 3:10 pm

it was set on 5060 sir
VERSION: 2.4-309a
BUILD: 110430-1642
Asterisk Version: 1.4.38-vici
Goautodial.iso installation(version 2.1)
Single Server
sarxiejr
 
Posts: 25
Joined: Fri Feb 07, 2014 1:46 pm

Re: need some advise regarding the sip registration via pub

Postby sarxiejr » Mon Feb 16, 2015 3:13 pm

Is it ok if im going to set like this bindport=5060,9981

?
VERSION: 2.4-309a
BUILD: 110430-1642
Asterisk Version: 1.4.38-vici
Goautodial.iso installation(version 2.1)
Single Server
sarxiejr
 
Posts: 25
Joined: Fri Feb 07, 2014 1:46 pm

Re: need some advise regarding the sip registration via pub

Postby GDelkos » Mon Feb 16, 2015 4:50 pm

no just one the one u gonna port forward!
GDelkos
 
Posts: 67
Joined: Tue Dec 02, 2014 8:50 am

Re: need some advise regarding the sip registration via pub

Postby THUFIR » Tue Feb 24, 2015 12:55 am

GDelkos wrote:Make sure that our not having the nat=yes 2 times!(one on router and one on vicibox)!
if you have nat enabled on the router then on your vici has to be off!



That's interesting, I didn't realize vicibox could navigate NAT. Does it use STUNNEL?
ViciBox Redux v.6.0.3-141118 from .iso | Single Server | No Digium/Sangoma Hardware | No Extra Software After Installation | AMD Phenom(tm) II X6 1090T Processor | 8GiB RAM
THUFIR
 
Posts: 109
Joined: Fri May 02, 2014 10:46 pm

Re: need some advise regarding the sip registration via pub

Postby GDelkos » Tue May 12, 2015 8:28 am

if you have nat enabled on your router vicibox has to have (on sip.conf) nat disabled(nat=no).
although i am not 100 percent that that's the case on every problem(maybe the admins or someone with more experience than me can say that) on my case that was the thing that was keeping my softphone to register!
GDelkos
 
Posts: 67
Joined: Tue Dec 02, 2014 8:50 am

Re: need some advise regarding the sip registration via pub

Postby bobchaos » Tue May 12, 2015 11:27 am

In order for this to work, there are quite a few things to validate:
-You MUST forward the SIP port (like others have already mentioned) from your external IP to your Asterisk/Vicidial server and you MUST use the same port as defined in sip.conf in UDP and TCP
-As recommended by others, use a non-standard port (ie: not 5060). SIP is one of the most heavily attacked protocol on the internet, don't be a target!
-You MUST forward your RTP ports from your external IP to your Asterisk/Vicidial server and you MUST use the same ports as defined in rtp.conf in UDP
-You MUST have NAT enabled unless your're registration server has a dedicated public IP. This doesn't seem to be your issue as you're timing out, not having audio issues (which is the usual symptom of NAT issues).
- You MAY need a STUN server to handle NAT properly. I never have, but it's a common theme in Asterisk literature.

I'm pretty convinced the issue lies in your firewall conf atm, as indicated by the timeouts. I'm not sure I'm reading it right but it looks like you're only port forwarding the TCP ports, not the UDP ones (they don't have the extern_ip listed next to them).

Double check those things, but while you're at it, consider the following:
-Vicidial can call it's agents on any sort of a telephone. It is both much easier and much safer to have Vicidial contact the agents on POTS lines than to expose yourself to the internet.
-Like I mentioned above, SIP is a heavily hacked port, people looking for free long distance capable accounts. Change the default port and have an expert look into setting up some dynamic security against attacks for you. Understand that changing the port is not enough, as that will only stop the lowliest of script kiddies (which, granted, are often the primary threat).
-If all the remote phones are in a single remote site, link both sites with a VPN. This will bypass the NAT requirements and be a much more secure solution.
bobchaos
 
Posts: 171
Joined: Fri Jan 06, 2012 12:46 pm


Return to Support

Who is online

Users browsing this forum: No registered users and 85 guests