[asterisk-bugs] [JIRA] (ASTERISK-28003) Qualifying non-authenticated endpoints on startup

Richard Mudgett (JIRA) noreply at issues.asterisk.org
Mon Aug 6 13:34:54 CDT 2018


    [ https://issues.asterisk.org/jira/browse/ASTERISK-28003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=244425#comment-244425 ] 

Richard Mudgett edited comment on ASTERISK-28003 at 8/6/18 1:34 PM:
--------------------------------------------------------------------

Hi Richard,

Thank-you for the response.  I have been looking through the CHANGES and UPGRADE.txt files and I do see a couple of options that we might need to add but I don't think they are relevant here.  These are the 'follow_early_media_forked' and 'accept_multiple_sdp_answers' options in pjsip.conf.  I will make sure we have the schema completely up-to-date, though.

Beyond that I have answers to your individual questions below:


x) Are you sure you are having these issues in v15.4.0 too?

I did some testing this morning and 15.4.1 appears to qualify endpoints as expected using the same config from 15.2.2.  We are working multiple issues in the 15.x code and I just got my version numbers mixed up.  This appears to only be an issue with 15.5.0 as tested this morning.


x) Are the aors and endpoints loaded?

Here is output from 'pjsip list aors':
{noformat}
      Aor:  FC-NYC-PROXY                                         0
{noformat}
and 'pjsip list endpoints':
{noformat}
 Endpoint:  FC-NYC-PROXY                                         Unavailable   0 of inf
{noformat}
So it looks like they are loaded, but not qualifying from my perspective.


x) Does the CLI "pjsip qualify $endpoint" give an error?

No error and it tells me that it is qualifying the endpoint.  I can run a sipgrep alongside it and I don't see any outbound SIP traffic from Asterisk.  Here is the command output:
{noformat}
*CLI> pjsip qualify FC-NYC-PROXY
Qualifying AOR 'FC-NYC-PROXY' on endpoint 'FC-NYC-PROXY'
{noformat}

x) What is a typical endpoint and aor configuration?

Sorry to be so verbose, but here are database dumps of the AOR and endpoint config for FC-NYC-PROXY as we have it configured:

AOR:
{noformat}
[FC-NYC-PROXY]
authenticate_qualify = 
contact = sip:69.55.55.125:5060
default_expiration = 300
id = FC-NYC-PROXY
mailboxes = 
max_contacts = 10
maximum_expiration = 1800
minimum_expiration = 300
outbound_proxy = 
qualify_frequency = 25
qualify_timeout = 5
remove_existing = 
support_path = 
{noformat}

Endpoint:
{noformat}
[FC-NYC-PROXY]
100rel = no
aggregate_mwi = 
allow = ulaw;g722
allow_subscribe = yes
allow_transfer = 
aors = FC-NYC-PROXY
asymmetric_rtp_codec = no
auth = 
call_group = 
callerid = 
callerid_privacy = 
callerid_tag = 
connected_line_method = 
context = outside-in
cos_audio = 5
cos_video = 4
device_state_busy_at = 
direct_media = no
direct_media_glare_mitigation = 
direct_media_method = 
disable_direct_media_on_nat = 
disallow = all
dtls_ca_file = /etc/asterisk/keys/mediassl.pem
dtls_ca_path = 
dtls_cert_file = /etc/asterisk/keys/mediacrt.pem
dtls_cipher = 
dtls_fingerprint = 
dtls_private_key = /etc/asterisk/keys/mediakey.pem
dtls_rekey = 
dtls_setup = actpass
dtls_verify = 
dtmf_mode = rfc4733
fax_detect = no
force_avp = no
force_rport = yes
from_domain = fluentcloud.com
from_user = 
ice_support = no
id = FC-NYC-PROXY
identify_by = 
inband_progress = no
incoming_mwi_mailbox = 
language = 
mailboxes = 
max_audio_streams = 
max_video_streams = 
media_address = 
media_encryption = no
media_encryption_optimistic = no
media_use_received_transport = yes
message_context = 
moh_suggest = 
mwi_from_user = 
mwi_subscribe_replaces_unsolicited = 1
named_call_group = 
named_pickup_group = 
notify_early_inuse_ringing = yes
one_touch_recording = 
outbound_auth = 
outbound_proxy = 
pickup_group = 
preferred_codec_only = yes
record_off_feature = 
record_on_feature = 
redirect_method = 
refer_blind_progress = no
rewrite_contact = no
rtcp_mux = no
rtp_engine = 
rtp_ipv6 = 
rtp_keepalive = 30
rtp_symmetric = yes
rtp_timeout = 300
rtp_timeout_hold = 0
sdp_owner = genie
sdp_session = genie
send_diversion = 
send_pai = no
send_rpid = no
set_var = 
srtp_tag_32 = 
sub_min_expiry = 
subscribe_context = 
t38_udptl = yes
t38_udptl_ec = redundancy
t38_udptl_ipv6 = no
t38_udptl_maxdatagram = 176
t38_udptl_nat = 
timers = no
timers_min_se = 
timers_sess_expires = 
tone_zone = 
tos_audio = ef
tos_video = af41
transport = 
trust_id_inbound = 
trust_id_outbound = 
use_avpf = no
use_ptime = 
{noformat}

Thank-you!


was (Author: jhord):
Hi Richard,

Thank-you for the response.  I have been looking through the CHANGES and UPGRADE.txt files and I do see a couple of options that we might need to add but I don't think they are relevant here.  These are the 'follow_early_media_forked' and 'accept_multiple_sdp_answers' options in pjsip.conf.  I will make sure we have the schema completely up-to-date, though.

Beyond that I have answers to your individual questions below:


x) Are you sure you are having these issues in v15.4.0 too?

I did some testing this morning and 15.4.1 appears to qualify endpoints as expected using the same config from 15.2.2.  We are working multiple issues in the 15.x code and I just got my version numbers mixed up.  This appears to only be an issue with 15.5.0 as tested this morning.


x) Are the aors and endpoints loaded?

Here is output from 'pjsip list aors':

      Aor:  FC-NYC-PROXY                                         0

and 'pjsip list endpoints':

 Endpoint:  FC-NYC-PROXY                                         Unavailable   0 of inf

So it looks like they are loaded, but not qualifying from my perspective.


x) Does the CLI "pjsip qualify $endpoint" give an error?

No error and it tells me that it is qualifying the endpoint.  I can run a sipgrep alongside it and I don't see any outbound SIP traffic from Asterisk.  Here is the command output:

*CLI> pjsip qualify FC-NYC-PROXY
Qualifying AOR 'FC-NYC-PROXY' on endpoint 'FC-NYC-PROXY'


x) What is a typical endpoint and aor configuration?

Sorry to be so verbose, but here are database dumps of the AOR and endpoint config for FC-NYC-PROXY as we have it configured:

AOR:
[FC-NYC-PROXY]
authenticate_qualify = 
contact = sip:69.55.55.125:5060
default_expiration = 300
id = FC-NYC-PROXY
mailboxes = 
max_contacts = 10
maximum_expiration = 1800
minimum_expiration = 300
outbound_proxy = 
qualify_frequency = 25
qualify_timeout = 5
remove_existing = 
support_path = 

Endpoint:
[FC-NYC-PROXY]
100rel = no
aggregate_mwi = 
allow = ulaw;g722
allow_subscribe = yes
allow_transfer = 
aors = FC-NYC-PROXY
asymmetric_rtp_codec = no
auth = 
call_group = 
callerid = 
callerid_privacy = 
callerid_tag = 
connected_line_method = 
context = outside-in
cos_audio = 5
cos_video = 4
device_state_busy_at = 
direct_media = no
direct_media_glare_mitigation = 
direct_media_method = 
disable_direct_media_on_nat = 
disallow = all
dtls_ca_file = /etc/asterisk/keys/mediassl.pem
dtls_ca_path = 
dtls_cert_file = /etc/asterisk/keys/mediacrt.pem
dtls_cipher = 
dtls_fingerprint = 
dtls_private_key = /etc/asterisk/keys/mediakey.pem
dtls_rekey = 
dtls_setup = actpass
dtls_verify = 
dtmf_mode = rfc4733
fax_detect = no
force_avp = no
force_rport = yes
from_domain = fluentcloud.com
from_user = 
ice_support = no
id = FC-NYC-PROXY
identify_by = 
inband_progress = no
incoming_mwi_mailbox = 
language = 
mailboxes = 
max_audio_streams = 
max_video_streams = 
media_address = 
media_encryption = no
media_encryption_optimistic = no
media_use_received_transport = yes
message_context = 
moh_suggest = 
mwi_from_user = 
mwi_subscribe_replaces_unsolicited = 1
named_call_group = 
named_pickup_group = 
notify_early_inuse_ringing = yes
one_touch_recording = 
outbound_auth = 
outbound_proxy = 
pickup_group = 
preferred_codec_only = yes
record_off_feature = 
record_on_feature = 
redirect_method = 
refer_blind_progress = no
rewrite_contact = no
rtcp_mux = no
rtp_engine = 
rtp_ipv6 = 
rtp_keepalive = 30
rtp_symmetric = yes
rtp_timeout = 300
rtp_timeout_hold = 0
sdp_owner = genie
sdp_session = genie
send_diversion = 
send_pai = no
send_rpid = no
set_var = 
srtp_tag_32 = 
sub_min_expiry = 
subscribe_context = 
t38_udptl = yes
t38_udptl_ec = redundancy
t38_udptl_ipv6 = no
t38_udptl_maxdatagram = 176
t38_udptl_nat = 
timers = no
timers_min_se = 
timers_sess_expires = 
tone_zone = 
tos_audio = ef
tos_video = af41
transport = 
trust_id_inbound = 
trust_id_outbound = 
use_avpf = no
use_ptime = 

Thank-you!

> Qualifying non-authenticated endpoints on startup
> -------------------------------------------------
>
>                 Key: ASTERISK-28003
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28003
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip
>    Affects Versions: 15.5.0
>         Environment: CentOS 7.5
>            Reporter: Jason Hord
>            Assignee: Unassigned
>            Severity: Minor
>              Labels: fax, pjsip
>
> It would appear as though something has changed after Asterisk version 15.2.2 related to manual/persistent endpoints being qualified on startup.
> At the company I work for, we currently run 15.2.2 with AORs defined in pjsip.conf.  When Asterisk starts up it will create endpoints and contacts for these based on settings from our realtime database and qualify them on regular intervals.  We use this to keep ensure our outbound SIP proxies are always in a known state.
> While testing upgrades to 15.4 and 15.5 I have found this to no longer be the case.  The same configuration we are using for 15.2.2 will create the endpoints but they are never qualified and the contacts always just show 'Created'.  Manually qualifying these endpoints using 'pjsip qualify $endpoint' doesn't even appear to send SIP traffic.
> Is this expected behavior with 15.4+?  What is the correct way to configure static endpoints/contacts in the realtime database such that they will be qualified on startup?  Since we have a large, distributed infrastructure we would like to avoid using pjsip.conf completely.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list