[Asterisk-Users] broadvoice/asterisk incoming calls problem

Thu Jul 29 18:54:15 MST 2004

> ---- Original Message -----
> From: "Rich Adamson" <radamson at routers.com>
> To: <asterisk-users at lists.digium.com>
> Sent: Thursday, July 29, 2004 5:02 AM
> Subject: Re: [Asterisk-Users] broadvoice/asterisk incoming calls problem
>
>
>> > This is what my configuration is:
>> >
>> > xxx is my phone
>> > yyy is my secret
>> >
>> > [general]
>> > externip=lexon.ws
>> > port=5060
>> > disallow=all
>> > allow=ulaw
>> > context=from-broad
>> > dtmfmode=inband
>> > register => xxx:yyy at sip.broadvoice.com
>> > tos=0x18
>> > srvlookup=yes
>> >
>> > [Broadvoice]
>> > type=peer
>> > username=xxx
>> > fromuser=xxx
>> > secret=yyy
>> > host=sip.broadvoice.com
>> > context=from-broad
>> > fromdomain=sip.broadvoice.com
>> > nat=yes
>> > canreinvite=no
>> > dtmfmode=inband
>> > insecure=yes
>> >
>> > Incomming calls still fails.
>> > NO SOUND AT ALL!!!
>>
>> The above [Broadvoice] context with type=peer is generally used
>> for 'outbound' calls only; something like:
>>  exten => _1.,3,Dial,Sip/Broadvoice/${EXTEN}
>>
>> However, for inbound calls from Broadvoice, I think you'll need
>> something like the following in sip.conf:
>>  [sip-broadvoice]
>>  type=user       ; handles inbound calls from Broadvoice
>>  context=from-broadvoice
>>  deny=0.0.0.0/0.0.0.0
>>  permit=147.135.8.129/255.255.255.0
>>  permit=147.135.0.129/255.255.255.0
>>
>> There seems to have been two changes initiated at Broadvoice on
>> Sunday: 1) Registration, and, 2) no authentication on incoming
>> calls. (Keep in mind that I just signed up for Broadvoice service
>> on Saturday, and then experienced the changes/failures on Sunday.)
>>
>> The majority of discussion and fixes suggested on the list lately
>> pertains to #1, however a fair number of users have mentioned #2
>> with very few (if any) responses to those issues.
>>
>> As I understand #1, the issue is that Broadvoice is providing two
>> IP addresses with their DNS responses for sip.broadvoice.com, however
>> asterisk 'always' uses the first entry in the response and never
>> the second. They might also be using round robin DNS responses,
>> where in theory their DNS response alternates between two addresses.
>> Some of the postings have suggested that only one of their two sip
>> registration servers handle asterisk's registration, and one of the
>> fixes was to hard code the IP address in /etc/hosts.conf. It sounds
>> like most folks have worked around the registration issue without
>> knowing exactly they did (or what additional issues they just added).
>> The hard coded Ip now limits that * machine to using only one of
>> the two sip registration servers at Broadvoice, and if that server
>> happens to be unavailable, * has no where to go.
>>
>> If anyone has a different interpretation of #1, I'd like to hear it.
>>
>> Issue #2 is different. Based only on my limited experience from
>> Saturday (before the changes), incoming * calls from broadvoice
>> use to include a userid & secret to authenticate the session with *.
>> That appears to have changed on Sunday, and now calls arrive without
>> the authentication function. Therefore, a section in sip.conf like
>> the  [sip-broadvoice] above that includes type=user is now needed
>> to handle those calls. If the deny and permit statements are not
>> included in that context, then calls from any source on the Internet
>> can be completed via such an open ended context.
>>
>> There's certainly nothing wrong with allowing such incoming calls
>> "if" your dialplan adequately restricts what those calls can reach.
>> However, if the dialplan allows unrestricted calling, then sooner
>> or later you might find a hacker making calls through your system.
>>
>> As I mentioned earlier, I only had a few hours of experience with
>> the broadvoice config before the changes occurred, so if I've
>> mis-represented either of the above would someone correct me.
>>
>> Rich
>
> Hmmmm as for #2, I've NEVER used authentication on my inbound calls, even
> before they made the change and it has always worked... I use a bogus
> context as my default context (I don't want unrouted calls) and I've set
> up
> the correct context for my broadvoice-incoming contexts.. As far as
> INSECURE=YES or VERY, I don't use that at all and it still works fine...
>
> I'm a little concerned by the NAT=YES in the sip.conf sample below. That
> could be the culprit for the no audio problem right there, especially if
> the
> RTP stream doesn't know where to go... If you really really MUST use NAT,
> why not try using port forwarding on your router and forward UDP port 5060
> and the RTP ports that you have set in your rtp.conf directly to your *
> server, then set NAT=NO or NAT=NEVER and try that...
>
> Also I don't see any localnet entries or externip entries... if you're
> using
> nat, you kinda need those...
>
> NAT is evil and should be destroyed and sent back to hell from whence it
> came...
>
> Here's a sample of my sip.conf in case this helps you...
>
> [general]
> port=5060
> bind=0.0.0.0knowledge
> externip=24.20.x.x (why not try using an ip instead of a hostname...)
> localnet=10.100.5.0/24 (not sure if this is needed anymore...)
> context=bogus
> srvlookup=yes
> tos=0x18
> maxexpirey=3600
> defaultexpirey=120
> progressinband=no
>
> disallow=all
> allow=gsm
> allow=alaw
> allow=ulaw
> allow=adpcm
> allow=speex
> allow=ilbc
> allow=slinear
>
> register => 5035551212:supersecretpassword at sip.broadvoice.com:5060
>
> [broadvoice-out]
> type=peer
> dtmfmode=inband
> host=147.135.0.129
> user=5035551212 (not sure if this is necessary, I like to be thorough)
> username=5035551212
> authuser=5035551212 (not sure if these 2 are necessary but again,
> thorough)
> fromuser=5035551212
> fromdomain=sip.broadvoice.com
> context=shawhome
> md5secret=supersecretpassword
> qualify=yes
> canreinvite=no
> disallow=all
> allow=ulaw
>
> [broadvoice-out2]
> type=peer
> dtmfmode=inband
> host=147.135.8.129
> user=5035551212
> username=5035551212
> authuser=5035551212
> fromuser=5035551212
> fromdomain=sip.broadvoice.com
> context=shawhome
> md5secret=supersecretpassword
> qualify=yes
> canreinvite=no
> disallow=all
> allow=ulaw
>
> [broadvoice-incoming]
> type=peer
> dtmfmode=inband
> host=147.135.8.128
> context=incoming
> qualify=yes
> canreinvite=no
> disallow=all
> allow=ulaw
>
> [broadvoice-incoming2]
> type=peer
> dtmfmode=inband
> host=147.135.0.128
> context=incoming
> qualify=yes
> canreinvite=no
> disallow=all
> allow=ulaw
>
>
> The reason I did 2 contexts for incoming/outgoing is to overcome the DNS
> problem for peers until it gets resolved...
>
> Also in my extensions.conf I use failover in case one of the
> [broadvoice-out] peers is down...
>
> exten => _9NXXNXXXXXX,1,Dial(SIP/${EXTEN:1}@broadvoice-out,60)
> exten => _9NXXNXXXXXX,2,Dial(SIP/${EXTEN:1}@broadvoice-out2,60)
> exten => _9NXXNXXXXXX,3,Congestion()
>
> Mind you I'm not saying that I'm right, I've only been using asterisk for
> about 4  months now, but THIS WORKS FOR ME(tm)
>
>     -Chris
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>

Thanks for your ideas Chris.
I still have same problems.
Let me explain my setup and what is working and what not.

I do have a NAT on my network with DMZ to my * server. (EVERYTHING IS
FORWARDED) My current sip.conf looks like this:

[general]
externip=lexon.ws
port=5060
disallow=all
allow=ulaw
context=none
dtmfmode=inband
register => 7734660101:mysecret at sip.broadvoice.com
tos=0x18
srvlookup=yes

[Broadvoice]
type=peer
username=7734660101
fromuser=7734660101
secret=mysecret
host=sip.broadvoice.com
context=sip
fromdomain=sip.broadvoice.com
canreinvite=no
dtmfmode=inband

[broadvoice-incoming]
type=peer
dtmfmode=inband
host=147.135.8.128
context=from-broad
qualify=yes
canreinvite=no
disallow=all
allow=ulaw

[broadvoice-incoming2]
type=peer
dtmfmode=inband
host=147.135.0.128
context=from-broad
qualify=yes
canreinvite=no
disallow=all
allow=ulaw

I took your advice and also created two entries for incoming calls to
overcome the DNS problem.

NOW I will track incoming call to my * box.

I see first how asterisk registers:(before the call)

20:10:37.521845 ns.0.10.10.in-addr.arpa.5060 > 147.135.0.128.5060: udp 379
(DF) [tos 0x18]
20:10:37.581972 147.135.0.128.5060 > ns.0.10.10.in-addr.arpa.5060: udp 352

I am calling into my box.
Asterisk picks up. My default messeage starts playing, but I cannot hear it.
I look at the tcpdump output to see the packets flow:

20:25:36.492039 147.135.0.128.5060 > ns.0.10.10.in-addr.arpa.5060: udp 352
20:25:39.538052 147.135.0.128.5060 > ns.0.10.10.in-addr.arpa.5060: udp 718
20:25:39.538544 ns.0.10.10.in-addr.arpa.5060 > 147.135.0.128.5060: udp 474
(DF) [tos 0x18]
20:25:39.539005 ns.0.10.10.in-addr.arpa.5060 > 147.135.0.128.5060: udp 475
(DF) [tos 0x18]
20:25:39.540286 ns.0.10.10.in-addr.arpa.5060 > 147.135.0.128.5060: udp 655
(DF) [tos 0x18]
20:25:39.540799 ns.0.10.10.in-addr.arpa.18938 > 147.135.0.128.14384: udp
172 (DF) [tos 0x18]
20:25:39.560257 ns.0.10.10.in-addr.arpa.18938 > 147.135.0.128.14384: udp
172 (DF) [tos 0x18]
20:25:39.580238 ns.0.10.10.in-addr.arpa.18938 > 147.135.0.128.14384: udp
172 (DF) [tos 0x18]
20:25:39.600240 ns.0.10.10.in-addr.arpa.18938 > 147.135.0.128.14384: udp
172 (DF) [tos 0x18]
20:25:39.620242 ns.0.10.10.in-addr.arpa.18938 > 147.135.0.128.14384: udp
172 (DF) [tos 0x18]
20:25:39.640239 ns.0.10.10.in-addr.arpa.18938 > 147.135.0.128.14384: udp
172 (DF) [tos 0x18]
20:25:39.660103 147.135.0.128.5060 > ns.0.10.10.in-addr.arpa.5060: udp 454
20:25:39.660268 ns.0.10.10.in-addr.arpa.18938 > 147.135.0.128.14384: udp
172 (DF) [tos 0x18]
20:25:39.673145 147.135.0.128.14384 > ns.0.10.10.in-addr.arpa.18938: udp 172
20:25:39.680241 ns.0.10.10.in-addr.arpa.18938 > 147.135.0.128.14384: udp
172 (DF) [tos 0x18]
20:25:39.700238 ns.0.10.10.in-addr.arpa.18938 > 147.135.0.128.14384: udp
172 (DF) [tos 0x18]
20:25:39.704918 147.135.0.128.14384 > ns.0.10.10.in-addr.arpa.18938: udp 172
20:25:39.720239 ns.0.10.10.in-addr.arpa.18938 > 147.135.0.128.14384: udp
172 (DF) [tos 0x18]
20:25:39.724855 147.135.0.128.14384 > ns.0.10.10.in-addr.arpa.18938: udp 172
20:25:39.740239 ns.0.10.10.in-addr.arpa.18938 > 147.135.0.128.14384: udp
172 (DF) [tos 0x18]
20:25:39.744548 147.135.0.128.14384 > ns.0.10.10.in-addr.arpa.18938: udp 172
20:25:39.760238 ns.0.10.10.in-addr.arpa.18938 > 147.135.0.128.14384: udp
172 (DF) [tos 0x18]
20:25:39.780239 ns.0.10.10.in-addr.arpa.18938 > 147.135.0.128.14384: udp
172 (DF) [tos 0x18]
20:25:39.800239 ns.0.10.10.in-addr.arpa.18938 > 147.135.0.128.14384: udp
172 (DF) [tos 0x18]
20:25:39.813456 147.135.0.128.14384 > ns.0.10.10.in-addr.arpa.18938: udp 172
20:25:39.815961 147.135.0.128.14384 > ns.0.10.10.in-addr.arpa.18938: udp 172
20:25:39.817976 147.135.0.128.14384 > ns.0.10.10.in-addr.arpa.18938: udp 172

Looks like that broadvoice and I talk to each other.
But I still cannot hear anything.
To test it deeper I setup an extension that will call one of my phones at
home. I call again to my * box and press nine.

On my asterisk it looks like this:

    -- Executing Ringing("SIP/192.168.0.3-08d6b540", "") in new stack
    -- Executing Goto("SIP/192.168.0.3-08d6b540", "menu|s|1") in new stack
    -- Goto (menu,s,1)
    -- Executing DigitTimeout("SIP/192.168.0.3-08d6b540", "5") in new stack
    -- Set Digit Timeout to 5
    -- Executing ResponseTimeout("SIP/192.168.0.3-08d6b540", "10") in new
stack
    -- Set Response Timeout to 10
    -- Executing BackGround("SIP/192.168.0.3-08d6b540", "3") in new stack
    -- Playing '3' (language 'en')
    -- Executing BackGround("SIP/192.168.0.3-08d6b540", "closed") in new
stack
    -- Playing 'closed' (language 'en')
  == CDR updated on SIP/192.168.0.3-08d6b540
    -- Executing Dial("SIP/192.168.0.3-08d6b540", "Zap/2|30|m") in new stack
    -- Called 2
    -- Started music on hold, class 'default', on SIP/192.168.0.3-08d6b540
    -- Zap/2-1 is ringing
    -- Zap/2-1 is ringing
    -- Zap/2-1 answered SIP/192.168.0.3-08d6b540
    -- Stopped music on hold on SIP/192.168.0.3-08d6b540
    -- Hungup 'Zap/2-1'
  == Spawn extension (menu, 9, 1) exited non-zero on
'SIP/192.168.0.3-08d6b540'
lexon*CLI>

And here I find out that person at my home phone hears me, but I cannot.
Even that that Media streams goes in both directions there is only sound
coming to my * box, but not from the *.

Also, it is worth to point out that asterisk does not always pickups the
phone. Sometimes I have to try again.

Any Ideas???
Please help.

Bartosz Wegrzyn