@Jacques0130 wrote:
Hi All,
Long-time googler, first-time poster.
![:slight_smile:]( ":slight_smile:")
I'm trying to set up a new cloud PBX system as our on-premise box is beginning to show it's age. I've also been having some odd issues and would like to remove our local network from the equation for consistency's sake.
So far I've carried out the following steps:
- Deploy a new VPS with Vultr
- Install FreePBX 10.13.66
- Configure system (hostname, email settings, firewall, extensions etc.)
- Configure inbound and outbound trunks
- Configure inbound and outbound routes, one Call Flow Control, one Time Condition and one Time Group
- Confirm inbound and outbound calls are functional except as below
The SIP trunks are through NetSIP (an Australian SIP provider) with one outbound number and two inbound DID's.
The main problem I have at the moment, is that inbound calls are randomly rejected (see log lines below).
[2017-01-10 23:19:48] WARNING[3479][C-0000004e] Ext. s: "Rejecting unknown SIP connection from 103.26.173.4" [2017-01-11 14:22:26] WARNING[28655][C-00000035] Ext. REDACTEDNUMBER: Friendly Scanner from 103.26.173.4;branch=z9hG4bK9008.a262b40a9cad3c08fca67be037970e5b.0Note: I've replaced our inbound number with REDACTEDNUMBER for privacy.
Some of the logs about the rejected calls list that it's of the context "from-sip-external". My research indicates that this means my trunks are incorrectly configured. I'd normally keep digging and googling to find the issue, but this isn't consistent. Phone calls from the same number through the same SIP trunk IP can be accepted or rejected, seemingly at random. Calls from the same IP also seem to randomly alternate between from-sip-external and from-trunk.
Further proof that this issue is caused by incoming calls being incorrectly disassociated with my configured SIP Trunks is that I've temporarily fixed the issue by turning on Allow Anonymous Inbound SIP Calls. Having added the IP ranges below (those provided by NetSIP) to the Internal Zone of the firewall and only enabling the SIP Protocol on the Internal Zone, I believe the security risks should be minimal, though I'd like to get it set up properly so I can switch that option off.
103.26.173.0/24 103.26.174.0/24 103.26.175.0/24NetSIP Support assure me the password, USER Context, USER Details & Register Strings are correct, but I still get an authentication error (see below). I've confirmed the password through the NetSIP portal, but the only copy I have of the other settings is from what they've emailed me so I was hoping to get some more experienced eyes to look them over and see if there's anything obvious.
[2017-01-11 14:49:45] WARNING[1976]: chan_sip.c:24272 handle_response_register: Forbidden - wrong password on authentication for REGISTER for 'REDACTEDUSERID' to 'sip.netsip.net.au'Since I'm unable to get trunk registration to function because of this error, I've configured inbound calls to be authenticated by IP (I have access to some limited functions through the NetSIP portal). Inbound IP authentication does work, but my thinking was that setting up trunk registration would rule that out as the cause of the random errors above.
Thanks a bunch for any assistance you can offer.
Cheers,
JackBelow are my inbound SIP Trunk Configurations (based on the example configs provided by NetSIP).
Inbound Trunk 1
USER Context
REDACTEDUSERIDUSER Details
username=REDACTEDUSERID type=peer secret=REDACTEDPASSWORD rtpkeepalive=5 qualify=yes insecure=invite,port host=sip.netsip.net.au outboundproxy=100wic.qld.sip.netsip.net.au fromuser=REDACTEDUSERID fromdomain=sip.netsip.net.au dtmfmode=rfc2833 context=from-trunk canreinvite=no allow=g722,alaw disallow=allRegister String
REDACTEDUSERID:100wic.qld.sip.netsip.net.au:REDACTEDPASSWORD:REDACTEDUSERID@sip.netsip.net.au/REDACTEDUSERIDInbound Trunk 2
USER Context
REDACTEDUSERIDUSER Details
username=REDACTEDUSERID type=peer secret=REDACTEDPASSWORD rtpkeepalive=5 qualify=yes insecure=invite,port host=sip.netsip.net.au outboundproxy=24lit.qld.sip.netsip.net.au fromuser=REDACTEDUSERID fromdomain=sip.netsip.net.au dtmfmode=rfc2833 context=from-trunk canreinvite=no allow=g722,alaw disallow=allRegister String
REDACTEDUSERID:24lit.qld.sip.netsip.net.au:REDACTEDPASSWORD:REDACTEDUSERID@sip.netsip.net.au/REDACTEDUSERID
Posts: 2
Participants: 2