ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    FreePBX inbound call issue

    IT Discussion
    5
    73
    5.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch @scottalanmiller
      last edited by

      @scottalanmiller said in FreePBX inbound call issue:

      @jaredbusch said in FreePBX inbound call issue:

      @scottalanmiller said in FreePBX inbound call issue:

      @samsmart84 said in FreePBX inbound call issue:

      @scottalanmiller said in FreePBX inbound call issue:

      @samsmart84 said in FreePBX inbound call issue:

      @triple9 said in FreePBX inbound call issue:

      @samsmart84 Maybe this Sophos KB article will help?

      Success! So basically some trial and error with the settings.. I had to turn OFF the Sophos VOIP options as that was actually BLOCKING everything (Go figure).

      That’s actually expected. That’s SIP-ALG. Always have to disable that. It’s basically just SIP blocking.

      Nice of them to include that as a SIP "feature"

      It’s so dumb. But every vendor does it. So don’t think too badly of Sophos. Only vendor I know that doesn’t do it is Ubiquiti. And they do it, it just works.

      Sorry to disappoint, but it Ubiquiti does not have it disabled by default.
      You have to disable it.

      configure
      set system conntrack modules sip disable
      commit;save;exit
      

      I know it is enabled, but have you ever seen it fail? It's the one SIP-ALG system that I have seen "just work" in the real world.

      Ah, I misunderstood.

      I have not because I always disable it.

      1 Reply Last reply Reply Quote 0
      • S
        SamSmart84
        last edited by

        Reviving my thread -

        Weirdest thing. We had a power failure/surge over the weekend which knocked down all my servers, switching, etc.

        My phones have been working FLAWLESSLY since I last posted. But now, after getting everything back up and running, the SAME issue is back.. but the rules that fixed it before are still in place! Outgoing calling works (though it seems highly delayed now.. like 5-8 seconds after dialing a number for it to start ringing) but I CANNOT call in UNLESS I call out first, which fixes it for 2-3 minutes.

        Once again, it's gotta be a firewall issue. This is stupid.

        1 Reply Last reply Reply Quote 2
        • S
          SamSmart84
          last edited by SamSmart84

          Okay.. so now I'm more confused than I've ever been. I deleted my DNAT and my outbound rule for my SIP provider and now it works. Flawlessly. WHAT!? How do the calls know where to go!?!?! Did my Sophos UTM get superpowers after a power spike? 🙂

          JaredBuschJ 1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch @SamSmart84
            last edited by

            @samsmart84 said in FreePBX inbound call issue:

            Okay.. so now I'm more confused than I've ever been. I deleted my DNAT and my outbound rule for my SIP provider and now it works. Flawlessly. WHAT!?

            I never understood what your router was doing in the first place. So any number of things might be the issue.

            S 1 Reply Last reply Reply Quote 1
            • S
              SamSmart84 @JaredBusch
              last edited by

              @jaredbusch said in FreePBX inbound call issue:

              @samsmart84 said in FreePBX inbound call issue:

              Okay.. so now I'm more confused than I've ever been. I deleted my DNAT and my outbound rule for my SIP provider and now it works. Flawlessly. WHAT!?

              I never understood what your router was doing in the first place. So any number of things might be the issue.

              Well false alarm.. it's not actually working

              Firewall Rule:
              Internal Network > SIP > AnyIPv4

              DNAT:
              SIP Trunk > SIP > Public IP > Internal SIP Server

              1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch
                last edited by

                Because nothing is hitting your PBX, you need to get a packet capture from the WAN side of the router.

                You may need to drop a switch with the ports configured for mirroring and such in between your ISP modem and your Sophos in order to get this. Or Sophos may have the capability.

                Contact Sophos about that bit, I have no clue.

                1 Reply Last reply Reply Quote 1
                • S
                  SamSmart84
                  last edited by

                  I have been watching the logs for the last day or so as I've been testing. I've noticed on the Sophos that when the inbound calls don't work I get a hit on the firewall logs for my DNAT rule for my VOIP Provider > External WAN on port 5060

                  When inbound calls DO work, I get a hit for my DNAT rule, same IPs, but the port always shows as one of the RTP ports. So either way the calls ARE hitting at least the WAN interface and I'm getting a different response on the firewall depending on whether it works or not.

                  JaredBuschJ 1 Reply Last reply Reply Quote 0
                  • JaredBuschJ
                    JaredBusch @SamSmart84
                    last edited by

                    @samsmart84 said in FreePBX inbound call issue:

                    I have been watching the logs for the last day or so as I've been testing. I've noticed on the Sophos that when the inbound calls don't work I get a hit on the firewall logs for my DNAT rule for my VOIP Provider > External WAN on port 5060

                    When inbound calls DO work, I get a hit for my DNAT rule, same IPs, but the port always shows as one of the RTP ports. So either way the calls ARE hitting at least the WAN interface and I'm getting a different response on the firewall depending on whether it works or not.

                    There we go! You should not be getting anything inbound on port 5060. You do not need an inbound port forwarding rule for anything if your trunk is a standard register trunk going outbound. That outbound registration will keep the NAT tunnels alive and allow everything to work with zero port forwarding rules.

                    1 Reply Last reply Reply Quote 1
                    • JaredBuschJ
                      JaredBusch
                      last edited by

                      There are only two occasions when you want to port forward the traffic for your voice over IP.

                      Condition one if you have external phones.

                      Condition to is if your sip trunk provider does not use registration but instead uses IP validation. This is a rare case normally.

                      S 1 Reply Last reply Reply Quote 1
                      • S
                        SamSmart84 @JaredBusch
                        last edited by

                        @jaredbusch said in FreePBX inbound call issue:

                        There are only two occasions when you want to port forward the traffic for your voice over IP.

                        Condition one if you have external phones.

                        Condition to is if your sip trunk provider does not use registration but instead uses IP validation. This is a rare case normally.

                        My SIP provider does actually use IP validation instead of registration.

                        I put in a support ticket with Sophos and they went through all of the rules/logs and confirmed that traffic is getting through both ways on the firewall. When inbound calling it is in fact being forwarded to the PBX, but the PBX is not responding back, which is why I'm getting dead silence on my inbound calls.

                        JaredBuschJ 1 Reply Last reply Reply Quote 0
                        • JaredBuschJ
                          JaredBusch @SamSmart84
                          last edited by

                          @samsmart84 said in FreePBX inbound call issue:

                          @jaredbusch said in FreePBX inbound call issue:

                          There are only two occasions when you want to port forward the traffic for your voice over IP.

                          Condition one if you have external phones.

                          Condition to is if your sip trunk provider does not use registration but instead uses IP validation. This is a rare case normally.

                          My SIP provider does actually use IP validation instead of registration.

                          I put in a support ticket with Sophos and they went through all of the rules/logs and confirmed that traffic is getting through both ways on the firewall. When inbound calling it is in fact being forwarded to the PBX, but the PBX is not responding back, which is why I'm getting dead silence on my inbound calls.

                          Actually no that’s not what was happening before. Before when the inbound calls were not working nothing hit the PBX

                          S 1 Reply Last reply Reply Quote 1
                          • S
                            SamSmart84 @JaredBusch
                            last edited by

                            @jaredbusch said in FreePBX inbound call issue:

                            @samsmart84 said in FreePBX inbound call issue:

                            @jaredbusch said in FreePBX inbound call issue:

                            There are only two occasions when you want to port forward the traffic for your voice over IP.

                            Condition one if you have external phones.

                            Condition to is if your sip trunk provider does not use registration but instead uses IP validation. This is a rare case normally.

                            My SIP provider does actually use IP validation instead of registration.

                            I put in a support ticket with Sophos and they went through all of the rules/logs and confirmed that traffic is getting through both ways on the firewall. When inbound calling it is in fact being forwarded to the PBX, but the PBX is not responding back, which is why I'm getting dead silence on my inbound calls.

                            Actually no that’s not what was happening before. Before when the inbound calls were not working nothing hit the PBX

                            And it still fails to show anything on the PBX when it comes up blank.. but Sophos shows it as being pushed to the PBX with no drops! How the heck am I supposed to troubleshoot that? 😞

                            JaredBuschJ 1 Reply Last reply Reply Quote 0
                            • JaredBuschJ
                              JaredBusch @SamSmart84
                              last edited by

                              @samsmart84 said in FreePBX inbound call issue:

                              @jaredbusch said in FreePBX inbound call issue:

                              @samsmart84 said in FreePBX inbound call issue:

                              @jaredbusch said in FreePBX inbound call issue:

                              There are only two occasions when you want to port forward the traffic for your voice over IP.

                              Condition one if you have external phones.

                              Condition to is if your sip trunk provider does not use registration but instead uses IP validation. This is a rare case normally.

                              My SIP provider does actually use IP validation instead of registration.

                              I put in a support ticket with Sophos and they went through all of the rules/logs and confirmed that traffic is getting through both ways on the firewall. When inbound calling it is in fact being forwarded to the PBX, but the PBX is not responding back, which is why I'm getting dead silence on my inbound calls.

                              Actually no that’s not what was happening before. Before when the inbound calls were not working nothing hit the PBX

                              And it still fails to show anything on the PBX when it comes up blank.. but Sophos shows it as being pushed to the PBX with no drops! How the heck am I supposed to troubleshoot that? 😞

                              With the packet capture on up near port of the port going to the PBX

                              1 Reply Last reply Reply Quote 0
                              • S
                                SamSmart84
                                last edited by

                                So I messed with my SIP trunk settings and inbound calling changed from dead silence to a busy signal so it's definitely getting through the firewall.

                                1 Reply Last reply Reply Quote 1
                                • S
                                  SamSmart84
                                  last edited by

                                  Well it appears to be working now... the busy signal lead me to think I could possibly tweak the trunk settings further on the PBX to get it all working. Switchd nat=no to nat=yes (Not sure why that didn't matter last time) and I also added qualify=yes. Looks like this explains why -

                                  https://www.voip-info.org/asterisk-sip-qualify/

                                  Interesting that this was working before without requiring this

                                  JaredBuschJ 1 Reply Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch @SamSmart84
                                    last edited by

                                    @samsmart84 said in FreePBX inbound call issue:

                                    Well it appears to be working now... the busy signal lead me to think I could possibly tweak the trunk settings further on the PBX to get it all working. Switchd nat=no to nat=yes (Not sure why that didn't matter last time) and I also added qualify=yes. Looks like this explains why -

                                    https://www.voip-info.org/asterisk-sip-qualify/

                                    Interesting that this was working before without requiring this

                                    Wow, that trunk is fucked up if you did not have those set...
                                    I am surprised shit ever worked.

                                    This is a typical SIP trunk setup.

                                    username=TRUNKUSERNAME
                                    type=friend
                                    trustrpid=yes
                                    sendrpid=yes
                                    secret=TRUNKPASSWORD
                                    qualify=yes
                                    nat=yes
                                    insecure=port,invite
                                    host=TRUNK.IP.ADD.RESS
                                    fromuser=TRUNKUSERNAME
                                    context=from-trunk
                                    canreinvite=nonat
                                    disallow=all
                                    allow=ulaw
                                    
                                    S 1 Reply Last reply Reply Quote 1
                                    • S
                                      SamSmart84 @JaredBusch
                                      last edited by

                                      @jaredbusch said in FreePBX inbound call issue:

                                      @samsmart84 said in FreePBX inbound call issue:

                                      Well it appears to be working now... the busy signal lead me to think I could possibly tweak the trunk settings further on the PBX to get it all working. Switchd nat=no to nat=yes (Not sure why that didn't matter last time) and I also added qualify=yes. Looks like this explains why -

                                      https://www.voip-info.org/asterisk-sip-qualify/

                                      Interesting that this was working before without requiring this

                                      Wow, that trunk is fucked up if you did not have those set...
                                      I am surprised shit ever worked.

                                      This is a typical SIP trunk setup.

                                      username=TRUNKUSERNAME
                                      type=friend
                                      trustrpid=yes
                                      sendrpid=yes
                                      secret=TRUNKPASSWORD
                                      qualify=yes
                                      nat=yes
                                      insecure=port,invite
                                      host=TRUNK.IP.ADD.RESS
                                      fromuser=TRUNKUSERNAME
                                      context=from-trunk
                                      canreinvite=nonat
                                      disallow=all
                                      allow=ulaw
                                      

                                      Yeah no clue... now that it's working I'm going to start looking at my options to upgrade this entire system. New PBX, new trunk provider, etc. I just don't trust this setup and I'd feel better having a system in place that I put in vs. an outdated one that I inherited.

                                      JaredBuschJ 1 Reply Last reply Reply Quote 0
                                      • JaredBuschJ
                                        JaredBusch @SamSmart84
                                        last edited by JaredBusch

                                        @samsmart84 said in FreePBX inbound call issue:

                                        @jaredbusch said in FreePBX inbound call issue:

                                        @samsmart84 said in FreePBX inbound call issue:

                                        Well it appears to be working now... the busy signal lead me to think I could possibly tweak the trunk settings further on the PBX to get it all working. Switchd nat=no to nat=yes (Not sure why that didn't matter last time) and I also added qualify=yes. Looks like this explains why -

                                        https://www.voip-info.org/asterisk-sip-qualify/

                                        Interesting that this was working before without requiring this

                                        Wow, that trunk is fucked up if you did not have those set...
                                        I am surprised shit ever worked.

                                        This is a typical SIP trunk setup.

                                        username=TRUNKUSERNAME
                                        type=friend
                                        trustrpid=yes
                                        sendrpid=yes
                                        secret=TRUNKPASSWORD
                                        qualify=yes
                                        nat=yes
                                        insecure=port,invite
                                        host=TRUNK.IP.ADD.RESS
                                        fromuser=TRUNKUSERNAME
                                        context=from-trunk
                                        canreinvite=nonat
                                        disallow=all
                                        allow=ulaw
                                        

                                        Yeah no clue... now that it's working I'm going to start looking at my options to upgrade this entire system. New PBX, new trunk provider, etc. I just don't trust this setup and I'd feel better having a system in place that I put in vs. an outdated one that I inherited.

                                        I am sure you have mentioned it in one post or another, but what version of what are you on?

                                        S 1 Reply Last reply Reply Quote 1
                                        • S
                                          SamSmart84 @JaredBusch
                                          last edited by SamSmart84

                                          @jaredbusch said in FreePBX inbound call issue:

                                          @samsmart84 said in FreePBX inbound call issue:

                                          @jaredbusch said in FreePBX inbound call issue:

                                          @samsmart84 said in FreePBX inbound call issue:

                                          Well it appears to be working now... the busy signal lead me to think I could possibly tweak the trunk settings further on the PBX to get it all working. Switchd nat=no to nat=yes (Not sure why that didn't matter last time) and I also added qualify=yes. Looks like this explains why -

                                          https://www.voip-info.org/asterisk-sip-qualify/

                                          Interesting that this was working before without requiring this

                                          Wow, that trunk is fucked up if you did not have those set...
                                          I am surprised shit ever worked.

                                          This is a typical SIP trunk setup.

                                          username=TRUNKUSERNAME
                                          type=friend
                                          trustrpid=yes
                                          sendrpid=yes
                                          secret=TRUNKPASSWORD
                                          qualify=yes
                                          nat=yes
                                          insecure=port,invite
                                          host=TRUNK.IP.ADD.RESS
                                          fromuser=TRUNKUSERNAME
                                          context=from-trunk
                                          canreinvite=nonat
                                          disallow=all
                                          allow=ulaw
                                          

                                          Yeah no clue... now that it's working I'm going to start looking at my options to upgrade this entire system. New PBX, new trunk provider, etc. I just don't trust this setup and I'd feel better having a system in place that I put in vs. an outdated one that I inherited.

                                          I am sure you have mentioned it in one post or another, but what version of what are you on?

                                          It's not actually FreePBX, I mislabeled this and my previous thread originally. It's Elastix 2.6.18. We had a conversation awhile back about it as I didn't realize Elastix used a FreePBX GUI and thought I was running FreePBX the entire time

                                          JaredBuschJ 1 Reply Last reply Reply Quote 0
                                          • JaredBuschJ
                                            JaredBusch @SamSmart84
                                            last edited by

                                            @samsmart84 said in FreePBX inbound call issue:

                                            @jaredbusch said in FreePBX inbound call issue:

                                            @samsmart84 said in FreePBX inbound call issue:

                                            @jaredbusch said in FreePBX inbound call issue:

                                            @samsmart84 said in FreePBX inbound call issue:

                                            Well it appears to be working now... the busy signal lead me to think I could possibly tweak the trunk settings further on the PBX to get it all working. Switchd nat=no to nat=yes (Not sure why that didn't matter last time) and I also added qualify=yes. Looks like this explains why -

                                            https://www.voip-info.org/asterisk-sip-qualify/

                                            Interesting that this was working before without requiring this

                                            Wow, that trunk is fucked up if you did not have those set...
                                            I am surprised shit ever worked.

                                            This is a typical SIP trunk setup.

                                            username=TRUNKUSERNAME
                                            type=friend
                                            trustrpid=yes
                                            sendrpid=yes
                                            secret=TRUNKPASSWORD
                                            qualify=yes
                                            nat=yes
                                            insecure=port,invite
                                            host=TRUNK.IP.ADD.RESS
                                            fromuser=TRUNKUSERNAME
                                            context=from-trunk
                                            canreinvite=nonat
                                            disallow=all
                                            allow=ulaw
                                            

                                            Yeah no clue... now that it's working I'm going to start looking at my options to upgrade this entire system. New PBX, new trunk provider, etc. I just don't trust this setup and I'd feel better having a system in place that I put in vs. an outdated one that I inherited.

                                            I am sure you have mentioned it in one post or another, but what version of what are you on?

                                            It's not actually FreePBX, I mislabeled this and my previous thread originally. It's Elastix 2.6.18. We had a conversation awhile back about it as I didn't realize Elastix used a FreePBX GUI and thought I was running FreePBX the entire time

                                            Yup time to move. Do not bother trying to migrate. I tried Sangoma's migration script twice on two different Elastix servers. It sucked both times. Both times I rebuilt and manually migrated.

                                            S 1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 3 / 4
                                            • First post
                                              Last post