SIP-SIP URI Calling

[vbhoj74]

I've set up mydomain.com's SRV record as:

_sip._udp SRV 10 10 5060 mypbx.dyndns.com.

Have added myname to extensions_override_freepbx.conf and created an inbound route to an extension.

Thus [email protected] should ring up my extension on the piaf. Well it does when I register my softphone with a sip2sip account.

However, it does not work (error: network failure) when I try it with SJphone without any sip registrations, though calling to [email protected] works.

Since its working when the softphone has a sip registered account, i presume the SRV record and PBX setting to be fine. What is that small something that does not let it work without registering the phone to a sip account ?

 

[Boolah]

You shouldn't need to edit your extensions_override file - just add an inbound route in FreePBX for "myname" (without the quotes) and point it to where you want it to go.

Also, make sure that the PBX you're using to make the call supports SRV lookups (PiaF needs srvlookup=yes in sip_general_custom.conf). I also assume that you've forwarded port 5060 appropriately, if necessary, and you allow anonymous SIP calls?

 

[vbhoj74]

I used extensions_override because I did not wanted to allow anonymous sip calls and open the doors wide open. Here is a very good read that I followed:

http://www.geekzone.co.nz/sbiddle/7183

OsmV also uses the same concept, and I just had to add one line to the overide file.

Note that the setup is working when I dial using a softphone that has a sip2sip account registration, but it does not when the sofphone do not have any account settings. I read that few softphones do SIP URI dialing without needing to login to a SIP account with a VSP or a IPPBX. This is where I'm failing, the sofphone gives a network error when I dry dialing [email protected], but the call goes through if I call [email protected]

 

[jroper]

I used extensions_override because I did not wanted to allow anonymous sip calls and open the doors wide open. Here is a very good read that I followed:

Frankly, the article to which you link make some broad sweeping statements which are not backed up by evidence.

I've spoken about this before, but in the interests of education - here goes again.

Your system is just as open whether anonymous SIP is on or off.

Action when Allow SIP anonymous off:

1. Call comes in.
2. Call Answered
3. Sent to context which plays message - "This number is unavailable"
4. Call hung up.

Result - caller knows it's a FreePBX / Asterisk system and can then go to the next step of identifying the distribution or aggregation, and then reaches for the appropriate hacker's tool box.

Action when Allow SIP anonymous on:

1. Call comes in
2. Call Sent to inbound routes.
3. Matches on either caller ID or DID match.
4. If match on inbound route - then call goes to specified destination.
5. If no match. Sent to context which plays message - "This number is unavailable"

Therefore, the results are pretty much identical which ever way you do it, except you have the extra functionality of accepting SIP URI.

Stopping anonymous SIP callers dead in their tracks:-

1. Set allow anonymous sip calls to on.
2. Ensure every DID has an inbound route specific to the DID.
3. Add a catch-all where you have either _. or null in the DID field.
4. Set the catch-all Destination to "Hangup"

Result.

1. Call comes in
2. Call Sent to inbound routes.
3. Matches on either caller ID or DID match.
4. If match on inbound route - then call goes to specified destination.
5. If no match, hung up immediately.

I would say that this option is better than leaving anonymous SIP calls off. The call is never answered unless the caller knows your number.

Advantages

1. Does not identify your platform type.
2. Allows people to call you for free - PROVIDED THEY KNOW YOUR NUMBER.
3. Less load on the platform for fishing expeditions - you are not playing a recorded message for every uninvited SIP call.
4. Hangs up people who try and phone you, and don't know your number.

Conclusion.

• This approach would appear to me to be far more secure than the default position.
• The name "allow anonymous sip" calls gives the wrong impression as to its purpose.
• Taking this approach will potentially reduce loads on your system, as well as offering extra functionality.
• People can phone you if they know your number - which is the same as its been since 1891 when Strowger released his automatic telephone exchange.

This of course only works when the appropriate ports are open, which is against the advice given by Ward of not opening any ports on your hardware firewall.

Joe

 

[jmullinix]

I have had "Allow anonymous Sip" turned on for years with no ill effects. I have been hacked twice; once due to weak extension passwords and once, a box that I had a trusted trunk to got hacked and my bandwidth got used.

I have never been hacked through anonymous sip. I use Joe's recommended setup from above:

1. Set allow anonymous sip calls to on.
2. Ensure every DID has an inbound route specific to the DID.
3. Add a catch-all where you have either _. or null in the DID field.
4. Set the catch-all Destination to "Hangup"

This works swimmingly.

 

[vbhoj74]

Thanks for the heads up on anonymous sip thing, i did the changes as suggested and have got the result.

But the main Q still remains even with allowing anonymous sip. I'm trying to dial [email protected] from sjphone without registering the phone to any pbx or sip service. This is now working. When I did the same with the phone registered to a SIP account like sip2sip.info it works very well. But the main objective was to let callers reaach me without having a SIP account. Maybe the softphone is not doing a SRV lookup or something, but I could not find any option to enable the same.

 

[vbhoj74]

No more help on this topic ? or am I missing something that is insanely basic ?

 

[VaHam]

Thanks for the heads up on anonymous sip thing, i did the changes as suggested and have got the result.

But the main Q still remains even with allowing anonymous sip. I'm trying to dial [email protected] from sjphone without registering the phone to any pbx or sip service. This is now working. When I did the same with the phone registered to a SIP account like sip2sip.info it works very well. But the main objective was to let callers reaach me without having a SIP account. Maybe the softphone is not doing a SRV lookup or something, but I could not find any option to enable the same.

Do you have a sip alais set = myname on the extension you wish to have ring?

 

[vbhoj74]

Do you have a sip alais set = myname on the extension you wish to have ring?

Nope, I've an inbound route pointed to an extension, which works fine when I dial from outside the network using a softphone registered to sip2sip.info. But I want the call to go through without the softphone registering to any SIP account, which is where it is failing.

With an alias the URI will be bound to a particular extension, where as with inbound route method I can point it to a ring group or an IVR or an application.

 

[jroper]

Hi

can you confirm that you have "myname" as a DID in bound routes, pointed to a valid destination. (substitute "myname" for the actual name you are using)

Secondly, can you confirm that you have the appropriate ports open and directed to your PBX. (5060 and 10000 to 20000 UDP)

Thirdly, can you confirm that you see activity on the asterisk CLI, when you dial in remotely, particularly on with sip debug on.

Joe

 

[vbhoj74]

Hi

can you confirm that you have "myname" as a DID in bound routes, pointed to a valid destination. (substitute "myname" for the actual name you are using)

Yes.

Secondly, can you confirm that you have the appropriate ports open and directed to your PBX. (5060 and 10000 to 20000 UDP)

Yes. I've around 9 running trunks on the box working fine. I roam with softphone too.

Thirdly, can you confirm that you see activity on the asterisk CLI, when you dial in remotely, particularly on with sip debug on.
Joe

2 Scenarios:

1. When I register the remote softphone with a free SIP account like sip2sip.info with Xlite:
The call comes in perfectly and gets routed to the extension.

2. When I use the softphone sjphone without any SIP accounts (no SIP registrations):
The call does not land on the PBX, i.e. sip debug does not show any incoming call/activity.
With the same softphone (without any settings), I can dial and connect to [email protected]

 

[jroper]

If there is no sip activity when dialling from your SIP phone, then the problem lies in one of the following areas:-

1. Firewall - you seem to have discounted this.
2. Phone problem
3. DNS issue with the phone or domain name - discount this by dialling to myname@<<ip-address>>

Because there is no SIP activity, I don't think we can accuse the PIAF installation as being incorrectly set up - yet.

Joe

 

[vbhoj74]

If there is no sip activity when dialling from your SIP phone, then the problem lies in one of the following areas:-

1. Firewall - you seem to have discounted this.
2. Phone problem
3. DNS issue with the phone or domain name - discount this by dialling to myname@<<ip-address>>

Because there is no SIP activity, I don't think we can accuse the PIAF installation as being incorrectly set up - yet.

Joe

I think, its not an issue with the firewall, PIAF, dns, or domain since dialing works perfectly when I use xlite registered with a external SIP account.

But I should be able to make the call without even having to register with any SIP account, does anyone have this tested/working and can share which softphone they are using (with or without any changes to the default config).

If someone have a sip URI that I can call, would be glad if we can call each other & check.