SOLVED IPBX 2020 on Vultr Problems with BulkVS.com

[w1ve]

Hey Folks,

Trying to set up 2020 on Vultr.

I installed CentOS 7 64-bit minimal instance on a Toronto server.
I installed according to @wardmundy's latest instructions. Everything working great.
Then, I attempted to set up an IP authenticated trunk with BulkVs.

They even have a FreePBX instruction sheet on their site.

So, I have:

In /usr/local/sbin/iptables-custom:

# bulkvs
/usr/sbin/iptables -A INPUT -p udp -m udp -s 199.255.157.198 --dport 5060 -j ACCEPT
/usr/sbin/iptables -A INPUT -p udp -m udp -s 162.249.171.198 --dport 5060 -j ACCEPT
/usr/sbin/iptables -A INPUT -p udp -m udp -s 69.12.88.198 --dport 5060 -j ACCEPT
/usr/sbin/iptables -A INPUT -p udp -m udp -s 76.8.29.198 --dport 5060 -j ACCEPT

In /etc/asterisk/sip_custom_post.conf:
[bulkvs1](bulkvs);
host=199.255.157.198

[bulkvs2](bulkvs);
host=162.249.171.198

[bulkvs3](bulkvs);
host=69.12.88.198

[bulkvs4](bulkvs);
host=76.8.29.198

And, for good measure, in etc/sysconfig/iptables:

#bulkvs
-A INPUT -s 199.255.157.198 -j ACCEPT
-A INPUT -s 162.249.171.198 -j ACCEPT
-A INPUT -s 69.12.88.198 -j ACCEPT
-A INPUT -s 76.8.29.198 -j ACCEPT
# your own additions go above here

Now, it seems that only one of the four bulkVS servers can get through to the
PBX. (I can register my extensions fine, and make outgoing calls fine via this method.)
However, I can't get incoming calls.

I enabled icmp so bulkvs support could see if they could reach my pbx via their server's subnet.
They could not.

I talked with vultr support, and they suggested switching to a fixed IP rather than use the internal DHCP system they use. I did that.
Still the same issue.

I have a range of extensions for direct dialing. I call one of the extensions externally and never see the asterisk log change.

Very excited about IPBX 2020 but these problems are perplexing.

Thanks!

 

[w1ve]

Hello,

So, a lot of progress, but still want to understand the firewall settings for Incredible PBX 2020.

Right now, I'm trying to get a new VSP running. I'm using IP Authentication with them.
I know that everything is working because if I turn the firewall off, the inbound calls process fine.
I am using PJSIP for the trunk. I want to learn, not just get a fix.
What in the firewall am I missing?

So, can someone tell me what I'm doing wrong in the firewall part of the mix? Or perhaps what I'm missing?

In /usr/local/sbin/iptables-custom I have

#MyNewVSP

/usr/sbin/iptables -A INPUT -p udp -m udp -s <VSPIP1> --dport 5061 -j ACCEPT

/usr/sbin/iptables -A INPUT -p udp -m udp -s <VSPIP2> --dport 5061 -j ACCEPT

I have also whitelisted the IPs in iptables as well -- not sure if needed there.

However, no joy?

Did I miss something?

TIA

Gerry

 

[kenn10]

I used the /root/add-ip scripts to allow the IP addresses through the firewall rather than doing the iptables commands. I also use pjsip for my trunks which greatly simplifies setup. I did find that I have to register the inbound side to bulkvs. I could never get inbound to work correctly for inbound without using a registration.

Remember to do a systemctl restart iptables and a systemctl restart fail2ban after you run the add-ip scripts.

I will so also add that the voice quality of bulkvs is not as good as Anveo Direct or Skyetel. It isn't always apparent until someone puts you on hold with music. But for the price, its a fair tradeoff. Your mileage may vary.

 

[w1ve]

I guess I'll have to study those scripts to understand exactly what they do, because that fixed my trunks. Now, my challenge is that phones registering to the FQDN for registered extensions don't work.
I have a lot of users all over the place, so really need the functionality.

BTW, have no issues with bulkvs audio. I was adding a TelecomsX DID provider, who has Canadian DIDs at $0.78/month, no metering. Can't beat that.

 

[kenn10]

Now, my challenge is that phones registering to the FQDN for registered extensions don't work.
I have a lot of users all over the place, so really need the functionality.

If using the standard install of IncrediblePBX 2020, remote extensions' FQDN or IP addresses must be whitelisted with /root/add-fqdn or /root/add-ip . If the remotes all have dynamic IP addresses, you might want start over and use the public facing version of IncrediblePBX 2020. (See http://nerdvittles.com/?p=31488 )

 

[w1ve]

That is exactly what I did -- the Public version of Incredible PBX, with the additional script to go public. The problem is, my phones won't register with the registration FQDN, which is no good. I followed the tutorial exactly; I believe it is still some firewall related issue.

So, if I have the firewall on, I am getting a 408, meaning the phone cannot reach the PBX.
If I turn off the firewall, I'm getting a 401, meaning It's unauthorized. I'm using extension 702,
which is chan_sip.

I tried "sip set debug on" and "core set verbose 10", yet when the softphone errors with a 401, I see no INVITE in the debugger. Is there something different I should be setting in the debugger to see it?

So -- why is the firewall blocking registrations from a "known" extension in the SIP REG FQDN side... and why can't I see the INVITE? @wardmundy Any ideas?

 

[tbrummell]

RE: extensions can't register

You've added domain=your.fqdn.com to SIP settings, right?

 

[dicko]

sngrep will show incoming sip connections before iptables , if you dont see anything, its a routing thing beyond your pbx, if you do you can easily inspect any ongoing flow.

 

[w1ve]

RE: extensions can't register

You've added domain=your.fqdn.com to SIP settings, right?

Yep

 

[w1ve]

sngrep will show incoming sip connections before iptables , if you dont see anything, its a routing thing beyond your pbx, if you do you can easily inspect any ongoing flow.

I've never used sngrep. How do you use it? Thanks.

 

[jerrm]

Installing Binaries

Ncurses SIP Messages flow viewer. Contribute to irontec/sngrep development by creating an account on GitHub.

github.com

It's a great tool. @wardmundy really should add it to the ipbx install.

 

[dicko]

I've never used sngrep. How do you use it? Thanks.

Install it,

https://github.com/irontec/sngrep/wiki/Installing-Binaries

use it

man sngrep

(or without the RTFM bit, just type sngrep in bash)

 

[w1ve]

Well, now I feel like the idiot. It ended up being good that I asked the questions... now I learned sngrep.
It should be part of the distro -- it's awesome.

Anyway, after installing sngrep, I did not see anything from my test softphones appearing. It's as if it was NEVER hitting the server.
Well, it was not! During the build, I was configuring for a new Trunk provider. I had created an errant DNS SIP SRV record, which was pointing
elsewhere, not to my pbx. That was it. All phones on the registered FQDN are registering fine, from any IP.

Sometimes, look for the simple solution!