SIP Secrets, No Audio, and Port Forwarding

[rossiv]

I have three issues and questions. 1. For SIP Secrets (more of a suggestion, than a question), I am using this website to make reliable SIP secrets. I just wanted to let others know so they can prevent getting hacked and I am NOT endorsing it in any way besides saying it is a good site. 2 and 3. I have a SIP extension registered remotely and I have NO audio either way on it. I have attached screenshots of my router's port forwarding configs in a ZIP file. I think I may have gotten these ports from another website..I dont remember. My router is a DD-WRT Linksys WRT54G V8. Any clue why the audio is not working?

            PBX in a Flash Version 1.3 Daemon Status
********************************************************************
* Asterisk  * ONLINE  * Zaptel    * ONLINE  * MySQL      * ONLINE  *
* SSH       * ONLINE  * Apache    * ONLINE  * Iptables   * ONLINE  *
* Fail2ban  * ONLINE  * IP Connect* ONLINE  * Ip6tables  * ONLINE  *
* BlueTooth * ONLINE  * Hidd      * ONLINE  * NTPD       * ONLINE  *
* Sendmail  * ONLINE  * Samba     * ONLINE  * Webmin     * ONLINE  *
* Ethernet0 * ONLINE  * Ethernet1 *   N/A   * Wlan0      *   N/A   *
********************************************************************
* Running Asterisk Version : Asterisk 1.4.21.2
* Asterisk Source Version  : 1.4.21.2
* Zaptel Source Version    : 1.4.12.1
* Libpri Source Version    : 1.4.7
* Addons Source Version    : 1.4.7
********************************************************************
pbx.local on 192.168.1.24 - eth0
CentOS release 5.2 (Final) :32 Bit Kernel: 2.6.18-92.1.6.el5
********************************************************************
 For help on PBX commands than you can run type help-pbx           *
********************************************************************

 

[jroper]

What is the result of sip show peer <extension number>

suggest you do not use the second option for passwords (ascii) I don't hink sip likes passwords to be anything other than a to Z and 0 to 9

Joe

 

[rossiv]

Here is what it says for SIP SHOW PEER 2002. Thanks for the tip!

  * Name       : 2002
  Secret       : <Set>
  MD5Secret    : <Not set>
  Context      : from-internal
  Subscr.Cont. : <Not set>
  Language     :
  AMA flags    : Unknown
  Transfer mode: open
  CallingPres  : Presentation Allowed, Not Screened
  Callgroup    :
  Pickupgroup  :
  Mailbox      : 2002@default
  VM Extension : *97
  LastMsgsSent : 0/0
  Call limit   : 50
  Dynamic      : Yes
  Callerid     : "device" <2002>
  MaxCallBR    : 384 kbps
  Expire       : 3275
  Insecure     : no
  Nat          : Always
  ACL          : Yes
  T38 pt UDPTL : No
  CanReinvite  : No
  PromiscRedir : No
  User=Phone   : No
  Video Support: No
  Trust RPID   : No
  Send RPID    : No
  Subscriptions: Yes
  Overlap dial : Yes
  DTMFmode     : rfc2833
  LastMsg      : 0
  ToHost       :
  Addr->IP     : 71.70.91.60 Port 5060
  Defaddr->IP  : 0.0.0.0 Port 5060
  Def. Username: 2002
  SIP Options  : (none)
  Codecs       : 0xc (ulaw|alaw)
  Codec Order  : (ulaw:20,alaw:20)
  Auto-Framing:  No
  Status       : OK (30 ms)
  Useragent    : Linksys/SPA2102-3.3.5(a)
  Reg. Contact : sip:[email protected]:5060

 

[rossiv]

Now I may not have DTMF or incoming calls either! I can dial out, and like I said, the call goes through fine. However, if I need to dial some extra digits, they either do not work or come in as the wrong thing. I am not sure which. This is so strange!! If I try to call in, it NEVER rings! After about 30 seconds or so, it goes to voicemail.

 

[bbguy5]

Getting Rid of One-Way Audio

There are some settings you'll need to add to /etc/asterisk/sip_custom.conf if you want to have reliable, two-way communications with Asterisk: nano -w /etc/asterisk/sip_custom.conf. The entries depend upon whether your Internet connection has a fixed IP address or a DHCP address issued by your provider.

If you have a fixed IP address, then enter settings like the following using your actual public IP address and your private IP subnet:

externip=180.12.12.12
localnet=192.168.1.0/255.255.255.0 (NOTE: The first 3 octets need to match your private IP addresses!)

If you have a dynamic IP address, here's a little trick from one of our PBX in a Flash readers. All we really need is a method to frequently verify your IP address so we'll run a cron job with the script below every 5 minutes. If it finds that your outside IP address has changed, it will automatically update your sip_custom.conf file with the new address. To use this approach, create a file in /var/lib/asterisk/agi-bin named ip.sh. Here's the code:

#!/bin/bash
localnet="192.168.0.0"

IPFILE='/var/log/asterisk/externip' if [ ! -f "$IPFILE" ]; then
echo "creating $IPFILE"
echo first_time_usage > $IPFILE
fi
lastip=`cat $IPFILE`

externip=`curl -s -S --user-agent "Mozilla/4.0" http://myip.pbxinaflash.com \
| awk 'NR==2'`
if [ $externip != $lastip ]; then

echo "$externip" > $IPFILE
echo "externip=$externip" > /etc/asterisk/sip_custom.conf
echo "localnet=$localnet/255.255.255.0" >> /etc/asterisk/sip_custom.conf
echo "nat=yes" >> /etc/asterisk/sip_custom.conf asterisk -rx "dialplan reload" ;
else

exit 0;
fi

On line 2 of the above code, enter the internal subnet for your server. This is usually 192.168.0.0 or 192.168.1.0. YMMV!

Save the file and give it execute permissions: chmod +x /var/lib/asterisk/agi-bin/ip.sh. Then make asterisk the file owner: chown asterisk:asterisk /var/lib/asterisk/agi-bin/ip.sh.

Finally, add the following entry to the bottom of /etc/crontab:

*/5 * * * * asterisk /var/lib/asterisk/agi-bin/ip.sh > /dev/null

One final gotcha is worth mentioning. If you are using a VPN setup such as the one covered in our VPN in a Flash tutorial, then be aware that your localnet settings in sip_custom.conf must include entries for all of the subnets being used on your various VPN servers. The entries might look like this:

externip=50.212.212.124
localnet=192.168.1.0/255.255.255.0
localnet=192.168.0.0/255.255.255.0

If you fail to include localnet entries for each VPN subnet, then the RTP traffic for your calls still will be routed through your standard ports and will not be in the encrypted VPN tunnel.

 

[jroper]

Hi

This is the key in your sip show peers:-

Reg. Contact : sip:[email protected]:5060

The IP address being reported to your asterisk server is 192.168.1.101 I'm assuming that this is an address on your remote network.

Thus Asterisk cannot traffic back to the phone. From asterisk's point of view, the phone is on the local subnet, not remote.

There maybe a away in the remote phone of telling it what it's remote address is.

Or you could use stun.

Joe

 

[rossiv]

JRoper:

How would I config a SPA-2102 to send its external IP?

 

[rossiv]

Ok, now I have tried to hook my SPA directly to my cable modem and see this:

  * Name       : 2002
  Secret       : <Set>
  MD5Secret    : <Not set>
  Context      : from-internal
  Subscr.Cont. : <Not set>
  Language     :
  AMA flags    : Unknown
  Transfer mode: open
  CallingPres  : Presentation Allowed, Not Screened
  Callgroup    :
  Pickupgroup  :
  Mailbox      : 2002@default
  VM Extension : *97
  LastMsgsSent : 0/0
  Call limit   : 50
  Dynamic      : Yes
  Callerid     : "device" <2002>
  MaxCallBR    : 384 kbps
  Expire       : 3451
  Insecure     : no
  Nat          : Always
  ACL          : Yes
  T38 pt UDPTL : No
  CanReinvite  : No
  PromiscRedir : No
  User=Phone   : No
  Video Support: No
  Trust RPID   : No
  Send RPID    : No
  Subscriptions: Yes
  Overlap dial : Yes
  DTMFmode     : rfc2833
  LastMsg      : 0
  ToHost       :
  Addr->IP     : 24.211.53.6 Port 5060
  Defaddr->IP  : 0.0.0.0 Port 5060
  Def. Username: 2002
  SIP Options  : (none)
  Codecs       : 0xc (ulaw|alaw)
  Codec Order  : (ulaw:20,alaw:20)
  Auto-Framing:  No
  Status       : OK (37 ms)
  Useragent    : Linksys/SPA2102-3.3.5(a)
  Reg. Contact : sip:[email protected]:5060

It shows the IP because it is directly on the internet. Still NO audio! Uggh!

 

[jroper]

Hi

Well it's a start

Reg. Contact : sip:[email protected]:5060

 

[rossiv]

So what else do I need to do to get it to work? I put in the code in that post by BBguy5. That did not work. Any other ideas?