00:04.04 | *** join/#asterisk TandyUK (~admin@2a02:13a0:a006:1:1539:8ab5:5d5a:8efa) |
00:11.49 | Penguin | I'm using zoiper on my smartphone, and when I am on wifi on the same LAN as asterisk, tls works fine, and calls are good end to end. If I leave the wifi and use the 4G LTE on the phone, while using the tls setting, there is no audio. If I switch zoiper to tcp or udp, audio is fine from 4G. Any suggestions on what to look at to see why media doesn't work when using tls over the mobile network? |
00:14.58 | Penguin | rtp debug shows Sent RTP packet to [my 4G IP address] but never shows receiving any. tshark packet capture shows asterisk's address sending udp packets out, but none coming back inbound toward asterisk. |
00:15.33 | Penguin | But if I just switch to tcp rather than tls, audio works again. It's just with tls, there's no audio. |
00:29.32 | *** join/#asterisk stoopkid (uid137696@gateway/web/irccloud.com/x-lzpwopjjnjgdesue) |
00:31.55 | *** join/#asterisk youtmon (~yout@c-98-242-250-233.hsd1.fl.comcast.net) |
01:48.06 | *** join/#asterisk _r0ck_p3arl_ (~admin@203.149.66.146) |
01:52.14 | *** join/#asterisk setham (~setham@unaffiliated/setham) |
01:53.48 | *** join/#asterisk _r0ck_p3arl_ (~admin@203.149.66.146) |
03:00.42 | *** join/#asterisk _r0ck_p3arl_ (~admin@203.149.66.146) |
03:34.07 | Penguin | Same problem using other softphones, so it's probably not the software's fault. |
03:34.31 | Penguin | Probably a network or asterisk problem. Any thoughts? |
03:45.41 | *** join/#asterisk BoBeR (~BoBeR182@gateway/tor-sasl/bober182) |
03:45.59 | BoBeR | Hello, I get random calls from a 6666 number |
03:46.07 | BoBeR | it shows the IP as my own devices |
03:46.19 | Samot | You're being scanned. |
03:46.25 | BoBeR | and the log only shows this for the time frame |
03:46.27 | BoBeR | https://ptpb.pw/N7Or |
03:46.30 | Samot | You're being scanned. |
03:46.36 | BoBeR | Care to explain how to stop the scan/stop the call |
03:46.48 | Samot | Proper iptables. |
03:47.01 | BoBeR | iptables on a android phone? |
03:47.29 | Samot | You got that log from you android phone? |
03:47.33 | BoBeR | no |
03:47.39 | Samot | Right |
03:47.40 | BoBeR | the log is from the freepbx server |
03:47.46 | Samot | Oh well |
03:47.50 | BoBeR | how would my android phone be getting calls |
03:47.51 | Samot | If you have the distro, use the firewall |
03:48.04 | BoBeR | it's not the distro sadly, it's a debian VPS |
03:48.05 | Samot | Is you're android on the wifi? |
03:48.21 | BoBeR | yes my android is on wifi the VPS in not on the same local network |
03:48.33 | Samot | Then you are equating two different problems. |
03:48.43 | Samot | 1) Your *home* network is being scanned |
03:48.55 | Samot | 2) Your FreePBX is being hit as well. |
03:48.58 | Samot | Two different problems. |
03:49.08 | Samot | Someone is scanning your home network for SIP ports. |
03:49.19 | Samot | Since you have a softphone running and listening on SIP ports.. |
03:49.27 | Samot | Your phone is going to response to the INVITE they sent. |
03:49.44 | BoBeR | why would my PC not get the same calls? |
03:49.54 | Samot | I don't know. |
03:50.11 | Samot | You are equating two different problems as the same. |
03:50.11 | BoBeR | What would the scan confirm by me picking up a call |
03:50.22 | BoBeR | I don't hear anything on the other end |
03:50.27 | Samot | What is happening on the PBX has nothing do with the 6666 calls on your phone. |
03:50.35 | BoBeR | I understand that now |
03:50.39 | Samot | They aren't scanning for you to pick up |
03:50.47 | Samot | They are scanning for a device to response to the request. |
03:50.55 | Samot | INVITEs cause the phone to ring. |
03:51.03 | Samot | That's how it responds. |
03:51.08 | Samot | It's a dead call. |
03:51.12 | BoBeR | but I'm confused to why my phone (running linphone) gets em, but not my PC running linphone |
03:51.21 | BoBeR | what is the benifit for the attack to make my phone ring? |
03:51.24 | Samot | Because they didn't get to that IP yet.. |
03:51.29 | Samot | They don't know your IPs. |
03:51.32 | [TK]D-Fender | They don't know it's a phone |
03:51.34 | Samot | They're just hitting the WAN |
03:51.41 | Samot | The router is doing the NAT |
03:51.54 | Samot | Your softphone just happens to be the NAT destination. |
03:52.11 | Samot | They are scanning your PUBLIC IP. |
03:52.14 | BoBeR | okay |
03:52.22 | Samot | Your router is doing NAT for your two devices.. |
03:52.30 | BoBeR | so turn off portforwarding on the android phone |
03:52.38 | Samot | The scan is hitting your NAT for the softphone on the android. |
03:52.43 | Samot | It's not the phone. |
03:52.46 | Samot | It's the ROUTER |
03:52.51 | BoBeR | yes I understand |
03:52.59 | BoBeR | delete the UPnP forwards made by linphone |
03:53.15 | Samot | Changing crap on your linphone doesn't change the router. |
03:53.17 | Samot | Understand? |
03:53.22 | Samot | Again, TWO different things. |
03:53.24 | BoBeR | no |
03:53.35 | Samot | Linphone is just something ON the network |
03:53.44 | Samot | You could turn that off on the android |
03:53.45 | BoBeR | linphone uses UPnP to create portforward rules on my router |
03:53.48 | Samot | Then your PC could start ringing |
03:53.56 | Samot | Or you can put a real IP phone and it would ring. |
03:54.07 | BoBeR | so YES linphone changes my ROUTER |
03:54.14 | Samot | Your router still has to NAT the traffic |
03:54.19 | Samot | Or you can't connect to the PBX |
03:54.30 | Samot | So you have to fix your router's NAT/firewall rules |
03:54.42 | Samot | So that you're only allowing your PBX to be the only thing SIP allowed in. |
03:54.55 | BoBeR | what does scanning tell an attacker? |
03:55.02 | Samot | That you have devices they can reach |
03:55.09 | Samot | What the private IP of those devices are. |
03:55.25 | Samot | What type of device it is. |
03:55.55 | Samot | Then they may or may not try to brute force them to hack them so they can make calls through them.. |
03:56.08 | Samot | Or trigger the Call Forwarding settings to force redirects. |
03:56.54 | Samot | So basically, your home network and your PBX hosted in the cloud are open for SIP attackers. |
03:57.07 | Samot | You should read up on how to do fix that on both. |
03:58.06 | *** join/#asterisk lankanmon (~LKNnet@CPE64777dd7e053-CM64777dd7e050.cpe.net.cable.rogers.com) |
03:58.54 | BoBeR | Any good documentation? |
04:00.07 | Samot | 1) iptables is well documented all over the Internet |
04:00.24 | Samot | 2) It's your router and network, what documents you would need for those. I don't know. |
04:00.41 | BoBeR | more so what am I trying to block |
04:01.02 | BoBeR | all SIP outside of just my PBX > home net and twilio > pbx? |
04:08.15 | *** join/#asterisk lankanmon (~LKNnet@CPE64777dd7e053-CM64777dd7e050.cpe.net.cable.rogers.com) |
04:21.56 | Penguin | I think the term for that is ghost calls. |
05:47.59 | *** join/#asterisk gerhard7_ (~gerhard7@ip5657ee30.direct-adsl.nl) |
06:50.54 | *** part/#asterisk _r0ck_p3arl_ (~admin@203.149.66.146) |
07:11.15 | *** join/#asterisk youtmon (~yout@c-98-242-250-233.hsd1.fl.comcast.net) |
07:30.30 | *** join/#asterisk tripleslash (~triplesla@unaffiliated/imsaguy) |
07:32.39 | *** join/#asterisk hehol (~hehol@gatekeeper.loca.net) |
08:04.16 | *** join/#asterisk pchero_work (~pchero@109.70.54.56) |
08:06.07 | *** join/#asterisk tzafrir (~tzafrir@local.xorcom.com) |
08:10.42 | *** join/#asterisk defsdoor (~andy@cpc120600-sutt6-2-0-cust177.19-1.cable.virginm.net) |
08:20.05 | *** join/#asterisk Dovid (~dovid@ool-4356ea97.dyn.optonline.net) |
09:13.45 | *** join/#asterisk DanB (~DanB@clt-195.192.206.226.ip-anschluss.net) |
09:26.26 | *** join/#asterisk keftef (~keftef@o9hkvk.static.otenet.gr) |
09:37.08 | *** join/#asterisk Marquel (~Marquel@fuchsfanclub/allerdings/marquel) |
09:53.27 | *** join/#asterisk evilman_work (~evilman@87.244.6.228) |
09:58.58 | *** join/#asterisk hehol (~hehol@gatekeeper.loca.net) |
10:35.24 | *** join/#asterisk lankanmon (~LKNnet@CPE64777dd7e053-CM64777dd7e050.cpe.net.cable.rogers.com) |
10:36.10 | *** part/#asterisk StucKman (~mdione@195.200.189.206) |
10:51.42 | *** join/#asterisk jkroon (~jkroon@165.16.204.166) |
11:01.18 | *** join/#asterisk tuxd00d (~tuxd00d@ip184-182-52-160.ph.ph.cox.net) |
11:14.38 | *** join/#asterisk clopez (~tau@neutrino.es) |
11:21.49 | *** join/#asterisk Milos (~Milos@pdpc/supporter/student/milos) |
11:27.43 | *** join/#asterisk sekil (~sekil@89.216.27.60) |
11:59.07 | *** join/#asterisk sekil (~sekil@nat-73.net011.net) |
12:13.10 | *** join/#asterisk [TK]D-Fender (~joe@216.191.106.165) |
12:28.54 | *** join/#asterisk brad_mssw (~brad@66.129.88.50) |
12:46.33 | *** join/#asterisk nighty- (~nighty@s229123.ppp.asahi-net.or.jp) |
12:47.56 | *** join/#asterisk tripleslash (~triplesla@unaffiliated/imsaguy) |
12:49.53 | *** join/#asterisk SoBlindWolf (~SoBlindWo@go.pcshost.co) |
12:55.50 | [TK]D-Fender | ~seen lorsungcu |
12:55.51 | infobot | lorsungcu <sid65806@gateway/web/irccloud.com/x-fbgngrgnvyoxpnwq> was last seen on IRC in channel #asterisk, 89d 6h 53m 55s ago, saying: 'go to #freepbx'. |
13:01.43 | Samot | Yes. That long |
13:05.18 | *** join/#asterisk pawiecki (~pawiecki@router.dir.pl) |
13:18.58 | [TK]D-Fender | hrm |
13:19.39 | Martin` | did he move to #freepbx ? :P |
13:19.51 | Samot | No. |
13:34.14 | *** join/#asterisk jkroon (~jkroon@165.16.204.166) |
13:39.03 | *** join/#asterisk wonderworld (~ww@ip-88-152-174-32.hsi03.unitymediagroup.de) |
13:39.58 | wonderworld | hi, I remember that there was a the possibility to include files in asterisk config files but i can't find the documentation on it.. |
13:40.27 | wonderworld | i have externaly generated config parts that i wanto to "feed" into sip.conf, extensions.conf etc |
13:44.01 | [TK]D-Fender | Looked for the word "include" in the sample configs? |
13:44.06 | *** join/#asterisk cresl1n (Adium@asterisk/libpri-and-libss7-expert/Cresl1n) |
13:44.06 | *** mode/#asterisk [+o cresl1n] by ChanServ |
13:44.56 | [TK]D-Fender | Just did a search and the first result was a 100% answer |
13:53.35 | Samot | It's like in the basics of Asterisk area of the wiki |
13:54.01 | wonderworld | thanks guys, got it |
13:54.19 | [TK]D-Fender | Or the first hit in the extensions.conf.sample |
13:54.38 | *** join/#asterisk youtmon (~yout@c-98-242-250-233.hsd1.fl.comcast.net) |
13:54.55 | wonderworld | when searching i found the "include => " thing all the time for including contexts, rather then #include |
13:54.59 | wonderworld | tnx guys |
13:56.41 | Samot | [TK]D-Fender: And that's why it's been 89 days. |
13:57.13 | Samot | Well, a part of it. |
13:58.35 | *** join/#asterisk sekil (~sekil@nat-73.net011.net) |
14:10.52 | *** join/#asterisk defsdoor (~andy@cpc120600-sutt6-2-0-cust177.19-1.cable.virginm.net) |
14:14.47 | *** join/#asterisk billxx (49958984@gateway/web/freenode/ip.73.149.137.132) |
14:22.28 | *** join/#asterisk kharwell (kharwell@nat/digium/x-gkaiqnxlkdvwiewc) |
14:22.28 | *** mode/#asterisk [+o kharwell] by ChanServ |
14:37.58 | *** join/#asterisk bford (d8cff501@gateway/web/freenode/ip.216.207.245.1) |
14:37.58 | *** mode/#asterisk [+o bford] by ChanServ |
14:39.03 | *** join/#asterisk rmudgett (rmudgett@nat/digium/x-nyfjgkwwstammjte) |
14:39.03 | *** mode/#asterisk [+o rmudgett] by ChanServ |
14:40.38 | *** join/#asterisk GordonTheFreeman (68835d38@gateway/web/freenode/ip.104.131.93.56) |
14:43.55 | GordonTheFreeman | hey all, im having trouble setting up a SIP trunk between an asterisk box running chan_sip and another asterisk box running chan_pjsip. Both are running asterisk 13 on ubuntu 16.04. Anyone have any experince with this? |
14:53.39 | *** join/#asterisk happy-dude (uid62780@gateway/web/irccloud.com/x-pzbmudxobcvokgev) |
15:02.00 | *** join/#asterisk qwebirc13415 (68835d38@gateway/web/freenode/ip.104.131.93.56) |
15:03.11 | [TK]D-Fender | the fact it' a different channel driver on both ends isnt' really relevant |
15:09.03 | zaf | it's it leaves the system, SIP is SIP |
15:09.18 | zaf | once |
15:09.31 | zaf | reminds himself not to type again before finishing coffee |
15:11.57 | qwebirc13415 | i got disconnected earlier, im assuming you all are talking about my sip -> pjsip issue? |
15:15.30 | [TK]D-Fender | all =me |
15:15.31 | [TK]D-Fender | yes |
15:16.04 | [TK]D-Fender | One side send out calls formattede like X the other side should be set to ack it the same way |
15:20.15 | qwebirc13415 | i think my problem is with the two different config syntaxes. I keep seeing 'failed to authenticate' messages in the console when the chan_sip box tries to register with the res_pjsip box |
15:20.36 | *** join/#asterisk sekil (~sekil@cable-89-216-232-129.dynamic.sbb.rs) |
15:20.37 | *** part/#asterisk sekil (~sekil@cable-89-216-232-129.dynamic.sbb.rs) |
15:21.56 | [TK]D-Fender | Time to look at both configs and the guides one hoow to accoodate those things |
15:26.09 | qwebirc13415 | I've done my best to set things up like the sample files indicate, but im not sure why there is an auth error. sip-to-sip and pjsip -to-pjsip work fine. but for some reason, the pjsip config isn't liking the way the sip config is trying to auth |
15:26.58 | *** join/#asterisk startledmarmot (~startledm@cpe-75-82-221-87.socal.res.rr.com) |
15:27.53 | *** join/#asterisk WingZero (~WingZero@84-199-78-189.ifiber.telenet-ops.be) |
15:27.58 | [TK]D-Fender | or the reverse |
15:28.16 | [TK]D-Fender | time to really start looking at it.... |
15:34.23 | qwebirc13415 | well, that's why im here--i have looked at it and can't see what's wrong. as far as auth, there are only a few fields that im aware of that affect that. the username and password/secret fields on each side match. |
15:35.59 | qwebirc13415 | i can see on the pjsip box's console that it's recieving the correct username. assuming that the SIP box is sending the password from the 'secret' field in the config, why would pjsip balk? |
15:38.32 | *** join/#asterisk BoBeR (~BoBeR182@gateway/tor-sasl/bober182) |
15:41.12 | [TK]D-Fender | There isnt' a "field" really. It's one string |
15:41.16 | [TK]D-Fender | with everything |
15:41.43 | [TK]D-Fender | If you want us to suggest why it doesn't work, we need to actually see it |
15:42.11 | qwebirc13415 | sure, one sec |
15:44.19 | voipmonk | ~pb |
15:44.19 | infobot | extra, extra, read all about it, pastebin is a web-based service where you should paste anything over 3 lines so you don't flood the channel. Here are links to a few: http://pastebin.ca, http://channels.debian.net/paste, http://paste.lisp.org, http://bin.cakephp.org/; or install pastebinit with yum or aptitude. |
15:44.54 | qwebirc13415 | the SIP conf: https://pastebin.com/raw/fYMisJfP |
15:45.35 | qwebirc13415 | pjsip conf: https://pastebin.com/raw/XfM0vrmv |
15:46.55 | *** join/#asterisk BoBeR (~BoBeR182@gateway/tor-sasl/bober182) |
15:48.35 | [TK]D-Fender | lets see the debug.... |
15:50.23 | *** join/#asterisk WingZero (~WingZero@84-199-78-189.ifiber.telenet-ops.be) |
15:52.48 | *** join/#asterisk BoBeR (~BoBeR182@gateway/tor-sasl/bober182) |
15:53.42 | qwebirc13415 | huh, it seems like it's working now. I'm not sure what i changed. Going to setup a test call |
16:09.02 | *** join/#asterisk Kobaz (~kobaz@its.kobaz.net) |
16:19.22 | *** join/#asterisk pchero (~pchero@109.70.54.56) |
16:25.18 | *** join/#asterisk imcdona (~imcdona@2607:f0d8:20:1001:30bd:d471:2b1e:a682) |
16:26.30 | qwebirc13415 | yeah, it's working now. i feel dumb because I'm not sure what i changed, but at least it's working. i appreciate you taking a look at my configs, though |
16:26.52 | [TK]D-Fender | You're welcome |
17:22.39 | *** join/#asterisk wh0 (327ac084@gateway/web/freenode/ip.50.122.192.132) |
17:30.50 | wh0 | <PROTECTED> |
17:31.08 | wh0 | <PROTECTED> |
17:31.25 | wh0 | So in the event that their voicemail picks up I can dial *88 and it would transfer them out of the conference and to a recording that tells them how they can manually dial into the conference (I can handle the recodring part). |
17:31.30 | Samot | Don't ring them as long. |
17:31.58 | Samot | If the default ringtimer for voicemail is 30 seconds.. |
17:32.07 | Samot | Only ring them for 28.. |
17:32.15 | wh0 | If they are on a call they have gone straight to VM though. |
17:32.24 | wh0 | and then the system sees it as an answered call/ |
17:32.25 | Samot | Then you should look at their device state. |
17:32.52 | wh0 | We're not ringing just devices on asterisk. They can put in their cellphone number if they are going to be on the road during the call. |
17:33.01 | Samot | Is X device "IN USE"? If yes, do not Dial(). |
17:33.08 | Samot | Well.. |
17:33.19 | Samot | Then a call isn't going straight to voicemail. |
17:33.31 | Samot | Unless you have it setup for them not to have call waiting. |
17:33.31 | wh0 | It is if they ignore it lol |
17:33.42 | *** join/#asterisk stoopkid (uid137696@gateway/web/irccloud.com/x-hsmxbukaywopeqjr) |
17:33.46 | Samot | If I forward a call to my cell |
17:33.57 | Samot | And I'm on another call, its still going to ring like normal. |
17:34.05 | Samot | So it's still going to ring me for 30 seconds |
17:34.23 | Samot | Then you should add some sort of confirmation. |
17:34.28 | wh0 | Interesting. We don't seem to be getting that. We are getting some calls that go straight to VM with no rings. |
17:34.53 | Samot | Well then you're setup in someway to have the device marked busy with 1 call |
17:34.58 | wh0 | Is there any way to just transfer the last joined caller in a conf to another destination? |
17:35.04 | Samot | Which will then only allow it one call. |
17:35.13 | Samot | You can add a confirmation. |
17:35.22 | Samot | You're using Originate.. |
17:35.23 | wh0 | That way we can just have the system leave a message saying you missed the conf, dial this number to get into it |
17:35.38 | Samot | OK. |
17:36.02 | *** join/#asterisk DivideBy0 (~DivideBy0@unaffiliated/divideby0x0) |
17:36.03 | *** mode/#asterisk [+o DivideBy0] by ChanServ |
17:36.03 | Samot | You can Originate the call and only transfer to the conf bridge if they send back DTMF confirmation. |
17:36.16 | Samot | ie. "This is a conf call, press 1 to join" |
17:36.33 | wh0 | Ok yea that would work. |
17:36.51 | Samot | You can also use Originate and then use AMD to detect if it is voicemail or a person. |
17:36.55 | wh0 | Then just leave the message if they don't press 1 |
17:37.02 | Samot | If it is voicemail, leave your message.. |
17:37.12 | Samot | If it is a person, dump into conf bridge. |
17:37.15 | Samot | Either way will work. |
17:37.17 | wh0 | Yea I've used AMD, sometimes it doesn't always work though. |
17:37.26 | Samot | You have to tweak it. |
17:37.51 | wh0 | Yup, I've got it to what I think is fairly accurate, but sometimes people still slip through the cracks. |
17:38.04 | Samot | Then go with option one. |
17:38.14 | Samot | Force a DTMF response confirmation. |
17:38.42 | wh0 | So it sounds like there is no way to transfer someone after they have joined the conference? (I'm sure the press 1 will work, just curious at this point). |
17:46.46 | Penguin | I'm using zoiper (and have tested several others) on my smartphone, and when I am on wifi on the same LAN as asterisk, tls works fine, and calls are good end to end. If I leave the wifi and use the 4G LTE on the phone, while using the tls setting, there is no audio. If I switch zoiper to tcp or udp, audio is fine from 4G. Any suggestions on what to look at to see why media doesn't work when using tls over |
17:46.53 | Penguin | the mobile network? |
17:47.17 | Penguin | rtp debug shows Sent RTP packet to [my 4G IP address] but never shows receiving any. tshark packet capture shows asterisk's address sending udp packets out, but none coming back inbound toward asterisk. |
17:47.44 | Penguin | But if I just switch to tcp rather than tls, audio works again. It's just with tls, there's no audio. |
17:48.29 | Penguin | This is true with or without srtp. |
17:49.03 | Penguin | The results are the same with nat=no and with nat=yes; there is no change by changing the nat setting. |
17:52.44 | Penguin | Any thoughts on why there is no audio when I have switched to tls using the 4G mobile network? |
18:05.38 | Penguin | Here's a sip debug for the peer with nat=no https://bpaste.net/show/2274e0605178 |
18:13.02 | voipmonk | are you using RPORT for signalling and rport for media? |
18:13.06 | voipmonk | Penguin ? |
18:13.28 | voipmonk | found in the network settings for that account |
18:13.34 | voipmonk | in zoiper |
18:14.22 | Penguin | I have tested both ways, ticked and not ticked. The debug is with rport enabled for signaling and media. |
18:15.19 | Penguin | I have tried signaling only enabled, not media. I have tried not signaling, only media enabled. I have tried both enabled, and tried both disabled. |
18:15.30 | Penguin | I have tried with STUN enabled, and with STUN disabled. |
18:15.55 | Penguin | I have tried nat=yes in the peer config definition and with nat=no in the peer definition. |
18:16.29 | Penguin | I have tried with asterisk configured for ipv6 and ipv4 together, and I have tried with ipv4 only. |
18:28.46 | voipmonk | with tls there is no audio , i had the same issue - |
18:29.02 | Penguin | The same problem exists with every softphone I try using the 4G network. |
18:29.08 | voipmonk | unless it was extension to extension |
18:29.55 | voipmonk | using the same version of zoiper |
18:30.45 | Penguin | Because it happens on every softphone, and because tls and media work properly on the local network where asterisk resides, I'm sure it's network related. |
18:33.31 | Penguin | I just don't know what to look for. |
18:40.09 | *** join/#asterisk startledmarmot (~startledm@cpe-75-82-221-87.socal.res.rr.com) |
18:51.02 | JonathanD | I'm looking at collecting some data from asterisk 1.8. Right now I'm running sip show peers and doing some things with the output, but the first field gets truncated. Other than iterating through all the peers, is there a way to get the full output of that first field? |
18:51.42 | [TK]D-Fender | sip show peers <tab> |
18:51.44 | *** topic/#asterisk by kharwell -> #asterisk The Open Source PBX and Telephony Platform (asterisk.org) -=- LTS: 13.18.0 (2017/10/30), 11.25.3 (2017/09/19), Standard: 15.1.0 (2017/10/30); DAHDI: DAHDI-linux 2.11.1 (2016/03/01), DAHDI-tools 2.11.1 (2016/03/01); libpri 1.6.0 (2017/01/27) -=- Wiki: wiki.asterisk.org -=- Code of Conduct: bit.ly/1hH6P22 -=- Logs: bit.ly/1s4AKKu |
18:52.13 | [TK]D-Fender | Also everything other than * 13 & 15 are dead |
18:52.13 | JonathanD | [TK]D-Fender: doesn't appear to do anything. |
18:52.21 | Penguin | And it's not likely to be a blocked port problem because I have changed the tls port to an non-standard port and the problem persists. |
18:53.48 | [TK]D-Fender | JonathanD, Indeed doesn't seem to have the "concise" options "channels" does |
18:54.08 | JonathanD | Yeah. I use concise/verbose in channels to gather other data, I already tried those :) |
18:55.14 | [TK]D-Fender | JonathanD, That leaves AMI |
18:55.30 | JonathanD | The bit of data I'm actually after is all the peer names and IPs. |
18:56.17 | JonathanD | Right now I'm doing 'database show sip' which works, except it doesn't distinquish between online and offline. |
18:56.34 | Penguin | The first column should not be so short that it doesn't show the peer names. It is 25 characters wide. |
18:56.50 | JonathanD | And we're exceeding that :) |
18:56.55 | Penguin | Good grief. |
18:57.51 | JonathanD | Multitenancy with movable customers, so we have something like "sipxxx_customerid" which sometimes exceeds the 25 characters. |
19:03.14 | Samot | How are the customer movable? |
19:03.26 | Samot | How are the customers movable? |
19:03.41 | *** join/#asterisk miralin (~Thunderbi@194.8.128.62) |
19:11.29 | *** join/#asterisk Dovid (~dovid@172.58.139.57) |
19:22.56 | Penguin | What should I look for to figure out why the call is not working correctly when using tls? |
19:25.26 | *** join/#asterisk matt_ (~matt@ccpc-buzzer.bath.ac.uk) |
19:25.52 | file | your Asterisk is putting a private IP address in the SDP, so that the remote endpoint can't send media to it |
19:26.04 | matt_ | hello, I have an issue where asterisk dosn't seem to be following a reinvite for a tranfur, i'm using pjsip, is there any settings that may prevent this? |
19:26.06 | Samot | Chan_SIP or PJSIP? |
19:26.07 | file | if using UDP or TCP then something could have "fixed" that - such as an ALG |
19:26.19 | Samot | Penguin: |
19:26.24 | file | if using TLS since it is encrypted then it wouldn't be able to |
19:26.48 | Samot | Either way |
19:26.48 | matt_ | looking at the sip traffic using tcpdump invites are getting sent to asterisk with the ip of the phone the call is being invited to |
19:26.51 | Samot | asterisk -rvvvvvv |
19:27.00 | Samot | sip set debug on <- chan_sip |
19:27.08 | Samot | pjsip set logger on <-- pjsip |
19:27.09 | Samot | ~pb |
19:27.10 | infobot | pastebin is probably a web-based service where you should paste anything over 3 lines so you don't flood the channel. Here are links to a few: http://pastebin.ca, http://channels.debian.net/paste, http://paste.lisp.org, http://bin.cakephp.org/; or install pastebinit with yum or aptitude. |
19:27.15 | Samot | Show us a failed TLS call. |
19:27.26 | file | Penguin: my comments were to you. |
19:27.31 | Penguin | I'm using chan_sip. |
19:27.32 | Samot | Yes, that they were |
19:28.20 | Penguin | file: My asterisk is behind a NAT. Is it not expected for the SDP to contain the private address of asterisk? |
19:28.47 | file | Penguin: if you are communicating with a public device then no - to ensure that media flows correctly it has to contain the public IP address, which can be configured in sip.conf |
19:28.49 | Penguin | That's an interesting thought, though. I will run a few more sip debugs with different nat settings and with tcp/udp. |
19:29.12 | file | Penguin: SDP works by saying "send media to this IP address and port", if that's a private address... then the device can't usually |
19:29.28 | matt_ | i'm also getting some message saying, strict rtp learning after remote address set to : and then the wrong address |
19:29.52 | Penguin | Not sure why tcp/udp work, but tls doesn't. I'll do some more testing with other combinations of settings. |
19:29.59 | matt_ | is the strictrtp setting in rtp.conf on by default? |
19:30.23 | Penguin | file: Thanks for giving me a direction to being looking. I didn't really know where to go next. |
19:37.38 | *** join/#asterisk infernix (nix@unaffiliated/infernix) |
19:37.54 | Penguin | I have the externhost set to a hostname which correctly resolves to the public address of the NAT. |
19:38.29 | file | and localnet? |
19:38.56 | Penguin | It contains the network/subnet that asterisk is in. |
19:39.32 | Penguin | Is it ok to have multiple localnet entries? |
19:39.46 | file | yes |
19:39.53 | file | check "sip show settings" to make sure it is as you expect... |
19:41.51 | Penguin | Under network settings, it shows sip address remapping is done using externhost, externhost is set to the name I entered in sip.conf, externaddr is the correct resolved IP address of the public side of the nat, and localnet shows the subnets I entered. |
19:42.16 | Penguin | Although I can remove two of those localnets since I am no longer on more than one local net. |
19:42.45 | file | it's possible that it's broken in the old version you are using, dunno |
19:43.16 | Penguin | It's peculiar to me that tcp and udp work. |
19:43.29 | Penguin | I understand what you're saying about tls being encrypted. |
19:45.48 | Penguin | With the peer's nat value set to either 'force_rport,comedia' or set to 'no' I still see the private IP address in the sip debug. And audio is working. |
19:49.21 | JonathanD | AMI seems to work pretty well for this. |
19:49.40 | JonathanD | Samot: movable as in we can move one to another server. |
19:50.14 | JonathanD | So the peer names must be unique across the entire infra. |
19:58.05 | *** join/#asterisk cresl1n (Adium@asterisk/libpri-and-libss7-expert/Cresl1n) |
19:58.05 | *** mode/#asterisk [+o cresl1n] by ChanServ |
20:09.59 | Samot | K. So basically replicated servers. |
20:10.51 | *** join/#asterisk Oatmeal (~Suzeanne@gateway/vpn/privateinternetaccess/suzeanne) |
20:40.22 | *** join/#asterisk freebs (~freebs@unaffiliated/freebs) |
20:54.29 | *** join/#asterisk RovingWriter (~RovingWri@unaffiliated/rovingwriter) |
21:19.07 | *** join/#asterisk youtmon (~yout@c-98-242-250-233.hsd1.fl.comcast.net) |
21:28.12 | *** join/#asterisk [TK]D-Fender (~joe@64.235.216.2) |
21:54.09 | *** join/#asterisk stoopkid (uid137696@gateway/web/irccloud.com/x-jhywwzhxixlzmjab) |
21:57.31 | *** join/#asterisk cresl1n (Adium@asterisk/libpri-and-libss7-expert/Cresl1n) |
21:57.31 | *** mode/#asterisk [+o cresl1n] by ChanServ |
22:16.42 | *** join/#asterisk _r0ck_p3arl_ (~admin@203.149.66.146) |
22:18.29 | *** join/#asterisk Dovid (~dovid@50-201-95-250-static.hfc.comcastbusiness.net) |
22:43.52 | *** join/#asterisk wonderworld (~ww@ip-88-152-174-32.hsi03.unitymediagroup.de) |
22:46.19 | wonderworld | when i dial a local extension with a timeout like Dial(local/1000@locals,30) and there is another Dial() inside of the local extension with another timeout, which timeout would "win"? |
22:53.41 | Penguin | wonderworld: The first timer starts first. |
23:14.43 | *** join/#asterisk infinity_ (~brendon@web2.artsopolis.com) |
23:15.12 | infinity_ | is there a way for polycom phones to discover local phones and show BLF lights for them? |
23:15.25 | infinity_ | or does it have to be statically configured? |
23:15.27 | [TK]D-Fender | No. |
23:15.34 | [TK]D-Fender | They do not "discover" anything |
23:15.40 | [TK]D-Fender | They are told what to look for |
23:15.49 | [TK]D-Fender | So static |
23:16.03 | infinity_ | [TK]D-Fender: okay. I swear I saw one do it once which is why I'm asking. okay. thanks. |
23:17.28 | *** join/#asterisk tzafrir (~tzafrir@212.29.194.37) |
23:28.28 | *** join/#asterisk pchero (~pchero@109.70.54.56) |
23:28.54 | *** join/#asterisk cemotyz09 (~cemotyz09@cpe-70-121-157-202.satx.res.rr.com) |
23:33.49 | *** part/#asterisk kharwell (kharwell@nat/digium/x-gkaiqnxlkdvwiewc) |