IRC log for #asterisk on 20171030

00:04.04*** join/#asterisk TandyUK (~admin@2a02:13a0:a006:1:1539:8ab5:5d5a:8efa)
00:11.49PenguinI'm using zoiper on my smartphone, and when I am on wifi on the same LAN as asterisk, tls works fine, and calls are good end to end.  If I leave the wifi and use the 4G LTE on the phone, while using the tls setting, there is no audio.  If I switch zoiper to tcp or udp, audio is fine from 4G.  Any suggestions on what to look at to see why media doesn't work when using tls over the mobile network?
00:14.58Penguinrtp debug shows  Sent RTP packet to [my 4G IP address]  but never shows receiving any.  tshark packet capture shows asterisk's address sending udp packets out, but none coming back inbound toward asterisk.
00:15.33PenguinBut if I just switch to tcp rather than tls, audio works again.  It's just with tls, there's no audio.
00:29.32*** join/#asterisk stoopkid (uid137696@gateway/web/irccloud.com/x-lzpwopjjnjgdesue)
00:31.55*** join/#asterisk youtmon (~yout@c-98-242-250-233.hsd1.fl.comcast.net)
01:48.06*** join/#asterisk _r0ck_p3arl_ (~admin@203.149.66.146)
01:52.14*** join/#asterisk setham (~setham@unaffiliated/setham)
01:53.48*** join/#asterisk _r0ck_p3arl_ (~admin@203.149.66.146)
03:00.42*** join/#asterisk _r0ck_p3arl_ (~admin@203.149.66.146)
03:34.07PenguinSame problem using other softphones, so it's probably not the software's fault.
03:34.31PenguinProbably a network or asterisk problem.  Any thoughts?
03:45.41*** join/#asterisk BoBeR (~BoBeR182@gateway/tor-sasl/bober182)
03:45.59BoBeRHello, I get random calls from a 6666 number
03:46.07BoBeRit shows the IP as my own devices
03:46.19SamotYou're being scanned.
03:46.25BoBeRand the log only shows this for the time frame
03:46.27BoBeRhttps://ptpb.pw/N7Or
03:46.30SamotYou're being scanned.
03:46.36BoBeRCare to explain how to stop the scan/stop the call
03:46.48SamotProper iptables.
03:47.01BoBeRiptables on a android phone?
03:47.29SamotYou got that log from you android phone?
03:47.33BoBeRno
03:47.39SamotRight
03:47.40BoBeRthe log is from the freepbx server
03:47.46SamotOh well
03:47.50BoBeRhow would my android phone be getting calls
03:47.51SamotIf you have the distro, use the firewall
03:48.04BoBeRit's not the distro sadly, it's a debian VPS
03:48.05SamotIs you're android on the wifi?
03:48.21BoBeRyes my android is on wifi the VPS in not on the same local network
03:48.33SamotThen you are equating two different problems.
03:48.43Samot1) Your *home* network is being scanned
03:48.55Samot2) Your FreePBX is being hit as well.
03:48.58SamotTwo different problems.
03:49.08SamotSomeone is scanning your home network for SIP ports.
03:49.19SamotSince you have a softphone running and listening on SIP ports..
03:49.27SamotYour phone is going to response to the INVITE they sent.
03:49.44BoBeRwhy would my PC not get the same calls?
03:49.54SamotI don't know.
03:50.11SamotYou are equating two different problems as the same.
03:50.11BoBeRWhat would the scan confirm by me picking up a call
03:50.22BoBeRI don't hear anything on the other end
03:50.27SamotWhat is happening on the PBX has nothing do with the 6666 calls on your phone.
03:50.35BoBeRI understand that now
03:50.39SamotThey aren't scanning for you to pick up
03:50.47SamotThey are scanning for a device to response to the request.
03:50.55SamotINVITEs cause the phone to ring.
03:51.03SamotThat's how it responds.
03:51.08SamotIt's a dead call.
03:51.12BoBeRbut I'm confused to why my phone (running linphone) gets em, but not my PC running linphone
03:51.21BoBeRwhat is the benifit for the attack to make my phone ring?
03:51.24SamotBecause they didn't get to that IP yet..
03:51.29SamotThey don't know your IPs.
03:51.32[TK]D-FenderThey don't know it's a phone
03:51.34SamotThey're just hitting the WAN
03:51.41SamotThe router is doing the NAT
03:51.54SamotYour softphone just happens to be the NAT destination.
03:52.11SamotThey are scanning your PUBLIC IP.
03:52.14BoBeRokay
03:52.22SamotYour router is doing NAT for your two devices..
03:52.30BoBeRso turn off portforwarding on the android phone
03:52.38SamotThe scan is hitting your NAT for the softphone on the android.
03:52.43SamotIt's not the phone.
03:52.46SamotIt's the ROUTER
03:52.51BoBeRyes I understand
03:52.59BoBeRdelete the UPnP forwards made by linphone
03:53.15SamotChanging crap on your linphone doesn't change the router.
03:53.17SamotUnderstand?
03:53.22SamotAgain, TWO different things.
03:53.24BoBeRno
03:53.35SamotLinphone is just something ON the network
03:53.44SamotYou could turn that off on the android
03:53.45BoBeRlinphone uses UPnP to create portforward rules on my router
03:53.48SamotThen your PC could start ringing
03:53.56SamotOr you can put a real IP phone and it would ring.
03:54.07BoBeRso YES linphone changes my ROUTER
03:54.14SamotYour router still has to NAT the traffic
03:54.19SamotOr you can't connect to the PBX
03:54.30SamotSo you have to fix your router's NAT/firewall rules
03:54.42SamotSo that you're only allowing your PBX to be the only thing SIP allowed in.
03:54.55BoBeRwhat does scanning tell an attacker?
03:55.02SamotThat you have devices they can reach
03:55.09SamotWhat the private IP of those devices are.
03:55.25SamotWhat type of device it is.
03:55.55SamotThen they may or may not try to brute force them to hack them so they can make calls through them..
03:56.08SamotOr trigger the Call Forwarding settings to force redirects.
03:56.54SamotSo basically, your home network and your PBX hosted in the cloud are open for SIP attackers.
03:57.07SamotYou should read up on how to do fix that on both.
03:58.06*** join/#asterisk lankanmon (~LKNnet@CPE64777dd7e053-CM64777dd7e050.cpe.net.cable.rogers.com)
03:58.54BoBeRAny good documentation?
04:00.07Samot1) iptables is well documented all over the Internet
04:00.24Samot2) It's your router and network, what documents you would need for those. I don't know.
04:00.41BoBeRmore so what am I trying to block
04:01.02BoBeRall SIP outside of just my PBX > home net and twilio > pbx?
04:08.15*** join/#asterisk lankanmon (~LKNnet@CPE64777dd7e053-CM64777dd7e050.cpe.net.cable.rogers.com)
04:21.56PenguinI think the term for that is ghost calls.
05:47.59*** join/#asterisk gerhard7_ (~gerhard7@ip5657ee30.direct-adsl.nl)
06:50.54*** part/#asterisk _r0ck_p3arl_ (~admin@203.149.66.146)
07:11.15*** join/#asterisk youtmon (~yout@c-98-242-250-233.hsd1.fl.comcast.net)
07:30.30*** join/#asterisk tripleslash (~triplesla@unaffiliated/imsaguy)
07:32.39*** join/#asterisk hehol (~hehol@gatekeeper.loca.net)
08:04.16*** join/#asterisk pchero_work (~pchero@109.70.54.56)
08:06.07*** join/#asterisk tzafrir (~tzafrir@local.xorcom.com)
08:10.42*** join/#asterisk defsdoor (~andy@cpc120600-sutt6-2-0-cust177.19-1.cable.virginm.net)
08:20.05*** join/#asterisk Dovid (~dovid@ool-4356ea97.dyn.optonline.net)
09:13.45*** join/#asterisk DanB (~DanB@clt-195.192.206.226.ip-anschluss.net)
09:26.26*** join/#asterisk keftef (~keftef@o9hkvk.static.otenet.gr)
09:37.08*** join/#asterisk Marquel (~Marquel@fuchsfanclub/allerdings/marquel)
09:53.27*** join/#asterisk evilman_work (~evilman@87.244.6.228)
09:58.58*** join/#asterisk hehol (~hehol@gatekeeper.loca.net)
10:35.24*** join/#asterisk lankanmon (~LKNnet@CPE64777dd7e053-CM64777dd7e050.cpe.net.cable.rogers.com)
10:36.10*** part/#asterisk StucKman (~mdione@195.200.189.206)
10:51.42*** join/#asterisk jkroon (~jkroon@165.16.204.166)
11:01.18*** join/#asterisk tuxd00d (~tuxd00d@ip184-182-52-160.ph.ph.cox.net)
11:14.38*** join/#asterisk clopez (~tau@neutrino.es)
11:21.49*** join/#asterisk Milos (~Milos@pdpc/supporter/student/milos)
11:27.43*** join/#asterisk sekil (~sekil@89.216.27.60)
11:59.07*** join/#asterisk sekil (~sekil@nat-73.net011.net)
12:13.10*** join/#asterisk [TK]D-Fender (~joe@216.191.106.165)
12:28.54*** join/#asterisk brad_mssw (~brad@66.129.88.50)
12:46.33*** join/#asterisk nighty- (~nighty@s229123.ppp.asahi-net.or.jp)
12:47.56*** join/#asterisk tripleslash (~triplesla@unaffiliated/imsaguy)
12:49.53*** join/#asterisk SoBlindWolf (~SoBlindWo@go.pcshost.co)
12:55.50[TK]D-Fender~seen lorsungcu
12:55.51infobotlorsungcu <sid65806@gateway/web/irccloud.com/x-fbgngrgnvyoxpnwq> was last seen on IRC in channel #asterisk, 89d 6h 53m 55s ago, saying: 'go to #freepbx'.
13:01.43SamotYes. That long
13:05.18*** join/#asterisk pawiecki (~pawiecki@router.dir.pl)
13:18.58[TK]D-Fenderhrm
13:19.39Martin`did he move to #freepbx ? :P
13:19.51SamotNo.
13:34.14*** join/#asterisk jkroon (~jkroon@165.16.204.166)
13:39.03*** join/#asterisk wonderworld (~ww@ip-88-152-174-32.hsi03.unitymediagroup.de)
13:39.58wonderworldhi, I remember that there was a the possibility to include files in asterisk config files but i can't find the documentation on it..
13:40.27wonderworldi have externaly generated config parts that i wanto to "feed" into sip.conf, extensions.conf etc
13:44.01[TK]D-FenderLooked for the word "include" in the sample configs?
13:44.06*** join/#asterisk cresl1n (Adium@asterisk/libpri-and-libss7-expert/Cresl1n)
13:44.06*** mode/#asterisk [+o cresl1n] by ChanServ
13:44.56[TK]D-FenderJust did a search and the first result was a 100% answer
13:53.35SamotIt's like in the basics of Asterisk area of the wiki
13:54.01wonderworldthanks guys, got it
13:54.19[TK]D-FenderOr the first hit in the extensions.conf.sample
13:54.38*** join/#asterisk youtmon (~yout@c-98-242-250-233.hsd1.fl.comcast.net)
13:54.55wonderworldwhen searching i found the "include => " thing all the time for including contexts, rather then #include
13:54.59wonderworldtnx guys
13:56.41Samot[TK]D-Fender: And that's why it's been 89 days.
13:57.13SamotWell, a part of it.
13:58.35*** join/#asterisk sekil (~sekil@nat-73.net011.net)
14:10.52*** join/#asterisk defsdoor (~andy@cpc120600-sutt6-2-0-cust177.19-1.cable.virginm.net)
14:14.47*** join/#asterisk billxx (49958984@gateway/web/freenode/ip.73.149.137.132)
14:22.28*** join/#asterisk kharwell (kharwell@nat/digium/x-gkaiqnxlkdvwiewc)
14:22.28*** mode/#asterisk [+o kharwell] by ChanServ
14:37.58*** join/#asterisk bford (d8cff501@gateway/web/freenode/ip.216.207.245.1)
14:37.58*** mode/#asterisk [+o bford] by ChanServ
14:39.03*** join/#asterisk rmudgett (rmudgett@nat/digium/x-nyfjgkwwstammjte)
14:39.03*** mode/#asterisk [+o rmudgett] by ChanServ
14:40.38*** join/#asterisk GordonTheFreeman (68835d38@gateway/web/freenode/ip.104.131.93.56)
14:43.55GordonTheFreemanhey all, im having trouble setting up a SIP trunk between an asterisk box running chan_sip and another asterisk box running chan_pjsip. Both are running asterisk 13 on ubuntu 16.04. Anyone have any experince with this?
14:53.39*** join/#asterisk happy-dude (uid62780@gateway/web/irccloud.com/x-pzbmudxobcvokgev)
15:02.00*** join/#asterisk qwebirc13415 (68835d38@gateway/web/freenode/ip.104.131.93.56)
15:03.11[TK]D-Fenderthe fact it' a different channel driver on both ends isnt' really relevant
15:09.03zafit's it leaves the system, SIP is SIP
15:09.18zafonce
15:09.31zafreminds himself not to type again before finishing coffee
15:11.57qwebirc13415i got disconnected earlier, im assuming you all are talking about my sip -> pjsip issue?
15:15.30[TK]D-Fenderall =me
15:15.31[TK]D-Fenderyes
15:16.04[TK]D-FenderOne side send out calls formattede like X the other side should be set to ack it the same way
15:20.15qwebirc13415i think my problem is with the two different config syntaxes. I keep seeing 'failed to authenticate' messages in the console when the chan_sip box tries to register with the res_pjsip box
15:20.36*** join/#asterisk sekil (~sekil@cable-89-216-232-129.dynamic.sbb.rs)
15:20.37*** part/#asterisk sekil (~sekil@cable-89-216-232-129.dynamic.sbb.rs)
15:21.56[TK]D-FenderTime to look at both configs and the guides one hoow to accoodate those things
15:26.09qwebirc13415I've done my best to set things up like the sample files indicate, but im not sure why there is an auth error. sip-to-sip and pjsip -to-pjsip work fine. but for some reason, the pjsip config  isn't liking the way the sip config is trying to auth
15:26.58*** join/#asterisk startledmarmot (~startledm@cpe-75-82-221-87.socal.res.rr.com)
15:27.53*** join/#asterisk WingZero (~WingZero@84-199-78-189.ifiber.telenet-ops.be)
15:27.58[TK]D-Fenderor the reverse
15:28.16[TK]D-Fendertime to really start looking at it....
15:34.23qwebirc13415well, that's why im here--i have looked at it and can't see what's wrong. as far as auth, there are only a few fields that im aware of that affect that. the username and password/secret fields on each side match.
15:35.59qwebirc13415i can see on the pjsip box's console that it's recieving the correct username. assuming that the SIP box is sending the password from the 'secret' field in the config, why would pjsip balk?
15:38.32*** join/#asterisk BoBeR (~BoBeR182@gateway/tor-sasl/bober182)
15:41.12[TK]D-FenderThere isnt' a "field" really.  It's one string
15:41.16[TK]D-Fenderwith everything
15:41.43[TK]D-FenderIf you want us to suggest why it doesn't work, we need to actually see it
15:42.11qwebirc13415sure, one sec
15:44.19voipmonk~pb
15:44.19infobotextra, extra, read all about it, pastebin is a web-based service where you should paste anything over 3 lines so you don't flood the channel. Here are links to a few: http://pastebin.ca, http://channels.debian.net/paste, http://paste.lisp.org, http://bin.cakephp.org/; or install pastebinit with yum or aptitude.
15:44.54qwebirc13415the SIP conf: https://pastebin.com/raw/fYMisJfP
15:45.35qwebirc13415pjsip conf: https://pastebin.com/raw/XfM0vrmv
15:46.55*** join/#asterisk BoBeR (~BoBeR182@gateway/tor-sasl/bober182)
15:48.35[TK]D-Fenderlets see the debug....
15:50.23*** join/#asterisk WingZero (~WingZero@84-199-78-189.ifiber.telenet-ops.be)
15:52.48*** join/#asterisk BoBeR (~BoBeR182@gateway/tor-sasl/bober182)
15:53.42qwebirc13415huh, it seems like it's working now. I'm not sure what i changed. Going to setup a test call
16:09.02*** join/#asterisk Kobaz (~kobaz@its.kobaz.net)
16:19.22*** join/#asterisk pchero (~pchero@109.70.54.56)
16:25.18*** join/#asterisk imcdona (~imcdona@2607:f0d8:20:1001:30bd:d471:2b1e:a682)
16:26.30qwebirc13415yeah, it's working now. i feel dumb because I'm not sure what i changed, but at least it's working. i appreciate you taking a look at my configs, though
16:26.52[TK]D-FenderYou're welcome
17:22.39*** join/#asterisk wh0 (327ac084@gateway/web/freenode/ip.50.122.192.132)
17:30.50wh0<PROTECTED>
17:31.08wh0<PROTECTED>
17:31.25wh0So in the event that their voicemail picks up I can dial *88 and it would transfer them out of the conference and to a recording that tells them how they can manually dial into the conference (I can handle the recodring part).
17:31.30SamotDon't ring them as long.
17:31.58SamotIf the default ringtimer for voicemail is 30 seconds..
17:32.07SamotOnly ring them for 28..
17:32.15wh0If they are on a call they have gone straight to VM though.
17:32.24wh0and then the system sees it as an answered call/
17:32.25SamotThen you should look at their device state.
17:32.52wh0We're not ringing just devices on asterisk. They can put in their cellphone number if they are going to be on the road during the call.
17:33.01SamotIs X device "IN USE"? If yes, do not Dial().
17:33.08SamotWell..
17:33.19SamotThen a call isn't going straight to voicemail.
17:33.31SamotUnless you have it setup for them not to have call waiting.
17:33.31wh0It is if they ignore it lol
17:33.42*** join/#asterisk stoopkid (uid137696@gateway/web/irccloud.com/x-hsmxbukaywopeqjr)
17:33.46SamotIf I forward a call to my cell
17:33.57SamotAnd I'm on another call, its still going to ring like normal.
17:34.05SamotSo it's still going to ring me for 30 seconds
17:34.23SamotThen you should add some sort of confirmation.
17:34.28wh0Interesting. We don't seem to be getting that. We are getting some calls that go straight to VM with no rings.
17:34.53SamotWell then you're setup in someway to have the device marked busy with 1 call
17:34.58wh0Is there any way to just transfer the last joined caller in a conf to another destination?
17:35.04SamotWhich will then only allow it one call.
17:35.13SamotYou can add a confirmation.
17:35.22SamotYou're using Originate..
17:35.23wh0That way we can just have the system leave a message saying you missed the conf, dial this number to get into it
17:35.38SamotOK.
17:36.02*** join/#asterisk DivideBy0 (~DivideBy0@unaffiliated/divideby0x0)
17:36.03*** mode/#asterisk [+o DivideBy0] by ChanServ
17:36.03SamotYou can Originate the call and only transfer to the conf bridge if they send back DTMF confirmation.
17:36.16Samotie. "This is a conf call, press 1 to join"
17:36.33wh0Ok yea that would work.
17:36.51SamotYou can also use Originate and then use AMD to detect if it is voicemail or a person.
17:36.55wh0Then just leave the message if they don't press 1
17:37.02SamotIf it is voicemail, leave your message..
17:37.12SamotIf it is a person, dump into conf bridge.
17:37.15SamotEither way will work.
17:37.17wh0Yea I've used AMD, sometimes it doesn't always work though.
17:37.26SamotYou have to tweak it.
17:37.51wh0Yup, I've got it to what I think is fairly accurate, but sometimes people still slip through the cracks.
17:38.04SamotThen go with option one.
17:38.14SamotForce a DTMF response confirmation.
17:38.42wh0So it sounds like there is no way to transfer someone after they have joined the conference? (I'm sure the press 1 will work, just curious at this point).
17:46.46PenguinI'm using zoiper (and have tested several others) on my smartphone, and when I am on wifi on the same LAN as asterisk, tls works fine, and calls are good end to end.  If I leave the wifi and use the 4G LTE on the phone, while using the tls setting, there is no audio.  If I switch zoiper to tcp or udp, audio is fine from 4G.  Any suggestions on what to look at to see why media doesn't work when using tls over
17:46.53Penguinthe mobile network?
17:47.17Penguinrtp debug shows  Sent RTP packet to [my 4G IP address]  but never shows receiving any.  tshark packet capture shows asterisk's address sending udp packets out, but none coming back inbound toward asterisk.
17:47.44PenguinBut if I just switch to tcp rather than tls, audio works again.  It's just with tls, there's no audio.
17:48.29PenguinThis is true with or without srtp.
17:49.03PenguinThe results are the same with nat=no and with nat=yes; there is no change by changing the nat setting.
17:52.44PenguinAny thoughts on why there is no audio when I have switched to tls using the 4G mobile network?
18:05.38PenguinHere's a sip debug for the peer with nat=no   https://bpaste.net/show/2274e0605178
18:13.02voipmonkare you using RPORT for signalling and rport for media?
18:13.06voipmonkPenguin ?
18:13.28voipmonkfound in the network settings for that account
18:13.34voipmonkin zoiper
18:14.22PenguinI have tested both ways, ticked and not ticked.  The debug is with rport enabled for signaling and media.
18:15.19PenguinI have tried signaling only enabled, not media.  I have tried not signaling, only media enabled.  I have tried both enabled, and tried both disabled.
18:15.30PenguinI have tried with STUN enabled, and with STUN disabled.
18:15.55PenguinI have tried nat=yes in the peer config definition and with nat=no in the peer definition.
18:16.29PenguinI have tried with asterisk configured for ipv6 and ipv4 together, and I have tried with ipv4 only.
18:28.46voipmonkwith tls there is no audio , i had the same issue -
18:29.02PenguinThe same problem exists with every softphone I try using the 4G network.
18:29.08voipmonkunless it was extension to extension
18:29.55voipmonkusing the same version of zoiper
18:30.45PenguinBecause it happens on every softphone, and because tls and media work properly on the local network where asterisk resides, I'm sure it's network related.
18:33.31PenguinI just don't know what to look for.
18:40.09*** join/#asterisk startledmarmot (~startledm@cpe-75-82-221-87.socal.res.rr.com)
18:51.02JonathanDI'm looking at collecting some data from asterisk 1.8. Right now I'm running sip show peers and doing some things with the output, but the first field gets truncated. Other than iterating through all the peers, is there a way to get the full output of that first field?
18:51.42[TK]D-Fendersip show peers <tab>
18:51.44*** topic/#asterisk by kharwell -> #asterisk The Open Source PBX and Telephony Platform (asterisk.org) -=- LTS: 13.18.0 (2017/10/30), 11.25.3 (2017/09/19), Standard: 15.1.0 (2017/10/30); DAHDI: DAHDI-linux 2.11.1 (2016/03/01), DAHDI-tools 2.11.1 (2016/03/01); libpri 1.6.0 (2017/01/27) -=- Wiki: wiki.asterisk.org -=- Code of Conduct: bit.ly/1hH6P22 -=- Logs: bit.ly/1s4AKKu
18:52.13[TK]D-FenderAlso everything other than * 13 & 15 are dead
18:52.13JonathanD[TK]D-Fender: doesn't appear to do anything.
18:52.21PenguinAnd it's not likely to be a blocked port problem because I have changed the tls port to an non-standard port and the problem persists.
18:53.48[TK]D-FenderJonathanD, Indeed doesn't seem to have the "concise" options "channels" does
18:54.08JonathanDYeah. I use concise/verbose in channels to gather other data, I already tried those :)
18:55.14[TK]D-FenderJonathanD, That leaves AMI
18:55.30JonathanDThe bit of data I'm actually after is all the peer names and IPs.
18:56.17JonathanDRight now I'm doing 'database show sip' which works, except it doesn't distinquish between online and offline.
18:56.34PenguinThe first column should not be so short that it doesn't show the peer names.  It is 25 characters wide.
18:56.50JonathanDAnd we're exceeding that :)
18:56.55PenguinGood grief.
18:57.51JonathanDMultitenancy with movable customers, so we have something like "sipxxx_customerid" which sometimes exceeds the 25 characters.
19:03.14SamotHow are the customer movable?
19:03.26SamotHow are the customers movable?
19:03.41*** join/#asterisk miralin (~Thunderbi@194.8.128.62)
19:11.29*** join/#asterisk Dovid (~dovid@172.58.139.57)
19:22.56PenguinWhat should I look for to figure out why the call is not working correctly when using tls?
19:25.26*** join/#asterisk matt_ (~matt@ccpc-buzzer.bath.ac.uk)
19:25.52fileyour Asterisk is putting a private IP address in the SDP, so that the remote endpoint can't send media to it
19:26.04matt_hello, I have an issue where asterisk dosn't seem to be following a reinvite for a tranfur, i'm using pjsip, is there any settings that may prevent this?
19:26.06SamotChan_SIP or PJSIP?
19:26.07fileif using UDP or TCP then something could have "fixed" that - such as an ALG
19:26.19SamotPenguin:
19:26.24fileif using TLS since it is encrypted then it wouldn't be able to
19:26.48SamotEither way
19:26.48matt_looking at the sip traffic using tcpdump invites are getting sent to asterisk with the ip of the phone the call is being invited to
19:26.51Samotasterisk -rvvvvvv
19:27.00Samotsip set debug on <- chan_sip
19:27.08Samotpjsip set logger on <-- pjsip
19:27.09Samot~pb
19:27.10infobotpastebin is probably a web-based service where you should paste anything over 3 lines so you don't flood the channel. Here are links to a few: http://pastebin.ca, http://channels.debian.net/paste, http://paste.lisp.org, http://bin.cakephp.org/; or install pastebinit with yum or aptitude.
19:27.15SamotShow us a failed TLS call.
19:27.26filePenguin: my comments were to you.
19:27.31PenguinI'm using chan_sip.
19:27.32SamotYes, that they were
19:28.20Penguinfile: My asterisk is behind a NAT.  Is it not expected for the SDP to contain the private address of asterisk?
19:28.47filePenguin: if you are communicating with a public device then no - to ensure that media flows correctly it has to contain the public IP address, which can be configured in sip.conf
19:28.49PenguinThat's an interesting thought, though.  I will run a few more sip debugs with different nat settings and with tcp/udp.
19:29.12filePenguin: SDP works by saying "send media to this IP address and port", if that's a private address... then the device can't usually
19:29.28matt_i'm also getting some message saying, strict rtp learning after remote address set to : and then the wrong address
19:29.52PenguinNot sure why tcp/udp work, but tls doesn't.  I'll do some more testing with other combinations of settings.
19:29.59matt_is the strictrtp setting in rtp.conf on by default?
19:30.23Penguinfile: Thanks for giving me a direction to being looking.  I didn't really know where to go next.
19:37.38*** join/#asterisk infernix (nix@unaffiliated/infernix)
19:37.54PenguinI have the externhost set to a hostname which correctly resolves to the public address of the NAT.
19:38.29fileand localnet?
19:38.56PenguinIt contains the network/subnet that asterisk is in.
19:39.32PenguinIs it ok to have multiple localnet entries?
19:39.46fileyes
19:39.53filecheck "sip show settings" to make sure it is as you expect...
19:41.51PenguinUnder network settings, it shows sip address remapping is done using externhost, externhost is set to the name I entered in sip.conf, externaddr is the correct resolved IP address of the public side of the nat, and localnet shows the subnets I entered.
19:42.16PenguinAlthough I can remove two of those localnets since I am no longer on more than one local net.
19:42.45fileit's possible that it's broken in the old version you are using, dunno
19:43.16PenguinIt's peculiar to me that tcp and udp work.
19:43.29PenguinI understand what you're saying about tls being encrypted.
19:45.48PenguinWith the peer's nat value set to either 'force_rport,comedia' or set to 'no' I still see the private IP address in the sip debug.  And audio is working.
19:49.21JonathanDAMI seems to work pretty well for this.
19:49.40JonathanDSamot: movable as in we can move one to another server.
19:50.14JonathanDSo the peer names must be unique across the entire infra.
19:58.05*** join/#asterisk cresl1n (Adium@asterisk/libpri-and-libss7-expert/Cresl1n)
19:58.05*** mode/#asterisk [+o cresl1n] by ChanServ
20:09.59SamotK. So basically replicated servers.
20:10.51*** join/#asterisk Oatmeal (~Suzeanne@gateway/vpn/privateinternetaccess/suzeanne)
20:40.22*** join/#asterisk freebs (~freebs@unaffiliated/freebs)
20:54.29*** join/#asterisk RovingWriter (~RovingWri@unaffiliated/rovingwriter)
21:19.07*** join/#asterisk youtmon (~yout@c-98-242-250-233.hsd1.fl.comcast.net)
21:28.12*** join/#asterisk [TK]D-Fender (~joe@64.235.216.2)
21:54.09*** join/#asterisk stoopkid (uid137696@gateway/web/irccloud.com/x-jhywwzhxixlzmjab)
21:57.31*** join/#asterisk cresl1n (Adium@asterisk/libpri-and-libss7-expert/Cresl1n)
21:57.31*** mode/#asterisk [+o cresl1n] by ChanServ
22:16.42*** join/#asterisk _r0ck_p3arl_ (~admin@203.149.66.146)
22:18.29*** join/#asterisk Dovid (~dovid@50-201-95-250-static.hfc.comcastbusiness.net)
22:43.52*** join/#asterisk wonderworld (~ww@ip-88-152-174-32.hsi03.unitymediagroup.de)
22:46.19wonderworldwhen i dial a local extension with a timeout like Dial(local/1000@locals,30) and there is another Dial() inside of the local extension with another timeout, which timeout would "win"?
22:53.41Penguinwonderworld: The first timer starts first.
23:14.43*** join/#asterisk infinity_ (~brendon@web2.artsopolis.com)
23:15.12infinity_is there a way for polycom phones to discover local phones and show  BLF lights for them?
23:15.25infinity_or does it have to be statically configured?
23:15.27[TK]D-FenderNo.
23:15.34[TK]D-FenderThey do not "discover" anything
23:15.40[TK]D-FenderThey are told what to look for
23:15.49[TK]D-FenderSo static
23:16.03infinity_[TK]D-Fender: okay. I swear I saw one do it once which is why I'm asking. okay. thanks.
23:17.28*** join/#asterisk tzafrir (~tzafrir@212.29.194.37)
23:28.28*** join/#asterisk pchero (~pchero@109.70.54.56)
23:28.54*** join/#asterisk cemotyz09 (~cemotyz09@cpe-70-121-157-202.satx.res.rr.com)
23:33.49*** part/#asterisk kharwell (kharwell@nat/digium/x-gkaiqnxlkdvwiewc)

Generated by irclog2html.pl Modified by Tim Riker to work with infobot.