00:06.40 | *** join/#asterisk Enitin (enitin@gateway/vpn/protonvpn/enitin) |
00:13.30 | *** join/#asterisk aness (~aness@2a02:fe1:3103:b800:284b:e68e:1f88:32bf) |
00:45.20 | *** join/#asterisk Iamnach0 (~Iamnacho@ip68-102-131-177.ks.ok.cox.net) |
00:49.09 | *** join/#asterisk Enitin (enitin@gateway/vpn/privateinternetaccess/enitin) |
00:56.37 | *** join/#asterisk lankanmon (~LKNnet@cpeb4fbe4e331bd-cm9050cadd5190.cpe.net.cable.rogers.com) |
01:45.08 | *** join/#asterisk overyander (~overyande@50.115.255.72) |
01:56.36 | *** join/#asterisk tsal (~tsal@i59F5231E.versanet.de) |
01:59.11 | *** join/#asterisk mr44er1 (~mr44er@dynamic-046-114-000-078.46.114.pool.telefonica.de) |
02:20.26 | *** join/#asterisk andrewyager (~andrewyag@syd02s26-fw01.thecore.net.au) |
03:08.35 | *** join/#asterisk jayjo (~jayjo@unaffiliated/jayjo) |
05:30.04 | *** join/#asterisk wdoekes (~walter@wjd.osso.nl) |
05:30.04 | *** mode/#asterisk [+o wdoekes] by ChanServ |
05:34.23 | *** join/#asterisk jbg (sid494673@gateway/web/irccloud.com/x-fnwhdhusgnlwtbaf) |
05:35.27 | jbg | I've got an asterisk server that's behind a NAT, and for various reasons it would be easiest if it could discover its own public IP using STUN. we have our own STUN servers already set up, and I've verified from the asterisk server that I'm able to successfully do a STUN lookup from there |
05:35.53 | jbg | however, after setting stunaddr in rtp.conf, asterisk still sends its private IP in SDPs |
05:36.32 | jbg | is there something else necessary to get asterisk to do the STUN lookup? it may be relevant that we're using pjsip |
05:37.15 | jbg | asterisk version 18.2.1 in case it's important. |
05:54.56 | jbg | ah, looking at the code it looks like the STUN server is only used when ICE is used, it's not supported to just use it to discover the external address in the absence of ICE |
06:09.37 | *** join/#asterisk sinaowolabi (~Sina@105.112.69.124) |
06:18.23 | *** join/#asterisk Cory (~Cory@unaffiliated/cory) |
06:23.47 | *** join/#asterisk JAunis (~jean@lputeaux-658-1-51-39.w92-154.abo.wanadoo.fr) |
06:48.29 | *** join/#asterisk gerhard7 (~gerhard7@86-87-238-48.fixed.kpn.net) |
06:55.18 | *** join/#asterisk Ner0Zer0 (~Ner0Zer0@87.253.63.54) |
07:07.08 | *** join/#asterisk JAunis (~jean@lputeaux-658-1-51-39.w92-154.abo.wanadoo.fr) |
07:19.15 | *** join/#asterisk jkroon (~jkroon@165.16.204.110) |
07:20.26 | jkroon | jbg, i'm fairly certain that shouldn't be the case. |
07:37.30 | jbg | is `ast_rtp_ice_add_cand` used even when ICE is not being used? |
07:37.58 | jbg | because the stun handling code doesn't seem to do anything with the result other than call that fn |
07:37.59 | jbg | https://github.com/asterisk/asterisk/blob/b1807d440e90aa00ce30fd1b8c6a7c99cbb6e151/res/res_rtp_asterisk.c#L3684 |
07:38.39 | jbg | there are some odd messages when I enable stun debug, so if this is expected to work I'll look into those further |
07:47.00 | *** join/#asterisk sinaowolabi (~Sina@102.134.114.1) |
08:15.04 | *** join/#asterisk jkroon (~jkroon@165.16.204.110) |
08:25.04 | *** join/#asterisk sa02irc (~mbax@155-079-043-212.ip-addr.inexio.net) |
08:43.30 | file | STUN is not used to discover the IP for SDP c= |
08:45.44 | jbg | ok, thanks for confirmation |
08:46.08 | jbg | so I should place the IP in external_media_address for the transport in pjsip.conf |
08:46.36 | jbg | asterisk has no built-in mechanism to get config options from the environment or substitute env vars into the config, right? I should take care of that myself? |
08:58.06 | file | correct |
09:00.30 | jbg | ok cool, thanks again for the confirmation. the IP doesn't change during asterisk's runtime so I'll just substitute it into the value for the pjsip.conf external_media_address before launching asterisk |
09:00.41 | *** join/#asterisk andrewya_ (~andrewyag@syd02s26-fw01.thecore.net.au) |
09:09.03 | *** join/#asterisk JAunis (~jean@lputeaux-658-1-51-39.w92-154.abo.wanadoo.fr) |
09:35.11 | *** join/#asterisk JAunis (~jean@lputeaux-658-1-51-39.w92-154.abo.wanadoo.fr) |
09:51.36 | *** join/#asterisk DodgeThis (~DodgeThis@246.102.90.149.rev.vodafone.pt) |
09:53.52 | *** join/#asterisk andrewyager (~andrewyag@syd02s26-fw01.thecore.net.au) |
10:15.15 | jbg | even after specifying the public IP address in external_media_address in pjsip.conf, asterisk still sends the private ip in SDP |
10:15.36 | jbg | I specified it in the transport section in pjsip.conf as documented. is there something else I'm supposed to do? |
10:16.03 | file | is local_net set? |
10:16.04 | orn | jbg: where did you take the capture? maybe it's the router rewriting it -- i've seen numerous faulty NAT implementations |
10:17.15 | jbg | file: yes, local_net is set to the CIDR of the private IP the asterisk box has. the INVITE is coming from a public IP and the candidate in the remote SDP is a public IP, both as sent by the remote system and as seen by asterisk |
10:17.29 | jbg | I'm capturing at both ends, but this is in a datacenter and I control every part of the network up to the transit providers |
10:17.49 | orn | jbg: okay -- just wondering whether maybe asterisk was sending the correct SDP but it was being mangled by a router |
10:18.16 | jbg | yeah, I've seen such things with home routers and some misguided 'enterprise' crap |
10:18.21 | jbg | these are basic routers, no such capability |
10:18.36 | orn | jbg: surprisingly a lot of cisco firmwares have done this |
10:19.20 | jbg | yeah, that's the enterprise crap I refer to |
10:19.28 | jbg | typically the ones designed for installation on prem rather than in DC |
10:19.31 | jbg | anyway, it's not the case here |
10:19.31 | file | nothing else comes to mind, |
10:20.27 | jbg | ok, so just to confirm, this is intended to work this way right? |
10:20.37 | file | if what you say is correct, then yes |
10:20.47 | jbg | SDP should have c=[public ip] if I set external_media_address=[public ip] in pjsip.conf |
10:20.57 | file | if that transport is used, yes |
10:21.03 | jbg | yeah, there is no other transport |
10:21.05 | file | you could turn up core debug and see if it yields any insight |
10:21.14 | jbg | the local_net check, what is it checking against exactly? |
10:21.17 | file | or provide the actual configuration and "pjsip set logger on" trace |
10:21.25 | jbg | the IP the signalling is received on or the IP of the media candidate? |
10:21.33 | jbg | (remote candidate) |
10:21.39 | file | it is checking the IP address that the SIP message is sent to |
10:21.43 | jbg | ok |
10:21.58 | file | if it falls within local_net then nothing is changed, if it falls outside then external_* is used |
10:24.25 | jbg | yeah that could be key, need to check source address of the incoming SIP INVITE |
10:24.35 | jbg | the NAT might be rewriting both src and dst |
10:24.44 | jbg | in which case the src would be inside local_net |
10:26.30 | file | this would be the second time in recent times where someone said the same thing |
10:26.44 | file | (they thought their traffic was coming from the public IP, but it wasn't) |
10:28.18 | jbg | hm no, it's not that |
10:28.35 | jbg | source address of the SIP traffic is the public address of the inviter |
10:34.32 | jbg | ah got it |
10:34.43 | jbg | there's an additional restriction that the address it *would have* sent needs to be within local_net |
10:35.02 | jbg | local_net was not wide enough |
10:38.16 | jbg | aw. thought I had it, but no, even after updating that it's still sending the private IP |
10:38.23 | jbg | I'll turn up debug |
10:38.39 | jbg | specifically to try to see this, https://github.com/asterisk/asterisk/blob/b4347c486150653ec7ce1d129e8f9017c69344da/res/res_pjsip_session.c#L5488 and I'll remove local_net and see if it changes anything |
10:49.24 | jbg | with local_net removed and with debug turned up to 5, I don't see that log message |
11:18.43 | *** join/#asterisk rpifan (~rpifan@p200300d2670b950028e6c037131884fb.dip0.t-ipconnect.de) |
11:22.41 | jbg | ah. needed to load res_pjsip_nat.so. working fine now! pebkac |
11:45.46 | *** join/#asterisk DodgeThis (~DodgeThis@246.102.90.149.rev.vodafone.pt) |
12:04.13 | *** join/#asterisk DodgeThis (~DodgeThis@246.102.90.149.rev.vodafone.pt) |
12:08.57 | *** join/#asterisk andrewyager (~andrewyag@syd02s26-fw01.thecore.net.au) |
12:28.05 | *** join/#asterisk ghoti (~paul@dynamic-66-102-72-202.wtccommunications.ca) |
12:35.08 | *** join/#asterisk sinaowolabi (~Sina@102.134.114.1) |
12:42.31 | *** join/#asterisk ghoti_ (~paul@45.78.98.151) |
12:44.47 | jbg | is there any way to get asterisk to write a dns name in Contact: rather than an IP address? |
12:45.09 | jbg | I set `external_signaling_address = this.is.a.dns.name` but it resolves it and puts one of the resolved IPs in there |
12:47.17 | file | no. |
12:47.38 | jbg | is that a conscious decision that has been made or just that nobody implemented support for it yet? |
12:47.50 | file | nobody implemented it |
13:02.44 | *** join/#asterisk cresl1n (uid299068@asterisk/libpri-and-libss7-expert/Cresl1n) |
13:02.44 | *** mode/#asterisk [+o cresl1n] by ChanServ |
13:06.40 | *** join/#asterisk JAunis (~jean@185.252.128.34) |
13:30.18 | *** join/#asterisk CatCow97 (~mine9@c-73-96-109-206.hsd1.or.comcast.net) |
14:05.47 | *** join/#asterisk bford (uid283514@gateway/web/irccloud.com/x-ijqsbwvfysvlddrd) |
14:05.47 | *** mode/#asterisk [+o bford] by ChanServ |
14:07.23 | *** join/#asterisk kharwell (uid358942@gateway/web/irccloud.com/x-fcufdvdysoxvtaxm) |
14:07.23 | *** mode/#asterisk [+o kharwell] by ChanServ |
14:18.09 | *** join/#asterisk JAunis (~jean@lputeaux-658-1-51-39.w92-154.abo.wanadoo.fr) |
14:38.03 | *** join/#asterisk CatCow97 (~mine9@c-73-96-109-206.hsd1.or.comcast.net) |
14:47.25 | *** join/#asterisk DodgeThis (~DodgeThis@77.91.201.60) |
14:50.45 | sibiria | does pjsip track an endpoint's availability in any other way than with the qualification options? |
14:51.04 | file | if qualification is not enabled, then based on whether any contacts exist or not |
14:51.46 | sibiria | and if qualification is enabled, it is entirely up to that one OPTIONS message, whenever it happens? |
14:52.02 | file | yes |
14:52.10 | igcewieling | options won't happen if there isn't a contact? |
14:52.20 | file | also correct |
14:54.26 | orn | huh -- i'm receiving a "process_cors_request: Origin header 'http://domain.removed.com' does not match an allowed origin.". ari show status shows Allowed Origins: "http://domain.removed.com" |
14:54.40 | orn | i don't get this notice if i replace the ari conf allowed list with * |
14:54.47 | orn | but i AM able to connect |
14:54.52 | orn | any caveats? |
14:54.58 | orn | something that pops into anyone's mind? |
14:56.27 | seanbright | it has to be a verbatim match |
14:56.51 | seanbright | if both of those removed domains in your error log are identical, that sounds like maybe a bug |
14:56.57 | seanbright | but the code is pretty straight forward |
14:57.27 | sibiria | when invoking a call file aimed at an endpoint that is currently offline, asterisk will not enter the call file's context (or any other context seemingly) unless the defined context has the FAILED extension. is there any way of tracking that call file's failure without the FAILED extension? |
14:58.07 | orn | seanbright: it is a verbatim match |
14:58.21 | orn | thanks for your input |
14:58.35 | orn | i glanced at the source and it seems very straight forward |
14:58.38 | orn | as you said |
14:58.51 | seanbright | do you have more than one value in your allowed_origins config? |
15:00.09 | orn | seanbright: yes, comma separated. i've tried also just with the one entry |
15:00.20 | orn | i don't get how i get this notice, and yet am able to connect |
15:00.28 | orn | might just be a bug? |
15:01.28 | seanbright | dunno. would need to see actual configs and all that. |
15:01.37 | jbg | how can I silence acl notice/warnings without affecting other notice/warnings? |
15:05.10 | *** join/#asterisk ^MillerBoss (~biffies@gives.you.more.taste.at.only.96.calories.millerboss.com) |
15:11.38 | *** join/#asterisk jkroon_ (~jkroon@165.16.203.106) |
15:36.30 | Kobaz | weeeel, there goes Level3 |
15:37.28 | Samot | Are they having problems? |
15:41.19 | igcewieling | What about level3???? |
15:41.26 | igcewieling | They are our second carrier. |
15:42.08 | igcewieling | sibiria: use Local/ channels |
15:44.42 | Kobaz | Samot: yup, very down in Chicago right now |
15:45.12 | Samot | Explains my issues. And they are down on the west coast in a spot too. |
15:45.27 | Samot | So is HE and Microsoft, looks like they got problems in the same areas. |
15:48.56 | Kobaz | Someone tripped on the fibers |
15:49.20 | Kobaz | https://www.theatlantic.com/technology/archive/2011/08/squirrels-do-17-of-the-damage-to-fiber-optic-network/243319/ |
15:49.53 | Kobaz | And more recently: https://www.cbsnews.com/news/beavers-shut-down-internet-tumbler-ridge-british-columbia-canada-chewing-stealing-cables-dam/ |
15:51.06 | *** join/#asterisk irrgit (~ch33se@192.241.175.183) |
15:51.18 | igcewieling | Squirrels are evil. |
15:54.00 | igcewieling | I once warred with squirrels. I won, but it took 6 months. |
16:14.53 | *** join/#asterisk jkroon (~jkroon@165.16.203.106) |
16:22.49 | Samot | Well looks like they figured it out. All my stuff is back to normal. |
16:23.16 | *** join/#asterisk tripleslash (~triplesla@unaffiliated/imsaguy) |
16:52.38 | Kobaz | yeah |
17:31.38 | igcewieling | Anyone having problems getting Adtran switches in the past few weeks? Our reseller claims availability problems. |
18:02.39 | *** join/#asterisk jkroon (~jkroon@165.16.203.106) |
18:02.52 | *** join/#asterisk rpifan (~rpifan@p200300d2670b950073e0bb6404a35b65.dip0.t-ipconnect.de) |
18:44.40 | *** join/#asterisk sa02irc (~mbax@155-079-043-212.ip-addr.inexio.net) |
18:50.48 | *** join/#asterisk ghoti_ (~paul@dsl-rb-64-118-22-159.wtccommunications.ca) |
19:11.49 | *** join/#asterisk sa02irc (~mbax@155-079-043-212.ip-addr.inexio.net) |
19:40.49 | *** join/#asterisk drathir_tor (~drathir@gateway/tor-sasl/drathir) |
19:44.36 | *** join/#asterisk sinaowolabi (~Sina@105.112.186.79) |
20:06.20 | *** join/#asterisk eXistenZ (~pectic@bzq-109-67-246-66.red.bezeqint.net) |
20:13.58 | *** join/#asterisk idtentee (sid101023@gateway/web/irccloud.com/x-vgoxoniwwrdtabgu) |
20:13.58 | *** join/#asterisk znf (~ibm86@toaster.linge-ma.ro) |
20:13.58 | *** join/#asterisk detha (~detha@unaffiliated/detha) |
20:13.58 | *** join/#asterisk dupondje (~dupondje@artemis.dupie.be) |
20:13.58 | *** join/#asterisk Samot (sid133316@gateway/web/irccloud.com/x-xbwubgfatobvtqpf) |
20:13.58 | *** join/#asterisk ketas (~ketas@0011-0000-0000-0000-d7dc-830e-07d0-2001.dyn.estpak.ee) |
20:14.15 | *** join/#asterisk ketas (~ketas@0011-0000-0000-0000-d7dc-830e-07d0-2001.dyn.estpak.ee) |
20:14.27 | *** join/#asterisk dupondje (~dupondje@artemis.dupie.be) |
20:31.30 | *** join/#asterisk overyander (~overyande@216.163.21.11) |
20:47.14 | *** join/#asterisk kerouac[m] (kerouacmat@gateway/shell/matrix.org/x-lwmdjcglyoztnpxr) |
20:47.55 | *** join/#asterisk overyander (~overyande@216.163.21.11) |
20:53.50 | *** join/#asterisk lbazan (~LoKoMurdo@fedora/LoKoMurdoK) |
21:28.56 | *** join/#asterisk kerouac[m] (kerouacmat@gateway/shell/matrix.org/x-uemgngoutfjogebj) |
21:32.59 | *** join/#asterisk CatCow97 (~mine9@c-73-96-109-206.hsd1.or.comcast.net) |
21:41.50 | *** join/#asterisk andrewyager (~andrewyag@114.141.97.1) |
22:09.15 | *** join/#asterisk Typhon (~Typhon@dslb-088-066-185-183.088.066.pools.vodafone-ip.de) |
23:01.41 | *** join/#asterisk scampbell (~scampbell@mail.scampbell.net) |
23:12.17 | *** join/#asterisk john2gb0 (~john2gb@94-225-47-8.access.telenet.be) |
23:18.00 | *** join/#asterisk Enitin (enitin@gateway/vpn/privateinternetaccess/enitin) |