I have been running VyOS 1.1.8 for sometime now. I started with Vyatta version 3 or 4 years ago. I decided to update the 1.1.8 router to 1.2 Release 3 to get off kernel 6. The update went just fine and old configuration looks good. However, I can’t receive inbound calls to Asterisk 13.18-cert2 server. The Asterisk server is for Inbound only calls, No Outbound calls allowed. The SIP account registered without a problem.
if I set system image default-boot 1.1.8 everything works as expected.
I’m at a loss for what to do next. I have also tried building from scratch a new 1.2 RC3 without firewall, just bear-bone.
Perhaps I need to explain the the VyOS config and how Asterisk is setup. Today, i tried the latest version 1.2 RC4, still doesn’t work.
The router config has two interfaces, one for public IP and one for internal network where the Asterisk server lives. no firewall, one source NAT for internet access. DNS is 8.8.8.8 and gateway is public IP.
The Asterisk server has one interface running CentOS 7.5.1804. DNS is 8.8.8.8 and the gateway is the internal interface on the router. Firewall is disabled.
Can i still assume if i have no firewall configured on the public interface the router is wide open? conntrack modules sip is already disabled and committed.
Hi @ajp115
yes if you have no firewall configured on and no listen address for ssh for instance, ssh would be reachable by the entire world as well as any other service. However, that is only true for any traffic hitting your router directly.
I assume you need to do port forwarding for SIP, assuming your are using RFC1918/3849 addresses.
Hi Hagbard, thanks for replying. I’ve tried port forwarding and that didn’t work. When using VyOS 1.1.8 all that is needed is a source NAT to the internet. I have this configuration on 3 other asterisk servers using 1.1.8.
I have discovered my asterisk server is trying to register using its asterisk internal IP address with the SIP provider. This only happens on 1.2-RC4. I wonder if the source NAT isn’t working correctly. I know some SIP providers make exception when this happens but this guys don’t. Why this only happens on VyOS 1.2-RC4 I don’t know yet.
Hi, @ajp115!
Can you provide your VyOS current version and configuration? And also Asterisk configuration for SIP chan?
Also we need to look at verbose Asterisk logs in moment when incoming call is occurred.
This information can help to find reason of your issue.
When running 1.2 RC5 the Astersik server is always trying to re-register. When on the phone this morning with the ISP I executed SIP ReLOAD. The ISP never saw the SIP re-register. I have also added two screen shots from the ISP. One when running 1.1.8 and the other when running 1.2.RC5.
the Contact field is always the server internal IP when running 1.2 RC5
Actually, you need this in situations like this. As you see, without this parameter Asterisk sometimes can register with its private address (I assume this can be issued by some NAT nuances in VyOS 1.2).
Setting correct NAT in Asterisk can help to prevent a lot of problems.
That fixed it! I tried this a few days ago but only used the extenip option and not the localnet as well. This time I used both and it worked. or, there was probably something wrong at that time.
Resolution,
Added extenip and localnet to Asterisk sip.conf
Thanks zsdc for the fix and everyone else who commented.