VyOS 1.2.0-rc3 and Asterisk SIP


#1

Hello,

I have been running VyOS 1.1.8 for sometime now. I started with Vyatta version 3 or 4 years ago. I decided to update the 1.1.8 router to 1.2 Release 3 to get off kernel 6. The update went just fine and old configuration looks good. However, I can’t receive inbound calls to Asterisk 13.18-cert2 server. The Asterisk server is for Inbound only calls, No Outbound calls allowed. The SIP account registered without a problem.

if I set system image default-boot 1.1.8 everything works as expected.

I’m at a loss for what to do next. I have also tried building from scratch a new 1.2 RC3 without firewall, just bear-bone.

Has anyone run into this problem?


#2

Just a thought, could be wrong, can you try toggling this:

set system conntrack modules sip disable


#3

Hi Matt, no you’re not wrong. However, I did try that setting and it made no difference.

Thank you for responding. If you can think of anything else it would be very much appreciated.


#4

Perhaps I need to explain the the VyOS config and how Asterisk is setup. Today, i tried the latest version 1.2 RC4, still doesn’t work.

The router config has two interfaces, one for public IP and one for internal network where the Asterisk server lives. no firewall, one source NAT for internet access. DNS is 8.8.8.8 and gateway is public IP.

The Asterisk server has one interface running CentOS 7.5.1804. DNS is 8.8.8.8 and the gateway is the internal interface on the router. Firewall is disabled.

Can i still assume if i have no firewall configured on the public interface the router is wide open?
conntrack modules sip is already disabled and committed.

any ideas would be very appreciated.

Thank you,


#5

Hi @ajp115
yes if you have no firewall configured on and no listen address for ssh for instance, ssh would be reachable by the entire world as well as any other service. However, that is only true for any traffic hitting your router directly.
I assume you need to do port forwarding for SIP, assuming your are using RFC1918/3849 addresses.


#6

Hi Hagbard, thanks for replying. I’ve tried port forwarding and that didn’t work. When using VyOS 1.1.8 all that is needed is a source NAT to the internet. I have this configuration on 3 other asterisk servers using 1.1.8.

I have discovered my asterisk server is trying to register using its asterisk internal IP address with the SIP provider. This only happens on 1.2-RC4. I wonder if the source NAT isn’t working correctly. I know some SIP providers make exception when this happens but this guys don’t. Why this only happens on VyOS 1.2-RC4 I don’t know yet.

Thank you


#7

I see, so your site is always the connection initiator.
What if you just ping a public IP, do you get a response? If so, NAT won’t be your issue.


#8

Yes, the Asterisk server is always the initiator. I can ping from the server to the ISP provider or any other public IP and get a normal response.


#9

Hi, @ajp115!
Can you provide your VyOS current version and configuration? And also Asterisk configuration for SIP chan?
Also we need to look at verbose Asterisk logs in moment when incoming call is occurred.
This information can help to find reason of your issue.


#10

Thank you.

I will collect information requested and post in the next 24 hours.


#11

ZSDC, information you requested is attached.

When running 1.2 RC5 the Astersik server is always trying to re-register. When on the phone this morning with the ISP I executed SIP ReLOAD. The ISP never saw the SIP re-register. I have also added two screen shots from the ISP. One when running 1.1.8 and the other when running 1.2.RC5.

the Contact field is always the server internal IP when running 1.2 RC5

running 1.2 RC5
Contact: sip:6084715913@:5060**172.18.1.191**;Expires=30

running 1.1.8
Contact: sip:6084715913@64.73.114.170:5060

Thank for the help and please let me know if you need more information about the configuration.

Attached Files

Asterisk incoming call on version 1.1.8.txt (22.3 KB)
Asterisk waiting for call. Asterisk is always trying to re-register on VyOS 1.2-RC5.txt (6.5 KB)
Registraion information from ISP side when running 1.1.8…txt (461 Bytes)
Registraion information from ISP side when running 1.2-RC5.txt (451 Bytes)
Set system Image to 1.2-RC5.txt (518 Bytes)
V- 1.1.8 config Working with Astersik…txt (5.9 KB)
sip.conf -1.2-RC5.txt (490 Bytes)
V- 1.2-RC5 config NOT working with Asterisk.txt (5.6 KB)
sip.conf - 1.1.8.txt (490 Bytes)


#12

What is your “nat”, “localnet” and “externip” parameters in Asterisk?


#13

I’m using source NAT rule 900 on the VyOS.
I’m not using localnet and externIP in SIP.CONF. I shouldn’t need to.

Asterisk is the initiator which should open the channel to the ISP. Ping or qualify=yes should keep it open.


#14

Actually, you need this in situations like this. As you see, without this parameter Asterisk sometimes can register with its private address (I assume this can be issued by some NAT nuances in VyOS 1.2).
Setting correct NAT in Asterisk can help to prevent a lot of problems.


#15

I’ll set this up in Asterisk and report back shortly.

Thank you


#16

That fixed it! I tried this a few days ago but only used the extenip option and not the localnet as well. This time I used both and it worked. or, there was probably something wrong at that time.

Resolution,
Added extenip and localnet to Asterisk sip.conf

Thanks zsdc for the fix and everyone else who commented.

The End… til next time!