Hi Michael,

> The terminating SIP server is actually another Astlinux box.

Cool, so this should be solvable.

Yes, as you suggested a sip debug on the Asterisk CLI (or use  "sipgrep") would 
help ... if you can VPN into the server also a help during the failure.

I would try setting qualify=yes to only the client end SIP trunk, not the 
server end, this would consistently establish new firewall states from the 
client to the server endpoint.  I'm assuming the client end does not open UDP 
5060 and relies on the outbound SIP OPTIONS traffic to establish the firewall 
state.

Additionally, since your SIP trunk is authenticating on the static IPv4 address 
of the PPPoE endpoint, make sure that IPv4 address is indeed static during any 
PPPoE hiccups.

Lonnie

PS, this is a perfect scenario for placing the SIP trunk over a WireGuard VPN, 
for your future setup down the road :-)



On Dec 17, 2017, at 10:56 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> 
wrote:

> Hi Lonnie
> 
> No it's an IP Address only SIP Trunk so no registration. Only Options Pings. 
> I should have done a sip debug on the Asterisk CLI I think.
> It's a static local IP Address (passed by PPPoE) and it did not change.
> The terminating SIP Server has a single Public IP Address so there should be 
> no NAT but I cannot guarantee. The terminating SIP server is actually another 
> Astlinux box.
> 
> Im just wondering; if no IP Address or Port had changed, shouldn't the 
> firewall state remain the same anyway?
> 
> I will try that. More testing required!
> 
> Regards
> Michael Knill
> 
> -----Original Message-----
> From: Lonnie Abelbeck <li...@lonnie.abelbeck.com>
> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net>
> Date: Monday, 18 December 2017 at 3:39 pm
> To: AstLinux List <astlinux-users@lists.sourceforge.net>
> Subject: Re: [Astlinux-users] Problems with PPPoE and Asterisk
> 
> Hi Michael,
> 
> I see your logs stopped after the PPPoE connection was reestablished.  Are 
> there a bunch of asterisk register timeouts after that point ?
> 
> Does your PPPoE "local  IP address" typically change every time the 
> connection goes down and back up ?
> 
> This does sound like a firewall invalid state issue and rebooting allows the 
> invalid state's TTL to expire, BUT the firewall state is probably not in 
> AstLinux but rather upstream.
> 
> Is it possible there is NAT in the path between your PPPoE "local  IP 
> address" and the SIP server ?
> 
> Does the remote SIP server resolve to a single IPv4 address, or is it a 
> round-robin of IPv4 addresses ?
> 
> 
>> Yes I agree. I think it's a firewall problem although a Restart Firewall did 
>> not fix it (
>> Can you think of any good debugging I can do if it happens again?
> 
> The next time, rather than rebooting, I would try from the CLI ...
> --
> service asterisk stop
> (wait 3 minutes or more - use your watch)
> service asterisk init
> --
> If that re-establishes SIP connectivity, that would imply the 
> stuck-firewall-state was upstream.
> 
> Lonnie
> 
> 
> 
> On Dec 17, 2017, at 4:43 PM, Michael Knill 
> <michael.kn...@ipcsolutions.com.au> wrote:
> 
>> Hi Group
>> 
>> I am still having issues with PPPoE and Asterisk connectivity.
>> 
>> This happened over the weekend with one of my sites:
>> Dec 17 00:30:09 2005-Shaw_BG-CM1 local0.notice asterisk[1266]: NOTICE[1408]: 
>> chan_sip.c:30077 in sip_poke_noanswer: Peer 'cts_trunk' is now UNREACHABLE!  
>> Last qualify: 33
>> Dec 17 00:30:33 2005-Shaw_BG-CM1 local0.notice asterisk[1266]: NOTICE[1408]: 
>> chan_sip.c:24558 in handle_response_peerpoke: Peer 'cts_trunk' is now 
>> Reachable. (34ms / 2000ms)
>> Dec 17 00:30:52 2005-Shaw_BG-CM1 daemon.info pppd[336]: LCP terminated by 
>> peer
>> Dec 17 00:30:52 2005-Shaw_BG-CM1 daemon.info pppd[336]: Connect time 568.6 
>> minutes.
>> Dec 17 00:30:52 2005-Shaw_BG-CM1 daemon.info pppd[336]: Sent 1190012 bytes, 
>> received 1282467 bytes.
>> Dec 17 00:30:55 2005-Shaw_BG-CM1 daemon.notice pppd[336]: Connection 
>> terminated.
>> Dec 17 00:30:55 2005-Shaw_BG-CM1 daemon.notice pppd[336]: Modem hangup
>> Dec 17 00:31:03 2005-Shaw_BG-CM1 local0.warn asterisk[1266]: WARNING[1408]: 
>> acl.c:939 in ast_ouraddrfor: Cannot connect to103.262.105.78: Network is 
>> unreachable
>> Dec 17 00:31:03 2005-Shaw_BG-CM1 local0.warn asterisk[1266]: WARNING[1408]: 
>> chan_sip.c:3785 in __sip_xmit: sip_xmit of 0x1ef58a0 (len 511) 
>> to103.262.105.78:5060 returned -2: Network is unreachable
>> Dec 17 00:31:03 2005-Shaw_BG-CM1 local0.err asterisk[1266]: ERROR[1408]: 
>> chan_sip.c:4274 in __sip_reliable_xmit: Serious Network Trouble; __sip_xmit 
>> returns error for pkt data
>> Dec 17 00:31:07 2005-Shaw_BG-CM1 local0.notice asterisk[1266]: NOTICE[1408]: 
>> chan_sip.c:30077 in sip_poke_noanswer: Peer 'cts_trunk' is now UNREACHABLE!  
>> Last qualify: 34
>> Dec 17 00:31:17 2005-Shaw_BG-CM1 local0.warn asterisk[1266]: WARNING[1408]: 
>> acl.c:939 in ast_ouraddrfor: Cannot connect to 103.262.105.78: Network is 
>> unreachable
>> Dec 17 00:31:17 2005-Shaw_BG-CM1 local0.warn asterisk[1266]: WARNING[1408]: 
>> chan_sip.c:3785 in __sip_xmit: sip_xmit of 0x1ef58a0 (len 511) 
>> to103.262.105.78:5060 returned -2: Network is unreachable
>> Dec 17 00:31:17 2005-Shaw_BG-CM1 local0.err asterisk[1266]: ERROR[1408]: 
>> chan_sip.c:4274 in __sip_reliable_xmit: Serious Network Trouble; __sip_xmit 
>> returns error for pkt data
>> Dec 17 00:31:23 2005-Shaw_BG-CM1 user.info kernel: AIF:Dropped INPUT packet: 
>> IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:02:60:40:02:01:41:08:00 SRC=0.0.0.0 
>> DST=255.255.255.255 LEN=146 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=UDP 
>> SPT=5678 DPT=5678 LEN=126
>> Dec 17 00:31:25 2005-Shaw_BG-CM1 daemon.info pppd[336]: PPP session is 3426
>> Dec 17 00:31:25 2005-Shaw_BG-CM1 daemon.warn pppd[336]: Connected to 
>> e0:0e:da:4c:55:dd via interface eth0
>> Dec 17 00:31:25 2005-Shaw_BG-CM1 daemon.info pppd[336]: Using interface ppp0
>> Dec 17 00:31:25 2005-Shaw_BG-CM1 daemon.notice pppd[336]: Connect: ppp0 <--> 
>> eth0
>> Dec 17 00:31:25 2005-Shaw_BG-CM1 daemon.notice pppd[336]: PAP authentication 
>> succeeded
>> Dec 17 00:31:25 2005-Shaw_BG-CM1 daemon.notice pppd[336]: peer from calling 
>> number E0:0E:DA:4C:55:DD authorized
>> Dec 17 00:31:25 2005-Shaw_BG-CM1 daemon.notice pppd[336]: local  IP address 
>> 124.148.24.56
>> Dec 17 00:31:25 2005-Shaw_BG-CM1 daemon.notice pppd[336]: remote IP address 
>> 150.101.32.171
>> Dec 17 00:31:25 2005-Shaw_BG-CM1 daemon.notice pppd[336]: primary   DNS 
>> address 203.0.178.191
>> Dec 17 00:31:25 2005-Shaw_BG-CM1 daemon.notice pppd[336]: secondary DNS 
>> address 203.215.29.191
>> 
>> 
>> The PPPoE came back fine however the SIP Trunk did not come back. I tried an 
>> Asterisk reload an Asterisk restart and a firewall restart to no avail.
>> I actually needed to reboot the box before it came back up. This has 
>> happened before
>> 
>> Im running Astlinux 1.2.10 with Asterisk 13.
>> 
>> Any ideas?
>> 
>> Regards
>> Michael Knill



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to