Thanks Lonnie
I will give Monit a try and let you know how I go.
I will only turn on for some sites.
Regards
Michael Knill
On 9/2/18, 2:49 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote:
Michael,
> So my questions are:
> 1) What frequency of registrations or SIP OPTIONS are actually required
to keep the firewall translation is place
Depends on the network hardware in the path and the shortest firewall UDP
TTL setting, AstLinux defaults to a 180 second UDP TTL for
netfilter.ip_conntrack_udp_timeout_stream states.
By default, in sip.conf, qualifyfreq=60 which sends SIP OPTIONS every 60
seconds. This should work for most situations.
But, it seems in your situation the transient case with network issues can
cause problems. Possibly setting qualify to something large like 64000 ms,
qualify=64000 would enable the qualify feature but would not normally fail.
Possibly mixed with qualifyfreq=30 . Warning, I have never tested or tried
this.
> 2) Would it be feasible for Monit to check 'sip show peers' that if a
trunk peer has a Host IP Address but is a Status of UNKNOWN then do a 'module
reload chan_sip.so' and report it?
Personally I don't use Monit, but in theory it may be possible.
Lonnie
On Feb 8, 2018, at 12:54 AM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
> Sorry all I am dredging up this thread again. Thanks Lonnie for the info
below.
> Although my main provider uses an IP Address based trunk which makes this
problem go away, I have some providers that require registration via a DNS name.
> I have now activated dnsmgr which is good in that it will update the IP
Address on the peer so it can reregister, HOWEVER the OPTIONS pings will not
start up again if down after a reboot.
> I can turn off SIP OPTIONS (qualify=no) and put in a specific firewall
rule I suppose but I would still rather have qualify=yes
>
> So my questions are:
> 1) What frequency of registrations or SIP OPTIONS are actually required
to keep the firewall translation is place
> 2) Would it be feasible for Monit to check 'sip show peers' that if a
trunk peer has a Host IP Address but is a Status of UNKNOWN then do a 'module
reload chan_sip.so' and report it?
>
> Thanks all.
>
> Regards
> Michael Knill
>
> On 13/1/18, 6:38 am, "Michael Knill" <michael.kn...@ipcsolutions.com.au>
wrote:
>
> Thanks Lonnie
>
> I have confirmed with my main provider that their IP Address will
likely never change to I will be putting the IP Address in sip.conf so I don't
even need to set a static host.
> I do like to know the reachability of my trunks so I will keep the
OPTIONS pings going.
>
> Thanks so much again for your help.
>
> Regards
> Michael Knill
>
> On 13/1/18, 2:42 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com>
wrote:
>
> Hi Michael,
>
> The easiest way to always make sure a DNS name resolves is to
define static IP addresses in:
>
> Network tab -> Network Services: -> DNS Forwarder & DHCP Server: {
Configure DNS Hosts }
>
> There you can statically define DNS host names without requiring
any changes to your Asterisk configuration. Of course if your SIP provider
makes changes you will have to reconfigure the DNS IP's like a bunny.
>
>
> Another approach, or in tandem, is to not depend on OPTIONS pings
(qualify=yes) to keep firewall ports open, instead (qualify=no) use very
specific (secure) firewall rules for inbound SIP calls.
>
>
> To be clear, it is not recommended to do either of the above as a
general practice, but you do what you have to do.
>
> Lonnie
>
>
> On Jan 11, 2018, at 10:50 PM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
>
>> Hi Group
>>
>> I have started a new thread although this is a continuation of my
intermittent issues with sip trunks not coming back after a network outage.
>> After some testing in the lab I have realised that most of these
problems are related to DNS resolution.
>>
>> Basically I am using sip domain names for all my providers so DNS
resolution is necessary. What I have found is that if for some reason DNS
resolution is not possible (e.g. network is down), if the system is rebooted or
Asterisk loses the resolved address, it no longer sends the OPTIONS pings as it
cant find the address obviously.
>> Yes that makes sense however the problem arises when the network is
restored, Asterisk is completely unaware and therefore makes no attempt in
resolving the address.
>> I believe this is what is causing my intermittent issues which is easily
resolved by doing an Asterisk Reload when network connectivity is restored. I
have also enabled the Asterisk dnsmgr which does not fix the problem. I suspect
that if it couldn't initially resolve it then it gives up totally.
>>
>> So what is the fix. Here are some of my options:
>> • Don't use DNS but just use the IP Address instead. This will most
certainly resolve the issue but is it the best way? Something in the Hosts file
maybe?
>> • Perform sip monitoring using the SIP Monitor script or Monit. If the
SIP URL is resolvable but the status is UNKNOWN then issue a module reload of
chan_sip
>> • Something else
>>
>> PS the SIP Monitor does not seem to work for me. It only sends me an
email when the system is rebooted.
>> Thanks all.
>>
>> Regards
>> Michael Knill
>>
------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org!
http://sdm.link/slashdot_______________________________________________
>> Astlinux-users mailing list
>> Astlinux-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
>
>
>
------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal
to pay...@krisk.org.
>
>
>
------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
>
>
------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
