Thanks Michael yes that's my plan ☺

Regards
Michael Knill
From: Michael Keuter <li...@mksolutions.info>
Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net>
Date: Friday, 9 February 2018 at 8:56 am
To: AstLinux List <astlinux-users@lists.sourceforge.net>
Subject: Re: [Astlinux-users] Network connectivity and DNS issues


Am 08.02.2018 um 22:04 schrieb Michael Knill 
<michael.kn...@ipcsolutions.com.au<mailto:michael.kn...@ipcsolutions.com.au>>:

Thanks Lonnie

I will give Monit a try and let you know how I go.
I will only turn on for some sites.

Regards
Michael Knill

Hi Michael,

in Monit you can run your own programs/scripts and then react on the 
return/exit value of that program. E.g.

----
check program CPU-0_Temp with path "/mnt/kd/bin/monit/sensors_temp.sh 'Core 0'"
   if status > 70 then alert
----


On 9/2/18, 2:49 am, "Lonnie Abelbeck" 
<li...@lonnie.abelbeck.com<mailto:li...@lonnie.abelbeck.com>> wrote:

  Michael,


So my questions are:
1) What frequency of registrations or SIP OPTIONS are actually required to keep 
the firewall translation is place

  Depends on the network hardware in the path and the shortest firewall UDP TTL 
setting, AstLinux defaults to a 180 second UDP TTL for 
netfilter.ip_conntrack_udp_timeout_stream states.

  By default, in sip.conf, qualifyfreq=60 which sends SIP OPTIONS every 60 
seconds.  This should work for most situations.

  But, it seems in your situation the transient case with network issues can 
cause problems.  Possibly setting qualify to something large like 64000 ms, 
qualify=64000 would enable the qualify feature but would not normally fail. 
Possibly mixed with qualifyfreq=30 .  Warning, I have never tested or tried 
this.



2) Would it be feasible for Monit to check 'sip show peers' that if a trunk 
peer has a Host IP Address but is a Status of UNKNOWN then do a 'module reload 
chan_sip.so' and report it?

  Personally I don't use Monit, but in theory it may be possible.

  Lonnie



  On Feb 8, 2018, at 12:54 AM, Michael Knill 
<michael.kn...@ipcsolutions.com.au<mailto:michael.kn...@ipcsolutions.com.au>> 
wrote:


Sorry all I am dredging up this thread again. Thanks Lonnie for the info below.
Although my main provider uses an IP Address based trunk which makes this 
problem go away, I have some providers that require registration via a DNS name.
I have now activated dnsmgr which is good in that it will update the IP Address 
on the peer so it can reregister, HOWEVER the OPTIONS pings will not start up 
again if down after a reboot.
I can turn off SIP OPTIONS (qualify=no) and put in a specific firewall rule I 
suppose but I would still rather have qualify=yes

So my questions are:
1) What frequency of registrations or SIP OPTIONS are actually required to keep 
the firewall translation is place
2) Would it be feasible for Monit to check 'sip show peers' that if a trunk 
peer has a Host IP Address but is a Status of UNKNOWN then do a 'module reload 
chan_sip.so' and report it?

Thanks all.

Regards
Michael Knill

On 13/1/18, 6:38 am, "Michael Knill" 
<michael.kn...@ipcsolutions.com.au<mailto:michael.kn...@ipcsolutions.com.au>> 
wrote:

 Thanks Lonnie

 I have confirmed with my main provider that their IP Address will likely never 
change to I will be putting the IP Address in sip.conf so I don't even need to 
set a static host.
 I do like to know the reachability of my trunks so I will keep the OPTIONS 
pings going.

 Thanks so much again for your help.

 Regards
 Michael Knill

 On 13/1/18, 2:42 am, "Lonnie Abelbeck" 
<li...@lonnie.abelbeck.com<mailto:li...@lonnie.abelbeck.com>> wrote:

     Hi Michael,

     The easiest way to always make sure a DNS name resolves is to define 
static IP addresses in:

     Network tab -> Network Services: -> DNS Forwarder & DHCP Server: { 
Configure DNS Hosts }

     There you can statically define DNS host names without requiring any 
changes to your Asterisk configuration. Of course if your SIP provider makes 
changes you will have to reconfigure the DNS IP's like a bunny.


     Another approach, or in tandem, is to not depend on OPTIONS pings 
(qualify=yes) to keep firewall ports open, instead (qualify=no) use very 
specific (secure) firewall rules for inbound SIP calls.


     To be clear, it is not recommended to do either of the above as a general 
practice, but you do what you have to do.

     Lonnie


     On Jan 11, 2018, at 10:50 PM, Michael Knill 
<michael.kn...@ipcsolutions.com.au<mailto:michael.kn...@ipcsolutions.com.au>> 
wrote:


Hi Group

I have started a new thread although this is a continuation of my intermittent 
issues with sip trunks not coming back after a network outage.
After some testing in the lab I have realised that most of these problems are 
related to DNS resolution.

Basically I am using sip domain names for all my providers so DNS resolution is 
necessary. What I have found is that if for some reason DNS resolution is not 
possible (e.g. network is down), if the system is rebooted or Asterisk loses 
the resolved address, it no longer sends the OPTIONS pings as it cant find the 
address obviously.
Yes that makes sense however the problem arises when the network is restored, 
Asterisk is completely unaware and therefore makes no attempt in resolving the 
address.
I believe this is what is causing my intermittent issues which is easily 
resolved by doing an Asterisk Reload when network connectivity is restored. I 
have also enabled the Asterisk dnsmgr which does not fix the problem. I suspect 
that if it couldn't initially resolve it then it gives up totally.

So what is the fix. Here are some of my options:
• Don't use DNS but just use the IP Address instead. This will most certainly 
resolve the issue but is it the best way? Something in the Hosts file maybe?
• Perform sip monitoring using the SIP Monitor script or Monit. If the SIP URL 
is resolvable but the status is UNKNOWN then issue a module reload of chan_sip
• Something else

PS the SIP Monitor does not seem to work for me. It only sends me an email when 
the system is rebooted.
Thanks all.

Regards
Michael Knill

Michael

http://www.mksolutions.info



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to