Hello,
we have 4 asteriks, 2 in office on one server (wazo and mobydick), and 2
in DC (self compiled) each on his own server. All of them are VMs under
Debian Stretch. We used OpenVPN to connect the machines together in TAP
mode, everything was running well.
Setup is following: the 2 asterisk in office on the same server are
Asterisk 15 (wazo) and Asterisk 11certified (mobydick). Each of them is
connected to the 2 others Asterisk in DC, both being Asterisk 13, all
using chan_sip except one in DC wich is pjsip. They are also 2 IP phones
in the office which are connected to all servers. As stated above, in
tap mode everything is running well.
Now we changed our VPNs to use tun. The setup was tested appart of
asterisks, all connections are OK, all machines can speak to each others
including Windows one.
Now the problem: all VOIP devices are connecting as before except the
Asterisk 15 from Office who can't register to the Asterisk 13 in DC
running pjsip. No problem with the Asterisk11 certified against the same
pjsip, as well as no problem to the other Asterisk 13 in DC running
chan_sip.
What we get:
<--- Received SIP request (394 bytes) from UDP:10.99.0.52:5060 --->
REGISTER sip:zone-s SIP/2.0
Via: SIP/2.0/UDP 192.168.12.250:5060;branch=z9hG4bK4d838884
Max-Forwards: 70
From: <sip:zwr-IPBX@zone-s>;tag=as17aa56c4
To: <sip:zwr-IPBX@zone-s>
Call-ID: 2efc5e2320a31ff1107505663a02397d@127.0.1.1
CSeq: 102 REGISTER
Supported: replaces, timer
User-Agent: Office PBX
Expires: 3600
Contact: <sip:callbackextension@192.168.12.250:5060>
Content-Length: 0
[2018-07-05 18:49:08] NOTICE[21317]: acl.c:750 ast_apply_acl: SIP ACL:
Rejecting '10.99.0.52' due to a failure to pass ACL '(BASELINE)'
[2018-07-05 18:49:08] NOTICE[21317]: res_pjsip/pjsip_distributor.c:649
log_failed_request: Request 'REGISTER' from '<sip:zwr-IPBX@zone-s>'
failed for '10.99.0.52:5060' (call$
d: 2efc5e2320a31ff1107505663a02397d@127.0.1.1) - Not match Endpoint ACL
<--- Transmitting SIP response (322 bytes) to UDP:10.99.0.52:5060 --->
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP
192.168.12.250:5060;rport=5060;received=10.99.0.52;branch=z9hG4bK4d838884
Call-ID: 2efc5e2320a31ff1107505663a02397d@127.0.1.1
From: <sip:zwr-IPBX@zone-s>;tag=as17aa56c4
To: <sip:zwr-IPBX@zone-s>;tag=z9hG4bK4d838884
CSeq: 102 REGISTER
Server: TOOTAiAudio
Content-Length: 0
where 10.99.0.52 is the IP of the office tun VPN and 192.168.12.250 is
the Asterisk 15 IP. zone-s is the hostname of the Asterisk pjsip server.
The 10.99.0.52 is not in ACL (we tried by including it but no luck).
zwr-IPBX is the username/auth_user. Remember, both VOIP phones as well
as the Asterisk 11 server connect without problem. The Asterisk 11 an
Asterisk 13 configuration is the same in pjsip.conf appart of
username/auth_name.
If someone had any clue on this.
Regards
Daniel
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users