date:20160921

[asterisk-users] SIP trunk down. Wireshark shows ICMP Communication administratively filtered

2016-09-21 Thread Olivier

Hello,

I've got a remote system that is plagued with a strange issue.

It happens from time to time.
Yet, I've not found any condition that trigger this phenomenon.

Here is my setup:

-   PSTN  <---> ITSP <--SIP trunk--> Router <> Switch <> Asterisk
box

|

|
SIP
Phones

- Asterisk box is a Raspi/Rasbian with Asterisk 1.8.13
- Switch is DLink DGS-1210-10P
- Router is Zyxel box (I don't manage it)


I see (with Asterisk console) that Asterisk is sending OPTIONS/REGISTER
requests.

With tcpdump and wireshark, I see that :
1. those OPTIONS/REGISTER messages are sent to my ITSP gateway (IP src is
Asterisk box, IP dst is ITSP gateway)
2. my router replies (within 30ms)  with something Wireshark presents as an
ICMP message like this:
 ICMP491Destination unreachable (Communication administratively
filtered) ( (IP src is router box, IP dst is Asterisk box)


While this happens, I can successively ping my ITSP gateway.

Searching the web, I found [1] and [2].

1. Is it common to get an ICMP reply to a SIP message ?
2. Any advice or suggestion ?


[1]
https://ask.wireshark.org/questions/26667/have-packet-capture-somethings-wrong
[2] http://www.tahi.org/sip-ipv6/ua6/doc-1.0/sip-ipv6-tm/icmp/UA-15-2-1.html


Best regards
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
  http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] AsyncAGI - How to jump in dial plan when no action initiated on channel or AMI user is disconnected

2016-09-21 Thread Amit Patkar

Thanks Mathew. I understand that there is no coordination between 
AsyncAGI & AMI.
Is there any dial plan function which can tell us if there is active AMI 
session?

Thanks & Regards,
Amit Patkar

On 9/21/2016 6:27 PM, Matthew Jordan wrote:

On Tue, Sep 20, 2016 at 10:49 PM, Amit Patkar  wrote:

>It means, AMI application is no more running or crashed or lost network
>connection with asterisk server.
>In such cases call is neither answered nor disconnected by Asterisk. I want
>to detect such state and jump to next dial plan to answer or reject the
>calls
>

No, there is no automatic coordination mechanism between AsyncAGI and
AMI. In fact, AsyncAGI doesn't know*which*  AMI session is even
managing the channels - it just waits for the appropriate AMI action
to come across and signal something to the channels.

Your external application would have to manage this process. A simple
solution would be to use an AMI library that supports automatic
reconnects. On a reconnect, ask Asterisk for the current channels; if
any exist, handle their recovery either by determining their
application state or by releasing them back to the dialplan.

-- Matthew Jordan Digium, Inc. | CTO 445 Jan Davis Drive NW - 
Huntsville, AL 35806 - USA Check us out at: http://digium.com & 
http://asterisk.org

--
_ 
-- Bandwidth and Colocation Provided by http://www.api-digital.com -- 
Join the Asterisk Community at the 13th AstriCon, September 27-29, 
2016 http://www.asterisk.org/community/astricon-user-conference New to 
Asterisk? Start here: 
https://wiki.asterisk.org/wiki/display/AST/Getting+Started 
asterisk-users mailing list To UNSUBSCRIBE or update options visit: 
http://lists.digium.com/mailman/listinfo/asterisk-users

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
  http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] AsyncAGI - How to jump in dial plan when no action initiated on channel or AMI user is disconnected

2016-09-21 Thread Matthew Jordan

On Tue, Sep 20, 2016 at 10:49 PM, Amit Patkar  wrote:
> It means, AMI application is no more running or crashed or lost network
> connection with asterisk server.
> In such cases call is neither answered nor disconnected by Asterisk. I want
> to detect such state and jump to next dial plan to answer or reject the
> calls
>

No, there is no automatic coordination mechanism between AsyncAGI and
AMI. In fact, AsyncAGI doesn't know *which* AMI session is even
managing the channels - it just waits for the appropriate AMI action
to come across and signal something to the channels.

Your external application would have to manage this process. A simple
solution would be to use an AMI library that supports automatic
reconnects. On a reconnect, ask Asterisk for the current channels; if
any exist, handle their recovery either by determining their
application state or by releasing them back to the dialplan.

-- 
Matthew Jordan
Digium, Inc. | CTO
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
  http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] SIP trunk down. Wireshark shows ICMP Communication administratively filtered

2016-09-21 Thread Tim S

Sounds like a firewall setting to me.  If you can ping, then Internet
Control Message Protocol (ICMP) packets are allowed, but if SIP traffic is
returning the ICMP Type 3 (code 13) response, then your SIP ports are
blocked (at least the firewall admin was nice enough to leave the reason
code messaging enabled).

Get in touch with your firewall admin and have them forward TCP/UDP 5060,
4569, 5036, and UPD 1:2 and 2727 to your Asterisk box IP address.
Make sure they white-list the traffic they pass, so get the IP adress(es)
of your ITSP and only have the firewall accept traffic on those ports from
that(those) address(es).  That's your first line of defence on toll fraud.

If the firewall has a VoIP helper function that opens up UDP ports as
needed during a session start, that should reduce your attack surface too.

-Tim

On Wed, Sep 21, 2016 at 3:15 AM, Olivier  wrote:

> Hello,
>
> I've got a remote system that is plagued with a strange issue.
>
> It happens from time to time.
> Yet, I've not found any condition that trigger this phenomenon.
>
> Here is my setup:
>
> -   PSTN  <---> ITSP <--SIP trunk--> Router <> Switch <> Asterisk
> box
>
> |
>
> |
>
> SIP Phones
>
> - Asterisk box is a Raspi/Rasbian with Asterisk 1.8.13
> - Switch is DLink DGS-1210-10P
> - Router is Zyxel box (I don't manage it)
>
>
> I see (with Asterisk console) that Asterisk is sending OPTIONS/REGISTER
> requests.
>
> With tcpdump and wireshark, I see that :
> 1. those OPTIONS/REGISTER messages are sent to my ITSP gateway (IP src is
> Asterisk box, IP dst is ITSP gateway)
> 2. my router replies (within 30ms)  with something Wireshark presents as
> an ICMP message like this:
>  ICMP491Destination unreachable (Communication administratively
> filtered) ( (IP src is router box, IP dst is Asterisk box)
>
>
> While this happens, I can successively ping my ITSP gateway.
>
> Searching the web, I found [1] and [2].
>
> 1. Is it common to get an ICMP reply to a SIP message ?
> 2. Any advice or suggestion ?
>
>
> [1] https://ask.wireshark.org/questions/26667/have-packet-
> capture-somethings-wrong
> [2] http://www.tahi.org/sip-ipv6/ua6/doc-1.0/sip-ipv6-tm/icmp/
> UA-15-2-1.html
>
>
> Best regards
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
>   http://www.asterisk.org/community/astricon-user-conference
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
  http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] SIP trunk down. Wireshark shows ICMP Communication administratively filtered

Re: [asterisk-users] AsyncAGI - How to jump in dial plan when no action initiated on channel or AMI user is disconnected

Re: [asterisk-users] AsyncAGI - How to jump in dial plan when no action initiated on channel or AMI user is disconnected

Re: [asterisk-users] SIP trunk down. Wireshark shows ICMP Communication administratively filtered

4 matches

Site Navigation

Mail list logo

Footer information