Dear All,
I am still using 3.10.3, as my previous attempts to upgrade to 4.01
failed and had to leave that aside as I didn't have more down time to
try updated Wiki page for 3.10.x to 4.0.1 yum update - yet.
The current issue on 3.10.3 briefly(!) when all sites are VPNed and i
-create a gateway for of the other- in each site, along with the
dial-plan and publish (checked user's permission etc.), I receive Call
Failed: Proxy Authentication Required in Xlite 3.0 (with latest updates)
when i register with Xlite at any of the site (or outside with STUN) and
use its dial-plan to call the other. It fails with Proxy Authentication
Required.
As far as I know, there is no setting to loose sipx 3.10.3 proxy
authentication rule from webconfig and I assumed configuring each site
as gateway of other should work but it doesnt for some reason. (i.
followed the wiki page on connecting 2 sites with sipx and custom dial
plan page)
I am not really good with the log parsing and using sipViewer (no X
installed on boxes and wanna keep it that way for now) and I believe the
issue is not a bug but a rather a configuration issue as I read people
with success stories on same built.
I do hope the following info. would give you the required background on
the configuration:
There is one aspect of the installation/configuration which I am not
quite safe about; (which gets screwed further in my attempts to upgrade
4.01 but thats another story):
- There are 4 different Sipx sites, all behind the router/NAT, running
on CentOS 5 (installed from ISO 3.8 and yum updated all the way to
3.10.3) and these machines also functions as internal DNS,DHCP to the
site's LAN. I have installed *PPTPD *and *PPTP *for Windows VPN users as
well as to connect all 4 sites between themselves to overcome NAT issues
while connecting each site's PBX to each other (didnt have budget for
SBC or external box).
- Each site's domain name were given as *sub-domains* of the main
*company.com* domain;
*site1.company.com *- PublicStaticIP<-ROUTER(NAT) with ports
5060,5061 forwarded to <- SipX *IP 192.168.1.2
Extension Pool 200-499
* * site2.company.com *- PublicStaticIP<-ROUTER(NAT) with ports
5060,5061 forwarded to <- SipX *IP 192.168.2.2*
* Extension Pool 500-599*
*site3.company.com* - PublicStaticIP<-ROUTER(NAT) with ports
5060,5061 forwarded to <- SipX *IP 192.168.3.2*
* Extension Pool 600-699*
* site4.company.com *- PublicStaticIP<-ROUTER(NAT) with ports
5060,5061 forwarded to <- SipX *IP 192.168.4.2*
* Extension Pool 700-799*
- In each site's Sipx DNS, the* /var/named/company.com zone* file
configured to contain each Site's A, SRV and NAPTR after local site;
This zone configuration approach followed in each site's DNS server.
After connecting all sites (2-way) via VPN, I can confirm the SRV
resolution as well as verify the A record and node with tracert
[r...@site1]# *tracert site1.company.com*
traceroute to site1.company.com (192.168.5.2), 30 hops max, 40 byte packets
* 1 192.168.5.2 (192.168.5.2) 82.247 ms 84.355 ms 85.791 ms <--
(1 hop connectivity to other sites with VPN)*
[r...@site1]#* nslookup* *-type=SRV* _sip._udp.*site2.company*.com
Server: 127.0.0.1
Address: 127.0.0.1#53
*_sip._udp.site2.company.com service = 1 0 5060 site2.company.com.
<-- (SRV resolves OK alongside A record)*
As for the DNS configuration, following gives an idea of current config
which i've been using since day 1 of the installation;
*Site1: /var/named/company.com.zone*
$TTL 1D
@ IN SOA ns1.company.com. root.company.com. (
200602132 ; serial#
3600 ; refresh, seconds
3600 ; retry, seconds
3600 ; expire, seconds
3600 ) ; minimum TTL, seconds
NS ns1.company.com. ; Inet Address of nameserver
company.com. MX 10 mail ; Primary Mail Exchanger
ns1 CNAME site1
*;* *SITE1 *A, SRV, NAPTR records:
*site1.company.com. * IN A 192.168.1.2
/*;* site1.company.com. IN A 203.0.0.1 /* ;
/Public IP commented for VPN tests./*
*site1.company.com.* IN NAPTR 2 0 "s" "SIP+D2T"
"" _sip._tcp.*site1*.company.com.
*site1*.company.com. * * IN NAPTR 2 0 "s"
"SIP+D2U" "" _sip._udp.*site1.c*ompany.com.
_sip._tcp.*site1.*company.com. IN SRV 1 0 5060
*site1.*company.com.
_sip._udp.*site1.*company.com. IN SRV 1 0 5060
*site1.*company.com.
; *SITE2 *A, SRV, NAPTR records:
*site2.company.com.* IN A *192.168.2.2* ;
*using its LAN IP as all SITEs are connected with VPN(PPTP)
*/*;* site2.company.com. IN A 203.0.0.2 /* ;
/Public IP commented for VPN tests./
**site2.company.com*. IN NAPTR 2 0 "s" "SIP+D2T"
"" _sip._tcp.*site2.*company.com.
*site2.company.com. * IN NAPTR 2 0 "s" "SIP+D2U"
"" _sip._udp.*site2.*company.com.
_sip._tcp.*site2.company.com.* IN SRV 1 0 5060
*site2.*company.com.
_sip._udp.*site2.company.com*. IN SRV 1 0 5060
*site2.*company.com*.*
; *SITE3* A, SRV, NAPTR records:
*site3.company.com.* IN A *192.168.3.2* ;
*using its LAN IP as all SITEs are connected with VPN(PPTP)*
/*;* site3.company.com. IN A 203.0.0.3 /* ;
/Public IP commented for VPN tests./*
*site3.company.com*. IN NAPTR 2 0 "s" "SIP+D2T"
"" _sip._tcp.*site3.*company.com.
*site3.company.com. * IN NAPTR 2 0 "s" "SIP+D2U"
"" _sip._udp.*site3.*company.com.
_sip._tcp.*site3.company.com.* IN SRV 1 0 5060
*site3.*company.com.
_sip._udp.*site3.company.com*. IN SRV 1 0 5060
*site3.*company.com*.
*
It would be highly appreciated if anyone can shed some light on the
issue, interconnecting multiple sites - where all sites VPNed with PPTP
- with above configuration and gateways,dialplans in place as per the
wiki pages - what might be causing Proxy Authentication Failure and
whether there is any solution by optimizing the config accordingly.*
*
All the best!
_______________________________________________
sipx-users mailing list [email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX -- http://www.sipfoundry.org/
