Then I would check my routing between two of the servers (both directions) to ensure it is taking a private path.
After that set a proxy to debug, and tail the proxy log (tail -f /var/log/sipxpbx/sipXproxy.log) to see what is it complaining about. I don't think there should be any permissions necessary or set on the dialplan though. >>> Cuneyt M <[email protected]> 07/09/09 5:07 PM >>> Hi Tony, Thank you for the super fast reponse. It seems i've ignored thatsection assuming its all about SBC config. I have now updated all servers' intranet domain to be *.company.comso site1,2,3,4 should be included (?) and also added each lan IP to intranet subnets in all systems; 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 192.168.4.0/24 and then submit successfully, went through the dial plan activationscreen and restarted. However, when i try to dial from one site (192.168.4.2 sipx to192.168.1.2 sipx) to another with the valid dialplan, i still getProxy Authentication Failed response. Did check permissions, dialplan, gateways and subnets one more time butall looks in order. Any idea what might be standing on the way? Thank you in advance! Tony Graziano wrote: In 3.10.3 after adding the gateway and dial plan you must add theremote subnet via "System>Internet Calling>Intranet Subnets" ofall sites interconnected (at each system). Authentication issues willensue if you do not do this. >>> "Tony Graziano" <[email protected]>07/09/09 4:22 PM >>> You must add each site to the intranet list of every connected site orcalls will fail. -----Original Message----- From: Cuneyt M <[email protected]> To: <[email protected]> To: <[email protected]> Sent: 7/9/2009 4:18:39 PM Subject: [sipx-users] Connecting Multiple SipX PBX Sites on 3.10.3 Dear All, I am still using 3.10.3, as my previous attempts to upgrade to 4.01 failed and had to leave that aside as I didn't have more down time to try updated Wiki page for 3.10.x to 4.0.1 yum update - yet. The current issue on 3.10.3 briefly(!) when all sites are VPNed and i -create a gateway for of the other- in each site, along with the dial-plan and publish (checked user's permission etc.), I receive Call Failed: Proxy Authentication Required in Xlite 3.0 (with latestupdates) when i register with Xlite at any of the site (or outside with STUN)and use its dial-plan to call the other. It fails with Proxy Authentication Required. As far as I know, there is no setting to loose sipx 3.10.3 proxy authentication rule from webconfig and I assumed configuring each site as gateway of other should work but it doesnt for some reason. (i. followed the wiki page on connecting 2 sites with sipx and custom dial plan page) I am not really good with the log parsing and using sipViewer (no X installed on boxes and wanna keep it that way for now) and I believethe issue is not a bug but a rather a configuration issue as I read people with success stories on same built. I do hope the following info. would give you the required background on the configuration: There is one aspect of the installation/configuration which I am not quite safe about; (which gets screwed further in my attempts to upgrade 4.01 but thats another story): - There are 4 different Sipx sites, all behind the router/NAT, running on CentOS 5 (installed from ISO 3.8 and yum updated all the way to 3.10.3) and these machines also functions as internal DNS,DHCP to the site's LAN. I have installed *PPTPD *and *PPTP *for Windows VPN usersas well as to connect all 4 sites between themselves to overcome NATissues while connecting each site's PBX to each other (didnt have budget for SBC or external box). - Each site's domain name were given as *sub-domains* of the main *company.com* domain; *site1.company.com *- PublicStaticIP<-ROUTER(NAT) with ports 5060,5061 forwarded to <- SipX *IP 192.168.1.2 Extension Pool 200-499 * * site2.company.com *- PublicStaticIP<-ROUTER(NAT) with ports 5060,5061 forwarded to <- SipX *IP 192.168.2.2* * Extension Pool 500-599* *site3.company.com* - PublicStaticIP<-ROUTER(NAT) with ports 5060,5061 forwarded to <- SipX *IP 192.168.3.2* * Extension Pool 600-699* * site4.company.com *- PublicStaticIP<-ROUTER(NAT) with ports 5060,5061 forwarded to <- SipX *IP 192.168.4.2* * Extension Pool 700-799* - In each site's Sipx DNS, the* /var/named/company.com zone* file configured to contain each Site's A, SRV and NAPTR after local site; This zone configuration approach followed in each site's DNS server. After connecting all sites (2-way) via VPN, I can confirm the SRV resolution as well as verify the A record and node with tracert [r...@site1]# *tracert site1.company.com* traceroute to site1.company.com (192.168.5.2), 30 hops max, 40 bytepackets * 1 192.168.5.2 (192.168.5.2) 82.247 ms 84.355 ms 85.791 ms <-- (1 hop connectivity to other sites with VPN)* [r...@site1]#* nslookup* *-type=SRV* _sip._udp.*site2.company*.com Server: 127.0.0.1 Address: 127.0.0.1#53 *_sip._udp.site2.company.com service = 1 0 5060 site2.company.com. <-- (SRV resolves OK alongside A record)* As for the DNS configuration, following gives an idea of current config which i've been using since day 1 of the installation; *Site1: /var/named/company.com.zone* $TTL 1D @ IN SOA ns1.company.com. root.company.com. ( 200602132 ; serial# 3600 ; refresh, seconds 3600 ; retry, seconds 3600 ; expire, seconds 3600 ) ; minimum TTL, seconds NS ns1.company.com. ; Inet Address of nameserver company.com. MX 10 mail ; Primary Mail Exchanger ns1 CNAME site1 *;* *SITE1 *A, SRV, NAPTR records: *site1.company.com. * IN A 192.168.1.2 /*;* site1.company.com. IN A 203.0.0.1 /* ; /Public IP commented for VPN tests./* *site1.company.com.* IN NAPTR 2 0 "s" "SIP+D2T" "" _sip._tcp.*site1*.company.com. *site1*.company.com. * * IN NAPTR 2 0 "s" "SIP+D2U" "" _sip._udp.*site1.c*ompany.com. _sip._tcp.*site1.*company.com. IN SRV 1 0 5060 *site1.*company.com. _sip._udp.*site1.*company.com. IN SRV 1 0 5060 *site1.*company.com. ; *SITE2 *A, SRV, NAPTR records: *site2.company.com.* IN A *192.168.2.2* ; *using its LAN IP as all SITEs are connected with VPN(PPTP) */*;* site2.company..com. IN A 203.0.0.2 /* ; /Public IP commented for VPN tests./ **site2.company.com*. IN NAPTR 2 0 "s" "SIP+D2T" "" _sip._tcp.*site2.*company.com. *site2.company.com. * IN NAPTR 2 0 "s" "SIP+D2U" "" _sip._udp.*site2.*company.com. _sip._tcp.*site2.company.com.* IN SRV 1 0 5060 *site2.*company.com. _sip._udp.*site2.company.com*. IN SRV 1 0 5060 *site2.*company.com*.* ; *SITE3* A, SRV, NAPTR records: *site3.company.com.* IN A *192.168.3.2* ; *using its LAN IP as all SITEs are connected with VPN(PPTP)* /*;* site3.company.com. IN A 203.0.0.3 /* ; /Public IP commented for VPN tests./* *site3.company..com*. IN NAPTR 2 0 "s" "SIP+D2T" "" _sip._tcp.*site3.*company.com. *site3.company.com. * IN NAPTR 2 0 "s" "SIP+D2U" "" _sip._udp.*site3.*company.com. _sip._tcp.*site3.company.com.* IN SRV 1 0 5060 *site3.*company.com. _sip._udp.*site3.company.com*. IN SRV 1 0 5060 *site3.*company.com*. * It would be highly appreciated if anyone can shed some light on the issue, interconnecting multiple sites - where all sites VPNed with PPTP - with above configuration and gateways,dialplans in place as per the wiki pages - what might be causing Proxy Authentication Failure and whether there is any solution by optimizing the config accordingly.* * All the best! _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/ </[email protected]>
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
