I have looked at the phone longs all they show is the registration is not working.
I should also add, that I have tried restarting asterisk, that did not solve the problem. I have a hard time tracking down the problem because the organization, reboots the firewall about once an hour to make sure their phones work. So I have weekends and nights. -----Original Message----- From: Peter Philipp <i...@callpeter.tel> Sent: Tuesday, August 13, 2024 4:24 AM To: Peter Fraser <p...@thinkage.ca> Cc: misc@openbsd.org Subject: Re: Missing packets? On Mon, Aug 12, 2024 at 09:29:57PM +0000, Peter Fraser wrote: > I support a charity and I look after a OpenBSD firewall. > The firewall supports asterisk, nsd, unbound, dhcpd. > Everything was working properly. > > Then they did some rewiring, and the behaviour of the system is now very > strange. > > When the system starts up, everything behaved properly, their phones > register, and calls can come in and go. > All the extension work, > Web access is fine, dns works fine, as does ssh, dhcp > > But once the registration of the phones to asterisk time out. The phones do > not reregister. > The registration by asterisk to the sip supplier (voip.ms) work fine. > > I put a packet trace on the interface, and I don't see and packets either as > tcp, udp or eithernet from the phones. > Not do I see an logs for pf for packets passed or blocked. > > I have been known to bark up the wrong tree, but I am suspecting the problem > is something I did in OpenBSD. > > I can't figure out when asterisk works with just booted. > That imply that the sip packets are reaching asterisk at the beginning. > Why do sip packets not get to astrerisk after the first registration times > out. > > I might be suspicious of the phones, but there are 9 of them (Polycom 550), > and I don't believe that all of them could fail at the same time and same way. > > Any help of suggestions would be appreciated Thanks Hi Peter Fraser, If you do not see the phones packets (usually port 5060/udp) then perhaps there is a DNS issue? VOIP phones often register after a DNS request to _sip._udp.domain.tld. with an RR of SRV, (sometimes they even attempt a NAPTR RR request). You could monitor one phone directly by plugging in a laptop in bridge mode (with extra ethernet interface) and look what it does. Sometimes phone also have a syslog functionality, it usually requires a reboot on the phone. (my phone syslog settings) 3730 ?? Spc 0:19.01 /usr/sbin/syslogd -U 192.168.174.1 (syslog.conf) !!GXP2100_PHONE *.* /var/log/grandstream ! I hope that helps somewhat! A phone usually boots, gets dhcp info and does dns lookups in order to register to its proxy or the UAS (asterisk in your case). The first packet will usually be a REGISTER SIP packet followed by a Authentication required packet from the UAS, and then it re-registers again with the Nonce that UAS gave it on that initial denial. For what it's worth... the voip provider I used to work with, put a kamailio in front of the asterisk on localhost in order to have some more control. However kamailio is the worst config language I've ever dealt with and I'd say just go with the asterisk for now and treat a kamailio as an option when you have some time to mess around. -pjp -- ** out of spiffy .signature messages
