On 08.11.20 14:18, John Fawcett wrote:
On 06/11/2020 14:28, basti wrote:
Hello,
i try to connect my SIP Client (linphone) via VPN to FreePBX.
The routing looks OK. I can ping the Endpoints and traffic is routing.
I can also Register my Sip Client.
debpbx*CLI> pjsip list contacts
Contact: <Aor/ContactUri..............................> <Hash....>
<Status> <RTT(ms)..>
==========================================================================================
Contact: 731/sip:[email protected]:5060 163a967d99
Avail 15.722
Contact: 734/sip:[email protected]:5060 1b1aa8cbac
Avail 62.180
So far so good. When I try to an other extension I get a timeout.
tcpdump:
root@debpbx:/etc/asterisk# tcpdump -ni enp0s15 host 10.8.0.143 and not
port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on enp0s15, link-type EN10MB (Ethernet), capture size 262144
bytes
13:03:04.086687 IP 10.8.0.143.5060 > 192.168.30.28.5060: SIP: INVITE
sip:[email protected] SIP/2.0
13:03:04.087364 IP 192.168.30.28.5060 > 10.8.0.143.5060: SIP: SIP/2.0
401 Unauthorized
13:03:04.126101 IP 10.8.0.143.5060 > 192.168.30.28.5060: SIP: ACK
sip:[email protected] SIP/2.0
13:03:09.054643 IP 10.8.0.143.5060 > 192.168.30.28.5060: SIP
13:03:14.112561 IP 192.168.30.28.5060 > 10.8.0.143.5060: SIP: OPTIONS
sip:[email protected]:5060 SIP/2.0
13:03:14.162609 IP 10.8.0.143.5060 > 192.168.30.28.5060: SIP: SIP/2.0
200 Ok
13:03:19.057752 IP 10.8.0.143.5060 > 192.168.30.28.5060: SIP
13:03:29.060765 IP 10.8.0.143.5060 > 192.168.30.28.5060: SIP
13:03:44.672509 IP 10.8.0.143.5060 > 192.168.30.28.5060: SIP
I think the SIP/2.0 401 Unauthorized is the problem.
I also had add the VPN IP range to the local_net but that does not
solve the problem.
root@debpbx:/etc/asterisk# grep -ri 10.8.0
sip_general_additional.conf:localnet=10.8.0.0/24
pjsip.transports.conf:local_net=10.8.0.0/24
Your tcpdump doesn't show the full data of the invite and the 401
response. You'd probably be better of logging the sip messages from
asterisk console with something like:
pjsip set logger host 10.8.0.143
It's quite normal to have an initial 401 response to the first
unauthorized INVITE. The 401 should contain an authentication header.
The 401 response should be followed up by a second INVITE containing an
authorization header. Maybe credentials are not setup correctly on the
sip client.
John
Thanks, i have fixed it. There was a package size Problem of the VPN tunnel.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
