VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
View previous topic :: View next topic |
Author |
Message |
schoch+freeswitch.org ... Guest
|
Posted: Tue Feb 23, 2021 4:25 pm Post subject: [Freeswitch-users] New system: sofia is on wrong IP address |
|
|
The last time I played with FreeSWITCH was 10 years ago, and now I'm helping a local nonprofit retire their obsolete analog phone system.
I have a pbx system with 2 network cards: One dedicated to the phones, plugs into a PoE switch. On that network, the pbx has a DHCP server for the phones, as well as an FTP server for the Polycom SoundPoint IP 320 phones. The IP address on that network is 192.168.3.2.
Since I'm setting up the system here at home, the other network card is on my Xfinity LAN, with an IP address of 10.0.0.167 (via DHCP from the Comcast modem).
I understand the "domain" should be fairly fixed, so I set that to my "phone" network:
<X-PRE-PROCESS cmd="set" data="phone_ip_v4=192.168.3.2"/>
<X-PRE-PROCESS cmd="set" data="domain=$${phone_ip_v4}"/>
<X-PRE-PROCESS cmd="set" data="domain_name=eastwest"/>
I defined an sofia profile named "phone" with these lines:
<param name="rtp-ip" value="$${phone_ip_v4}"/>
<param name="sip-ip" value="$${phone_ip_v4}"/>
I also used the default "internal" profile, in case an SIP device is hooked up to the main LAN, but that's not important.
However, a "sofia status" shows this:
Name Type Data State
=================================================================================================
external-ipv6 profile sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080 RUNNING (0)
192.168.3.2 alias internal ALIASED
external profile sip:mod_sofia@67.164.101.201:5080 RUNNING (0)
external::sip2sip gateway sip:eastwest@sip2sip.info ([email]sip%3Aeastwest@sip2sip.info[/email]) REGED
external::flowroute gateway sip:6509889800@us-west-or.sip-flowroute.com ([email]sip%3A6509889800@us-west-or.sip-flowroute.com[/email]) NOREG
phone profile sip:mod_sofia@10.0.0.167:5060 RUNNING (0)
internal-ipv6 profile sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5060 RUNNING (0)
internal profile sip:mod_sofia@67.164.101.201:5060 RUNNING (0)
=================================================================================================
5 profiles 1 alias
Why does the "phone" profile have "sip:mod_sofia@10.0.0.167:5060". Shouldn't that have the 192.168.3.2 address? And why isn't my phone registering?
--
Steve |
|
Back to top |
|
|
botelist at gmail.com Guest
|
Posted: Tue Feb 23, 2021 4:38 pm Post subject: [Freeswitch-users] New system: sofia is on wrong IP address |
|
|
HO BOY. By “pbx system” may we assume that you mean the linux box running FreeSWITCH?
1) First and foremost, it appears that you (inadvertently?) have FreeSWITCH listening on a public interface since sofia status shows both an ipv4 and an ipv6 address. I strongly suggest you eliminate that before attackers attack from those interfaces. Since the FS “Vanilla” configuration files are intended to get you up and running as quickly as possible, they anticipate the most common scenario which is an internal SIP profile to service your phones (named default) and an external SIP profile (named external) that you may or may not need to listen on a different ip:port pair.
I usually rename those files from external.xml to external.hold so they remain as references, but won’t be picked up by FS when it starts since they no longer have the .xml suffix.
2) Those two gateway definitions are picked up by an include statement at the top of one of the SIP profiles. I’ve never questioned how or why, but my gateway is included in my internal profile and it works just fine. This is why I say that you might not even need that external profile at all, but you’ll need to investigate that further.
3) The SIP profiles as well as all the other XML definitions depend on the “name=” tag at the top, so the filename is irrelevant to FS. The Vanilla configs name the internal profile “default” inside and from your sofia status table it appears that you’ve copied that and named it “phone” so now you have 3 SIP profiles listening, with the internal profile listening on your public IP address.
4) The NAT stuff can be tricky, but you probably want to look into that, as well. Here’s a starting point:
https://freeswitch.org/confluence/display/FREESWITCH/NAT+Traversal
I’m not sure I’ve gotten everything right in here, but my advice is to trim it down to keep it simple and then build it back to more complexity as you master each part.
Hope this helps.
---
John Boteler
BnC Group U.S.A.
From: FreeSWITCH-users <freeswitch-users-bounces@lists.freeswitch.org> On Behalf Of Steven Schoch
Sent: Tuesday, 23 February, 2021 16:01
To: freeswitch-users <FreeSWITCH-users@lists.freeswitch.org>
Subject: [Freeswitch-users] New system: sofia is on wrong IP address
The last time I played with FreeSWITCH was 10 years ago, and now I'm helping a local nonprofit retire their obsolete analog phone system.
I have a pbx system with 2 network cards: One dedicated to the phones, plugs into a PoE switch. On that network, the pbx has a DHCP server for the phones, as well as an FTP server for the Polycom SoundPoint IP 320 phones. The IP address on that network is 192.168.3.2.
Since I'm setting up the system here at home, the other network card is on my Xfinity LAN, with an IP address of 10.0.0.167 (via DHCP from the Comcast modem).
I understand the "domain" should be fairly fixed, so I set that to my "phone" network:
<X-PRE-PROCESS cmd="set" data="phone_ip_v4=192.168.3.2"/>
<X-PRE-PROCESS cmd="set" data="domain=$${phone_ip_v4}"/>
<X-PRE-PROCESS cmd="set" data="domain_name=eastwest"/>
I defined an sofia profile named "phone" with these lines:
<param name="rtp-ip" value="$${phone_ip_v4}"/>
<param name="sip-ip" value="$${phone_ip_v4}"/>
I also used the default "internal" profile, in case an SIP device is hooked up to the main LAN, but that's not important.
However, a "sofia status" shows this:
Name Type Data State
=================================================================================================
external-ipv6 profile [url=sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080]sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080[/url] RUNNING (0)
192.168.3.2 alias internal ALIASED
external profile sip:mod_sofia@67.164.101.201:5080 RUNNING (0)
external::sip2sip gateway sip:eastwest@sip2sip.info ([email]sip%3Aeastwest@sip2sip.info[/email]) REGED
external::flowroute gateway sip:6509889800@us-west-or.sip-flowroute.com ([email]sip%3A6509889800@us-west-or.sip-flowroute.com[/email]) NOREG
phone profile sip:mod_sofia@10.0.0.167:5060 RUNNING (0)
internal-ipv6 profile [url=sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5060]sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5060[/url] RUNNING (0)
internal profile sip:mod_sofia@67.164.101.201:5060 RUNNING (0)
=================================================================================================
5 profiles 1 alias
Why does the "phone" profile have "sip:mod_sofia@10.0.0.167:5060". Shouldn't that have the 192.168.3.2 address? And why isn't my phone registering?
--
Steve |
|
Back to top |
|
|
schoch+freeswitch.org ... Guest
|
Posted: Tue Feb 23, 2021 6:24 pm Post subject: [Freeswitch-users] New system: sofia is on wrong IP address |
|
|
Thanks, John!
The system does not have a "public" interface. I assume it gets the 67.* address from auto-nat. Its 2 IP addresses are 10.0.0.167 (DHCP) (local_ip_v4), and 192.168.3.2 (phone_ip_v4). I disabled the "internal" profile and the internal-ipv6 profile to avoid confusion. Now "ss -n -a sport = 5060" shows this:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 192.168.3.2:5060 0.0.0.0:*
tcp LISTEN 0 64 192.168.3.2:5060 0.0.0.0:*
...which means it's listening on the "phone" network, as it should be. However "sofia status" still gives me this:
Name Type Data State
=================================================================================================
external-ipv6 profile sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080 RUNNING (0)
external profile sip:mod_sofia@67.164.101.201:5080 RUNNING (0)
external::flowroute gateway sip:6509889800@us-west-or.sip-flowroute.com ([email]sip%3A6509889800@us-west-or.sip-flowroute.com[/email]) NOREG
phone profile sip:mod_sofia@10.0.0.167:5060 RUNNING (0)
=================================================================================================
3 profiles 0 aliases
The IP address after "sip:mod_sofia@" is my home LAN. Why isn't it the IP of the "phone" network?
--
Steve
On Tue, Feb 23, 2021 at 1:36 PM Bote Man <botelist@gmail.com (botelist@gmail.com)> wrote:
Quote: |
HO BOY. By “pbx system” may we assume that you mean the linux box running FreeSWITCH?
1) First and foremost, it appears that you (inadvertently?) have FreeSWITCH listening on a public interface since sofia status shows both an ipv4 and an ipv6 address. I strongly suggest you eliminate that before attackers attack from those interfaces. Since the FS “Vanilla” configuration files are intended to get you up and running as quickly as possible, they anticipate the most common scenario which is an internal SIP profile to service your phones (named default) and an external SIP profile (named external) that you may or may not need to listen on a different ip:port pair.
I usually rename those files from external.xml to external.hold so they remain as references, but won’t be picked up by FS when it starts since they no longer have the .xml suffix.
2) Those two gateway definitions are picked up by an include statement at the top of one of the SIP profiles. I’ve never questioned how or why, but my gateway is included in my internal profile and it works just fine. This is why I say that you might not even need that external profile at all, but you’ll need to investigate that further.
3) The SIP profiles as well as all the other XML definitions depend on the “name=” tag at the top, so the filename is irrelevant to FS. The Vanilla configs name the internal profile “default” inside and from your sofia status table it appears that you’ve copied that and named it “phone” so now you have 3 SIP profiles listening, with the internal profile listening on your public IP address.
4) The NAT stuff can be tricky, but you probably want to look into that, as well. Here’s a starting point:
https://freeswitch.org/confluence/display/FREESWITCH/NAT+Traversal
I’m not sure I’ve gotten everything right in here, but my advice is to trim it down to keep it simple and then build it back to more complexity as you master each part.
Hope this helps.
---
John Boteler
BnC Group U.S.A.
From: FreeSWITCH-users <freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)> On Behalf Of Steven Schoch
Sent: Tuesday, 23 February, 2021 16:01
To: freeswitch-users <FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)>
Subject: [Freeswitch-users] New system: sofia is on wrong IP address
The last time I played with FreeSWITCH was 10 years ago, and now I'm helping a local nonprofit retire their obsolete analog phone system.
I have a pbx system with 2 network cards: One dedicated to the phones, plugs into a PoE switch. On that network, the pbx has a DHCP server for the phones, as well as an FTP server for the Polycom SoundPoint IP 320 phones. The IP address on that network is 192.168.3.2.
Since I'm setting up the system here at home, the other network card is on my Xfinity LAN, with an IP address of 10.0.0.167 (via DHCP from the Comcast modem).
I understand the "domain" should be fairly fixed, so I set that to my "phone" network:
<X-PRE-PROCESS cmd="set" data="phone_ip_v4=192.168.3.2"/>
<X-PRE-PROCESS cmd="set" data="domain=$${phone_ip_v4}"/>
<X-PRE-PROCESS cmd="set" data="domain_name=eastwest"/>
I defined an sofia profile named "phone" with these lines:
<param name="rtp-ip" value="$${phone_ip_v4}"/>
<param name="sip-ip" value="$${phone_ip_v4}"/>
I also used the default "internal" profile, in case an SIP device is hooked up to the main LAN, but that's not important.
However, a "sofia status" shows this:
Name Type Data State
=================================================================================================
external-ipv6 profile sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080 RUNNING (0)
192.168.3.2 alias internal ALIASED
external profile sip:mod_sofia@67.164.101.201:5080 RUNNING (0)
external::sip2sip gateway sip:eastwest@sip2sip.info ([email]sip%3Aeastwest@sip2sip.info[/email]) REGED
external::flowroute gateway sip:6509889800@us-west-or.sip-flowroute.com ([email]sip%3A6509889800@us-west-or.sip-flowroute.com[/email]) NOREG
phone profile sip:mod_sofia@10.0.0.167:5060 RUNNING (0)
internal-ipv6 profile sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5060 RUNNING (0)
internal profile sip:mod_sofia@67.164.101.201:5060 RUNNING (0)
=================================================================================================
5 profiles 1 alias
Why does the "phone" profile have "sip:mod_sofia@10.0.0.167:5060". Shouldn't that have the 192.168.3.2 address? And why isn't my phone registering?
--
Steve
_________________________________________________________________________
The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.
Join our online community to chat in real time https://signalwire.community
Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com |
|
|
Back to top |
|
|
schoch+freeswitch.org ... Guest
|
Posted: Tue Feb 23, 2021 8:37 pm Post subject: [Freeswitch-users] New system: sofia is on wrong IP address |
|
|
So I tried going to the factory settings. I managed to get a phone to dial another extension and leave voicemail, but only after pulling the phone off the PoE network, putting it on the LAN (10.0.0.*), and using a power supply. This configuration will not be acceptable.
The issue is that I can't get the phone to register to the network on the 2nd network (192.168.3.*). What am I doing wrong?
--
Steve
On Tue, Feb 23, 2021 at 2:37 PM Steven Schoch <schoch+freeswitch.org@xwin32.com ([email]schoch%2Bfreeswitch.org@xwin32.com[/email])> wrote:
Quote: | Thanks, John!
The system does not have a "public" interface. I assume it gets the 67.* address from auto-nat. Its 2 IP addresses are 10.0.0.167 (DHCP) (local_ip_v4), and 192.168.3.2 (phone_ip_v4). I disabled the "internal" profile and the internal-ipv6 profile to avoid confusion. Now "ss -n -a sport = 5060" shows this:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 192.168.3.2:5060 0.0.0.0:*
tcp LISTEN 0 64 192.168.3.2:5060 0.0.0.0:*
...which means it's listening on the "phone" network, as it should be. However "sofia status" still gives me this:
Name Type Data State
=================================================================================================
external-ipv6 profile sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080 RUNNING (0)
external profile sip:mod_sofia@67.164.101.201:5080 RUNNING (0)
external::flowroute gateway sip:6509889800@us-west-or.sip-flowroute.com ([email]sip%3A6509889800@us-west-or.sip-flowroute.com[/email]) NOREG
phone profile sip:mod_sofia@10.0.0.167:5060 RUNNING (0)
=================================================================================================
3 profiles 0 aliases
The IP address after "sip:mod_sofia@" is my home LAN. Why isn't it the IP of the "phone" network?
--
Steve
On Tue, Feb 23, 2021 at 1:36 PM Bote Man <botelist@gmail.com (botelist@gmail.com)> wrote:
Quote: |
HO BOY. By “pbx system” may we assume that you mean the linux box running FreeSWITCH?
1) First and foremost, it appears that you (inadvertently?) have FreeSWITCH listening on a public interface since sofia status shows both an ipv4 and an ipv6 address. I strongly suggest you eliminate that before attackers attack from those interfaces. Since the FS “Vanilla” configuration files are intended to get you up and running as quickly as possible, they anticipate the most common scenario which is an internal SIP profile to service your phones (named default) and an external SIP profile (named external) that you may or may not need to listen on a different ip:port pair.
I usually rename those files from external.xml to external.hold so they remain as references, but won’t be picked up by FS when it starts since they no longer have the .xml suffix.
2) Those two gateway definitions are picked up by an include statement at the top of one of the SIP profiles. I’ve never questioned how or why, but my gateway is included in my internal profile and it works just fine. This is why I say that you might not even need that external profile at all, but you’ll need to investigate that further.
3) The SIP profiles as well as all the other XML definitions depend on the “name=” tag at the top, so the filename is irrelevant to FS. The Vanilla configs name the internal profile “default” inside and from your sofia status table it appears that you’ve copied that and named it “phone” so now you have 3 SIP profiles listening, with the internal profile listening on your public IP address.
4) The NAT stuff can be tricky, but you probably want to look into that, as well. Here’s a starting point:
https://freeswitch.org/confluence/display/FREESWITCH/NAT+Traversal
I’m not sure I’ve gotten everything right in here, but my advice is to trim it down to keep it simple and then build it back to more complexity as you master each part.
Hope this helps.
---
John Boteler
BnC Group U.S.A.
From: FreeSWITCH-users <freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)> On Behalf Of Steven Schoch
Sent: Tuesday, 23 February, 2021 16:01
To: freeswitch-users <FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)>
Subject: [Freeswitch-users] New system: sofia is on wrong IP address
The last time I played with FreeSWITCH was 10 years ago, and now I'm helping a local nonprofit retire their obsolete analog phone system.
I have a pbx system with 2 network cards: One dedicated to the phones, plugs into a PoE switch. On that network, the pbx has a DHCP server for the phones, as well as an FTP server for the Polycom SoundPoint IP 320 phones. The IP address on that network is 192.168.3.2.
Since I'm setting up the system here at home, the other network card is on my Xfinity LAN, with an IP address of 10.0.0.167 (via DHCP from the Comcast modem).
I understand the "domain" should be fairly fixed, so I set that to my "phone" network:
<X-PRE-PROCESS cmd="set" data="phone_ip_v4=192.168.3.2"/>
<X-PRE-PROCESS cmd="set" data="domain=$${phone_ip_v4}"/>
<X-PRE-PROCESS cmd="set" data="domain_name=eastwest"/>
I defined an sofia profile named "phone" with these lines:
<param name="rtp-ip" value="$${phone_ip_v4}"/>
<param name="sip-ip" value="$${phone_ip_v4}"/>
I also used the default "internal" profile, in case an SIP device is hooked up to the main LAN, but that's not important.
However, a "sofia status" shows this:
Name Type Data State
=================================================================================================
external-ipv6 profile sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080 RUNNING (0)
192.168.3.2 alias internal ALIASED
external profile sip:mod_sofia@67.164.101.201:5080 RUNNING (0)
external::sip2sip gateway sip:eastwest@sip2sip.info ([email]sip%3Aeastwest@sip2sip.info[/email]) REGED
external::flowroute gateway sip:6509889800@us-west-or.sip-flowroute.com ([email]sip%3A6509889800@us-west-or.sip-flowroute.com[/email]) NOREG
phone profile sip:mod_sofia@10.0.0.167:5060 RUNNING (0)
internal-ipv6 profile sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5060 RUNNING (0)
internal profile sip:mod_sofia@67.164.101.201:5060 RUNNING (0)
=================================================================================================
5 profiles 1 alias
Why does the "phone" profile have "sip:mod_sofia@10.0.0.167:5060". Shouldn't that have the 192.168.3.2 address? And why isn't my phone registering?
--
Steve
_________________________________________________________________________
The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.
Join our online community to chat in real time https://signalwire.community
Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com |
|
|
|
Back to top |
|
|
botelist at gmail.com Guest
|
Posted: Tue Feb 23, 2021 9:21 pm Post subject: [Freeswitch-users] New system: sofia is on wrong IP address |
|
|
It looks like you still have 3 SIP profiles listening, so I would rename
external-ipv6.xml -> external-ipv6.hold
external.xml -> external.hold
just to get them out of the way for now. You can always bring them back in later if necessary.
All of these files are merely serving suggestions, you should change things to suit your needs.
I would work with internal.xml as your “phone” profile just because it’s intuitive.
So, in each SIP profile I would set the desired interface address explicitly.
<profile name="phone">
…
<param name="rtp-ip" value="192.168.3.2"/>
<param name="sip-ip" value="192.168.3.2"/>
<!-- <param name="ext-rtp-ip" value="auto-nat"/>-->
<!-- <param name="ext-sip-ip" value="auto-nat"/>-->
In my own vars.xml it’s using STUN to determine my public IP address, but sofia status only shows FS listening on the private RFC1918 address. It registers just fine with both CallCentric and InterMedia via gateway definitions. If you don’t need FS to listen for remote registrations from outside I don’t think you need the external SIP profile.
Anyway, try it just with the one profile and see what sofia says. Once you get the phones to register with FS locally you can expand your horizons to the other network.
Bote
From: FreeSWITCH-users <freeswitch-users-bounces@lists.freeswitch.org> On Behalf Of Steven Schoch
Sent: Tuesday, 23 February, 2021 17:37
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org>
Subject: Re: [Freeswitch-users] New system: sofia is on wrong IP address
Thanks, John!
The system does not have a "public" interface. I assume it gets the 67.* address from auto-nat. Its 2 IP addresses are 10.0.0.167 (DHCP) (local_ip_v4), and 192.168.3.2 (phone_ip_v4). I disabled the "internal" profile and the internal-ipv6 profile to avoid confusion. Now "ss -n -a sport = 5060" shows this:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 192.168.3.2:5060 0.0.0.0:*
tcp LISTEN 0 64 192.168.3.2:5060 0.0.0.0:*
...which means it's listening on the "phone" network, as it should be. However "sofia status" still gives me this:
Name Type Data State
=================================================================================================
external-ipv6 profile [url=sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080]sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080[/url] RUNNING (0)
external profile sip:mod_sofia@67.164.101.201:5080 RUNNING (0)
external::flowroute gateway sip:6509889800@us-west-or.sip-flowroute.com ([email]sip%3A6509889800@us-west-or.sip-flowroute.com[/email]) NOREG
phone profile sip:mod_sofia@10.0.0.167:5060 RUNNING (0)
=================================================================================================
3 profiles 0 aliases
The IP address after "[url=sip:mod_sofia@]sip:mod_sofia@[/url]" is my home LAN. Why isn't it the IP of the "phone" network?
--
Steve
On Tue, Feb 23, 2021 at 1:36 PM Bote Man <botelist@gmail.com (botelist@gmail.com)> wrote:
Quote: |
HO BOY. By “pbx system” may we assume that you mean the linux box running FreeSWITCH?
1) First and foremost, it appears that you (inadvertently?) have FreeSWITCH listening on a public interface since sofia status shows both an ipv4 and an ipv6 address. I strongly suggest you eliminate that before attackers attack from those interfaces. Since the FS “Vanilla” configuration files are intended to get you up and running as quickly as possible, they anticipate the most common scenario which is an internal SIP profile to service your phones (named default) and an external SIP profile (named external) that you may or may not need to listen on a different ip:port pair.
I usually rename those files from external.xml to external.hold so they remain as references, but won’t be picked up by FS when it starts since they no longer have the .xml suffix.
2) Those two gateway definitions are picked up by an include statement at the top of one of the SIP profiles. I’ve never questioned how or why, but my gateway is included in my internal profile and it works just fine. This is why I say that you might not even need that external profile at all, but you’ll need to investigate that further.
3) The SIP profiles as well as all the other XML definitions depend on the “name=” tag at the top, so the filename is irrelevant to FS. The Vanilla configs name the internal profile “default” inside and from your sofia status table it appears that you’ve copied that and named it “phone” so now you have 3 SIP profiles listening, with the internal profile listening on your public IP address.
4) The NAT stuff can be tricky, but you probably want to look into that, as well. Here’s a starting point:
https://freeswitch.org/confluence/display/FREESWITCH/NAT+Traversal
I’m not sure I’ve gotten everything right in here, but my advice is to trim it down to keep it simple and then build it back to more complexity as you master each part.
Hope this helps.
---
John Boteler
BnC Group U.S.A.
From: FreeSWITCH-users <freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)> On Behalf Of Steven Schoch
Sent: Tuesday, 23 February, 2021 16:01
To: freeswitch-users <FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)>
Subject: [Freeswitch-users] New system: sofia is on wrong IP address
The last time I played with FreeSWITCH was 10 years ago, and now I'm helping a local nonprofit retire their obsolete analog phone system.
I have a pbx system with 2 network cards: One dedicated to the phones, plugs into a PoE switch. On that network, the pbx has a DHCP server for the phones, as well as an FTP server for the Polycom SoundPoint IP 320 phones. The IP address on that network is 192.168.3.2.
Since I'm setting up the system here at home, the other network card is on my Xfinity LAN, with an IP address of 10.0.0.167 (via DHCP from the Comcast modem).
I understand the "domain" should be fairly fixed, so I set that to my "phone" network:
<X-PRE-PROCESS cmd="set" data="phone_ip_v4=192.168.3.2"/>
<X-PRE-PROCESS cmd="set" data="domain=$${phone_ip_v4}"/>
<X-PRE-PROCESS cmd="set" data="domain_name=eastwest"/>
I defined an sofia profile named "phone" with these lines:
<param name="rtp-ip" value="$${phone_ip_v4}"/>
<param name="sip-ip" value="$${phone_ip_v4}"/>
I also used the default "internal" profile, in case an SIP device is hooked up to the main LAN, but that's not important.
However, a "sofia status" shows this:
Name Type Data State
=================================================================================================
external-ipv6 profile [url=sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080]sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080[/url] RUNNING (0)
192.168.3.2 alias internal ALIASED
external profile sip:mod_sofia@67.164.101.201:5080 RUNNING (0)
external::sip2sip gateway sip:eastwest@sip2sip.info ([email]sip%3Aeastwest@sip2sip.info[/email]) REGED
external::flowroute gateway sip:6509889800@us-west-or.sip-flowroute.com ([email]sip%3A6509889800@us-west-or.sip-flowroute.com[/email]) NOREG
phone profile sip:mod_sofia@10.0.0.167:5060 RUNNING (0)
internal-ipv6 profile [url=sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5060]sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5060[/url] RUNNING (0)
internal profile sip:mod_sofia@67.164.101.201:5060 RUNNING (0)
=================================================================================================
5 profiles 1 alias
Why does the "phone" profile have "sip:mod_sofia@10.0.0.167:5060". Shouldn't that have the 192.168.3.2 address? And why isn't my phone registering?
--
Steve
_________________________________________________________________________
The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.
Join our online community to chat in real time https://signalwire.community
Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com |
|
|
Back to top |
|
|
covici at ccs.covici.com Guest
|
Posted: Tue Feb 23, 2021 10:14 pm Post subject: [Freeswitch-users] New system: sofia is on wrong IP address |
|
|
Do you even have connectivity to that network? Can a packet go from
your phones network to the network where you want the phone to
register?
On Tue, 23 Feb 2021 20:15:27 -0500,
Steven Schoch wrote:
Quote: |
[1 <multipart/alternative (7bit)>]
[1.1 <text/plain; UTF-8 (quoted-printable)>]
So I tried going to the factory settings. I managed to get a phone to dial
another extension and leave voicemail, but only after pulling the phone off
the PoE network, putting it on the LAN (10.0.0.*), and using a power
supply. This configuration will not be acceptable.
The issue is that I can't get the phone to register to the network on the
2nd network (192.168.3.*). What am I doing wrong?
--
Steve
On Tue, Feb 23, 2021 at 2:37 PM Steven Schoch <
schoch+freeswitch.org@xwin32.com> wrote:
Quote: | Thanks, John!
The system does not have a "public" interface. I assume it gets the 67.*
address from auto-nat. Its 2 IP addresses are 10.0.0.167 (DHCP)
(local_ip_v4), and 192.168.3.2 (phone_ip_v4). I disabled the "internal"
profile and the internal-ipv6 profile to avoid confusion. Now "ss -n -a
sport = 5060" shows this:
Netid State Recv-Q Send-Q Local
Address:Port Peer Address:Port
udp UNCONN 0 0
192.168.3.2:5060 0.0.0.0:*
tcp LISTEN 0 64
192.168.3.2:5060 0.0.0.0:*
...which means it's listening on the "phone" network, as it should be.
However "sofia status" still gives me this:
Name Type
Data State
=================================================================================================
external-ipv6 profile sip:mod_sofia@
[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080 RUNNING (0)
external profile
sip:mod_sofia@67.164.101.201:5080 RUNNING (0)
external::flowroute gateway
sip:6509889800@us-west-or.sip-flowroute.com NOREG
phone profile
sip:mod_sofia@10.0.0.167:5060 RUNNING (0)
=================================================================================================
3 profiles 0 aliases
The IP address after "sip:mod_sofia@" is my home LAN. Why isn't it the IP
of the "phone" network?
--
Steve
On Tue, Feb 23, 2021 at 1:36 PM Bote Man <botelist@gmail.com> wrote:
Quote: | HO BOY. By “pbx system” may we assume that you mean the linux box running
FreeSWITCH?
1) First and foremost, it appears that you (inadvertently?) have
FreeSWITCH listening on a public interface since sofia status shows both an
ipv4 and an ipv6 address. I strongly suggest you eliminate that before
attackers attack from those interfaces. Since the FS “Vanilla”
configuration files are intended to get you up and running as quickly as
possible, they anticipate the most common scenario which is an internal SIP
profile to service your phones (named default) and an external SIP profile
(named external) that you may or may not need to listen on a different
ip:port pair.
I usually rename those files from external.xml to external.hold so they
remain as references, but won’t be picked up by FS when it starts since
they no longer have the .xml suffix.
2) Those two gateway definitions are picked up by an include statement at
the top of one of the SIP profiles. I’ve never questioned how or why, but
my gateway is included in my internal profile and it works just fine. This
is why I say that you might not even need that external profile at all, but
you’ll need to investigate that further.
3) The SIP profiles as well as all the other XML definitions depend on
the “name=” tag at the top, so the filename is irrelevant to FS. The
Vanilla configs name the internal profile “default” inside and from your
sofia status table it appears that you’ve copied that and named it “phone”
so now you have 3 SIP profiles listening, with the internal profile
listening on your public IP address.
4) The NAT stuff can be tricky, but you probably want to look into that,
as well. Here’s a starting point:
https://freeswitch.org/confluence/display/FREESWITCH/NAT+Traversal
I’m not sure I’ve gotten everything right in here, but my advice is to
trim it down to keep it simple and then build it back to more complexity as
you master each part.
Hope this helps.
---
John Boteler
BnC Group U.S.A.
*From:* FreeSWITCH-users <freeswitch-users-bounces@lists.freeswitch.org> *On
Behalf Of *Steven Schoch
*Sent:* Tuesday, 23 February, 2021 16:01
*To:* freeswitch-users <FreeSWITCH-users@lists.freeswitch.org>
*Subject:* [Freeswitch-users] New system: sofia is on wrong IP address
The last time I played with FreeSWITCH was 10 years ago, and now I'm
helping a local nonprofit retire their obsolete analog phone system.
I have a pbx system with 2 network cards: One dedicated to the phones,
plugs into a PoE switch. On that network, the pbx has a DHCP server for the
phones, as well as an FTP server for the Polycom SoundPoint IP 320 phones.
The IP address on that network is 192.168.3.2.
Since I'm setting up the system here at home, the other network card is
on my Xfinity LAN, with an IP address of 10.0.0.167 (via DHCP from the
Comcast modem).
I understand the "domain" should be fairly fixed, so I set that to my
"phone" network:
<X-PRE-PROCESS cmd="set" data="phone_ip_v4=192.168.3.2"/>
<X-PRE-PROCESS cmd="set" data="domain=$${phone_ip_v4}"/>
<X-PRE-PROCESS cmd="set" data="domain_name=eastwest"/>
I defined an sofia profile named "phone" with these lines:
<param name="rtp-ip" value="$${phone_ip_v4}"/>
<param name="sip-ip" value="$${phone_ip_v4}"/>
I also used the default "internal" profile, in case an SIP device is
hooked up to the main LAN, but that's not important.
However, a "sofia status" shows this:
Name Type
Data State
=================================================================================================
external-ipv6 profile
sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080 RUNNING
(0)
192.168.3.2 alias
internal ALIASED
external profile
sip:mod_sofia@67.164.101.201:5080 RUNNING (0)
external::sip2sip gateway
sip:eastwest@sip2sip.info REGED
external::flowroute gateway
sip:6509889800@us-west-or.sip-flowroute.com NOREG
phone profile
sip:mod_sofia@10.0.0.167:5060 RUNNING (0)
internal-ipv6 profile
sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5060 RUNNING
(0)
internal profile
sip:mod_sofia@67.164.101.201:5060 RUNNING (0)
=================================================================================================
5 profiles 1 alias
Why does the "phone" profile have "sip:mod_sofia@10.0.0.167:5060".
Shouldn't that have the 192.168.3.2 address? And why isn't my phone
registering?
--
Steve
_________________________________________________________________________
The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
services.
Build your next product on our scalable cloud platform.
Join our online community to chat in real time
https://signalwire.community
Professional FreeSWITCH Services
sales@freeswitch.com
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com
|
| [1.2 <text/html; UTF-8 (quoted-printable)>]
[2 <text/plain; utf-8 (base64)>]
_________________________________________________________________________
The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.
Join our online community to chat in real time https://signalwire.community
Professional FreeSWITCH Services
sales@freeswitch.com
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com
|
--
Your life is like a penny. You're going to lose it. The question is:
How do
you spend it?
John Covici wb2una
covici@ccs.covici.com
_________________________________________________________________________
The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.
Join our online community to chat in real time https://signalwire.community
Professional FreeSWITCH Services
sales@freeswitch.com
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com |
|
Back to top |
|
|
schoch+freeswitch.org ... Guest
|
Posted: Wed Feb 24, 2021 2:52 am Post subject: [Freeswitch-users] New system: sofia is on wrong IP address |
|
|
Thanks, that helped.My problem was I had set:
<param name="ext-rtp-ip" value="auto"/>
<param name="ext-sip-ip" value="auto"/>
This was grabbing the IP address 10.0.0.167. After removing those lines, sofia status now includes:
Name Type Data State
=================================================================================================
phone profile sip:mod_sofia@192.168.3.2:5060 RUNNING (0)
... which is what I expected.
To answer John's question:
Interface enp2s0 of the Freeswitch system has IP address 192.168.3.2. That interface plugs into the PoE switch that all the phones will connect. The Freeswitch system also runs DHCP and FTP services on that interface in order to provision the SoundPoint IP 320 phones. So yes, they connect directly.
I just got the phone to register. Now I need to figure out how to get it to dial out through Flowroute.
--
Steve
On Tue, Feb 23, 2021 at 5:50 PM Bote Man <botelist@gmail.com (botelist@gmail.com)> wrote:
Quote: |
It looks like you still have 3 SIP profiles listening, so I would rename
external-ipv6.xml -> external-ipv6.hold
external.xml -> external.hold
just to get them out of the way for now. You can always bring them back in later if necessary.
All of these files are merely serving suggestions, you should change things to suit your needs.
I would work with internal.xml as your “phone” profile just because it’s intuitive.
So, in each SIP profile I would set the desired interface address explicitly.
<profile name="phone">
…
<param name="rtp-ip" value="192.168.3.2"/>
<param name="sip-ip" value="192.168.3.2"/>
<!-- <param name="ext-rtp-ip" value="auto-nat"/>-->
<!-- <param name="ext-sip-ip" value="auto-nat"/>-->
In my own vars.xml it’s using STUN to determine my public IP address, but sofia status only shows FS listening on the private RFC1918 address. It registers just fine with both CallCentric and InterMedia via gateway definitions. If you don’t need FS to listen for remote registrations from outside I don’t think you need the external SIP profile.
Anyway, try it just with the one profile and see what sofia says. Once you get the phones to register with FS locally you can expand your horizons to the other network.
Bote
From: FreeSWITCH-users <freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)> On Behalf Of Steven Schoch
Sent: Tuesday, 23 February, 2021 17:37
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org (freeswitch-users@lists.freeswitch.org)>
Subject: Re: [Freeswitch-users] New system: sofia is on wrong IP address
Thanks, John!
The system does not have a "public" interface. I assume it gets the 67.* address from auto-nat. Its 2 IP addresses are 10.0.0.167 (DHCP) (local_ip_v4), and 192.168.3.2 (phone_ip_v4). I disabled the "internal" profile and the internal-ipv6 profile to avoid confusion. Now "ss -n -a sport = 5060" shows this:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 192.168.3.2:5060 0.0.0.0:*
tcp LISTEN 0 64 192.168.3.2:5060 0.0.0.0:*
...which means it's listening on the "phone" network, as it should be. However "sofia status" still gives me this:
Name Type Data State
=================================================================================================
external-ipv6 profile sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080 RUNNING (0)
external profile sip:mod_sofia@67.164.101.201:5080 RUNNING (0)
external::flowroute gateway sip:6509889800@us-west-or.sip-flowroute.com ([email]sip%3A6509889800@us-west-or.sip-flowroute.com[/email]) NOREG
phone profile sip:mod_sofia@10.0.0.167:5060 RUNNING (0)
=================================================================================================
3 profiles 0 aliases
The IP address after "sip:mod_sofia@" is my home LAN. Why isn't it the IP of the "phone" network?
--
Steve
On Tue, Feb 23, 2021 at 1:36 PM Bote Man <botelist@gmail.com (botelist@gmail.com)> wrote:
Quote: |
HO BOY. By “pbx system” may we assume that you mean the linux box running FreeSWITCH?
1) First and foremost, it appears that you (inadvertently?) have FreeSWITCH listening on a public interface since sofia status shows both an ipv4 and an ipv6 address. I strongly suggest you eliminate that before attackers attack from those interfaces. Since the FS “Vanilla” configuration files are intended to get you up and running as quickly as possible, they anticipate the most common scenario which is an internal SIP profile to service your phones (named default) and an external SIP profile (named external) that you may or may not need to listen on a different ip:port pair.
I usually rename those files from external.xml to external.hold so they remain as references, but won’t be picked up by FS when it starts since they no longer have the .xml suffix.
2) Those two gateway definitions are picked up by an include statement at the top of one of the SIP profiles. I’ve never questioned how or why, but my gateway is included in my internal profile and it works just fine. This is why I say that you might not even need that external profile at all, but you’ll need to investigate that further.
3) The SIP profiles as well as all the other XML definitions depend on the “name=” tag at the top, so the filename is irrelevant to FS. The Vanilla configs name the internal profile “default” inside and from your sofia status table it appears that you’ve copied that and named it “phone” so now you have 3 SIP profiles listening, with the internal profile listening on your public IP address.
4) The NAT stuff can be tricky, but you probably want to look into that, as well. Here’s a starting point:
https://freeswitch.org/confluence/display/FREESWITCH/NAT+Traversal
I’m not sure I’ve gotten everything right in here, but my advice is to trim it down to keep it simple and then build it back to more complexity as you master each part.
Hope this helps.
---
John Boteler
BnC Group U.S.A.
From: FreeSWITCH-users <freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)> On Behalf Of Steven Schoch
Sent: Tuesday, 23 February, 2021 16:01
To: freeswitch-users <FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)>
Subject: [Freeswitch-users] New system: sofia is on wrong IP address
The last time I played with FreeSWITCH was 10 years ago, and now I'm helping a local nonprofit retire their obsolete analog phone system.
I have a pbx system with 2 network cards: One dedicated to the phones, plugs into a PoE switch. On that network, the pbx has a DHCP server for the phones, as well as an FTP server for the Polycom SoundPoint IP 320 phones. The IP address on that network is 192.168.3.2.
Since I'm setting up the system here at home, the other network card is on my Xfinity LAN, with an IP address of 10.0.0.167 (via DHCP from the Comcast modem).
I understand the "domain" should be fairly fixed, so I set that to my "phone" network:
<X-PRE-PROCESS cmd="set" data="phone_ip_v4=192.168.3.2"/>
<X-PRE-PROCESS cmd="set" data="domain=$${phone_ip_v4}"/>
<X-PRE-PROCESS cmd="set" data="domain_name=eastwest"/>
I defined an sofia profile named "phone" with these lines:
<param name="rtp-ip" value="$${phone_ip_v4}"/>
<param name="sip-ip" value="$${phone_ip_v4}"/>
I also used the default "internal" profile, in case an SIP device is hooked up to the main LAN, but that's not important.
However, a "sofia status" shows this:
Name Type Data State
=================================================================================================
external-ipv6 profile sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080 RUNNING (0)
192.168.3.2 alias internal ALIASED
external profile sip:mod_sofia@67.164.101.201:5080 RUNNING (0)
external::sip2sip gateway sip:eastwest@sip2sip.info ([email]sip%3Aeastwest@sip2sip.info[/email]) REGED
external::flowroute gateway sip:6509889800@us-west-or.sip-flowroute.com ([email]sip%3A6509889800@us-west-or.sip-flowroute.com[/email]) NOREG
phone profile sip:mod_sofia@10.0.0.167:5060 RUNNING (0)
internal-ipv6 profile sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5060 RUNNING (0)
internal profile sip:mod_sofia@67.164.101.201:5060 RUNNING (0)
=================================================================================================
5 profiles 1 alias
Why does the "phone" profile have "sip:mod_sofia@10.0.0.167:5060". Shouldn't that have the 192.168.3.2 address? And why isn't my phone registering?
--
Steve
_________________________________________________________________________
The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.
Join our online community to chat in real time https://signalwire.community
Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com |
_________________________________________________________________________
The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.
Join our online community to chat in real time https://signalwire.community
Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com |
|
|
Back to top |
|
|
botelist at gmail.com Guest
|
Posted: Wed Feb 24, 2021 11:51 am Post subject: [Freeswitch-users] New system: sofia is on wrong IP address |
|
|
If the include statement lies in your external.xml profile definition, then that profile will pick up the gateway definitions in the external subdirectory. They seemed to work before so they should work again. If they register it’s just a matter of sending them the digits that keep them happy and you should be close to a working system.
<profile name="external">
<gateways>
<X-PRE-PROCESS cmd="include" data="external/*.xml"/>
</gateways>
Just be sure that your external.xml SIP profile doesn’t gum up the works again with other undesired settings. Change one thing at a time and observe the results so that you know what change caused what behavior.
---
John Boteler
BnC Group U.S.A.
From: FreeSWITCH-users <freeswitch-users-bounces@lists.freeswitch.org> On Behalf Of Steven Schoch
Sent: Wednesday, 24 February, 2021 02:12
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org>
Subject: Re: [Freeswitch-users] New system: sofia is on wrong IP address
Thanks, that helped.
My problem was I had set:
<param name="ext-rtp-ip" value="auto"/>
<param name="ext-sip-ip" value="auto"/>
This was grabbing the IP address 10.0.0.167. After removing those lines, sofia status now includes:
Name Type Data State
=================================================================================================
phone profile sip:mod_sofia@192.168.3.2:5060 RUNNING (0)
... which is what I expected.
To answer John's question:
Interface enp2s0 of the Freeswitch system has IP address 192.168.3.2. That interface plugs into the PoE switch that all the phones will connect. The Freeswitch system also runs DHCP and FTP services on that interface in order to provision the SoundPoint IP 320 phones. So yes, they connect directly.
I just got the phone to register. Now I need to figure out how to get it to dial out through Flowroute.
--
Steve
On Tue, Feb 23, 2021 at 5:50 PM Bote Man <botelist@gmail.com (botelist@gmail.com)> wrote:
Quote: |
It looks like you still have 3 SIP profiles listening, so I would rename
external-ipv6.xml -> external-ipv6.hold
external.xml -> external.hold
just to get them out of the way for now. You can always bring them back in later if necessary.
All of these files are merely serving suggestions, you should change things to suit your needs.
I would work with internal.xml as your “phone” profile just because it’s intuitive.
So, in each SIP profile I would set the desired interface address explicitly.
<profile name="phone">
…
<param name="rtp-ip" value="192.168.3.2"/>
<param name="sip-ip" value="192.168.3.2"/>
<!-- <param name="ext-rtp-ip" value="auto-nat"/>-->
<!-- <param name="ext-sip-ip" value="auto-nat"/>-->
In my own vars.xml it’s using STUN to determine my public IP address, but sofia status only shows FS listening on the private RFC1918 address. It registers just fine with both CallCentric and InterMedia via gateway definitions. If you don’t need FS to listen for remote registrations from outside I don’t think you need the external SIP profile.
Anyway, try it just with the one profile and see what sofia says. Once you get the phones to register with FS locally you can expand your horizons to the other network.
Bote
From: FreeSWITCH-users <freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)> On Behalf Of Steven Schoch
Sent: Tuesday, 23 February, 2021 17:37
To: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org (freeswitch-users@lists.freeswitch.org)>
Subject: Re: [Freeswitch-users] New system: sofia is on wrong IP address
Thanks, John!
The system does not have a "public" interface. I assume it gets the 67.* address from auto-nat. Its 2 IP addresses are 10.0.0.167 (DHCP) (local_ip_v4), and 192.168.3.2 (phone_ip_v4). I disabled the "internal" profile and the internal-ipv6 profile to avoid confusion. Now "ss -n -a sport = 5060" shows this:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 192.168.3.2:5060 0.0.0.0:*
tcp LISTEN 0 64 192.168.3.2:5060 0.0.0.0:*
...which means it's listening on the "phone" network, as it should be. However "sofia status" still gives me this:
Name Type Data State
=================================================================================================
external-ipv6 profile [url=sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080]sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080[/url] RUNNING (0)
external profile sip:mod_sofia@67.164.101.201:5080 RUNNING (0)
external::flowroute gateway sip:6509889800@us-west-or.sip-flowroute.com ([email]sip%3A6509889800@us-west-or.sip-flowroute.com[/email]) NOREG
phone profile sip:mod_sofia@10.0.0.167:5060 RUNNING (0)
=================================================================================================
3 profiles 0 aliases
The IP address after "[url=sip:mod_sofia@]sip:mod_sofia@[/url]" is my home LAN. Why isn't it the IP of the "phone" network?
--
Steve
On Tue, Feb 23, 2021 at 1:36 PM Bote Man <botelist@gmail.com (botelist@gmail.com)> wrote:
Quote: |
HO BOY. By “pbx system” may we assume that you mean the linux box running FreeSWITCH?
1) First and foremost, it appears that you (inadvertently?) have FreeSWITCH listening on a public interface since sofia status shows both an ipv4 and an ipv6 address. I strongly suggest you eliminate that before attackers attack from those interfaces. Since the FS “Vanilla” configuration files are intended to get you up and running as quickly as possible, they anticipate the most common scenario which is an internal SIP profile to service your phones (named default) and an external SIP profile (named external) that you may or may not need to listen on a different ip:port pair.
I usually rename those files from external.xml to external.hold so they remain as references, but won’t be picked up by FS when it starts since they no longer have the .xml suffix.
2) Those two gateway definitions are picked up by an include statement at the top of one of the SIP profiles. I’ve never questioned how or why, but my gateway is included in my internal profile and it works just fine. This is why I say that you might not even need that external profile at all, but you’ll need to investigate that further.
3) The SIP profiles as well as all the other XML definitions depend on the “name=” tag at the top, so the filename is irrelevant to FS. The Vanilla configs name the internal profile “default” inside and from your sofia status table it appears that you’ve copied that and named it “phone” so now you have 3 SIP profiles listening, with the internal profile listening on your public IP address.
4) The NAT stuff can be tricky, but you probably want to look into that, as well. Here’s a starting point:
https://freeswitch.org/confluence/display/FREESWITCH/NAT+Traversal
I’m not sure I’ve gotten everything right in here, but my advice is to trim it down to keep it simple and then build it back to more complexity as you master each part.
Hope this helps.
---
John Boteler
BnC Group U.S.A.
From: FreeSWITCH-users <freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)> On Behalf Of Steven Schoch
Sent: Tuesday, 23 February, 2021 16:01
To: freeswitch-users <FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)>
Subject: [Freeswitch-users] New system: sofia is on wrong IP address
The last time I played with FreeSWITCH was 10 years ago, and now I'm helping a local nonprofit retire their obsolete analog phone system.
I have a pbx system with 2 network cards: One dedicated to the phones, plugs into a PoE switch. On that network, the pbx has a DHCP server for the phones, as well as an FTP server for the Polycom SoundPoint IP 320 phones. The IP address on that network is 192.168.3.2.
Since I'm setting up the system here at home, the other network card is on my Xfinity LAN, with an IP address of 10.0.0.167 (via DHCP from the Comcast modem).
I understand the "domain" should be fairly fixed, so I set that to my "phone" network:
<X-PRE-PROCESS cmd="set" data="phone_ip_v4=192.168.3.2"/>
<X-PRE-PROCESS cmd="set" data="domain=$${phone_ip_v4}"/>
<X-PRE-PROCESS cmd="set" data="domain_name=eastwest"/>
I defined an sofia profile named "phone" with these lines:
<param name="rtp-ip" value="$${phone_ip_v4}"/>
<param name="sip-ip" value="$${phone_ip_v4}"/>
I also used the default "internal" profile, in case an SIP device is hooked up to the main LAN, but that's not important.
However, a "sofia status" shows this:
Name Type Data State
=================================================================================================
external-ipv6 profile [url=sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080]sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080[/url] RUNNING (0)
192.168.3.2 alias internal ALIASED
external profile sip:mod_sofia@67.164.101.201:5080 RUNNING (0)
external::sip2sip gateway sip:eastwest@sip2sip.info ([email]sip%3Aeastwest@sip2sip.info[/email]) REGED
external::flowroute gateway sip:6509889800@us-west-or.sip-flowroute.com ([email]sip%3A6509889800@us-west-or.sip-flowroute.com[/email]) NOREG
phone profile sip:mod_sofia@10.0.0.167:5060 RUNNING (0)
internal-ipv6 profile [url=sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5060]sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5060[/url] RUNNING (0)
internal profile sip:mod_sofia@67.164.101.201:5060 RUNNING (0)
=================================================================================================
5 profiles 1 alias
Why does the "phone" profile have "sip:mod_sofia@10.0.0.167:5060". Shouldn't that have the 192.168.3.2 address? And why isn't my phone registering?
--
Steve
_________________________________________________________________________
The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.
Join our online community to chat in real time https://signalwire.community
Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com |
_________________________________________________________________________
The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.
Join our online community to chat in real time https://signalwire.community
Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com |
|
|
Back to top |
|
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|