Inbound Calls Not Working

VitalPBX Community Support General Discussion Inbound Calls Not Working

  • Post
    • July 15, 2018 at 6:26 pm
    Storm18
    Participant

    Pretty new to PBX and have tried different types, so far VitalPBX is my favorite.
    I am using Vitelity for my outbound and inbound calls. Right now my outbound calls work perfectly fine; however, my inbound calls seem to be having some issues.

    The error that I get is this: "Failed to authenticate device "xxxxxx8022" <sip:xxxxxx8022@xx.xx.xx.36>;tag=as01cf2674"
    With this right below it in my fail2ban logs.
    es_security_log.c: SecurityEvent="InvalidPassword",EventTV="2018-07-15T14:12:31.981-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="xxxxxx5064",SessionID="0x7f98b03fbe40",LocalAddress="IPV4/UDP/Vitalpbx's Public IP/5060",RemoteAddress="IPV4/UDP/xx.xx.xx.90/5060",Challenge="",ReceivedChallenge="",ReceivedHash=""

    I get this error in my Full Logs without SIP debug enabled:


    <------------->
    [2018-07-15 14:18:42] VERBOSE[7059] chan_sip.c: --- (16 headers 16 lines) ---
    [2018-07-15 14:18:42] VERBOSE[7059] chan_sip.c: Sending to x.x.xxx.90:5060 (no NAT)
    [2018-07-15 14:18:42] VERBOSE[7059][C-00000018] chan_sip.c: Sending to x.x.xxx.90:5060 (no NAT)
    [2018-07-15 14:18:42] VERBOSE[7059][C-00000018] chan_sip.c: Using INVITE request as basis request - 0bd89b3014bf606740b8a4353527ff54@xx.xx.xx.36
    [2018-07-15 14:18:42] VERBOSE[7059][C-00000018] chan_sip.c: No matching peer for 'xxxxxx8022' from 'x.x.xxx.90:5060'
    [2018-07-15 14:18:42] NOTICE[7059][C-00000018] chan_sip.c: Failed to authenticate device "xxxxxx8022" <sip:xxxxxx8022@xx.xx.xx.36>;tag=as74fedadd
    [2018-07-15 14:18:42] VERBOSE[7059][C-00000018] chan_sip.c:
    <--- Reliably Transmitting (no NAT) to x.x.xxx.90:5060 --->
    SIP/2.0 403 Forbidden
    Via: SIP/2.0/UDP x.x.xxx.90:5060;branch=z9hG4bKaf1e.b8d46bc6.0;received=x.x.xxx.90
    Via: SIP/2.0/UDP xx.xx.xx.36:5060;received=xx.xx.xx.36;branch=z9hG4bK2e44c69c;rport=5060
    From: "xxxxxx8022" <sip:xxxxxx8022@xx.xx.xx.36>;tag=as74fedadd
    To: <sip:xxxxxx5064@205.201.153.98>;tag=as7d510c61
    Call-ID: 0bd89b3014bf606740b8a4353527ff54@xx.xx.xx.36
    CSeq: 102 INVITE
    Server: VitalPBX
    Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
    Supported: replaces, timer
    Content-Length: 0

    The weird thing about this is that if I set the “Allow Guest” to “Yes” in the “Sip Settings->Security” then inbound calls work fine.
    Is it OK to leave this setting enabled? Are there any vulnerabilities that can be exploited from this?

    0
Viewing 12 replies - 1 through 12 (of 12 total)
  • Replies
    • July 15, 2018 at 10:38 pm
    Jose Miguel Rivera
    Keymaster
    NI
    Up
    0
    Down

    What VoIP provider are you using?

    What are the configurations provided by your VoIP Provider?

    0
    • July 17, 2018 at 3:10 pm
    Storm18
    Participant
    Up
    0
    Down
    0
    • July 17, 2018 at 3:25 pm
    Storm18
    Participant
    Up
    0
    Down
    0
    • July 17, 2018 at 7:39 pm
    Jose Miguel Rivera
    Keymaster
    NI
    Up
    0
    Down

    what’s the output of:

    asterisk -rx"sip show registry"
    0
    • July 17, 2018 at 9:30 pm
    Storm18
    Participant
    Up
    0
    Down
    Posted by: mrivera

    what’s the output of:

    asterisk -rx"sip show registry"

    https://drive.google.com/open?id=1xu0WgvuujXIUKyLMfA2WS0zVWfb2yjpB

    Host dnsmgr Username Refresh State Reg.Time
    inbound28.vitelity.net:5060 N vital 45 Registered Tue, 17 Jul 2018 17:30:31
    1 SIP registrations.
    0
    • July 18, 2018 at 1:08 am
    Jose Miguel Rivera
    Keymaster
    NI
    Up
    0
    Down

    By now leave the  setting “allow guest” enabled. When this option is enabled, all unauthenticated calls go through inbound routes.

    0
    • July 18, 2018 at 5:21 pm
    Storm18
    Participant
    Up
    0
    Down
    Posted by: mrivera

    By now leave the  setting “allow guest” enabled. When this option is enabled, all unauthenticated calls go through inbound routes.

    This does not impose a security risk does it?

    0
    • July 18, 2018 at 6:53 pm
    Jose Miguel Rivera
    Keymaster
    NI
    Up
    0
    Down

    No, is not insecure. this setting determines if anonymous callers are permitted to place calls to Asterisk. all the anonymous calls will go through the inbound routes.

    0
    • July 18, 2018 at 7:10 pm
    Storm18
    Participant
    Up
    0
    Down

    Ah ok. I’ll leave it enabled. I added OpenCNAM to the system which gets the customer’s name of the number perfectly fine.

    0
    • July 18, 2018 at 8:23 pm
    Storm18
    Participant
    Up
    0
    Down

    I have also noticed that Vitelity is complete trash and should no longer be used.
    They are down about 60% of the time and hardly ever worked for our PBX systems. I tested Telnyx with a free $20 promo code and the system works 100x better and I don’t have to enable Allow Guest option.

    0
    • July 18, 2018 at 8:25 pm
    Jose Miguel Rivera
    Keymaster
    NI
    Up
    0
    Down

    Did you already check our post about Telnyx: http://bit.ly/2L87qO0 

    0
    • July 18, 2018 at 8:40 pm
    Storm18
    Participant
    Up
    0
    Down
    Posted by: mrivera

    Did you already check our post about Telnyx: http://bit.ly/2L87qO0 

    I did, which is why I tested them. I was also able find a $20 promo code to test it which they also offered me a free local phone number which worked amazingly.
    No longer have to disabled any of my firewalls, Intrusion Detection or any other option that would impose a security risk. The funny thing is that it works without any advanced setting or options.
    Also loved the fact that they let you use their API for their services.

    0
Viewing 12 replies - 1 through 12 (of 12 total)
  • You must be logged in to reply to this topic.