Site map  

Freedom Internet VOIP

An Asterisk SIP trunk setup with multiple remote IP addresses.

According to the Freedom internet online documentation (Dutch), one has to register with the following entry in the '[general]' section of /etc/asterisk.sip.conf;

register => Account_Id:PassWord@sipproxy.voipgrid.nl/Account_Id

According to their website this did register me, but I couldn't be called.
Using an IP address instead of a hostname did work;

register => Account_Id:PassWord@195.35.114.24

As it turns out, sipproxy.voipgrid.nl has two IP addresses; 195.35.114.24 and 195.35.115.24. Furthermore, a SRV lookup leads to more hostnames;

pc8:~$ host -t SRV _sip._udp.sipproxy.voipgrid.nl
_sip._udp.sipproxy.voipgrid.nl has SRV record 10 0 6060 sbc2-grq.voipgrid.nl.
_sip._udp.sipproxy.voipgrid.nl has SRV record 20 0 6060 sbc2-ams.voipgrid.nl.
_sip._udp.sipproxy.voipgrid.nl has SRV record 50 0 5060 sipproxy.grq.voipgrid.nl.
_sip._udp.sipproxy.voipgrid.nl has SRV record 60 0 5060 sipproxy.ams.voipgrid.nl.

With even more IP addresses;

sbc2-ams.voipgrid.nl has address 195.35.114.41
sbc2-ams.voipgrid.nl has IPv6 address 2a06:2a80:0:114::41
sbc2-grq.voipgrid.nl has address 195.35.115.41
sbc2-grq.voipgrid.nl has IPv6 address 2a06:2a80:0:115::41
sipproxy.ams.voipgrid.nl has address 195.35.114.119
sipproxy.grq.voipgrid.nl has address 195.35.115.119

I didn't want to disable SRV lookups, so created a _sip._udp.sipproxy.voipgrid.nl DNS blackhole. This did not quite solve the problem though. Only registering to an IP address did.
A tcpdump ('tcpdump -i wan -vvv -s 1500 -U port sip') (a rasterisk (or asterisk -r) 'sip set debug on' will also work) showed the problem: My Asterisk was refusing INVITEs!

11:06:00.460261 IP (tos 0x10, ttl 58, id 30021, offset 0, flags [DF], proto UDP (17), length 1305)
    sbc1-grq.voipgrid.nl.sip > ns4.sput.nl.sip: [udp sum ok] SIP, length: 1277
	INVITE sip:Account_Id@45.83.234.41:5060 SIP/2.0
	Record-Route: <sip:195.35.115.24;r2=on;lr>
	Record-Route: <sip:195.35.115.24:5070;r2=on;lr>
	Record-Route: <sip:195.35.115.40;lr;ftag=XXXXXXXX;did=XXXXXXXX;mc=from-dutch;cc=XXXXXXXX>
	Via: SIP/2.0/UDP 195.35.115.24:5060;branch=XXXXXXXX
	Via: SIP/2.0/UDP 195.35.115.40:5060;branch=XXXXXXXX
	Via: SIP/2.0/UDP 195.35.114.112:5060;received=195.35.114.112;branch=XXXXXXXX;rport=5060
	Max-Forwards: 68
	From: "Sput" <sip:Phone_Number@voipgrid.nl>;tag=XXXXXXXX
	To: <sip:Account_Id@voipgrid.nl:5060>
	Contact: <sip:Phone_Number@195.35.114.112:5060>
	Call-ID: XXXXXXXX@voipgrid.nl
	CSeq: 102 INVITE
	User-Agent: VGUA-18vg14~d10
	Date: Fri, 18 Nov 2022 10:06:00 GMT
	Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
	Supported: replaces, timer
	Content-Type: application/sdp
	Content-Length: 333
	
	v=0
	o=- 1783165561 1783165561 IN IP4 195.35.114.112
	s=VGUA-18vg14~d10
	c=IN IP4 195.35.114.112
	t=0 0
	m=audio 16552 RTP/AVP 8 9 97 18 101
	a=rtpmap:8 PCMA/8000
	a=rtpmap:9 G722/8000
	a=rtpmap:97 iLBC/8000
	a=rtpmap:18 G729/8000
	a=fmtp:18 annexb=no
	a=rtpmap:101 telephone-event/8000
	a=fmtp:101 0-16
	a=maxptime:150
	a=sendrecv
11:06:00.460609 IP (tos 0x0, ttl 64, id 59520, offset 0, flags [none], proto UDP (17), length 751)
    ns4.sput.nl.sip > sbc1-grq.voipgrid.nl.sip: [udp sum ok] SIP, length: 723
	SIP/2.0 401 Unauthorized
	Via: SIP/2.0/UDP 195.35.115.24:5060;branch=XXXXXXXX;received=195.35.115.24
	Via: SIP/2.0/UDP 195.35.115.40:5060;branch=XXXXXXXX
	Via: SIP/2.0/UDP 195.35.114.112:5060;received=195.35.114.112;branch=XXXXXXXX;rport=5060
	From: "Sput" <sip:Phone_Number@voipgrid.nl>;tag=XXXXXXXX
	To: <sip:Account_Id@voipgrid.nl:5060>;tag=XXXXXXXX
	Call-ID: XXXXXXXX@voipgrid.nl
	CSeq: 102 INVITE
	Server: Asterisk PBX Version
	Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
	Supported: replaces, timer
	WWW-Authenticate: Digest algorithm=MD5, realm="sput.nl", nonce="XXXXXXXX"
	Content-Length: 0

Default, Asterisk has allowguest enabled. But in my /etc/sip.conf it says 'allowguest=no' (sure, I'm paranoid). This means that Asterisk wants to authenticate INVITEs from unknown IP addresses. And Asterisk only knows the 'first' IP address of the 'host' it registers to.

One solution is to create entries in /etc/asterisk.sip.conf for each of the IP addresses.
To avoid lots of typing I first created a template. This holds the information all the entries have in common;

[voipgrid-in](!)
	type=peer
	context=freedom-in
	defaultuser=Account_Id
	fromuser=Account_Id
	fromdomain=voipgrid.nl
	secret=PassWord
	; Codec 
	disallow=all
	allow=alaw
	; Do not require authentication of incoming INVITEs
	insecure=invite
	; Remote-Party-ID should be sent
	sendrpid=yes
	; Remote-Party-ID should be trusted
	trustrpid=yes

And then create an entry per IP address;

[freedom](voipgrid-in)
host=sipproxy.voipgrid.nl

[freedom_1](voipgrid-in)
host=195.35.114.24

[freedom_2](voipgrid-in)
host=195.35.115.24

[freedom_3](voipgrid-in)
host=195.35.114.41

[freedom_4](voipgrid-in)
host=195.35.114.119

[freedom_5(voipgrid-in)
host=195.35.115.41

[freedom_6](voipgrid-in)
host=195.35.115.119

[freedom_7](voipgrid-in)
host=2a06:2a80:0:114::41

[freedom_8](voipgrid-in)
host=2a06:2a80:0:115::41

The first entry is for dialling out. This actually does a SRV lookup and ends up dialling via IPv6 (I got rid of the DNS SRV blackhole). The other entries are for incoming calls.
Below a 'sip show peers';

sip show peers
Name/username Host Dyn Forcerport Comedia ACL Port Status Description
freedom/Account_Id 2a06:2a80:0:115::41 Auto (No) No 6060 Unmonitored
freedom_1/Account_Id 195.35.114.24 Auto (No) No 5060 Unmonitored
freedom_2/Account_Id 195.35.115.24 Auto (No) No 5060 Unmonitored
freedom_3/Account_Id 195.35.114.41 Auto (No) No 5060 Unmonitored
freedom_4/Account_Id 195.35.114.119 Auto (No) No 5060 Unmonitored
freedom_5/Account_Id 195.35.115.41 Auto (No) No 5060 Unmonitored
freedom_6/Account_Id 195.35.115.119 Auto (No) No 5060 Unmonitored
freedom_7/Account_Id 2a06:2a80:0:114::41 Auto (No) No 5060 Unmonitored
freedom_8/Account_Id 2a06:2a80:0:115::41 Auto (No) No 5060 Unmonitored

Note that the first IP address also appears further down the list.

A 'sip show peers' doesn't show remote registrations though. A a 'sip show registry' does;

sip show registry
Host dnsmgr Username Refresh State Reg.Time
sipproxy.voipgrid.nl:5060 N Account_Id 105 Registered Sat, 19 Nov 2022 09:19:34

What this doesn't show is the result of a SRV lookup: Incoming calls are also via IPv6. And 'sipproxy.voipgrid.nl' only has IPv4 addresses.

If you're dealing with dozens of incoming IP addresses, it's probably best to generate the above stuff with a script, dump the output to a file and include this file in sip.conf. You can even update this from a cron job.
Just below the first entry (the one with the hostname), include a file;

[freedom](voipgrid-in)
host=sipproxy.voipgrid.nl

#include /etc/asterisk/voipgrid-ips.conf

Containing;

; Ip addresses used by Voipgrid

[freedom_1](voipgrid-in)
host=195.35.114.24

[freedom_2](voipgrid-in)
host=195.35.115.24

[freedom_3](voipgrid-in)
host=195.35.114.41

[freedom_4](voipgrid-in)
host=195.35.114.119

[freedom_5](voipgrid-in)
host=195.35.115.41

[freedom_6](voipgrid-in)
host=195.35.115.119

[freedom_7](voipgrid-in)
host=2a06:2a80:0:114::41

[freedom_8](voipgrid-in)
host=2a06:2a80:0:115::41

The script 'gen-voipgr-ips.sh' below generates this file. It puts the IPv6 addresses first though.

#!/bin/bash

# Generate voipgrid-ips.conf
# Modify to suit your needs

HOST="sipproxy.voipgrid.nl"
FILE="voipgrid-ips.conf"
VOIPISP="freedom"

CNT=1
IP4S=""
IP6S=""
IPS=""
LINE=""
SRVS=""

export LC_ALL=C.UTF-8


# Functions

# Find IPv4 address
find4addr()
{
	IP4S=$( host "${1}" | grep "has address" | awk '{print $4}' )
}

# Find IPv6 address
find6addr()
{
	IP6S=$( host "${1}" | grep "has IPv6 address" | awk '{print $5}' )
}

# Find SRV records
findsrv()
{
	SRVS=$( host -t SRV "_sip._udp.${1}" | awk '{print $8}' )
}


# Find IPv4 addresses
find4addr "${HOST}"
# Find IPv6 addresses
find6addr "${HOST}"
# Join
IPS="${IP4S}${IP6S}"
#echo "${IPS}"

# Find SRV records
findsrv "${HOST}"
#echo "${SRVS}"

# Find IP addresses for these SRV records
while read LINE
do
	find4addr "${LINE}"
	IPS=$( echo -e "${IPS}\n${IP4S}" )
	find6addr "${LINE}"
	IPS=$( echo -e "${IPS}\n${IP6S}" )
done <<< "${SRVS}"

# Sort and remove duplicates
IPS=$( echo "${IPS}" | sort -uV )
#echo "${IPS}"

# Generate file
> "${FILE}" 
while read LINE
do
	echo "[${VOIPISP}_${CNT}](voipgrid-in)" >> "${FILE}"
	echo "host=${LINE}" >> "${FILE}"
	echo "" >> "${FILE}"
	let CNT+=1
done <<< "${IPS}"

The script 'check-voipgrid.sh' below can be run from cron to check for changes in the IP addresses. You need to create a directory '/var/local/lib/voipgrid/' for this to work.

#!/bin/bash

# Compare versions of voipgrid-ips.conf
# Modify to suit your needs

DIR="/var/local/lib/voipgrid"
FILE="voipgrid-ips.conf"

if [ ! -d "${DIR}" ]
then
	echo "Directory ${DIR} not found"
	exit 1
fi

cd "${DIR}/"

if [ -f "${FILE}" ]
then
	mv "${FILE}" "${FILE}.bak"
else
	> "${FILE}.bak"
	chmod 640 "${FILE}.bak"
	chown root:asterisk "${FILE}.bak"
fi

/usr/local/bin/gen-voipgr-ips.sh
chmod 640 "${FILE}"
chown root:asterisk "${FILE}"

if ! ( diff "${FILE}" "${FILE}.bak" > /dev/null )
then
	echo "Voipgrid IPs changed"
	cat "${FILE}"
fi

Note: Both scripts go in '/usr/local/bin/'.

When the IP addresses change, cron will mail the new addresses to you. If you are happy with the new file, copy 'voipgrid-ips.conf' from '/var/local/lib/voipgrid/' to '/etc/asterisk/'. Then do an 'asterisk -rx "sip reload"' for the changes to take effect;

~# cp /var/local/lib/voipgrid/voipgrid-ips.conf /etc/asterisk/
~# asterisk -rx "sip reload"

Modify to suit your needs.