[Freeswitch-users] registration fails after several hours - FS problem?

Anthony Minessale anthony.minessale at gmail.com
Wed Oct 27 10:04:01 PDT 2010 

if you map it or not, a scanner would penetrate it.
There are lot of sip scanners out there now, you just need to beware of them.


On Wed, Oct 27, 2010 at 11:50 AM, Mario G <mario_fs at mgtech.com> wrote:
> Thanks so much! I am sure many others will find this info invaluable. I will try the static route again but have one question: When I started with FS I found a "sip scanner"  in FS and someone on this group said not to use port mapping since it was a security risk. Is that true?
>
> On Oct 27, 2010, at 9:10 AM, Anthony Minessale wrote:
>
>> you are completely guessing at things.
>> I want you to understand that the only reason you are having problems
>> with this is because you don't understand how it works enough to know
>> what you are doing 100%
>>
>> Its a given that the pnp stuff is only for your dynamic IP.
>> aggressive-nat-detection and sip-force-expires are all related to
>> inbound calls when the things who are registering to you may be behind
>> nat.
>>
>> You need to learn the difference between which nat tools are
>> *) designed for your FS to run behind nat
>> *) designed for FS to run public and accept connections from devices behind nat.
>>
>> If you have a static IP, you don't need the pnp stuff so -nonat is fine
>> What you need to do is set
>>
>> 1) set the params ext-sip-ip and ext-rtp-ip to your external static IP
>> 2) map the sip ports and all of the rtp ports from your static IP to FS lan addr
>> 3) set sip-ip and rtp-ip to the lan addr you forwarded through.
>>
>> If you don't do this: your outbound registration will use NAT to your
>> provider and if there is no activity for the expire time on your NAT
>> mapping the reverse port mapping from your provider back to you is
>> lost.  This is why you set your register expires to a very low number,
>> (you need to make sure the provider does not turn the expires back up
>> in the reply because it will beat your choice *see sip trace) if this
>> is the case then you need the "ping" option set to 30, to continuously
>> send an options to your provider.
>>
>> The static mapping is obviously the better, easier and more reliable solution.
>>
>> So I want you to understand that the only way to keep a nat mapped
>> port alive is to continuously send traffic, all the other methods that
>> you are mentioning are to detect that phones registered to your are
>> behind nat, I gave you that force-expires option before because your
>> trace was full of inbound reg so I thought that is what you wanted
>> help with.
>>
>>
>>
>>
>>
>>
>>
>>
>> On Wed, Oct 27, 2010 at 10:43 AM, Mario G <mario_fs at mgtech.com> wrote:
>>> I should mention that I did not have this problem with an SPA9000 PBX
>>> (asterisk based) for over two years so FS may be pickier about upnp and/or
>>> nat, or just better at it exposing a problem in the router.
>>> I made different changes to the gateways to test different things. One
>>> failed after 17 hours, the other two stayed up.  What did not work:
>>> added <variable name="sip-force-expires" value="30"/> to the directory
>>> entries as suggested.
>>> set the gateway expire times to 30 seconds.
>>> What worked (could be coincidental) for the two gateways that stayed up:
>>> I Added <param name="aggressive-nat-detection" value="true"/>
>>> I originally setup FS to use the static ip by setting external sip/rtp to
>>> just the static ip (no autonat:) and ran with -nonat but I could not get
>>> incoming calls. The only way it worked was to use autonat:1.2.3.4. The
>>> router has 1 static public address and 1 dynamic external IP, this is the
>>> root of the problem, upnp only tells FS about the dynamic ip  Will keep this
>>> thread up-to-date for anyone who may be in the same boat someday. Thanks
>>> again for looking at the trace.
>>> Mario
>>>
>>> You should be setting the req freq to a low number on the outbound gateways
>>>
>>> The examples you showed had a series of inbound reg
>>>
>>> also set expire-seconds to 30 in your gateway xml
>>>
>>>
>>> The problem is if you are not constantly sending traffic to the box
>>>
>>> the nat mapping will go away.
>>>
>>> If you are in production you should be using a static ip with a static
>>>
>>> mapping, any trouble you are having is your own fault for playing with
>>>
>>> fire.  The best we can do is tell you how to keep it contained.
>>>
>>>
>>>
>>>
>>> On Tue, Oct 26, 2010 at 12:34 PM, Mario G <mario_fs at mgtech.com> wrote:
>>>
>>> I made the change. I had no idea the settings for the inside phones effected
>>> nat for the outside sip accounts. I was looking into aggressive-nat-
>>> detection since the internal profile status always shows the right external
>>> static IP but the nat_ap status always shows the dynamic ip. Crossing
>>> fingers/etc since this problem is 85% of time (weeks!) into FS changeover.
>>> Thanks!
>>>
>>> Mario
>>>
>>> On Oct 26, 2010, at 10:15 AM, Anthony Minessale wrote:
>>>
>>> add
>>>
>>> <variable name="sip-force-expires" value="30"/>
>>>
>>> to the <variables> section of your <user>
>>>
>>> you have it at 600 and the nat mapping is timing out while the 600
>>>
>>> seconds is ticking away
>>>
>>>
>>>
>>> On Tue, Oct 26, 2010 at 12:01 PM, Mario G <mario_fs at mgtech.com> wrote:
>>>
>>> From the TSP:
>>>
>>> "I have enabled the SIP trace on your account. We are not currently seeing
>>>
>>> any registration attempts to your account within the last 15 minutes. Please
>>>
>>> restart FreeSwitch so that registration attempts begin again. Thank you. ".
>>>
>>> So FS is not getting past router.
>>>
>>> On Oct 26, 2010, at 9:09 AM, Mario G wrote:
>>>
>>> I ran the global trace during the problem and it is
>>>
>>> at http://pastebin.freeswitch.org/14324 . You can find "rnktel", "acctone",
>>>
>>> "accttwo", "acct3". The trace includes phones since it was global. I am
>>>
>>> using:
>>>
>>>    <param name="ext-rtp-ip" value="autonat:my-static.ip"/>
>>>
>>>    <param name="ext-sip-ip" value="autonat:my-static.ip"/>
>>>
>>> I tried dumping nat and removing the autonat: above and using -nonat but
>>>
>>> that did not work, registration proceeded but no calls inbound.
>>>
>>> On Oct 25, 2010, at 4:11 PM, Mario G wrote:
>>>
>>> Whoops, I am using an IP address for at least one gateway so that is not the
>>>
>>> problem:
>>>
>>> They look outbound to me and I am using dns for 2 and an IP for one so that
>>>
>>> is not the issue. I was able to get FS to clear this up by doing "nat_map
>>>
>>> reinit" which is why I think this is a nat problem. I will do the trace you
>>>
>>> mentioned. I will plug an ip address into one of the gateways to see what
>>>
>>> happens, they all fail at once. Thanks for responding!
>>>
>>> Mario
>>>
>>> On Oct 25, 2010, at 3:26 PM, Mario wrote:
>>>
>>> I really need help on this as I have weeks into this problem. I thought I
>>>
>>> had it nailed but I guess not. After 5.5 hours I get:
>>>
>>> 2010-10-25 15:05:43.407272 [WARNING] sofia_reg.c:387 mguuid Failed
>>>
>>> Registration, setting retry to 15 seconds.
>>>
>>> 2010-10-25 15:05:49.557478 [NOTICE] sofia_reg.c:342 Registering mvuuid
>>>
>>> 2010-10-25 15:05:59.206273 [NOTICE] sofia_reg.c:342 Registering mguuid
>>>
>>> 2010-10-25 15:06:04.923157 [WARNING] sofia_reg.c:387 mynum777 Failed
>>>
>>> Registration, setting retry to 30 seconds.
>>>
>>> 2010-10-25 15:06:05.358321 [WARNING] sofia_reg.c:387 mvuuid Failed
>>>
>>> Registration, setting retry to 15 seconds.
>>>
>>> 2010-10-25 15:06:16.125060 [WARNING] sofia_reg.c:387 mguuid Failed
>>>
>>> Registration, setting retry to 15 seconds.
>>>
>>> 2010-10-25 15:06:21.151240 [NOTICE] sofia_reg.c:342 Registering mvuuid
>>>
>>> 2010-10-25 15:06:33.060421 [NOTICE] sofia_reg.c:342 Registering mguuid
>>>
>>> 2010-10-25 15:06:35.392655 [NOTICE] sofia_reg.c:342 Registering mynum777
>>>
>>> and no way to make/get calls until I restart FS. I did this:
>>>
>>> 1. log 7
>>>
>>> 2. sofia profile xxxx siptrace on   for each profile/gateway
>>>
>>> 3. restarted router
>>>
>>> All three did not solve the problem. The trace and log produced no
>>>
>>> additional lines which is why I am wondering if FS has a problem since the
>>>
>>> trace shows no SIP activity.
>>>
>>> 3 gateways with 2 ITSPs
>>>
>>> 2 DSL/WAN lines, 1 static and 1 dynamic
>>>
>>> I am using autonat:1.2.3.4 in internal and external profiles. 1.2.3.4 is the
>>>
>>> external static ip.
>>>
>>> sofia status profile ... has the right ext ip
>>>
>>> nat_map status shows the dynamic (wrong) IP
>>>
>>> I tried starting with -nonat but that was worse
>>>
>>> the only way to fix is restart FS.
>>>
>>> I read the wiki on external nat, auto_nat and everything else many times.
>>>
>>> Thanks Mario
>>>
>>>
>>> _______________________________________________
>>>
>>> FreeSWITCH-users mailing list
>>>
>>> FreeSWITCH-users at lists.freeswitch.org
>>>
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>
>>> http://www.freeswitch.org
>>>
>>>
>>> _______________________________________________
>>>
>>> FreeSWITCH-users mailing list
>>>
>>> FreeSWITCH-users at lists.freeswitch.org
>>>
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>
>>> http://www.freeswitch.org
>>>
>>> _______________________________________________
>>>
>>> FreeSWITCH-users mailing list
>>>
>>> FreeSWITCH-users at lists.freeswitch.org
>>>
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>
>>> http://www.freeswitch.org
>>>
>>>
>>> _______________________________________________
>>>
>>> FreeSWITCH-users mailing list
>>>
>>> FreeSWITCH-users at lists.freeswitch.org
>>>
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>
>>> http://www.freeswitch.org
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> Anthony Minessale II
>>>
>>> FreeSWITCH http://www.freeswitch.org/
>>>
>>> ClueCon http://www.cluecon.com/
>>>
>>> Twitter: http://twitter.com/FreeSWITCH_wire
>>>
>>> AIM: anthm
>>>
>>> MSN:anthony_minessale at hotmail.com
>>>
>>> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
>>>
>>> IRC: irc.freenode.net #freeswitch
>>>
>>> FreeSWITCH Developer Conference
>>>
>>> sip:888 at conference.freeswitch.org
>>>
>>> googletalk:conf+888 at conference.freeswitch.org
>>>
>>> pstn:+19193869900
>>>
>>> _______________________________________________
>>>
>>> FreeSWITCH-users mailing list
>>>
>>> FreeSWITCH-users at lists.freeswitch.org
>>>
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>
>>> http://www.freeswitch.org
>>>
>>>
>>> _______________________________________________
>>>
>>> FreeSWITCH-users mailing list
>>>
>>> FreeSWITCH-users at lists.freeswitch.org
>>>
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>
>>> http://www.freeswitch.org
>>>
>>>
>>>
>>>
>>> --
>>>
>>> Anthony Minessale II
>>>
>>> FreeSWITCH http://www.freeswitch.org/
>>>
>>> ClueCon http://www.cluecon.com/
>>>
>>> Twitter: http://twitter.com/FreeSWITCH_wire
>>>
>>> AIM: anthm
>>>
>>> MSN:anthony_minessale at hotmail.com
>>>
>>> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
>>>
>>> IRC: irc.freenode.net #freeswitch
>>>
>>> FreeSWITCH Developer Conference
>>>
>>> sip:888 at conference.freeswitch.org
>>>
>>> googletalk:conf+888 at conference.freeswitch.org
>>>
>>> pstn:+19193869900
>>>
>>> _______________________________________________
>>>
>>> FreeSWITCH-users mailing list
>>>
>>> FreeSWITCH-users at lists.freeswitch.org
>>>
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>
>>> http://www.freeswitch.org
>>>
>>>
>>> _______________________________________________
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>> _______________________________________________
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>>
>>
>> --
>> Anthony Minessale II
>>
>> FreeSWITCH http://www.freeswitch.org/
>> ClueCon http://www.cluecon.com/
>> Twitter: http://twitter.com/FreeSWITCH_wire
>>
>> AIM: anthm
>> MSN:anthony_minessale at hotmail.com
>> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
>> IRC: irc.freenode.net #freeswitch
>>
>> FreeSWITCH Developer Conference
>> sip:888 at conference.freeswitch.org
>> googletalk:conf+888 at conference.freeswitch.org
>> pstn:+19193869900
>>
>> _______________________________________________
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 
Anthony Minessale II

FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/
Twitter: http://twitter.com/FreeSWITCH_wire

AIM: anthm
MSN:anthony_minessale at hotmail.com
GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
IRC: irc.freenode.net #freeswitch

FreeSWITCH Developer Conference
sip:888 at conference.freeswitch.org
googletalk:conf+888 at conference.freeswitch.org
pstn:+19193869900

More information about the FreeSWITCH-users mailing list