Good Day
Summary Setup see below
AsteriskPBX(Local) <<<<LAN same segment>>>>>Connected to 1 Interface <<<FusionPBX>>>>>Connected to Provider Outbound to interface 2<<<<AcmeSBC>>>>>
Our FusionPBX is running on Debian with 2 NIC in different segments the other one to Asterisk is local connection and the other connected via a Point 2 point VPN connection to the Service provider the acme SBC see interface config and routing as below:
--------------
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug enp2s0
iface enp2s0 inet static
address 10.24.12.20
netmask 255.255.255.0
dns-nameserver 8.8.8.8
dns-nameserver 4.2.2.2
# static route to provider -- network 10.0.0.0/8
post-up ip route add 10.0.0.0/8 via 10.24.12.1 dev enp2s0
pre-down ip route del 10.0.0.0/8 via 10.24.12.1 dev enp2s0
# The secondary Interface
allow-hotplug enp3s0
iface enp3s0 inet static
address 10.27.196.26
netmask 255.255.255.252
gateway 10.27.196.25
# static route to provider -- network 10.33.0.0/16
post-up ip route add 10.33.0.0/16 via 10.27.196.25 dev enp3s0 table enp3s0
pre-down ip route del 10.33.0.0/16 via 10.27.196.25 dev enp3s0 table enp3s0
--------------
We can Ping the Lan and the service providers network
From Sofia Trace we can see the trunk between us and the acme network is established.see our gateways below
--------------------
freeswitch@anandavoice> sofia status gateway
Profile::Gateway-Name Data State Ping Time IB Calls(F/T) OB Calls(F/T)
=================================================================================================
internal::eb287f3c-b1d9-4799-a121-4137854719b3 sip:FreeSWITCH@10.24.12.11 NOREG 0.00 0/0 0/0
internal::34a220b7-157c-4a69-a660-14c7cd24dbff sip:FreeSWITCH@10.33.14.196 NOREG 0.00 0/0 0/0
internal::a57e9d32-5675-437a-b7d6-1ed963e6121a sip:FreeSWITCH@10.33.78.196 NOREG 0.00 0/0 0/0
=================================================================================================
3 gateways: Inbound(Failed/Total): 0/0,Outbound(Failed/Total):0/0
----------------------------------
From The local Asterisk we can ping the FusionPBX but we cant register it says unreachable.Even if we try to register extensions locally we cant.
We have disabled fail2ban and changed the iptables as below.But the trunks to gateways in the 10.33.0.0/16 are okay only the local trunk and ext registration
----------
####IPTABLES
root@anandavoice:/home/voiceadmin# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP udp -- anywhere anywhere udp dpts:sip:5091 STRING match "friendly-scanner" ALGO name bm TO 65535
DROP udp -- anywhere anywhere udp dpts:sip:5091 STRING match "sipcli/" ALGO name bm TO 65535
DROP udp -- anywhere anywhere udp dpts:sip:5091 STRING match "VaxSIPUserAgent/" ALGO name bm TO 65535
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:7443
ACCEPT tcp -- anywhere anywhere tcp dpts:sip:5091
ACCEPT udp -- anywhere anywhere udp dpts:sip:5091
ACCEPT udp -- anywhere anywhere udp dpts:16384:32768
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT udp -- anywhere anywhere udp dpt
penvpn
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
----------
We still cant register the local extensions and the Asterisk pbx can anyone assist.
Summary Setup see below
AsteriskPBX(Local) <<<<LAN same segment>>>>>Connected to 1 Interface <<<FusionPBX>>>>>Connected to Provider Outbound to interface 2<<<<AcmeSBC>>>>>
Our FusionPBX is running on Debian with 2 NIC in different segments the other one to Asterisk is local connection and the other connected via a Point 2 point VPN connection to the Service provider the acme SBC see interface config and routing as below:
--------------
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug enp2s0
iface enp2s0 inet static
address 10.24.12.20
netmask 255.255.255.0
dns-nameserver 8.8.8.8
dns-nameserver 4.2.2.2
# static route to provider -- network 10.0.0.0/8
post-up ip route add 10.0.0.0/8 via 10.24.12.1 dev enp2s0
pre-down ip route del 10.0.0.0/8 via 10.24.12.1 dev enp2s0
# The secondary Interface
allow-hotplug enp3s0
iface enp3s0 inet static
address 10.27.196.26
netmask 255.255.255.252
gateway 10.27.196.25
# static route to provider -- network 10.33.0.0/16
post-up ip route add 10.33.0.0/16 via 10.27.196.25 dev enp3s0 table enp3s0
pre-down ip route del 10.33.0.0/16 via 10.27.196.25 dev enp3s0 table enp3s0
--------------
We can Ping the Lan and the service providers network
From Sofia Trace we can see the trunk between us and the acme network is established.see our gateways below
--------------------
freeswitch@anandavoice> sofia status gateway
Profile::Gateway-Name Data State Ping Time IB Calls(F/T) OB Calls(F/T)
=================================================================================================
internal::eb287f3c-b1d9-4799-a121-4137854719b3 sip:FreeSWITCH@10.24.12.11 NOREG 0.00 0/0 0/0
internal::34a220b7-157c-4a69-a660-14c7cd24dbff sip:FreeSWITCH@10.33.14.196 NOREG 0.00 0/0 0/0
internal::a57e9d32-5675-437a-b7d6-1ed963e6121a sip:FreeSWITCH@10.33.78.196 NOREG 0.00 0/0 0/0
=================================================================================================
3 gateways: Inbound(Failed/Total): 0/0,Outbound(Failed/Total):0/0
----------------------------------
From The local Asterisk we can ping the FusionPBX but we cant register it says unreachable.Even if we try to register extensions locally we cant.
We have disabled fail2ban and changed the iptables as below.But the trunks to gateways in the 10.33.0.0/16 are okay only the local trunk and ext registration
----------
####IPTABLES
root@anandavoice:/home/voiceadmin# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP udp -- anywhere anywhere udp dpts:sip:5091 STRING match "friendly-scanner" ALGO name bm TO 65535
DROP udp -- anywhere anywhere udp dpts:sip:5091 STRING match "sipcli/" ALGO name bm TO 65535
DROP udp -- anywhere anywhere udp dpts:sip:5091 STRING match "VaxSIPUserAgent/" ALGO name bm TO 65535
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:7443
ACCEPT tcp -- anywhere anywhere tcp dpts:sip:5091
ACCEPT udp -- anywhere anywhere udp dpts:sip:5091
ACCEPT udp -- anywhere anywhere udp dpts:16384:32768
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT udp -- anywhere anywhere udp dpt
penvpnChain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
----------
We still cant register the local extensions and the Asterisk pbx can anyone assist.