SOLVED incoming calls not working

Status
Not open for further replies.

PJPMontreal

Member
Feb 28, 2020
60
2
8
58
Hi guys, Could you please help me find the problem. I can't understand why the calls are rejected.
I changed few number with XXX for security.
I'm calling from DID 888315XXX to DID 305882XXXX
Registered Gateway Proxy 162.254.144.XXX
My ID with VOIP provider 136466_305882XXXX
IP of my provider server 162.254.144.XXX
IP of my FusionPBX cloud hosted server 207.246.76.XX

And This what Fusion log says:

2020-03-10 04:37:07.790883 [DEBUG] sofia.c:2535 Re-attaching to session c5a748cb-fbb8-4f2f-9080-e598c18c2f11
c5a748cb-fbb8-4f2f-9080-e598c18c2f11 2020-03-10 04:37:07.810881 [DEBUG] sofia.c:10243 sofia/internal/888315XXXX@162.254.144.XXX receiving invite from 162.254.144.XXX:5060 version: 1.10.1 -release-12-f9990221e6 64bit
2020-03-10 04:37:07.810881 [DEBUG] sofia.c:10337 verifying acl "domains" for ip/port 162.254.144.XXX:0.
2020-03-10 04:37:07.830818 [WARNING] sofia_reg.c:2930 Can't find user [136466_305882XXX@207.246.76.XX] from 162.254.144.XXX
You must define a domain called '207.246.76.XX' in your directory and add a user with the id="136466_305882XXXX" attribute
and you must configure your device to use the proper domain in it's authentication credentials.
c5a748cb-fbb8-4f2f-9080-e598c18c2f11 2020-03-10 04:37:07.830818 [NOTICE] sofia.c:2424 Hangup sofia/internal/888315XXXX@162.254.144.XXX [CS_NEW] [CALL_REJECTED]
2020-03-10 04:37:07.830818 [WARNING] sofia_reg.c:1738 SIP auth failure (INVITE) on sofia profile 'internal' for [305882XXXX@207.246.76.XX] from ip 162.254.144.XXX
 

DigitalDaz

Administrator
Staff member
Sep 29, 2016
3,075
577
113
You either need the calls to be sent to port 5080 or you need to add your carriers to the ACL in advanced/access controls
 
  • Like
Reactions: PJPMontreal

PJPMontreal

Member
Feb 28, 2020
60
2
8
58
Thank you so much Daz,
I was doing my homework around here and I tried several solution I found here like this related to add the carrier IP to the ACL. Is there, I put the IP 162.254.144.XXX/32 like this, allowed and in the corresponding domain. See attached. Remember I'm trying to setup a Multi domain or Multitenant configuration. Even in my main domain the incoming are not working.
Regarding to point the calls to port 5080, Correct me please if I'm wrong, I understood this is something the carrier must do.
I'm using VOIP.ms, any idea if they point the calls to 5080 automatically or is something I have to ask them to do?
Thanks in advance for your help.
 

Attachments

  • Fusion.jpg
    Fusion.jpg
    95.4 KB · Views: 136

vespaman

Member
Jul 28, 2017
49
2
8
voip.ms can send to 5080.
in your gateway put in the voip.ms proxy ip or hostname and change the profile setting to external.
as DAZ said if you are using 5060 from your carrier add their IP to an ACL.
I dont think you need the ACL for a carrier using 5080.
 

ad5ou

Active Member
Jun 12, 2018
892
205
43
I dont think you need the ACL for a carrier using 5080.
Newer installs require carrier IP(s) in ACL for either default SIP profile.

If external profile has auth-calls true true set, it should also have
apply-inbound-ACL domains true set.

This fairly recent change means there is no real difference between internal and external profiles.
 

markjcrane

Active Member
Staff member
Jul 22, 2018
509
180
43
50
Its an important change because without it external SIP profile is anonymous and any hacker or bot can send you calls to port 5080 and even if they match nothing they will get added to your CDR database. This allows them to do a denial of service attack on you and waste your resources. So it is better to have to add your provider IP addresses to the domains -> access control list. Use a /32 on the end for a single IP address.
 
  • Like
Reactions: ad5ou

PJPMontreal

Member
Feb 28, 2020
60
2
8
58
voip.ms can send to 5080.
in your gateway put in the voip.ms proxy ip or hostname and change the profile setting to external.
as DAZ said if you are using 5060 from your carrier add their IP to an ACL.
I dont think you need the ACL for a carrier using 5080.
Thanks Vespaman,
The gateway profile was always set as External and is registered on port 5080. That's what I see on voip.ms subaccount registration.
I have the voip server IP added to domains in ACL with the /32 (just in case even if you think is not necessary.
And still incoming calls are rejected!
 

PJPMontreal

Member
Feb 28, 2020
60
2
8
58
Your screen shot shows that you made a common mistake common enough that we added it to the public documentation.
Be sure to read this page especially the bullet points.

FusionPBX Official - Public Documentation
https://docs.fusionpbx.com/en/latest/advanced/access_controls.html
Dear Mark,
Could you pls point me in the right (bullet) direction!? I can't see my common mistake which probably is due to my brain getting tired and confused with this called new version of FusionPBX.
Thanks
Ok, ok I think I found it (Domains Default is Deny) !!! I'm right??? but this still not solve my incoming calls problem!
What about the lan configuration under Access Control? There I have to set the default as Deny ? and which CIDR I have to put there? Remember my Fusion is cloud hosted....
 
Last edited:

PJPMontreal

Member
Feb 28, 2020
60
2
8
58
Newer installs require carrier IP(s) in ACL for either default SIP profile.

If external profile has auth-calls true true set, it should also have
apply-inbound-ACL domains true set.

This fairly recent change means there is no real difference between internal and external profiles.
I checked the external profile and is exactly as you said:
external profile has auth-calls true true set, it should also have
apply-inbound-ACL domains true set.

but still no luck. Incoming calls rejected by my dear Sofia!!!
 

vespaman

Member
Jul 28, 2017
49
2
8
Take the domain name out of the ACL. Just use the ip address/32.
Looks like you do need the ACL for the external profile 5080. My bad but good to know.
 

PJPMontreal

Member
Feb 28, 2020
60
2
8
58
Took the domain name out of the ACL.
Set default domains as Deny and set Voip.ms server/32 to Alllow and still not working....
Any other idea?
 

PJPMontreal

Member
Feb 28, 2020
60
2
8
58
I'm still getting this when calling in:
Remember I changed the last numbers for XXX on phone numbers and IPs just in case... too much hackers over there!

2020-03-12 00:25:49.890852 [DEBUG] sofia.c:2535 Re-attaching to session 6396180d-02ad-4baf-bc68-2283708990a3
6396180d-02ad-4baf-bc68-2283708990a3 2020-03-12 00:25:49.910830 [DEBUG] sofia.c:10243 sofia/external/888315XXXX@162.254.144.XXX receiving invite from 162.254.144.XXX:5060 version: 1.10.1 -release-12-f9990221e6 64bit
2020-03-12 00:25:49.910830 [DEBUG] sofia.c:10337 verifying acl "domains" for ip/port 162.254.144.XXX:0.
2020-03-12 00:25:49.910830 [WARNING] sofia_reg.c:2930 Can't find user [136466_XXXXX@207.246.XX.XX] from 162.254.144.XXX
You must define a domain called '207.246.XX.XX' in your directory and add a user with the id="136466_XXXXX" attribute
and you must configure your device to use the proper domain in it's authentication credentials.
6396180d-02ad-4baf-bc68-2283708990a3 2020-03-12 00:25:49.910830 [NOTICE] sofia.c:2424 Hangup sofia/external/888315XXXX@162.254.144.XXX [CS_NEW] [CALL_REJECTED]
6396180d-02ad-4baf-bc68-2283708990a3 2020-03-12 00:25:49.910830 [DEBUG] sofia.c:1540 Channel is already hungup.

I can't understand why I'm getting this "receiving invite from 162.254.144.XXX:5060" when now I changed the gateway for another subaccount on voip.ms which it says registered on port 5080.
 

ewdpb

Member
Oct 3, 2019
151
19
18
I am not sure what you've got but your issue is most likely related to the ACL configuration as you yourself have pointed out. This is my config for VoIP.ms in case it helps:

General access control:
general_acl.png

Domains ( I think this is how it should be in your case)
ACL_domains.png

The gw:

GW.png

Hope that helps.
 
Last edited:

ewdpb

Member
Oct 3, 2019
151
19
18
No, my account is actually sending the DID. And Yes, I have voip.ms set up to send to a PBX. Who is 207.246.xxx.xxx ?
 

PJPMontreal

Member
Feb 28, 2020
60
2
8
58
Hi Guys,
Everything looks exactly as you said here, The domains on the ACL is exactly as you showed above. The only difference I noted was on the Caller ID at voip.ms subaccount which in my case wasn't set so now I put the DID number as caller ID but made any difference.

And I still getting this, and can't understand why is saying:
"sofia/external/888315xxxx@162.254.xxx.xxx receiving invite from 162.254.xxx.xxx:5060" when my subaccount says registered on port 5080
Fusion subaccount 5080.jpg

3b6ad829-7667-483d-826b-fd133aa695ef 2020-03-12 11:07:11.870847 [DEBUG] switch_core_state_machine.c:585 (sofia/external/8883151441@162.254.xxx.xxx) Running State Change CS_NEW (Cur 1 Tot 193820)
3b6ad829-7667-483d-826b-fd133aa695ef 2020-03-12 11:07:11.870847 [DEBUG] sofia.c:10243 sofia/external/888315xxxx@162.254.xxx.xxx receiving invite from 162.254.xxx.xxx:5060 version: 1.10.1 -release-12-f9990221e6 64bit
2020-03-12 11:07:11.870847 [DEBUG] sofia.c:10337 verifying acl "domains" for ip/port 162.254.xxx.xxx:0.
2020-03-12 11:07:11.870847 [DEBUG] sofia.c:2426 detaching session 3b6ad829-7667-483d-826b-fd133aa695ef
3b6ad829-7667-483d-826b-fd133aa695ef 2020-03-12 11:07:11.870847 [DEBUG] switch_core_state_machine.c:604 (sofia/external/888315xxxx@162.254.xxx.xxx) State NEW
2020-03-12 11:07:11.870847 [DEBUG] sofia.c:2535 Re-attaching to session 3b6ad829-7667-483d-826b-fd133aa695ef
3b6ad829-7667-483d-826b-fd133aa695ef 2020-03-12 11:07:11.890831 [DEBUG] sofia.c:10243 sofia/external/888315xxxx@162.254.xxx.xxx receiving invite from 162.254.xxx.xxx:5060 version: 1.10.1 -release-12-f9990221e6 64bit
2020-03-12 11:07:11.890831 [DEBUG] sofia.c:10337 verifying acl "domains" for ip/port 162.254.xxx.xxx:0.
2020-03-12 11:07:11.890831 [WARNING] sofia_reg.c:2930 Can't find user [136466_Razxxxx@207.246.xx.xx] from 162.254.xxx.xxx
You must define a domain called '207.246.xx.xx' in your directory and add a user with the id="136466_Razxxx" attribute
and you must configure your device to use the proper domain in it's authentication credentials.
3b6ad829-7667-483d-826b-fd133aa695ef 2020-03-12 11:07:11.890831 [NOTICE] sofia.c:2424 Hangup sofia/external/888315xxxx@162.254.xxx.xxx [CS_NEW] [CALL_REJECTED]
3b6ad829-7667-483d-826b-fd133aa695ef 2020-03-12 11:07:11.890831 [DEBUG] sofia.c:1540 Channel is already hungup.
3b6ad829-7667-483d-826b-fd133aa695ef 2020-03-12 11:07:11.890831 [DEBUG] sofia.c:1540 Channel is already hungup.
 
Last edited:

PJPMontreal

Member
Feb 28, 2020
60
2
8
58
No, my account is actually sending the DID. And Yes, I have voip.ms set up to send to a PBX. Who is 207.246.xxx.xxx ?
Hi, can you tell me the way how you know your account is actually sending the DID?
Thanks for the help!!!
 
Status
Not open for further replies.