dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2110

WhyADuck
Premium Member
join:2003-03-05

4 edits

6 recommendations

WhyADuck

Premium Member

[Asterisk] PJSIP in Asterisk is hot stuff if you configure it right

Click for full size
General SIP settings
Click for full size
Chan PJSIP Settings
I have a very small "family and friends" system running Asterisk and FreePBX that I've been using as a gateway to Google Voice, among other things. With the ongoing demise of XMPP connectivity and a couple of other fortuitous events, I decided it was time to build a new system and of course I wanted to include naf's GVSIP packages, although that turned out to be a short-lived experiment. But I figured that if I had to use PJSIP anyway, I might as well see if I could get it to work for my extensions and trunks. I had a very low opinion of PJSIP going in and my initial tests were not encouraging; I had lots of issues. But to make a long story short, the thing that helped the most was adding this line as the very first line in /etc/asterisk/pjsip_custom_post.conf:

endpoint_identifier_order=auth_username,username,ip

BUT you do not need to add that line manually any more, because now you can configure the Endpoint Identifier Order in the Chan PJSIP Settings in FreePBX as shown in the second screenshot above. Also in that screenshot, note that enabling TLS is optional and if you don't use it you can turn it off; it was only originally enabled for GVSIP.

But here is the thing that impressed me. I set all the extensions to use PJSIP, but I figured I was going to have a world of problems because many of them were connecting on ports other than 5060. In some cases it was a two line device connecting on ports 5060 and 5061; in other cases it was to avoid problems with routers or ISP's that seemed to think that traffic on port 5060 should be messed with. So my approach was going to be, bring up the new system and see what failed to connect, and either switch that extension back to Chan_SIP or if possible, try changing the device back to using port 5060. But you can imagine my shock and wonder when EVERY extension apparently connected without issues. And if I run pjsip show endpoints in the Asterisk CLI, the Contact: field shows the port each device is using. More wondrous is that the connections on port 5061 don't seem to interfere with the TLS stuff.

Maybe I have a fundamental misunderstanding of how SIP is supposed to work, and therefore I should not have been surprised, but it was never that easy in Chan_SIP. It seems to me that the biggest problem with PJSIP is the default configurations. For example, the default of IP matching first caused me a LOT of problems.

I only wanted to post this to say that maybe PJSIP is not something we should all avoid as long as possible. Sure, FreePBX needs to support it a bit better (how do I add the new keep_alive_interval=90 in the [global] section, per naf's instructions?) but I suspect they are learning too. I'm just happy as a clam that I converted all the extensions and trunks to PJSIP, and if you'd asked me a month ago I would not have had a good word to say about it!

Shown above are my current General SIP settings (with IP address redacted, of course) and Chan PJSIP Settings pages. I'm not saying those are the optimum settings (comments are welcome) but they are part of what got it working for me.

NOTE: The "Allow Transports Reload" setting is weird - generally you need to leave it off, or any time you do a configuration reload in FreePBX your PJSIP extensions may get kicked offline, and you may get tons of error messages in the Asterisk CLI and maybe in your log, at which point only restarting Asterisk or rebooting the system will restore connectivity. But on the other hand, you may need to temporarily enable it if you find that nothing will connect using PJSIP, even if you restart Asterisk or Reboot. It apparently only needs to be enabled long enough to allow your extensions and trunks to register, then you can turn it off again. You'll probably only run into this when you first bring up a new system or enable a transport, or if the system has been powered off or disconnected from the Internet for quite some time. I do recommend leaving it set to "No" unless you run into that specific issue.

(The following is GVSIP related information that is no longer relevant, but I moved it to the bottom of the post for historical reasons):

Also, if you set tls - 0.0.0.0 - All to YES in the Chan_PJSIP settings as shown in my Chan PJSIP Settings screenshot, be sure that if you have GVSIP trunks configured in /etc/asterisk/pjsip_custom_post.conf you have the transport line in the registration section for each trunk set to

transport=0.0.0.0-tls

and NOT to the original

transport=transport_tls

from naf's original instructions. If they are set to the original value you can change them using

sed -i -e 's/transport=transport_tls/transport=0.0.0.0-tls/g' /etc/asterisk/pjsip_custom_post.conf

Thanks to dziny See Profile for the above information about changing the transport= line.

Anon213c0
@charter.com

Anon213c0

Anon

Does it work for a ata ? Which kind and model will work good do you use ?

WhyADuck
Premium Member
join:2003-03-05

WhyADuck

Premium Member

All of the ones connected to my system are older models (Linksys SPA-2102, Obi100/110, etc.) and all seem to work fine, although after many years of use the external power supplies tend to fail on those older models. Today if I had to buy a new one I'd probably get a Cisco SPA122 from a reputable seller with a good return policy (in case you get a defective one), but I have no actual experience with them. Units from Grandstream should also work. The main thing to look for is SIP support.
WhyADuck

WhyADuck

Premium Member

Just wanted to note that I replaced the screenshot for the Chan PJSIP Settings because I am now able to use tls - 0.0.0.0 - All set to YES thanks to dziny See Profile's help in the other thread, and I also edited the text above accordingly.

Anon213c0
@charter.com

Anon213c0

Anon

Thank you for your replies.
Does password need to use a oauth or can it work with my regular ?
Does the ata need support for a oauth if that is only way ?
Do you no which ata's will not work and i can stay away ?
Anon213c0

Anon213c0 to WhyADuck

Anon

to WhyADuck
Thank you and your replies.
Does the password need a oauth or can i use my regolar one ?
Does ata need to have a oauth support in it?
Do you know of ata's that cant work i can skip them ?

WhyADuck
Premium Member
join:2003-03-05

WhyADuck to Anon213c0

Premium Member

to Anon213c0
said by Anon213c0 :

Thank you for your replies.
Does password need to use a oauth or can it work with my regular ?
Does the ata need support for a oauth if that is only way ?
Do you no which ata's will not work and i can stay away ?

Assuming your VoIP adapters would be connecting to FreePBX/Asterisk, they do not need oAuth support, in fact FreePBX only supports password (or as they call it, Secret) access (I suppose that technically there would be other methods of access, such as IP address, but extension number and password are the most common, and FreePBX does NOT currently support oAuth access for extensions). Bottom line is you do not need anything to do with oAuth in your adapters.

What will not work is any ATA which does not support the SIP protocol, or any ATA that is locked to a particular provider (unless you can figure out how to unlock it). I would also avoid really old models such as an original Cisco ATA-186 - if it's unlocked you might actually get it to work with enough perseverance but you would probably not be happy with the performance.

Anon213c0
@charter.com

Anon213c0

Anon

In nafs config they show:
[gvsip1]
type=auth
auth_type=oauth
refresh_token=
oauth_clientid=
oauth_secret=
username=
realm=obihai.sip.google.com

[gvsip1]
type=aor
contact=sip:obihai.sip.google.com

How will i fill in with regular password ?
Or how does it look with regular password ?

file
join:2011-03-29
Riverview, NB

file

Member

If you are using FreePBX then you should use their GUI functionality for configuring for a normal device. For configuration file the wiki has examples[1] for various things in PJSIP. There is also the wizard functionality[2] which can simplify configuration.

[1] »wiki.asterisk.org/wiki/d ··· Examples
[2] »wiki.asterisk.org/wiki/d ··· n+Wizard
dziny
join:2015-06-22

dziny to Anon213c0

Member

to Anon213c0
said by Anon213c0 :

Does it work for a ata ? Which kind and model will work good do you use ?

I think the correct answer is it does not. You need to have an asterisk based PBX for this to work. If you have it, then any sip-based ATA would be fine.

file
join:2011-03-29
Riverview, NB

file

Member

Oh based on your response I believe I misread.

My responses were in regards to configuring a normal SIP device with Asterisk.

Anon213c0
@charter.com

Anon213c0

Anon

I want to use a ata with naf Asterisk and Google Voice.

WhyADuck
Premium Member
join:2003-03-05

1 recommendation

WhyADuck

Premium Member

Just wanted to note that I once again replaced the screenshot for the Chan PJSIP Settings and edited the text to reflect that you can now change the Endpoint Identifier Order from the Chan PJSIP Settings page, and also I moved some of the GVSIP related stuff to the bottom of the post since it's really no longer relevant. Probably should have done that many months ago, but I forgot all about that post until I was searching for some other PJSIP related information and came across this old thread. I'd also suggest visiting this thread and checking to see if your PJSIP Trunk settings are the same as those shown in the second and third posts, and particularly that Permanent Auth Rejection is set to No because under certain circumstances, if set to Yes it could cause a trunk to stop working and you won't know why, just that it won't work until you restart Asterisk or reboot.

SysOp
join:2001-04-18
Atlanta, GA

1 recommendation

SysOp

Member

In regards to freepbx "Chan_sip is dead and not receiving any kind of updates or bug fixes anymore from my understanding at Astricon in 2017"
Prof_Tech
join:2007-06-30
Quincy, IL

Prof_Tech to WhyADuck

Member

to WhyADuck
I've been using pjsip with vanilla Asterisk since it was released with version 12. I tried chan_sip with Asterisk 11 first and found there to be some significant issues regarding bridging and early media. Gave up until V12/pjsip were released. There has been a learning curve and some bugs along the way but not all were related to Asterisk or pjsip. I found immediately that most of the service providers had no experience with pjsip and therefore couldn't or wouldn't make any statement or recommendations as to configuration to make pjsip work with their service. Fast forward to now. I recently changed to what I believe to be a good quality fiber ISP and now using Asterisk 16.1 with PJSIP 2.8. This threw another monkey wrench into the mix because the ISP uses a standard gateway with a built-in router and I already had a good router. After about 3 months of tinkering I finally have everything working as good or better than POTS! Just turned up TLS with one of my service providers and I think I've squashed dropped calls & one-way audio (both ITSP's use direct audio). So I (and my wife) are happy campers after 5 or 6 years and 3 different ISP's.