[Spce-user] 403 Forbidden to outbound calls
Guilherme Lacerda
lacerdaguilherme at gmail.com
Thu Feb 6 09:14:43 EST 2020
Hello Marco,
Thanks for your answer.
So, my callflow is: Softphone => Kazoo PBX => NGCP =>
GW/Termination(Thinq.com). If I understand correctly, peering group is for
outbound gateway and for media servers and inbound (via SIP Trunk, for
example).
In my setup, I created a customer and subscriber with one SIP Trunking
(Kazoo PBX, to receive and make calls) and one SIP Trunking with no
authentication as a termination gateway(Thinq) only to outbound calls to
PSTN. Both servers with 5060 ports. I do not understand the need for change
my port.
Again, thanks for your help.
--
[image: --]
Guilherme Lacerda
[image: http://]about.me/lacerdaguilherme
<http://about.me/lacerdaguilherme?promo=email_sig>
Em qui., 6 de fev. de 2020 às 04:41, Marco Capetta <mcapetta at sipwise.com>
escreveu:
> Hello,
>
> the INVITE is coming from port 11000, but you defined PBX Kazoo with port
> 5060.
> This is probably why you receive the 403 Forbidden message.
>
> Regards
> Marco
>
> On 2/5/20 9:27 PM, Guilherme Lacerda wrote:
>
> Hello Matthias,
>
> I've configured inbound rule as equal as in handbook and link this below.
> I tried insert domain, inbound IPs, outbound IPs and again receive 403.
>
> I think Sipwise don't rewrite nether process inbound rule.
>
> Any ideas?
>
> MariaDB [provisioning]> select * from provisioning.voip_peer_inbound_rules;
>
> +----+----------+----------+---------+-------------+---------------+----------+---------+
> | id | group_id | field | pattern | reject_code | reject_reason |
> priority | enabled |
>
> +----+----------+----------+---------+-------------+---------------+----------+---------+
> | 8 | 1 | ruri_uri | .* | NULL | NULL |
> 50 | 1 |
>
> +----+----------+----------+---------+-------------+---------------+----------+---------+
> 1 row in set (0.000 sec)
>
> --
>
>
> [image: --]
> Guilherme Lacerda
> [image: http://]about.me/lacerdaguilherme
> <http://about.me/lacerdaguilherme?promo=email_sig>
>
>
>
> Em qua., 5 de fev. de 2020 às 16:41, Matthias Hohl <
> matthias.hohl at telematica.at> escreveu:
>
>> Hello.
>>
>> It is very simple... see your logs:
>>
>> „No matching inbound peer rule in any peering group, rejecting call“
>>
>> You have peering groups without inbound rules, so no call will be
>> proceeded over your peering...
>>
>> Just read the handbook how to setup peerings right... you forget about
>> the peering rules.
>>
>> Btw: your rewrite rules are also not setup right..., sipwise needs e164
>> format internally, but you dont rewrite your +55....
>>
>> Am 05.02.2020 um 19:12 schrieb Guilherme Lacerda <
>> lacerdaguilherme at gmail.com>:
>>
>>
>> Hi,
>>
>> When a Customer PBX is registered with Sipwise as a regular subscriber in
>> SIP Trunking domain. When a customer dials PSTN number, they receive
>> following response from Sipwise - Call Failed: 403 Forbidden. I’m not sure
>> what I’m forgetting or how do I troubleshoot this problem. Customer PBX is
>> based on 2600hz Kazoo
>>
>> My setup:
>> NGCP mr7.5.2 on AWS EC2 (NAT)
>>
>> Callflow: Kazoo PBX => NGCP => GW/Termination(Thinq.com)
>>
>> Kazoo PBX = 169.169.169.169
>> Internal IP NGCP = 172.31.37.142
>> External IP NGCP = 54.54.54.54
>>
>>
>> MariaDB [provisioning]> select * from provisioning.voip_peer_groups;
>>
>> +----+------------+----------+-------------+---------------------+-------------------+-------------+
>> | id | name | priority | description | peering_contract_id |
>> has_inbound_rules | time_set_id |
>>
>> +----+------------+----------+-------------+---------------------+-------------------+-------------+
>> | 1 | Kazoo Peer | 1 | | 3 |
>> 0 | NULL |
>>
>> +----+------------+----------+-------------+---------------------+-------------------+-------------+
>> 1 row in set (0.000 sec)
>>
>> MariaDB [provisioning]> select * from provisioning.voip_peer_hosts;
>>
>> +----+----------+-------------+---------------+------------------------+------+-----------+--------+-----------+--------+---------+-------+
>> | id | group_id | name | ip | host |
>> port | transport | weight | via_route | via_lb | enabled | probe |
>>
>> +----+----------+-------------+---------------+------------------------+------+-----------+--------+-----------+--------+---------+-------+
>> | 1 | 1 | Thinq_Kazoo | 72.15.219.140 | NULL |
>> 5060 | 1 | 1 | NULL | 0 | 1 | 0 |
>> | 2 | 1 | PBX Kazoo | 169.169.169.169 | sip3.phonetrack.com.br
>> | 5060 | 1 | 1 | NULL | 0 | 1 | 0 |
>>
>> +----+----------+-------------+---------------+------------------------+------+-----------+--------+-----------+--------+---------+-------+
>> 2 rows in set (0.000 sec)
>>
>> MariaDB [provisioning]> select * from
>> provisioning.voip_peer_inbound_rules;
>>
>> +----+----------+----------+---------+-------------+---------------+----------+---------+
>> | id | group_id | field | pattern | reject_code | reject_reason |
>> priority | enabled |
>>
>> +----+----------+----------+---------+-------------+---------------+----------+---------+
>> | 8 | 1 | ruri_uri | .* | NULL | NULL |
>> 50 | 1 |
>>
>> +----+----------+----------+---------+-------------+---------------+----------+---------+
>> 1 row in set (0.000 sec)
>>
>>
>>
>> SNGREP output
>>
>>
>> │SIP/2.0 403 Forbidden
>> 169.169.169.169:11000 172.31.37.142:5060
>> 127.0.0.1:5060 127.0.0.1:5062 │Via: SIP/2.0/UDP
>> 127.0.0.1;branch=z9hG4bK89d3.f6eb3ac078dc260c2d661673e4f6c55f.0
>> ──────────┬───────── ──────────┬─────────
>> ──────────┬───────── ──────────┬─────────│Via: SIP/2.0/UDP
>> 169.169.169.169:11000
>> ;received=169.169.169.169;rport=11000;branch=z9hG4bK63B
>> 17:53:50.061111 │ INVITE (SDP) │
>> │ │ │j583UBcg
>> +0.000458 │ ──────────────────────────> │
>> │ │ │From: "PhoneTrack SBC3" <
>> sip:6685 at 169.169.169.169>;tag=ZXvHUr7N0Fv0B
>> 17:53:50.061569 │ 100 Trying │
>> │ │ │To: <
>> sip:+5541998970007 at 54.54.54.54>;tag=95c37a12bff1a2c36d72bf8333176544.7855
>> +0.000064 │ <────────────────────────── │
>> │ │ │Call-ID:
>> 7a263420-4840-11ea-a287-d574145c6a81
>> 17:53:50.061633 │ │
>> │ INVITE (SDP) │ │CSeq: 15908825 INVITE
>> +0.000299 │ │
>> │ ──────────────────────────> │ │P-Out-Socket: udp:
>> 172.31.37.142:5060
>> 17:53:50.061932 │ │
>> │ 100 Trying │ │P-NGCP-Auth-IP:
>> 169.169.169.169
>> +0.002908 │ │
>> │ <────────────────────────── │ │P-NGCP-Auth-UA: 2600hz
>> 17:53:50.064840 │ │
>> │ 403 Forbidden │ │P-NGCP-Caller-Info:
>> <sip:<null>@<null>>;ip=169.169.169.169;port=11000
>> +0.000080 │ │
>> │ <────────────────────────── │ │Server: Sipwise NGCP Proxy
>> 7.X
>> 17:53:50.064920 │ │
>> │ ACK │ │Content-Length: 0
>> +0.000122 │ │
>> │ ──────────────────────────> │ │
>> 17:53:50.065042 │ 403 Forbidden │
>> │ │ │
>> +0.005994 │ <────────────────────────── │
>> │ │ │
>> 17:53:50.071036 │ ACK │
>> │ │ │
>> │ ──────────────────────────> │
>> │ │ │
>> │ │
>> │ │ │
>> │ │
>> │ │ │
>>
>>
>>
>> LOGS Proxy
>>
>> Feb 5 17:47:41 ip-172-31-37-142 proxy[10792]: NOTICE: <script>: New
>> request on proxy - M=INVITE R=«sip:+5541998970007 at 54.54.54.54» F=«
>> sip:6685 at 169.169.169.169» T=«sip:+5541998970007 at 54.54.54.54»
>> IP=«169.169.169.169»:«11000» («127.0.0.1»:«5060»)
>> ID=«9e51f47a-483f-11ea-a241-d574145c6a81» UA='2600hz'
>> DESTIP=«127.0.0.1»:«5062»
>> Feb 5 17:47:41 ip-172-31-37-142 proxy[10792]: NOTICE: <script>: Sending
>> reply S=100 Trying fs='«127.0.0.1»:«5062»' du='«127.0.0.1»:«5060»' - R=«
>> sip:+5541998970007 at 54.54.54.54»
>> ID=«9e51f47a-483f-11ea-a241-d574145c6a81» UA='2600hz'
>> Feb 5 17:47:41 ip-172-31-37-142 proxy[10792]: INFO: <script>: Load
>> domain preferences for callee - R=«sip:+5541998970007 at 54.54.54.54»
>> ID=«9e51f47a-483f-11ea-a241-d574145c6a81» UA='2600hz'
>> Feb 5 17:47:41 ip-172-31-37-142 proxy[10792]: INFO: <script>: Clean
>> domain preferences for callee - R=«sip:+5541998970007 at 54.54.54.54»
>> ID=«9e51f47a-483f-11ea-a241-d574145c6a81» UA='2600hz'
>> Feb 5 17:47:41 ip-172-31-37-142 proxy[10792]: INFO: <script>:
>> +++++++++++++++ find caller - R=«sip:+5541998970007 at 54.54.54.54»
>> ID=«9e51f47a-483f-11ea-a241-d574145c6a81» UA='2600hz'
>> Feb 5 17:47:41 ip-172-31-37-142 proxy[10792]: NOTICE: <script>: Call
>> from PSTN - R=«sip:+5541998970007 at 54.54.54.54»
>> ID=«9e51f47a-483f-11ea-a241-d574145c6a81» UA='2600hz'
>> Feb 5 17:47:41 ip-172-31-37-142 proxy[10792]: NOTICE: <script>: No
>> matching inbound peer rule in any peering group, rejecting call - R=«
>> sip:+5541998970007 at 54.54.54.54»
>> ID=«9e51f47a-483f-11ea-a241-d574145c6a81» UA='2600hz'
>> Feb 5 17:47:41 ip-172-31-37-142 proxy[10792]: INFO: <script>: Adding
>> reply P-NGCP-Caller-Info '<sip:«<null>»@«<null>»>;ip=«169.169.169.169»;port=«11000»«»«»'
>> - ID=«9e51f47a-483f-11ea-a241-d574145c6a81» UA='2600hz'
>> Feb 5 17:47:41 ip-172-31-37-142 proxy[10792]: NOTICE: <script>: Sending
>> reply S=403 Forbidden fs='«127.0.0.1»:«5062»' du='«127.0.0.1»:«5060»' - R=«
>> sip:+5541998970007 at 54.54.54.54»
>> ID=«9e51f47a-483f-11ea-a241-d574145c6a81» UA='2600hz'
>> Feb 5 17:47:41 ip-172-31-37-142 proxy[10792]: INFO: <script>: Runtime
>> for request INVITE was 2415 usec - ID=«9e51f47a-483f-11ea-a241-d574145c6a81»
>> Feb 5 17:47:41 ip-172-31-37-142 proxy[10778]: NOTICE: <script>: New
>> request on proxy - M=ACK R=«sip:+5541998970007 at 54.54.54.54» F=«<null>»
>> T=«<null>» IP=«<null>»:«<null>» («127.0.0.1»:«5060»)
>> ID=«9e51f47a-483f-11ea-a241-d574145c6a81» UA='<null>'
>> DESTIP=«127.0.0.1»:«5062»
>> --
>>
>>
>> [image: --]
>> Guilherme Lacerda
>> [image: http://]
>> <http://about.me/lacerdaguilherme?promo=email_sig>
>>
>>
>
> --
> * Marco Capetta *
> VoIP Developer
>
> Sipwise GmbH <http://www.sipwise.com> , Campus 21/Europaring F15
> AT-2345 Brunn am Gebirge
>
> Phone: +43(0)1 301 2044 <+4313012044>
> Email: mcapetta at sipwise.com
> Website: www.sipwise.com
>
> Particulars according Austrian Companies Code paragraph 14
> "Sipwise GmbH" - Europaring F15 - 2345 Brunn am Gebirge
> FN:305595f, Commercial Court Vienna, ATU64002206
> --
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> http://lists.sipwise.com/mailman/listinfo/spce-user_lists.sipwise.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20200206/3ee76df2/attachment-0002.html>
More information about the Spce-user
mailing list