SOLVED XiVO, Anveo, No audio for Outgoing.

[TKtech]

So I'm at quite a loss here. I've had a XiVO (Raspivo) box in service now for several months with no major issues. It is currently set up using Google Voice (through Simonics) for incoming/outgoing calls, and Vitelity for incoming only. Both of these were easy as pie to set up, with no issues whatsoever once everything was established.

Recently, due to call volume and moving out of the "Trial Run" I want to move most of our calls to Anveo. Set everything up to the best of my knowledge, but later realized that I had failed pretty bad. Had the Anveo trunk and such set up right on that side, but made the mistake of trying to register on Asterisk's side. Reviewed Ward's post on setting up outgoing calls with XiVO and Anveo, made all the required adjustments and tried a call. Call handshaking is taking place correctly, answering, ringing, hangups all pass back and forth... but no audio on either side.

I've checked codecs, I've forwarded ports, I've added IPs to iptables (though I think most of this is related to incoming calls). I've rebooted the router and PBX... and this is where I stand.

Any logs, configs, and the like can be provided on request. The reason why I don't provide them is because I have no clue what info you guys may want. Keep in mind that this unit is in service during business hours (9-5 PST) so a ton of reboots and the like will have to wait.

Thanks in advance.

[Additional Info]
PBX iptables: http://pastebin.com/TD09kWUU
Screenshots: https://drive.google.com/open?id=0B9d-5a0LtcViOXZUVXhMaklSUGM

 

[wardmundy]

In General Settings -> SIP Protocol -> Network, do you have entries in External IP Address and Local Network? If so, try taking them out.

 

[TKtech]

In General Settings -> SIP Protocol -> Network, do you have entries in External IP Address and Local Network? If so, try taking them out.

No sir, fields are blank. I do recall reading about those needing to be populated for incoming calls, but I could be mistaken.

 

[atsak]

Anveo Direct does not proxy media, so the issue is likely your firewall blocking the RTP stream (I assume you mean Anveo Direct, I don't know about Anveo's full service offering). Many firewalls / routers can open the ports quite easily automatically but some do not because the source IP is different. This is likely why Vitelity and Simonics work, but Anveo Direct probably doesn't. So I know you said you forwarded ports but for Anveo to work reliably I have always forwarded UDP 10000 to 20000 from ANY to the PBX (both iptables and the hardware firewall you have in front); you don't need to nor shoud you forward port 5060; instead simply qualify it or alternatively open SIP explicitly ONLY for Anveo Direct IP's. Now I realize this is a lot of ports to have open, but UDP helps minimize some of the risk, and really the main risk you have here is DoS if those ports are open, which generally doesn't happen often for day to day users unless you irritate the wrong people.

 

[briankelly63]

I do not open RTP ports for Anveo direct. Most decent routers will take care of that for you. If you are using Pfsense as a router you need to use static ports. Google "pfsense voip static". The settings Ward pointed out are critical

 

[TKtech]

@atsak -
I am in the process of revising my filters on my pfSense box, but nothing seemed to unreasonable. I will have to double check my iptables, I've heard of stories where they don't seem to stay set across reboots.

@briankelly63 -
I indeed am running a pfSense box. This static port thing may be something I have not tried and will do so immediately. You mention that Ward's suggested settings are critical, and by that you mean the External IP Address and Local Network fields should be left blank?

 

[wardmundy]

Try it both ways as well as one at a time. Depends on the provider and your router setup.

 

[TKtech]

Ok, quick update here. I have made the modifications to my router (most were actually done by the previous admin, but for the old pbx) and reviewed all other settings. Everything seems to be in place but still no go.

Took a peek at the PBX's iptables, and sure enough they are back to default. I'll be modifying them in accordance with http://blog.mxard.com/persistent-iptables-on-raspberry-pi-raspbian with the appropriate entries, of course.

Anything else I should take a look into whilst I do this?

 

[TKtech]

No luck. I've ensured that iptables persists across reboots, I've double checked the router settings, rebooted that as well... I wish there was a bit more of a hint with this, like at least unidirectional audio, but no. Calls process normally, no audio either way. I will be amending my first post with links to things like my iptables and perhaps pfSense configs while waiting for any other assistance.

You guys have been doing great.

 

[briankelly63]

External IP Address and Local Network must be set for NAT to work properly. STOP fail2ban and iptables (see google) when working these things out. Unless pfsense is configured properly you aren't going to get audio.

https://doc.pfsense.org/index.php/VoIP_Configuration

 

[TKtech]

@briankelly63 -
Please see my original post for both iptables and some screenshots. Our mappings seem to be quite similar, with the difference of mine specifying UDP, this is not an issue I presume.

I stopped fail2ban, but stopping iptables isn't feasible on a rasbian distro if I am not mistaken. Its built into the kernel and your standard "service iptables stop" does not work.

[edit]
On second thought... maybe I'm not setting the right thing in the "Local Network" section. Is this supposed to be the PBX's IP or the Router/Gateway's IP?

 

[briankelly63]

I don't think they are similar. The static port must be set up for the IP addr of the pbx that you have port forwarded 5060 to. In my case the ip ending in 185 is the pbx.

 

[TKtech]

I'm using aliases, "PBX" is an alias to the IP of the PBX. I went ahead and removed the filter for UDP, so now (with respect to aliases/IPs) they are identical.

I'm using https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-to as a reference... but I believe there to be a slight error on the page when referring to "SIP_Ports" and "PBX_Ports".

 

[jerrm]

@TKtech

The iptables rules posted in the original post (http://pastebin.com/TD09kWUU) are pointless with the exception of fail2ban. All your chains default to ACCEPT, so the computer is wide open unless fail2ban kicks in for a specific IP. For the purposes of this conversation it means iptables rules are not the issue if fail2ban has not triggered.

But I agree with @briankelly63 to stop fail2ban for now. I really doubt it is the problem, but until things are working remove it as a variable.

 

[briankelly63]

I left you my number to call in a private message. You've chosen a configuration that can be challenging. Assuming everything on Pfsense is correct getting Anveo direct working on Xivo can be a little challenging in terms of what incoming and whats outgoing for which IP's I'd focus on the easier part first which is outgoing. Outgoing goes out on only one of the Anveo direct IP's. Anyway a quick chat may help. We are all new to Xivo and there are a lot of things that can be set wrong.

 

[TKtech]

@jerm -
Huh, I was under the impressing that iptables was more of a white list. Learning every day.
fail2ban has been stopped, so it seems that the problem resides in either my "SIP Protocol > Network" settings or my pfSense box. Considering I have a habit of botching NAT rules, I'll probably give that a fresh look over later today.

@briankelly63 -
Your patience, understanding, and willingness to help is top notch and I thank you for that (everyone here is pretty awesome, actually). There are definitely parts of Xivo I like, and parts I don't. Considering Voip/SIP terminology is a mess to begin with, and the same data can be referred to by many different names in some cases... then you go and add language translations into the mix. I'm reminded every day how computer science as a whole must be that much more difficult for individuals who's native language isn't English.

I will be out of the shop today, just as a heads up for everyone here. Thanks all.

 

[jerrm]

Huh, I was under the impressing that iptables was more of a white list. Learning every day.
fail2ban has been stopped, so it seems that the problem resides in either my "SIP Protocol > Network" settings or my pfSense box. Considering I have a habit of botching NAT rules, I'll probably give that a fresh look over later today.

There are two basic ways to setup iptables:
1: Default to ACCEPT and have rules to DROP specific traffic.
2: Default to DROP and have rules to ACCEPT specific traffic.

Your rules default to ACCEPT and have additional specific ACCEPT rules without dropping anything. Your ACCEPT rules effectively function only as packet counters.

 

[TKtech]

I'm happy to report that I currently have outgoing bidirectional audio! I'm unsure of inbound calls as of yet, but wanted to check in and report my finding.

Xivo Configuration:
First and foremost, there seems to be a few network settings Xivo may not get quite right... either that or I was braindead the day I set this thing up. Here's a few things to check off the bat:

Under the Configuration tab, side panel, Network>Interfaces.
Ensure that the eth0 entry is set to your PBX's current and static IP, with the correct Gateway. I think mine had been set for back when the unit was originally set for DHCP.

The rest of the settings are within the Services tab.
General settings>SIP Protocol>General.
Port: 5060
UDP address: [IP of PBX]
The UDP address of my unit was still 0.0.0.0, and for some reason I thought that meant that it would default to whatever was set in the Network>Interfaces section... I make some rather poor assumptions.

General settings>SIP Protocol>Network.
External IP address: [Your public, External IP]
Network transport protocols: UDP
Local network: [Subnet/Subnet Mask] (For example: 192.168.1.0/255.255.255.0)
This section is key. There doesn't seem to be a clear definition of what should be in Local network... perhaps it's clear to most, but I figured it was just another one of those field where you have to specify the IP of the PBX again, considering that seems to be a trend. A lot of this stuff, I feel, should be auto populated based on other sections... but hey, clearly I have a poor understanding of the inner workings.

The rest of this section is pretty well documented by Ward @ http://nerdvittles.com/?page_id=18666
Just a quick summary of the first part:

Trunk management>SIP Protocol>[Anveo Trunk]>General.
Name: Whatever you call it. Mine's currently "PITA"
Authentication username: [Blank]
Password: [Blank]
Caller ID: Your outward facing number. Can either be your DID, or some other number you own.
Connection type: Friend
IP addressing type: Static
[Unlabeled Field]: sbc.anveo.com
Context: Probably outcalls (to-extern)
NAT: Yes

psSense Configuration:
Of course, this is only if you are using a pfSense router. I found that following https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-to was pretty accurate. The only issue is that they make reference to aliases "PBX_Ports" and "SIP_Ports", but only define "PBX_Ports". Just use PBX_Ports in place of SIP_Ports.

I'm also using TCP/UDP in the Protocol field, and using "All" in any place where SIP_Trunks is in use. This is probably horribly insecure... but I'll tighten things down as I go.

Thats it. That's all I got so far.

 

[FredP]

Thank you, TKTech - I had the same problem and this fixed it. I got incoming to work by adding an external domain to SIP/networking.

Much obliged!