1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. If you had a PIAF Forum account in the vBulletin days, log in with your old credentials. Otherwise, sign up again and we'll get you back in business as soon as we can.
  3. A serious FreePBX vulnerability has been reported. Update your Framework Module immediately. Click here for details.

TUTORIAL U Need Travelin' Man

Discussion in 'Add-On Install Instructions' started by wardmundy, Jun 28, 2010.

  1. lopaka New Member

    Thanks for the input ;). At least I know whats happening. Hopefully someone will know what steps to take to fix or troubleshoot it.

    lopaka
  2. lopaka New Member

    Uncle Ward?

    Ward, could you outline the specific settings in the iphone sip client? I'm thinking this might possibly be a problem with sipdroid and something its doing, since the PIAF server gets the correct external IP addy but the SIP software ends up grabbing the IP address of the router it's passing through.

    I'm going to try using one of the other sip clients and see if anything different happens

    lopaka
  3. MyKroFt Guru

    i installed sipdroid today and it worked the 1st time. I just use the standard xxxx (extension #), password, and pbx hostname - left everything else blank/default.

    Now granted I had a no sound problem and didnt get time to debug it before work, but i think that is because my 10000-20000 port setup is messed up. pfsense firewall has a setup for RTP, and it supposed to pick the ports, but i dunno if they are the same and have to find out.

    but otherwise, i saw the phone register and dialout, just could not hear anything :)
  4. lopaka New Member

    Were you using the "travelin man" setup from another wifi, or are you just trying sipdroid on your home LAN? Mine works fine from home but has issues when used remotely with the travelin man setup. In fact I've been using sipdroid without problems for a while now, I just can't get the remote connection to work right.

    I just retried the setup with aSIP on my nexus one, but it just looks like a clone of sipdroid and has the same problem.

    lopaka
  5. MyKroFt Guru

    I am using mine via the 3g network as I am connecting using my outside real ip - otherwise i would need to changed after hitting port 83 via wifi on local lan would be the local ip of the machine

    if you are connected on your internal lan and trying to use your external ip to test real world outside access, you need to make sure your router can do what we call reflecting - allow you to access real world ip and reflect it back into your lan (wan interface) and then your router would send it to where it was told to forward it to.

    my pfsense can do that also....
  6. lopaka New Member

    I tested both ways and they do the same thing each time, picking up the address of the home router (example 501@63.193.xxx.xxx, and being denied because that address doesn't match the one being approved.

    I can only test via wifi and not 3G, because I have no data plan. The issue may be specific to wifi connection, but I have a theory to test that. When I get back in town I'm going to try and connect "travelin man" style using my old nokia SIP client and see how that fares. If it works, my problem is with the sipdroid client. If it doesn't the problem lies elsewhere.

    Thanks for the input!

    lopaka:smile5:
  7. wardmundy Nerd Uno

    What type router is being used?
  8. lopaka New Member

    Hey Ward, thanks for jumpin in! I'm running a WHR-HP-54G Buffalo router with Tomato firmware. I've contemplated going with D-link just because of the recommendations, but the buffalo with tomato has been the best at dealing with high traffic + QOS, and I don't have any VOIP quality problems with this setup.

    I started with WRT54G with talisman, then went to DDWRT on it. Then switched to WRT150N with DDWRT. Then to the current setup which handles lots of traffic. Currently I have 4 medical clinics with on and offsite backups, and the offsites FPT into my LAN on scheduled times, I've got heavy torrent and P2P loads, and also VNC or RD into the network to grab files, etc. I'd be concerned that the D-links would choke on this since this is the only router that keeps everything smooth so far.

    lopaka
  9. wardmundy Nerd Uno

    You're probably right. I gave up on SIPdroid because of all the problems and switched to SIPagent which is rock-solid. Unfortunately, they sold out to someone else and I have no idea how the new code works because I don't want to forfeit my copy of SIPagent which works. Just search the Marketplace for SIPagent and give the new release a try. Let me know how it goes.
  10. lopaka New Member

    I grabbed the sipagent (now 3CXPhone). Can you list your preferred settings so I can test this?

    lopaka
  11. wardmundy Nerd Uno

    User: 222
    Password: something
    Domain: pbx.dyndns.org or whatever

    Advanced:
    Enable NAT
    STUN: stun.xten.com
    Enable ICE

    G711 codecs

    Leave the rest at default settings. If probs, turn ICE off.
  12. lopaka New Member

    Thanks Ward, I'm still getting this on trying to connect. I'm using travelin man shortcut, then starting 3CXphone and when it tries to register I get this on the log

    [2010-07-01 13:43:16] NOTICE[25336] chan_sip.c: Registration from '<sip:501@63.193.xxx.xxx>' failed for '74.93.xx.xxx' - Device does not match ACL

    The addresses are correct. I am currently located at the '74.93.xx.xxx" addy and my home addy with PIAF is at 63.193.xxx.xxx.

    Do I have to do anything specific to use the stun address you listed other than punch it in? I've never used one prior to this so forgive if it's a dumb question :)
  13. tomsyr Guru

    lopaka,
    I'm working though this, and don't have the Incredible PBX setup on my dev box. I ran the sh script that locks down the extensions with the local subnet.
    When I create a new extension, I have Permit 0.0.0.0/0.0.0.0
    I wonder if you change your ext to that - it may solve your issue.
    AmyGrant mentions the ACL's.

    I expected the GUI for the ext to reflect the 'new' permit, but it doesn't. It gets it from /etc/asterisk/XXX.inc
  14. wardmundy Nerd Uno

    Permit 0.0.0.0/0.0.0.0 basically opens up an extension to anyone that has your extension password... a very bad idea. :wink5:
  15. tomsyr Guru

    Ok - so when we use this, a user could keep their extension, but make it available while on the road. The XXX.inc is allowing the additional IP - right?
  16. wardmundy Nerd Uno

    Correct. Lock down permit in FreePBX to your private IP subnet. Then open up a single external IP hole with extension.inc. See this week's Nerd Vittles article for details.
  17. lopaka New Member

    Ward, does the script disable the allow fields or add additional parameters to the block and allow? Just to trouble shoot my problems I added an allow for my router IP and the external addy, but still get a denied due to ACL error. I've took those back off the PBX afterwards, so no security hole now.

    I may do a separate clean install on an extra box this weekend just to see if somethings hosed on my current system and preventing this from working right.

    lopaka
  18. wardmundy Nerd Uno

    Nothing has been modified in the FreePBX setup except locking down permit to the local subnet. These commands get executed in order like this:

    allow: 0.0.0.0/0.0.0.0 (means allow no one access)
    permit: 192.168.0.0/255.255.255.0 (means permit local subnet 192.168.0.x)
    extension.inc: permit someIP (means permit one specified external IP address)
  19. blueskiesokie New Member

    Ward,
    I am having same problem as lopaka. I have a fresh install of incrediblePBX, configured and working. I have a router with DD-WRT loaded and ports open (83 tcp, 5060 udp, 1000-2000 udp)
    Travelin man is set and the web page shows that the ip is added to the permit. Works great with local connection at home. registration failed remote though?
  20. wardmundy Nerd Uno

    should be 10000-20000 UDP.

Share This Page