[Home]

Summary:ASTERISK-29502: res_pjsip_config_wizard: doesn't take into account setting "identify/match"
Reporter:Stanislav Abramenkov (silentindark)Labels:
Date Opened:2021-06-30 02:39:44Date Closed:2021-07-02 16:12:15
Priority:MinorRegression?
Status:Closed/CompleteComponents:Resources/res_pjsip_config_wizard
Versions:16.19.0 Frequency of
Occurrence		Constant
Related
Issues:
Environment:Attachments:( 0) full.txt
( 1) full2.txt
( 2) pjsip_wizard.conf
( 3) pjsip.conf
Description:Hello,

I have problem with SIP Trunk configuration using PJSIP Wizard.
It seems that module "res_pjsip_config_wizard.so" doesn't respect (or can't read) setting "identify/match" in Wizard configuration file.
According to documentation:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+16+Configuration_res_pjsip_config_wizard

identify/* Variables to be passed directly to the identify.


Output when I try to configure Trunk using PJSIP Wizard (File pjsip_wizard.conf in attachment)

CLI> pjsip show endpoint trunk_name

Endpoint:  trunk_name                                           Not in use    0 of inf
    InAuth:  trunk_name-iauth/trunk_name
       Aor:  trunk_name                                         1
     Contact:  trunk_name/sip:trunk_name@XXX.XXX.XXX.XXX;tra 7d0851b18e Avail        35.242


Output when I use PJSIP without Wizard (File pjsip.conf in attachment)

CLI> pjsip show endpoint trunk_name

Endpoint:  trunk_name                                           Not in use    0 of inf
    InAuth:  trunk_name/trunk_name
       Aor:  trunk_name                                         1
     Contact:  trunk_name/sip:trunk_name@XXX.XXX.XXX.XXX;tra 7d0851b18e Avail        35.212
  Identify:  trunk_name/trunk_name
       Match: XXX.XXX.XXX.XXX/32
Comments:By: Asterisk Team (asteriskteam) 2021-06-30 02:39:45.032-0500

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. Please note that log messages and other files should not be sent to the Sangoma Asterisk Team unless explicitly asked for. All files should be placed on this issue in a sanitized fashion as needed.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur.

Please note that by submitting data, code, or documentation to Sangoma through JIRA, you accept the Terms of Use present at [https://www.asterisk.org/terms-of-use/|https://www.asterisk.org/terms-of-use/].
By: Stanislav Abramenkov (silentindark) 2021-06-30 02:41:14.529-0500

Configuration files
By: Sean Bright (seanbright) 2021-06-30 07:32:00.134-0500

[This appears to be intentional|https://github.com/asterisk/asterisk/blob/884d863c089f19ba07edfdf441cb521df0eb07a5/res/res_pjsip_config_wizard.c#L744-L754]. The comment reads:

bq. If accepting registrations or we're sending line, we don't need an identify.

At which point it is removed. You have {{accepts_registrations = yes}} in your config.
By: Joshua C. Colp (jcolp) 2021-06-30 07:41:52.199-0500

If you remove what [~seanbright] mentioned, does this resolve the issue?
By: Stanislav Abramenkov (silentindark) 2021-06-30 08:55:21.825-0500

When I tried to change this setting something went wrong, I am seeing Error messages in console. For example:
ERROR[1200] res_pjsip.c: Error 171060 'Unsupported transport (PJSIP_EUNSUPTRANSPORT)' sending OPTIONS request to endpoint

After that I try to restarting asterisk and machine itself. Restarts didn't help and asterisk still not functioning.
Seems to me that I got deadlock with pjproject. (full file log in attachment)
By: Stanislav Abramenkov (silentindark) 2021-06-30 08:55:48.224-0500

full log file
By: Sean Bright (seanbright) 2021-06-30 10:02:57.870-0500

Re-attached log file with a file extension
By: Stanislav Abramenkov (silentindark) 2021-06-30 14:48:36.405-0500

new attempt to start asterisk
By: Joshua C. Colp (jcolp) 2021-06-30 14:55:37.281-0500

That's not a deadlock, it means that a transport wasn't found to send the message. Looking over the provided configs they're not complete enough to be able to really answer why, and you've increased the debug level to an excessive amount that is unnecessary.

Are transports configured? What transport is configured to be used? What transport type is specified in the URI? If you don't enable debug but merely look at the log when Asterisk starts does it provide insight into any errors or issues?
By: Stanislav Abramenkov (silentindark) 2021-06-30 15:50:05.330-0500

This problem is solved. You are right, it is not a deadlock.

About problem with res_pjsip_config_wizard. Seems that it not solve the issue. If I remove accepts_registrations = yes in a config file, then I got
[Jun 30 23:32:15] ERROR[862]: res_pjsip_config_wizard.c:757 handle_identify: Wizard 'trunk_name' must have 'remote_hosts' if it doesn't accept registrations.
[Jun 30 23:32:15] ERROR[862]: res_pjsip_config_wizard.c:1116 object_type_loaded_observer: Unable to create objects for wizard 'trunk_name'

And I can't call out from trunk. (error: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'INVITE' from )


CLI> pjsip show endpoint trunk_name

Endpoint: trunk_name Not in use 0 of inf
InAuth: trunk_name-iauth/trunk_name
Aor: trunk_name 1
Contact: trunk_name/sip:trunk_name@XXX.XXX.XXX.XXX;tra 7d0851b18e Avail        28.388

By: Joshua C. Colp (jcolp) 2021-06-30 15:53:21.234-0500

Your configuration is extremely confusing for what you are trying to achieve and your combination of things. Have you done as the error stated and set remote_hosts?

What exactly is the arrangement supposed to be?
By: Stanislav Abramenkov (silentindark) 2021-07-01 02:50:18.224-0500

Yes before creating this Jira I tried setting remote_hosts.

But if I change SIP trunk configuration to include remote_hosts

from:

[trunk_name](trunk)
accepts_auth = yes                                      ; Accept incoming authentication from remote hosts. At least inbound_auth/username is required.
accepts_registrations = yes                             ; Accept inbound registration from remote hosts. An AOR with dynamic contacts will be created.
sends_auth = no                                         ; Send outbound authentication to remote hosts. At least outbound_auth/username is required.
sends_registrations = no                                ; Send outbound registrations to remote hosts.
inbound_auth/username = trunk_name
inbound_auth/password = strong_password
endpoint/context = some_context
endpoint/allow = alaw
identify/match = dns_name

To:

[trunk_name](trunk)
accepts_auth = yes                                      ; Accept incoming authentication from remote hosts. At least inbound_auth/username is required.
;accepts_registrations = yes                             ; Accept inbound registration from remote hosts. An AOR with dynamic contacts will be created.
sends_auth = no                                         ; Send outbound authentication to remote hosts. At least outbound_auth/username is required.
sends_registrations = no                                ; Send outbound registrations to remote hosts.
remote_hosts = trunk_name@dns_name:5060
inbound_auth/username = trunk_name
inbound_auth/password = strong_password
endpoint/context = some_context
endpoint/allow = alaw
identify/match = dns_name

The output is

CLI> pjsip show endpoint trunk_name


Endpoint:  trunk_name                                           Not in use    0 of inf
    InAuth:  trunk_name-iauth/trunk_name
       Aor:  trunk_name                                         1
     Contact:  trunk_name/sip:trunk_name@ip_address;tra ec94daaaaa Avail        33.817
     Contact:  trunk_name/sip:trunk_name@dns_name 4ac41a7bab Avail        34.274
  Identify:  trunk_name-identify/trunk_name
       Match: ip_address/32


Why is there two separate Contacts in output now?
Because in the configuration I have defined
aor/max_contacts = 1                    ; Maximum number of contacts that can bind to an AoR (default: "0")
aor/remove_existing = yes               ; Determines whether new contacts replace existing ones. (default: "no")

Im not trying to do achieve anything crazy.
Standart SIP trunk, where B side sends (to A side) REGISTER package, and package containt auth data.
I have a working configuration of this kind of SIP trunk in pjsip.conf (works both type of calls: inbound and outbound),
but Im just unable to recreate the same setup using PJSIP wizard.
Tried different combinations of settings and just can't get the same output like I have without Wizard.
By: Joshua C. Colp (jcolp) 2021-07-01 04:06:51.273-0500

Are you removing everything related to it from pjsip.conf including the AOR? Did they previously register to you and it's still in "database show"?
By: Stanislav Abramenkov (silentindark) 2021-07-01 05:37:50.511-0500

>>>Are you removing everything related to it from pjsip.conf including the AOR?
Yes, removed all settings from pjsip.conf which related with this connection.

>>>Did they previously register to you and it's still in "database show"?
Yes, it was in db, but I removed it using command > database deltree registrar/contact

But it was added automatically to db again, seems that after Re-REGISTRATION

In console was message
   -- Added contact 'sip:trunk_name@ip_address;transport=UDP' to AOR 'trunk_name' with expiration of 600 seconds

And afterthat I checked db using command - database show , and I see this record again /registrar/contact/trunk_name
By: Joshua C. Colp (jcolp) 2021-07-01 05:52:35.396-0500

I think you need to explain how both sides are expected to communicate. Who is registering to who, how they are supposed to match, how they are expected to authenticate.
By: Stanislav Abramenkov (silentindark) 2021-07-01 06:09:45.614-0500

I described shortly in my previous comment at Today 10:50 AM
>>>Standart SIP trunk, where B side sends (to A side) REGISTER package, and package contain auth data.

Asterisk (16.19.0) is A side, which waiting a Registration from B side.
shortly:
SIP trunk with incoming (to asterisk) registration and authentication
By: Joshua C. Colp (jcolp) 2021-07-01 06:16:59.069-0500

And A side is where you are trying to use wizards?

If so then you'd want accepts_registrations, and to not configure any identify or remote_hosts.

The wizard is effectively configuring it as if it were a phone that registers to Asterisk and places calls to Asterisk and Asterisk places calls to it.
By: Stanislav Abramenkov (silentindark) 2021-07-01 06:45:34.888-0500

>>>And A side is where you are trying to use wizards?
Yes, A side is asterisk where I try to use PJSIP wizard.

If I put original settings (see pjsip_wizard.conf) back

[trunk_name](trunk)
accepts_auth = yes                                      ; Accept incoming authentication from remote hosts. At least inbound_auth/username is required.
accepts_registrations = yes                             ; Accept inbound registration from remote hosts. An AOR with dynamic contacts will be created.
sends_auth = no                                         ; Send outbound authentication to remote hosts. At least outbound_auth/username is required.
sends_registrations = no                                ; Send outbound registrations to remote hosts.
inbound_auth/username = trunk_name
inbound_auth/password = strong_password
endpoint/context = some_context
endpoint/allow = alaw
identify/match = dns_name

Then B side can't to call to A side (Asterisk (16.19.0)), asterisk drops the calls
But, no problems with calls from A side (asterisk) to B side.

In console:
[Jul  1 14:38:52] NOTICE[16644]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'INVITE' from '"test" <sip:exten@a_side>' failed for 'b_side:5060' (callid: 04b14a8e6ed5ebd92f71c73b1fa28df4) - No matching endpoint found
[Jul  1 14:38:52] NOTICE[17242]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'INVITE' from '"test" <sip:exten@a_side>' failed for 'b_side:5060' (callid: 04b14a8e6ed5ebd92f71c73b1fa28df4) - No matching endpoint found
[Jul  1 14:38:52] NOTICE[17242]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'INVITE' from '"test" <sip:exten@a_side>' failed for 'b_side:5060' (callid: 04b14a8e6ed5ebd92f71c73b1fa28df4) - Failed to authenticate
By: Joshua C. Colp (jcolp) 2021-07-01 06:58:39.272-0500

Are you setting "from_user" on the b side to the username to use on a side? That's how matching based on username works.

Disregarding wizards - why do you have both a registration from b side, and also match based on IP address (therefore you know the IP address making the inbound registration redundant)? Did you do that solve the problem you're now experiencing in the wizard?

I think the core issue here is that your setup wasn't quite right originally, but through a combination of things you got it to work in a weird configuration which doesn't work with wizards.
By: Stanislav Abramenkov (silentindark) 2021-07-02 05:47:31.485-0500

>>>Are you setting "from_user" on the b side to the username to use on a side? That's how matching based on username works.
If I add setting "from_user" on A side(Asterisk 16.19.0), then calls from B side to A side (Asterisk 16.19.0) works fine, but this setting lost callerid. (ext. number)

current setup:
[trunk_name](trunk)
accepts_auth = yes                                      ; Accept incoming authentication from remote hosts. At least inbound_auth/username is required.
accepts_registrations = yes                             ; Accept inbound registration from remote hosts. An AOR with dynamic contacts will be created.
sends_auth = no                                         ; Send outbound authentication to remote hosts. At least outbound_auth/username is required.
sends_registrations = no                                ; Send outbound registrations to remote hosts.
inbound_auth/username = trunk_name
inbound_auth/password = strong_password
endpoint/context = some_context
endpoint/allow = alaw
identify/match = dns_name
endpoint/from_user = trunk_name


>>>Disregarding wizards - why do you have both a registration from b side, and also match based on IP address (therefore you know the IP address making the inbound registration redundant)? Did you do that solve the problem you're now experiencing in the wizard?
Unfortunately, I don't know the IP address, because B side behind DNS. I know only DNS name.

>>>both a registration from b side, and also match based on IP address
Do you mean why not just use IP based trunk without registration ?
If not could you please explain what you mean further?
By: Joshua C. Colp (jcolp) 2021-07-02 05:54:28.243-0500

This is why other mechanisms for transporting CallerID exist, such as Remote-Party-ID and P-Asserted-Identity both of which are supported in PJSIP and have options on the endpoint for enabling (send_rpid, send_pai, trust_id_inbound, trust_id_outbound). The From portion you specify the username to authenticate as (using from_user) and then you transport CallerID using those.

Were you specifying the DNS name for the identify? If so, then that's still matching based on IP address which makes the registration redundant still. You could just specify the DNS name as a contact on the AOR and not do registration at all, which is what the wizard expects people to do in that case and exposed your weird setup.
By: Stanislav Abramenkov (silentindark) 2021-07-02 07:10:59.006-0500

I know that I can use send_pai,(for example) it is enabled in my configuration (pjsip.conf, pjsip_wizard.conf)
But B side (not my server) send callerid (ext. number) as P-Preferred-Identity. And asterisk re-write it for some reason. Asterisk put username (from_user) instead of calleid. (ext. number)

P-Preferred-Identity: "Fextnumebr-trunk_name" <sip:trunk_name@XXX.XXX.XXX.XXX>

But looks like it not suitable for me, because no PAI or RPID, I try to ask maybe B side can enable PAI or RPID.

>>>Were you specifying the DNS name for the identify?
Yes, dns in identify
identify/match = dns_name

Do you mean that i can remove accepts_registrations = yes in my config?
By: Joshua C. Colp (jcolp) 2021-07-02 08:19:54.643-0500

If the remote side is going to register to you, then you have to keep it. I don't think wizards are a fit for your usage with B side because of your configuration requirements. They just don't make sense and aren't supported by wizards, so unless you can fix both sides you'll need to stick with pjsip.conf which doesn't enforce things.
By: Stanislav Abramenkov (silentindark) 2021-07-02 16:11:29.427-0500

Thank you so much for your help!
I think that this ticket can be closed.