Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 51 replies
  • Subscribers 0 subscribers
  • Views 19184 views
  • Users 0 members are here
Options
Suggested

[8.940][OPEN] Voip Registrations not registering after Patch Install and Reboot

Mark_D_01
Hi I have noticed this for this Beta (on each time of Patch update).
I have 6 Voip Trunks with 2 different Voip providers.
After each of the Patch updates only One Provider will register and I need to do another Reboot for the other Provider to register.
Even if I restart the SIP Helper the failed to register do not register until another Reboot.

I have been applying the Patch from the Dashboard (Apply Now).

Here is a copy from Asterisk showing registration of Trunks
Host                                    dnsmgr Username       Refresh State    Reg Time                
sip.pennytel.com:5060                   N      ***         285 Registered           Wed, 02 May 2012 12:17:27
sip.pennytel.com:5060                   N      ***         285 Registered           Wed, 02 May 2012 12:17:27
sip.gotalk.com:5060                     N      ***           120 Request Sent                                  
sip.gotalk.com:5060                     N      ***           120 Request Sent                                  
sip.gotalk.com:5060                     N      ***           120 Request Sent                                  
sip.gotalk.com:5060                     N      ***           120 Request Sent                                  
6 SIP registrations.


I'm not sure what other information to send that would be helpful here.
Mark
Parents
  • 0
    Okay guys,

    everything VoIP-related is hard to debug, since we do not have a VoIP-proxy with a separate log file. We have to look at the packet filter log at the correct time to see what's happening, ie.
    [LIST=1]
    • if registration doesn't work, take a look at the packet filter log and search for packets on tcp/5060
    • if phone calls don't work, search for packets on tcp/5060 in the packet filter log and any incoming dropped packets, and additionally look for packets dropped by the IPS
    [/LIST]
    As long as you don't provide any of these information, i can't really do anything. In addition to that, we'd really appreciate if someone would send us a packet trace (tcpdump) of a failed call (full packets, ie. [FONT="Fixedsys"]-s0[/FONT]) from the internal and external interface of the UTM during that failed conenction attempt.

    I know this is a little bit more work than the usual "send me a logfile / screenshot", but if we want to make progress here, we need to get this information.

    Cheers,
    Kai
  • 0 in reply to kbr
    Hi Kai,

    Same thing happend this evening after upgrading to 8.95012. It rebooted and I saw on my Siemens N300 IP phone system, SIP registration failed. When I looked into the web page of the phone I noticed that from my 3 sip providers one could not connect. That was Budgetphone. I also have Voipbuster pro and Rebvoice and they could register succesfull. Just like the last reboot a couple of days ago, the phone could not register itself to Budgetphone. I did a reboot and right after that Budgetphone was now registered. Unfortunately, I did not check the live log, but I have here a piece of the firewall log when budgetphone could not register:

    2012:05:10-20:12:14 FWRG01 ulogd[4132]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" outitf="eth1" mark="0x1bd" app="445" srcmac="0:15:5d:0:2:26" srcip="10.0.0.6" dstip="77.72.169.129" proto="17" length="547" tos="0x08" prec="0x80" ttl="127" srcport="5060" dstport="5060" info="nf_ct_sip: dropping packet"
    2012:05:10-20:12:14 FWRG01 ulogd[4132]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" outitf="eth1" mark="0x1bd" app="445" srcmac="0:15:5d:0:2:26" srcip="10.0.0.6" dstip="77.72.169.129" proto="17" length="520" tos="0x08" prec="0x80" ttl="127" srcport="5060" dstport="5060" info="nf_ct_sip: dropping packet"
    2012:05:10-20:12:18 FWRG01 ulogd[4132]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" outitf="eth1" mark="0x1bd" app="445" srcmac="0:15:5d:0:2:26" srcip="10.0.0.6" dstip="77.72.169.129" proto="17" length="547" tos="0x08" prec="0x80" ttl="127" srcport="5060" dstport="5060" info="nf_ct_sip: dropping packet"
    2012:05:10-20:12:18 FWRG01 ulogd[4132]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" outitf="eth1" mark="0x1bd" app="445" srcmac="0:15:5d:0:2:26" srcip="10.0.0.6" dstip="77.72.169.129" proto="17" length="520" tos="0x08" prec="0x80" ttl="127" srcport="5060" dstport="5060" info="nf_ct_sip: dropping packet"
    2012:05:10-20:12:22 FWRG01 ulogd[4132]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" outitf="eth1" mark="0x1bd" app="445" srcmac="0:15:5d:0:2:26" srcip="10.0.0.6" dstip="77.72.169.129" proto="17" length="547" tos="0x08" prec="0x80" ttl="127" srcport="5060" dstport="5060" info="nf_ct_sip: dropping packet"
    2012:05:10-20:12:22 FWRG01 ulogd[4132]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" outitf="eth1" mark="0x1bd" app="445" srcmac="0:15:5d:0:2:26" srcip="10.0.0.6" dstip="77.72.169.129" proto="17" length="520" tos="0x08" prec="0x80" ttl="127" srcport="5060" dstport="5060" info="nf_ct_sip: dropping packet"

    Now, the strange thing is that the ip in this log 77.72.169.129 belongs to Voipbuster (sip.voipbuster.com)

    3 mins later, the same lines are in the logs:
    2012:05:10-20:15:12 FWRG01 ulogd[4132]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" outitf="eth1" mark="0x1bd" app="445" srcmac="0:15:5d:0:2:26" srcip="10.0.0.6" dstip="77.72.169.129" proto="17" length="519" tos="0x08" prec="0x80" ttl="127" srcport="5060" dstport="5060" info="nf_ct_sip: dropping packet"

    Is this info somthing you can work on, or do you need more? I'm happy to help.

    Kind regards, Renzo
Reply
  • 0 in reply to kbr
    Hi Kai,

    Same thing happend this evening after upgrading to 8.95012. It rebooted and I saw on my Siemens N300 IP phone system, SIP registration failed. When I looked into the web page of the phone I noticed that from my 3 sip providers one could not connect. That was Budgetphone. I also have Voipbuster pro and Rebvoice and they could register succesfull. Just like the last reboot a couple of days ago, the phone could not register itself to Budgetphone. I did a reboot and right after that Budgetphone was now registered. Unfortunately, I did not check the live log, but I have here a piece of the firewall log when budgetphone could not register:

    2012:05:10-20:12:14 FWRG01 ulogd[4132]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" outitf="eth1" mark="0x1bd" app="445" srcmac="0:15:5d:0:2:26" srcip="10.0.0.6" dstip="77.72.169.129" proto="17" length="547" tos="0x08" prec="0x80" ttl="127" srcport="5060" dstport="5060" info="nf_ct_sip: dropping packet"
    2012:05:10-20:12:14 FWRG01 ulogd[4132]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" outitf="eth1" mark="0x1bd" app="445" srcmac="0:15:5d:0:2:26" srcip="10.0.0.6" dstip="77.72.169.129" proto="17" length="520" tos="0x08" prec="0x80" ttl="127" srcport="5060" dstport="5060" info="nf_ct_sip: dropping packet"
    2012:05:10-20:12:18 FWRG01 ulogd[4132]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" outitf="eth1" mark="0x1bd" app="445" srcmac="0:15:5d:0:2:26" srcip="10.0.0.6" dstip="77.72.169.129" proto="17" length="547" tos="0x08" prec="0x80" ttl="127" srcport="5060" dstport="5060" info="nf_ct_sip: dropping packet"
    2012:05:10-20:12:18 FWRG01 ulogd[4132]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" outitf="eth1" mark="0x1bd" app="445" srcmac="0:15:5d:0:2:26" srcip="10.0.0.6" dstip="77.72.169.129" proto="17" length="520" tos="0x08" prec="0x80" ttl="127" srcport="5060" dstport="5060" info="nf_ct_sip: dropping packet"
    2012:05:10-20:12:22 FWRG01 ulogd[4132]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" outitf="eth1" mark="0x1bd" app="445" srcmac="0:15:5d:0:2:26" srcip="10.0.0.6" dstip="77.72.169.129" proto="17" length="547" tos="0x08" prec="0x80" ttl="127" srcport="5060" dstport="5060" info="nf_ct_sip: dropping packet"
    2012:05:10-20:12:22 FWRG01 ulogd[4132]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" outitf="eth1" mark="0x1bd" app="445" srcmac="0:15:5d:0:2:26" srcip="10.0.0.6" dstip="77.72.169.129" proto="17" length="520" tos="0x08" prec="0x80" ttl="127" srcport="5060" dstport="5060" info="nf_ct_sip: dropping packet"

    Now, the strange thing is that the ip in this log 77.72.169.129 belongs to Voipbuster (sip.voipbuster.com)

    3 mins later, the same lines are in the logs:
    2012:05:10-20:15:12 FWRG01 ulogd[4132]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" outitf="eth1" mark="0x1bd" app="445" srcmac="0:15:5d:0:2:26" srcip="10.0.0.6" dstip="77.72.169.129" proto="17" length="519" tos="0x08" prec="0x80" ttl="127" srcport="5060" dstport="5060" info="nf_ct_sip: dropping packet"

    Is this info somthing you can work on, or do you need more? I'm happy to help.

    Kind regards, Renzo
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?