• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

3CX SP4 using VOIP.MS SIP trunk blocked, Bug?

Status
Not open for further replies.

michaelholt

Joined
Oct 9, 2015
Messages
21
Reaction score
4
Just installed SP4 on version 15 pro. All incoming calls were rejected. Added the IP Address to "allow" on the IP Blacklist. Now inbound calls came through but were blocked after about 30 secs. Activity logs show "ACK is not received from sip: [email protected]" which was the same ip address added to "allow" on the IP Blacklist.

Had to open system|parameters, find "SEC_IGNORE_USER_AGENT" and remove "voip" from the value section. (I also tried changing the name of the sip trunk to something other than voip.ms but did not work.)

Was this an oversite to, by default, block the sip trunk voip.ms or is it intentionally being blocked?

Me, personally, I would think that the manually configured SIP Trunk ip address would automatically be allowed and not in any way blocked, especially from multiple parameters?
 
  • Like
Reactions: xirgo
Hey Mike,

This is funny as I am experiencing the same issue as well. See my post here https://www.3cx.com/community/threads/source-id-in-v15.46645/

I did some troubleshooting with voip.ms this morning and they did a trace. The INVITE request reaches the IP of 3CX, then the system responds with a 100 trying, then (after the ring time) the SIP trink system cancels the request, and 3CX system responds "481 Call/transaction doesnt exist"

All outgoing calls work and the trunk is registering properly.

This has happened since SP4. Luckly I had other trunks with another provider that I was able to reroute the calls to while i try to figure this out but I am more than frustrated with this.

let me know if you happen to find a fix to your issue!

I'm running V15 Linux SP4
 
  • Like
Reactions: michaelholt
I just wanted to update this thread that by doing what was suggested by Mike

Had to open system|parameters, find "SEC_IGNORE_USER_AGENT" and remove "voip" from the value section.

Solved the issue for me

Thanks for sharing Mike
 
  • Like
Reactions: michaelholt
Hi michaelholt,

this message is giving you a clue.

The tipical order of SIP packets of a call can be this:

1. Operator -- INVITE --> 3CX (Initiates a Call)
2. 3CX -- Trying --> Operator (3CX is Trying to do the call)
3. 3CX -- Ringing --> Operator (The destination is ringing)
4. 3CX -- 200 OK --> Operator (The destination answered the call. At this point you can have audio)
5. Operator -- ACK --> 3CX (Operator need to send the ACK to consider the call as correctly established)

Maybe, the ACK is missing and, after 30 seconds, 3CX disconnects the call because didn't receive the ACK.
The behaviour is common in SIP.

In this case, we need to check the headers of the SIP packets of a sample call and find out why this ACK is not arriving at 3CX.

Best Regards.
 
  • Like
Reactions: michaelholt
Hi michaelholt,

this message is giving you a clue.

The tipical order of SIP packets of a call can be this:

1. Operator -- INVITE --> 3CX (Initiates a Call)
2. 3CX -- Trying --> Operator (3CX is Trying to do the call)
3. 3CX -- Ringing --> Operator (The destination is ringing)
4. 3CX -- 200 OK --> Operator (The destination answered the call. At this point you can have audio)
5. Operator -- ACK --> 3CX (Operator need to send the ACK to consider the call as correctly established)

Maybe, the ACK is missing and, after 30 seconds, 3CX disconnects the call because didn't receive the ACK.
The behaviour is common in SIP.

In this case, we need to check the headers of the SIP packets of a sample call and find out why this ACK is not arriving at 3CX.

Best Regards.

ACK was not arriving because it was being blocked by the user agent. I apologize that I didn't spell out the solution. Sometimes I get wordy.

Thank you so much for the order. I don't think I have ever seen it spelled out like that.
 
I also want to add that I performed a system restore from a backup before the service pack and the bad settings were kept. I was under the impression that a backup restore was a true rollback?

As a note, I created a ticket in VOIP.MS and told them of this forum posting as well as the solution. If anyone calls them with this issue, they should be able to fix.

So, now my question is about security. With removing "voip" from "SEC_IGNORE_USER_AGENT" have I weakened security so much so that I need to start looking for another SIP trunk that doesn't have "voip" anywhere in their domain or otherwise?
 
No you haven't weakened the security that mush but any scanners with user agent voip will not be blocked. It is recommended to filter your SIP port to allow only trusted IP's through
 
I would second the idea 100% of only allowing known IP's in your network, because peeps are looking for 5060 open and want to use your pbx for their free phone calls.
 
Also with voip.ms its typically 2 servers depending on which city, so 2 ips, this is minimal, I have Vitelity I have to let 12 entire ip ranges in (1000's of IP's).
 
Status
Not open for further replies.
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.