Trunk provider being blacklisted

Discussion in '3CX Phone System - General' started by geoff.jukes, May 22, 2013.

Thread Status:
Not open for further replies.
  1. geoff.jukes

    Joined:
    Apr 10, 2013
    Messages:
    14
    Likes Received:
    0
    Hi,

    Our SIP Trunk provider keeps being blacklisted for 'Too many failed auth'. The following is logged in the Server Activity Log:

    Blacklisted (Too many failed auth) IP = X.X.X.X; Failed auth: 0; unauth: 0; auth: 0; 407: 1000

    We have dual WAN connections, and use STUN resolution to determine the active WAN link/IP. This works perfectly. In reverse, our Trunk provider uses SIP:ping messages to test the two links, so that they can deliver to the appropriate link in the event of an outage.

    I suspect that 3CX is blocking due to the PING messages. I have tried to whitelist the Trunk IP, but the PBX removed it and blacklisted it again.

    Has anyone seen this behavior before?

    Many thanks,

    Geoff
     
  2. SY

    SY Well-Known Member
    3CX Support

    Joined:
    Jan 26, 2007
    Messages:
    1,825
    Likes Received:
    2
    Hi,
    Please provide more information:
    1. Please specify trunk service provider.
    2. What is the "SIP:ping" used by the provider?
    3. logs which will show that "the PBX removed it (white list entry) and blacklisted it again"

    We will be glad to investigate the issue.
    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. geoff.jukes

    Joined:
    Apr 10, 2013
    Messages:
    14
    Likes Received:
    0
    Hi Stepan, thanks for the reply.

    1) I am using the 'Generic' 'SIP Trunk' profile. Our provider is not in the list (it is AvalonTel via a reseller)

    2) An example SIP:ping message is:
    Code:
    options sip:OUR-IP:5060 SIP/2.0
    Via: SIP/2.0/UDP TRUNK-IP:5060;branch=z9hG4bKfb6ut300306gfa5mc5c1
    Call-ID: 98977160ea6ba38f5ca29c546f09ae440000g41@TRUNK-IP
    To: sip:ping@OUR-IP
    From: <sip:ping@TRUNK-IP>;tag=f54db0349202463f3cc0596e52b22a250000g41
    Max-Forwards: 0
    CSeq: 73 options
    P-Charge-Info: <sip:ping@TRUNK-IP>;tag=f54db0349202463f3cc0596e52b22a250000g41
    3) I cannot see the entry where the whitelist was removed. I am going to re-add it now, and turn on verbose logging.
     
  4. geoff.jukes

    Joined:
    Apr 10, 2013
    Messages:
    14
    Likes Received:
    0
    Hi,

    :oops: So I think the Whitelist removal was my fault.... I think I forgot to click 'Apply' after adding the Whitelist entry :lol:

    I am still curious to know about the SIP:pings and if that is why they are being blacklisted in the first place. If so I guess it makes sense, as a SIP:ping could be used as a host-discovery method.
     
  5. SY

    SY Well-Known Member
    3CX Support

    Joined:
    Jan 26, 2007
    Messages:
    1,825
    Likes Received:
    2
    Thanks for your reply :)

    It is a point of misunderstanding.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. geoff.jukes

    Joined:
    Apr 10, 2013
    Messages:
    14
    Likes Received:
    0
    Hi Stepan,

    My apologies, I'm not sure what your reply means...

    Are you saying that the PING packet is malformed? If so, would you mind posting the correct format? I can then send that back to the provider to ensure they conform.

    Many thanks,

    Geoff
     
  7. SY

    SY Well-Known Member
    3CX Support

    Joined:
    Jan 26, 2007
    Messages:
    1,825
    Likes Received:
    2
    At first look, the problem may be related to the quote from RFC 3261.
    I just trying to guess the reason...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.