Registration request in SNGREP but no reply.

Status
Not open for further replies.
L

Len

Member
Mar 8, 2017
95
3
8
52
I am having issues with registration over CGN (Carrier Grade Network Address Translation). I can see registration request in SNGREP but no reply.
I don't see any registration activity in cli even at highest verbose.
The IP in via header comes in as the CGN IP address. I'm not sure if this is done by the ISP (SIP ALG) or the phone.

I see this issue on FS Version 1.10.9 but not on a different system with Version 1.10.7
 
D

Dan

Member
Jul 23, 2017
69
12
8
34
@Len Are you using TLS to avoid SIP ALG, or TCP or UDP?

Have you double checked that Fail2Ban or IPTables isn't blocking the connection? Can you ping the server running FS Version 1.10.9 and access the FusionPBX web interface from the CGNAT'ed internet connection?

What ISP is the CGNAT'ed internet connection from and what router and SIP endpoint is being used? Is it a dual or triple NAT situation or are you using IP Passthrough?

I usually have Fail2Ban block IP addresses that it shouldn't, here is how to list all Fail2Banned IP addresses:
fail2ban-client status | sed -n 's/,//g;s/.*Jail list://p' | xargs -n1 fail2ban-client status
Click to expand...

Also check IPTables as well:
iptables -L
Click to expand...
 
L

Len

Member
Mar 8, 2017
95
3
8
52
Thank you for you help @Dan . Disabling Iptables fixed it. Interestingly after re-enabling it is registering successfully. Now maybe I can see in the logs what was causing it.
 
D

Dan

Member
Jul 23, 2017
69
12
8
34
Did you save the output of iptables -L perchance? That is probably what you will want to compare with the CGNAT'ed IP address to see which rule blocked your client.

Whitelisting the CGNAT subnet in your Fail2Ban config file is probably a good idea to avoid having this particular issue crop up again.

On a different tangent, I tried upgrading on a test machine from 1.10.7 to 1.10.9 last night, but Freeswitch won't start. Still need to debug it, but I was curious how Freeswitch 1.10.9 has been treating you so far?
 
L

Len

Member
Mar 8, 2017
95
3
8
52
I don't think it was a fail2ban issue as I had the same issue with Fail2Ban disabled. I am only running FS 1.10.9 on test server. On production, I am still running 1.10.7. So I don't have much info on that. Newest FusionPBX script installs 1.10.9
 
D

Dan

Member
Jul 23, 2017
69
12
8
34
Hmm, I'm really curious what IPTables rule blocked it? Perhaps a useragent rule or a range got dropped in IPTables somehow?

What caused you to skip 1.10.8? I only missed upgrading to it by accident.
 
Status
Not open for further replies.
Top Bottom