Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community
 SearchSearch 

[asterisk-users] SIP trunk down. Wireshark shows ICMP Communication administratively filtered


 
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> Asterisk Users
View previous topic :: View next topic  
Author Message
oza.4h07 at gmail.com
Guest





PostPosted: Wed Sep 21, 2016 5:15 am    Post subject: [asterisk-users] SIP trunk down. Wireshark shows ICMP Commun Reply with quote

Hello,


I've got a remote system that is plagued with a strange issue.


It happens from time to time.

Yet, I've not found any condition that trigger this phenomenon.



Here is my setup:


-   PSTN  <---> ITSP <--SIP trunk--> Router <----> Switch <----> Asterisk box
                                                                             |
                                                                             |

                                                                        SIP Phones

- Asterisk box is a Raspi/Rasbian with Asterisk 1.8.13

- Switch is DLink DGS-1210-10P

- Router is Zyxel box (I don't manage it)




I see (with Asterisk console) that Asterisk is sending OPTIONS/REGISTER requests.


With tcpdump and wireshark, I see that :
1. those OPTIONS/REGISTER messages are sent to my ITSP gateway (IP src is Asterisk box, IP dst is ITSP gateway)

2. my router replies (within 30ms)  with something Wireshark presents as an ICMP message like this:
 ICMP    491    Destination unreachable (Communication administratively filtered) ( (IP src is router box, IP dst is Asterisk box)


While this happens, I can successively ping my ITSP gateway.


Searching the web, I found [1] and [2].


1. Is it common to get an ICMP reply to a SIP message ?

2. Any advice or suggestion ?



[1] https://ask.wireshark.org/questions/26667/have-packet-capture-somethings-wrong
[2] http://www.tahi.org/sip-ipv6/ua6/doc-1.0/sip-ipv6-tm/icmp/UA-15-2-1.html



Best regards
Back to top
tim.strommen at gmail.com
Guest





PostPosted: Wed Sep 21, 2016 12:17 pm    Post subject: [asterisk-users] SIP trunk down. Wireshark shows ICMP Commun Reply with quote

Sounds like a firewall setting to me.  If you can ping, then Internet Control Message Protocol (ICMP) packets are allowed, but if SIP traffic is returning the ICMP Type 3 (code 13) response, then your SIP ports are blocked (at least the firewall admin was nice enough to leave the reason code messaging enabled).

Get in touch with your firewall admin and have them forward TCP/UDP 5060, 4569, 5036, and UPD 10000:20000 and 2727 to your Asterisk box IP address.  Make sure they white-list the traffic they pass, so get the IP adress(es) of your ITSP and only have the firewall accept traffic on those ports from that(those) address(es).  That's your first line of defence on toll fraud.


If the firewall has a VoIP helper function that opens up UDP ports as needed during a session start, that should reduce your attack surface too.


-Tim


On Wed, Sep 21, 2016 at 3:15 AM, Olivier <oza.4h07@gmail.com (oza.4h07@gmail.com)> wrote:
Quote:
Hello,


I've got a remote system that is plagued with a strange issue.


It happens from time to time.

Yet, I've not found any condition that trigger this phenomenon.



Here is my setup:


-   PSTN  <---> ITSP <--SIP trunk--> Router <----> Switch <----> Asterisk box
                                                                             |
                                                                             |

                                                                        SIP Phones

- Asterisk box is a Raspi/Rasbian with Asterisk 1.8.13

- Switch is DLink DGS-1210-10P

- Router is Zyxel box (I don't manage it)




I see (with Asterisk console) that Asterisk is sending OPTIONS/REGISTER requests.


With tcpdump and wireshark, I see that :
1. those OPTIONS/REGISTER messages are sent to my ITSP gateway (IP src is Asterisk box, IP dst is ITSP gateway)

2. my router replies (within 30ms)  with something Wireshark presents as an ICMP message like this:
 ICMP    491    Destination unreachable (Communication administratively filtered) ( (IP src is router box, IP dst is Asterisk box)


While this happens, I can successively ping my ITSP gateway.


Searching the web, I found [1] and [2].


1. Is it common to get an ICMP reply to a SIP message ?

2. Any advice or suggestion ?



[1] https://ask.wireshark.org/questions/26667/have-packet-capture-somethings-wrong
[2] http://www.tahi.org/sip-ipv6/ua6/doc-1.0/sip-ipv6-tm/icmp/UA-15-2-1.html



Best regards








--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
      http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
      https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users
Back to top
Display posts from previous:   
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> Asterisk Users All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

VoiceMeUp - Corporate & Wholesale VoIP Services