Community discussions

MikroTik App
 
jimchris
just joined
Topic Author
Posts: 3
Joined: Tue Jul 28, 2009 12:57 am

SIP Trunk cannot register

Thu Mar 02, 2023 1:54 pm

Hello Everyone!

I have a networkwith a Cisco router, which I had to change and choose aa Mikrotik RB4011iGS+5HacQ2HnD. I have an Asterisk PBX with a SIP trunk to a voip provider which before the change was working. After the mikrotik installation and configuration the sip trunk send request to register but as I spoke with the provider the request do not arrive at all, so something is blocking the packet.

I did some port forwardiong and turn off the SIP Helper. Can someone point me to the right direction, as I cannot see what is wrong with my config?

My configuration is the following:
# mar/02/2023 13:36:50 by RouterOS 7.7
# software id = QVBE-IY8Q
#
# model = RB4011iGS+5HacQ2HnD
/interface bridge
add name=bridge.DOCKERS
add admin-mac=18:FD:74:BD:24:E7 auto-mac=no name=bridge.LAN
/interface ethernet
set [ find default-name=ether1 ] name=ether1.OXYGEN
set [ find default-name=ether2 ] name=ether2.LTE
set [ find default-name=ether3 ] name=ether3.WAN3
/interface wireless
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac/P(20dBm)+5630/80/DP(24dBm), SSID: Mayfair, CAPsMAN forwarding
set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX installation=indoor mode=ap-bridge name=wlan1.50Ghz ssid=Mayfair
# managed by CAPsMAN
# channel: 2452/20-Ce/gn(17dBm), SSID: Mayfair, CAPsMAN forwarding
set [ find default-name=wlan2 ] band=2ghz-b/g/n channel-width=20/40mhz-XX frequency=auto installation=indoor mode=ap-bridge name=wlan2.24Ghz ssid=Mayfair
/interface wireguard
add listen-port=63231 mtu=1420 name=vpn.wireguard1
/interface veth
add address=10.254.254.2/24 gateway=10.254.254.1 name=veth1.PiHole
/caps-man datapath
add bridge=bridge.LAN name=datapath.Bridge
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=WPA2.Master
add authentication-types=wpa2-psk encryption=aes-ccm name=WPA2.Guest
/caps-man configuration
add country=etsi datapath=datapath.Bridge distance=indoors installation=indoor mode=ap name=cfg1.Master security=WPA2.Master ssid=Mayfair
/container mounts
add dst=/etc/dnsmasq.d name=mnt_PiHole_dnsmasq src=/dockers/PiHole/etc-dnsmasq.d
add dst=/etc/pihole name=mnt_PiHole_etc src=/dockers/PiHole/etc-pihole
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.16.50-192.168.16.253
/ip dhcp-server
add address-pool=dhcp interface=bridge.LAN name=defconf
/port
set 0 name=serial0
set 1 name=serial1
/zerotier
set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" identity="************************************" name=zt1 port=9993
/zerotier interface
add allow-default=no allow-global=no allow-managed=yes disabled=no instance=zt1 name=vpn.zerotier1 network=****************
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg1.Master name-format=identity
/container
add envlist=pihole_envs interface=veth1.PiHole logging=yes mounts=mnt_PiHole_dnsmasq,mnt_PiHole_etc root-dir=/dockers/PiHole
/container config
set registry-url=https://registry-1.docker.io/ tmpdir=/dockers/pull
/container envs
add key=TZ name=envs_PiHole value=Europe/Athens
add key=WEBPASSWORD name=envs_PiHole value=*************
add key=DNSMASQ_USER name=envs_PiHole value=*****
/interface bridge port
add bridge=bridge.LAN comment=defconf interface=ether4
add bridge=bridge.LAN comment=defconf interface=ether5
add bridge=bridge.LAN comment=defconf interface=ether6
add bridge=bridge.LAN comment=defconf interface=ether7
add bridge=bridge.LAN comment=defconf interface=ether8
add bridge=bridge.LAN comment=defconf interface=ether9
add bridge=bridge.LAN comment=defconf interface=ether10
add bridge=bridge.LAN comment=defconf interface=sfp-sfpplus1
add bridge=bridge.LAN comment=defconf interface=wlan1.50Ghz
add bridge=bridge.LAN comment=defconf interface=wlan2.24Ghz
add bridge=bridge.DOCKERS interface=veth1.PiHole
/ip firewall connection tracking
set icmp-timeout=1h udp-stream-timeout=1h
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all lan-interface-list=LAN wan-interface-list=WAN
/interface list member
add comment=defconf interface=bridge.LAN list=LAN
add comment=defconf interface=ether1.OXYGEN list=WAN
add interface=ether2.LTE list=WAN
/interface wireguard peers
add allowed-address=10.254.250.2/32 comment="jimchris Mob M11" interface=vpn.wireguard1 public-key="*****************"
/interface wireless cap
# 
set caps-man-addresses=127.0.0.1 certificate=CAP-18FD74BD24E6 enabled=yes interfaces=wlan1.50Ghz,wlan2.24Ghz lock-to-caps-man=yes
/ip address
add address=192.168.16.254/24 interface=bridge.LAN network=192.168.16.0
add address=10.254.254.1/24 interface=bridge.DOCKERS network=10.254.254.0
add address=10.254.250.1/24 interface=vpn.wireguard1 network=10.254.250.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add add-default-route=no comment="Oxygen - Kokkinos - FTN" interface=ether1.OXYGEN
add add-default-route=no comment=LTE interface=ether2.LTE
/ip dhcp-server lease
add address=192.168.16.51 client-id=1:64:0:6a:52:e:19 mac-address=64:00:6A:52:0E:19 server=defconf
add address=192.168.16.190 client-id=1:0:c:29:6d:f9:2b mac-address=00:0C:29:6D:F9:2B server=defconf
/ip dhcp-server network
add address=192.168.16.0/24 comment=defconf dns-server=192.168.16.254 gateway=192.168.16.254
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.16.254 name=router.local
/ip firewall filter
add action=passthrough chain=forward out-interface-list=WAN
add action=accept chain=forward in-interface=vpn.zerotier1
add action=accept chain=input in-interface=vpn.zerotier1
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="Wireguard Port" dst-port=63231 protocol=udp
add action=accept chain=input comment="Wireguard Traffic" in-interface=vpn.wireguard1
add action=accept chain=input comment="defconf: accept ICMP" in-interface-list=LAN protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related disabled=yes hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="All masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="Dockers masquerade" src-address=10.254.254.0/24
add action=masquerade chain=srcnat comment="Zerotier masquerade" dst-address=192.168.16.0/24 src-address=10.241.0.0/16
add action=dst-nat chain=dstnat disabled=yes dst-port=61194 protocol=udp to-addresses=192.168.16.230
add action=dst-nat chain=dstnat comment="Docker PiHole NAT-PORT" dst-address=192.168.16.254 dst-port=888 protocol=tcp to-addresses=10.254.254.2 to-ports=80
add action=dst-nat chain=dstnat comment="Asterisk SIP NAT-PORT" dst-port=5060 protocol=udp to-addresses=192.168.16.200 to-ports=5060
add action=dst-nat chain=dstnat comment="Asterisk SIP NAT-PORT" dst-port=5060 protocol=tcp to-addresses=192.168.16.200 to-ports=5060
add action=dst-nat chain=dstnat comment="Asterisk SIP NAT-PORT" dst-port=5061 protocol=tcp to-addresses=192.168.16.200 to-ports=5060
add action=dst-nat chain=dstnat dst-port=9000-20999 in-interface-list=WAN protocol=udp to-addresses=192.168.16.200 to-ports=9000-20999
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes sip-direct-media=no
set pptp disabled=yes
/ip route
add disabled=no distance=1 dst-address=8.8.8.8/32 gateway=172.16.254.1 pref-src=0.0.0.0 routing-table=main scope=10 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=8.8.4.4/32 gateway=172.16.39.1 pref-src=0.0.0.0 routing-table=main scope=10 suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=8.8.8.8 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=11
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.16.0/24,10.254.250.0/24,10.241.0.0/16
set ssh address=192.168.16.0/24,10.254.250.0/24,10.241.0.0/16
set api disabled=yes
set winbox address=192.168.16.0/24,10.254.250.0/24,10.241.0.0/16
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=Europe/Athens
/system identity
set name=MF-Nikaia-Router
/system leds
add interface=wlan2.24Ghz leds=wlan2.24Ghz_signal1-led,wlan2.24Ghz_signal2-led,wlan2.24Ghz_signal3-led,wlan2.24Ghz_signal4-led,wlan2.24Ghz_signal5-led type=wireless-signal-strength
add interface=wlan2.24Ghz leds=wlan2.24Ghz_tx-led type=interface-transmit
add interface=wlan2.24Ghz leds=wlan2.24Ghz_rx-led type=interface-receive
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool romon
set enabled=yes
Thank you in advance.

Who is online

Users browsing this forum: Google [Bot] and 82 guests