Cannot dial outbound calls after upgrading to 1.0.20.17


#1

I cannot dial some numbers even when there is only one outbound rule _x on FXO analog port 1.
After upgrading to the latest firmware neither speed dial. IP PBX default voice prompts says number dialed is incorrect error 480.
That is totally false because there is no rule set all outbound calls to national privilege extensions are bypassed also it worked in the previous firmware. CDR only shows failed. It happens only with certain huge list of numbers.
What is the issue, as this is very serious bug and we are unable to make many calls. Inbound from those phone numbers work correct.

Please help


#2

It is not clear what this means - “It happens only with certain huge list of numbers.” Can you shed some light? Where is this list, what is common about it? Appearently other numbers are able to be dialed, so what makes this list different? Have you reverted the F/W back one version to test?


#3

I was a bit unclear first, the “list of numbers” are list of external numbers that are bypassed for an extension which is set as internal only privilege. List was created as mentioned here: https://forums.grandstream.com/t/allow-only-one-national-call-for-a-extension/39935

Please see attached images below. What seems weird is, the privilege level should be internal for the outbound rule but it is greyed out and disabled. I deleted the list and made a new one with priviledge level internal, but as soon as I save it, it becomes grey again and shows Disabled. Please note, Disable This Route is NOT checked.


#4

The screenshot is not complete, but -

  1. When an outbound route is set to filter on source-caller ID, which it appears as such given the “guard” setting in your screenshot, then the privilege levels no longer play a part are grayed out. By definition you have already indicated the specific extensions that can use the rule so privilege levels are no longer applicable.

  2. The privilege listing is a hierarchical listing of permissions that are granted to an extension when not using source caller ID filtering.
    There are:
    Disabled - no calling allowed.
    Internal - level 1
    Local - level 2
    National - level 3
    International - level 4

The names used are just that and while it may seem like they are suggesting a specific calling ability related to dialing patterns needed to reach local, national, etc., this not necessarily so. It depends on how you want to apply to an extension so that the extension has the privilege level to dial out or not.

International (Level 4) is the highest level and by default can use any rule that is 4, 3, 2, or 1.
National (Level 3) is the next highest and can use 3, 2, or 1, but cannot use level 4 rules.
Local can use 2 & 1, but not 3 & 4
Internal can only use 1.
So as you can see, Internal is the lowest level which means that almost anyone can use it and GS issues a warning about its use.

So, if you want people to be able to dial the rule .x to reach your listing of numbers, then they either need to be added to the source filter ID or you need to create a new rule where the permission level allows them to access the rule that allows it.


#5

This is absolutely correct, filter on Source allows me to allow one specific extension setting. What happens is that all the other extensions (national privilege) start getting error 480. even though ive allowed _x. as National Privilege.
As soon as I Disable/delete the bypass_for_internal outbound rule (as shown in the screenshot), those specific numbers start working normally on national level privilege extensions (1002, 1004, etc.) As soon as I enble that outbound list, national extensions again start throwing error 480 on those specific phone number.
This used to work before on previous firmware but it stopped working in the new one.
If the logic is somewhat wrong, so my question in this case will transform as follows: How do I allow one specific Internal Privileged extension to trunk out-dial a specific list of numbers only?


#6

Shot in the dark here, but have you looked at the order of your outbound rules?


#7

I tried changing the orders, bypass list at top, but it’s still the same.


#8

Without seeing the actual rules, not the summary page, it is an unknown. As your screen shot shows the top rule of X. and National, all extension should be able to use that as it is the first rule in the list and whatever is dialed as long as the extension is national will match.

I assume no PING groups for trunk authorizations are enabled?

I also assume you did not enter a CID in the extension CID field for the guard extension in the UCM?

What you can try as a test is:

  1. Eliminate the source caller ID setting in the bypass rule.
  2. Set the privilege lever on the bypass route to local
  3. Set the privilege on the guard extension to local.
  4. Re-order the rules such that the bypass is at the top level.
  5. Save and apply.
  6. Try and let us know.

The extensions with the national rule would be able to reach the numbers in the bypass rule anyway given the X. listing, but the guard should not be able to dial any number other than those in your list as he will not have access to the x. rule as his privilege is lower than National.


#9

Thank you, this works. However I get a warning about internal being used for outbound, which I did ignore. Are there any potential security flaws using this method that I should be concerned of?


#10

Not sure why you used internal when I suggested local.

Are there any issues, that depends. As stated, internal is the lowest level which means that anyone can use.


#11

Oh I see, this worked!

What I did was set Guard extn from Internal to Local and added the bypass_list at Local Level too (from Internal). Also, the list was moved on top, so this bypass list hits first for guard and x. is denied but for all the other extn. (that are at National Level), the first outbound and x. both is allowed.

I understand the ordering of outbound rules now!

Thank you!