Ok folks. This has been a issue I have been working on. I have a local ASL install with 2 nodes. I can connect the 2 of them no problem. I build one on Vultr, and then IONOS. I cannot, for the life of me get the nodes THERE to connect to outside nodes. I have set the firewall rules in the firewall policy on IONOS but no joy. I set the Vultr nodes with 4569 UDP open as I did on IONOS and same results. So 2 questions to the group: 1) with the firewalls showing open (ufw) are you having this issue, and 2) WHO is a Cloud server which you have a functioning node?
Try connecting to 55553, since the owner has it configured specifically to ignore registration issues.
If you can connect there but nowhere else, look into registration issues.
Also, read this... IAX-Based Registration - AllStarLink Manual
Thanks Mason I will test it
No joy….gotta be my firewalls
ok, the IONOS connected. SO I will look into registrations issues. THANKS
It’s most likely related to NAT, transit, or routing on the side of your hosting provider or their upstream ISP. That doesn’t necessarily mean there are “issues,” but rather that something in their setup isn’t compatible with what you’re trying to do.
For outgoing connections, you need at least a valid registration, and the IP address that the ASL registration sees has to match the IP address that the remote node sees during the IAX connection. If those don’t line up, things break. Firewalls can also get in the way if something is getting blocked. NAT, CGNAT, or routing differences can also cause problems, especially if HTTP traffic and IAX traffic are being handled differently (see the link above for more detail).
For incoming connections, you need to be able to accept traffic on the UDP port listed in your registration addressed to the public IP from your registration. On a typical home router that usually means port forwarding. The catch is that many residential ISPs don’t hand out true public IPv4 addresses anymore, they use CGNAT instead. When that’s the case, you can’t receive inbound connections because your router doesn't have publicly routable IP to begin with.
1 Like
UFW is automatically installed and activated on a Vultr server if i’m not mistaken. I’m using the KVM servers on racknerd to host a couple. Using the 2gb option for $17.66 a year is your best bet. Mine function flawlessly.
got one up and running 27078/42036 and I cannot connect to other nodes. and with no firewall installed by me, I get this from nmap on the kvm server on racknerd
"PORT STATE SERVICE
4569/tcp closed iax"
This getting to be fun….
Chuck I never have run nmap on one of my racknerd servers, I just installed Debian 12, ran apt update and apt upgrade, rebooted, then followed the instructions from Allstar and installed ASL3
I am be worrying over nothing.Just seems like outgoing from my node does not work but seem incoming does to a point. I will test more this week. Thanks
Shouldn’t that be straight UDP (not TCP or mixed)..?
Yes, I agree so reset to UDP only. But still figuring things out
1 Like
Chuck, what version of the software are you using ?
What exactly are the your node numbers effected ?
Ok, I got it working. First here is info. I have a 2 node EliteDesk pc we are placing at a repeater site. It has 2325 HUB and 27077 repeater nodes on it. I am moving away from using a VPS as we discussed it and this is an old ASL repeater which had no firewall issues, so we are banking on that. ANYWAY on this pc we are also putting in an ASL to NXDN DVSwitch install for when this new radio I am BETA testing and developing with the manufacturer get released. In my testing here at my house, I place the desktop pc with the 2 nodes, and then created a pi with an ASL build. It took a bit but I found on the Dual node hub I MUST run one node (The hub) node in dahdi, and the 27077 node (which will be switched to a RB URI on site) in USRP at this time for testing. Not going to push outgoing connections here as I need to get the bridges going so we have made progress. Thanks to all who helped.
What is your ISP to the the site? Is it NAT’d and how are you handling inbound connections? Very curious.
At this time I am on my network here for the setup. It is not accessible from the inet