How to configure Tata SIP trunks in VICIdial — registered and peer setups (safe examples)

by

Quick overview: Register vs Peer

Registration (client registers to provider)

  • Your VICIdial server authenticates to the provider by sending a REGISTER.
  • Useful when provider expects a dynamic/unknown IP on your side or requires auth.
  • You’ll typically provide username, secret, and a register => string.

Peer / No registration

  • Provider accepts calls from your server IP without you performing SIP REGISTER.
  • You configure the provider as a SIP peer (host=provider.domain), and they accept INVITEs from your IP.
  • Preferred for fixed-IP servers — slightly simpler and often more reliable for direct routing.

Before you start — redaction note

All examples below use placeholders:

  • EXAMPLE_IP, PROVIDER_HOST, +91XXXXXXXXXX, and secret_xxx instead of any real IPs, hostnames, usernames, or passwords.
  • Replace placeholders only when you are ready to deploy and after applying the security checklist.

1) Example — Peer (no registration) trunk (redacted)

VICIdial Carrier (Account Entry) — set Protocol = SIP

[provider_out]
type=peer
fromuser=+91XXXXXXXXXX
username=+91XXXXXXXXXX@provider.example
secret=secret_xxx
host=provider.example
qualify=no
canreinvite=no
insecure=port,invite
send_pai=yes
direct_media=yes

Globals string (in VICIdial globals field)

provider_out=sip/provider_out

Dialplan example (redacted)

; international numbers starting with 91
exten => _91XXXXXX.,1,AGI(agi://127.0.0.1:4577/call_log)
exten => _91XXXXXX.,n,Dial(${provider_out}/0${EXTEN:2},55,o)
exten => _91XXXXXX.,n,Hangup()

; local numbers
exten => _XXXX.,1,AGI(agi://127.0.0.1:4577/call_log)
exten => _XXXX.,n,Dial(${provider_out}/${EXTEN},55,o)
exten => _XXXX.,n,Hangup()

Notes

  • host=provider.example should be the SIP host given by the provider.
  • fromuser / username are often required to set the calling identity the provider expects — confirm with provider docs.

2) Example — Registered trunk (redacted)

Registration string (VICIdial Carrier -> Registration String field)

register => +91XXXXXXXXXX@provider.example:00000:+91XXXXXXXXXX@provider.example@EXAMPLE_IP/ +91XXXXXXXXXX

(Replace with provider-supplied register => formatted string.)

VICIdial Carrier (Account Entry)

[provider_reg]
host=EXAMPLE_IP
username=+91XXXXXXXXXX@provider.example
secret=secret_yyy
type=friend
disallow=all
allow=alaw
dtmfmode=rfc2833
nat=force_rport,comedia
canreinvite=no
context=trunkinbound
insecure=port,invite
fromdomain=EXAMPLE_IP

Globals string (in VICIdial globals field)

TESTSIPTRUNK = SIP/provider_reg

Dialplan (redacted)

exten => _9X.,1,AGI(agi://127.0.0.1:4577/call_log)
exten => _9X.,n,SipAddHeader(P-Preferred-Identity: <sip:${CALLERID(num)}@EXAMPLE_IP>)
exten => _9X.,n,Dial(SIP/provider_reg/0${EXTEN:1},55,tTo)
exten => _9X.,n,Hangup()

Notes

  • Registered trunks may require fromdomain or SipAddHeader modifications so the provider sees the expected calling identity.
  • If provider required registration, they supplied the register string — copy it into VICIdial’s Registration String field.

Step-by-step in VICIdial GUI (summary)

  1. Admin → Carriers → Add new carrier.
  2. Carrier Name: tata trunk (peer) or tata trunk (reg) (your choice).
  3. Protocol: SIP
  4. Registration String: (only for registered trunk — paste provider register => ... here)
  5. Account Entry: put the redacted peer/friend block shown above.
  6. Globals String: set a name like tataout=sip/tataout
  7. Dialplan Entry: paste your dialplan lines (redacted examples above).
  8. Server IP: select your VICIdial server (or 0.0.0.0 for all)
  9. Submit → Rebuild config / reload Asterisk (follow VICIdial server restart/reload steps if required).

Common troubleshooting tips

  • After making changes run: asterisk -rx "sip show peers" (or pjsip show endpoints) to verify trunks are visible.
  • For registered trunk: check sip show registry to see if registration is successful.
  • Use asterisk -rvvvvv and place a call to watch the SIP dialog for 401/403 errors (auth failure) or 503 (provider issue).
  • If RTP (audio) is one-way: check NAT settings and direct_media/canreinvite. For NAT, nat=force_rport,comedia usually helps.
  • If provider rejects calls from unexpected IP, ensure your outbound public IP is what provider has on record. For dynamic IPs, registration is usually needed.

Security checklist (do these before deploying)

  1. Change all default secretssecret=secret_xxx must be strong and unique.
  2. IP allowlist — firewall: allow SIP/UDP only to/from provider IPs and your trusted admin IPs. Block SIP from the public internet except provider addresses.
  3. Use TLS/SRTP if provider supports it — encrypts signaling and media.
  4. Disable unused codecs — allow only required codecs to reduce attack surface.
  5. Limit registration attempts — use fail2ban or similar to block brute force attempts on SIP ports.
  6. Use ACLs on provider side — if your provider supports IP-ACLs, register your server IP and disable registrations from other IPs.
  7. Avoid exposing port 5060 to the entire internet — if you must, move SIP to a non-standard port and harden firewalls.
  8. Log & monitor — enable CDRs, SIP logs and regularly check for anomalous call patterns.
  9. Apply OS updates and keep Asterisk/VICIdial patched.

Example filenames & where they go (for advanced users)

  • Carrier settings are stored in VICIdial (Admin → Carriers).
  • Dialplan/Ghost lines will be installed into /etc/asterisk/extensions.conf or included via VICIdial templates — VICIdial will generate the correct includes on Submit + Server Rebuild.

Common errors & quick fixes

  • 403 Forbidden — check username/secret and fromdomain. Provider may require exact fromuser formatting.
  • 401 Unauthorized — wrong credentials or auth realm mismatch.
  • No audio — check NAT settings (nat=...), direct_media, and RTP port ranges in firewall.
  • Registration flaps — check network stability, and provider rate-limits.

Leave a Comment