Sudden NAT handling change in FreePBX 13

Dear All,

I have been using FreePBX 12 in a two location SOHO situation with NAT behind static IPs for some years. Luckily, I did use a warm spare setup with two furhter machines in a virtualization environment with substantial backups as a standby reserve.

A week ago, I did upgrade the machines to FreePBX 13. Initially, things went fine. By an upgrade entering the repository not long before November 14, 2015 12:00 EST (I very much suspect the fix of FREEPBX-10691 in core 13.0.10), I ended up with calls no longer working.

Luckily, I could switch to my warm spares after scaling them back to FreePBX 12. Not so good and very time consuming was, that I did reinstall the main (non virtualized) machines from scratch only to find the same problem again.

Many hours later, I did a packet trace on my main pfSense router. To better unterstand the network architecture: I have in each location a dual WAN with DSL and CATV. The telephony provider can only be reached via DSL. The IPs are static but he connection device does impose another layer of NAT. I have a hard time formating the traces well in this interface, but they can be found in my dismissed bug report: http://issues.freepbx.org/browse/FREEPBX-10770

The problem starts with the “100 Trying” step in the Wireshark flow of calls.

In the working scenario, the message header starts with (where 192.168.1.10 is the LAN address of the FreePBX server and XXX.XXX.XXX.XXX is my fixed DSL external IP):

Via: SIP/2.0/UDP 192.168.1.10:5060;received=XXX.XXX.XXX.XXX;branch=z9hG4bK78fe8deb

In the non-working scenario, the message header starts with:

Via: SIP/2.0/UDP XXX.XXX.XXX.XXX:5060;branch=z9hG4bK736507bc

Thus, it is no longer Sent-by Address = LAN and Received = WAN, but Sent-by Address = WAN - the latter does not get back to the FreePBX device. This cannot be cured by relaxing firewall rules.

Please verify if this is indeed a consequence of the core module update and how one should deal with it.

Regards,

Michael Schefczyk

Hi,

Can you send the ifconfig of the pbx and its route table (route -n) ?

Thank you,

Daniel Friedman
Trixton LTD.

Dear Daniel Friedman,

Thank you very much for looking into the issue! Ifconfig and routing table are as follows:

FreePBX 13 - not working

eth0 Link encap:Ethernet HWaddr 00:25:90:C7:B4:C0
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::225:90ff:fec7:b4c0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1782 errors:0 dropped:0 overruns:0 frame:0
TX packets:1291 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:595312 (581.3 KiB) TX bytes:542338 (529.6 KiB)
Memory:fe120000-fe13ffff

eth1 Link encap:Ethernet HWaddr 00:25:90:C7:B4:C1
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Memory:fe100000-fe11ffff

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:464 errors:0 dropped:0 overruns:0 frame:0
TX packets:464 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:128367 (125.3 KiB) TX bytes:128367 (125.3 KiB)

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

FreePBX 12 - working

eth0 Link encap:Ethernet HWaddr 52:54:00:DF:11:5F
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fedf:115f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:801157 errors:0 dropped:0 overruns:0 frame:0
TX packets:252081 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:357507565 (340.9 MiB) TX bytes:66321225 (63.2 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:130034 errors:0 dropped:0 overruns:0 frame:0
TX packets:130034 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:16605532 (15.8 MiB) TX bytes:16605532 (15.8 MiB)

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

On the hardware server (now FreePBX 13), I used to use network bonding. By now, I have eth1 unplugged, as the old version of network bonding yields an error in FreePBX 13 (NIC Bonding in FreePBX 13). Tomorrow, I will try if network bonding does change my issue, despite the error displayed.

Regards,

Michael

Hi,

Please attach the output from the sip show settings (Asterisk console).

Thank you,

Daniel Friedman
Trixton LTD.

Dear Daniel Friedman,

Again, thank you very much for your prompt response!

In order to further exclude networking issues and to replicate the problem cause I am suspecting, I did experiment with a virtual machine. Off my warm spares, I do keep nightly backups. I tested with a virtual machine with one NIC and always the same IP and MAC, thus layer 2 and layer 3 network problems should be as unlikely as possible. My finding was that FreePBX 13 using core 13.0.9 did work, as I reverted to my backup of early November 13, 2015. As soon as I upgraded to core 13.0.11, however, I had one sided audio (could not hear the external party). Turning off the new firewall module would make outgoing calls feasible. However, inbound calls remain problematic. Thus, I suspect an issue with core 13.0.10/11, which may at least not work well in all possible network / NAT scenarios.

That said, SIP settings are:

FreePBX 13 - not working

Global Settings:

UDP Bindaddress: 0.0.0.0:5060
TCP SIP Bindaddress: Disabled
TLS SIP Bindaddress: Disabled
Videosupport: Yes
Textsupport: No
Ignore SDP sess. ver.: No
AutoCreate Peer: Off
Match Auth Username: No
Allow unknown access: Yes
Allow subscriptions: Yes
Allow overlap dialing: Yes
Allow promisc. redir: No
Enable call counters: No
SIP domain support: No
Path support : No
Realm. auth: No
Our auth realm asterisk
Use domains as realms: No
Call to non-local dom.: Yes
URI user is phone no: No
Always auth rejects: Yes
Direct RTP setup: No
User Agent: FPBX-13.0.19(13.5.0)
SDP Session Name: Asterisk PBX 13.5.0
SDP Owner Name: root
Reg. context: (not set)
Regexten on Qualify: No
Trust RPID: No
Send RPID: No
Legacy userfield parse: No
Send Diversion: Yes
Caller ID: Unknown
From: Domain:
Record SIP history: Off
Auth. Failure Events: Off
T.38 support: Yes
T.38 EC mode: Redundancy
T.38 MaxDtgrm: 400
SIP realtime: Disabled
Qualify Freq : 60000 ms
Q.850 Reason header: No
Store SIP_CAUSE: No

Network QoS Settings:

IP ToS SIP: CS3
IP ToS RTP audio: EF
IP ToS RTP video: AF41
IP ToS RTP text: CS0
802.1p CoS SIP: 4
802.1p CoS RTP audio: 5
802.1p CoS RTP video: 6
802.1p CoS RTP text: 5
Jitterbuffer enabled: No

Network Settings:

SIP address remapping: Disabled
Externhost:
Externaddr: (null)
Externrefresh: 10
Localnet: 192.168.1.0/255.255.255.0
192.168.0.0/255.255.0.0

Global Signalling Settings:

Codecs: (g722|ulaw|alaw|gsm|g726|g729|h264|mpeg4)
Relax DTMF: No
RFC2833 Compensation: No
Symmetric RTP: Yes
Compact SIP headers: No
RTP Keepalive: 30
RTP Timeout: 30
RTP Hold Timeout: 600
MWI NOTIFY mime type: application/simple-message-summary
DNS SRV lookup: No
Pedantic SIP support: Yes
Reg. min duration 60 secs
Reg. max duration: 3600 secs
Reg. default duration: 600 secs
Sub. min duration 60 secs
Sub. max duration: 3600 secs
Outbound reg. timeout: 20 secs
Outbound reg. attempts: 0
Outbound reg. retry 403:0
Notify ringing state: Yes
Include CID: No
Notify hold state: Yes
SIP Transfer mode: open
Max Call Bitrate: 384 kbps
Auto-Framing: No
Outb. proxy:
Session Timers: Accept
Session Refresher: uas
Session Expires: 1800 secs
Session Min-SE: 90 secs
Timer T1: 500
Timer T1 minimum: 100
Timer B: 32000
No premature media: Yes
Max forwards: 70

Default Settings:

Allowed transports: UDP
Outbound transport: UDP
Context: from-sip-external
Record on feature: automon
Record off feature: automon
Force rport: Yes
DTMF: rfc2833
Qualify: 0
Keepalive: 0
Use ClientCode: No
Progress inband: No
Language: de
Tone zone:
MOH Interpret: default
MOH Suggest:
Voice Mail Extension: *97

FreePBX 12 - working

Global Settings:

UDP Bindaddress: 0.0.0.0:5060
TCP SIP Bindaddress: Disabled
TLS SIP Bindaddress: Disabled
Videosupport: Yes
Textsupport: No
Ignore SDP sess. ver.: No
AutoCreate Peer: Off
Match Auth Username: No
Allow unknown access: Yes
Allow subscriptions: Yes
Allow overlap dialing: Yes
Allow promisc. redir: No
Enable call counters: No
SIP domain support: No
Realm. auth: No
Our auth realm asterisk
Use domains as realms: No
Call to non-local dom.: Yes
URI user is phone no: No
Always auth rejects: Yes
Direct RTP setup: No
User Agent: FPBX-12.0.76.2(11.20.0)
SDP Session Name: Asterisk PBX 11.20.0
SDP Owner Name: root
Reg. context: (not set)
Regexten on Qualify: No
Trust RPID: No
Send RPID: No
Legacy userfield parse: No
Send Diversion: Yes
Caller ID: Unknown
From: Domain:
Record SIP history: Off
Call Events: On
Auth. Failure Events: Off
T.38 support: Yes
T.38 EC mode: Redundancy
T.38 MaxDtgrm: 400
SIP realtime: Disabled
Qualify Freq : 60000 ms
Q.850 Reason header: No
Store SIP_CAUSE: No

Network QoS Settings:

IP ToS SIP: CS3
IP ToS RTP audio: EF
IP ToS RTP video: AF41
IP ToS RTP text: CS0
802.1p CoS SIP: 4
802.1p CoS RTP audio: 5
802.1p CoS RTP video: 6
802.1p CoS RTP text: 5
Jitterbuffer enabled: No

Network Settings:

SIP address remapping: Disabled
Externhost:
Externaddr: (null)
Externrefresh: 10
Localnet: 192.168.1.0/255.255.255.0
192.168.0.0/255.255.0.0

Global Signalling Settings:

Codecs: (gsm|ulaw|alaw|g726|g729|g722|h264|mpeg4)
Codec Order: g722:20,ulaw:20,alaw:20,gsm:20,g726:20,g729:20,h264:0,mpeg4:0
Relax DTMF: No
RFC2833 Compensation: No
Symmetric RTP: Yes
Compact SIP headers: No
RTP Keepalive: 30
RTP Timeout: 30
RTP Hold Timeout: 600
MWI NOTIFY mime type: application/simple-message-summary
DNS SRV lookup: No
Pedantic SIP support: Yes
Reg. min duration 60 secs
Reg. max duration: 3600 secs
Reg. default duration: 600 secs
Sub. min duration 60 secs
Sub. max duration: 3600 secs
Outbound reg. timeout: 20 secs
Outbound reg. attempts: 0
Outbound reg. retry 403:0
Notify ringing state: Yes
Include CID: No
Notify hold state: Yes
SIP Transfer mode: open
Max Call Bitrate: 384 kbps
Auto-Framing: No
Outb. proxy:
Session Timers: Accept
Session Refresher: uas
Session Expires: 1800 secs
Session Min-SE: 90 secs
Timer T1: 500
Timer T1 minimum: 100
Timer B: 32000
No premature media: Yes
Max forwards: 70

Default Settings:

Allowed transports: UDP
Outbound transport: UDP
Context: from-sip-external
Record on feature: automon
Record off feature: automon
Force rport: Yes
DTMF: rfc2833
Qualify: 0
Keepalive: 0
Use ClientCode: No
Progress inband: Never
Language: de
Tone zone:
MOH Interpret: default
MOH Suggest:
Voice Mail Extension: *97

Regards,

Michael

So here is the commit that is probably affecting

http://git.freepbx.org/projects/FREEPBX/repos/core/commits/26931f676fe21d685f51fa3348da173e321f6a03

There is a handful of advanced settings that are used if not defined. We were not honoring those. So if you adjust the advanced settings to your environment this should clear you up

Dear James Finstrom,

thank you very much for pointing that out to me!

If I understand correctly, then the changes visible in the git are about the settings in
Applications -> Extensions -> Advanced and
Settings -> Advanced Settings
right? I must admit that I did not suspect issues from there as I thought that the Advanced Settings were defaults for new extensions and the settings under Extensions would have priority.

Checking it, I found that group and allow/disallow are consistently blank under both categories. Canreinvite and encryption are consistently no under both categories. Qualify is yes and 60s via all means.

What was unequal, I think after migrating to FreePBX 13, was that I had Trustrpid “Yes” and Sendrpid “PAI” consistently set before but the “PAI” was not shown unter extensions. I did correct that. The other, probably more major inconsistency (also in FreePBX 12, but with no consequences) was that NAT was set to “No” under the extensions but to “Yes” under advanced settings - where I did change that to “No” also.

With these changes, I did arrive at a situation where outbound and inbound calls do work with full audio, but only if the new system firewall module is disabled from the start. Up to core 13.0.9, system firewall was on and not interfering with legitimate traffic. Now, I find no chance to use it. My NIC is in the internal group and my LAN networks are trusted. I also added the other network between the DSL and my pfSense router (192.168.6.0) as trusted to be on the safer side. Nevertheless then, inbound audio is faulty, as soon as the initial grace period until the firewall will kick in has expired. Switching off the firewall during operation does not help then, only a reboot after having disabled it.

Was there maybe a second change in parallel?

Regards,

Michael

Hi,

If you are not using NAT at all, you should not have any local nets in your sip_nat settings. Please remove the local nets from the sip settings module. Upon doing that, you should not see any data in the nat fields. It should look something like this:

Network Settings:
---------------------------
  SIP address remapping:  Disabled, no localnet list
  Externhost:             <none>
  Externaddr:             (null)
  Externrefresh:          10

As for your firewall module try to disable it first before you do all your tests. Probably you will need to adjust the firewall module more carefully to your system to start working.

If you still have problems with one way audio, try to set sendrpid=no in your trunks.

Thank you,

Daniel Friedman
Trixton LTD.

Dear Daniel Friedman,

Thank you very much! I am testing basically one step per day now so that I can see if changes make a practical difference. So far, I am at FreePBX 13 with system firewall disabled, no localnet, and on the device/extension side: no nat, trustripd but no sendrpid. Replacing sendripd=yes with no from the trunk definition will be next and then it will be time to try the firewall again. I will report where I will end up.

Regards,

Michael

Dear Daniel Friedman,

As next steps, I did replace sendripd=yes with =no for my trunks without causing issues which I could detect. With Core 3.0.14 and Framework 3.0.25, I could also turn on Firewall 3.0.11.1 without NAT/audio issues again. This probably does need practical testing for a few more days, but it does look/sound good, so far. I have Network Manager off and the interface configured through System Admin -> Network Settings. My interface is in the external zone and everything else is pretty much standard.

Thank you very much for guiding me to get to this point!

The only thing I could not get back after upgrading to FreePBX 13 is NIC bonding (NIC Bonding in FreePBX 13). It seems that it is now a must to configure interfaces through System Admin -> Network Settings and that does plainly not permit bonding. Is that correct?

Regards,

Michael

Hi Michael,

I am glad that you got it working at last.

As for the bonding configuration, to avoid misconfiguration, I would have restore a backup to another machine and configure the bonding manually to see its implications through the network settings module in the Freepbx. Just make sure you have a console connection to the backup server before configuring the bonding.

You can read a little about network bonding in Centos 6.6 here (read this manual to its end before configuring):

http://www.paulmellors.net/centos-6-6-network-bonding/

Thank you,

Daniel Friedman
Trixton LTD.

Hi Daniel,

Basically, I am almost certain that I have the bonding configuration set correctly. It seems to be in line with what Paul Mellors and the Centos documentation provides and it was in use for a long time with Centos 6.6 (and remains to be in use with other Centos 7.1 servers I am using). The files in /etc/sysconfig/network-scripts are:

• ifcfg-bond0
  DEVICE=bond0
  ONBOOT=yes
  TYPE=Ethernet
  BONDING_OPTS='mode=802.3ad miimon=100’
  BRIDGE=br0
  NM_CONTROLLED=no
  BOOTPROTO=none
  IPV6INIT=no
  NOZEROCONF=yes

• ifcfg-br0
  DEVICE=br0
  ONBOOT=yes
  TYPE=Bridge
  IPADDR=192.168.12.10
  NETMASK=255.255.255.0
  GATEWAY=192.168.12.1
  DNS1=192.168.12.1
  NM_CONTROLLED=no
  NOZEROCONF=yes

• ifcfg-eth0
  DEVICE=eth0
  TYPE=Ethernet
  USERCTRL=no
  SLAVE=yes
  MASTER=bond0
  BOOTPROTO=none
  HWADDR=00:25:90:C7:B5:32
  NM_CONTROLLED=no

• ifcfg-eth1
  DEVICE=eth1
  TYPE=Ethernet
  USERCTRL=no
  SLAVE=yes
  MASTER=bond0
  BOOTPROTO=none
  HWADDR=00:25:90:C7:B5:33
  NM_CONTROLLED=no

This configuration used to work with FreePBX12 and it does still work with similar servers running Centos 7.1. In line with this, the switch does think that a Link Aggregation Group is running. At Centos, package bridge-utils is present and current, of course. Ifcfg output:

bond0 Link encap:Ethernet HWaddr 00:25:90:C7:B5:32
inet6 addr: fe80::225:90ff:fec7:b532/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:1125 errors:0 dropped:0 overruns:0 frame:0
TX packets:814 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:122959 (120.0 KiB) TX bytes:341828 (333.8 KiB)

br0 Link encap:Ethernet HWaddr 00:25:90:C7:B5:32
inet addr:192.168.12.10 Bcast:192.168.12.255 Mask:255.255.255.0
inet6 addr: fe80::225:90ff:fec7:b532/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1093 errors:0 dropped:0 overruns:0 frame:0
TX packets:710 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:102549 (100.1 KiB) TX bytes:334652 (326.8 KiB)

eth0 Link encap:Ethernet HWaddr 00:25:90:C7:B5:32
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:242 errors:0 dropped:0 overruns:0 frame:0
TX packets:100 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:27926 (27.2 KiB) TX bytes:23414 (22.8 KiB)
Memory:fe120000-fe13ffff

eth1 Link encap:Ethernet HWaddr 00:25:90:C7:B5:32
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:883 errors:0 dropped:0 overruns:0 frame:0
TX packets:714 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:95033 (92.8 KiB) TX bytes:318414 (310.9 KiB)
Memory:fe100000-fe11ffff

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:570 errors:0 dropped:0 overruns:0 frame:0
TX packets:570 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:52567 (51.3 KiB) TX bytes:52567 (51.3 KiB)

The firewall does see all interfaces including bond and bridge and one can move all of them into the external zone. System Admin -> Network Settings is practically out of the loop.

What may indicate the problem cause is that whenever one does open a terminal, the following red error message is shown:

[Whoops\Exception\ErrorException]
file_get_contents(/sys/class/net/bonding_masters/type): failed to open stream: file or directory not found

I do not really understand this but I sense that sysfs is now involved in bonding and as far as I understand that is not as stable and persistent as the classical method.

Regards,

Michael

P.S.: One edit, because I did happen to turn off one of the interfaces at the switch during testing. This is now corrected - with the key error message remaining, though.

Hi Michael,

It seems that this is a bug with the firewall module (It cannot read the correct file because of permissions problem probably). I would try to remove the bridge since you do not really need it. Did you tried disabling the firewall module?

Try to run this without the bridge interface and if you still get the same results open a bug in the Freepbx bug tracker.

Thank you,

Daniel Friedman
Trixton LTD.

Hi Daniel,

The error shows up whenever the bridge is defined. Enabling or disabling (even removing) the firewall does not seem to have any impact on the error message. Nevertheless, the system seems to work. Indeed, I could go without NIC bonding. On the other hand, if high availability hardware is available, one may just want to use it.

As I am in a dual SOHO situation, I tend to leave one server running with NIC bonding and one with just a single NIC connected. Then, I should be able to collect further experiences.

Would you recommend to file a bug now?

Regards,

Michael

Hi Michael,

I have meant that you can remove the bridge interface as you do not need it for bonding. You can configure the ip address directly on the bond0 interface. Try to configure your server with bonding according to this (refer to the second part of the article): http://www.unixmen.com/linux-basics-create-network-bonding-on-centos-76-5/

It is more clearer than the first link that I have gave you.

Thank you,

Daniel Friedman
Trixton LTD.

Hi Daniel,

thanks again. Practical networking does work with bond and bridge as well as with the bond only. However, the error message does stay the same in both variants. So in the end, the only hard fact that I can see is the error message - possibly there are no other implications.

Regards,

Michael

Hi,

This error:

[Whoops\Exception\ErrorException] file_get_contents(/sys/class/net/bonding_masters/type): failed to open stream: file or directory not found

indicates of permission problem usually, but just to be on the safe side, can you paste the results of:

ls -la /sys/class/net/bonding_masters/type

and if it is exists, please paste the contents of the file:

cat /sys/class/net/bonding_masters/type

Thank you,

Daniel Friedman
Trixton LTD.

Hi Daniel,

thanks again! Unfortunately, /sys/class/net/bonding_masters/type does not exist. The directory /sys/class/net just contains symlinks to all interfaces plus a file (readable to all users and read/write to root as its owner) “bonding_masters” with one line of content: “bond0”.

Regards,

Michael

Hi,

Well here is your bug. Take your findings from your last answer and report a bug.

Thank you,

Daniel Friedman
Trixton LTD.

Dear All,

Oh no! I thought that NAT and one sided audio issues would be resolved and my systems would be running better than ever.

Today, I did check the SIP settings and noticed that the RTP port ranges were 10000 through 20000. No big thing, but I had set them to 30000 through 30099 originally with optimized firewall settings - while 10000 through 20000 would still work. I did change that back in the SIP settings and reloaded thereafter. From that point onwards, I had one sided audio again. Regardless of further changes of the SIP settings and reboots, these problems persisted and “sip show settings” did not reveal a cause.

What I did then was to revert one of my virtual machine warm spares by two weeks for Framework 13.0.19, Core 13.0.11 and SIP settings 13.0.14.5. With that version, I was able to change the SIP settings as I liked, reload and find no one sided audio issues. I had to reboot once but that as all there was. Then, I upgraded to the current versions. This reverted RTP port ranges from 30000 through 30099 to 10000 through 20000 again. From that point onwards, anything that leads to a reload after the slightest change of SIP settings results to one sided audio.

What I ended up doing is use my virtual machine warm spares based on the backup of the early hours of today, i.e. before making any changes to the SIP settings. I left the SIP settings untouched, as they do work and as I know that any change would render the system unusable. My main hardware servers must remain off, since I am unable to revert them to before the change of the SIP settings.

I would very much welcome any advice on how to cure this.

Regards,

Michael