Acrobits Groundwire PUSH proxy not reliable (Android)

Hello,
I have had mixed success with Groundwire PUSH proxy with PJSIP. Sometimes, i get no audio on both sides, while at other occasions calls work fine. For the latter case, i have noticed that the PUSH server takes itself out of the signalling path,

-- PJSIP/202-0000006a is ringing
-- Added contact 'sips:[email protected]:57018;transport=TLS;rinstance=7E640171' to AOR '202' with expiration of 600 seconds
-- Removed contact 'sips:[email protected]:59030;transport=TLS;rinstance=3256F4C9;x-ast-orig-host=10.65.11.4:59030' from AOR '202' due to remove existing
  == Contact 202/sips:[email protected]:59030;transport=TLS;rinstance=3256F4C9;x-ast-orig-host=10.65.11.4:59030 has been deleted
  == Endpoint 202 is now Unreachable
  == Endpoint 202 is now Reachable
-- Contact 202/sips:[email protected]:57018;transport=TLS;rinstance=7E640171 is now Reachable.  RTT: 152.468 msec

This behavior is in conflict to what they claim,

Once you accept the Push Notification, Acrobits Softphone or Groundwire will open and SIPIS will connect the call to your device. At this point SIP Traffic will continue to be routed through SIPIS, while audio will go directly to the device.

Anybody using Groundwire wants to weigh in what is the expected behavior?

Not looked at the details but I’ve used Groundwire on both iOS and Android without issue.

Audio issues could be firewall/NAT related.

I also used Groundwire for a long time on Android before Sangoma Connect came out without a single issue. Performed great.

When Groundwire is pushed (or manually opened) to the foreground, the app registers and the push server unregisters. However, the SIP dialog with the push server for the incoming call has already opened at that point, so it can (and does) continue even though the registration is gone. You should be able to confirm that with pjsip logger.

However, to get Groundwire to be really reliable, I had to set Max Contacts for the extension to 4 (there were occasionally ghost registrations from another push server) and also had to whitelist all the push server addresses in FreePBX Firewall (requests would occasionally fail to meet the Responsive Firewall criteria and get blocked).

1 Like

I see problem when both sender (fixed Yealink deskphone) and receiver (Groundwire) are on the LAN.

When I make a call from Yealink to Groundwire, pickup Groundwire and then hang up, i dont see an instant BYE from Groundwire to my PBX. The call continues to linger and eventually drops with Reason: Q.850;cause=44.

Here is a pastebin of the call.

Any idea what could be the issue?


Is the Invite at line 326 the problem, since it is sending the private ip of the PBX to the PUSH server on line 347?

Yes, at least part of the problem. Line 347 is apparently not causing trouble (RTP managed to work correctly), but line 331 (Contact header) is also a private address and that’s where the BYE would be sent. However, even that wouldn’t be a problem because BYE would normally be sent over the same TLS connection, but the NOTIFY starting on line 1142 (which looks like a perfectly good voicemail update to me) got rejected starting on line 1161 (I don’t understand why), which resulted in the TLS connection being closed.

@Stewart1, Thanks for looking into this. I am not sure why the private ip is being sent in 331. The transport clearly defines it to be a private ip.

$pjsip show transport 0.0.0.0-tls 

Transport:  <TransportId........>  <Type>  <cos>  <tos>  <BindAddress....................>
==========================================================================================

Transport:  0.0.0.0-tls               tls      3     96  0.0.0.0:5061

 ParameterName              : ParameterValue
 ===========================================================================
 allow_reload               : false
 async_operations           : 1
 bind                       : 0.0.0.0:5061
 ca_list_file               : /etc/ssl/certs/ca-certificates.crt
 ca_list_path               : 
 cert_file                  : /etc/letsencrypt/live/mydomain.com/fullchain.pem
 cipher                     : 
 cos                        : 3
 domain                     : 
 external_media_address     : 48.201.21.7
 external_signaling_address : 48.201.21.7
 external_signaling_port    : 0
 local_net                  : 172.16.1.0/255.255.255.0
 local_net                  : 192.168.1.0/255.255.255.0
 local_net                  : 172.16.2.0/255.255.255.0
 local_net                  : 192.168.9.0/255.255.255.0
 local_net                  : 10.232.0.0/255.255.0.0
 local_net                  : 172.25.0.0/255.255.255.0
 local_net                  : 10.1.15.0/255.255.255.0
 method                     : tlsv1_2
 password                   : 
 priv_key_file              : /etc/letsencrypt/live/mydomain.com/privkey.pem
 protocol                   : tls
 require_client_cert        : No
 symmetric_transport        : false
 tos                        : 96
 verify_client              : No
 verify_server              : Yes
 websocket_write_timeout    : 100

Endpoint 202 configuration

Endpoint:  202/202                                              Not in use    0 of inf
    InAuth:  202-auth/202
        Aor:  202                                                4
    Contact:  202/sips:[email protected]:24195;transpor 92cb9381ac Avail       215.500


ParameterName                      : ParameterValue
==============================================================================
100rel                             : yes
accept_multiple_sdp_answers        : false
accountcode                        : 
acl                                : 
aggregate_mwi                      : false
allow                              : (g722|opus|ulaw|alaw|gsm|g726|h264|mpeg4)
allow_overlap                      : true
allow_subscribe                    : true
allow_transfer                     : true
allow_unauthenticated_options      : false
aors                               : 202
asymmetric_rtp_codec               : false
auth                               : 202-auth
bind_rtp_to_media_address          : false
bundle                             : false
call_group                         : 
callerid                           : "Mobile" <202>
callerid_privacy                   : allowed_not_screened
callerid_tag                       : 
connected_line_method              : invite
contact_acl                        : 
context                            : from-internal
cos_audio                          : 5
cos_video                          : 4
device_state_busy_at               : 0
direct_media                       : true
direct_media_glare_mitigation      : none
direct_media_method                : invite
disable_direct_media_on_nat        : false
dtls_auto_generate_cert            : No
dtls_ca_file                       : 
dtls_ca_path                       : 
dtls_cert_file                     : 
dtls_cipher                        : 
dtls_fingerprint                   : SHA-256
dtls_private_key                   : 
dtls_rekey                         : 0
dtls_setup                         : active
dtls_verify                        : No
dtmf_mode                          : rfc4733
fax_detect                         : false
fax_detect_timeout                 : 0
follow_early_media_fork            : true
force_avp                          : false
force_rport                        : true
from_domain                        : 
from_user                          : 
g726_non_standard                  : false
ice_support                        : false
identify_by                        : username,ip
ignore_183_without_sdp             : false
inband_progress                    : false
incoming_mwi_mailbox               : 
language                           : en
mailboxes                          : 201@device
max_audio_streams                  : 1
max_video_streams                  : 1
media_address                      : 
media_encryption                   : sdes
media_encryption_optimistic        : false
media_use_received_transport       : false
message_context                    : 
moh_passthrough                    : false
moh_suggest                        : default
mwi_from_user                      : 
mwi_subscribe_replaces_unsolicited : yes
named_call_group                   : 
named_pickup_group                 : 
notify_early_inuse_ringing         : false
one_touch_recording                : true
outbound_auth                      : 
outbound_proxy                     : 
pickup_group                       : 
preferred_codec_only               : false
record_off_feature                 : apprecord
record_on_feature                  : apprecord
refer_blind_progress               : true
rewrite_contact                    : true
rpid_immediate                     : false
rtcp_mux                           : false
rtp_engine                         : asterisk
rtp_ipv6                           : false
rtp_keepalive                      : 0
rtp_symmetric                      : true
rtp_timeout                        : 30
rtp_timeout_hold                   : 300
sdp_owner                          : -
sdp_session                        : Asterisk
send_connected_line                : yes
send_diversion                     : true
send_history_info                  : false
send_pai                           : true
send_rpid                          : false
set_var                            : 
srtp_tag_32                        : false
stir_shaken                        : false
sub_min_expiry                     : 0
subscribe_context                  : 
suppress_q850_reason_headers       : false
t38_udptl                          : false
t38_udptl_ec                       : none
t38_udptl_ipv6                     : false
t38_udptl_maxdatagram              : 0
t38_udptl_nat                      : false
timers                             : yes
timers_min_se                      : 90
timers_sess_expires                : 1800
tone_zone                          : 
tos_audio                          : 184
tos_video                          : 136
transport                          : 
trust_connected_line               : yes
trust_id_inbound                   : true
trust_id_outbound                  : false
use_avpf                           : false
use_ptime                          : false
user_eq_phone                      : false
voicemail_extension                : 
webrtc                             : no

Groundwire has several options for ‘Push’ as shown in the screenshot below.

Once i switched the ‘Simulate NAT’ to ON the Contact address is correctly being set to the WAN IP.

[2021-09-07 09:19:37] VERBOSE[13213] res_pjsip_logger.c: <--- Transmitting SIP request (1300 bytes) to TLS:167.99.119.203:31951 --->
INVITE sips:[email protected]:31951;transport=TLS;rinstance=8A26B2D5 SIP/2.0
Via: SIP/2.0/TLS 48.201.21.7:5061;rport;branch=z9hG4bKPjee4e327b-68a5-4bc8-ab44-c8e4802bd09c;alias
From: "Yealink Landline" <sip:[email protected]>;tag=d58d9320-f632-4faa-96a0-667d57b9bcc2
To: <sips:[email protected];rinstance=8A26B2D5>
Contact: <sips:[email protected]:5061;transport=TLS>
Call-ID: 7bbf35fc-5f32-4e38-a43d-74a92e1b6085
CSeq: 844 INVITE
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub, histinfo
Session-Expires: 1800
Min-SE: 90
P-Asserted-Identity: "Yealink Landline" <sip:[email protected]>
Max-Forwards: 70
User-Agent: FPBX-15.0.17.51(16.18.0)
Content-Type: application/sdp
Content-Length:   481

v=0
o=- 952257247 952257247 IN IP4 48.201.21.7
s=Asterisk
c=IN IP4 48.201.21.7
t=0 0
m=audio 16694 RTP/SAVP 9 0 8 107 3 111 101

However, there is no audio on both sides and the call gets dropped in 30 seconds.

Here is the full call log. I get an error on line 826. The RTP ports listed on m=audio are all within 10000 and 20000.

Any reason why this is not behaving correctly?

I think it was my firewall which was coming in the way of RTP. My asterisk PBX and the Groundwire client are on different VLANS (PBX on VOIP and Groundwire on LAN vlan). Previously, i had a firewall denying all traffic initiating from VOIP to LAN vlan. This was never a problem with other sip clients, as the traffic was always initiated by the LAN vlan.

However with Groundwire (PUSH) the PBX initiates connection when the PUSH server is taken out of signalling. So, i had to open the firewall from VOIP to the Groundwire client.

Here is what my pfsense router rule looks like now,


In addition i changed few settings on the Groundwire client,

  1. In Account > Nat Traversal, added a STUN server stun.acrobits.cz
  2. In Preferences>DNS lookup, set it to Don’t Cache

With these changes calls are connecting fine now.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.