I am a newbie, just installed FreePBX server( Asterisk Version: 16.6.2) with 2 Bria clients all on the same subnet. 2 clients can call each other, but once 2 parties getting connected , there is no audio(speaker/headphone modes) and after 30 secs the call is automatically released.
Please could you help what might be the root cause( nat issue) and how to fix it?
Here is the Asterisk Info of FreePBX GUI（Actually the 2 Bria clients are all online）
Ps: using # instead of @ to comply the post rule for new user.
This page supplies various information about Asterisk
Current Asterisk Version: 16.6.2
Tech Resource Status Channel Count
PJSIP dpma_endpoint OFFLINE 0
PJSIP 200 ONLINE 0
PJSIP 100 OFFLINE 0
Conference Bridge Name Users Marked Locked Muted
================================ ====== ====== ====== =====
If server is in a VM (provide details), be sure that it’s using bridged networking.
In Bria, Topology tab, confirm that Firewall traversal method is set to None and Server Address is left blank.
If you still have trouble, at the Asterisk command prompt type pjsip set logger on
make a test call, paste the relevant section of the Asterisk log at https://pastebin.freepbx.org and post the link here.
In Asterisk SIP Settings, confirm that External Address and Local Networks are correctly set.
From what I know so far, Local Networks should be 192.168.0.0 / 24
If you change these settings, you must restart (not just reload) Asterisk. If you still have trouble, please post a new log with 1000 lines (the default of 500 did not catch the beginning of the call, because of all the retries).
I checked the Asterisk sip setting , found the external address was 141.xx.xx.xx and internal address was empty. After clicked the auto detect button, the external adder became my router wan IP and internal address became 192.168.0.0/24. The I submitted the changes and applied. In Asterisk CLI, core restart now. the terminal below showing loading and a warning popup for a while saying:" fclose() expects parameter 1 to be resource, boolean …". I am not sure whether the restart was done. But now there is bi-direction audio and no automatically termination.
Here is the log of 2000 lines including the latest successful test call. 50e550d6
(faint, the website doesn’t let me post an URL this time. It allowed a few hours ago)
Next step, I am going to test the external call using domain name and port forwarding. I tried it once yesterday, the call could be setup but no audio. let me see if it works now.
Cliche answer is that one-way audio is almost always a NAT problem. You may need to use ‘sngrep’ to see what internal and external addresses are being used. Also, some countries do not allow unrestricted Internet traffic, so this might a country-specific “network issue”.
A firewall misconfiguration can be checked by calling the remote phone by extension number and seeing if there’s audio. If you can get audio to establish going out, but not on the way in, it could be a firewall redirection problem.
Thanks! I tried to make the scenarios clear to see where I could start the troubleshooting. Today I used 2 Brias one on windows 10(desktop) and another on macOS (MacBook Pro).
Scenario 1: these 2 computers were all on same subnet(192.168.0.0/24) behind my home router and the 2 Brais used the domain name to resolve the Freepbx server address. I also have a Windows server on the same subnet which having a DDNS client. The DDNS is working well. The 2 Brias could call each other and there were bi-direction audio.
Scenario 2: by keeping the on going call of Scenario 1, I switched the internet access of MacBook Pro from home wifi to my iPhone 8+ hotspot which means the Bria on Macbook pro was using the 4G network. The after, the bi-direction audio was gone but call was still on.
Scenario 3: I switched the wifi access of MacBook Pro from iPhone’s hotspot back to home wifi. The bi-direction audio came back.
I did some research on google, same as you mentioned, it could be NAT issue. But I checked the Asterisk SIP setting of Freepbx GUI. The external address was my router wan port address and the internal address was 192.168.0.0/24.
There was a suggestion saying editing the sip_nat.conf by setting nat=yes. But configuration editor shows the sip_nat.conf has empty content and is not writable.
I was trying to edit the sip_nat.conf in Linux terminal using root, but I could not access any linux folders eg. cd/etc, var, usr…
OK, so the soft phone is no longer on the LAN, which means that the NAT connection for the phone is no longer NONE.
In my experience (which is a couple of versions out-of-date), you can’t use the same configuration of a soft phone from the LAN and from the WAN. There are too many changes to the settings for that to work.
Since your 4G connection is coming in from the routed side, you need to make sure that you are forwarding UDP port 10000-20000 from the firewall router to the PBX. I suspect that you have properly forwarded 5060 and 5160 on the external router, just not the RTP ports.
It is definitely a NAT issue.
In order for the audio to to get to the server, a SYN packet from the phone has to be sent to the PBX to establish the bidirectional audio. Without proper forwarding on the gateway router, the SYN packet that establishes which of the 5000 ports that are open (even numbered ports between 10000 and 20000) are going to be used is lost, since the gateway has no idea where to send the packet it receives.
If you are going to use FreePBX, you need to do this the way that FreePBX manages this. There are at least three places that need attention:
On the SIP Phone, there is probably a NAT setting. This is mostly in the case that your phone is also behind a NAT, but know where it is so that you can toggle is as you are trying different scenarios.
On FreePBX, under Advanced Settings, is a SIP Configuration setting page. It includes Chan-SIP and PJ-SIP settings for all sorts of things, including internal and external addresses for the server. Make sure those are correct, and in the case of Chan-SIP, make sure that NAT=Yes is set correctly.
On the Extension, at least under Chan-SIP extensions, there is a NAT= setting that you may need to work with.
For all three of these, the NAT= setting is there to let that end identify what it needs to tell the other end how to get back. In the case of Bria, you may need to have two configs: one internally (where NAT is usually off) and one externally (where NAT is on and a STUN server may be required).
Incoming and outgoing legs of all calls are largely independent. In fact, it sometimes pays to think of a “call” in SIP as a group of four distinct datastreams (all four of which terminate at one end or the other at the PBX itself).
Of course, there are all of the standard “avoid SIP-ALG” warnings and caveats, as well as the realization that some Wireless providers block SIP calling over data.
I added tcp/udp port forwarding 10000-20000 to FreePBX server. Now the bi-direction audio is coming while using 4G network for the backhaul. And the video call also works well.
There are some questions I am trying to understand.
What are the port 5060, 5161 and 10000-20000 used for? I assume the 5060 is for the call proceeding signaling and 10000-20000 are for the data plane(audio and video). I just added 5060 forwarding to FreePBX before , so call can be established but the data traffic is not routable if using external internet backhaul.
Is there a standard sip call_flow I can study further?
I am waiting for the Digium TDMcard coming to test inbound/outbound Pstn call.
I don’t use pastebin, but I can’t imagine a scenario where you shouldn’t be able to delete the files once there. Since it’s on the Sangoma pastebin instance, you could try sending in an Issues request (top of the screen) and ask one of the Sangoma pros to handle it.
Rather than worry about “if” someone is scanning your network (because they just are), set up your Integrated Firewall and exclude everyone that tries. Also, for safety, go into the Advanced Settings tab and make sure that “Anonymous” access is disabled. After that, make sure that port 5060 on your firewall is only open to people you want to have access.
For access to other services (none of which should be exposed to the Interwebs), make sure the Firewall router blocks everything incoming, and make sure the Integrated Firewall (in FreePBX) is set up so that nothing is in the Internet Zone. The Wiki has information on securing your network using FreePBX. Here are a couple of threads where we’ve talked about port security.
Thanks Dave! I will go through the information you shared.
I just got a digium TDM400P with 3fxo and 1fxs and installed. It was shown in DAHDI Configuration/Analog hardware. The 3 fxo ports light green and one with 1 port connected to the PSTN line. I just added one rule in the Outbound routes. I tried to call a pstn number but the the Bria responded with " all circuits are busy".
I disconnected pstn line and dialed again, getting the same announcement. It seems the symptom is irrelavate to the PSTN line. I am sure the pstn line is working.
I think there might be some configurations not done properly. I got lost as I don’t which configurations need to be configured to let card work. Please could guide the major steps?
Btw, how could I check whether the card is working. I did check the Asterisk info. didn’t find card status.
First things first - this should be it’s own thread since it’s a completely new issue.
There are lots of posts on the forum about using the TDM400 card in Asterisk. My first inclination is to always set it up using the ‘dahdi_*’ tools, get it working so that Asterisk recognizes it, then never look at it again with the FreePBX tools. While, in theory, the FreePBX DAHDI setup stuff should work, we’ve seen correspondents galore report that they had it working, then tried to check the config with the FreePBX stuff, only to find that it no longer worked.
The second is a knowledge bite: the card is operated using the DAHDI software which is not part of Asterisk or FreePBX. DAHDI is a separate package and, while it often works with both, it is independent of them. You’ll need to get that part working before you can get the card going.
Go ahead and look back through the forum posts on this and if you absolutely cannot get it going, start up a new thread.