Calls over IPSec are interrupted


(Dennis U ) #1

Dear FreePBX pros,

we have to enable SIP calls through a IPSec VPN tunnel. The registration works fine, incoming calls work fine, but outgoing calls from this phone are not fine. They are interrupted after 32 seconds.

The trunk is fully working, because if I use the phone direct next to the FreePBX server, it works well. The interruption happens also with the Echo Test (*43) .

PJSIP log:

<--- Transmitting SIP response (1064 bytes) to UDP:192.168.20.17:39649 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.20.17:39649;rport=39649;received=192.168.20.17;branch=z9hG4bK-4hycj5rb8r1d
Call-ID: 313630333335343631313133393738-74fhbgwkhhnc
From: "Dennis" <sip:3100@pbx01.lan>;tag=2muo7xidfb
To: <sip:*43@pbx01.lan;user=phone>;tag=38d347ce-0d03-4822-b980-50dd07093ee8
CSeq: 2 INVITE
Server: FPBX-14.0.13.24(13.29.2)
Contact: <sip:80.133.182.144:5060>
Allow: OPTIONS, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, REGISTER, REFER, MESSAGE
Supported: 100rel, timer, replaces, norefersub
Session-Expires: 3600;refresher=uac
Require: timer
P-Asserted-Identity: "Echo Test" <sip:*43@pbx01.lan;user=phone>
Content-Type: application/sdp
Content-Length:   315

v=0
o=- 399676439 399676441 IN IP4 80.133.182.144
s=Asterisk
c=IN IP4 80.133.182.144
t=0 0
m=audio 10000 RTP/AVP 8 3 9 99 101
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:9 G722/8000
a=rtpmap:99 G726-32/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv

<--- Transmitting SIP request (452 bytes) to UDP:192.168.20.17:39649 --->
BYE sip:3100@192.168.20.17:39649;line=7d4yv7ia SIP/2.0
Via: SIP/2.0/UDP 80.133.182.144:5060;rport;branch=z9hG4bKPj629a62bb-2c64-4a07-9dfc-573118956981
From: <sip:*43@pbx01.lan;user=phone>;tag=38d347ce-0d03-4822-b980-50dd07093ee8
To: "Dennis" <sip:3100@pbx01.lan>;tag=2muo7xidfb
Call-ID: 313630333335343631313133393738-74fhbgwkhhnc
CSeq: 1003 BYE
Max-Forwards: 70
User-Agent: FPBX-14.0.13.24(13.29.2)
Content-Length:  0


<--- Received SIP response (625 bytes) from UDP:192.168.20.17:39649 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP 80.133.182.144:5060;rport=5060;branch=z9hG4bKPj629a62bb-2c64-4a07-9dfc-573118956981;received=192.168.5.65
From: <sip:*43@pbx01.lan;user=phone>;tag=38d347ce-0d03-4822-b980-50dd07093ee8
To: "Dennis" <sip:3100@pbx01.lan>;tag=2muo7xidfb
Call-ID: 313630333335343631313133393738-74fhbgwkhhnc
CSeq: 1003 BYE
User-Agent: snomD785/10.1.22.0
Contact: <sip:3100@192.168.20.17:39649;line=7d4yv7ia>;reg-id=1
RTP-RxStat: Total_Rx_Pkts=1573,Rx-Pkts=1573,Rx_Pkts_Lost=0,Remote_Rx_Pkts_Lost=0
RTP-TxStat: Total_Tx_Pkts=1578,Tx_Pkts=1578,Remote_Tx_Pkts=1578
Content-Length: 0

What I do not understand is the IP 80.133.182.144. Since this is the echo test call, there shouldn’t be any public IP. The other strange part is that I do not know this IP address. It is neither the public branch nor the public pbx IP. My configuration goal is, that everything (SIP as well as RTP) is going via the pbx01.

Any hints from your side?


(Lorne Gaetz) #2

Make sure your VPN ip range is defined as a local network in Settings, Asterisk SIP Settings.


(Dennis U ) #3

Wow, perfect. Many thanks!

I saw on this page that strange IP address as “External Address”. I guess I have to figure out how to ensure the up-to-date IP in this field.

However, I added the VPN subnet on this page and it works, now. Hint for others: just hitting “apply” in FreePBX is not enough, a restart of asterisk is needed. Now it’s clear, why it couldn’t work. Thanks again.


(system) closed #4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.