Connecting to a trunk with a dynamic IP and CG-NAT

My internet service provider has recently changed from static IP assignment to providing a dynamic IP using CG-NAT. After this change I can no longer connect to my external trunk. I have looked through the forums and tried to adjust settings, but haven’t been successful in registering the trunk after this change, without a unique external IP. Is it possible to establish connection when I am behind NAT via SIP? thanks for the advice.

I think you mean your internet service provider is no longer an internet service provider but just web browsing and email service provider.

You need an IP address that is stable for whole duration of a registration and the whole duration of a call. Given that, you might be able to use STUN to find the actual addresses, but it isn’t something of which I have experience. I don’t know how well differing media and signalling addresses are handled; you might need help from the other side.

1 Like

I did register an IP phone directly with my cloud SIP provider, bypassing freepbx and I could register and successfully made a call. Forgive my lack of knowledge, just trying to understand why this worked and I can’t register via freepbx?

You don’t need to register to be able to make a call. Registration is there to let the other side know where to send incoming calls, although that also applies to FreePBX. You would need to provide the full “pjsip set logger on” type logs to understand how the outgoing Asterisk call was failing.

1 Like

Open a ticket with them, asking for a public IP address. For example, tell them that you can no longer access your security cameras from remote locations. The address will still be dynamic, but if it doesn’t change too often, running a PBX shouldn’t be a problem.

Note that if you are behind CG-NAT, you won’t be able to have external extensions. You might consider running the PBX in the cloud, which would also allow it to continue running during a power or internet outage, sending calls to mobile phones.

If your router/firewall has a SIP ALG setting, try turning that off.

What appears in the Asterisk log when it attempts to register?

For detailed troubleshooting, at the Asterisk command prompt (not a shell prompt) type
pjsip set logger on
sip set debug on
if for some reason you are still using a chan_sip trunk. Wait for a failed registration, paste the Asterisk log for the attempt at and post the link here. If you are too new to post links, just post the last eight characters of the URL.

1 Like

Thank you Stewart1 for this. I will take a further look and post an update.

I’m using a Ubiquiti EdgeMax router and have just disabled SIP ALG.

I was using CHANSIP, the status of the trunk is listed as unreachable, logs here: ---[2023-07-12 00:57:21] NOTICE[2307]: chan_sip.c:16003 sip_reg_timeout: -

I also tried to register with PJSIP and am able to register, but not successful with in or outbound calls.

With PJSIP, I receive a warning in logs:
WARNING[3036]: res_pjsip_outbound_authenticator_digest.c:190 digest_create_request_with_auth: Host: ‘’: Authentication credentials not accepted by server.

In my NAT Settings I have specified my external IP as what google reports, however this address is behind CG-NAT and not unique to me. Is this what I should list here in this case?

These are my current NAT settings:

The trunk provider Siptalk, does list the connection as reachable.

It’s a small home server setup with a SIP doorbell and some internal phones, the only external component is the trunk.

I will also make some enquiries with the ISP.

Thank you for your help with this.

You need to know the translated port number as well as the translated IP address. At most one customer can use 5060 with that IP address. Without that, the other side has to do a workround like rewrite-contact does, going the other way, and they may well not do so. STUN may be the only way of finding the correct value.

That is good news. It shows that the provider is doing some NAT traversal on his end, so it should be possible to make Asterisk compatible with that.

With pjsip logger on, please post the Asterisk log for a failing outgoing call.

For incoming, does anything appear in the Asterisk log when an incoming call is attempted? If so, post that. If not, does incoming work when your IP phone is registered directly to the provider?

1 Like

Will try out when I get home, thanks

Have included logs below. For an inbound test call, I get an engaged tone, I don’t think logs generated are referring to that call from my basic knowledge.

I registered a SIP intercom, that worked well, registering directly, placed a test call and worked, however registering a Grandstream phone I couldn’t successfully register directly.

Logs of an inbound call: Connected to Asterisk 16.8-cert14 currently running on freepbx (pid = 2118)<-- -
Logs of an outbound call: <--- Transmitting SIP request (586 bytes) to UDP: --->REGISTE -

Appreciate it

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.