Enabling TLS Crashes Asterisk

When I enable TLS on the PJSIP SIP settings and then apply config. It causes Asterisk to crash. This is the same setup as I have on another Asterisk server I built 6 months ago so I’m not entirely sure why. The logs don’t show anything either than it repeated being restarted.

Here’s the TLS section in my pjsip.transports.conf as freepbx generated…

external_media_address=[My Public IP]
external_signaling_address=[My Public IP]
local_net=[My Internal Subnet]

I’ve redacted my IPs for security reasons here.

Any thoughts on why enabling TLS would do this? Again I didn’t notice anything in the logs.

Something I missed? I built this server as per this guide…

Welcome any insights here of what I should check on.

So I managed to fix my issue finally…

In case anyone else runs into this it was the compiler flags that the guide… (wiki.freepbx.org/display/FOP/Installing+FreePBX+13+on+CentOS+7 )
provided for pjproject. In the guide it states to use the following…

CFLAGS=’-DPJ_HAS_IPV6=1’ ./configure --prefix=/usr --enable-shared --disable-sound
–disable-resample --disable-video --disable-opencore-amr --libdir=/usr/lib64

I’m not sure if it’s the \ at the end of the first line or if one of the flags themselves had issue. But I just copied and pasted all of that into my command line when I originally was going through the guide.

Instead I used the following compiler flags…

CFLAGS="-DNDEBUG -DPJ_HAS_IPV6=1" --prefix=/usr --libdir=/usr/lib64 --enable-shared --disable-video --disable-sound --disable-opencore-amr

That’s all on one line so make sure to remove any CR or LF if you copy and paste (it should just copy over fine). I believe the only thing different is the \ and the --disable-resample are both not in this new line. Anyway I used those and recompiled pjproject and installed and it all worked. TLS finally works now.

Hope this helps someone else in future. FreePBX may want to update your guide to make it more idiot (me) proof. :slight_smile:

Hi, can you post the exact versions and (if possible) the links to files you use to build your system?

Im building also Asterisk 13 from scratch using this:
-CentOS Linux release 7.3.1611 (Core)
-Asterisk v13.15.1 (last)
-Freepbx (last)

I follow your recomendation and changed the ./configure flags (copy paste from your post), all installs well, but still having the same problem when uncomment the following lines in pjsip.conf and restart asterisk it starts a crash loop every 5 seconds.


Im traying to build a new system to replace the one on production thah doesn’t have encryption enabled, we need to offer a more secure enviroment to the calls over our network (all calls are over intranet no external extensions) this system is a satellite from a main Avaya Aura platform.

Thanks in advance, all help is apreciated.

the log on /var/log/asterisk/messages only shows the following lines avery 5 seconds:

[May 26 13:26:11] Asterisk 13.15.1 built by root @ ast13-fpbx13-cent7-TLS-SRTP.telecom18 on a x86_64 running Linux on 2017-05-26 18:55:27 UTC
[May 26 13:26:11] ERROR[3835] config_options.c: Could not find option suitable for category ‘general’ named ‘loggingsafeshutdown’ at line 3 of
[May 26 13:26:11] ERROR[3835] config_options.c: In cdr.conf: Processing options for general failed
[May 26 13:26:11] NOTICE[3835] cdr.c: Failed to process CDR configuration; using defaults
[May 26 13:26:11] NOTICE[3835] cdr.c: CDR simple logging enabled.
[May 26 13:26:11] NOTICE[3835] loader.c: 311 modules will be loaded.
[May 26 13:26:11] WARNING[3835] loader.c: Error loading module ‘res_calendar_exchange.so’: libiksemel.so.3: cannot open shared object file: No such file or directory
[May 26 13:26:11] WARNING[3835] loader.c: Error loading module ‘res_xmpp.so’: libiksemel.so.3: cannot open shared object file: No such file or directory
[May 26 13:26:11] WARNING[3835] loader.c: Error loading module ‘chan_motif.so’: libiksemel.so.3: cannot open shared object file: No such file or directory
[May 26 13:26:11] NOTICE[3835] res_odbc.c: res_odbc loaded.

NOTE: At this point im not installing FreePBX, to isolate the problem, at this point im installing Asterisk alone and using CLI to monitor operation.


First, apologies for the slow reply. I know how frustrating this issue can be.

The versions you are using all look good. I just used slightly older ones as they were the latest when I did the build.

CentOS : 7.3.1611.el7.centos.x86_64
Asterisk : 13.15.0
FreePBX :
pjproject : 2.4
srtp : ??
jansson : 2.7

The only thing I don’t know is the srtp version. There was no specific download for it during that guide I used. At least not that I can find.

The thing that fixed it for me was just to go back to my /usr/src/pjproject-2.4 directory and re-compile.

Actually I just noticed an error in my post above. Don’t use ./configure. Just put in the CFLAGs. I’m not sure why I added configure there. Must’ve been distracted. So what you need to do is the following…

  • cd /usr/src/pjproject-2.4
  • CFLAGS="-DNDEBUG -DPJ_HAS_IPV6=1" --prefix=/usr --libdir=/usr/lib64 --enable-shared --disable-video --disable-sound --disable-opencore-amr
  • make dep
  • make
  • make install

Then perhaps a reboot of your server for good measure. Give that a shot and again, sorry about the mis-information. I’m going to go correct it now.

Also, you may have success with the following which is the CFLAGS from the guide without the \ in there potentially messing up the copy and paste…

CFLAGS=’-DPJ_HAS_IPV6=1’ ./configure --prefix=/usr --enable-shared --disable-sound --disable-resample --disable-video --disable-opencore-amr --libdir=/usr/lib64

Give those a shot if the CFLAGS above don’t work.

Hope it works out for you.

In the end you should be using bundled pjproject instead of building pjsip yourself.


Ah! Are you referring to the tarball install?

I didn’t notice that on the FreePBX download’s page until just now. I didn’t scroll down far enough. Agreed, that would’ve been much easier as I wasn’t able to do it with the iso.

It’s an option in the asterisk compiler called “BUNDLE_PJSIP”

So replace the ./configure --libdir=/usr/lib64 that’s in the guide with ./configure --libdir=/usr/lib64 --with-pjproject-bundled ?

I just tried that and I see it downloaded v2.6 of pjproject. Any idea what would happen if I re-ran through the build of Asterisk on my server using this now? Or because I built pjproject separately it’s going to screw everything up? ie. I should rebuild my server from scratch?

Only reason why I would do this is perhaps it may fix my other issue where I’m not getting audio between my extensions?