FPBX15-PJSIP - No Audio until resumed from Hold (remote)


Need some help, first time deploying freepbx 15 and also pjsip. Everything works okay internally but remote phones are causing me an issue. There is no audio either direction from the remote phone until you place the call on hold and resume it. Then it works fine. This is usually a NAT issue somewhere but with PJSIP I don’t have any NAT options like with chan_sip.

On the firewall, port 5060, 5061 and 10000-20000 are forwarded to the PBX. I have the responsive firewall on the PBX for PJSIP. Everything registered fine.

From the remote phone, the echo test works fine and calls to voicemail. Calls out ring but no audio until resume from hold.

Extensions all have the default except
Display Name
Max contacts (3)
Asterisk Dial options (tr)

Trunks (all default except)
Trunk Name (Username)
PJSIP Settings
Username (Username)
Secret (password)
Sip Server (server dns name)
Sip Port (5060)
Context (from-trunk)

  • Advanced Settings
    From Domain (server ip address)
    From User (Username)

I have tried this with two different PBX installs on two networks (Meraki firewall and cisco 927 router). Same issue.

For the extension, try setting Direct Media to No.

If that’s not it, at the Asterisk command prompt, type
pjsip set logger on
make a test call, paste the relevant section of the Asterisk log at pastebin.freepbx.org and post the link.

My first guess would be a router misconfiguration where you are not routing the inbound call’s RTP (UDP 10000-20000) is not set up to send the incoming call’s audio to the server. Once the call is put on hold, the outbound audio starts up and when you come off hold, the audio path is available through the external router.

My second guess would be to look at the Direct Media settings if your extensions are remote. Since Asterisk is a Back to Back User Agent, it works best when it’s in charge of both the signalling and the audio.

My wild guess is a SIP ALG in the router interfering. If you have one, disable it.

so with the PBX behind the Meraki mx (there is no SIP ALG on this device) I added in External IP and local Subnet options at the bottom of “Settings > Asterisk SIP Setting > SIP Settings [chan_pjsip] tab”

This worked. I have audio on the initial call.

I have turned off SIP ALG on cisco 927 router (command “no ip nat service sip udp port 5060” ) and added in the settings above but still the same issue.

Direct Media is set to no in both cases. I will make a test call shortly and paste up the details

Call without audio (didn’t invoke hold during this call

Starting at line 436:

<--- Received SIP response (579 bytes) from UDP: --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP;branch=z9hG4bKPj724db8ef-128d-4e12-908b-cee60d300c09;received=;rport=5060

So the trunking provider is ostensibly saying that they received your INVITE from, which is normally impossible because that’s not a routable address.

There are two possibilities:

  1. There is a SIP ALG in the path (that rewrote the incoming Via header), despite your having turned it off in the 927. Please check the running configuration to be sure it’s really off. What is the WAN connection (on 927 it can be Ethernet, VADSL or LTE, depending on specific model)? Is the WAN address your public IP, or is there another layer of NAT in the picture? Can you capture traffic on the WAN interface to determine whether the 927 is altering SIP packets?

  2. If the trunking provider is also your ISP and is supplying your address from their equipment (could be onsite or remote), it’s possible that there is a non-NAT path from to, in which case the INVITE should be presenting in the Contact header and SDP. However, I believe this is implausible because:

Starting at line 512:

<--- Received SIP request (797 bytes) from UDP: --->
INVITE sip:[email protected]:5060;transport=UDP SIP/2.0

This is an attempted attack hosted in the Netherlands. Your firewall should have blocked it, but for the purpose of this analysis, it’s good that it didn’t! Your private IP address is in the host field of the INVITE, but the attacker would have no way of knowing what it is. Therefore, it’s almost certain that a SIP ALG somewhere in the path modified the packet. Find that ALG and get rid of it.

Apologies, the router had rebooted and enabled the SIP ALG again as I hadn’t saved it. I have updated it now and issue is still there, updated log below.

Calls from the remote extension to internal extensions work fine, its only when the call has to be back out. Internal sets can call out fine.


Well, I see a few things that look strange (public IPs from the extension, repeated re-invites on the trunk, strange codec order), but nothing that should result in no audio.

I recommend first checking / adjusting some obvious stuff. If that doesn’t fix it, there are two approaches:

  1. Capture a failing call with tcpdump, look at it with Wireshark, understand what is wrong with the RTP (missing, wrong port, wrong codec, etc.) and proceed from there.
  2. Try to correct the strange behavior, hoping that will fix it.

To start, please confirm that the UDP port range 10000 to 20000 is forwarded in the 927 to the private address of the PBX. Also, for the extension, RTP Symmetric, Rewrite Contact and Force rport are all Yes, and Direct Media is No. For the trunk, Direct Media is No and RTP Symmetric is Yes.

If no luck, change the codec list for both extension and trunk to be only alaw and ulaw, in that order.

If still no luck, paste another log and maybe something will stand out. BTW, please don’t set pastes to expire – the history of these threads helps both future readers and the developers.

1 Like

Thanks for your help with this. Finally got it sorted. Forwarding issue.

I had used the commands from another site to forward the range of ports on a cisco ios router

ip nat pool PORTFWD netmask type rotary
access-list 100 permit udp any any range 10000 20000
ip nat inside destination list 100 pool PORTFWD

This doesn’t work. I reduced the range of udp port to 120 on the PBX and softphone and manually entered the port forwarding (pasted in 120 entries) and it worked.

ip nat inside source static udp 10000 interface GigabitEthernet4 10000
ip nat inside source static udp 10001 interface GigabitEthernet4 10001
ip nat inside source static udp 10002 interface GigabitEthernet4 10002
ip nat inside source static udp 10120 interface GigabitEthernet4 10120

I’m not an IOS expert, but there are numerous posts whining about the problem and some that claim to fix it. Perhaps try

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.