Grandstream GXW4101 - Can't get incoming calls to FreePBX

Greetings all

I have a FreePBX with a couple of commercial modules hosted in the cloud, with a public IP Address + Firewall.

On the other end, I have a private network with dynamic IP Address (which changes about once or twice a year), and a dummy firewall which we can’t touch.

The private network has 10 phones and a GrandStream GXW4101 connected to 4 pot lines, which the customer won’t get ride of.

I created a psSip Trunk with the following specifications:

  • username = callerID of the analog trunk
  • password
  • Authentication: outbound
  • Registration: receive

In the GrandStream, this is what I have so far for outgoing calls to work:

  • Settings / General / Use NAT IP: public_ip_address_of_this_site

  • Settings / Channel settings / Unconditional call fw / userID: ch1-4: callerID_of_ the_pot_line

  • Settings / Channel settings / SIP Server: ch1-4:p1;

  • Settings / Channel settings / SIP Destination port: ch1-4:44556; (which is what I have in FreePBX)

  • Accounts / Gen settings / Sip Server: IP Address of FreePBX

  • Accounts / Net settings / NAT(STUN): NO but send keep alive

  • Accounts / User account / Channel 1: Username + Password as I have in the trunk

I understand that I’ll have to change the NAT IP if the site ever gets a new IP Address, but that’s the only way I was able to place outgoing calls. Without this option, Asterisk console shows the endpoint as Unreachable.

At this point, I can make outgoing calls.
But any incoming call on the POT line, I see this on the Asterisk console:

[2023-08-03 11:43:37] NOTICE[7537]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request ‘INVITE’ from ‘“WIRELESS CALLER” sip:[email protected]’ failed for ‘’ (callid: [email protected]) - Failed to authenticate

The is the public IP Address of the site with the Grandstream
The is the IP Address of the GrandStream on the private network.

Any help appreciated…

Authentication: Both
Match Inbound Authentication: Auth Username
Rewrite Contact: Yes
RTP Symmetric: Yes
Force rport: Yes

I may have missed something, so if you still have trouble, paste the Asterisk log for a failing call (including pjsip logger) at and post the link here.

With luck, you also won’t need Use NAT IP anymore.

You, sir, are a genius.
I dont know if the Authentication/Both or Match Inbound Authentication/Auth username or Rewrite Contact did it, but one did… Got the call coming in, and audio both ways.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.