This is a brief tale about an upgrade from Debian 8 / Asterisk 11 / FreePBX 13 using exclusively chan_sip to Debian 10 / Asterisk 16 / FreePBX 15 using exclusively chan_pjsip.
The old PBX was running happily but I decided it was time to bring it to a more modern state. While I could have easily loaded chan_sip and brought all that cruft over I decided to start fresh and remake the dozen extensions and three trunks (not a big PBX) with pjsip, leaving chan_sip out altogether. I wasn’t sure where I’d run into challenges. Here were the ones I encountered.
TLS: The FreePBX-generated config points to the wrong cert file, at least in my scenario where I am using Letsencrypt. (Bug https://issues.freepbx.org/browse/FREEPBX-20610) Also, old endpoints seem to have a really hard time negotiating with modern TLS and even though I worked at it for a long time, I couldn’t come up with a TLS configuration on FreePBX that was acceptable to an Obi 110. Globally, in Asterisk SIP Settings / pjsip, I had to turn off
verify_clientbecause otherwise endpoints that don’t present a client certificate are rejected.
IPv6: Not configurable in FreePBX yet for pjsip. I used the custom_post.conf files to add IPv6 transports, for example (in pjsip.transports_custom_post.conf):
[ipv6-udp](0.0.0.0-udp) bind=[::]:5060 external_media_address= external_signaling_address=
To allow my extensions to use IPv6 I had to add settings for them not available in the GUI: (in pjsip.endpoint_custom_post.conf)(Not needed with current Asterisk 16) (+)
You don’t need to tell extensions to use the ipv6 transport; Asterisk figures this out when they initially register over IPv6.
NAT: for endpoints behind NAT you choose from these options, which look a little different from the old chan_sip NAT options:
IPv6: To use the IPv6 transport here I had to put in an override in the pjsip.endpoint_custom_post.conf file:
Registration, authentication, etc.: This is all easier with FreePBX’s pjsip trunk screen than the chan_sip trunk screen, in my opinion. Just fill in the blanks. I have a Vitelity trunk where I register to one server and send outbound calls to a different one. No problem but you have to know which fields to use:
Registrar: (on Advanced tab)
and to receive calls from that server,
Here’s the whole config for an IP-authenticated outbound only trunk…
Other than dealing with IPv6 and TLS, which many people won’t use, I didn’t really find anything difficult about moving from chan_sip to chan_pjsip. I don’t know how long it’s been the case, but I am happy that by default the extensions are set up for NAT handling. Just wanted to share my experience and “I survived!” even though folks often post about their troubles using the newer SIP driver.