Dear all,
is there any help on howto connect 2 FreePBX via PJSIP? I’m aware of some partly information here, but no real description including some pre-conditions which shoud be managed before.
In my case I would like to connect 1 FreePBX behind NAT and available URL to my Cloud PBX with fixed IP (no NAT) an given URL including LE-cert. Best would be to connect using TLS. But however UDP is better than nothing. Trunks are already connected (no ID, no authID nothing). The outbound route can not use the trunk without authID. So there may be some things I misconfigured…
Anyway, IAX2 on chan_sip is working, but I would like to move to pjsip.

Where does IAX come in to this?

You can either use an IAX2 trunk or a PJSIP trunk.
I use IAX2 trunks to connect several freePBX servers. Works great, but I have fixed IPs.


Thanks so far Charles Darwin. I was not aware that “create IAX-trunk” is going to use pjsip-channels as well, where I have activated pjsip-only on my new cloud system. I always read IAX as IAX2 using chan-sip. However, in this quite well linked description I can’t find settings descriptions divided into the “outgoing” and “incomming” tab. These might be different specifically concerning contexts from-internal and from-pstn depending whether or not allowing to dial extensions located at the sister company vice versa and/or use external trunks of the other location. Anyway Iĺl try it today using URLnames and individual ports since LGaetz earlier mentioned better not to use standard 506x ports on cloud systems.

IAX is an alternative to SIP and therefore does not use the SIP channel drivers (chan_sip and chan_pjsip) at all. It doesn’t use RTP. It uses binary, rather than printable, coding, and it is modelled on an old version of Asterisk internals, so is rather Asterisk specific, and has limits on allowed codecs.

I suspect you are confusing IAX, a VoIP protocol, implemented by Asterisk, with intra-company trunks, which are a FreePBX abstraction, built on top of Asterisk.

Yes, it’s very likely I’m mixing some things up having in mind my last read “asterik the definitive guide” book.
However creating IAX-trunks via freepbx gui worked after 3 try-and-errors. Any port must not be coded behind the URL name. Not on out-tab and not in in-tab. Using TLS does not work without a secret=xxx on both locations. I’m using type=friend on both locations and no user=yyy-line.
Concerning port forwarding discussed in this area, I can say, there seems nothing needed. Not on NAT-ed side, nor on the un-NAT-ed (Cloude) side which has a strong external fiirewall in front.
On the location where external trunks shall be used with connect to PSTN, no in-tab must be filled in. Otherwise there will be no route to the public world.
However now it seems to work. Internal extensions can be called between both locations, Both locations are able to call fo and receive calls from the outside world.
Do you think I have any security gap somewhere using type=friend and no user-name?
And after setup I have on both sides warnings saying:
WARNING[487]: netsock2.c:214 ast_sockaddr_split_hostport: Port disallowed in yyy.xxxxx.de:12345
[WARNING[487]: acl.c:890 resolve_first: Unable to lookup ‘yyy.xxxxx.de:12345
whcih i didn’t see before setup the iax-trunks.

Where has this address come from The warning means that there should not be a : or port number, but is controlled by an option passed to the function, so is dependent on from where it was called, which will depend on from where the address came.

Before creating an IAX-trunk, i tried to realize the pbx-pbx inter-compnany connect via simple pjsip channels (including :port), and also while creating the IAX-trunk, i also used the ip:port writing until i recognised the notation including .port ist wrong. Simple IP / URL-name is enough. However after deleting the first try over pjsip, it needs a fwconsole restart to get rid of this trunk.
And in addition I opened the external firewall for single IP-address on all ports, which also was needed to realize a connection from the yealinks via TLS.
Next step will be to close ports again step by step…
Is there any list of ports to hold open for IAX, srtp,secureSIP (and WetRTC -UCP) you are aware of?
tpc80 is open anyway for letsencrypt renewal.

Dont use IAX for this. What is the actual issue with using PJSIP trunks?

looks o.k. and is working.


However, I did not define or open any port 4569. The (E) in brackets may say “encrypted”.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.