Enable Debug makes it so pjsip set logger on
is running for logging.
Does this problem exist on outbound calls?
Yes, all calls that involve a remote extension.
Does this happen over UDP/non-TLS?
Iâm not working with UDP at all, everythingâs working with TLS and SRTP for security reasons. But Iâll activate it if you think this is helpful.
UDP is working. Without a problem.
Maybe this line in the log that appears three times in a row could be involved?
res_srtp.c: SRTCP unprotect failed on SSRC <always different 8 digit number> because of unable to perform desired validation
Just subscribing. How did you resolve the matter?
Itâs not resolved yet. I found a workaround, but the problem still persists.
And what is the accompanying current configuration for the transport? Are you using a hostname? As well, is this using the distro?
The transport is configured like this:
Transport: <TransportId........> <Type> <cos> <tos> <BindAddress....................>
==========================================================================================
Transport: 0.0.0.0-tls tls 3 96 0.0.0.0:5061
ParameterName : ParameterValue
======================================================================
allow_reload : false
async_operations : 1
bind : 0.0.0.0:5061
ca_list_file : /etc/ssl/certs/ca.crt
ca_list_path :
cert_file : /etc/asterisk/keys/cert.crt
cipher :
cos : 3
domain :
external_media_address : <External Domain of SIP server>
external_signaling_address : <External Domain of SIP server>
external_signaling_port : 0
local_net : 172.17.0.0/255.255.0.0
local_net : 172.19.0.0/255.255.0.0
method : tlsv1_2
password :
priv_key_file : /etc/asterisk/keys/key.key
protocol : tls
require_client_cert : No
symmetric_transport : false
tos : 96
verify_client : No
verify_server : Yes
websocket_write_timeout : 100
Yes, I am using a Dynamic DNS address to connect to the server. What do you mean by
How have you installed FreePBX? Did you install it using the FreePBX Distro from ISO? As well if you resolve the âextecrnal domain of SIP serverâ from SSH using something like nslookup, what does it resolve to?
Is the res_pjsip_nat.so module loaded? Another two tests would be doing a ping to âexternal domain of SIP serverâ and seeing what IP address is pinged. You could also do a test of explicitly putting in the external IP address on the transport instead of the hostname.
Oh, okay. This is using RasPBX. The domain resolves correctly to the actual external IP address. Also pinging this host works flawlessly.
module show
confirms that res_pjsip_nat.so
is running, but Use Count
says 0.
When I put the external IP address on the transport it works. I also have written a cronjob that checks the external IP address and reloads the transport whenever a change occurs. This works as well.
That would more point it to being the hostname resolution then, if configuring IP address is working. Is it possible that at startup the internal address is used instead or something? If you put the hostname back now and restart Asterisk, does it still use the internal?
Whenever I restart Asterisk, it works. Just reloading the transports makes it work again, with hostname or external IP address. Both works. It only happens very intermittently, when the external IP address changes and even then not all the time.
If it fails to resolve at that time, for whatever reason, then I could see it using the internal IP address.
Unfortunately this happens very rarely. It wasnât possible for me yet to trigger this behaviour. Whenever I tried to request a new IP address, it worked like intended. Sometimes there are weeks in-between an occurrence.
I would expect itâs the DNS resolution then, and either failing to resolve or resolving to local IP.
But in this case shouldnât the dnsmgr
refresh this wrong IP address after 5 minutes? Is there a way I can trigger dnsmgr
manually?