Multiple Trunk Strange Connection Issues - Frustration!

Hi All,

I would really appreciate if someone can help.

Im running FreePBX

I have successfully configured, and tested 3 in/outbound trunks (via 3 providers) - Individually.

I have also ensured my firewall is open each of their IP addresses on 5060 and 10000-20000 for RTP.

And like I say, individually works fine.

However - as soon as i make all 3 active trunks (which Im using for failover)
weird things happen.

When I restart FreePBx and Firewall its sheer luck which trunks register and which trunks are available.

Most times there is at least one trunk UNREACHABLE, and very very seldom all work ok.

Im so frustrated. Ive gone back to the beginning multiple times, retracing my steps, checking firewall, NAT, ports etc. to no avail.

I just dont know what else to do.

I certainly will appreciate any help.

Kind regards

Shot in the dark. If allowguest=no change it to yes. Or maybe NAT issue. Do you have port 5058-5062 open UDP? Not just 5060.

Instead of opening up individual IP’s have you tried just directing everything on 5058-5062 to your internal server? What type of firewall are you using? Does it have SIP ALG enabled or something? Have you tried using a different firewall?

Thanks for the reply. I feel its a nat issue in my bones - but I cant seem to prove or disprove it.

I have ports 5060-70 open and open traffic to those ip’s as not to let anybody in our network. (i have tried it open too)

Its a Draytek 3300 Vigor. Looks beautiful, high end but is causing more problems than my shitty little net gear 54g.


Its just so weird. Is reports it all working. But randomly - doesnt. or randomly won’t get audio.

Ive got a pbx setup that I just dont trust.

Dont know where to go from here.


The trick here is after all your “to no avail” steps fail, examine the underlying network you put in place,

from two separate ssh sessions, one from asterisk CLI

sip set debug ip (your target)
rtp set debug ip (your target)

this will give you a a raw network view of your SIP session as seen by your asterisk box, while you also from the other shell:-

tcpdump host (your target)

which will show you what is really happening. You should see packets on udp/5060 both ways as you try to make “contact” with your provider, if the Asterisk SIP conversation is one way, then correct your PNAT firewall.

once that is working then the rtp packets on some port within your /etc/asterisk/rtp.conf range, also bidirectional will be apparent, and not translated by your firewall.

When that traffic is seen both at the tcpdump level and the asterisk cli level, then it will work, if not, correct your PNAT firewall rules.

This all assumes that all your efforts to have Asterisk know about itself both locally and externally are correct as to your NAT settings, (you said they where)

If any of these sessions “time-out” then again fix your PNAT box to suit.