Not Understanding the FreePBX/Asterisk

Why sometimes it’s showing status online and next its offline and the Ethernet cable had never removed? Also, why I keep getting the message about unknown port conflict? Rebooting causes it to appear, click closes and reload brings all green. Why dashboard takes 3-5minutes to load? The phone will not register and support doesn’t work on the weekends it appears.

Screen Shot 2022-02-27 at 3.20.16 PM

Need to get further informations.
At first, try to update you O.S (yum update -y) and FreePBX modules (fwconsole ma updateall and fwconsole r) throught the console SSH and check again.
Next, don’t forget to restart FreePBX fwconsole restart.
Here, we don’t know what the system is used. Is a FreePBX 14, 15, or 16? We don’t know.

I am on FreepbX 16 and Asterisk 17. I had tried all that you have mentioned and had post here: Repository and Problem Updating Self

However, it could be a DNS issue since I have my router resolving the domain name for SSL/TLS…have not confirm that either. Yet, I cannot register the phone despite setting up Let’s Encrypted certificate and all that’s required by the trunk provider and when I attempted to register the phone I get failed 5060 UDP…highly frustrating and makes me want to give up on the freepbx thing. Then, support doesn’t work on the weekends…this is unbelievable.

Did you fix your ‘port conflict’ ?

Registering a phone against UDP/5060 never involves certificates.

I suspect you and your “Boss” are still confused :wink:

Yes, we are indeed. So, the phone doesn’t need to be encrypted only freepbx? I purposely set the phone (Htek) to listen on port 5061 and srtp then saved and the result is registration failed UDP…this has been going all weekend…voipms support sucks it seems also…still haven’t heard from them why registration rejected…(the password is good).

Then on top of that freepbx is on/offline and the Ethernet cable has never been removed as if this firewall has its own mind…then tell it to restart Asterisk, it acts as if it doesn’t know what fwconsole restart is…unbelievable and finicky. This face the Internet yet it’s offline…

Screen Shot 2022-02-28 at 5.17.45 PM

That’s not what is being said. What is being said is that the “failed UDP” message is telling you that something that needs to be configured to use encryption either hasn’t been or is incapable of having been.

Although it isn’t a sensible thing to do, it sounds to me as though you have configured the device to use SRTP, but not to use TLS. Without TLS, the encryption keys for SRTP have to be transmitted unencrypted, so are easy to capture.

Setting the port number to 5061 doesn’t invoke encryption; you have to set the transport to TLS, as well.

Assuming applies to your model, you need to select “TLS”, near the middle of the form shown on page 18.


Here are screenshots:

Screen Shot 2022-02-28 at 6.05.36 PM
Screen Shot 2022-02-28 at 6.06.17 PM
Screen Shot 2022-02-28 at 6.06.52 PM

Looks like a different model. However, with the one I found, I think you need to restart the phone. Did you do so?

Quite a few times and, mine is the UC924.

Just in case you missed it, registering 207 registering against using NAPTR/SRV failed on UDP port 5060, SIP is also finicky about ports and protocols.

If the domain is correct, it appears to have no SRV or NAPTR records, although I don’t know why it is referring to UDP and 5060, rather than TLS and 5061 (the port number is truncated in the screen shot, so I can’t be sure it is 5061).

The following all return empty answer sections:

  504  dig NAPTR
  505   dig SRV
  506   dig SRV

I was following this German site instructions …I will need to locate the sire later

VoIP: SIP-over-TLS and sRTP: Htek
Htek is/was re-labeled and sold by many others like Sangoma Canada and Easybell Germany. If the firmware-upgrade file starts with ‘fw’ and has the file extension ‘rom’, it might be a Htek.
Last tested firmware retested in May 2020 with
Web → Management → Password → User Type: admin
enabled on default
Web → Network → Advanced → Web Server → Type
Web → Management → Upgrade → ROM Firmware Upgrade or
Web → Management → Auto Provisioning → AUTO Upgrade: Yes (default value)
Web → Management → Auto Provisioning → Firmware Server Path: (default value)
Web → Management → Auto Provisioning → Upgrade Check Mode: Always Check For New Firmware (default value)
Trust Anchors:
Web → Management → Trusted CA: Base64
Web → Management → Trusted CA → Only Accept Trusted Certificates: On
Web → Management → Trusted CA → Common Name Validation: On
Web → Management → Trusted CA → Trusted Certificates: Custom Certificates
Bug: The filename may not be longer than 32 characters; otherwise, the certificate file is not imported.
Bug: Trust Anchors without Common Name (CN) are only deletable by resetting the whole phone.
Web → Account → 1 → Profile: 1 → SIP User ID
Web → Account → 1 → Profile: 1 → Authenticate ID
Web → Account → 1 → Profile: 1 → Use Random Port: Yes
Web → Profile → 1 → Primary SIP Server
Web → Profile → 1 → NAT Traversal: No
Web → Profile → 1 → SIP Transport: TLS or
Web → Profile → 1 → DNS Mode: NAPTR/SRV
Web → Profile → Advanced → 1 → SRTP Mode: SRTP enabled but not required
which is RTP/AVP with crypto
Software Bugs

I am resolving the domain internal and externally it presents the parked non-hosted domain and proxy by Cloudflare.
Nolli-MBP:~ rnollisuzs$ dig

; <<>> DiG 9.10.6 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21510
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

; IN A


;; Query time: 8 msec
;; WHEN: Mon Feb 28 19:09:23 CST 2022
;; MSG SIZE rcvd: 63

Nolli-MBP:~ rnollisuzs$

I changed back to DNS mode: A record…now I get this still not registered.

Screen Shot 2022-02-28 at 7.14.43 PM

But you now have the right port number and protocol.

Is anything being received by Asterisk?

If not, is anything being received by the Asterisk machine?

The phone for which I found a manual seemed to have a packet capture feature. Does yours? If so, what does it show?

Glad you mentioned that and here the capture:

It seems that freepbx is the culprit not completing or responding to the hello…if I am interpreting correctly. Wait, there is more info…

Just asking…could the fact that the registration process between freepbx and is not completed contributing the incomplete communication between freepbx and the phone?

So, all this leads to why everything is up and running yet offline?

Screen Shot 2022-02-28 at 8.47.00 PM

Show us what ports you have configured for PJSIP in Settings → Asterisk SIP settings → SIP Settings (PJSIP). Specifically the parts that mention TLS toward the bottom of the page.

Here are some screenshots showing I have covered all:

Just answering, No.
Asterisk is a B2BUA there is no inherent dependency between the A leg and The B leg, but they just both need to be ‘up’ before you can bridge them.

Verifying the client will only work if you install the same certificate the server is using on said ‘client’