Outbound call issues after Vitelity upgrades

Hello everyone - have a super strange issue occurring at a few offices that I support. Users are able to receive inbound calls without any issues but are having some outbound call issues. When they place calls outbound they are able to hear the ring-back tone however, when the person on the other end answer the phone they can’t hear them. It’s just silence. I had the users reboot phones and I also rebooted the PBX but that didn’t resolve the issues. I didn’t make any changes on our Firewall or PBX so I figured it was only right to raise a trouble ticket with Vitelity.

Vitelity said and I quote “Our dev team migrated our outbound servers to our new platform last night, which utilizes a new RTP port range of 16384 to 36385 UDP”.

I logged into our firewall and saw that we had previously whitelisted RTP ports 10,000 to 20,000 so I changed the port range to what Vitelity specified but the issue persists. I’m posting here as I am hoping someone else on this forum has Vitelity and might also be experiencing this same issue. Any help would be greatly appreciated.

PBX Info:

PBX Version: 15.0.17.51
PBX Distro: 12.7.8-2104.1.sng7
Asterisk Version: 13.38.2

Firewall Info:

Appliance: Netgate SG-3100
Version: 21.05.1-RELEASE

Your original firewall port range setting was correct, it must match what you have set in Asterisk SIP Settings for RTP. They are advising you of their port range which you only need to concern yourself with for OUTBOUND firewall rules (if you have any).

Do you restrict RTP inbound by IP? If so, you probably need to update that list or open to world.

Not the first thread on this subject.

Yeah, saw that. His issue is exactly the same as mine however his SIP trunk provider is talking about internal IP not sending an ACK back" which I don’t believe it the issue I am experiencing.

He also states that his “fix” was to add the additional RTP ports to his router. Doesn’t go into detail what those additional RTP ports were.

I don’t believe we are restricting inbound by IP, where exactly should I be looking for this info? On my PBX system or on our Firewall? The issue is not with inbound though it’s with outbound calls. I have one office working completely fine but four other offices having the same outbound call issue. All offices are running the same versions of PBX and Firewall software versions.

Perhaps I’ve misunderstood the issue. You write:

From this it’s not clear who hears who, RTP is being blocked almost certainly at the site firewall, but which direction is being blocked, RTP inbound to the PBX, or RTP outbound from the PBX to the provider?

RTP outbound from the PBX is the issue. If I were to call you right now from my office, I would hear the ring-back tone. If you were to answer the phone - I would hear nothing but silence on my end. Hopefully this makes sense?

This is from Vitelity. Currently I have the following codecs enabled ulaw, alaw, gsm, g726 and g722. The engineer from Vitelity said he recommends using g711u, g711a or g729. I only see an option for g729.

Jordan,

Below is the invite we discussed over the phone where we are being redirected to an alternate IP for SDP, and multiple codecs we do not support:

INVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 97.99.240.112:5060;branch=z9hG4bK23ff01d3;rport
Max-Forwards: 70
From: sip:[email protected]>;tag=as0651d41d
To: sip:[email protected]>
Contact: <sip:[email protected]:5060>
Call-ID: [email protected]:5060
CSeq: 103 INVITE
User-Agent: FPBX-15.0.17.48(16.15.1)
Authorization: Digest username=“wegm_dal”, realm=“asterisk”, algorithm=MD5, uri="sip:[email protected]", nonce=“6597851c”, response=“4a09311b80e8c25290e466921575acff”
Date: Tue, 07 Sep 2021 12:03:44 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Remote-Party-ID: “2146243438” sip:[email protected]>;party=calling;privacy=off;screen=no
Content-Type: application/sdp
Content-Length: 1237

v=0
o=root 1302379628 1302379629 IN IP4 97.99.240.112
s=Asterisk PBX 16.15.1
c=IN IP4 97.99.240.112
t=0 0
m=audio 19852 RTP/AVP 0 8 3 111 9 4 112 5 10 122 118 123 124 125 126 127 96 7 18 110 117 119 97 102 115 116 107 114 120 99 100 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:111 G726-32/8000
a=rtpmap:9 G722/8000
a=rtpmap:4 G723/8000
a=fmtp:4 annexa=no
a=rtpmap:112 AAL2-G726-32/8000
a=rtpmap:5 DVI4/8000
a=rtpmap:10 L16/8000
a=rtpmap:122 L16/12000
a=rtpmap:118 L16/16000
a=rtpmap:123 L16/24000
a=rtpmap:124 L16/32000
a=rtpmap:125 L16/44000
a=rtpmap:126 L16/48000
a=rtpmap:127 L16/96000
a=rtpmap:96 L16/192000
a=rtpmap:7 LPC/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:110 speex/8000
a=rtpmap:117 speex/16000
a=rtpmap:119 speex/32000
a=rtpmap:97 iLBC/8000
a=fmtp:97 mode=20
a=rtpmap:102 G7221/16000
a=fmtp:102 bitrate=32000
a=rtpmap:115 G7221/32000
a=fmtp:115 bitrate=48000
a=rtpmap:116 G719/48000
a=fmtp:116 bitrate=64000
a=rtpmap:107 opus/48000/2
a=fmtp:107 useinbandfec=1
a=rtpmap:114 SILK/8000
a=rtpmap:120 SILK/12000
a=rtpmap:99 SILK/16000
a=rtpmap:100 SILK/24000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=maxptime:20
a=sendrecv

Hearing ringback is irrelevant, it’s simulated not received as RTP.

ulaw = g711u

You can disable whatever codecs you want from Asterisk SIP Settings and keep ulaw, I doubt this is your issue. I suspect that RTP from 97.99.240.112 is being blocked at the site (not the) firwall.

In your router/firewall, forward UDP from any IP and port, with destination ports 10000-20000, to the private (LAN) IP address of the PBX. If you still have trouble, confirm that the WAN interface of the firewall is the 97.99.x.x address.

You were correct - changing the codecs had no affect and did not resolve the issue.

I currently have the following settings for RTP on our firewall…

I have asked Vitelity to supply another call invite because the one that he supplied was from our PBX here in Dallas and at this office I have no issues calling outbound. The WAN for our firewall here in Dallas is 66.64.x.x and the NAT Settings in PBX are showing 97.99.240.112 so that’s a little odd to me.

The site we are having issues with has the WAN Firewall as 216.215.x.x and on the NAT Settings on the PBX are identical showing 216.215.x.x

This is the most recent update I have from an engineer at Vitelity.

"I have attached to this ticket the SIP ladder for your call example. It looks like there were a couple calls made at the same time and I wasn’t able to separate them out of the ladder.

I can see that we’re sending you RTP streams from 64.2.142.189 on both calls, one from port 25890 and the other from port 19184

Mark"

I find it strange they state they are sending RTP streams over ports 25,890 and 19,184 because I changed the RTP port range back to 10,000 to 20,000

I just received this from Vitelity

Dear valued customer,

We are contacting you as your account has been identified as being migrated to the new platform and we wanted to advise you at this time you’ll need to update your accepted RTP ports.

New port range is 16384-36385 (previous port range 10000-20000)

Should you need to contact us or open a new case, please call +1-888-898-4835 or, log into your portal and submit a support ticket.

Thank you,

Vitelity Network Operations Center

I told them in an email about three hours ago, that I had not received any notice of port changes and that making global changes without notifying users was careless…

Looks like they sent out an email doing just that after I said something,

Stranger thing is, it calls T-Mobile just fine, but calling AT&T it fails.

Thoughts,

LM

They’ve always done this. They’ve added required networks for whitelisting without contacting users before. That being said, if you whitelist their IP ranges you shouldn’t have to do anything else.

Alright so I have an update - this morning I had seven offices that were having issues placing outbound calls. Once the call was connected - the call went silent and they were unable to hear the person on the other end (the person they were calling outbound to). Vitelity recommended initially that we whitelist the RTP port range of 16384-36385 (previously port ranges 10000-20000). I went ahead and applied those changes to both our PFSense Firewall as well as on our FreePBX system. The ticket was escalated to a higher engineer and he recommended that I try ports 10000-36385. That unfortunately did not resolve the issue the issue and I had to make one more change on our firewall which I will outline below. I ended up having to create an outbound NAT rule for vitelity outbound calls - after creating the NAT rule and resetting the firewall states I was then able to place outbound calls without any issues. I hope this helps other people out!

My only issue now is that I still have one site that is having issues. I was able to make the necessary firewall changes because the firewall appliance and software is fairly new. I was unable to make any changes on the PBX in regards to RTP port ranges because it’s a super old version of FreePBX (version FreePBX 2.9.0.15). Under Asterisk SIP Settings I am not seeing any changes I can make that have to do with the RTP port range.

edit: you’re able to edit RTP configs on older versions of FreePBX using WinSCP and navigating to the appropriate directory.

Are you using MikroTik?

If so, what was the rule?

Thanks,

LM

Unfortunately we are not using MikroTik. We are using Netgate appliances running PFSense+.