I have remote phones registered to a FreePBX 14 system. Calls can be made but there is no audio. I ran a packet capture from the FreePBX and see that it is trying to send audio to the LAN IP of the remote phone. I have NAT set to Yes in the Advanced tab of the extension and NAT set to yes in the Asterisk Chan SIP Settings
66.188.45.2 - WAN IP of Remote phone
172.16.8.100 - LAN IP of FreePBX
192.168.0.160 - LAN IP of Remote Phone
The SIP debug you provided looks reasonable to me.
If the remote phone doesn’t have a way to get the RTP from the external address (on that local firewall) to the phone, you’re going to have to add a way. This can take several forms, including port forwarding 10000-20000 to the phone, as well as other methods. Once you try to make a call out, for example, the remote NAT will keep your RTP port forward open for a time (depends on router config). Registration of the phone can also be used to do this.
Note also that telephony “helpers” in your routers can mess this up, so be sure to take into account that your system may be thwarting itself.
Seems to me there’s a Wiki that calls of this out.
But I’m finding this happening on all remote phones from 3 different locations. Could this be an issue with the firewall in front of the FreePBX?
This is the same remote phone connected to a different FreePBX server. This time audio is present
It’s actually normal for a few RTP packets to be sent to the remote private address. Of course, they don’t arrive. Your issue is that audio from the remote phone was not received by Asterisk. Once the first packet is received, Asterisk learns (from the source IP address and port), where it must send its RTP.
How it should work:
Phone sends INVITE to Asterisk, with SDP specifying its private address. Asterisk sees that the (public) source address of the INVITE does not match your NAT settings Local Networks, so it knows that the client is external.
When Asterisk sends a 183 Progress or 200 OK, it puts the value of External Address in the SDP, which of course should be the PBX public IP, and chooses a port from RTP Port Ranges (default is 10000 to 20000).
Phone starts sending audio to that address and port. The hardware router/firewall connecting the PBX has been configured to forward UDP ports 10000 through 20000 to the PBX LAN IP.
Asterisk sees incoming RTP and starts sending its RTP to the address and port from which the phone’s RTP came.
What’s likely to be wrong:
Your firewall is not correctly forwarding external RTP to the PBX. Or, your NAT settings are incorrect, such that the phone is not detected as being behind NAT, or the public IP address it is advertising is not correct.
Look at the 200 OK packet sent from the PBX and confirm that the IP address in the SDP is the PBX public IP. If so, your firewall is most likely failing to properly forward the RTP.
Great explanation. Thank you. I found the SDP and it does appear to be sending the WAN IP (96.92.158.97)
It is? What few are those and when does that happen?
Strict RTP protection[1] can result in some outgoing packets going to the private, until probation passes and the IP address/port is learned. It ultimately depends on the call topology and what is going on.
[1] https://github.com/asterisk/asterisk/blob/master/configs/samples/rtp.conf.sample#L24
I am seeing the same thing: New FreePBX 14 setup with Asterisk 13.22, and RTP is being sent to the private IP of the remote phone. @Stewart1 - Your explanation was amazing and I’ve never seen this process broken down so clearly before. The strange thing here, is that the first call I make after starting Asterisk works as expected with audio both ways, but then every subsequent call develops this problem. In an RTP debug, I don’t see the RTP of the remote device arriving at Asterisk, but port forwarding is set correctly. Strange indeed.
I had a great call with Sangoma Support this morning and with a variety phones the system seemed to ignored the NAT settings and send RTP to the LAN IP of the phone. We even tried PJSIP with the same occurring. Randomly it started working with the system sending RTP to the WAN IP of the phone. I wish I had a fix for everyone. Very odd.
We did rewrite the 10000-20000 rule in the firewall. Perhaps that fixed it?
After hearing more from Sangoma it does appear that re-writing the 10-20k UDP rule in the firewall was the effective solution.
You mean, you had port forwarding in the firewall to the PBX, but RTP wasn’t working, so you deleted and re-created the rule and now it works? Or did you change the port range? May I ask what firewall you’re using?
In my particular situation, I’m trying a side by side migration of a 10.13.66 system to SNG7, both running Asterisk 13, but when I switch the IP’s of the 2 PBX’s, RTP breaks down with the exact symptoms you’re having. Are you trying something similar? I’ve been suspecting that port forwarding is sending packets to the wrong system and the firewall is at fault. I’m using Untangle.
It was a Sophos firewall. There was a rule for 10-20k UDP forwarded to the LAN IP of the FreePBX but I had it destroyed and rebuilt. When it was rebuilt from the ground up audio worked.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.