Again, thank you so much. I now understand much better how the reaching works. I guess it’s a matter of the router config as to how long the associations are kept around and that desires some tweaking. I think we’re on the right track about this.
Today, out of nowhere some of the phones failed to register. I saw in the dashboard widget that happened yesterday at 23:00 sharp. Re-adjusting the phones’ ports fixed this, but there was no PBX reboot so this must be some router issue. NAT is, by the way, disabled on the phones.
To be clear, the Registration Retry Interval you talked about pertains to the cases when there is a registration failure I guess? I mean no need to re-register when the phone is already registered. Server Expires, I should read this as the time the phone will take to re-register at the PBX I presume. I’ve downloaded the appropriate manuals from Yealink, will take the time to read this first.
All the SIP extensions have been set to:
- nat=yes (force_rport,comedia)
- qualify=yes
- qualify freq = 60 (the default)
What I was thinking about: I have the options to set a port in the extension in the FreePBX GUI. What good will that do? Is that ignored then I enable NAT? I mean the ports don’t match the internal ports on the phone and even if they did, the ports I set in the phone are only valid on the LAN and won’t be exposed to the WAN. Or do the packets contain that internal port for routing?
Thanks for the tcpdump tip. I did some messing around and saw that some things that concerned me, but I’m not sure how to read them:
20:29:56.455453 IP (tos 0x60, ttl 64, id 56376, offset 0, flags [none], proto UDP (17), length 591)
PBX_SERVER.5160 > SITE_IP.sip: [bad udp cksum 0x694b -> 0x0166!] SIP, length: 563
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.178.31:5060;branch=z9hG4bK103406207;received=SITE_IP;rport=5060
From: "EXTENSION_NICE_NAME" <sip:208@PBX_IP:5160>;tag=2776113901
To: "EXTENSION_NICE_NAME" <sip:208@PBX_IP:5160>;tag=as7d29cd07
Call-ID: [email protected]
CSeq: 23735 REGISTER
Server: FPBX-14.0.3.19(13.22.0)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="17b88107", stale=true
Content-Length: 0
Where 192.168.178.31 is the correct LAN IP of this phone.
PBX_IP.5160 > SITE_IP.5063: [bad udp cksum 0x6954 -> 0xc641!] UDP, length 572
Is also one I saw, where I noticed the destination port (5063) is a port on one of the phones. But this is directed to the router. So can I assume that a port I set on the phone will make the router use this same port as it’s WAN port?
Theoretically (won’t really do this since I understand the security risk) I could forward ports on the router to the phones and setup the extensions in FreePBX to use these ports?
UPDATE
Reading the manual for the phones I just discovered I can do a trace route to debug. I’m not on site right now but when I am I’ll be sure to do that (preferably when a phone fails to register) to see what I can find.
UPDATE 2
OK, so this answers my earlier question about the tcpdump. The port you specify will always be the source port in the header. Still not sure if this will also be the WAN port on the router, but it kind of explains the tcpdump where the rport was the port no. I set in the phone: it is simply responding to the port that the phone sent in the header.