I have been running FreePBX for years now behind a firewall. I’m currently running version 16 (upgraded from 15) and am now looking to upgrade to version 17. I have already set everything up and restored a backup and all seems to be working fine except for my Trunks that are rejected when connecting. In v16 I’m using chan_sip trunks that I need to change to chan_pjsip for v17. So first I thought my problems were with version 17 and I went back to my v16 install and try to add the pjsip trunks there, but I got the same result. I tried on a server of one of my clients which is a Vultr virtual server which connected without problem, so I began to think it must be my install being behind a firewall.
First, try the easy stuff:
In Asterisk SIP Settings, confirm that Local Networks and External Address are correctly set. If you change these, after Submit and Apply Config, you must restart Asterisk.
In your firewall, turn off any SIP ALG or similar, and turn on “disable source port rewriting” or similar.
Confirm that the firewall has a public IP address on its WAN interface. If not, please explain (ISP-supplied gateway is configured as router, ISP does CGNAT, etc.)
Next, at the Asterisk command prompt (not a shell prompt) type pjsip set logger on
wait for a registration attempt, paste the Asterisk log for the attempt and post the link.
If we can’t spot anything wrong with the request (or an unprocessed reply), the next step is to capture traffic on the WAN interface to see whether the firewall is blocking or modifying the SIP traffic.
Local Networks and External Address are set correctly. SIP is turned off (I’m using Unifi). I’ve turned on login and I got a confirmation saying “PJSIP Logging enabled”. Where do I look for the logs? I don’t see any different from the ones posted earlier.
Based on the log you posted earlier, Asterisk would retry the REGISTER after 60 seconds. So if you wait a couple of minutes after turning on pjsip logger, the end of the file /var/log/asterisk/full should have at least one registration attempt. There is a Max Retries setting for the trunk, but I believe that defaults to 10000 and it hasn’t been 10000 minutes since the log you posted.
[2024-11-09 12:41:13] WARNING[20948] res_pjsip_outbound_registration.c: No response received from 'sip:sip.cheapconnect.net' on registration attempt to 'sip:[email protected]', retrying in '60'
Are these entries relevant?
1834[2024-11-09 12:03:04] NOTICE[20948] res_pjsip/config_transport.c: Transport '0.0.0.0-udp' is not fully reloadable, not reloading: protocol, bind, TLS (everything but certificate and private key if filename is unchanged), TCP, ToS, or CoS options.
1835[2024-11-09 12:03:04] NOTICE[20948] res_pjsip/config_transport.c: Transport '0.0.0.0-tcp' is not fully reloadable, not reloading: protocol, bind, TLS (everything but certificate and private key if filename is unchanged), TCP, ToS, or CoS options.
1836[2024-11-09 12:03:04] ERROR[20948] res_pjsip_config_wizard.c: Unable to load config file 'pjsip_wizard.conf'
1837[2024-11-09 12:03:04] ERROR[20948] res_pjsip_config_wizard.c: Unable to load config file 'pjsip_wizard.conf'
1838[2024-11-09 12:03:04] NOTICE[20948] sorcery.c: Type 'system' is not reloadable, maintaining previous values
1839[2024-11-09 12:03:04] ERROR[20948] res_pjsip_config_wizard.c: Unable to load config file 'pjsip_wizard.conf'
1840[2024-11-09 12:03:04] ERROR[29674] res_pjsip_config_wizard.c: Unable to load config file 'pjsip_wizard.conf'
1841[2024-11-09 12:03:04] ERROR[29674] config_options.c: Unable to load config file 'resolver_unbound.conf'
1842[2024-11-09 12:03:04] ERROR[29674] res_sorcery_config.c: Unable to load config file 'stir_shaken.conf'
1843[2024-11-09 12:03:04] ERROR[29674] res_sorcery_config.c: Unable to load config file 'stir_shaken.conf'
1844[2024-11-09 12:03:04] ERROR[29674] res_sorcery_config.c: Unable to load config file 'stir_shaken.conf'
1845[2024-11-09 12:03:04] ERROR[29674] res_sorcery_config.c: Unable to load config file 'stir_shaken.conf'
1846[2024-11-09 12:03:04] ERROR[29674] res_sorcery_config.c: Unable to load config file 'aeap.conf'
1847[2024-11-09 12:03:04] WARNING[29674] iax2/firmware.c: Error opening firmware directory '/var/lib/asterisk/firmware/iax': No such file or directory
1848[2024-11-09 12:03:04] NOTICE[29674] iax2/provision.c: No IAX provisioning configuration found, IAX provisioning disabled.
1849[2024-11-09 12:03:04] ERROR[29674] ari/config.c: No configured users for ARI
1850[2024-11-09 12:03:04] ERROR[29674] res_pjsip_config_wizard.c: Unable to load config file 'pjsip_wizard.conf'
1851[2024-11-09 12:03:04] NOTICE[29674] confbridge/conf_config_parser.c: Adding default_menu menu to app_confbridge
1852[2024-11-09 12:03:04] WARNING[29674] app_voicemail.c: maxsilence should be less than minsecs or you may get empty messages
1853[2024-11-09 12:03:04] WARNING[29674] app_flite.c: Flite: Unable to read config file flite.conf. Using default settings
1854[2024-11-09 12:03:05] NOTICE[29674] app_queue.c: queuerules.conf has not changed since it was last loaded. Not taking any action.
Those entries are related to an Asterisk reload or restart, possibly caused by Apply Config or an fwconsole command. These all cause pjsip logger to be turned back off.
After typing pjsip set logger on
wait two minutes without executing any commands, then look at the end of the Asterisk log, which should show the REGISTER request and any replies.
With default settings of Refresh Interval: 3 seconds and Auto-Scroll checked, you should see new log entries as they appear. If you’re having trouble with this, just SSH in and look at /var/log/asterisk/full, which should grow as new entries are added. Make sure that you turned on pjsip logger after any kind of reload or restart that turns it off.
Found the solution (by accident). Under Settings > Asterisk SIP Settings > SIP Settings, UDP was set to port 5060. I figured my ISP could be blocking this port so I changed it to something else (in my case 5080) and also changed this port in the trunk settings. The trunk almost immediately registered. After which I removed the port from the trunk settings and it’s still registering, so these settings might be clashing? Not sure, but for me it works now. If I turn off UDP all together my trunks don’t register, so I guess it’s required to function.