Pjsip trunk to extern provider SIP packet OK - IP packet question

FreePBX Providers
1

Dear Community members,

We have freePBX distro 14 with asterisk 13.
freePBX has an interface with a privateIP and a public IP.
We are settting up a pjsip trunk from freePBX.
Registration Packet has all fields as expected by the provider.
Below is the register packet will all correct fields (anonymized for this forum):

REGISTER sip:trunk.provider.domain SIP/2.0
Via: SIP/2.0/UDP freePBXpublicIP:5060;rport;branch=z9hG4bKPj579bbf32-f8e3-4ff0-92fd-00d69e7c9f89
From: sip:[email protected];tag=e00bedef-51fe-4005-aeee-d5122497b7f2
To: sip:[email protected]
Call-ID: f0d59b8b-499d-42f7-b713-dd2454d159af
CSeq: 48645 REGISTER
Contact: sip:313000@freePBXpublicIP:5060;line=fxgeoyi
Expires: 300
Allow: OPTIONS, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, REGISTER, MESSAGE, REFER
Max-Forwards: 70
User-Agent: FPBX-14.0.16.11(13.38.3)
Content-Length: 0

However when using TCPDUMP you can see freePBX sending the INVITE packet from the private IP address and not the public IP address.

In general SIP settings we have setup:
External Address=publicIP
Local Networks=populated accordingly

Does anyone have any advice on how we can send the INVITE at IP level with our public IP?

thanking you in advance,

Julian

2

We have considered setting up NAT at the firewall level but we would first like to see if we can solve the issue at freePBX level

3

Are you saying the machine has network interfaces on both the internet and your private network? If so, you do not have a public address and local networks in Asterisk terms, but you do have an environment where direct media is broken, so whilst not configuring the former, you need to make sure that direct media is disabled.

Also, please note that Asterisk 13 is security risk, as it is fully beyond end of life and will not receive any security fixes.

4

Hi David, thank you the golden nuggets of information regarding interfaces.

I have re-read your comment.

We will consider not putting the public interface on the PABX but on a central router instead and using NAT

We have direct media disabled as we want all traffic to pass through the PABX

5

You don’t seem to have a connection to the internet, so you will need a NAT router. The purpose of configuring the public address on Asterisk is so that it can compensate for the presence of the NAT router. Even if you set the public address as the IP source address, you would still need the NAT router to handle incoming packets.

(It is possible to have the the public internet and a private network sharing the same physical LAN and interface, with only some machines listening to the public address, but I doubt that is anyone would want to do this.)

6

If you have both a private and a public IP, each of them in their respective NIC, you need to establish only one default gateway.
In my installs with 2 NICs, I usually define the default gateway on the private IP NIC and define static routes on the public IP NIC for the VoIP provider’s IP.
This way, if the private net has internet access, all FreePBX software upgrades go through the private net without interfering with the VoIP traffic to your VoIP provider.

7

Hi Ariel, thank you for chipping in.

Are you performing NAT on your PABX or on your central router/firewall?
Or did you make your setup work without NAT?

8

In my FreePBXs, the public IP is connecting the PBX directly to the VoIP provider, so there is no NAT involved. You need to set that public IP on the SIP settings. Double check this setting, so that the correct IP is set. The NAT on the private network is not involved in this connection, so it should not interfere.

9

Hi Ariel,

Referring to the image, are these the entries you are referring to?
One final thing is your trunk using PJSIP or the “legacy” SIP?

freePBX trunk tshooting 0222
freePBX trunk tshooting 02221172×786 68.3 KB

10

Yes, those are the settings I was referring to.

I’m using CHAN_SIP, but I understand there shouldn’t be any difference if you are using PJSIP. Just to be sure, check the PJSIP tab and verify if there is a similar setting for External IP, I don’t remember if there is or isn’t.

11

Hi Areil/David & community,

A slight update from my side. Thank you for pointers, they seemed to have work.
Below is the solution identified until now that solved the problem of the originating IP in the REGISTER request.

  1. Put public IP on a different interface.
  2. This gave me the option of two transports, which I then had to select from the pjsip trunk settings.

reg_forCommunity_250222
reg_forCommunity_250222697×747 46.2 KB

12

Hi Community members,

As stated in my last post INVITES are going using the proper transport method (public IP).
However I notice that SIP options related to this trunk are not being replied to using the correct transport method. Does anyone have any ideas as to why this may be?

image
image999×630 21.3 KB

13

With the original solution above (of 2 transports) I have the remaining problem as towards the second part of this thread regarding SIP OPTIONS:

It seems that a similar problem has been encountered before as described in this thread:

Asterisk 16 PJSIP Multiple IP Addresses . Answer from wrong network interface - Asterisk / Asterisk SIP - Asterisk Community

however if I follow the latter thread the whole setup breaks

14

Another reference suggesting that only 1 transport should be used

Pjsip trunk using bad transport - Asterisk / Asterisk SIP - Asterisk Community

15

Another thread suggests the same thing:

SIP Trunk problem - NAT - 2 networks - FreePBX / Providers - FreePBX Community Forums

however there is a suggestion that this is done when using chan_sip

16

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.