SIP in TCP or TLS does not work , it registers , but no audio comes though and then drops

Dear all ,

Did anyone had this experience before ? to have extensions work fine in UDP , but not in TCP , TLS ?

because I am having this problem , UDP works fine audio both ways , no nat problems , in TCP nat problems(i guess ) , line drops after 30 secs , and no audio

the frepbx is virtualized , version 14 both freepbx and asterisks (Asterisk Version: 14.7.4,FreePBX 14.0.1.36)

IF anyone has any ideas i can post the SIP debug and log fines on asterisk-vvvvvr

and also this problem occurs both in 4G(LTE) and WiFi

Also there is an other person with the same problem
https://community.freepbx.org/t/sip-from-udp-to-tcp-no-audio/

Thank you very much for the help
LeTest

If I remember correctly, you can only do TCP with the control port. RTP will still be UDP.

Dear Cynjut,

To be honest I never got around to understand how that even works , on any application or IP phone you have the registration string , you set the port for registration( I set it as TCP I don;t know how it get managed … from that point foreword ) , I don’t know how to set to let the control ( SIP traffic) on TCP and UDP the RTP data.

so if you know can you enlighten me please … because i really want to make TLS work , for the signaling for the time being

thank you in advance

Step 1 - buy a book. I’m not trying to be curt or mean, but this is not a project for someone that isn’t well versed in telephony.

Step 2 - get everything working in the normal UDP SIP. From there, you can ‘step-wise’ refine the rest. At this point, there are so many things not working that there’s no effective way to respond in a forum post.

There is a FreePBX Wiki. Have you reviewed the documentation there?

Setting up TCP settings on the server is fairly straight-forward and is documented on the Wiki pages. Setting up TLS is more challenging, since it requires you to make sure that several pieces (in the phone and in the server) are all set correctly. Unless you are doing this for some really specific purpose, I’d recommend you stick with UDP, at least in the short term. Examine your needs and see if encrypted traffic is really that important.

Finally, the FreePBX GUI is there as a tool for you to use, but like any other tool, you need to read the instructions first. I’m pretty sure no one has ever cut off a finger using FreePBX, so I’d hate for you to be the first…

Dear Cynjut ,
Yes I got everything working with UDP ,

yes I reviewed the documentation ,

I know is very straight-foreword that why this is mind boggling.
Yes TLS is even worse I had my fair troubles with it ,

Book … well do you recommend something ? that is worth the time , I did read some parts of
"SIP: Understanding the Session Initiation Protocol" but it was way back , like the invite packets and the flow of data bla bla… but is being a while , Something Freepbx oriented would be helpful , if you know something with this requirements I would be grateful :smiley:

Yes TCP and Encryption is necessary because everything will fly “naked” on the internet :smiley: so yes is very important (to me to say the least)
instead of using some VPN and then the user forgets to connect on the VPN and then everything turns to shit(no registration no phone no nothing ). …

so yeah …

anyway , Thank you for your time , I will try to look up some more literature , if you have any other pointers I would be grateful ,

Thank you in advance

Search through this forum for “TLS” and follow those threads. There have been several discussions in the past couple of months about getting TLS to work. Things like root certificates and proper “Let’s Encrypt” (or other real certificates) are key to getting this to work.

I think there’s something about using TCP and TLS at the same time that’s a problem, but I don’t remember any of the details. If you have the UDP connections working, trying adding the TLS certificates and configuration next. If that works, you’re data will be properly protected, so that should get you where you want to go.

Also, there are some phones that will connect with ‘per phone’ VPN connections, which is another way to solve this specific problem. Once again, there is a lot of good information in the forums, especially over the past six months or so.

If you have a specific question, please ask it.

What you you exactly mean by that , and yes the next option is to try and find in the forum what is going on if more people had the same problem as I did :slight_smile:

Thank you :slight_smile:

Many phones (Sangoma, for example) have the capability to set up a point-to-point VPN connection from the phone itself to the PBX. It’s more a function of the phone than anything else, but it is a possibility.

oh okay , I thought you wore talking about (mobile apps) yeah okay , but some of them need there own hardware to make the VPN work like cisco for example … Sangoma ( i’ve never worked with them , also VPN PPTP is quite obsolete even for this job(and vulnerable , broken protocol , so many backdoors :D,if this is the VPN type you are talking about ) )

Also the main problem i encouter is this "
[2018-03-06 20:19:57] WARNING[11611]: chan_sip.c:4077 retrans_pkt: Retransmission timeout reached on transmission XXXXXXXXXXXXXXX. for seqno 2 (Critical Response) – See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 6400ms with no response
"
and I don’t know how to fix it …
Do you have any idea ?

Also the funnest part , if you get calls all media and voice works fine , if you try to call out things get interesting

One way audio on output means your NAT setting in the SIP configuration are screwed up.

I know that is what i am trying to figure out , now , i’ve tried everything , even TCPdump ,

I am using Zoiper app for the softphone … tls Works one way or the other …

but still needs some more work ,

any ideas like Rport and STUN server , i tried to use the google open stun server but nothing changed …

any more suggestions I am open to hear them out

On your server, look in the Advanced SIP settings for Chan-SIP and PJ-SIP. You need to make sure that all of the addresses and NAT options are set correctly.

they are NAT YES , my public IP , the rest of the networks , i think its my provider or something I really don’t know what is the deal with it .,…

the problem was that i was using a non standard port , and the ISP’s didn’t knew what to do with the traffic :smiley:
once standard ports wore interdicted all worked just fine

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.