SIP port control (random assigned port or no connection)

I would like to understand more about the SIP port control where I have 1 phone behind the firewall and 2 phones (on different IP addresses) out on the internet.

I’m not sure what I see in this overview and I’m not sure if I understand the column labels.

This FreePBX box is currently configured via SIP Legacy [chan_sip] (/admin/config.php?display=sipsettings)

Bindport: 6111 ( also open in the router)
TLSBindport: 5161

The assumption would be that all phones would bind to port 6111, but that is not happening.
The phone behind the firewall seems to be connected to port 63722, where 1 of the external phones is connected to port 5060 and the last one is not connected (although sometimes this works and connects via a random port, also 5060 or higher).

I’m currently not in control :wink:

How do I read this screenshot and what can be improved to assign a fixed bind port to all phones ?

The port in the given output is what port the endpoint is connecting FROM. Asterisk has no control over this port. If they are behind NAT, then commonly (although not always) the router assign a random port that is then mapped back to the internal IP address and port to allow traffic to flow.

Thanks for your quick reply. That is clear. Can you elaborate on the used column names in the picture also ? Port is clear :grinning_face_with_smiling_eyes:

Rewriting of the source port by the router/firewall at the remote location is not normally a problem.
However, it is a problem if the port number is changing, usually caused by the NAT association timing out.
In the remote phone, try setting the registration expiry to e.g. 120 seconds, and/or setting keep-alive to e.g. 30 seconds. If you still have trouble, please post:
Remote phone make/model?
Remote router/firewall make/model?
Does phone UI show phone is registered?
Does Asterisk show phone is registered?
Can the device make call ok?
What happens on incoming call attempts?

If the 3e phone (linksys 941) is registered, it will last for ever… The 3 phones are cloned configs (2 other phones without any problem).

Maintenance resulting in a reboot or poweroff/on (to create a backup of the virtual machine) is very likely to result in a non-registered 3e phone. Re-executing the reboot of both asterisk and the 3e phone will eventually result in a registration (port 5060 or a high random port in the range 61xxx).

My SIP initiation is supposed to start on port 6111

And the phone(s) are supposed to registering via port 6111 (at least that is what I think)

I’m just curious where my analysis (and setup) is going wrong. Both phones on the internet don’t have firewall enhancements in place (so no special ports opened for these phones).

SIP packets (like all UDP or TCP packets) have a source port number (what the sender binds to) and a destination port number (what the receiver binds to). For SPAxxx, the source port for registration is the value of SIP Port, which defaults to 5060 if left blank. The destination port is the value after the colon in Proxy, which defaults to 5060 if absent.

A router/firewall can rewrite the source port. Some do this only when necessary (because the port is already in use, e.g. for another device), while others (with default settings) will always rewrite.

If Asterisk is restarted, all existing registrations are lost, but they should be restored when the device re-registers. With the SPA default value of 3600 for Register Expires, this will take as much as an hour. Try setting this to 120, which (on most firewalls) will keep the NAT association open if OPTIONS (qualify) requests from Asterisk are lost because of a temporary outage or routing problem.

Your virtualization system may be able to create a ‘snapshot’ (instead of a ‘backup’) without bringing the VM down. Or, if you are not a 24/7 operation, you might schedule the backup for e.g. 3 AM, so devices should all be re-registered when needed.

If you still have trouble (devices do not re-register after Asterisk is restarted), please provide details, including the make/model of the firewall at the remote location and any special settings.

Thanks for the extra info. I will adjust the register expires value to 120 and see what improves (although I don’t have issues if the Phone is successfully registered). I use Virtualbox for my virtualizations. There are enough moments during the weekend where I can create a backup. Never a problem, but I have to shutdown the machine for that, creating the risk that that phone does not register and needs extra attention

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.