SIP Trunk / FreePBX Firewall Question


(John) #1

I have my public interface setup in the “internet” mode
I’ve enabled PJSIP in the responsive firewall section since it’s a non standard port and all my remote workers are able to connect using that. and left chan_sip disabled.

One of my Telco’s provides us service over PRI’s but they also have a SIP trunk for backup. I have their IP listed in the firewall in the networks tab setup as “Trusted, excluded from firewall” They use port 5060 to connect.

Under Connectivity - Trunks - SIP Settings - Outgoing
I have the trunk setup as:
host=8.45.245.21
type=peer
qualify=yes

This originally worked but I noticed a few months ago that it’s showing up as UNREACHABLE and calls are not going through the SIP trunk.

When attempting to place a call from that trunk I’m getting this error in the log:

[2021-01-14 16:05:46] WARNING[11211]: chan_sip.c:4142 retrans_pkt: Retransmission timeout reached on transmission 115353446faac8385fe6e59031ed393e@xx.x.xx.xx:5060 for seqno 102 (Critical Request) – See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions

Packet timed out after 32000ms with no response

Calls placed directly into that trunk do not even hit the log.

What settings need to be set on the firewall to allow this connection?

Just making it a trusted network? Just it being listed as a trunk? Do I need to enable chan_sip (5060) on the firewall?


(Lorne Gaetz) #2

Have you confirmed that the pbx Firewall is the issue? Do things work as expected when you temporarily disable the firewall?


(John) #3

Thanks @lgaetz,
Our ISP was filtering 5060. A packet capture revealed the absent traffic.