Sip trunk with multiple A records Qualify problems

Hello, my provider have set multiple A records to it’s domain
When i initially register it randomly selects an IP address for example and registers on it.
I have set Qualify frequency to 60 seconds and every minute my PBX sends OPTIONS sip message to random selected IP. If the IP is same as the initial one all works good.
If my PBX picks another IP for example, the OPTIONS sip message goes fine and replies 200 OK but 30 seconds later sends wrong packet that generates error in my asterisk log:
[2019-12-19 10:10:42] WARNING[21033] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 32000

In wireshark i see TLSv1 Encrypted Alert .

In the time frame between 200 OK and the Encryptied alert i can see the established connection with tcpdump -tpn | grep 185.125
After it receives Encrypted alert, the connection is closed.

If randomly my PBX picks again and sends OPTIONS there is no alert packet received 30 seconds after.

Is there a config in FreePBX so i can set Qualify requests going always to the first IP where it had been registered? If Qualify fails then FreePBX should try registering again.

Or is there a setting for my provider’s asterisk server so it does not close additional connections with Encrypted alert ?

There is no configuration option to use the same address you registered to, that goes against the way you’re supposed to do DNS resolution for SIP. You could configure a specific IP, though, if you wanted.

There is also no setting to stop it from closing additional connections. It should keep the connection alive, unless the remote side closes it for some reason.

Why there is no way to communicate with the IP of first registration?
It still can do DNS lookup and when list of the 7 A records is loaded, it can compare the IP of first registration to that list.
If the IP is in the list then send qualify to that IP.
If qualify is rejected or times out it can try the other IPs in the list and re-register on the first working IP.
If the IP is no longer in the list try another IP from the DNS list and re-register.

Why should asterisk keep multiple TCP connections if the sip server have multiple A records? An optimization could be good and communicate only with one IP from the A list until it is in the list and accessible.

Because noone has written such a thing, and there is no association between the calling and the outbound registration at that level which complicates it further.

It also means that you wouldn’t do DNS based load balancing.

If such functionality were to be written I would therefore expect it to be optional and explicitly configured.

I don’t know what is it with Germany but they seem to not understand how SIP actually works. What is is sounding like is they have multiple IPs that probably go to multiple systems and those systems do not share resources such as user locations.

The way they have their DNS setup for this is pretty poor. There isn’t much more that can be done on this end. Asterisk is doing its job right, it is not Asterisk 's fault that the provider has no idea how to properly do DNS for SIP.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.