webgourou
(Aurélien)
January 13, 2022, 6:51pm
1
Hello,
I use asterisk 18 with freepbx 15, I configured a phone to use TLS and SRTP.
It works fine in local but when I go through internet, I could make call but there is no sound !
I open port to forward tcp/udp 5061 and tcp/udp 10000 to 20000.
I set my ip as local (Trusted )
But there is still no sound, but there is in local area.
Which port am I missing ?
Thanks
Aurélien
defcomllc
(defcomllc)
January 13, 2022, 10:19pm
2
Did you Port Forward your TLS port???
You can find that in Asterisk SIP settings. I use all non-standard ports so mine are not going to be the same as yours…
AdFun7911
(AdFun7911)
January 13, 2022, 10:20pm
3
It’s sometimes a bit more difficult to make it work via TLS. You can share your configuration here and we’ll have a look at it.
dicko
(dicko)
January 13, 2022, 10:25pm
4
TLS and SRTP are separate concepts, once TLS works flawlessly, THEN make massage SRTP until it works, (Firewall wise , your ports are ‘encompassing’)
webgourou
(Aurélien)
January 14, 2022, 8:40am
5
Hello,
here is pjsip conf of phone 301
[301]
type=endpoint
aors=301
auth=301-auth
tos_audio=ef
tos_video=af41
cos_audio=5
cos_video=4
allow=ulaw,alaw,gsm,g726,g722
context=from-internal
callerid=Aurélien <301>
dtmf_mode=rfc4733
direct_media=yes
transport=0.0.0.0-tls
aggregate_mwi=yes
use_avpf=no
rtcp_mux=no
max_audio_streams=1
max_video_streams=1
bundle=no
ice_support=no
media_use_received_transport=no
trust_id_inbound=yes
user_eq_phone=no
send_connected_line=yes
media_encryption=sdes
timers=yes
timers_min_se=90
media_encryption_optimistic=no
refer_blind_progress=yes
refer_blind_progress=yes
rtp_timeout=30
rtp_timeout_hold=300
send_pai=yes
rtp_symmetric=yes
rewrite_contact=yes
force_rport=yes
language=fr
one_touch_recording=on
record_on_feature=apprecord
record_off_feature=apprecord
webgourou
(Aurélien)
January 14, 2022, 8:47am
6
Hello,
what do you mean by :
Is there something I miss in Firewall configuration ?
Aurélien
david55
(david55)
January 14, 2022, 10:19am
7
He means that you have all the ports open that you need to have open (for a default configuration).
webgourou
(Aurélien)
January 14, 2022, 11:15am
8
ok so is this a good point ?
defcomllc
(defcomllc)
January 14, 2022, 1:18pm
9
Did you open the TLS port??
webgourou
(Aurélien)
January 14, 2022, 1:35pm
10
Hello,
yes the port are open.
I have solved the trouble now.
I did not set correctly the external_media_address.
It was not redirecting to my router.
Now it seems fine.
Anyhow, is it mandatory to open all ports from 10000 to 20000 ? That makes a lot of port to open…
Thanks for all helps
AdFun7911
(AdFun7911)
January 14, 2022, 3:45pm
11
Yeah, you open so many ports so that it randomly picks a port to use for RTP. You could choose another port range or you could choose a smaller range, but this does not increase security nor stability.
webgourou
(Aurélien)
January 14, 2022, 4:04pm
12
OK noted, I am comforted now
About the rtp range for endpoint should they be in 10000 to 20000 or is it ok to be out of this range.
Furthermore as they initiated the connection, there is no need to open some range of ports for them or I am wrong ?
thanks
Aurélien
dicko
(dicko)
January 14, 2022, 4:08pm
13
it needs to match what you have in /etc/asterisk/rtp_additional.conf
, technically the range should end on an odd number to prevent occasional failed media. If you are using srtp then the chances of a ‘mitm snoop’ are very low, so a reduced range would not be inappropriate.
webgourou
(Aurélien)
January 14, 2022, 4:26pm
14
ok thanks as I do not change settings, I will make phone works between range 10000 to 20000.
Many Thanks to all
Aurélien
david55
(david55)
January 14, 2022, 5:09pm
15
The phone’s range is completely irrelevant. That only applies to media outbound from Asterisk, and one would not normally block any outbound ports.