Hello,
I use asterisk 18 with freepbx 15, I configured a phone to use TLS and SRTP.
It works fine in local but when I go through internet, I could make call but there is no sound !
I open port to forward tcp/udp 5061 and tcp/udp 10000 to 20000.
I set my ip as local (Trusted )
But there is still no sound, but there is in local area.
Which port am I missing ?
Thanks
Aurélien
Did you Port Forward your TLS port???
You can find that in Asterisk SIP settings. I use all non-standard ports so mine are not going to be the same as yours…
It’s sometimes a bit more difficult to make it work via TLS. You can share your configuration here and we’ll have a look at it.
TLS and SRTP are separate concepts, once TLS works flawlessly, THEN make massage SRTP until it works, (Firewall wise , your ports are ‘encompassing’)
Hello,
here is pjsip conf of phone 301
[301]
type=endpoint
aors=301
auth=301-auth
tos_audio=ef
tos_video=af41
cos_audio=5
cos_video=4
allow=ulaw,alaw,gsm,g726,g722
context=from-internal
callerid=Aurélien <301>
dtmf_mode=rfc4733
direct_media=yes
transport=0.0.0.0-tls
aggregate_mwi=yes
use_avpf=no
rtcp_mux=no
max_audio_streams=1
max_video_streams=1
bundle=no
ice_support=no
media_use_received_transport=no
trust_id_inbound=yes
user_eq_phone=no
send_connected_line=yes
media_encryption=sdes
timers=yes
timers_min_se=90
media_encryption_optimistic=no
refer_blind_progress=yes
refer_blind_progress=yes
rtp_timeout=30
rtp_timeout_hold=300
send_pai=yes
rtp_symmetric=yes
rewrite_contact=yes
force_rport=yes
language=fr
one_touch_recording=on
record_on_feature=apprecord
record_off_feature=apprecord
Hello,
what do you mean by :
Is there something I miss in Firewall configuration ?
Aurélien
He means that you have all the ports open that you need to have open (for a default configuration).
ok so is this a good point ?
Did you open the TLS port??
Hello,
yes the port are open.
I have solved the trouble now.
I did not set correctly the external_media_address.
It was not redirecting to my router.
Now it seems fine.
Anyhow, is it mandatory to open all ports from 10000 to 20000 ? That makes a lot of port to open…
Thanks for all helps 
Yeah, you open so many ports so that it randomly picks a port to use for RTP. You could choose another port range or you could choose a smaller range, but this does not increase security nor stability.
OK noted, I am comforted now
About the rtp range for endpoint should they be in 10000 to 20000 or is it ok to be out of this range.
Furthermore as they initiated the connection, there is no need to open some range of ports for them or I am wrong ?
thanks
Aurélien
it needs to match what you have in /etc/asterisk/rtp_additional.conf , technically the range should end on an odd number to prevent occasional failed media. If you are using srtp then the chances of a ‘mitm snoop’ are very low, so a reduced range would not be inappropriate.
ok thanks as I do not change settings, I will make phone works between range 10000 to 20000.
Many Thanks to all
Aurélien
The phone’s range is completely irrelevant. That only applies to media outbound from Asterisk, and one would not normally block any outbound ports.