Trunk communicate on non standard port after restart

I would like to ask you for help with the configuration. I have a problem with connection to the sip trunk. Once I restart the server freepbx it will start commuticate to sip trunk on non standard port 65476 and if you try make outgoing call the trunk response forbidden because it’s not port 5060.
Incoming calls working properly. After few hours, days the freepbx starts communicate on correct port 5060 and everything is working till next restart.

This is my trunk configuration:


Thank you for any help and have a nice day.

Regards Martin

Please provide evidence, taken from the machine running FreePBX. sngrep is probably best for this, as I don’t think that “sip set debugger on” includes the source port number. My guess is that you have an application level gateway, on a router, and this is causing the problem.

chan_sip is a lame duck product and won’t have had significant changes for many years, and never originated from anything other than the port to which it was bound. As such I cannot see this as happening on the Asterisk machine.

The use of application level gateways is strongly advised against. you should deal with NAT by setting the external address and local net on Asterisk.

You should also seriously consider upgrading to chan_pjsip. If staying with chan_sip, you should review the definitions of type, canreinvite (directmedia), dtmfmode, username (defaultuser), the port option insecure, and nat, as these have unusual, sub-optimal, ineffective, or redundant values, and look like they have been copied without being reviewed, although they are not responsible for your current problem and many people never experience problems when misusing them.

I’m assuming you are referring to the source port, as using the wrong destination port would normally produce ICMP port unreachable, and no SIP response. However that was not entirely clear.

1 Like

Thank you for your reply. We are using fortigate as firewall, and there is any control on the rules then I think FortiGate doesnt change the port.
I would like to upgrade to pjsip but provider (DialTelecom in Czechia) probably doesn’t support it.

I’m not pro in the freepbx and I’m still learning but the few settings of trunk was provided from provider like
dtmf, insecure, and the others I found in documentation or here on the forum.

I will provide the output in the evening once I can restart the PBX.

Thanks and have a nice day.

chan_pjsip will work better with nearly every provider, even though nearly every provider is still only documenting a, badly designed, chan_sip configuration. Most providers seem to copy configurations from others, rather than starting from first principles, so I would not trust configurations from providers as representing best practice.

david thank you so much. You should right the problem was firewall. There is settings for preserve source port and this was disabled for this rule.

And thank you for the sngrep tool its really good tool.

Thanks again.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.