Hi All,
im having a strange one and im not too sure how to fix it?
we use twilio for sip trunking for outbound and incoming,
incoming calls are all ok and outbound works
but every so often outbound calls will cuts off after 30 seconds
we keep getting alerts in the twilio console saying ACK not received from the SIP endpoint
i have SIP ALG disabled on our mikrotik router and all inbound ports from the twilio ip ranges port forwarded to our freepbx server
i have run tcpdump and watch the packets flow in and out
i am receiving the OK (INVITE) from twilio
but for some reason it never sends back the ACK to twilio OR if it does i cant find it in the packet trace?
im using this command to capture all the packets physically on the freepbx server
nohup sudo tcpdump -i eth0 port 5060 or portrange 10000-60000 -w /root/voip.pcap -v
i came across a stackoverflow post saying something to do with the request-uri being incorrect,
but not too sure how to fix that? Why is the SIP ACK sent from our PBX not received by Twilio? - Stack Overflow
i also note, i have this exact same issue at 2 totally different sites,
both have different routers, different freepbx server specs, different ISPs, only thing in common is the same freepbx versions of everything (packages and software) and twilio?
any suggestions would be amazing!
Kindest Regards
Simon
You need to make sure that you have the correct values set inside the Settings → Asterisk SIP Settings: External Address and Local Networks fields. Specify your WAN IP in the External address and all your LAN segments that contain an extension in the Local Networks section.
thank you for your suggestion, but ive already done this and still having this problem
Do you have the responsive firewall turned on or do you have the inbound SIP ports fully open? If packets are hitting your firewall and the firewall is forwarding them to the PBX but they never arrive at the PBX then it’s possible that your PBX firewall is blocking them before they hit asterisk and the system firewall blocking the traffic would explain it.
nope firewall competely off and ive port forward anything coming from twilios ip ranges to the freepbx server (so all ports)
but from what im seeing the tcpdump running on the actually freepbx server,
its receiving the OK (INVITE) from twilio but then just never send the ACK back to twilio?
or if it does i cant find it anywhere in wireshark when i check the pcap
but i can see twilio just keeps sending the OK (INVITE) over and over every few seconds
so i think this is because they arent receiving the ACK from our server which makes sense
You can also run sngrep -c in the CLI to monitor packets for a given call before it hits asterisk.
The next step would be to monitor the packets hitting your server and then connecting to the asterisk console and monitoring the packets that hit asterisk by running set logger on. You should see matching packets hit your system and then asterisk. If you see a packet hitting your system but not asterisk something is miss configured on your system and not forwarding packets on to asterisk correctly.
thank you, i will keep an eye on it, and try your suggestion
the problem i have is its always very random, i never know when it happens, i cant even replicate the issue, it just happens when it wants!
thats why i used tcpdump and just kept it running in the background for a whole day to then filter through packets and see whats what
edit: btw very nice tool and gui! never knew about sngrep
Yea, being able to replicate the issue will go a long way to you being able to solve this one.
so its only taken 2 days for the issue to replicate/happen
but attached is a screenshot of the phone call from sngrep that had the issue
(i left sngrep running in the background saving to a pcap file, no rtp tho)
BUT attached below is a screenshot of a call that happend before that call and had no issues at all?
i have compared all the packets from both calls in sngrep
and they are almost identical from each other
the only issue i can see is for SOME REASON twilio seem to return the SDP to a totally different port, rather than the default 5060?
and also the SDP came before the Ringing (dont no if that matters or not?)
is the any particular packet/step i should be focusing on
could the issue be because i have 2 SIP trunks setup?
even though the 2 SIP trunks are from different providers?
1 twilio (main out), 1 company X (main in)
i have also spotted on my firewall in its connections (i use mikrotik)
the voip server is registering with Company X
(we must register the trunk with them to send us calls)
and its reply dst address is set as 217.14.xxx.xxx:14299
(my external ip but the same port as the failed calls shows!)
If you are port forwarding inbound (you are), in Asterisk SIP Settings - pjsip tab, set the external port the same as internal port, thus:
You do not need to set the IP address here, as it will be taken from the External Address field on the general tab.
I don’t know why this is necessary, but I have seen the same sporadic behavior as you describe, and this solved it.
Thanks @billsimon I will try that but I think I’ve already done this!
Originally those field where blank and the issue happened
Then I set both the ip and port and the issue still happened (current setup now)
But i will try removing the ip address and just leave the port set instead
Does it make a difference the fact I have 5060 udp AND tcp enabled? I don’t use the tls 5061 port
I don’t actually use the 5060 tcp port for voice, I just have it enabled so I can check the 5060 port is alive n awake for monitoring purposes
Restart asterisk after adjusting pjsip transport settings here.
What is the setting on your router for UDP timeout? 60 sec.?
im not sure, but if this picture is correct, its 10 seconds?
EDIT: the default for mikrotik is also 10 seconds so i havent chaged anything
https://help.mikrotik.com/docs/display/ROS/Connection+tracking
Try setting to 60 sec. to see if your issue disappears.
In SonicWALL, on the outgoing NAT Rule you have to disable Source Port Remap. I’m not sure if MicroTik has such a feature, but I’d look into that.
(You may need to restart your firewall or flush the active connections after making such changes)
Some real quick questions here.
1.) Is the router/modem from the ISP set in Bridge or Passthrough mode? Meaning that the public WAN IP is on the Mikrotik WAN interface? Otherwise there is a chance that double NAT is in place.
2.) Can you show the output of asterisk -rx "pjsip show transport 0.0.0.0-udp" because if the External IP from the general SIP Settings page doesn’t appear in that transport section it isn’t going to be used.
3.) Why isn’t there a Local Network set in the transport? The Local Network is required to let Asterisk know any requests destined for an IP that isn’t part of the Local Network needs the External IP/Port updated in the SIP message. Not specifying Local Networks means Asterisk assumes everything is local.
Does not need to be set there. If it’s set in the Asterisk SIP Settings general tab then FreePBX handles the configuration files correctly. The field in the transports can serve as an override.