I was able to connect to Asterisk running in a Docker container using Linphone app:
with the following pjsip.conf:
[transport-udp]
type=transport
protocol=udp
bind=0.0.0.0
[neo]
type=endpoint
context=office-phones
disallow=all
allow=ulaw
auth=neo-auth
aors=neo
; direct_media=no
[neo-auth]
type=auth
auth_type=userpass
username=neo
password=XXXXX
[neo]
type=aor
max_contacts=10
[morpheus]
type=endpoint
context=office-phones
disallow=all
allow=ulaw
auth=morpheus-auth
aors=morpheus
; direct_media=no
[morpheus-auth]
type=auth
auth_type=userpass
username=morpheus
password=XXXXX
[morpheus]
type=aor
max_contacts=10
and with the following extensions.conf:
[office-phones]
exten => 1001,1,Dial(PJSIP/neo)
exten => 1002,1,Dial(PJSIP/morpheus)
exten => 9000,1,Answer()
same => n,Playback(hello-world)
same => n,Hangup()
I did a voice call, my Windows client app accepted the call:
but I did not hear anything and the call was interrupted within a short time.
Also I did not hear hello-world sound when I dialed 9000.
Asterisk Commands
Reloading the configuration:
asterisk -r
c7711348e6ca*CLI> pjsip reload
Module 'res_pjsip.so' reloaded successfully.
Module 'res_pjsip_authenticator_digest.so' reloaded successfully.
Module 'res_pjsip_endpoint_identifier_ip.so' reloaded successfully.
Module 'res_pjsip_mwi.so' reloaded successfully.
Module 'res_pjsip_notify.so' reloaded successfully.
Module 'res_pjsip_outbound_publish.so' reloaded successfully.
Module 'res_pjsip_publish_asterisk.so' reloaded successfully.
Module 'res_pjsip_outbound_registration.so' reloaded successfully.
[Feb 9 21:45:01] NOTICE[248]: sorcery.c:1348 sorcery_object_load: Type 'system' is not reloadable, maintaining previous values
c7711348e6ca*CLI> dialplan reload
Dialplan reloaded.
Other information:
asterisk -rx "pjsip show endpoints"
Endpoint: <Endpoint/CID.....................................> <State.....> <Channels.>
I/OAuth: <AuthId/UserName...........................................................>
Aor: <Aor............................................> <MaxContact>
Contact: <Aor/ContactUri..........................> <Hash....> <Status> <RTT(ms)..>
Transport: <TransportId........> <Type> <cos> <tos> <BindAddress..................>
Identify: <Identify/Endpoint.........................................................>
Match: <criteria.........................>
Channel: <ChannelId......................................> <State.....> <Time.....>
Exten: <DialedExten...........> CLCID: <ConnectedLineCID.......>
==========================================================================================
Endpoint: morpheus Not in use 0 of inf
InAuth: morpheus-auth/morpheus
Aor: morpheus 10
Contact: morpheus/sip:morpheus@91.122.37.167:60224; 9bff2a94f2 NonQual nan
Endpoint: neo Not in use 0 of inf
InAuth: neo-auth/neo
Aor: neo 10
Contact: neo/sip:neo@176.15.165.80:43146;transport= e6c6daf063 NonQual nan
Objects found: 2
asterisk -rx "pjsip show auths"
I/OAuth: <AuthId/UserName.............................................................>
==========================================================================================
Auth: morpheus-auth/morpheus
Auth: neo-auth/neo
Objects found: 2
Asterisk logs
The clients are registered:
== Endpoint neo is now Reachable
-- Added contact 'sip:neo@176.15.165.80:11900;transport=udp' to AOR 'neo' with expiration of 3600 seconds
-- Added contact 'sip:neo@13.160.48.219:12593' to AOR 'neo' with expiration of 300 seconds
-- Added contact 'sip:neo@176.15.165.80:12347' to AOR 'neo' with expiration of 300 seconds
[Feb 10 09:29:54] WARNING[34]: res_pjsip_pubsub.c:3439 pubsub_on_rx_publish_request: No registered publish handler for event presence from neo
[Feb 10 09:30:14] NOTICE[34]: res_pjsip/pjsip_distributor.c:688 log_failed_request: Request 'INVITE' from '<sip:101@172.236.29.157>' failed for '138.124.60.132:57262' (callid: 1001927023-1525866290-1353136388) - No matching endpoint found
-- Added contact 'sip:neo@176.15.165.80:52982;transport=UDP;rinstance=bfdf8ad8c0146e51' to AOR 'neo' with expiration of 60 seconds
== Endpoint morpheus is now Reachable
-- Added contact 'sip:morpheus@91.122.37.167:60224;transport=udp' to AOR 'morpheus' with expiration of 3600 seconds
When I did a voice call I got the following logs:
-- Executing [1002@office-phones:1] Dial("PJSIP/neo-00000009", "PJSIP/morpheus") in new stack
-- Called PJSIP/morpheus
-- PJSIP/morpheus-0000000a is ringing
-- PJSIP/morpheus-0000000a answered PJSIP/neo-00000009
-- Channel PJSIP/morpheus-0000000a joined 'simple_bridge' basic-bridge <95401d2d-5950-498a-82d1-3d7cb8cd2e8c>
-- Channel PJSIP/neo-00000009 joined 'simple_bridge' basic-bridge <95401d2d-5950-498a-82d1-3d7cb8cd2e8c>
-- Channel PJSIP/neo-00000009 left 'native_rtp' basic-bridge <95401d2d-5950-498a-82d1-3d7cb8cd2e8c>
-- Channel PJSIP/morpheus-0000000a left 'native_rtp' basic-bridge <95401d2d-5950-498a-82d1-3d7cb8cd2e8c>
== Spawn extension (office-phones, 1002, 1) exited non-zero on 'PJSIP/neo-00000009'
When I dialed 9000 I got the following logs:
-- Executing [9000@office-phones:1] Answer("PJSIP/neo-00000008", "") in new stack
-- Executing [9000@office-phones:2] Playback("PJSIP/neo-00000008", "hello-world") in new stack
-- <PJSIP/neo-00000008> Playing 'hello-world.gsm' (language 'en')
-- Executing [9000@office-phones:3] Hangup("PJSIP/neo-00000008", "") in new stack
== Spawn extension (office-phones, 9000, 3) exited non-zero on 'PJSIP/neo-00000008'
Using tcpdump
sudo tcpdump -i eth0 port 5060
01:37:23.923230 IP ip36.ip-178-32-140.eu.59582 > 172-236-29-157.ip.linodeusercontent.com.sip: SIP: INVITE sip:900442037697451@172.236.29.157 SIP/2.0
01:37:23.923402 IP 172-236-29-157.ip.linodeusercontent.com.sip > ip36.ip-178-32-140.eu.59582: SIP: SIP/2.0 401 Unauthorized
01:37:25.306514 IP 176.15.165.80.43146 > 172-236-29-157.ip.linodeusercontent.com.sip: SIP
01:37:25.362904 IP 91.122.37.167.60224 > 172-236-29-157.ip.linodeusercontent.com.sip: SIP: INVITE sip:9000@developernote.com SIP/2.0
01:37:25.363129 IP 172-236-29-157.ip.linodeusercontent.com.sip > 91.122.37.167.60224: SIP: SIP/2.0 401 Unauthorized
01:37:25.443724 IP 91.122.37.167.60224 > 172-236-29-157.ip.linodeusercontent.com.sip: SIP: ACK sip:9000@developernote.com SIP/2.0
01:37:25.449459 IP 91.122.37.167.60224 > 172-236-29-157.ip.linodeusercontent.com.sip: SIP: INVITE sip:9000@developernote.com SIP/2.0
01:37:25.449742 IP 172-236-29-157.ip.linodeusercontent.com.sip > 91.122.37.167.60224: SIP: SIP/2.0 100 Trying
01:37:25.452498 IP 172-236-29-157.ip.linodeusercontent.com.sip > 91.122.37.167.60224: SIP: SIP/2.0 200 OK
01:37:25.954010 IP 172-236-29-157.ip.linodeusercontent.com.sip > 91.122.37.167.60224: SIP: SIP/2.0 200 OK
01:37:25.961185 IP ip36.ip-178-32-140.eu.62601 > 172-236-29-157.ip.linodeusercontent.com.sip: SIP: INVITE sip:011442037697428@172.236.29.157 SIP/2.0
01:37:25.961430 IP 172-236-29-157.ip.linodeusercontent.com.sip > ip36.ip-178-32-140.eu.62601: SIP: SIP/2.0 401 Unauthorized
01:37:25.997735 IP ip36.ip-178-32-140.eu.62601 > 172-236-29-157.ip.linodeusercontent.com.sip: SIP: ACK sip:2244@172.236.29.157 SIP/2.0
01:37:25.999908 IP ip36.ip-178-32-140.eu.62601 > 172-236-29-157.ip.linodeusercontent.com.sip: SIP: INVITE sip:011442037697428@172.236.29.157 SIP/2.0
01:37:26.000445 IP 172-236-29-157.ip.linodeusercontent.com.sip > ip36.ip-178-32-140.eu.62601: SIP: SIP/2.0 401 Unauthorized
Configuring RTP
I updated rtp.conf just in case:
;
; RTP Configuration
;
[general]
;
; RTP start and RTP end configure start and end addresses
;
; Defaults are rtpstart=5000 and rtpend=31000
;
rtpstart=10000
rtpend=10099
asterisk -rx "reload"
asterisk -rx "rtp show settings"
General Settings:
----------------
Port start: 10000
Port end: 10099
Checksums: Yes
DTMF Timeout: 1200
Strict RTP: Yes
Probation: 4 frames
Replay Protect: Yes
ICE support: Yes
STUN address: 0.0.0.0:0
tcpdump displays the following when I dial 9000 on my mobile client:
sudo tcpdump -i eth0 portrange 10000-10099
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
01:48:14.104748 IP 172-236-29-157.ip.linodeusercontent.com.10040 > 176.15.165.80.45582: UDP, length 172
01:48:14.126006 IP 172-236-29-157.ip.linodeusercontent.com.10040 > 176.15.165.80.45582: UDP, length 172
01:48:14.146005 IP 172-236-29-157.ip.linodeusercontent.com.10040 > 176.15.165.80.45582: UDP, length 172
01:48:14.166000 IP 172-236-29-157.ip.linodeusercontent.com.10040 > 176.15.165.80.45582: UDP, length 172
01:48:14.186022 IP 172-236-29-157.ip.linodeusercontent.com.10040 > 176.15.165.80.45582: UDP, length 172
01:48:14.206003 IP 172-236-29-157.ip.linodeusercontent.com.10040 > 176.15.165.80.45582: UDP, length 172
01:48:14.226006 IP 172-236-29-157.ip.linodeusercontent.com.10040 > 176.15.165.80.45582: UDP, length 172
01:48:14.245997 IP 172-236-29-157.ip.linodeusercontent.com.10040 > 176.15.165.80.45582: UDP, length 172
01:48:14.265995 IP 172-236-29-157.ip.linodeusercontent.com.10040 > 176.15.165.80.45582: UDP, length 172
...
but when I dial 1002 this command does not display anything.
I enabled RTP debugging:
asterisk -rx "rtp set debug on"
dialed 9000 and got the following in Asterisk logs:
-- Executing [9000@office-phones:1] Answer("PJSIP/neo-0000001c", "") in new stack
> 0x7ee538039640 -- Strict RTP learning after remote address set to: 176.15.165.80:31384
-- Executing [9000@office-phones:2] Playback("PJSIP/neo-0000001c", "hello-world") in new stack
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051027, ts 000160, len 000160)
-- <PJSIP/neo-0000001c> Playing 'hello-world.gsm' (language 'en')
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051028, ts 000320, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051029, ts 000480, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051030, ts 000640, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051031, ts 000800, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051032, ts 000960, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051033, ts 001120, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051034, ts 001280, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051035, ts 001440, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051036, ts 001600, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051037, ts 001760, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051038, ts 001920, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051039, ts 002080, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051040, ts 002240, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051041, ts 002400, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051042, ts 002560, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051043, ts 002720, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051044, ts 002880, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051045, ts 003040, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051046, ts 003200, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051047, ts 003360, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051048, ts 003520, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051049, ts 003680, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051050, ts 003840, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051051, ts 004000, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051052, ts 004160, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051053, ts 004320, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051054, ts 004480, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051055, ts 004640, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051056, ts 004800, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051057, ts 004960, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051058, ts 005120, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051059, ts 005280, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051060, ts 005440, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051061, ts 005600, len 000160)
Sent RTP packet to 176.15.165.80:31384 (type 00, seq 051062, ts 005760, len 000160)
-- Executing [9000@office-phones:3] Hangup("PJSIP/neo-0000001c", "") in new stack
== Spawn extension (office-phones, 9000, 3) exited non-zero on 'PJSIP/neo-0000001c'
When I dial 1002 from mobile client I do not see RTP packages at all, but I see this:
-- Executing [1002@office-phones:1] Dial("PJSIP/neo-00000002", "PJSIP/morpheus") in new stack
-- Called PJSIP/morpheus
> 0x72f63005e8c0 -- Strict RTP learning after remote address set to: 172.28.33.149:56933
-- PJSIP/morpheus-00000003 answered PJSIP/neo-00000002
> 0x72f63006f400 -- Strict RTP learning after remote address set to: 13.160.48.219:52149
-- Channel PJSIP/morpheus-00000003 joined 'simple_bridge' basic-bridge <64215ae5-8bd0-4d17-aeed-b68192aa110e>
-- Channel PJSIP/neo-00000002 joined 'simple_bridge' basic-bridge <64215ae5-8bd0-4d17-aeed-b68192aa110e>
> Bridge 64215ae5-8bd0-4d17-aeed-b68192aa110e: switching from simple_bridge technology to native_rtp
> Remotely bridged 'PJSIP/neo-00000002' and 'PJSIP/morpheus-00000003' - media will flow directly between them
> 0x72f63005e8c0 -- Strict RTP learning after remote address set to: 172.28.33.149:56933
what does this directly mean?
grep -ri directmedia .
./ooh323.conf:directmedia=no
./ooh323.conf:; disabled by default, auto enabled by directmedia is enabled
./ooh323.conf:; can be disabled escpecially if directmedia is enabled.
./res_ldap.conf:directmedia = AstAccountDirectMedia
grep -ri directrtpsetup .
./ooh323.conf:directrtpsetup=no
I added
direct_media=no
to the endpoints in pjsip.conf, but it did not help. RTP packets did not appear and the following was in the logs:
-- Executing [1002@office-phones:1] Dial("PJSIP/neo-00000002", "PJSIP/morpheus") in new stack
-- Called PJSIP/morpheus
-- PJSIP/morpheus-00000003 is ringing
> 0x7d20e008e930 -- Strict RTP learning after remote address set to: 172.28.33.149:56894
-- PJSIP/morpheus-00000003 answered PJSIP/neo-00000002
> 0x7d20e0056e40 -- Strict RTP learning after remote address set to: 13.160.48.219:43671
-- Channel PJSIP/morpheus-00000003 joined 'simple_bridge' basic-bridge <5caa0c9a-3357-45e0-812e-c092077cc7da>
-- Channel PJSIP/neo-00000002 joined 'simple_bridge' basic-bridge <5caa0c9a-3357-45e0-812e-c092077cc7da>
> Bridge 5caa0c9a-3357-45e0-812e-c092077cc7da: switching from simple_bridge technology to native_rtp
> Locally RTP bridged 'PJSIP/neo-00000002' and 'PJSIP/morpheus-00000003' in stack
Also messages like this appeared all the time:
[Feb 9 23:20:32] NOTICE[737]: res_pjsip/pjsip_distributor.c:688 log_failed_request: Request 'INVITE' from '<sip:113@172.236.29.157>' failed for '178.32.140.36:54872' (callid: 1818858173-1187936783-466784080) - Failed to authenticate
[Feb 9 23:20:34] NOTICE[737]: res_pjsip/pjsip_distributor.c:688 log_failed_request: Request 'INVITE' from '<sip:913@172.236.29.157>' failed for '178.32.140.36:56850' (callid: 595180195-900159011-1088705072) - No matching endpoint found
[Feb 9 23:20:34] NOTICE[737]: res_pjsip/pjsip_distributor.c:688 log_failed_request: Request 'INVITE' from '<sip:913@172.236.29.157>' failed for '178.32.140.36:56850' (callid: 595180195-900159011-1088705072) - No matching endpoint found
[Feb 9 23:20:34] NOTICE[737]: res_pjsip/pjsip_distributor.c:688 log_failed_request: Request 'INVITE' from '<sip:913@172.236.29.157>' failed for '178.32.140.36:56850' (callid: 595180195-900159011-1088705072) - Failed to authenticate
[Feb 9 23:20:36] NOTICE[737]: res_pjsip/pjsip_distributor.c:688 log_failed_request: Request 'INVITE' from '<sip:117@172.236.29.157>' failed for '178.32.140.36:59387' (callid: 1962195779-1541810150-662801434) - No matching endpoint found
[Feb 9 23:20:36] NOTICE[737]: res_pjsip/pjsip_distributor.c:688 log_failed_request: Request 'INVITE' from '<sip:117@172.236.29.157>' failed for '178.32.140.36:59387' (callid: 1962195779-1541810150-662801434) - No matching endpoint found
[Feb 9 23:20:36] NOTICE[737]: res_pjsip/pjsip_distributor.c:688 log_failed_request: Request 'INVITE' from '<sip:117@172.236.29.157>' failed for '178.32.140.36:59387' (callid: 1962195779-1541810150-662801434) - Failed to authenticate
[Feb 9 23:20:38] NOTICE[737]: res_pjsip/pjsip_distributor.c:688 log_failed_request: Request 'INVITE' from '<sip:8001@172.236.29.157>' failed for '178.32.140.36:62943' (callid: 709270887-1398862267-1833553314) - No matching endpoint found
[Feb 9 23:20:38] NOTICE[737]: res_pjsip/pjsip_distributor.c:688 log_failed_request: Request 'INVITE' from '<sip:8001@172.236.29.157>' failed for '178.32.140.36:62943' (callid: 709270887-1398862267-1833553314) - No matching endpoint found
What are they go from?
Other logs
asterisk -rx "pjsip set logger on"
<--- Transmitting SIP response (812 bytes) to UDP:176.15.165.80:53240 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP 176.15.165.80:53240;rport=53240;received=176.15.165.80;branch=z9hG4bK-524287-1---4465163afb40f1bf
Call-ID: ACyQIABrkfE34H8OsCYoLQ..
From: <sip:neo@developernote.com>;tag=13d9ed0a
To: <sip:1002@developernote.com>;tag=2549832f-8683-4a8a-b039-c166d351492f
CSeq: 2 INVITE
Server: Asterisk PBX 22.2.0
Contact: <sip:172.17.0.3:5060>
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, INFO, REFER
Supported: 100rel, timer, replaces, norefersub
Content-Type: application/sdp
Content-Length: 224
v=0
o=- 0 1225437005 IN IP4 172.17.0.3
s=Asterisk
c=IN IP4 172.17.0.3
t=0 0
m=audio 10064 RTP/AVP 0 101
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:140
a=sendrecv
<--- Transmitting SIP request (444 bytes) to UDP:176.15.165.80:48405 --->
BYE sip:neo@176.15.165.80:48405;transport=UDP SIP/2.0
Via: SIP/2.0/UDP 172.17.0.3:5060;rport;branch=z9hG4bKPj8ee83093-9412-457d-879e-a541dcb9af48
From: <sip:9000@developernote.com>;tag=0fd9f981-3694-4520-aaba-a371ce0af616
To: <sip:neo@developernote.com>;tag=9300f176
Call-ID: znaMefRqbJk2owxMcECFxg..
CSeq: 29586 BYE
Reason: SIP ;cause=408 ;text="Request Timeout"
Max-Forwards: 70
User-Agent: Asterisk PBX 22.2.0
Content-Length: 0
<--- Transmitting SIP request (443 bytes) to UDP:176.15.165.80:48405 --->
BYE sip:neo@176.15.165.80:48405;transport=UDP SIP/2.0
Via: SIP/2.0/UDP 172.17.0.3:5060;rport;branch=z9hG4bKPj73a6b1f4-e0f9-438d-87c0-4508ddc5551a
From: <sip:1002@developernote.com>;tag=be1ce7f9-4d68-4470-b05a-0520c344a6b2
To: <sip:neo@developernote.com>;tag=f6b78856
Call-ID: k1830FhxXn2C2WrYGh0W7w..
CSeq: 5706 BYE
Reason: SIP ;cause=408 ;text="Request Timeout"
Max-Forwards: 70
User-Agent: Asterisk PBX 22.2.0
Content-Length: 0
Further transports configuration
In docker-asterisk project the certificates generated with the following commands:
#
# TLS/SSL Certificates [openssl]
#
dc_tls_setup_selfsigned_cert() {
local cert=$1
local key=$2
if ([ ! -s $cert ] || [ ! -s $key ]); then
dc_log 5 "Setup self-signed TLS certificate for host $HOSTNAME"
openssl genrsa -out $key $TLS_KEYBITS
openssl req -x509 -utf8 -new -batch -subj "/CN=$HOSTNAME" \
-days $TLS_CERTDAYS -key $key -out $cert
fi
}
but I tried this:
cd /etc/asterisk/
openssl req -days 1825 -nodes -new -x509 -keyout priv_key.pem -out cert.pem \
-subj "/C=US/ST=Delaware/L=New Castle/O=RogaAndK/OU=K-department/CN=developernote.com"
updated pjsip.conf:
[t_wan](!)
type = transport
bind = 0.0.0.0:5060
domain = developernote.com
external_signaling_address = developernote.com
external_media_address = developernote.com
tos = cs3
cos = 3
[transport-udp](t_wan)
protocol = udp
[transport-tcp](t_wan)
protocol = tcp
[transport-tls](t_wan)
bind = 0.0.0.0:5061
cert_file = /etc/asterisk/ssl/cert.pem
priv_key_file = /etc/asterisk/ssl/priv_key.pem
protocol = tls
method=tlsv1_2
...
sh/cli.sh "pjsip show transports"
Transport: <TransportId........> <Type> <cos> <tos> <BindAddress....................>
==========================================================================================
Transport: transport-tcp tcp 3 96 0.0.0.0:5060
Transport: transport-tls tls 3 96 0.0.0.0:5061
Transport: transport-udp udp 3 96 0.0.0.0:5060
Objects found: 3
All the transports started to work, ZoiPer client worked over TLS, but Linphone client did not, because it does not support self-signed certificates.
Codecs
I enabled GSM codec in Linphone app:
but it did not help.
PortSIP UC app:
At the server side I updated clients in pjsip.conf as follows:
...
[t_client](!)
type=endpoint
context=office-phones
disallow=all
allow=ulaw
allow=gsm
direct_media=no
[t_client_aor](!)
type=aor
max_contacts=10
[t_client_auth](!)
type=auth
auth_type=userpass
[neo](t_client)
auth=neo-auth
aors=neo
[neo-auth](t_client_auth)
username=neo
password=123parol
[neo](t_client_aor)
[morpheus](t_client)
auth=morpheus-auth
aors=morpheus
[morpheus-auth](t_client_auth)
username=morpheus
password=parol321
[morpheus](t_client_aor)
And was able to hear hello world sound from 9000.
Also the sound appeared when I called 1002 and RTP packets appeared in the logs:
Got RTP packet from 91.122.37.167:60189 (type 00, seq 016527, ts 211117308, len 000160)
Sent RTP P2P packet to 176.15.165.80:10692 (type 00, len 000160)
Got RTP packet from 91.122.37.167:60189 (type 00, seq 016528, ts 211117468, len 000160)
Sent RTP P2P packet to 176.15.165.80:10692 (type 00, len 000160)
Got RTP packet from 176.15.165.80:10692 (type 00, seq 016468, ts 3254593886, len 000160)
Sent RTP P2P packet to 172.28.33.149:60109 (type 00, len 000160)
sudo tcpdump -i eth0 portrange 10000-10099
15:28:30.042257 IP 172-236-29-157.ip.linodeusercontent.com.10048 > 176.15.165.80.10692: UDP, length 172
15:28:30.047881 IP 176.15.165.80.10692 > 172-236-29-157.ip.linodeusercontent.com.10048: UDP, length 172
15:28:30.047970 IP 172-236-29-157.ip.linodeusercontent.com.10088 > 172.28.33.149.60109: UDP, length 172
15:28:30.062191 IP 91.122.37.167.60189 > 172-236-29-157.ip.linodeusercontent.com.10088: UDP, length 172
15:28:30.062250 IP 172-236-29-157.ip.linodeusercontent.com.10048 > 176.15.165.80.10692: UDP, length 172
15:28:30.068062 IP 176.15.165.80.10692 > 172-236-29-157.ip.linodeusercontent.com.10048: UDP, length 172
15:28:30.068116 IP 172-236-29-157.ip.linodeusercontent.com.10088 > 172.28.33.149.60109: UDP, length 172
15:28:30.087967 IP 176.15.165.80.10692 > 172-236-29-157.ip.linodeusercontent.com.10048: UDP, length 172
15:28:30.088039 IP 172-236-29-157.ip.linodeusercontent.com.10088 > 172.28.33.149.60109: UDP, length 172
When I called 1002 next time the sound disappeared again, but the logs were the same:
Asterisk logs:
sh/shlo.sh | grep RTP
Sent RTP P2P packet to 172.28.33.149:60425 (type 00, len 000160)
Got RTP packet from 91.122.37.167:60267 (type 00, seq 010054, ts 2357792163, len 000160)
Sent RTP P2P packet to 13.160.48.219:39067 (type 00, len 000160)
Got RTP packet from 176.15.165.80:50723 (type 00, seq 009994, ts 1139509081, len 000160)
Sent RTP P2P packet to 172.28.33.149:60425 (type 00, len 000160)
Got RTP packet from 176.15.165.80:50723 (type 00, seq 009995, ts 1139509241, len 000160)
Sent RTP P2P packet to 172.28.33.149:60425 (type 00, len 000160)
Got RTP packet from 176.15.165.80:50723 (type 00, seq 009996, ts 1139509401, len 000160)
Sent RTP P2P packet to 172.28.33.149:60425 (type 00, len 000160)
Got RTP packet from 91.122.37.167:60267 (type 00, seq 010055, ts 2357792323, len 000160)
Sent RTP P2P packet to 13.160.48.219:39067 (type 00, len 000160)
Got RTP packet from 91.122.37.167:60267 (type 00, seq 010056, ts 2357792483, len 000160)
Sent RTP P2P packet to 13.160.48.219:39067 (type 00, len 000160)
Got RTP packet from 91.122.37.167:60267 (type 00, seq 010057, ts 2357792643, len 000160)
Sent RTP P2P packet to 13.160.48.219:39067 (type 00, len 000160)
sudo tcpdump -i eth0 portrange 10000-10099
15:36:23.777351 IP 91.122.37.167.60267 > 172-236-29-157.ip.linodeusercontent.com.10010: UDP, length 172
15:36:23.777427 IP 172-236-29-157.ip.linodeusercontent.com.10092 > 13.160.48.219.39067: UDP, length 172
15:36:23.788151 IP 176.15.165.80.50723 > 172-236-29-157.ip.linodeusercontent.com.10092: UDP, length 172
15:36:23.788371 IP 172-236-29-157.ip.linodeusercontent.com.10010 > 172.28.33.149.60425: UDP, length 172
15:36:23.807882 IP 176.15.165.80.50723 > 172-236-29-157.ip.linodeusercontent.com.10092: UDP, length 172
15:36:23.808027 IP 172-236-29-157.ip.linodeusercontent.com.10010 > 172.28.33.149.60425: UDP, length 172
15:36:23.813570 IP 91.122.37.167.60267 > 172-236-29-157.ip.linodeusercontent.com.10010: UDP, length 172
15:36:23.813626 IP 172-236-29-157.ip.linodeusercontent.com.10092 > 13.160.48.219.39067: UDP, length 172
15:36:23.827790 IP 176.15.165.80.50723 > 172-236-29-157.ip.linodeusercontent.com.10092: UDP, length 172
I noticed that restarting Asterisk helps. After restarting Asterisk I am able to make two or three successful calls with the sound using Linphone client, but not ZoiPer or Port UC clients. And again all the subsequent calls were silent.
sh/shlo.sh | grep RTP
> res_srtp.so => (Secure RTP (SRTP))
> Registered RTP engine 'multicast'
> res_rtp_multicast.so => (Multicast RTP Engine)
> Registered RTP engine 'asterisk'
== RTP Allocating from port range 10000 -> 10099
> res_rtp_asterisk.so => (Asterisk RTP Stack)
> Registered RTP glue 'UnicastRTP'
> Registered channel type 'MulticastRTP' (Multicast RTP Paging Channel Driver)
> Registered channel type 'UnicastRTP' (Unicast RTP Media Channel Driver)
> chan_rtp.so => (RTP Media Channel)
> Registered RTP glue 'PJSIP'
> res_pjsip_sdp_rtp.so => (PJSIP SDP RTP/AVP stream handler)
> Registered RTP glue 'USTM'
> bridge_native_rtp.so => (Native RTP bridging module)
> 0x7fb48006e500 -- Strict RTP learning after remote address set to: 172.28.33.149:57815
> 0x7fb4800607e0 -- Strict RTP learning after remote address set to: 176.15.165.80:35964
> Locally RTP bridged 'PJSIP/neo-00000001' and 'PJSIP/morpheus-00000002' in stack
> 0x7fb48006e500 -- Strict RTP qualifying stream type: audio
> 0x7fb48006e500 -- Strict RTP switching source address to 91.122.37.167:60265
> 0x7fb4800607e0 -- Strict RTP switching to RTP target address 176.15.165.80:35964 as source
> 0x7fb48006e500 -- Strict RTP learning complete - Locking on source address 91.122.37.167:60265
> 0x7fb4800607e0 -- Strict RTP learning complete - Locking on source address 176.15.165.80:35964
> 0x7fb48008d420 -- Strict RTP learning after remote address set to: 172.28.33.149:57872
> 0x7fb48002f2b0 -- Strict RTP learning after remote address set to: 176.15.165.80:17296
> Locally RTP bridged 'PJSIP/neo-00000003' and 'PJSIP/morpheus-00000004' in stack
> 0x7fb48008d420 -- Strict RTP qualifying stream type: audio
> 0x7fb48008d420 -- Strict RTP switching source address to 91.122.37.167:60204
> 0x7fb48002f2b0 -- Strict RTP switching to RTP target address 176.15.165.80:17296 as source
> 0x7fb48008d420 -- Strict RTP learning complete - Locking on source address 91.122.37.167:60204
> 0x7fb48002f2b0 -- Strict RTP learning complete - Locking on source address 176.15.165.80:17296
> 0x5a767995a200 -- Strict RTP learning after remote address set to: 172.28.33.149:57885
> 0x7fb48002f2b0 -- Strict RTP learning after remote address set to: 13.160.48.219:59365
> Locally RTP bridged 'PJSIP/neo-00000005' and 'PJSIP/morpheus-00000006' in stack
> 0x5a767995a200 -- Strict RTP qualifying stream type: audio
> 0x5a767995a200 -- Strict RTP switching source address to 91.122.37.167:60217
> 0x7fb48002f2b0 -- Strict RTP qualifying stream type: audio
> 0x7fb48002f2b0 -- Strict RTP switching source address to 176.15.165.80:42808
> 0x7fb48002f2b0 -- Strict RTP learning complete - Locking on source address 176.15.165.80:42808
> 0x5a767995a200 -- Strict RTP learning complete - Locking on source address 91.122.37.167:60217
Solution
I added the following to endpoint template in pjsip.conf:
media_address = developernote.com
rtp_symmetric = yes
direct_media = no
rewrite_contact = yes
And was able to make voice calls from all mobile clients (ZoiPer/TLS, Linphone/UDP, PortSIP/UDP) to desktop clients (ZoiPer/TCP, Linphone/UDP), but outgoing calls from desktop Linphone client failed.
Clients
ZoiPer desktop client does not have TLS in its free version:
PortSip mobile client has extended login settings:
but it stopped working on my Phone when I tried to switch to TLS. It was unable to login.
How to configure an Asterisk dialplan for intra-office calling
https://www.redhat.com/en/blog/asterisk-dialplan
https://community.asterisk.org/t/installing-asterisk-on-a-device-without-a-soundcard/89167
No, Asterisk does not require a sound card to process calls. You’d need to show the actual SIP traffic and configuration to see what is going on. It’s likely configuration.
Direct Media and Direct RTP Setup in Asteisk
https://stackoverflow.com/a/35516620/2394762
;directmedia=yes ; Asterisk by default tries to redirect the
; RTP media stream to go directly from
; the caller to the callee.
[SOLVED] How to disable directmedia in all pjsip endpoints
https://community.freepbx.org/t/solved-how-to-disable-directmedia-in-all-pjsip-endpoints/58533/6
[106](+)
type=endpoint
direct_media=no
How can I perform a packet capture in Windows with built-in utility?
https://www.sonicwall.com/support/knowledge-base/how-can-i-perform-a-packet-capture-in-windows-with-built-in-utility/170905204545360
netsh trace start capture=yes IPv4.Address=X.X.X.X
https://www.sysfix.co.uk/blog/no-sound-on-external-sip-asterisk.html
Ensure that your firewall or network settings are not blocking the necessary ports for SIP traffic. SIP typically uses UDP and TCP ports 5060 and a range of UDP ports for media (e.g., 10,000-20,000). Verify that these ports are open.
Audio from hello world not playing?
https://community.asterisk.org/t/audio-from-hello-world-not-playing/80619
Your client is placing your public IP address into the signaling. Asterisk attempts to send media to it, but it doesn’t work. You can fix this by disabling STUN most likely within the client, or enabling NAT support on the peer/friend/user in sip.conf.
Asterisk 16 LTS & PJSIP; hello world works but no sound coming from endpoints
https://superuser.com/questions/1465895/asterisk-16-lts-pjsip-hello-world-works-but-no-sound-coming-from-endpoints
Make sure that the RTP ports are forwarded on both servers (Brasil and Germany). You may refer to the values set in rtp.conf. By default it is 10000 to 20000 UDP.
local_net=192.168.1.0/24
external_media_address=THE_IP_FOR_MY_SERVER
external_signaling_address=THE_IP_FOR_MY_SERVER
PJSIP – No Sound
https://community.asterisk.org/t/pjsip-no-sound/105057/4
[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0
cert_file=****
priv_key_file=****
local_net=192.168.0.0/16
external_media_address=****
external_signaling_address=****
How to generate self-signed SSL certificates
https://panoptic.com/wiki/aolserver/How_to_generate_self-signed_SSL_certificates
openssl x509 -req -days 30 -in request.pem -signkey key.pem -out certificate.pem
Linphone Android: TLS Handshake Error with Self Signed Certificate
https://stackoverflow.com/a/33119245/2394762
It is because self-signed cert can not recognized by those third-party CAs that official linphone app pre-configured.
linphone uses it’s own root CA store list where server-cert is going to be verified used by linphone when it received cert from your sip server.
If you don’t want to disable server cert verification (it’s good to avoid Man-in-the-middle attack), and since there is no CA that linphone pre-configured can verify your cert, you must create your own CA and add it into linphone’s CA list.
you can find the CA list in linphone android source: res/raw/rootca.pem just add your CA into it and recompiled.
https://docs.asterisk.org/Fundamentals/Asterisk-Configuration/Asterisk-Configuration-Files/Templates/Using-Templates/
[my-codecs](!) ; a template for my preferred codecs
disallow=all
allow=ilbc
allow=g729
allow=gsm
allow=g723
allow=ulaw
call established but no audio on both end asterisk using zoiper
https://community.asterisk.org/t/call-established-but-no-audio-on-both-end-asterisk-using-zoiper/82698
You need to ensure “localnet” is also set. If that doesn’t work you’ll need to provide network layout information and packet traces (sip set debug on).
https://docs.asterisk.org/Configuration/Channel-Drivers/SIP/Configuring-res_pjsip/Configuring-res_pjsip-to-work-through-NAT/#clients-supporting-icestunturn
direct_media
Determines whether media may flow directly between endpoints.
local_net
This is the IP network that we want to consider our local network. For communication to addresses within this range, we won’t apply any NAT-related settings, such as the external* options below.
https://docs.docker.com/build/building/variables/
# Declare the build argument in the global scope
ARG NAME=”joe”
FROM alpine
# Consume the build argument in the build stage
ARG NAME
RUN echo $NAME
No, Asterisk itself does not encrypt RTP by default; to secure media transmission, you need to enable a feature called SRTP (Secure Real-time Transport Protocol) within Asterisk, which essentially adds encryption to the standard RTP protocol used for media streaming.
SIP encryption (TLS):
While RTP can be encrypted with SRTP, Asterisk can also encrypt the signaling protocol (SIP) using TLS for additional security.
Secure Asterisk connection with media encryption (SRTP)
https://www.youtube.com/watch?app=desktop&v=uvVqX-R_1rU
ZoiPer manual configuration on iPhone
https://www.youtube.com/watch?v=h8a2QVArGuk
https://www.youtube.com/watch?v=G1ov-JSrsPA
Asterisk behind OpenVPN
https://community.asterisk.org/t/asterisk-behind-openvpn/69085
In a simple case you will have OpenVPN server on the same LAN or even on the same host with Asterisk.
In the 1st case you will need to establish proper IP routing between the two: Asterisk will need to know how to reach [VPN assigned] client IPs and vice versa.
Softphone will need to have all the NAT traversal techniques switched off.
How to connect/disconnect OpenVPN from CLI in Ubuntu 18
https://askubuntu.com/questions/1114956/how-to-connect-disconnect-openvpn-from-cli-in-ubuntu-18
The VPN client is just an executable, like any other, so you stop it like any other. I use this for work every day and I open my connection with sudo openvpn –config client1.ovpn and then close it with Ctrl+C. You don’t need anything else.
Allow Docker containers to connect to OpenVPN clients on the host tunnel interface
https://serverfault.com/questions/802458/allow-docker-containers-to-connect-to-openvpn-clients-on-the-host-tunnel-interfa