Hello
FreePBX 17.x with Asterisk 22.8 on RPI4B.
Cannot understand why ACKs (from OpenSIP) in response to 200 OK (INVITE) frames aren’t recognized by Asterisk.
TCP dump on Asterisk ethernet interfacce show that frames, Asterisk debug log not.
Asterisk continue to send 200 OK until hangup.
Which details can I post here, to have a suggestion/hint about ?
pcap capture must be anonimyzed ?
Already verified frame headers, looks like all fields are matching between 200 OK and ACK.
I’m in doubt about not appearing in Asterisk logs.
Are there special settings to provide to Asterisk to have more detailed info in logs ?
Thanks,
Rob
These are different sides of the Asterisk firewall, so the initial suspicion is that that is blocking them.
Otherwise, check that the port number hasn’t been modified.
Hi
Some ACK comes from OpenSIP (to the BYE, for example).
How to investigate if Asterisk firewall is doing something wrong on incoming packets ?
Server has only one interface and on loopback interface there are no packets.
Porta are correct, as said some ACK are accepted.
There’s an accepted format to upload traces ?
I guess that standard Asterisk logging would be ok, but tcpdump traces ?
BYE never produces an ACK!
ACK goes in the same direction as the request, but to the address in the Contact header of the request.
You’re right. Just to describe better than words, I’ll upload an image
This is captured from Asterisk eth interface
This is captured from firewall WAN interface
The INVITE captured from the router isn’t going to the expected port on Asterisk, and the OK from Asterisk isn’t coming from the correct port. I’d assume a broken SIP ALG, although I don’t understand how the downstream capture is showing the correct port.
Sorry for error: in external capture, word “ASTERISK” must be read as “FIREWALL”.
Being a NATed device, Asterisk server cannot be visible, directly from firewall external interface, where capture was done.
No ALG in place. OPNsense was installed without ALG plugin.
You need to change the router configuration so that it doesn’t change the port number, 5060, when forwarding from the Asterisk machine. Asterisk includes the port number in the Contact header, and won’t know that the router mangled it.
If there is a conflict for 5060, you can change that. Preferably that is done in Asterisk, but you can also add an explicit NAT rule, but in the latter case, you must configure the external port number in Asterisk.
I don’t understand how the router learned the translated number for the incoming request.
