Working on a system that runs great, handles calls fine, until an endpoint that has issues with it’s time connects. After an endpoint connects that has a system time that is before the actual time of the Asterisk system we start getting decrypt errors and calls drop randomly. It may be 15 seconds, may be 40 seconds, may be two minutes, sometimes the call may not be affected.
Asterisk does not sit behind a NAT, the endpoints do. Anyone with pointers on TLS / SRTP calls for endpoints that reside behind a NAT / Firewall. Ports that are open on the firewall are TCP 5061 and UDP 10000-20000 outbound to Asterisk, and UDP 1025-65535 inbound from Asterisk.
Asterisk has a two public and two private IP addresses that are on a bonded interface. Routes are in place, SIP messaging and RTP traversal is fine.
You’d need to provide actual information for anyone to have any insight as to what is going on. Console logs, SIP traffic, etc. From a purely TLS perspective time does matter because a certificate has a start and end date/time. If the device is outside of that then things can go awry as validation can fail, unless it’s disabled.