So my build is:
Digital Ocean -> CoreOs -> Docker -> Asterisk 16 -> flowroute (sip provider) -> pjsip -> grandstream 1620 endpoints
docker run --name asterisk -d -p 10000-20000/udp -net=host jklopez/asterisk
sip is at 10000 and rtpstart= 10001 rtpstop=20000
My assumption is that if I make -net=host that it would bypass NAT issues on the asterisk side of things. (maybe wrong, haven’t tested anything other than this yet)
That being said, I’m hoping that the set up should be like, Public facing asterisk box and NAT’d endpoints.
As I’m testing to get this working sometimes I’m able to get incoming calls after I reload asterisk, pjsip, dialplan, however, I’m always able to call outbound with two way audio now.
The issue is that when I call inbound I get stuck at 100 trying, with no 180 ringing, however, If i dial out first (which i always can, and get two way audio) and then try to call back inbound, it does ring, and now I have two way audio…but, like i said thats only for a short duration
My guess (which… im completely new to asterisk, so feel free to laugh as hard as you wish) is that, since the phone is behind NAT its supposed to keep the SIP session alive by sending out packets ever so often.
Also, SIP ALG is verified disabled for the endpoint at home, but I’m not sure for the endpoint at the office as I don’t control it due to rented office space.
But anyway, enough with my foolishness, here is what I’ve got:
pjsip.conf
;–
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
Non mapped elements start
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[general]
srvlookup= yes
[flowroute-trunk]
insecure= port,invite
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
Non mapped elements end
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
–;
[global]
type= global
debug= yes
[transport-udp]
type= transport
protocol= udp
bind= 0.0.0.0:10000 ;sip port configured on 10000 to reduce attacks
local_net=192.168.1.0/24 ;for phone network at home (not sure if thats how this is is supposed to work)
tocal_net=192.168.0.0/24 ;for phone network at office (not sure if thats how this is is supposed to work)
local_net=127.0.0.1/32 ;saw this on a example config and said why not…
external_media_address= (bleep) ;digital ocean vm pbx public ip
external_signaling_address= (bleep) ;digital ocean vm pbx public ip
[flowroute]
type= registration
outbound_auth= flowroute-auth
server_uri= sip:us-east-nj.sip.flowroute.com:5060
client_uri= sip:(bleep)@us-east-nj.sip.flowroute.com:10000
retry_interval= 60
line=yes
endpoint=flowroute-endpoint
[flowroute-auth]
type = auth
auth_type=userpass
password= (bleep)
username= (bleep)
[flowroute-endpoint]
type= endpoint
context= default
transport=transport-udp
allow= ulaw
outbound_auth=flowroute-auth
from_domain= us-east-nj.sip.flowroute.com
force_rport=yes
direct_media= no
ice_support=yes
rtp_symmetric=yes
rewrite_contact= yes
aors= flowroute-aor
[flowroute-aor]
type = aor
contact= sip:us-east-nj.sip.flowroute.com
[flowroute-identify]
type= identify
endpoint= flowroute-endpoint
match= us-east-nj.sip.flowroute.com
;allow flowroute ip’s for failover
[acl]
type= acl
permit= 147.75.60.160/255.255.255.240
permit= 34.210.91.112/255.255.255.240
permit= 34.226.36.32/255.255.255.240
permit= 147.75.65.192/255.255.255.240
;phone at office - (grandstream 1620)
[1000]
type = endpoint
transport=transport-udp
callerid=(bleep)
context= outgoing
dtmf_mode= rfc4733
rtp_keepalive=180
force_rport=yes
ice_support=yes
direct_media=no
media_address=(bleep)
rtp_symmetric=yes
rewrite_contact= yes
disallow= all
allow= ulaw
auth=1000
aors= 1000
[1000]
type = aor
max_contacts= 2
[1000]
type = auth
auth_type=userpass
username= 1000
password= (bleep)
;phone at home (grandstream 1620)
[1001]
type = endpoint
transport=transport-udp
callerid=(bleep)
context= outgoing
dtmf_mode= rfc4733
rtp_keepalive=180
force_rport=yes
ice_support=yes
direct_media=no
media_address=(bleep)
rtp_symmetric=yes
rewrite_contact= yes
disallow= all
allow= ulaw
auth=1001
aors=1001
[1001]
type = aor
max_contacts= 2
[1001]
type = auth
auth_type=userpass
username= 1001
password= (bleep)
extensions.conf
[globals]
AREACODE=XXX ;Enter local 3-digit area code here
TECHPREFIX=XXXXXXXX ;Populate only if IP-based authentication is desired
[default]
exten => 11111111111,1,Dial(PJSIP/1000, 20)
[outgoing]
exten => _1NXXNXXXXXX,1,Dial(PJSIP/{TECHPREFIX}*{EXTEN}@flowroute)
exten => _NXXNXXXXXX,1,Dial(PJSIP/{TECHPREFIX}*1{EXTEN}@flowroute)
exten => _NXXXXXX,1,Dial(PJSIP/{TECHPREFIX}*1{AREACODE}{EXTEN}@flowroute)
exten => _011.,1,Dial(PJSIP/{TECHPREFIX}*{EXTEN:3}@flowroute)
exten => _1XXX,1,Dial(PJSIP/{EXTEN}) ;uhhh… i was hoping I would be able to dial between my two extensions even though there on two separate networks like this, but this doesn’t work either
Please help… been trying almost a week, I’m glad i’ve learned a bit more from documentation and examples, but I need help.
Yours truly,
a sad sad man