I have a working asterisk installation on a local machine, and am considering moving it in the cloud, specifically AWS EC2. I have an instance running asterisk with a static public IP address, but asterisk is not receiving calls from my VoIP provider. I believe that this is a result of my AWS security group blocking traffic. I currently have these for rules:
Custom TCP Ports 5060 - 5065 Any IP
Custom UDP Ports 10000 - 20000 Any IP
Plus a few others like SSH (22) and HTTP (80).
Am I missing anything necessary for asterisk specifically? Once I get a call to my dial plan I can take it from there. Thank you in advance!
If your provider uses udp 5060 for signalling then you should also open it.
BTW did you check if you have properly configured externip (for chan_sip) or external_signaling_address (for chan_pjsip)?
Thank you for the quick reply! I am currently using chan_sip and have extnernip and localnet set in [general] of sip.conf. Is there a way to test that this is done correctly?
I have updated the security rules to include UDP 5060 as you suggest but I am still not seeing calls coming through.
I did a tcpdump as you suggested (a tool I was unaware of until now! very useful, thanks for the tip).
I was unable to successfully copy the file to my local machine from the remote server in order to use wireshark to analyze but did take a look at the raw file in vi on the server, it looks like I am getting traffic into the server when I place a call, however I am getting an unauthorized error, and it looks as though its my SIP provider that is throwing the error.
Here is the entry that caught my attention (scrubbed of any personal info):
Thank you for the advice. I did as you asked, and received an error message even before I made the call which confirmed our suspicions. There is an issue with my registration to my SIP provider.
[Feb 17 12:28:07] NOTICE[1069]: chan_sip.c:15913 sip_reg_timeout: – Registration for MY SIP LOGIN@MY SIP HOSTNAME timed out, trying again (Attempt #7)
[Feb 17 12:28:07] NOTICE[1069]: chan_sip.c:24467 handle_response_register: Failed to authenticate on REGISTER to MY SIP LOGIN@MY SIP HOSTNAME (Tries 1)
The registration in SIP.conf was copied directly from my local machine that I confirmed is still working if I redirect my sip endpoint IP back to that machine. I will work on this more later today and send any more details I find, thank you again for helping to confirm and debug this issue!