Asterisk on AWS ec2 Security Group Settings

Good morning!

I have a working asterisk installation on a local machine, and am considering moving it in the cloud, specifically AWS EC2. I have an instance running asterisk with a static public IP address, but asterisk is not receiving calls from my VoIP provider. I believe that this is a result of my AWS security group blocking traffic. I currently have these for rules:

Custom TCP Ports 5060 - 5065 Any IP
Custom UDP Ports 10000 - 20000 Any IP

Plus a few others like SSH (22) and HTTP (80).

Am I missing anything necessary for asterisk specifically? Once I get a call to my dial plan I can take it from there. Thank you in advance!

If your provider uses udp 5060 for signalling then you should also open it.
BTW did you check if you have properly configured externip (for chan_sip) or external_signaling_address (for chan_pjsip)?

Thank you for the quick reply! I am currently using chan_sip and have extnernip and localnet set in [general] of sip.conf. Is there a way to test that this is done correctly?

I have updated the security rules to include UDP 5060 as you suggest but I am still not seeing calls coming through.

Thanks again for the help!

Have you configured your provider properly? Share your configuration(obfuscate Password)
Do you see any SIP requests from your provider in tcpdump?

I did a tcpdump as you suggested (a tool I was unaware of until now! very useful, thanks for the tip).

I was unable to successfully copy the file to my local machine from the remote server in order to use wireshark to analyze but did take a look at the raw file in vi on the server, it looks like I am getting traffic into the server when I place a call, however I am getting an unauthorized error, and it looks as though its my SIP provider that is throwing the error.

Here is the entry that caught my attention (scrubbed of any personal info):

SIP/2.0 *** Unauthorized
Via: SIP/2.0/UDP SIP_Provider_IP:5060;branch=&& ;received=SIP_Provider_IP
Via: SIP/2.0/UDP SIP_Provider_IP:5060;received=SIP_Provider_IP;branch=&&;rport=5060
From: “Unavailable” <sip:INCOMING PTSN NUMBER@SIP_Provider_IP>;tag=&&&&
To: <sip:MY VoIP PHONE NUMBER for asterisk@AWS Static IP>;tag=$$$$
Call-ID: *
CSeq: 102 INVITE
Server: Asterisk PBX certified/13.21-cert6
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce=“5006798e”
Content-Length: 0

Is this enough information to determine if this is my configuration settings in asterisk or with my SIP provider?

Thanks again for the help!

Can you do following on asterisk console?

*CLI> core set verbose 5
*CLI> core set debug 5
*CLI> sip show registry
*CLI> sip show peer YOUR_PEER_NAME_HERE
*CLI> sip set debug on

Now make a call and send the output

Good morning,

Thank you for the advice. I did as you asked, and received an error message even before I made the call which confirmed our suspicions. There is an issue with my registration to my SIP provider.

[Feb 17 12:28:07] NOTICE[1069]: chan_sip.c:15913 sip_reg_timeout: – Registration for MY SIP LOGIN@MY SIP HOSTNAME timed out, trying again (Attempt #7)

[Feb 17 12:28:07] NOTICE[1069]: chan_sip.c:24467 handle_response_register: Failed to authenticate on REGISTER to MY SIP LOGIN@MY SIP HOSTNAME (Tries 1)

The registration in SIP.conf was copied directly from my local machine that I confirmed is still working if I redirect my sip endpoint IP back to that machine. I will work on this more later today and send any more details I find, thank you again for helping to confirm and debug this issue!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.