Asterisk server audio issue for some networks

Hi,

Thanks for your reply. I’m sharing the detailed environment information as requested so the issue can be reproduced and analyzed properly.

System Information

• Operating System: Ubuntu 24.04

• Asterisk Version: Asterisk 20.17.0

• Installation Method: Compiled from source

• Hosting Environment: AWS EC2 instance inside a VPC

Network Setup

• The Asterisk server is inside a VPC, so effectively it is behind NAT.

• The server is accessed through an Application Load Balancer (ALB) for WSS signaling.

• RTP media is expected to reach Asterisk directly (UDP).

• No on-prem routers, only AWS networking.

• Security group is open for SIP/WSS and RTP ranges.

Endpoints

• The calling endpoint is a web browser (WebRTC).

• The callee can be any SIP endpoint or device.

Transport Configuration

Running pjsip show transports returns:

Transport:  transport-tls   tls   0  0   0.0.0.0:5061
Transport:  transport-wss   wss   0  0   0.0.0.0:8089

Attaching some configuration files

ALB Public ip 3.7.67.101

Instance Public ip 13.204.248.46

rtp.conf

[general]
rtpstart=49152
rtpend=65535
externip=13.204.248.46
icesupport=yes
icesupportforce=yes
icesupportturnauto=yes
stunaddr=stun.l.google.com:19302
jbenable=yes
jbforce=yes
jbmaxsize=200
jbresyncthreshold=1000
external_media_address=13.204.248.46
external_signaling_address=3.7.67.101
localnet=10.0.0.0/8     ; Covers your 10.x.x.x internal IPs
localnet=172.17.0.0/12  ; Covers your 172.17.x.x Docker/internal IPs
;localnet=10.0.4.46/32
; Enable RTCP mux (combined RTP + RTCP)
rtcp_mux=yes
rtp_debug=yes

pjsip.conf

[webrtc]
stun_server=stun:stun.l.google.com:19302
turn_server=turn:13.204.248.46:3478?transport=udp
turn_username=zeal
turn_password=zeal123
[transport-tls]
type=transport
protocol=tls
method=tlsv1_2
bind=0.0.0.0:5061
verify_server=no
external_signaling_address=3.7.67.101
external_media_address=13.204.248.46
local_net=10.0.4.46/32
local_net=10.0.0.0/8
local_net=172.17.0.0/12
[transport-wss]
type=transport
protocol=wss
bind=0.0.0.0:8089
external_media_address=13.204.248.46
external_signaling_address=3.7.67.101
method=tlsv1_2
allow_reload=yes
;local_net=10.0.4.46/32
local_net=10.0.0.0/8
local_net=172.17.0.0/12

[webrtc-client]
type=endpoint
transport=transport-wss
context=internal
disallow=all
allow=g722
allow=opus
allow=ulaw
allow=alaw
aors=webrtc-client
auth=webrtc-client
webrtc=yes
ice_support=yes
use_avpf=yes
dtls_auto_generate_cert=yes
media_encryption=dtls
rtcp_mux=yes
force_rport=yes
rewrite_contact=yes
rtp_symmetric=yes
force_avp=no
direct_media=no
inband_progress=yes
rtp_keepalive=15

[webrtc-client]
type=aor
max_contacts=50
remove_existing=yes

[webrtc-client]
type=auth
auth_type=userpass
username=zeal
password=zeal123

extension.conf

[outgoing]

exten => _X.,1,NoOp(Outbound — PROVIDER header REQUIRED)

    ; --- Read provider header ---
    same => n,Set(PROVIDER=${TOLOWER(${PJSIP_HEADER(read,PROVIDER)})})

    ; Reject call if provider header missing
    same => n,GotoIf($["${PROVIDER}" = ""]?reject,1)

    ; --- Only add + in front, no stripping ---
    same => n,Set(DIALNUM=+${EXTEN})

    ; --- Routing based on provider ---
    same => n,GotoIf($["${PROVIDER}"="ringover"]?ringover,1)
    same => n,GotoIf($["${PROVIDER}"="acefone"]?acefone,1)
    same => n,GotoIf($["${PROVIDER}"="didlogic"]?didlogic,1)

    ; Unknown provider -> reject
    same => n,Goto(reject,1)

;==========================================
; RINGOVER ROUTE
;==========================================
exten => ringover,1,NoOp(PROVIDER=ringover)
    same => n,Set(CALL_NAME=${PJSIP_HEADER(read,X-Call-Name)})
    same => n,ExecIf($["${CALL_NAME}"=""]?Set(CALL_NAME=${CALLERID(num)}))
    same => n,Set(CALLFILENAME=${STRFTIME(${EPOCH},,%Y%m%d-%H%M%S)}-${CALL_NAME}-${DIALNUM})
    same => n,Set(RECDIR=/var/spool/asterisk/monitor)
    same => n,ExecIf(!${STAT(e,${RECDIR})}?System(mkdir -p ${RECDIR} && chown asterisk:asterisk ${RECDIR}))
    same => n,MixMonitor(${RECDIR}/${CALLFILENAME}.wav,,/usr/local/bin/ast_postrec.sh ${RECDIR}/${CALLFILENAME}.wav)
    same => n,Dial(PJSIP/${DIALNUM}@ringover-outbound,60)
    same => n,StopMixMonitor()
    same => n,Hangup()

;==========================================
; ACEFONE ROUTE
;==========================================
exten => acefone,1,NoOp(PROVIDER=acefone)
    same => n,Set(CALL_NAME=${PJSIP_HEADER(read,X-Call-Name)})
    same => n,ExecIf($["${CALL_NAME}"=""]?Set(CALL_NAME=${CALLERID(num)}))
    same => n,Set(CALLFILENAME=${STRFTIME(${EPOCH},,%Y%m%d-%H%M%S)}-${CALL_NAME}-${DIALNUM})
    same => n,Set(RECDIR=/var/spool/asterisk/monitor)
    same => n,ExecIf(!${STAT(e,${RECDIR})}?System(mkdir -p ${RECDIR} && chown asterisk:asterisk ${RECDIR}))
    same => n,MixMonitor(${RECDIR}/${CALLFILENAME}.wav,,/usr/local/bin/ast_postrec.sh ${RECDIR}/${CALLFILENAME}.wav)
    same => n,Dial(PJSIP/${DIALNUM}@acefone-outbound,60)
    same => n,StopMixMonitor()
    same => n,Hangup()

;==========================================
; DIDLOGIC ROUTE
;==========================================
exten => didlogic,1,NoOp(PROVIDER=didlogic)
    same => n,Set(CALL_NAME=${PJSIP_HEADER(read,X-Call-Name)})
    same => n,ExecIf($["${CALL_NAME}"=""]?Set(CALL_NAME=${CALLERID(num)}))
    same => n,Set(CALLFILENAME=${STRFTIME(${EPOCH},,%Y%m%d-%H%M%S)}-${CALL_NAME}-${DIALNUM})
    same => n,Set(RECDIR=/var/spool/asterisk/monitor)
    same => n,ExecIf(!${STAT(e,${RECDIR})}?System(mkdir -p ${RECDIR} && chown asterisk:asterisk ${RECDIR}))
    same => n,MixMonitor(${RECDIR}/${CALLFILENAME}.wav,,/usr/local/bin/ast_postrec.sh ${RECDIR}/${CALLFILENAME}.wav)
    same => n,Dial(PJSIP/${DIALNUM}@didlogic-outbound,60)
    same => n,StopMixMonitor()
    same => n,Hangup()

;==========================================
; REJECT CALL
;==========================================
exten => reject,1,NoOp(Rejecting call — missing or invalid PROVIDER header)
    same => n,Hangup(403)

[internal]
; Route any dialed digits (PSTN) to outgoing context (so WebRTC can call external numbers)
exten => _X.,1,Progress()                          ; Early media for WebRTC
same => n,NoOp(Internal -> Outgoing for ${EXTEN})
same => n,Goto(outgoing,${EXTEN},1)                ; Delegate to correct Dial syntax

sip.conf

[general]
context=default
allowoverlap=no
bindport=5060
bindaddr=0.0.0.0
srvlookup=yes
canreinvite=no
directrtpsetup=yes
rtcachefriends=yes
rtupdate=yes

turnserver.conf

listening-port=3478
tls-listening-port=5349

# Authentication
fingerprint
lt-cred-mech
user=zeal:zeal123
realm=test.apis.platform.zealconnect.com

# Certificates (Let’s Encrypt)
cert=/etc/letsencrypt/live/test.apis.platform.zealconnect.com/fullchain.pem
pkey=/etc/letsencrypt/live/test.apis.platform.zealconnect.com/privkey.pem

# Network config
listening-ip=13.204.248.46
external-ip=13.204.248.46

# Security
no-loopback-peers
no-multicast-peers

# WebRTC optimizations
no-tcp-relay
# Enable detailed logs for debugging
#log-file=/var/log/coturn.log
verbose

SIP INVITE For successfull call with audio

INVITE sip:919503617645@test.apis.platform.zealconnect.com SIP/2.0
Via: SIP/2.0/WSS e898us5cub1c.invalid;branch=z9hG4bK5757376
To: <sip:919503617645@test.apis.platform.zealconnect.com>
From: <sip:webrtc-client@test.apis.platform.zealconnect.com>;tag=o635je1s0v
CSeq: 2 INVITE
Call-ID: cm3f223vu33ki6tkacm5
Max-Forwards: 70
Authorization: Digest algorithm=MD5, username="zeal", realm="asterisk", nonce="1764393874/488a3265effb7c8a24c23669631c569a", uri="sip:919503617645@test.apis.platform.zealconnect.com", response="e833ff2fa9ab3da86a990f010758038c", opaque="0bd4d9e21fef08c3", qop=auth, cnonce="121o9neia7h8", nc=00000001
X-Call-Name: call_1764393872191_bookingId_B5MCHQ%232121982_userName_Yogesh
Provider: didlogic
Contact: <sip:klpvkatr@e898us5cub1c.invalid;transport=ws;ob>
Allow: ACK,CANCEL,INVITE,MESSAGE,BYE,OPTIONS,INFO,NOTIFY,REFER
Supported: outbound
User-Agent: SIP.js/0.21.1
Content-Type: application/sdp
Content-Length: 1684

v=0
o=- 68966385922436228 2 IN IP4 127.0.0.1
s=-
t=0 0
a=group:BUNDLE 0
a=extmap-allow-mixed
a=msid-semantic: WMS d41b11c0-d491-4254-8595-c037c7422be2
m=audio 57852 UDP/TLS/RTP/SAVPF 111 63 9 0 8 13 110 126
c=IN IP4 103.122.147.87
a=rtcp:9 IN IP4 0.0.0.0
a=candidate:1509968982 1 udp 2122260223 192.168.0.112 57852 typ host generation 0 network-id 1 network-cost 10
a=candidate:4115311976 1 udp 1686052607 103.122.147.87 57852 typ srflx raddr 192.168.0.112 rport 57852 generation 0 network-id 1 network-cost 10
a=candidate:617590478 1 tcp 1518280447 192.168.0.112 9 typ host tcptype active generation 0 network-id 1 network-cost 10
a=ice-ufrag:5mLf
a=ice-pwd:zkkauaW8Hq8i5487zbVcHt+H
a=ice-options:trickle
a=fingerprint:sha-256 EC:FD:2B:DF:A9:24:2D:EC:5C:18:F9:EE:A2:3D:1E:95:50:91:F0:9F:CA:C8:E0:30:94:BC:A6:DC:FC:84:9D:EB
a=setup:actpass
a=mid:0
a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level
a=extmap:2 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
a=extmap:3 http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
a=extmap:4 urn:ietf:params:rtp-hdrext:sdes:mid
a=sendrecv
a=msid:d41b11c0-d491-4254-8595-c037c7422be2 c54eaaeb-6f30-4416-b107-25baea3c0487
a=rtcp-mux
a=rtcp-rsize
a=rtpmap:111 opus/48000/2
a=rtcp-fb:111 transport-cc
a=fmtp:111 minptime=10;useinbandfec=1
a=rtpmap:63 red/48000/2
a=fmtp:63 111/111
a=rtpmap:9 G722/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:13 CN/8000
a=rtpmap:110 telephone-event/48000
a=rtpmap:126 telephone-event/8000
a=ssrc:3991767025 cname:hFcBBqZceGklgC/j
a=ssrc:3991767025 msid:d41b11c0-d491-4254-8595-c037c7422be2 c54eaaeb-6f30-4416-b107-25baea3c0487

Sat Nov 29 2025

SIP Invite for No Audio

INVITE sip:919503617645@test.apis.platform.zealconnect.com SIP/2.0
Via: SIP/2.0/WSS 1n6k34b9igl1.invalid;branch=z9hG4bK6914971
To: <sip:919503617645@test.apis.platform.zealconnect.com>
From: <sip:webrtc-client@test.apis.platform.zealconnect.com>;tag=mndbekm5du
CSeq: 2 INVITE
Call-ID: 8oml5eul58l7991rad9t
Max-Forwards: 70
Authorization: Digest algorithm=MD5, username="zeal", realm="asterisk", nonce="1764394025/c5d0cd3dfb1be8ec09f92eb952d98ee2", uri="sip:919503617645@test.apis.platform.zealconnect.com", response="fc29584fdb07c3bb7decd27a1838d3b9", opaque="0968de920aac0106", qop=auth, cnonce="k8lnuh4nlocb", nc=00000001
X-Call-Name: call_1764394022220_bookingId_B5MCHQ%232121982_userName_Yogesh
Provider: didlogic
Contact: <sip:nkhk0d58@1n6k34b9igl1.invalid;transport=ws;ob>
Allow: ACK,CANCEL,INVITE,MESSAGE,BYE,OPTIONS,INFO,NOTIFY,REFER
Supported: outbound
User-Agent: SIP.js/0.21.1
Content-Type: application/sdp
Content-Length: 1686

v=0
o=- 808260024115289567 2 IN IP4 127.0.0.1
s=-
t=0 0
a=group:BUNDLE 0
a=extmap-allow-mixed
a=msid-semantic: WMS 55889580-68e5-442c-8787-ddb5c860f121
m=audio 60953 UDP/TLS/RTP/SAVPF 111 63 9 0 8 13 110 126
c=IN IP4 106.220.87.69
a=rtcp:9 IN IP4 0.0.0.0
a=candidate:2199416557 1 udp 2122260223 10.224.133.187 57140 typ host generation 0 network-id 1 network-cost 10
a=candidate:365955124 1 udp 1686052607 106.220.87.69 60953 typ srflx raddr 10.224.133.187 rport 57140 generation 0 network-id 1 network-cost 10
a=candidate:2108865145 1 tcp 1518280447 10.224.133.187 9 typ host tcptype active generation 0 network-id 1 network-cost 10
a=ice-ufrag:9Oz8
a=ice-pwd:v8D4nqd9dU7IC5rcsej5yjBZ
a=ice-options:trickle
a=fingerprint:sha-256 04:99:18:E9:F0:DE:DE:79:CA:DC:D0:15:2F:4C:21:73:EF:05:E6:71:5A:E9:AA:5F:4D:0E:45:FE:F2:53:BB:C2
a=setup:actpass
a=mid:0
a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level
a=extmap:2 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
a=extmap:3 http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
a=extmap:4 urn:ietf:params:rtp-hdrext:sdes:mid
a=sendrecv
a=msid:55889580-68e5-442c-8787-ddb5c860f121 5db86613-ad4a-42da-92bb-80421748b9cc
a=rtcp-mux
a=rtcp-rsize
a=rtpmap:111 opus/48000/2
a=rtcp-fb:111 transport-cc
a=fmtp:111 minptime=10;useinbandfec=1
a=rtpmap:63 red/48000/2
a=fmtp:63 111/111
a=rtpmap:9 G722/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:13 CN/8000
a=rtpmap:110 telephone-event/48000
a=rtpmap:126 telephone-event/8000
a=ssrc:3622835805 cname:ZHKszSql5SV2c0Sx
a=ssrc:3622835805 msid:55889580-68e5-442c-8787-ddb5c860f121 5db86613-ad4a-42da-92bb-80421748b9cc

audio.txt (77.1 KB)

no audio.txt (77.2 KB)