Hello everybody,
I use Asterisk on VPS Amazon EC2 with public address: 52.68.6.174 and private address: 172.31.24.255
I want to connect peer with TLS, I use private IP of EC2, this is my sip.conf:
[general]
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1
tlsdontverifyserver=yes
register => tls://100:123@172.31.24.255:5061
register => tls://101:123@172.31.24.255:5061
...
[100]
type=peer
secret=123
host=dynamic
context=default
dtmfmode=rfc2833
qualify=yes
disallow=all
allow=g722
port=5061
nat=force_rport,comedia
encryption=yes
transport=tls
[101]
type=peer
secret=123
host=dynamic
context=default
dtmfmode=rfc2833
qualify=yes
disallow=all
allow=g722
port=5061
nat=force_rport,comedia
encryption=yes
transport=tls,tcp,udp
It’s OK. I use sip show registry on CLI:
Host dnsmgr Username Refresh State Reg.Time
172.31.24.255:5061 N 101 105 Registered Fri, 12 Jun 2015 12:48:09
172.31.24.255:5061 N 100 105 Registered Fri, 12 Jun 2015 12:48:09
2 SIP registrations.
But when I change to public IP, I change:
register => tls://100:123@172.31.24.255:5061
register => tls://101:123@172.31.24.255:5061
to
...
register => tls://100:123@52.68.6.174:5061
register => udp://101:123@52.68.6.174:5060
...
Only udp transport of 101 peer with port 5060 register success with server:
Host dnsmgr Username Refresh State Reg.Time
52.68.6.174:5060 N 101 105 Registered Fri, 12 Jun 2015 12:52:58
52.68.6.174:5061 N 100 120 Request Sent
and CLI show timeout error for 100 peer:
Registration for '100@52.68.6.174' timed out, trying again (Attempt #2)
What solutions for me?
Thanks everyone.