Endpoint not matching when VPN is on

Hi! I’m very new to asterisk, but I managed to setup PJSIP endpoints which I can use from my phone devices using Linphone within LAN.

The endpoint doesn’t work though when the VPN for my phone is on ( I’m guessing because the phone IP changes ).

These are the messages I get in the logs:

[Nov 17 07:58:52] NOTICE[3958] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"500" <sip:500@server.iowetea.com>' failed for '127.0.0.1:55213' (callid: LwcOVkAAeq) - No matching endpoint found
[Nov 17 07:58:52] NOTICE[3958] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"500" <sip:500@server.iowetea.com>' failed for '127.0.0.1:55213' (callid: LwcOVkAAeq) - No matching endpoint found
[Nov 17 07:58:53] NOTICE[3958] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"500" <sip:500@server.iowetea.com>' failed for '127.0.0.1:55213' (callid: LwcOVkAAeq) - No matching endpoint found
[Nov 17 07:58:55] NOTICE[3958] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"500" <sip:500@server.iowetea.com>' failed for '127.0.0.1:55213' (callid: LwcOVkAAeq) - No matching endpoint found
[Nov 17 07:58:59] NOTICE[3958] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"500" <sip:500@server.iowetea.com>' failed for '127.0.0.1:55213' (callid: LwcOVkAAeq) - No matching endpoint found

The VPN is a Wireguard configured on the same server, which the phone is using to access my LAN from outside.

This is the tcpdump when trying to access with VPN on:
server.iowetea.com is DNS rewrite to my local server’s IP

root@asterisk:~# tcpdump -i lo -n -s0 -v udp port 5060
tcpdump: listening on lo, link-type EN10MB (Ethernet), snapshot length 262144 bytes
07:58:52.162830 IP (tos 0x0, ttl 64, id 7797, offset 0, flags [DF], proto UDP (17), length 656)
    127.0.0.1.55213 > 127.0.0.1.5060: SIP, length: 628
        REGISTER sip:server.iowetea.com SIP/2.0
        Via: SIP/2.0/UDP 10.0.2.3:36089;branch=z9hG4bK.2Qp9GyUcv;rport
        From: "500" <sip:500@server.iowetea.com>;tag=-hlkuds1k
        To: "500" <sip:500@server.iowetea.com>
        CSeq: 20 REGISTER
        Call-ID: LwcOVkAAeq
        Max-Forwards: 70
        Supported: replaces, outbound, gruu
        Accept: application/sdp
        Accept: text/plain
        Accept: application/vnd.gsma.rcs-ft-http+xml
        Contact: "500" <sip:500@10.0.2.3:36089;transport=udp>;+sip.instance="<urn:uuid:82fa069e-e78c-00cb-a223-467f98d8404e>";+org.linphone.specs="lime"
        Expires: 3600
        User-Agent: Linphone/4.5.6 (Daniel's S21) LinphoneSDK/5.0.49 (tags/5.0.49^0)

07:58:52.163513 IP (tos 0x60, ttl 64, id 7798, offset 0, flags [DF], proto UDP (17), length 514)
    127.0.0.1.5060 > 127.0.0.1.55213: SIP, length: 486
        SIP/2.0 401 Unauthorized
        Via: SIP/2.0/UDP 10.0.2.3:36089;rport=55213;received=127.0.0.1;branch=z9hG4bK.2Qp9GyUcv
        Call-ID: LwcOVkAAeq
        From: "500" <sip:500@server.iowetea.com>;tag=-hlkuds1k
        To: "500" <sip:500@server.iowetea.com>;tag=z9hG4bK.2Qp9GyUcv
        CSeq: 20 REGISTER
        WWW-Authenticate: Digest realm="asterisk",nonce="1637132332/78d76c07d08c6139fc3959a8d2bb5c6b",opaque="670a996a2230448f",algorithm=md5,qop="auth"
        Server: Asterisk PBX 16.16.1~dfsg-1+deb11u1
        Content-Length:  0

07:58:52.828573 IP (tos 0x0, ttl 64, id 7844, offset 0, flags [DF], proto UDP (17), length 656)
    127.0.0.1.55213 > 127.0.0.1.5060: SIP, length: 628
        REGISTER sip:server.iowetea.com SIP/2.0
        Via: SIP/2.0/UDP 10.0.2.3:36089;branch=z9hG4bK.2Qp9GyUcv;rport
        From: "500" <sip:500@server.iowetea.com>;tag=-hlkuds1k
        To: "500" <sip:500@server.iowetea.com>
        CSeq: 20 REGISTER
        Call-ID: LwcOVkAAeq
        Max-Forwards: 70
        Supported: replaces, outbound, gruu
        Accept: application/sdp
        Accept: text/plain
        Accept: application/vnd.gsma.rcs-ft-http+xml
        Contact: "500" <sip:500@10.0.2.3:36089;transport=udp>;+sip.instance="<urn:uuid:82fa069e-e78c-00cb-a223-467f98d8404e>";+org.linphone.specs="lime"
        Expires: 3600
        User-Agent: Linphone/4.5.6 (Daniel's S21) LinphoneSDK/5.0.49 (tags/5.0.49^0)

07:58:52.829405 IP (tos 0x60, ttl 64, id 7845, offset 0, flags [DF], proto UDP (17), length 514)
    127.0.0.1.5060 > 127.0.0.1.55213: SIP, length: 486
        SIP/2.0 401 Unauthorized
        Via: SIP/2.0/UDP 10.0.2.3:36089;rport=55213;received=127.0.0.1;branch=z9hG4bK.2Qp9GyUcv
        Call-ID: LwcOVkAAeq
        From: "500" <sip:500@server.iowetea.com>;tag=-hlkuds1k
        To: "500" <sip:500@server.iowetea.com>;tag=z9hG4bK.2Qp9GyUcv
        CSeq: 20 REGISTER
        WWW-Authenticate: Digest realm="asterisk",nonce="1637132332/78d76c07d08c6139fc3959a8d2bb5c6b",opaque="4b6e3bb56f83ef76",algorithm=md5,qop="auth"
        Server: Asterisk PBX 16.16.1~dfsg-1+deb11u1
        Content-Length:  0

07:58:53.672768 IP (tos 0x0, ttl 64, id 7913, offset 0, flags [DF], proto UDP (17), length 656)
    127.0.0.1.55213 > 127.0.0.1.5060: SIP, length: 628
        REGISTER sip:server.iowetea.com SIP/2.0
        Via: SIP/2.0/UDP 10.0.2.3:36089;branch=z9hG4bK.2Qp9GyUcv;rport
        From: "500" <sip:500@server.iowetea.com>;tag=-hlkuds1k
        To: "500" <sip:500@server.iowetea.com>
        CSeq: 20 REGISTER
        Call-ID: LwcOVkAAeq
        Max-Forwards: 70
        Supported: replaces, outbound, gruu
        Accept: application/sdp
        Accept: text/plain
        Accept: application/vnd.gsma.rcs-ft-http+xml
        Contact: "500" <sip:500@10.0.2.3:36089;transport=udp>;+sip.instance="<urn:uuid:82fa069e-e78c-00cb-a223-467f98d8404e>";+org.linphone.specs="lime"
        Expires: 3600
        User-Agent: Linphone/4.5.6 (Daniel's S21) LinphoneSDK/5.0.49 (tags/5.0.49^0)

07:58:53.673516 IP (tos 0x60, ttl 64, id 7914, offset 0, flags [DF], proto UDP (17), length 514)
    127.0.0.1.5060 > 127.0.0.1.55213: SIP, length: 486
        SIP/2.0 401 Unauthorized
        Via: SIP/2.0/UDP 10.0.2.3:36089;rport=55213;received=127.0.0.1;branch=z9hG4bK.2Qp9GyUcv
        Call-ID: LwcOVkAAeq
        From: "500" <sip:500@server.iowetea.com>;tag=-hlkuds1k
        To: "500" <sip:500@server.iowetea.com>;tag=z9hG4bK.2Qp9GyUcv
        CSeq: 20 REGISTER
        WWW-Authenticate: Digest realm="asterisk",nonce="1637132333/fdba60893ee4b942960b09908ad2bd37",opaque="70561beb6f96d52b",algorithm=md5,qop="auth"
        Server: Asterisk PBX 16.16.1~dfsg-1+deb11u1
        Content-Length:  0

07:58:55.671674 IP (tos 0x0, ttl 64, id 7978, offset 0, flags [DF], proto UDP (17), length 656)
    127.0.0.1.55213 > 127.0.0.1.5060: SIP, length: 628
        REGISTER sip:server.iowetea.com SIP/2.0
        Via: SIP/2.0/UDP 10.0.2.3:36089;branch=z9hG4bK.2Qp9GyUcv;rport
        From: "500" <sip:500@server.iowetea.com>;tag=-hlkuds1k
        To: "500" <sip:500@server.iowetea.com>
        CSeq: 20 REGISTER
        Call-ID: LwcOVkAAeq
        Max-Forwards: 70
        Supported: replaces, outbound, gruu
        Accept: application/sdp
        Accept: text/plain
        Accept: application/vnd.gsma.rcs-ft-http+xml
        Contact: "500" <sip:500@10.0.2.3:36089;transport=udp>;+sip.instance="<urn:uuid:82fa069e-e78c-00cb-a223-467f98d8404e>";+org.linphone.specs="lime"
        Expires: 3600
        User-Agent: Linphone/4.5.6 (Daniel's S21) LinphoneSDK/5.0.49 (tags/5.0.49^0)

07:58:55.672475 IP (tos 0x60, ttl 64, id 7979, offset 0, flags [DF], proto UDP (17), length 514)
    127.0.0.1.5060 > 127.0.0.1.55213: SIP, length: 486
        SIP/2.0 401 Unauthorized
        Via: SIP/2.0/UDP 10.0.2.3:36089;rport=55213;received=127.0.0.1;branch=z9hG4bK.2Qp9GyUcv
        Call-ID: LwcOVkAAeq
        From: "500" <sip:500@server.iowetea.com>;tag=-hlkuds1k
        To: "500" <sip:500@server.iowetea.com>;tag=z9hG4bK.2Qp9GyUcv
        CSeq: 20 REGISTER
        WWW-Authenticate: Digest realm="asterisk",nonce="1637132335/54c99ad5d94404d6d58310e4bcd448a2",opaque="0244b25a000d1af0",algorithm=md5,qop="auth"
        Server: Asterisk PBX 16.16.1~dfsg-1+deb11u1
        Content-Length:  0

07:58:58.218721 IP (tos 0x60, ttl 64, id 8201, offset 0, flags [DF], proto UDP (17), length 445)
    127.0.0.1.5060 > 127.0.0.1.48934: SIP, length: 417
        OPTIONS sip:500@127.0.0.1:48934 SIP/2.0
        Via: SIP/2.0/UDP 127.0.0.1:5060;rport;branch=z9hG4bKPjdcd56ecb-dbb8-408d-9100-d957c5d73172
        From: <sip:500@10.0.1.8>;tag=824f4116-be0d-4d91-9e71-60c2e39c70b7
        To: <sip:500@127.0.0.1>
        Contact: <sip:500@127.0.0.1:5060>
        Call-ID: 8981c207-ea10-4eea-9675-acb1b9ffcbc0
        CSeq: 30638 OPTIONS
        Max-Forwards: 70
        User-Agent: Asterisk PBX 16.16.1~dfsg-1+deb11u1
        Content-Length:  0

07:58:58.719186 IP (tos 0x60, ttl 64, id 8250, offset 0, flags [DF], proto UDP (17), length 445)
    127.0.0.1.5060 > 127.0.0.1.48934: SIP, length: 417
        OPTIONS sip:500@127.0.0.1:48934 SIP/2.0
        Via: SIP/2.0/UDP 127.0.0.1:5060;rport;branch=z9hG4bKPjdcd56ecb-dbb8-408d-9100-d957c5d73172
        From: <sip:500@10.0.1.8>;tag=824f4116-be0d-4d91-9e71-60c2e39c70b7
        To: <sip:500@127.0.0.1>
        Contact: <sip:500@127.0.0.1:5060>
        Call-ID: 8981c207-ea10-4eea-9675-acb1b9ffcbc0
        CSeq: 30638 OPTIONS
        Max-Forwards: 70
        User-Agent: Asterisk PBX 16.16.1~dfsg-1+deb11u1
        Content-Length:  0

07:58:59.677420 IP (tos 0x0, ttl 64, id 8336, offset 0, flags [DF], proto UDP (17), length 656)
    127.0.0.1.55213 > 127.0.0.1.5060: SIP, length: 628
        REGISTER sip:server.iowetea.com SIP/2.0
        Via: SIP/2.0/UDP 10.0.2.3:36089;branch=z9hG4bK.2Qp9GyUcv;rport
        From: "500" <sip:500@server.iowetea.com>;tag=-hlkuds1k
        To: "500" <sip:500@server.iowetea.com>
        CSeq: 20 REGISTER
        Call-ID: LwcOVkAAeq
        Max-Forwards: 70
        Supported: replaces, outbound, gruu
        Accept: application/sdp
        Accept: text/plain
        Accept: application/vnd.gsma.rcs-ft-http+xml
        Contact: "500" <sip:500@10.0.2.3:36089;transport=udp>;+sip.instance="<urn:uuid:82fa069e-e78c-00cb-a223-467f98d8404e>";+org.linphone.specs="lime"
        Expires: 3600
        User-Agent: Linphone/4.5.6 (Daniel's S21) LinphoneSDK/5.0.49 (tags/5.0.49^0)

07:58:59.678331 IP (tos 0x60, ttl 64, id 8337, offset 0, flags [DF], proto UDP (17), length 514)
    127.0.0.1.5060 > 127.0.0.1.55213: SIP, length: 486
        SIP/2.0 401 Unauthorized
        Via: SIP/2.0/UDP 10.0.2.3:36089;rport=55213;received=127.0.0.1;branch=z9hG4bK.2Qp9GyUcv
        Call-ID: LwcOVkAAeq
        From: "500" <sip:500@server.iowetea.com>;tag=-hlkuds1k
        To: "500" <sip:500@server.iowetea.com>;tag=z9hG4bK.2Qp9GyUcv
        CSeq: 20 REGISTER
        WWW-Authenticate: Digest realm="asterisk",nonce="1637132339/1e53f3b9eaa75462cd8290dc89235d5f",opaque="62dc28935abcb474",algorithm=md5,qop="auth"
        Server: Asterisk PBX 16.16.1~dfsg-1+deb11u1
        Content-Length:  0

07:58:59.719437 IP (tos 0x60, ttl 64, id 8338, offset 0, flags [DF], proto UDP (17), length 445)
    127.0.0.1.5060 > 127.0.0.1.48934: SIP, length: 417
        OPTIONS sip:500@127.0.0.1:48934 SIP/2.0
        Via: SIP/2.0/UDP 127.0.0.1:5060;rport;branch=z9hG4bKPjdcd56ecb-dbb8-408d-9100-d957c5d73172
        From: <sip:500@10.0.1.8>;tag=824f4116-be0d-4d91-9e71-60c2e39c70b7
        To: <sip:500@127.0.0.1>
        Contact: <sip:500@127.0.0.1:5060>
        Call-ID: 8981c207-ea10-4eea-9675-acb1b9ffcbc0
        CSeq: 30638 OPTIONS
        Max-Forwards: 70
        User-Agent: Asterisk PBX 16.16.1~dfsg-1+deb11u1
        Content-Length:  0

This is the tcpdump when trying to access without VPN ( and works )

root@asterisk:~# tcpdump -i lo -n -s0 -v udp port 5060
tcpdump: listening on lo, link-type EN10MB (Ethernet), snapshot length 262144 bytes
07:59:38.325886 IP (tos 0x0, ttl 64, id 10513, offset 0, flags [DF], proto UDP (17), length 656)
    127.0.0.1.60232 > 127.0.0.1.5060: SIP, length: 628
        REGISTER sip:server.iowetea.com SIP/2.0
        Via: SIP/2.0/UDP 10.0.0.6:41187;branch=z9hG4bK.RHt1QQbAD;rport
        From: "500" <sip:500@server.iowetea.com>;tag=3quov9v3e
        To: "500" <sip:500@server.iowetea.com>
        CSeq: 20 REGISTER
        Call-ID: 9vWySVw6cS
        Max-Forwards: 70
        Supported: replaces, outbound, gruu
        Accept: application/sdp
        Accept: text/plain
        Accept: application/vnd.gsma.rcs-ft-http+xml
        Contact: "500" <sip:500@10.0.0.6:41187;transport=udp>;+sip.instance="<urn:uuid:82fa069e-e78c-00cb-a223-467f98d8404e>";+org.linphone.specs="lime"
        Expires: 3600
        User-Agent: Linphone/4.5.6 (Daniel's S21) LinphoneSDK/5.0.49 (tags/5.0.49^0)

07:59:38.326765 IP (tos 0x60, ttl 64, id 10514, offset 0, flags [DF], proto UDP (17), length 514)
    127.0.0.1.5060 > 127.0.0.1.60232: SIP, length: 486
        SIP/2.0 401 Unauthorized
        Via: SIP/2.0/UDP 10.0.0.6:41187;rport=60232;received=127.0.0.1;branch=z9hG4bK.RHt1QQbAD
        Call-ID: 9vWySVw6cS
        From: "500" <sip:500@server.iowetea.com>;tag=3quov9v3e
        To: "500" <sip:500@server.iowetea.com>;tag=z9hG4bK.RHt1QQbAD
        CSeq: 20 REGISTER
        WWW-Authenticate: Digest realm="asterisk",nonce="1637132378/dd6c619fbae3e8d433b611decbf77844",opaque="5edb748156ebc67a",algorithm=md5,qop="auth"
        Server: Asterisk PBX 16.16.1~dfsg-1+deb11u1
        Content-Length:  0

07:59:38.347079 IP (tos 0x0, ttl 64, id 10515, offset 0, flags [DF], proto UDP (17), length 935)
    127.0.0.1.60232 > 127.0.0.1.5060: SIP, length: 907
        REGISTER sip:server.iowetea.com SIP/2.0
        Via: SIP/2.0/UDP 10.0.0.6:41187;branch=z9hG4bK.c5sT78t3d;rport
        From: "500" <sip:500@server.iowetea.com>;tag=3quov9v3e
        To: "500" <sip:500@server.iowetea.com>
        CSeq: 21 REGISTER
        Call-ID: 9vWySVw6cS
        Max-Forwards: 70
        Supported: replaces, outbound, gruu
        Accept: application/sdp
        Accept: text/plain
        Accept: application/vnd.gsma.rcs-ft-http+xml
        Contact: "500" <sip:500@127.0.0.1:60232;transport=udp>;+sip.instance="<urn:uuid:82fa069e-e78c-00cb-a223-467f98d8404e>";+org.linphone.specs="lime"
        Expires: 3600
        User-Agent: Linphone/4.5.6 (Daniel's S21) LinphoneSDK/5.0.49 (tags/5.0.49^0)
        Authorization:  Digest realm="asterisk", nonce="1637132378/dd6c619fbae3e8d433b611decbf77844", algorithm=md5, opaque="5edb748156ebc67a", username="500",  uri="sip:server.iowetea.com", response="4072ad78182c65a5a48684e9c5ed6ba7", cnonce="xGgbuA6QYua-W544", nc=00000001, qop=auth

07:59:38.348861 IP (tos 0x60, ttl 64, id 10516, offset 0, flags [DF], proto UDP (17), length 459)
    127.0.0.1.5060 > 127.0.0.1.60232: SIP, length: 431
        SIP/2.0 200 OK
        Via: SIP/2.0/UDP 10.0.0.6:41187;rport=60232;received=127.0.0.1;branch=z9hG4bK.c5sT78t3d
        Call-ID: 9vWySVw6cS
        From: "500" <sip:500@server.iowetea.com>;tag=3quov9v3e
        To: "500" <sip:500@server.iowetea.com>;tag=z9hG4bK.c5sT78t3d
        CSeq: 21 REGISTER
        Date: Wed, 17 Nov 2021 06:59:38 GMT
        Contact: <sip:500@127.0.0.1:60232>;expires=3599
        Expires: 3600
        Server: Asterisk PBX 16.16.1~dfsg-1+deb11u1
        Content-Length:  0

07:59:38.350089 IP (tos 0x60, ttl 64, id 10517, offset 0, flags [DF], proto UDP (17), length 445)
    127.0.0.1.5060 > 127.0.0.1.48934: SIP, length: 417
        OPTIONS sip:500@127.0.0.1:48934 SIP/2.0
        Via: SIP/2.0/UDP 127.0.0.1:5060;rport;branch=z9hG4bKPj5ae8ec5b-f4db-4f81-b73a-f9bd02ef92bf
        From: <sip:500@10.0.1.8>;tag=bcd2a9b3-a600-481c-9264-4f976b2e240e
        To: <sip:500@127.0.0.1>
        Contact: <sip:500@127.0.0.1:5060>
        Call-ID: 5de46ba0-675a-4cc1-bb69-8d6e78e44bf3
        CSeq: 56705 OPTIONS
        Max-Forwards: 70
        User-Agent: Asterisk PBX 16.16.1~dfsg-1+deb11u1
        Content-Length:  0

07:59:38.350456 IP (tos 0x60, ttl 64, id 10518, offset 0, flags [DF], proto UDP (17), length 445)
    127.0.0.1.5060 > 127.0.0.1.60232: SIP, length: 417
        OPTIONS sip:500@127.0.0.1:60232 SIP/2.0
        Via: SIP/2.0/UDP 127.0.0.1:5060;rport;branch=z9hG4bKPjb6e61006-4e04-4b13-813d-308ae2128dbe
        From: <sip:500@10.0.1.8>;tag=c64e27cc-ded9-48f5-a3a1-4bb0c088df5a
        To: <sip:500@127.0.0.1>
        Contact: <sip:500@127.0.0.1:5060>
        Call-ID: f5149bb4-74c8-432e-8188-d4e6ace29916
        CSeq: 53063 OPTIONS
        Max-Forwards: 70
        User-Agent: Asterisk PBX 16.16.1~dfsg-1+deb11u1
        Content-Length:  0

07:59:38.394940 IP (tos 0x0, ttl 64, id 10521, offset 0, flags [DF], proto UDP (17), length 326)
    127.0.0.1.60232 > 127.0.0.1.5060: SIP, length: 298
        SIP/2.0 200 Ok
        Via: SIP/2.0/UDP 127.0.0.1:5060;received=10.0.0.4;rport;branch=z9hG4bKPjb6e61006-4e04-4b13-813d-308ae2128dbe
        From: <sip:500@10.0.1.8>;tag=c64e27cc-ded9-48f5-a3a1-4bb0c088df5a
        To: <sip:500@127.0.0.1>;tag=rLXOu
        Call-ID: f5149bb4-74c8-432e-8188-d4e6ace29916
        CSeq: 53063 OPTIONS

07:59:38.850087 IP (tos 0x60, ttl 64, id 10548, offset 0, flags [DF], proto UDP (17), length 445)
    127.0.0.1.5060 > 127.0.0.1.48934: SIP, length: 417
        OPTIONS sip:500@127.0.0.1:48934 SIP/2.0
        Via: SIP/2.0/UDP 127.0.0.1:5060;rport;branch=z9hG4bKPj5ae8ec5b-f4db-4f81-b73a-f9bd02ef92bf
        From: <sip:500@10.0.1.8>;tag=bcd2a9b3-a600-481c-9264-4f976b2e240e
        To: <sip:500@127.0.0.1>
        Contact: <sip:500@127.0.0.1:5060>
        Call-ID: 5de46ba0-675a-4cc1-bb69-8d6e78e44bf3
        CSeq: 56705 OPTIONS
        Max-Forwards: 70
        User-Agent: Asterisk PBX 16.16.1~dfsg-1+deb11u1
        Content-Length:  0

07:59:39.850085 IP (tos 0x60, ttl 64, id 10549, offset 0, flags [DF], proto UDP (17), length 445)
    127.0.0.1.5060 > 127.0.0.1.48934: SIP, length: 417
        OPTIONS sip:500@127.0.0.1:48934 SIP/2.0
        Via: SIP/2.0/UDP 127.0.0.1:5060;rport;branch=z9hG4bKPj5ae8ec5b-f4db-4f81-b73a-f9bd02ef92bf
        From: <sip:500@10.0.1.8>;tag=bcd2a9b3-a600-481c-9264-4f976b2e240e
        To: <sip:500@127.0.0.1>
        Contact: <sip:500@127.0.0.1:5060>
        Call-ID: 5de46ba0-675a-4cc1-bb69-8d6e78e44bf3
        CSeq: 56705 OPTIONS
        Max-Forwards: 70
        User-Agent: Asterisk PBX 16.16.1~dfsg-1+deb11u1
        Content-Length:  0

07:59:41.849748 IP (tos 0x60, ttl 64, id 10552, offset 0, flags [DF], proto UDP (17), length 445)
    127.0.0.1.5060 > 127.0.0.1.48934: SIP, length: 417
        OPTIONS sip:500@127.0.0.1:48934 SIP/2.0
        Via: SIP/2.0/UDP 127.0.0.1:5060;rport;branch=z9hG4bKPj5ae8ec5b-f4db-4f81-b73a-f9bd02ef92bf
        From: <sip:500@10.0.1.8>;tag=bcd2a9b3-a600-481c-9264-4f976b2e240e
        To: <sip:500@127.0.0.1>
        Contact: <sip:500@127.0.0.1:5060>
        Call-ID: 5de46ba0-675a-4cc1-bb69-8d6e78e44bf3
        CSeq: 56705 OPTIONS
        Max-Forwards: 70
        User-Agent: Asterisk PBX 16.16.1~dfsg-1+deb11u1
        Content-Length:  0

I have tried configuring the endpoint with identified_by=auth_username ( rather than IP ) but I still cannot register from my phone with VPN on. I have noticed that when connecting through VPN the Authorization in the header is always missing. What can I do about this?

This is my pjsip.conf

[global]
type=global
taskprocessor_overload_trigger=pjsip_only

[transport-udp]
type=transport
protocol=udp
bind=0.0.0.0:5060
tos=cs3
cos=3

[endpoint-basic](!)
type=endpoint
tos_audio=ef
tos_video=af41
cos_audio=5
cos_video=4
allow=ulaw,alaw,gsm,g726,g722
context=iowetea
trust_id_inbound=yes
rtp_timeout=30
rtp_timeout_hold=300
send_pai=yes
rtp_symmetric=yes
rewrite_contact=yes
language=en
one_touch_recording=on
record_on_feature=apprecord
record_off_feature=apprecord
identify_by=auth_username
transport=transport-udp

[auth-basic](!)
type=auth
auth_type=userpass

[aor-basic](!)
type=aor
max_contacts= 1
remove_existing=yes
qualify_frequency=60

[500](endpoint-basic)
callerid="Phone" <500>
auth=500
aors=500

[500](auth-basic)
username=500
password=1234

[500](aor-basic)

The SIP response is not making it to the endpoint, so it is retransmitting the REGISTER attempt. Your problem is networking related outside of Asterisk.

Hi jcolp!

Thank you for your reply! Excuse my ignorance as I’m still learning and understanding my way through.

This is exactly what I was thinking… but from the tcpdump it shows that the requests are coming through.

One difference that I see in the request between on VPN and not, is the Contact in the header. one is using an IP within VPN subnet and the other within my LAN subnet. Could this be a factor where asterisk is not matching the request of VPN due to different IP?

Asterisk is getting requests. That’s fine. Asterisk then sends a response to challenge for authentication. That response is never making it to the endpoint. The response doesn’t use the Contact header, it is sent to the source IP address and port of the request. The endpoint retransmits the request over and over. Until that is fixed then looking at Asterisk is not useful. Even if you disabled authentication, for example, the call would ultimately fail because other responses (such as answer) would not get through.

You can tell it’s a retransmission by looking at the “CSeq” field of the SIP request. It’s a sequence number and it increments for each request. If it’s the same for each request, then it’s a retransmission and the other side never got the response.

1 Like

Thanks again, with that explanation I understood where the problem is. I didn’t want to complicate things in my question, but the reason of the issue is that on my machine, I have services installed in separate containers ( using LXC ). Devices on VPN can be pinged from the VPN container but not from Asterisk’s.

I just need to figure out how to direct the response from Asterisk container to the VPN’s while allowing non VPN devices too…

I tried to solve this by installing asterisk in the same container as the VPN - where I can also ping successfully the device IP when on VPN ( 10.0.2.0 VPN subnet and the LAN’s 10.0.0.0 subnet )… among other things. I’m not sure what else I can try, I’m not understanding this problem properly. For one… I don’t understand how the device manages to request to the asterisk server, but then asterisk does not reach the endpoint.

Would really appreciate any guidance.

A summary of my scenario;

  • My local network subnet is ( 10.0.0.0 ). On my server ( IP: 10.0.0.4 ) I have a DNS service running on the host, which my home router makes use of, thus all my local network goes through this server.
  • In a container ( IP: 10.0.1.10 ) on this server I have a WireGuard VPN service. With this service I can connect to my LAN from outside, the VPN uses subnet 10.0.2.0.
  • In another container ( IP: 10.0.1.8 ) on the same server I have Asterisk installed. My device connect using domain 10.0.0.4 ( the server’s IP )
  • The containers are using bridge network and port forwarding is done accordingly.

I don’t really have any guidance or insight on such network layout or environment.