Internal SSL Error

I was building a WebRTC project with Asterisk-18 and use SIP and i have my sip provider.
when i connect to asterisk server which is just staging server and only have ip and didn’t point any domain.And i use the self signed certificate script from asterisk contrib scripts wheni connect to
172.230.xxx.xxx:5066

i got

[Jul 25 08:47:22] ERROR[2441840]: iostream.c:663 ast_iostream_start_tls: Problem setting up ssl connection: error:00000001:lib(0)::reason(1), Internal SSL error
[Jul 25 08:47:22] ERROR[2441840]: tcptls.c:179 handle_tcptls_connection: Unable to set up ssl connection with peer '172.250.xxx.xxx:40804'
[Jul 25 08:47:22] ERROR[2441840]: iostream.c:563 ast_iostream_close: SSL_shutdown() failed: error:00000001:lib(0)::reason(1), Internal SSL error

i follow the tutorial from SIPjs Asterisk Setup

i’m new to asterisk and i really wanna know why this happened.

here is my configurations files

[general]
udpbindaddr=0.0.0.0
tcpenable=no
tcpbindaddr=0.0.0.0
tlsenabled=yes
tlsbindaddr=0.0.0.0:5066
transport=udp

[user]
host=192.168.xxx.xx
type=friend
qualify=yes
canreinvite=no
allow=ulaw
allow=alaw
allow=gsm
dtmfmode=rfc2833
nat=force_rport,comedia
context=outbound
username=012xxxxxxx
secret=*****
encryption=yes ; Tell Asterisk to use encryption for this peer
avpf=yes ; Tell Asterisk to use AVPF for this peer
icesupport=yes ; Tell Asterisk to use ICE for this peer
context=default ; Tell Asterisk which context to use when this peer is dialing
directmedia=no ; Asterisk will relay media for this peer
transport=udp,tcp,ws,wss ; Asterisk will allow this peer to register on UDP or WebSockets
force_avp=yes ; Force Asterisk to use avp. Introduced in Asterisk 11.11
dtlsenable=yes ; Tell Asterisk to enable DTLS for this peer
dtlsverify=fingerprint ; Tell Asterisk to verify DTLS fingerprint
dtlscertfile=/etc/asterisk/keys/asterisk.pem ; Tell Asterisk where your DTLS cert file is
dtlssetup=actpass ; Tell Asterisk to use actpass SDP parameter when setting up DTLS
rtcp_mux=yes ; Tell Asterisk to do RTCP mux

extensions.conf

[outbound]
exten => 4455,1,NoOp(Entring to App)
    same => n,Dial(SIP/${EXTEN}@192.168.xxx.xx)
    same => n,Hangup()

http.conf

[general]
enabled=yes
bindport=8088
bindaddr=0.0.0.0
enable_static=yes
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=/etc/asterisk/keys/asterisk.pem

It’s most likely the browser rejecting it due to using an IP address and not a hostname. You could check the Javascript console and see if anything shows up there.

Thanks for the reply @jcolp .now it was solved after i changed to pjsip and configured a virtual host.But one thing i want to know is can i disable the SSL in configurations?

Thank you.

You’re going to need to be more specific in what you mean by that.

i was trying a webRTC call over sip provided by my ISP but i’m trying to test in development(local machine) when i try to do that i got that error.is it possible to make calls without SSL certificate from browser to asterisk?

Your question is really about what the browser will let you do, and from my vague memory it really really really wants TLS.

So the solution is to add my Self Signed Certificate to Browser and Try to Make Calls?

I haven’t dealt with browser stuff in ages so I can’t comment any further.

Thank you I figured out what to do.Thanks for replying my question.Most community won’t reply but asterisk community does.
Have a Nice Day @jcolp .

Testing out your WebRTC solution without a commonly accepted Certificate Authority can be a challenge.

With Chrome (and probably others), there is something of a exception for testing purposes. If you use a self-sign a certificate, and then use https://localhost/ in your browser, you will see an error page, with something like NET::ERR_CERT_AUTHORITY_INVALID. However, there will be an Advanced button, and clicking this, shows an option to continue anyway. This allow you to see the page you have developed, but also - importantly, it creates a temporary “allow” for the certificate so that the javascript can also connect to the WebSocket at wss://localhost/ws too.

If you test your server on say https://localhost (allow the exception) and then connect to the WebSocket on say wss://192.168.1.1/ws then the websocket connection will fail even though the containing page was allowed. The page and the websocket have to connect to the same localhost server for this option to work.

Another option would be to export a CA signing certificate, sign a server certificate, and use that in Asterisk, then copy the CA to the Desktop and install the CA. Then you will not get any warnings. This may be a more complicated process tho, and just like the localhost option - its only for testing.

I’d suggest that big organisations probably should be doing this for all their internal services,. not just as a testing measure. Having a well known CA is useful when you want strange devices to be able to connect, but makes it difficult if you want to lock down (the default browser configurations permit some quite low trust services to vouch for identities, although I think all those services in countries hostile to the US have probably been removed from the default configurations).

I add the CA to firefox and verify it and t did connect to asterisk but when i make call to with exten 1060 it says

[Aug  1 04:09:23] NOTICE[1524087][C-0000001c]: chan_sip.c:10501 process_sdp: Received SAVPF profle in audio offer but AVPF is not enabled, enabling: audio 47122 UDP/TLS/RTP/SAVPF 109 9 0 8 101
[Aug  1 04:09:23] WARNING[1524087][C-0000001c]: chan_sip.c:10908 process_sdp: Rejecting secure audio stream without encryption details: audio 47122 UDP/TLS/RTP/SAVPF 109 9 0 8 101

here is my sip.conf

[general]
realm=0.0.0.0 ; Replace this with your IP address
udpbindaddr=0.0.0.0 ; Replace this with your IP address
transport=udp
websocket_enable=yes

[1060] ; This will be WebRTC client
type=friend
username=1060 ; The Auth user for SIP.js
host=dynamic ; Allows any host to register
secret=password ; The SIP Password for SIP.js
encryption=no ; Tell Asterisk to use encryption for this peer
disallow=all
allow=alaw,ulaw


[1061]
host=192.168.130.20
type=peer
qualify=yes
canreinvite=no
disallow=all
transport=udp
allow=ulaw,alaw
dtmfmode=rfc2833
nat=force_rport,comedia
directmedia=no

Phew… chan_sip… going old school!

In that case, you will need to setup up the DTLS yourself. Check this out:

And this:

for the template on the websocket properties.

[webrtc](!)
transport=wss
allow=opus,ulaw,vp9,vp8,h264
encryption=yes
avpf=yes
force_avp=yes
icesupport=yes
rtcp_mux=yes
dtlsenable=yes
dtlsverify=fingerprint
dtlscertfile=/path/to/cert.pem
dtlscafile=/path/to/CA.crt
dtlssetup=actpass

Disclaimer: This is very old tech now, and i’m not even sure this will work. pjsip is really the right way. I think you are in for an uphill battle.

I tried to use pjsip but the provider is refusing the webrtc

in this
Thread

Found peer 'mgluaye' for '09978551579' from 192.168.130.20:5060
  == Using SIP RTP CoS mark 5
Got SDP version 1055472085 and unique parts [root 1055472085 IN IP4 192.168.130.20]
Found RTP audio format 0
Found RTP audio format 8
Found RTP audio format 101
Found audio description format PCMU for ID 0
Found audio description format PCMA for ID 8
Found audio description format telephone-event for ID 101
Capabilities: us - (ulaw|alaw|gsm), peer - audio=(ulaw|alaw)/video=(nothing)/text=(nothing), combined - (ulaw|alaw)
Non-codec capabilities (dtmf): us - 0x1 (telephone-event|), peer - 0x1 (telephone-event|), combined - 0x1 (telephone-event|)
       > 0x77f60002e2a0 -- Strict RTP learning after remote address set to: 192.168.130.20:15314
Peer audio RTP is at port 192.168.130.20:15314
Looking for 2399009 in inbound_user (domain 172.250.230.160)
sip_route_dump: route/path hop: <sip:09978551579@192.168.130.20:5060>

<--- Transmitting (NAT) to 192.168.130.20:5060 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.130.20:5060;branch=z9hG4bK1a76656f;received=192.168.130.20;rport=5060
From: "09978551579" <sip:09978551579@192.168.130.20>;tag=as7d24363d
To: <sip:2399009@172.250.230.160>
Call-ID: 459c2fe208424fa3695f8e1b2802b985@192.168.130.20:5060
CSeq: 102 INVITE
Server: Asterisk PBX GIT-18-591c1c77c7
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Session-Expires: 1800;refresher=uas
Contact: <sip:2399009@172.250.230.160:5060>
Content-Length: 0


<------------>
    -- Executing [2399009@inbound_user:1] NoOp("SIP/mgluaye-00000015", "Incoming call to extension 1000") in new stack
    -- Executing [2399009@inbound_user:2] Dial("SIP/mgluaye-00000015", "PJSIP/webrtc_client") in new stack
    -- Called PJSIP/webrtc_client
<--- Transmitting SIP request (1949 bytes) to UDP:192.168.130.20:5060 --->
INVITE sip:012399009@192.168.130.20 SIP/2.0
Via: SIP/2.0/UDP 172.250.230.160:5070;rport;branch=z9hG4bKPj37ea998b-d364-4b62-90f9-497440d12ae1
From: "09978551579" <sip:09978551579@172.250.230.160>;tag=7e04bf0a-705d-4bda-9f3c-0912c965cd2a
To: <sip:012399009@192.168.130.20>
Contact: <sip:asterisk@172.250.230.160:5070>
Call-ID: 67a50972-38c6-4cff-80d8-741c231c35ff
CSeq: 3944 INVITE
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, INFO, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub, histinfo
Session-Expires: 1800
Min-SE: 90
Max-Forwards: 70
User-Agent: Asterisk PBX GIT-18-591c1c77c7
Content-Type: application/sdp
Content-Length:  1234

v=0
o=- 1094983331 1094983331 IN IP4 172.250.230.160
s=Asterisk
c=IN IP4 172.250.230.160
t=0 0
a=msid-semantic:WMS *
a=group:BUNDLE audio-0
m=audio 11872 UDP/TLS/RTP/SAVPF 0 107 101 102
a=connection:new
a=setup:actpass
a=fingerprint:SHA-256 D3:41:07:01:8E:8B:32:2E:9C:B0:2B:40:30:BF:C7:CA:63:A2:35:45:73:BA:6F:F9:3C:34:73:75:83:60:53:91
a=ice-ufrag:4e13a0cb78c1f1147410fe9d52966f96
a=ice-pwd:262c7adc48a6c69778964ce871af6df6
a=candidate:Hacfae6a0 1 UDP 2130706431 172.250.230.160 11872 typ host
a=candidate:Ha010ec0 1 UDP 2130706431 10.1.14.192 11872 typ host
a=candidate:Ha6e8a65a 1 UDP 2130706431 fe80::20c:29ff:fe94:2c08 11872 typ host
a=candidate:H5b88bb0d 1 UDP 2130706431 fe80::ecee:eeff:feee:eeee 11872 typ host
a=candidate:H94bd4af6 1 UDP 2130706431 fe80::64ab:e1ff:fe9d:a7c7 11872 typ host
a=rtpmap:0 PCMU/8000
a=rtpmap:107 opus/48000/2
a=fmtp:107 useinbandfec=1
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=rtpmap:102 telephone-event/48000
a=fmtp:102 0-16
a=ptime:20
a=maxptime:20
a=sendrecv
a=rtcp-mux
a=ssrc:1823901745 cname:5da8d007-8f9e-4be0-87a5-57ca8f4123e0
a=msid:dc3ad5a5-5f09-47c5-b7ef-b97c7c23b6fa de61364e-ef17-434c-965b-b1903ab361ae
a=rtcp-fb:* transport-cc
a=mid:audio-0

<--- Received SIP response (537 bytes) from UDP:192.168.130.20:5060 --->
SIP/2.0 488 Not acceptable here
Via: SIP/2.0/UDP 172.250.230.160:5070;branch=z9hG4bKPj37ea998b-d364-4b62-90f9-497440d12ae1;received=172.250.230.160;rport=5070
From: "09978551579" <sip:09978551579@172.250.230.160>;tag=7e04bf0a-705d-4bda-9f3c-0912c965cd2a
To: <sip:012399009@192.168.130.20>;tag=as61644ee4
Call-ID: 67a50972-38c6-4cff-80d8-741c231c35ff
CSeq: 3944 INVITE
Server: CAIP SIP 2.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


<--- Transmitting SIP request (434 bytes) to UDP:192.168.130.20:5060 --->
ACK sip:012399009@192.168.130.20 SIP/2.0
Via: SIP/2.0/UDP 172.250.230.160:5070;rport;branch=z9hG4bKPj37ea998b-d364-4b62-90f9-497440d12ae1
From: "09978551579" <sip:09978551579@172.250.230.160>;tag=7e04bf0a-705d-4bda-9f3c-0912c965cd2a
To: <sip:012399009@192.168.130.20>;tag=as61644ee4
Call-ID: 67a50972-38c6-4cff-80d8-741c231c35ff
CSeq: 3944 ACK
Max-Forwards: 70
User-Agent: Asterisk PBX GIT-18-591c1c77c7
Content-Length:  0


  == Everyone is busy/congested at this time (1:0/0/1)
    -- Executing [2399009@inbound_user:3] Hangup("SIP/mgluaye-00000015", "") in new stack
  == Spawn extension (inbound_user, 2399009, 3) exited non-zero on 'SIP/mgluaye-00000015'
Scheduling destruction of SIP dialog '459c2fe208424fa3695f8e1b2802b985@192.168.130.20:5060' in 6400 ms (Method: INVITE)

<--- Reliably Transmitting (NAT) to 192.168.130.20:5060 --->
SIP/2.0 488 Not Acceptable Here
Via: SIP/2.0/UDP 192.168.130.20:5060;branch=z9hG4bK1a76656f;received=192.168.130.20;rport=5060
From: "09978551579" <sip:09978551579@192.168.130.20>;tag=as7d24363d
To: <sip:2399009@172.250.230.160>;tag=as3738a5f7
Call-ID: 459c2fe208424fa3695f8e1b2802b985@192.168.130.20:5060
CSeq: 102 INVITE
Server: Asterisk PBX GIT-18-591c1c77c7
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Session-Expires: 1800;refresher=uas
Content-Length: 0


<------------>

<--- SIP read from UDP:192.168.130.20:5060 --->
ACK sip:2399009@172.250.230.160 SIP/2.0
Via: SIP/2.0/UDP 192.168.130.20:5060;branch=z9hG4bK1a76656f
Max-Forwards: 70
From: "09978551579" <sip:09978551579@192.168.130.20>;tag=as7d24363d
To: <sip:2399009@172.250.230.160>;tag=as3738a5f7
Contact: <sip:09978551579@192.168.130.20:5060>
Call-ID: 459c2fe208424fa3695f8e1b2802b985@192.168.130.20:5060
CSeq: 102 ACK
User-Agent: CAIP SIP 2.0
Content-Length: 0

This shows a SIP request (UDP port 5070), not a WebRTC one. I can’t imagine any provider providing the client end of WebRTC and I suspect that Asterisk only implements the server end, but I’ve never investigated that in detail.

Most providers will want you to trunk to them using regular SIP & RTP. You appears to be trying to trunk with them as a WebRTC endpoint.

They are rejecting your INVITE as not being acceptable - something in the INVITE is not set correctly. Maybe a codec, or and encryption etc.

Make sure you trunk with the provider is setup the way THEY want it. Asterisk will do all the transcoding and translation between the WebRTC endpoint and the Provider Sip Trunk… After all, Asterisk is a B2BUA… that’s what its good at.

Please tell me What server wants.the Provider.I have that server at office but when they run vicidial they don’t need any certificate and vicidial use jssip.Please tell me what i need to configure at provider.The server has another Provider which is ISP.Now i got rejected again with jssip.

I think the reply is from me to server?

SIP/2.0 488 Not acceptable here
Via: SIP/2.0/UDP 172.250.230.160:5060;branch=z9hG4bK4dab641b;received=172.250.230.160;rport=5060
From: <sip:012399009@172.250.230.160>;tag=as3bced2be
To: <sip:09978551579@192.168.130.20>;tag=as39b196f1
Call-ID: 3b2f80604511aa233d03943c29c016d3@172.250.230.160:5060
CSeq: 102 INVITE
Server: CAIP SIP 2.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0

Hello i found the solution of what’s i’m facing.I forgot to register user.But when i call to a user it says

Using INVITE request as basis request - 9qc51bka7kkpfusjb601
Found peer '012399009' for '012399009' from 172.250.230.136:58224
  == Using SIP RTP CoS mark 5
Got SDP version 0 and unique parts [mozilla...THIS_IS_SDPARTA-99.0 602436884144578642 IN IP4 0.0.0.0]
Found RTP audio format 109
Found RTP audio format 9
Found RTP audio format 0
Found RTP audio format 8
Found RTP audio format 101
Found audio description format opus for ID 109
Found audio description format G722 for ID 9
Found audio description format PCMU for ID 0
Found audio description format PCMA for ID 8
Found audio description format telephone-event for ID 101
Capabilities: us - (alaw|ulaw|g722|opus), peer - audio=(ulaw|alaw|g722|opus)/video=(nothing)/text=(nothing), combined - (alaw|ulaw|g722|opus)
Non-codec capabilities (dtmf): us - 0x1 (telephone-event|), peer - 0x1 (telephone-event|), combined - 0x1 (telephone-event|)
       > 0x794750045830 -- Strict RTP learning after remote address set to: 43.242.135.210:46162
Peer audio RTP is at port 43.242.135.210:46162
Looking for 1061 in default (domain 192.168.130.20)
sip_route_dump: route/path hop: <sip:j0iert61@fo913ij2c0v7.invalid;transport=ws;ob>

<--- Transmitting (NAT) to 172.250.230.136:58224 --->
SIP/2.0 100 Trying
Via: SIP/2.0/WSS fo913ij2c0v7.invalid;branch=z9hG4bK1854021;received=172.250.230.136;rport=58224
From: <sip:012399009@172.250.230.160>;tag=1qv2kka04p
To: <sip:1061@192.168.130.20>
Call-ID: 9qc51bka7kkpfusjb601
CSeq: 2 INVITE
Server: Asterisk PBX GIT-18-591c1c77c7
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Contact: <sip:1061@172.250.230.160:5060;transport=ws>
Content-Length: 0


<------------>
    -- Executing [1061@default:1] Dial("SIP/012399009-0000004f", "SIP/09978551579@192.168.130.20") in new stack
  == Using SIP RTP CoS mark 5
Audio is at 11958
Adding codec alaw to SDP
Adding codec ulaw to SDP
Adding codec gsm to SDP
Adding non-codec 0x1 (telephone-event) to SDP
Reliably Transmitting (no NAT) to 192.168.130.20:5060:
INVITE sip:09978551579@192.168.130.20 SIP/2.0
Via: SIP/2.0/UDP 172.250.230.160:5060;branch=z9hG4bK5fd1afcf
Max-Forwards: 70
From: <sip:012399009@172.250.230.160>;tag=as2872ac3a
To: <sip:09978551579@192.168.130.20>
Contact: <sip:012399009@172.250.230.160:5060>
Call-ID: 72fb4dd40d5b0918654f136a1d43d34a@172.250.230.160:5060
CSeq: 102 INVITE
User-Agent: Asterisk PBX GIT-18-591c1c77c7
Date: Fri, 02 Aug 2024 02:56:51 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 301

v=0
o=root 153197005 153197005 IN IP4 172.250.230.160
s=Asterisk PBX GIT-18-591c1c77c7
c=IN IP4 172.250.230.160
t=0 0
m=audio 11958 RTP/AVP 8 0 3 101
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:3 GSM/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=maxptime:140
a=sendrecv

---
    -- Called SIP/09978551579@192.168.130.20

<--- SIP read from UDP:192.168.130.20:5060 --->
SIP/2.0 488 Not acceptable here
Via: SIP/2.0/UDP 172.250.230.160:5060;branch=z9hG4bK5fd1afcf;received=172.250.230.160;rport=5060
From: <sip:012399009@172.250.230.160>;tag=as2872ac3a
To: <sip:09978551579@192.168.130.20>;tag=as529bc571
Call-ID: 72fb4dd40d5b0918654f136a1d43d34a@172.250.230.160:5060
CSeq: 102 INVITE
Server: CAIP SIP 2.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0

<------------->
--- (10 headers 0 lines) ---
Transmitting (no NAT) to 192.168.130.20:5060:
ACK sip:09978551579@192.168.130.20 SIP/2.0
Via: SIP/2.0/UDP 172.250.230.160:5060;branch=z9hG4bK5fd1afcf
Max-Forwards: 70
From: <sip:012399009@172.250.230.160>;tag=as2872ac3a
To: <sip:09978551579@192.168.130.20>;tag=as529bc571
Contact: <sip:012399009@172.250.230.160:5060>
Call-ID: 72fb4dd40d5b0918654f136a1d43d34a@172.250.230.160:5060
CSeq: 102 ACK
User-Agent: Asterisk PBX GIT-18-591c1c77c7
Content-Length: 0


---
Scheduling destruction of SIP dialog '72fb4dd40d5b0918654f136a1d43d34a@172.250.230.160:5060' in 32000 ms (Method: INVITE)
  == Everyone is busy/congested at this time (1:0/0/1)
    -- Auto fallthrough, channel 'SIP/012399009-0000004f' status is 'CHANUNAVAIL'

<--- Reliably Transmitting (NAT) to 172.250.230.136:58224 --->
SIP/2.0 503 Service Unavailable
Via: SIP/2.0/WSS fo913ij2c0v7.invalid;branch=z9hG4bK1854021;received=172.250.230.136;rport=58224
From: <sip:012399009@172.250.230.160>;tag=1qv2kka04p
To: <sip:1061@192.168.130.20>;tag=as20597135
Call-ID: 9qc51bka7kkpfusjb601
CSeq: 2 INVITE
Server: Asterisk PBX GIT-18-591c1c77c7
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
X-Asterisk-HangupCause: Bearer capability not available
X-Asterisk-HangupCauseCode: 58
Content-Length: 0


<------------>

<--- SIP read from WS:172.250.230.136:58224 --->
ACK sip:1061@192.168.130.20 SIP/2.0
Via: SIP/2.0/WSS fo913ij2c0v7.invalid;branch=z9hG4bK1854021
To: <sip:1061@192.168.130.20>;tag=as20597135
From: <sip:012399009@172.250.230.160>;tag=1qv2kka04p
Call-ID: 9qc51bka7kkpfusjb601
CSeq: 2 ACK
Max-Forwards: 70
Content-Length: 0

<------------->
--- (8 headers 0 lines) ---
[Aug  2 02:56:51] ERROR[2378493]: cdr_csv.c:275 writefile: Unable to open file /var/log/asterisk//cdr-csv//Master.csv : Permission denied
[Aug  2 02:56:51] WARNING[2378493]: cdr_csv.c:308 csv_log: Unable to write CSV record to master '/var/log/asterisk//cdr-csv//Master.csv' : Permission denied
Really destroying SIP dialog '9qc51bka7kkpfusjb601' Method: ACK
Reliably Transmitting (no NAT) to 172.250.230.136:58224:
OPTIONS sip:j0iert61@fo913ij2c0v7.invalid;transport=ws SIP/2.0
Via: SIP/2.0/WS 172.250.230.160:5060;branch=z9hG4bK23ed6c6a
Max-Forwards: 70
From: "asterisk" <sip:asterisk@172.250.230.160>;tag=as1b6cf22a
To: <sip:j0iert61@fo913ij2c0v7.invalid;transport=ws>
Contact: <sip:asterisk@172.250.230.160:5060;transport=ws>
Call-ID: 7cdde0a22b99a75d566e830644473f29@172.250.230.160:5060
CSeq: 102 OPTIONS
User-Agent: Asterisk PBX GIT-18-591c1c77c7
Date: Fri, 02 Aug 2024 02:57:03 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0

here is my sip.conf

[general]
realm=0.0.0.0 ; Replace this with your IP address
tlsbindaddr=[::]:5061
tlsdontverifyserver=no
tlsclientmethod=tlsv1
force_avp=yes
udpbindaddr=0.0.0.0 ; Replace this with your IP address
transport=ws,wss
websocket_enable=yes
tlscafile=/etc/asterisk/keys/asterisk.crt
dtlscertfile=/etc/asterisk/keys/asterisk.pem ; Path to your certificate
dtlsprivatekey=/etc/asterisk/keys/asterisk.key ; Path to your private key

[012399009] ; This will be WebRTC client
type=friend
host=dynamic ; Allows any host to register
transport=wss
avpf=yes
qualify=yes
secret=password
encryption=yes ; Tell Asterisk to use encryption for this peer
disallow=all
allow=alaw,ulaw,g722,opus
icesupport=yes ; Enable ICE support
directmedia=yes ; Ensure direct media is disabled
dtlsenable=yes ; Enable DTLS
dtlsverify=fingerprint ; Verify DTLS fingerprint
dtlscertfile=/etc/asterisk/keys/asterisk.crt ; Path to your certificate
dtlsprivatekey=/etc/asterisk/keys/asterisk.key ; Path to your private key
dtlssetup=actpass ; DTLS setup method
dtlsfingerprint=/etc/asterisk/keys/asterisk.key


[1061]
host=192.168.130.20
type=peer
qualify=yes
canreinvite=no
disallow=all
allow=alaw,ulaw,g722,opus
transport=udp
dtmfmode=rfc2833
nat=force_rport,comedia
directmedia=no

extensions.conf

[default]
exten => 2399009,1,Dial(SIP/012399009) ; Dialing 1060 will call the SIP client registered to 1060
exten => 1061,1,Dial(SIP/09978551579@192.168.130.20)

Thank you i seems i misconfiguration at provider,I used encryption but didn’t give any key to it.Thank you for your support.I’m really appreciate.Have a nice day.

Thank you for pointing me out.Your answer is very helpful