Issue with random source port (TLS) and identify/match

Hi

I’ve a setup with two nodes connected with a TLS trunk. The trunk does not have any authentication or registration. The identification is done over IP:PORT. I’m using pjsip_wizard to generate all the required objects.

The problem I have is, that remote_hosts contains IP:PORT since we are using non standard ports. This will create an identify with match IP:PORT/MASK. Since the other end uses a random source port, the match upon IP:PORT doesn’t work and Asterisk complains about “No matching endpoint found”.

I found that I could set identify/match = X.X.X.X without the port and then it works.

So far so good… But the issue I have is, we are running Kamailio on the same node. Kamailio uses port 5060/5061 and Asterisk is configured to use 5070/5071. So if identify/match is set only to the IP, it might be that the call is coming from Kamailio and not from the expected other Asterisk running on a different port.

I’m asking me, whether I can force the source port to be equal to the configured bind port and not random?

Maybe as a side note. I used the same configuration with a UDP transport and this works perfect as for UDP, the source port is equal to the bind port and not random.

Thanks for your help!
Mathias

pjsip_wizard.conf

[global_options](!)
type = wizard
endpoint/allow = !all
endpoint/allow = alaw
endpoint/allow = ulaw
endpoint/allow = gsm
endpoint/allow = speex
endpoint/allow = g726
endpoint/dtmf_mode = rfc4733
endpoint/fax_detect = yes
endpoint/identify_by = auth_username,ip
endpoint/language = en
endpoint/t38_udptl = yes
endpoint/t38_udptl_maxdatagram
endpoint/t38_udptl_ec = redundancy
endpoint/timers = yes
endpoint/timers_min_se = 600
endpoint/timers_sess_expires = 3600
endpoint/direct_media = no
endpoint/tos_audio = ef
...
[charact_trunk_standard](!)
type = wizard
aor/qualify_timeout = 2
aor/qualify_frequency = 60
...
[ToA](global_options,charact_trunk_standard)
transport = transport-tls
endpoint/context = sip-trunk-incoming-from-ToA
remote_hosts = A.A.A.A:5071
;identify/match = A.A.A.A

pjsip.conf

...
[transport-tls]
type = transport
protocol = tls
bind = 0.0.0.0:5071
ca_list_file =   
cert_file = cert.pem
priv_key_file = key.pem
method = tlsv1_3
verify_server = no
tos = ef
...

I’m using Asterisk 20.5.0