JsSip, Sip.js or even SipMl5 works fine with ws(local) but when it's comes to wss(external ip) it doesn't play audio on both side

Hello, I’m using asterisk 16 and I’m having trouble to hear audio when it comes to (external ip) with Wss connection

This is my http show status

HTTP Server Status:
Server: Asterisk/16.7.0
Server Enabled and Bound to

HTTPS Server Enabled and Bound to

Enabled URI’s:
/httpstatus => Asterisk HTTP General Status
/phoneprov/… => Asterisk HTTP Phone Provisioning Tool
/amanager => HTML Manager Event Interface w/Digest authentication
/arawman => Raw HTTP Manager Event Interface w/Digest authentication
/manager => HTML Manager Event Interface
/rawman => Raw HTTP Manager Event Interface
/static/… => Asterisk HTTP Static Delivery
/amxml => XML Manager Event Interface w/Digest authentication
/mxml => XML Manager Event Interface
/ari/… => Asterisk RESTful API
/ws => Asterisk HTTP WebSocket

When a number is Called the CLI show this:

== DTLS ECDH initialized (automatic), faster PFS enabled
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5

It doesnt show any error

It’s the debug log from SIP.js (implementing WebRtc into a REACT app)

Mon Nov 22 2021 16:42:31 GMT-0300 (Horário Padrão de Brasília) | sip.Transport | Sending WebSocket message:

INVITE sip:xxxx:5062 SIP/2.0

Via: SIP/2.0/WSS nelhg2dfgb43.invalid;branch=z9hG4bK6423782

To: sip:xxxxx:5062

From: sip:xxxxx:5062;tag=jc8pedtq5m


Call-ID: ac59biq2v6nrj9ieqpr6

Max-Forwards: 70

Contact: <xxxxxxxxxxxxx;transport=ws;ob>


Supported: outbound

User-Agent: SIP.js/0.20.0

Content-Type: application/sdp

Content-Length: 1330


o=mozilla…THIS_IS_SDPARTA-95.0 1379861046443496972 0 IN IP4


t=0 0


a=fingerprint:sha-256 FC:FC:78:D9:ED:B6:83:C1:9B:1C:71:E6:57:3F:E1:77:1A:47:29:83:73:5A:BF:10:57:75:F3:D7:23:70:EF:04

a=group:BUNDLE 0


a=msid-semantic:WMS *

m=audio 55029 UDP/TLS/RTP/SAVPF 109 9 0 8 101

c=IN IP4

a=candidate:0 1 TCP 2105524479 9 typ host tcptype active

a=candidate:1 1 TCP 2105458943 9 typ host tcptype active

a=candidate:0 2 TCP 2105524478 9 typ host tcptype active

a=candidate:1 2 TCP 2105458942 9 typ host tcptype active



a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level

a=extmap:2/recvonly urn:ietf:params:rtp-hdrext:csrc-audio-level

a=extmap:3 urn:ietf:params:rtp-hdrext:sdes:mid

a=fmtp:109 maxplaybackrate=48000;stereo=1;useinbandfec=1

a=fmtp:101 0-15




a=msid:{e8762781-32d0-43f3-9909-3931e56eb89e} {2ed6eeb9-a675-403d-b4b0-4ca637079ede}

a=rtcp:56682 IN IP4


a=rtpmap:109 opus/48000/2

a=rtpmap:9 G722/8000/1

a=rtpmap:0 PCMU/8000

a=rtpmap:8 PCMA/8000

a=rtpmap:101 telephone-event/8000


a=ssrc:1756142048 cname:{48422808-fcff-4771-a72f-61fe0d7c72d3}

But no audio on both sides

This is my sip show settings

Global Settings:

UDP Bindaddress:
TCP SIP Bindaddress: Disabled
TLS SIP Bindaddress: Disabled
RTP Bindaddress: Disabled
Videosupport: No
Textsupport: No
Ignore SDP sess. ver.: No
AutoCreate Peer: Off
Match Auth Username: No
Allow unknown access: Yes
Allow subscriptions: Yes
Allow overlap dialing: Yes
Allow promisc. redir: No
Enable call counters: No
SIP domain support: No
Path support : No
Realm. auth: No
Our auth realm asterisk
Use domains as realms: No
Call to non-local dom.: Yes
URI user is phone no: No
Always auth rejects: Yes
Direct RTP setup: No
User Agent: IPBX-2.11.0(16.7.0)
SDP Session Name: Asterisk PBX 16.7.0
SDP Owner Name: root
Reg. context: (not set)
Regexten on Qualify: No
Trust RPID: No
Send RPID: No
Legacy userfield parse: No
Send Diversion: Yes
Caller ID: Unknown
From: Domain:
Record SIP history: Off
Auth. Failure Events: Off
T.38 support: No
T.38 EC mode: Unknown
T.38 MaxDtgrm: 4294967295
SIP realtime: Disabled
Qualify Freq : 60000 ms
Q.850 Reason header: No

Network QoS Settings:

IP ToS RTP audio: EF
IP ToS RTP video: AF41
IP ToS RTP text: CS0
802.1p CoS SIP: 4
802.1p CoS RTP audio: 5
802.1p CoS RTP video: 6
802.1p CoS RTP text: 5
Jitterbuffer enabled: No

Network Settings:

SIP address remapping: Disabled, no localnet list
Externrefresh: 10

Global Signalling Settings:

Codecs: (ulaw|gsm|alaw)
Relax DTMF: No
RFC2833 Compensation: No
Symmetric RTP: Yes
Compact SIP headers: No
RTP Keepalive: 0 (Disabled)
RTP Timeout: 30
RTP Hold Timeout: 300
MWI NOTIFY mime type: application/simple-message-summary
DNS SRV lookup: No
Pedantic SIP support: Yes
Reg. min duration 60 secs
Reg. max duration: 3600 secs
Reg. default duration: 120 secs
Sub. min duration 60 secs
Sub. max duration: 3600 secs
Outbound reg. timeout: 20 secs
Outbound reg. attempts: 0
Outbound reg. retry 403:No
Notify ringing state: Yes
Include CID: No
Notify hold state: Yes
SIP Transfer mode: open
Max Call Bitrate: 384 kbps
Auto-Framing: No
Outb. proxy:
Session Timers: Accept
Session Refresher: uas
Session Expires: 1800 secs
Session Min-SE: 90 secs
Timer T1: 500
Timer T1 minimum: 100
Timer B: 32000
No premature media: Yes
Max forwards: 70

Default Settings:

Allowed transports: UDP
Outbound transport: UDP
Context: from-sip-external
Record on feature: automon
Record off feature: automon
Force rport: Yes
DTMF: rfc2833
Qualify: 0
Keepalive: 0
Use ClientCode: No
Progress inband: No
Tone zone:
MOH Interpret: default
MOH Suggest:
Voice Mail Extension: *97
RTCP Multiplexing: No

my stun show status
Hostname Port Period Retries Status ExternAddr ExternPort
(null) 0 30 3 INIT 0

SIP address remapping: Disabled, no localnet list

Check that you have defined your NAT layout

Also check:

If this is the case for you.

Network Settings:

SIP address remapping: Enabled using externaddr
Externrefresh: 10


Thank you very much for answering me

This one looks okay now??

The image is my NAT Router configuration, the 5062(external) is pointing to local 5060

You need to open the UDP ports (as specified below) on your router to allow for the audio to flow in:

Most importantly, don’t use the default settings Defaults are rtpstart=5000 and rtpend=31000 … it’s a mistake that Asterisk developers have wrong for years. If you take a closer look at this, opening these UDP ports on your router/firewall also opens port 5060! Ouch… this will land you in hot water especially if you are lazy and just throw the Asterisk server in the DMZ (that a lot of people do). You must specify rtpstart, and rtpend, and set them to something well above 5060.

These ports would also need to forward to your Asterisk box.

The image is my NAT Router configuration, the 5062(external) is pointing to local 5060.

This is an extremely dangerous practice, and unless you have IP filters, you will constantly be attacked. I’m assuming from the images, this is a Mikrotik Router, there is quite a lot you can do on the router level to protect this. I would use some filtering rules. Do you really need your phones to register from out side of your network? If you want to provide WebRTC access to Asterisk from out side of your network, you don’t use UDP 5060 any more, remember you use HTTPS on whatever port you specified in http.conf.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.