One way audio using mobile data with NAT and TLS


#1

I am having a one-way audio issue while using TLS and NAT only when I am using mobile data. On a wifi network, this is not the case. I am accessing the sip server via the routers public IP and the forwarded port on my softphone in both the cases. Asterisk server is behind the router. Required ports are forwarded on the router.

transport section:

[global]
type = global
user_agent = ASTERISK_SERVER
videosupport = yes
nat = force_rport,comedia


[transport-udp]
type = transport
protocol = udp
bind = 0.0.0.0:5065
tos = cs3

[transport-udp-nat]
type=transport
protocol=udp
bind=0.0.0.0:5060
local_net=192.168.2.0/24
local_net=127.0.0.1/24
external_media_address=45.152.22.178
external_signaling_address=45.152.22.178
external_signaling_port=5060

[transport-tls]    
type=transport                                                                          
protocol=tls
bind=0.0.0.0:5061
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
local_net=192.168.2.0/24
local_net=127.0.0.1/24
external_media_address=45.152.22.178
external_signaling_address=45.152.22.178
method=tlsv1

Section related to the endpoints :

[103]
type = aor
max_contacts = 3
qualify_frequency = 60
maximum_expiration = 3600
minimum_expiration = 60
default_expiration = 120


[103]
type = auth
username = 103
password = xxx103

[103]
type = endpoint
dtmf_mode = rfc4733
allow = all
rtp_timeout = 30
timers = yes
direct_media = no
callerid = 103 <Zone_3>
send_pai = yes
auth = 103
outbound_auth = 103
aors = 103
dtmf_mode=rfc4733
media_encryption=sdes
transport = transport-tls

[104]
type = aor
max_contacts = 1
qualify_frequency = 60
maximum_expiration = 3600
minimum_expiration = 60
default_expiration = 120

[104]
type = auth
username = 104
password = xxx104

[104]
type = endpoint
dtmf_mode = rfc4733
disallow = all
allow = ulaw
allow = alaw
allow = gsm
allow = g726
allow = h264
allow = mpeg4
allow = vp8
allow = h263p
rtp_timeout = 30
timers = yes
direct_media = no
callerid = 104 <Zone_4>
send_pai = yes
use_avpf = no
named_call_group = 
named_pickup_group = 
tos_audio = ef
tos_video = af41
auth = 104
outbound_auth = 104
aors = 104
transport = transport-udp-nat

Details of the different IP address in this post:

45.152.22.178  -> my public ip address (obfuscated)
192.168.2.114  -> local/private ip address of smartphone where 103 is registered from, 
5.162.60.172   -> this is the ip of the same smartphone when on mobile data
192.168.2.124  -> local/private ip address of hard phone where 104 is registered from 
10.209.120.128 -> not sure what is it?


checking 10.209.120.128 https://ipinfo.info/html/ip_checker.php here says
Checking IP Address

IP Address: 10.209.120.128
Error: This is a private LAN address, it can neither be routed,
 geolocated or publicly looked up in the internet

Scenario 1: using Wifi network (All seems good) No issues with audio :

asterisks logs:

    -- Executing [104@default:1] Dial("PJSIP/103-00000004", "PJSIP/104/sip:104@192.168.2.124:5062") in new stack
    -- Called PJSIP/104/sip:104@192.168.2.124:5062
  == Using SIP RTP Audio TOS bits 184
    -- PJSIP/104-00000005 is ringing
       > 0x14b4e10 -- Strict RTP learning after remote address set to: 192.168.2.124:5004
    -- PJSIP/104-00000005 answered PJSIP/103-00000004
       > 0x1576e10 -- Strict RTP learning after remote address set to: 192.168.2.114:5004
    -- Channel PJSIP/104-00000005 joined 'simple_bridge' basic-bridge <cfc620cb-320e-4043-8bd5-83164bcd957c>
    -- Channel PJSIP/103-00000004 joined 'simple_bridge' basic-bridge <cfc620cb-320e-4043-8bd5-83164bcd957c>
       > 0x14b4e10 -- Strict RTP switching to RTP target address 192.168.2.124:5004 as source
       > 0x1576e10 -- Strict RTP qualifying stream type: audio
       > 0x1576e10 -- Strict RTP switching source address to 45.152.22.178:5004
       > 0x14b4e10 -- Strict RTP learning complete - Locking on source address 192.168.2.124:5004
       > 0x1576e10 -- Strict RTP learning complete - Locking on source address 45.152.22.178:5004
    -- Channel PJSIP/103-00000004 left 'simple_bridge' basic-bridge <cfc620cb-320e-4043-8bd5-83164bcd957c>
    -- Channel PJSIP/104-00000005 left 'simple_bridge' basic-bridge <cfc620cb-320e-4043-8bd5-83164bcd957c>
  == Spawn extension (default, 104, 1) exited non-zero on 'PJSIP/103-00000004'

from pjsip history

  No.   Timestamp  (Dir) Address                  SIP Message                        
===== ========== ============================== ===================================
00000 1551794634 * ==> 192.168.2.114:39481      OPTIONS sip:103@192.168.2.114:39481;transport=tls SIP/2.0
00001 1551794635 * ==> 192.168.2.114:39370      OPTIONS sip:103@192.168.2.114:39370;transport=tls SIP/2.0
00002 1551794640 * ==> 192.168.2.124:5062       OPTIONS sip:104@192.168.2.124:5062 SIP/2.0
00003 1551794640 * <== 192.168.2.124:5062       SIP/2.0 200 OK
00004 1551794642 * ==> 192.168.2.114:9546       OPTIONS sip:106@192.168.2.114:9546 SIP/2.0
00005 1551794643 * <== 192.168.2.114:9546       SIP/2.0 200 OK
00006 1551794643 * <== 45.152.22.178:39481       INVITE sip:Zone_4@45.152.22.178:5061 SIP/2.0
00007 1551794643 * ==> 45.152.22.178:39481       SIP/2.0 401 Unauthorized
00008 1551794643 * <== 45.152.22.178:39481       ACK sip:Zone_4@45.152.22.178:5061 SIP/2.0
00009 1551794643 * <== 45.152.22.178:39481       INVITE sip:Zone_4@45.152.22.178:5061 SIP/2.0
00010 1551794643 * ==> 45.152.22.178:39481       SIP/2.0 404 Not Found
00011 1551794643 * <== 45.152.22.178:39481       ACK sip:Zone_4@45.152.22.178:5061 SIP/2.0
00012 1551794646 * ==> 10.209.120.128:40489     OPTIONS sip:103@10.209.120.128:40489;transport=tls SIP/2.0
00013 1551794649 * <== 45.152.22.178:39481       INVITE sip:104@45.152.22.178:5061 SIP/2.0
00014 1551794649 * ==> 45.152.22.178:39481       SIP/2.0 401 Unauthorized
00015 1551794649 * <== 45.152.22.178:39481       ACK sip:104@45.152.22.178:5061 SIP/2.0
00016 1551794649 * <== 45.152.22.178:39481       INVITE sip:104@45.152.22.178:5061 SIP/2.0
00017 1551794649 * ==> 45.152.22.178:39481       SIP/2.0 100 Trying
00018 1551794649 * ==> 192.168.2.124:5062       INVITE sip:104@192.168.2.124:5062 SIP/2.0
00019 1551794649 * <== 192.168.2.124:5062       SIP/2.0 100 Trying
00020 1551794649 * <== 192.168.2.124:5062       SIP/2.0 180 Ringing
00021 1551794649 * ==> 45.152.22.178:39481       SIP/2.0 180 Ringing
00022 1551794652 * <== 192.168.2.124:5062       SIP/2.0 200 OK
00023 1551794652 * ==> 192.168.2.124:5062       ACK sip:104@192.168.2.124:5062 SIP/2.0
00024 1551794652 * ==> 45.152.22.178:39481       SIP/2.0 200 OK
00025 1551794653 * <== 45.152.22.178:39481       ACK sip:45.152.22.178:5061;transport=TLS SIP/2.0
00026 1551794656 * ==> 10.209.120.128:40460     OPTIONS sip:103@10.209.120.128:40460;transport=tls SIP/2.0
00027 1551794662 * <== 45.152.22.178:39481       BYE sip:45.152.22.178:5061;transport=TLS SIP/2.0
00028 1551794662 * ==> 45.152.22.178:39481       SIP/2.0 200 OK
00029 1551794662 * ==> 192.168.2.124:5062       BYE sip:104@192.168.2.124:5062 SIP/2.0
00030 1551794662 * <== 192.168.2.124:5062       SIP/2.0 200 OK
00031 1551794669 * ==> 10.209.120.128:40423     OPTIONS sip:103@10.209.120.128:40423;transport=tls SIP/2.0
00032 1551794674 * ==> 192.168.2.114:39412      OPTIONS sip:103@192.168.2.114:39412;transport=tls SIP/2.0
00033 1551794678 * ==> 192.168.2.114:39406      OPTIONS sip:103@192.168.2.114:39406;transport=tls SIP/2.0
00034 1551794684 * ==> 10.209.120.128:40484     OPTIONS sip:103@10.209.120.128:40484;transport=tls SIP/2.0
00035 1551794694 * ==> 192.168.2.114:39481      OPTIONS sip:103@192.168.2.114:39481;transport=tls SIP/2.0
00036 1551794695 * ==> 192.168.2.114:39370      OPTIONS sip:103@192.168.2.114:39370;transport=tls SIP/2.0
00037 1551794700 * ==> 192.168.2.124:5062       OPTIONS sip:104@192.168.2.124:5062 SIP/2.0
00038 1551794700 * <== 192.168.2.124:5062       SIP/2.0 200 OK
00039 1551794702 * ==> 192.168.2.114:9546       OPTIONS sip:106@192.168.2.114:9546 SIP/2.0
00040 1551794703 * <== 192.168.2.114:9546       SIP/2.0 200 OK
00041 1551794706 * ==> 10.209.120.128:40489     OPTIONS sip:103@10.209.120.128:40489;transport=tls SIP/2.0

Scenario 2: Using mobile data. Can’t hear on 103
Placing a call from the same smartphone on mobile data

I can hear audio from 103 on 104 , but I cannot hear anything on 103
Asterisks cli logs:

  == Setting global variable 'SIPDOMAIN' to '45.152.22.178'
    -- Executing [104@default:1] Dial("PJSIP/103-00000006", "PJSIP/104/sip:104@192.168.2.124:5062") in new stack
    -- Called PJSIP/104/sip:104@192.168.2.124:5062
  == Using SIP RTP Audio TOS bits 184
    -- PJSIP/104-00000007 is ringing
       > 0x15b3c10 -- Strict RTP learning after remote address set to: 192.168.2.124:5004
    -- PJSIP/104-00000007 answered PJSIP/103-00000006
       > 0x15aa150 -- Strict RTP learning after remote address set to: 10.209.120.128:5004
    -- Channel PJSIP/104-00000007 joined 'simple_bridge' basic-bridge <83f184b9-1fe3-4baf-9c68-2523cff0d0d0>
    -- Channel PJSIP/103-00000006 joined 'simple_bridge' basic-bridge <83f184b9-1fe3-4baf-9c68-2523cff0d0d0>
       > 0x15b3c10 -- Strict RTP switching to RTP target address 192.168.2.124:5004 as source
       > 0x15aa150 -- Strict RTP qualifying stream type: audio
       > 0x15aa150 -- Strict RTP switching source address to 5.162.60.172:20514
    -- Contact 106/sip:106@192.168.2.114:9546 is now Unreachable.  RTT: 0.000 msec
  == Endpoint 106 is now Unreachable
       > 0x15b3c10 -- Strict RTP learning complete - Locking on source address 192.168.2.124:5004
       > 0x15aa150 -- Strict RTP learning complete - Locking on source address 5.162.60.172:20514
    -- Channel PJSIP/104-00000007 left 'simple_bridge' basic-bridge <83f184b9-1fe3-4baf-9c68-2523cff0d0d0>
    -- Channel PJSIP/103-00000006 left 'simple_bridge' basic-bridge <83f184b9-1fe3-4baf-9c68-2523cff0d0d0>
  == Spawn extension (default, 104, 1) exited non-zero on 'PJSIP/103-00000006'

Pjsip history

00053 1551795536 * <== 5.162.60.172:20511       ACK sip:104@45.152.22.178:5061 SIP/2.0
00054 1551795536 * <== 5.162.60.172:20511       INVITE sip:104@45.152.22.178:5061 SIP/2.0
00055 1551795536 * ==> 5.162.60.172:20511       SIP/2.0 100 Trying
00056 1551795536 * ==> 192.168.2.124:5062       INVITE sip:104@192.168.2.124:5062 SIP/2.0
00057 1551795536 * <== 192.168.2.124:5062       SIP/2.0 100 Trying
00058 1551795536 * <== 192.168.2.124:5062       SIP/2.0 180 Ringing
00059 1551795536 * ==> 5.162.60.172:20511       SIP/2.0 180 Ringing
00060 1551795540 * ==> 192.168.2.124:5062       OPTIONS sip:104@192.168.2.124:5062 SIP/2.0
00061 1551795540 * <== 192.168.2.124:5062       SIP/2.0 200 OK
00062 1551795541 * <== 192.168.2.124:5062       SIP/2.0 200 OK
00063 1551795541 * ==> 192.168.2.124:5062       ACK sip:104@192.168.2.124:5062 SIP/2.0
00064 1551795541 * ==> 5.162.60.172:20511       SIP/2.0 200 OK
00065 1551795541 * <== 5.162.60.172:20511       ACK sip:45.152.22.178:5061;transport=TLS SIP/2.0
00066 1551795542 * ==> 192.168.2.114:9546       OPTIONS sip:106@192.168.2.114:9546 SIP/2.0
00067 1551795543 * ==> 192.168.2.114:9546       OPTIONS sip:106@192.168.2.114:9546 SIP/2.0
00068 1551795544 * ==> 192.168.2.114:9546       OPTIONS sip:106@192.168.2.114:9546 SIP/2.0
00069 1551795546 * ==> 10.209.120.128:40489     OPTIONS sip:103@10.209.120.128:40489;transport=tls SIP/2.0
00070 1551795546 * ==> 192.168.2.114:9546       OPTIONS sip:106@192.168.2.114:9546 SIP/2.0
00071 1551795550 * ==> 192.168.2.114:9546       OPTIONS sip:106@192.168.2.114:9546 SIP/2.0
00072 1551795554 * ==> 192.168.2.114:9546       OPTIONS sip:106@192.168.2.114:9546 SIP/2.0
00073 1551795556 * ==> 10.209.120.128:40460     OPTIONS sip:103@10.209.120.128:40460;transport=tls SIP/2.0
00074 1551795558 * ==> 192.168.2.114:9546       OPTIONS sip:106@192.168.2.114:9546 SIP/2.0
00075 1551795559 * ==> 10.209.120.128:40682     OPTIONS sip:103@10.209.120.128:40682;transport=tls SIP/2.0
00076 1551795562 * ==> 192.168.2.114:9546       OPTIONS sip:106@192.168.2.114:9546 SIP/2.0
00077 1551795566 * ==> 192.168.2.114:9546       OPTIONS sip:106@192.168.2.114:9546 SIP/2.0
00078 1551795569 * ==> 10.209.120.128:40423     OPTIONS sip:103@10.209.120.128:40423;transport=tls SIP/2.0
00079 1551795570 * ==> 192.168.2.114:9546       OPTIONS sip:106@192.168.2.114:9546 SIP/2.0
00080 1551795574 * ==> 192.168.2.114:39412      OPTIONS sip:103@192.168.2.114:39412;transport=tls SIP/2.0
00081 1551795574 * ==> 192.168.2.114:9546       OPTIONS sip:106@192.168.2.114:9546 SIP/2.0
00082 1551795578 * ==> 192.168.2.114:39406      OPTIONS sip:103@192.168.2.114:39406;transport=tls SIP/2.0
00083 1551795583 * <== 192.168.2.124:5062       BYE sip:asterisk@192.168.2.18:5060 SIP/2.0
00084 1551795583 * ==> 192.168.2.124:5062       SIP/2.0 200 OK
00085 1551795583 * ==> 10.209.120.128:40682     BYE sip:103@10.209.120.128:40682;transport=tls SIP/2.0
00086 1551795584 * ==> 10.209.120.128:40484     OPTIONS sip:103@10.209.120.128:40484;transport=tls SIP/2.0

#2

You don’t have any NAT settings set on the endpoint. The following should help:

rtp_symmetric=yes
rewrite_contact=yes
force_rport=yes

#3

Ahh , Thanks a lot that solved the issue !