Outgoing call using TLS: 500 Server Internal Error or 480 Temporarily Unavailable

Hi,
My Asterisk is connected to the public switched telephone network (secure calling using TLS/SRTP). When I’m calling an external number from my VOIP software, my mobile is ringing and I can accept the call. However, after few seconds, the call is dropped with

  • 500 Server Internal Error (few times)
  • 480 Temporarily Unavailable (most of the time)

Additional point: After accepting the call, I cannot hear anything from my mobile device.

Traces for the 2 error messages are available hereafter

Extract from pjsip.conf

[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0
local_net=192.168.0.190/255.255.255.254
external_media_address=7X.XX.XX.156
external_signaling_address=7X.XX.XX.156
tos=192
method=sslv23
ca_list_path=/etc/asterisk/keys/trustedcas
verify_server=false

[mytrunk-out]
type=endpoint
transport=transport-tls
context=dialplan
allow=!all,g722,alaw,ulaw
direct_media=yes
dtmf_mode=rfc4733
outbound_auth=trunk-auth
outbound_proxy=sip:reg.sip-trunk.server.com:5061\;transport=tls\;lr
from_domain=sip-trunk.server.com
media_encryption=sdes
aors=trunk-aor

Trace 01 (500 Server Internal Error)

<--- Received SIP response (1130 bytes) from TLS:217.XX.XX.229:5061 --->

SIP/2.0 183 Session Progress

Via: SIP/2.0/TLS 7X.XX.XX.156:5061;rport=45841;branch=z9hG4bKPj436f7151-c43d-4c99-a7c9-9a0414091328;alias

Record-Route: <sip:reg.sip-trunk.server.com;transport=tls;lr>

To: <sip:+XXXXXXXXXX395@sip-trunk.server.com>;tag=45e2517f

From: <sip:Gilles@sip-trunk.server.com>;tag=a94a41ec-4f1a-43b9-aa0e-6d9176ea43a8

Call-ID: 5d1b11e5-a786-407f-89d7-98ce9f5a6cf4

Contact: <sip:TRM/iS0zyHUoFOvNRpSW0/L9E1rkgV459PDlkY3G6SCz81W0ZNtrF0NKSLj93p4MkYEt@th1>

Supported: 100rel,histinfo,norefersub,precondition,timer,uui

CSeq: 29633 INVITE

Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, PRACK, REFER, REGISTER, UPDATE

Require: 100rel

RSeq: 1

Reason: TSSI;cause=0

Content-Type: application/sdp

Content-Disposition: session

Content-Length: 348

v=0

o=- 0 0 IN IP4 217.XX.XX.229

s=on transit

c=IN IP4 217.XX.XX.17

t=0 0

m=audio 12234 RTP/SAVP 0 101

a=sendrecv

a=ptime:20

a=msi:mavodi-0-14d-693-7-ffffffff-2a1af6a-@10.236.12.236

a=rtpmap:0 PCMU/8000

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-15

a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:hk0swTxmK730WMS8Qfh0ayEpi/IrACbwG397RCNp

-- PJSIP/mytrunk-out-00000003 is making progress passing it to PJSIP/Gilles-00000002

-- PJSIP/mytrunk-out-00000003 is making progress passing it to PJSIP/Gilles-00000002

<--- Transmitting SIP response (793 bytes) to UDP:192.168.0.181:21499 --->

SIP/2.0 183 Session Progress

Via: SIP/2.0/UDP 192.168.0.181:21499;rport=21499;received=192.168.0.181;branch=z9hG4bK-524287-1---6f558210ae66d548

Call-ID: JmmAVn9AskBcrgr0siAFkQ..

From: <sip:Gilles@192.168.0.190>;tag=e41a3e63

To: <sip:+XXXXXXXXXX395@192.168.0.190>;tag=94f9e445-0277-468a-97fc-bf69e1b84bfe

CSeq: 2 INVITE

Server: Asterisk PBX GIT-master-c8dec423d2M

Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER

Contact: <sip:192.168.0.190:5060>

Content-Type: application/sdp

Content-Length: 221

v=0

o=- 0 3 IN IP4 192.168.0.190

s=Asterisk

c=IN IP4 192.168.0.190

t=0 0

m=audio 12182 RTP/AVP 0 101

a=rtpmap:0 PCMU/8000

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-16

a=ptime:20

a=maxptime:150

a=sendrecv

<--- Transmitting SIP response (793 bytes) to UDP:192.168.0.181:21499 --->

SIP/2.0 183 Session Progress

Via: SIP/2.0/UDP 192.168.0.181:21499;rport=21499;received=192.168.0.181;branch=z9hG4bK-524287-1---6f558210ae66d548

Call-ID: JmmAVn9AskBcrgr0siAFkQ..

From: <sip:Gilles@192.168.0.190>;tag=e41a3e63

To: <sip:+XXXXXXXXXX395@192.168.0.190>;tag=94f9e445-0277-468a-97fc-bf69e1b84bfe

CSeq: 2 INVITE

Server: Asterisk PBX GIT-master-c8dec423d2M

Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER

Contact: <sip:192.168.0.190:5060>

Content-Type: application/sdp

Content-Length: 221

v=0

o=- 0 3 IN IP4 192.168.0.190

s=Asterisk

c=IN IP4 192.168.0.190

t=0 0

m=audio 12182 RTP/AVP 0 101

a=rtpmap:0 PCMU/8000

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-16

a=ptime:20

a=maxptime:150

a=sendrecv

<--- Received SIP response (1130 bytes) from TLS:217.XX.XX.229:5061 --->

SIP/2.0 183 Session Progress

Via: SIP/2.0/TLS 7X.XX.XX.156:5061;rport=45841;branch=z9hG4bKPj436f7151-c43d-4c99-a7c9-9a0414091328;alias

Record-Route: <sip:reg.sip-trunk.server.com;transport=tls;lr>

To: <sip:+XXXXXXXXXX395@sip-trunk.server.com>;tag=45e2517f

From: <sip:Gilles@sip-trunk.server.com>;tag=a94a41ec-4f1a-43b9-aa0e-6d9176ea43a8

Call-ID: 5d1b11e5-a786-407f-89d7-98ce9f5a6cf4

Contact: <sip:TRM/iS0zyHUoFOvNRpSW0/L9E1rkgV459PDlkY3G6SCz81W0ZNtrF0NKSLj93p4MkYEt@th1>

Supported: 100rel,histinfo,norefersub,precondition,timer,uui

CSeq: 29633 INVITE

Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, PRACK, REFER, REGISTER, UPDATE

Require: 100rel

RSeq: 1

Reason: TSSI;cause=0

Content-Type: application/sdp

Content-Disposition: session

Content-Length: 348

v=0

o=- 0 0 IN IP4 217.XX.XX.229

s=on transit

c=IN IP4 217.XX.XX.17

t=0 0

m=audio 12234 RTP/SAVP 0 101

a=sendrecv

a=ptime:20

a=msi:mavodi-0-14d-693-7-ffffffff-2a1af6a-@10.236.12.236

a=rtpmap:0 PCMU/8000

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-15

a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:hk0swTxmK730WMS8Qfh0ayEpi/IrACbwG397RCNp

-- PJSIP/mytrunk-out-00000003 is making progress passing it to PJSIP/Gilles-00000002

-- PJSIP/mytrunk-out-00000003 is making progress passing it to PJSIP/Gilles-00000002

<--- Transmitting SIP response (793 bytes) to UDP:192.168.0.181:21499 --->

SIP/2.0 183 Session Progress

Via: SIP/2.0/UDP 192.168.0.181:21499;rport=21499;received=192.168.0.181;branch=z9hG4bK-524287-1---6f558210ae66d548

Call-ID: JmmAVn9AskBcrgr0siAFkQ..

From: <sip:Gilles@192.168.0.190>;tag=e41a3e63

To: <sip:+XXXXXXXXXX395@192.168.0.190>;tag=94f9e445-0277-468a-97fc-bf69e1b84bfe

CSeq: 2 INVITE

Server: Asterisk PBX GIT-master-c8dec423d2M

Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER

Contact: <sip:192.168.0.190:5060>

Content-Type: application/sdp

Content-Length: 221

v=0

o=- 0 3 IN IP4 192.168.0.190

s=Asterisk

c=IN IP4 192.168.0.190

t=0 0

m=audio 12182 RTP/AVP 0 101

a=rtpmap:0 PCMU/8000

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-16

a=ptime:20

a=maxptime:150

a=sendrecv

<--- Transmitting SIP response (793 bytes) to UDP:192.168.0.181:21499 --->

SIP/2.0 183 Session Progress

Via: SIP/2.0/UDP 192.168.0.181:21499;rport=21499;received=192.168.0.181;branch=z9hG4bK-524287-1---6f558210ae66d548

Call-ID: JmmAVn9AskBcrgr0siAFkQ..

From: <sip:Gilles@192.168.0.190>;tag=e41a3e63

To: <sip:+XXXXXXXXXX395@192.168.0.190>;tag=94f9e445-0277-468a-97fc-bf69e1b84bfe

CSeq: 2 INVITE

Server: Asterisk PBX GIT-master-c8dec423d2M

Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER

Contact: <sip:192.168.0.190:5060>

Content-Type: application/sdp

Content-Length: 221

v=0

o=- 0 3 IN IP4 192.168.0.190

s=Asterisk

c=IN IP4 192.168.0.190

t=0 0

m=audio 12182 RTP/AVP 0 101

a=rtpmap:0 PCMU/8000

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-16

a=ptime:20

a=maxptime:150

a=sendrecv

<--- Received SIP response (1130 bytes) from TLS:217.XX.XX.229:5061 --->

SIP/2.0 183 Session Progress

Via: SIP/2.0/TLS 7X.XX.XX.156:5061;rport=45841;branch=z9hG4bKPj436f7151-c43d-4c99-a7c9-9a0414091328;alias

Record-Route: <sip:reg.sip-trunk.server.com;transport=tls;lr>

To: <sip:+XXXXXXXXXX395@sip-trunk.server.com>;tag=45e2517f

From: <sip:Gilles@sip-trunk.server.com>;tag=a94a41ec-4f1a-43b9-aa0e-6d9176ea43a8

Call-ID: 5d1b11e5-a786-407f-89d7-98ce9f5a6cf4

Contact: <sip:TRM/iS0zyHUoFOvNRpSW0/L9E1rkgV459PDlkY3G6SCz81W0ZNtrF0NKSLj93p4MkYEt@th1>

Supported: 100rel,histinfo,norefersub,precondition,timer,uui

CSeq: 29633 INVITE

Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, PRACK, REFER, REGISTER, UPDATE

Require: 100rel

RSeq: 1

Reason: TSSI;cause=0

Content-Type: application/sdp

Content-Disposition: session

Content-Length: 348

v=0

o=- 0 0 IN IP4 217.XX.XX.229

s=on transit

c=IN IP4 217.XX.XX.17

t=0 0

m=audio 12234 RTP/SAVP 0 101

a=sendrecv

a=ptime:20

a=msi:mavodi-0-14d-693-7-ffffffff-2a1af6a-@10.236.12.236

a=rtpmap:0 PCMU/8000

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-15

a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:hk0swTxmK730WMS8Qfh0ayEpi/IrACbwG397RCNp

-- PJSIP/mytrunk-out-00000003 is making progress passing it to PJSIP/Gilles-00000002

-- PJSIP/mytrunk-out-00000003 is making progress passing it to PJSIP/Gilles-00000002

<--- Transmitting SIP response (793 bytes) to UDP:192.168.0.181:21499 --->

SIP/2.0 183 Session Progress

Via: SIP/2.0/UDP 192.168.0.181:21499;rport=21499;received=192.168.0.181;branch=z9hG4bK-524287-1---6f558210ae66d548

Call-ID: JmmAVn9AskBcrgr0siAFkQ..

From: <sip:Gilles@192.168.0.190>;tag=e41a3e63

To: <sip:+XXXXXXXXXX395@192.168.0.190>;tag=94f9e445-0277-468a-97fc-bf69e1b84bfe

CSeq: 2 INVITE

Server: Asterisk PBX GIT-master-c8dec423d2M

Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER

Contact: <sip:192.168.0.190:5060>

Content-Type: application/sdp

Content-Length: 221

v=0

o=- 0 3 IN IP4 192.168.0.190

s=Asterisk

c=IN IP4 192.168.0.190

t=0 0

m=audio 12182 RTP/AVP 0 101

a=rtpmap:0 PCMU/8000

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-16

a=ptime:20

a=maxptime:150

a=sendrecv

<--- Transmitting SIP response (793 bytes) to UDP:192.168.0.181:21499 --->

SIP/2.0 183 Session Progress

Via: SIP/2.0/UDP 192.168.0.181:21499;rport=21499;received=192.168.0.181;branch=z9hG4bK-524287-1---6f558210ae66d548

Call-ID: JmmAVn9AskBcrgr0siAFkQ..

From: <sip:Gilles@192.168.0.190>;tag=e41a3e63

To: <sip:+XXXXXXXXXX395@192.168.0.190>;tag=94f9e445-0277-468a-97fc-bf69e1b84bfe

CSeq: 2 INVITE

Server: Asterisk PBX GIT-master-c8dec423d2M

Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER

Contact: <sip:192.168.0.190:5060>

Content-Type: application/sdp

Content-Length: 221

v=0

o=- 0 3 IN IP4 192.168.0.190

s=Asterisk

c=IN IP4 192.168.0.190

t=0 0

m=audio 12182 RTP/AVP 0 101

a=rtpmap:0 PCMU/8000

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-16

a=ptime:20

a=maxptime:150

a=sendrecv

<--- Received SIP response (537 bytes) from TLS:217.XX.XX.229:5061 --->

SIP/2.0 500 Server Internal Error

Via: SIP/2.0/TLS 7X.XX.XX.156:5061;rport=45841;branch=z9hG4bKPj436f7151-c43d-4c99-a7c9-9a0414091328;alias

To: <sip:+XXXXXXXXXX395@sip-trunk.server.com>;tag=45e2517f

From: <sip:Gilles@sip-trunk.server.com>;tag=a94a41ec-4f1a-43b9-aa0e-6d9176ea43a8

Call-ID: 5d1b11e5-a786-407f-89d7-98ce9f5a6cf4

Contact: <sip:TRM/iS0zyHUoFOvNRpSW0/L9E1rkgV459PDlkY3G6SCz81W0ZNtrF0NKSLj93p4MkYEt@th1>

CSeq: 29633 INVITE

Allow: ACK, BYE, CANCEL, INVITE, OPTIONS, REGISTER

Reason: TSSI;cause=0

Content-Length: 0

<--- Transmitting SIP request (512 bytes) to TLS:217.XX.XX.229:5061 --->

ACK sip:+XXXXXXXXXX395@sip-trunk.server.com SIP/2.0

Via: SIP/2.0/TLS 7X.XX.XX.156:5061;rport;branch=z9hG4bKPj436f7151-c43d-4c99-a7c9-9a0414091328;alias

From: <sip:Gilles@sip-trunk.server.com>;tag=a94a41ec-4f1a-43b9-aa0e-6d9176ea43a8

To: <sip:+XXXXXXXXXX395@sip-trunk.server.com>;tag=45e2517f

Call-ID: 5d1b11e5-a786-407f-89d7-98ce9f5a6cf4

CSeq: 29633 ACK

Route: <sip:reg.sip-trunk.server.com:5061;transport=tls;lr>

Max-Forwards: 70

User-Agent: Asterisk PBX GIT-master-c8dec423d2M

Content-Length: 0

== Everyone is busy/congested at this time (1:0/0/1)

-- Auto fallthrough, channel 'PJSIP/Gilles-00000002' status is 'CHANUNAVAIL'

<--- Transmitting SIP response (530 bytes) to UDP:192.168.0.181:21499 --->

SIP/2.0 503 Service Unavailable

Via: SIP/2.0/UDP 192.168.0.181:21499;rport=21499;received=192.168.0.181;branch=z9hG4bK-524287-1---6f558210ae66d548

Call-ID: JmmAVn9AskBcrgr0siAFkQ..

From: <sip:Gilles@192.168.0.190>;tag=e41a3e63

To: <sip:+XXXXXXXXXX395@192.168.0.190>;tag=94f9e445-0277-468a-97fc-bf69e1b84bfe

CSeq: 2 INVITE

Server: Asterisk PBX GIT-master-c8dec423d2M

Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER

Reason: Q.850;cause=34

Content-Length: 0

Trace 02 (480 Temporarily Unavailable)

<--- Received SIP response (1131 bytes) from TLS:217.XX.XX.229:5061 --->

SIP/2.0 183 Session Progress

Via: SIP/2.0/TLS 7X.XX.XX.156:5061;rport=37791;branch=z9hG4bKPj4a54efb3-18e6-4f86-b9e3-5957dc1d2ba4;alias

Record-Route: <sip:reg.sip-trunk.server.com;transport=tls;lr>

To: <sip:+XXXXXXXXXX395@sip-trunk.server.com>;tag=15e4d836

From: <sip:Gilles@sip-trunk.server.com>;tag=eb30467a-7bc6-4dbd-a331-f839e8d583be

Call-ID: d0b6d0c9-ceeb-4db6-a348-14bb988716c1

Contact: <sip:pvCB+koCRV6KVqNHm8q87u9oEdLdTs5/xRAd+i3ok8HW91oOdSqCXVLPMSfaQaOmYIsK@th1>

Supported: 100rel,histinfo,norefersub,precondition,timer,uui

CSeq: 25197 INVITE

Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, PRACK, REFER, REGISTER, UPDATE

Require: 100rel

RSeq: 1

Reason: TSSI;cause=0

Content-Type: application/sdp

Content-Disposition: session

Content-Length: 349

v=0

o=- 0 0 IN IP4 217.XX.XX.229

s=on transit

c=IN IP4 217.XX.XX.161

t=0 0

m=audio 14886 RTP/SAVP 0 101

a=sendrecv

a=ptime:20

a=msi:mavodi-0-14d-c01-b-ffffffff-5584e1ee-@10.66.13.233

a=rtpmap:0 PCMU/8000

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-15

a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:mlSiBEmBCSt4VwiQ6sH3UOZOyw7GvDRf7yy4jYX3

-- PJSIP/mytrunk-out-00000001 is making progress passing it to PJSIP/Gilles-00000000

-- PJSIP/mytrunk-out-00000001 is making progress passing it to PJSIP/Gilles-00000000

<--- Transmitting SIP response (793 bytes) to UDP:192.168.0.181:21499 --->

SIP/2.0 183 Session Progress

Via: SIP/2.0/UDP 192.168.0.181:21499;rport=21499;received=192.168.0.181;branch=z9hG4bK-524287-1---c0a44c611c80ae72

Call-ID: mCCclCKRuvMrOVv7GDYlRQ..

From: <sip:Gilles@192.168.0.190>;tag=a3d98f3d

To: <sip:+XXXXXXXXXX395@192.168.0.190>;tag=1100ac83-46b2-4742-b820-12290d616921

CSeq: 2 INVITE

Server: Asterisk PBX GIT-master-c8dec423d2M

Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER

Contact: <sip:192.168.0.190:5060>

Content-Type: application/sdp

Content-Length: 221

v=0

o=- 0 3 IN IP4 192.168.0.190

s=Asterisk

c=IN IP4 192.168.0.190

t=0 0

m=audio 14192 RTP/AVP 0 101

a=rtpmap:0 PCMU/8000

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-16

a=ptime:20

a=maxptime:150

a=sendrecv

<--- Transmitting SIP response (793 bytes) to UDP:192.168.0.181:21499 --->

SIP/2.0 183 Session Progress

Via: SIP/2.0/UDP 192.168.0.181:21499;rport=21499;received=192.168.0.181;branch=z9hG4bK-524287-1---c0a44c611c80ae72

Call-ID: mCCclCKRuvMrOVv7GDYlRQ..

From: <sip:Gilles@192.168.0.190>;tag=a3d98f3d

To: <sip:+XXXXXXXXXX395@192.168.0.190>;tag=1100ac83-46b2-4742-b820-12290d616921

CSeq: 2 INVITE

Server: Asterisk PBX GIT-master-c8dec423d2M

Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER

Contact: <sip:192.168.0.190:5060>

Content-Type: application/sdp

Content-Length: 221

v=0

o=- 0 3 IN IP4 192.168.0.190

s=Asterisk

c=IN IP4 192.168.0.190

t=0 0

m=audio 14192 RTP/AVP 0 101

a=rtpmap:0 PCMU/8000

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-16

a=ptime:20

a=maxptime:150

a=sendrecv

<--- Received SIP response (1131 bytes) from TLS:217.XX.XX.229:5061 --->

SIP/2.0 183 Session Progress

Via: SIP/2.0/TLS 7X.XX.XX.156:5061;rport=37791;branch=z9hG4bKPj4a54efb3-18e6-4f86-b9e3-5957dc1d2ba4;alias

Record-Route: <sip:reg.sip-trunk.server.com;transport=tls;lr>

To: <sip:+XXXXXXXXXX395@sip-trunk.server.com>;tag=15e4d836

From: <sip:Gilles@sip-trunk.server.com>;tag=eb30467a-7bc6-4dbd-a331-f839e8d583be

Call-ID: d0b6d0c9-ceeb-4db6-a348-14bb988716c1

Contact: <sip:pvCB+koCRV6KVqNHm8q87u9oEdLdTs5/xRAd+i3ok8HW91oOdSqCXVLPMSfaQaOmYIsK@th1>

Supported: 100rel,histinfo,norefersub,precondition,timer,uui

CSeq: 25197 INVITE

Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, PRACK, REFER, REGISTER, UPDATE

Require: 100rel

RSeq: 1

Reason: TSSI;cause=0

Content-Type: application/sdp

Content-Disposition: session

Content-Length: 349

v=0

o=- 0 0 IN IP4 217.XX.XX.229

s=on transit

c=IN IP4 217.XX.XX.161

t=0 0

m=audio 14886 RTP/SAVP 0 101

a=sendrecv

a=ptime:20

a=msi:mavodi-0-14d-c01-b-ffffffff-5584e1ee-@10.66.13.233

a=rtpmap:0 PCMU/8000

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-15

a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:mlSiBEmBCSt4VwiQ6sH3UOZOyw7GvDRf7yy4jYX3

-- PJSIP/mytrunk-out-00000001 is making progress passing it to PJSIP/Gilles-00000000

-- PJSIP/mytrunk-out-00000001 is making progress passing it to PJSIP/Gilles-00000000

<--- Transmitting SIP response (793 bytes) to UDP:192.168.0.181:21499 --->

SIP/2.0 183 Session Progress

Via: SIP/2.0/UDP 192.168.0.181:21499;rport=21499;received=192.168.0.181;branch=z9hG4bK-524287-1---c0a44c611c80ae72

Call-ID: mCCclCKRuvMrOVv7GDYlRQ..

From: <sip:Gilles@192.168.0.190>;tag=a3d98f3d

To: <sip:+XXXXXXXXXX395@192.168.0.190>;tag=1100ac83-46b2-4742-b820-12290d616921

CSeq: 2 INVITE

Server: Asterisk PBX GIT-master-c8dec423d2M

Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER

Contact: <sip:192.168.0.190:5060>

Content-Type: application/sdp

Content-Length: 221

v=0

o=- 0 3 IN IP4 192.168.0.190

s=Asterisk

c=IN IP4 192.168.0.190

t=0 0

m=audio 14192 RTP/AVP 0 101

a=rtpmap:0 PCMU/8000

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-16

a=ptime:20

a=maxptime:150

a=sendrecv

<--- Transmitting SIP response (793 bytes) to UDP:192.168.0.181:21499 --->

SIP/2.0 183 Session Progress

Via: SIP/2.0/UDP 192.168.0.181:21499;rport=21499;received=192.168.0.181;branch=z9hG4bK-524287-1---c0a44c611c80ae72

Call-ID: mCCclCKRuvMrOVv7GDYlRQ..

From: <sip:Gilles@192.168.0.190>;tag=a3d98f3d

To: <sip:+XXXXXXXXXX395@192.168.0.190>;tag=1100ac83-46b2-4742-b820-12290d616921

CSeq: 2 INVITE

Server: Asterisk PBX GIT-master-c8dec423d2M

Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER

Contact: <sip:192.168.0.190:5060>

Content-Type: application/sdp

Content-Length: 221

v=0

o=- 0 3 IN IP4 192.168.0.190

s=Asterisk

c=IN IP4 192.168.0.190

t=0 0

m=audio 14192 RTP/AVP 0 101

a=rtpmap:0 PCMU/8000

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-16

a=ptime:20

a=maxptime:150

a=sendrecv

<--- Received SIP response (539 bytes) from TLS:217.XX.XX.229:5061 --->

SIP/2.0 480 Temporarily Unavailable

Via: SIP/2.0/TLS 7X.XX.XX.156:5061;rport=37791;branch=z9hG4bKPj4a54efb3-18e6-4f86-b9e3-5957dc1d2ba4;alias

To: <sip:+XXXXXXXXXX395@sip-trunk.server.com>;tag=15e4d836

From: <sip:Gilles@sip-trunk.server.com>;tag=eb30467a-7bc6-4dbd-a331-f839e8d583be

Call-ID: d0b6d0c9-ceeb-4db6-a348-14bb988716c1

Contact: <sip:pvCB+koCRV6KVqNHm8q87u9oEdLdTs5/xRAd+i3ok8HW91oOdSqCXVLPMSfaQaOmYIsK@th1>

CSeq: 25197 INVITE

Allow: ACK, BYE, CANCEL, INVITE, OPTIONS, REGISTER

Reason: TSSI;cause=0

Content-Length: 0

<--- Transmitting SIP request (512 bytes) to TLS:217.XX.XX.229:5061 --->

ACK sip:+XXXXXXXXXX395@sip-trunk.server.com SIP/2.0

Via: SIP/2.0/TLS 7X.XX.XX.156:5061;rport;branch=z9hG4bKPj4a54efb3-18e6-4f86-b9e3-5957dc1d2ba4;alias

From: <sip:Gilles@sip-trunk.server.com>;tag=eb30467a-7bc6-4dbd-a331-f839e8d583be

To: <sip:+XXXXXXXXXX395@sip-trunk.server.com>;tag=15e4d836

Call-ID: d0b6d0c9-ceeb-4db6-a348-14bb988716c1

CSeq: 25197 ACK

Route: <sip:reg.sip-trunk.server.com:5061;transport=tls;lr>

Max-Forwards: 70

User-Agent: Asterisk PBX GIT-master-c8dec423d2M

Content-Length: 0

-- No one is available to answer at this time (1:0/0/0)

-- Auto fallthrough, channel 'PJSIP/Gilles-00000000' status is 'NOANSWER'

<--- Transmitting SIP response (534 bytes) to UDP:192.168.0.181:21499 --->

SIP/2.0 480 Temporarily Unavailable

Via: SIP/2.0/UDP 192.168.0.181:21499;rport=21499;received=192.168.0.181;branch=z9hG4bK-524287-1---c0a44c611c80ae72

Call-ID: mCCclCKRuvMrOVv7GDYlRQ..

From: <sip:Gilles@192.168.0.190>;tag=a3d98f3d

To: <sip:+XXXXXXXXXX395@192.168.0.190>;tag=1100ac83-46b2-4742-b820-12290d616921

CSeq: 2 INVITE

Server: Asterisk PBX GIT-master-c8dec423d2M

Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER

Reason: Q.850;cause=19

Content-Length: 0

<--- Received SIP request (348 bytes) from UDP:192.168.0.181:21499 --->

ACK sip:+XXXXXXXXXX395@192.168.0.190 SIP/2.0

Via: SIP/2.0/UDP 192.168.0.181:21499;branch=z9hG4bK-524287-1---c0a44c611c80ae72;rport

Max-Forwards: 70

To: <sip:+XXXXXXXXXX395@192.168.0.190>;tag=1100ac83-46b2-4742-b820-12290d616921

From: <sip:Gilles@192.168.0.190>;tag=a3d98f3d

Call-ID: mCCclCKRuvMrOVv7GDYlRQ..

CSeq: 2 ACK

Content-Length: 0

After reading again some pages on the wiki, it seems I found that the following parameters were missing in my endpoint:
rtp_symmetric=yes
force_rport=yes
rewrite_contact=yes

Following my understanding, they are mandatory is Asterisk server is behind a NAT. These 3 options are replacing the nat option from the chan_sip.
Can someone confirm it was the origin of my 2 errors?

They are not mandatory. They cope with various cases of NAT not being adequately handled elsewhere. The main use of the first two, at least, is actually for when Asterisk is outside NAT and the peer is inside.

With my current configuration, Asterisk (Linux server) and the VOIP software (smartphone) are behind a DSL box (TLS because post 5060 cannot be forwarded) and trunk is for sure outside. Without these 3 options, I was not able to get a working outgoing call (VOIP to public number).
So, in the situation, it seems they are mandatory. Correct?

Could you please explain exactly what is the policy that you are trying to work round.

I’m pretty sure that force rport has no effect when using TCP, as the replies are always on the same port (I suppose it might have some effect if the TCP connection drops out, but I would have thought that the reverse connection would be established to the peer’s contact address.

If you have complex restrictive policies in force, they may break the session at more than the start of the call. Using TLS as a work round for a provider restriction seems strange.

Hi David,
Due to the pandemic, I have currently to work from home and I have a lot of constrain to setup an architecture using Asterisk connected to a public network.

As mentioned previously, at home, my DSL provider is blocking port 5060 (UDP and TCP) because they are using it for my personal VOIP line.

Then, the only way I found to establish a connection with a public trunk (not the one provided by my DSL provider but another one ) is to use TLS (signalling on port 5061). Architecture is the following:

Public Trunk <---------> DSL Box <-----> Switch

From Switch <--------> Access Point <-------> VOIP clients
From Switch <--------> Asterisk

On my DSL box, I forwarded port 5061 (TLS) and a range 10000-20000 to Asterisk.

Regarding the 3 options (rtp_symmetric, force_rport, rewrite_contact), I followed instructions from https://wiki.asterisk.org/wiki/display/AST/Migrating+from+chan_sip+to+res_pjsip regarding NAT.

Before setting these 3 parameters to yes, I was not able to establish an outgoing connection (signalling was working but call dropped after few seconds [See my original post]). I’m not saying that all these 3 are mandatory. I would like just to understand more deeply the meaning of each of them to see if they are useless or not.

Most chan_sip configurations I see are what I call cook book ones. They have been cut and pasted without understanding. Generally these are designed to be least likely to produce obvious symptoms, so, for example have all the work arounds enabled, even though some, like insecure, compromise security if applied when not needed.

Force rport causes the UAS to behave as though rport had been included in the request. It signalling responses to be sent to the port and address from which the request was received, rather than the ones included in the request. This is only meaningful for UDP, as TCP and TLS responses should always be on the same connection, so will always use the addresses from the IP level.

Comedia means that media is sent to the address an port from which media is received, rather than those given in the SDP. Before any is received, it is sent to the address given in the SDP, so if both sides implement comedia, one of them must not actually need it, otherwise there will be stalemate.

Rewrite contact is not an option that is available for chan_sip, and the comments in the sample file don’t actually say what it does. I haven’t checked the source code, but my working hypothesis is that it causes the IP address to be ignored in Contact headers, and the actual source IP address to be used instead. However, I am open to corrections on that. (The alternative interpretation would be that it rewrites those being sent, to reflect the public address, but chan_sip seems to be able to work that out just from localnets, so I don’t see why such an option would be needed.)

@david551 You are correct on what rewrite_contact does. It ensures that subsequent in-dialog SIP requests are sent to the source IP address and port, instead of the target provided by the remote endpoint.

Thanks for your explanation. It’s not easy…
I need really to spend more time for understanding how/when to apply each of them.
Regards