PJSIP RTP Issues with NAT endpoints

Hello,

I am currently running:

Asterisk 13.9.1 in FreePBX Firmware: 10.13.66-12

I have the PBX in a data center behind NAT. I have a soft phone in my house behind NAT as well.
The extensions registers appropriately but RTP packets are being sent to the wrong IP . The same setup with the chan-sip driver works perfectly. Issue is only happening on pjsip
Here are the traces from the PBX:
<— Transmitting SIP response (948 bytes) to UDP:205.178.30.162:55060 —>
SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.20.162:55060;rport=55060;received=205.178.30.162;branch=z9hG4bK-524287-1—f7a5271d80a5801a
Call-ID: 79961NjEwYjRiMGMzNGQwZjc4MmM1ZDAyMDA2OWQ1YzQ3NmY
From: “Levi Test” ;tag=be37784f
To: ;tag=p0yUVCaw91gNVHxUBe.0Iu3RW5T51Q6Z
CSeq: 2 INVITE
Server: FPBX-13.0.131(13.9.1)
Contact:
Allow: OPTIONS, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, REGISTER, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub
P-Asserted-Identity: "Dial Voicemail"
Content-Type: application/sdp
Content-Length: 276

v=0
o=- 1023031690 3 IN IP4 172.20.50.25
s=Asterisk
c=IN IP4 172.20.50.25
t=0 0
m=audio 11166 RTP/AVP 0 8 9 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv

<— Received SIP request (442 bytes) from UDP:205.178.30.162:55060 —>
ACK sip:74.119.152.5:55060 SIP/2.0
Via: SIP/2.0/UDP 192.168.20.162:55060;branch=z9hG4bK-524287-1—04892311eee55c6f;rport
Max-Forwards: 70
Contact:
To: ;tag=p0yUVCaw91gNVHxUBe.0Iu3RW5T51Q6Z
From: “Levi Test” ;tag=be37784f
Call-ID: 79961NjEwYjRiMGMzNGQwZjc4MmM1ZDAyMDA2OWQ1YzQ3NmY
CSeq: 2 ACK
User-Agent: X-Lite release 4.9.3 stamp 79961
Content-Length: 0

Sent RTP packet to 192.168.20.162:19428 (type 00, seq 004093, ts 000160, len 000160)
Sent RTP packet to 192.168.20.162:19428 (type 00, seq 004094, ts 000320, len 000160)
Sent RTP packet to 192.168.20.162:19428 (type 00, seq 004095, ts 000480, len 000160)
Sent RTP packet to 192.168.20.162:19428 (type 00, seq 004096, ts 000640, len 000160)
Sent RTP packet to 192.168.20.162:19428 (type 00, seq 004097, ts 000800, len 000160)
Sent RTP packet to 192.168.20.162:19428 (type 00, seq 004098, ts 000960, len 000160)
Sent RTP packet to 192.168.20.162:19428 (type 00, seq 004099, ts 001120, len 000160)
Sent RTP packet to 192.168.20.162:19428 (type 00, seq 004100, ts 001280, len 000160)
Sent RTP packet to 192.168.20.162:19428 (type 00, seq 004101, ts 001440, len 000160)
Sent RTP packet to 192.168.20.162:19428 (type 00, seq 004102, ts 001600, len 000160)

As you can see from this the packets are being set to the private IP of my Softphone on the remote network, instead of the public ip.
Researching online did not reveal much info
The following document describes a similar issues that got resolved by an Asterisk Update but I have that update already
http://asteriskfaqs.org/2016/03/02/asterisk-users/rtp-nat-question-pjsip.html

Here is my networking Set Up
PBX Local IP : 172.20.50.25
PBX Wan IP: 74.119.152.5

Sofphone Private : 192.168.20.162
Public DHCP from Comcast : 205.178.30.162 at time of test

Also

RTP Symmetric YES
Rewrite Contact YES
Force rport YES

Any help would be appreciated

This worked in an older version of Asterisk. It stopped working once updates where applied.

Have you configured the transport in pjsip.conf with the information about the WAN IP? It does not appear so as the outgoing SDP contains the local IP address, which means we would never be able to receive media from the other side.

There’s a guide on the wiki[1] which covers this.

[1] https://wiki.asterisk.org/wiki/display/AST/Configuring+res_pjsip+to+work+through+NAT

Assuming that you do not use SIP ALG on your router performing NAT, add these lines to /etc/asterisk/pjsip.conf (specifically, to the transport section):
local_net=172.20.50.0/24 ;Or what is your prefix?
external_media_address=74.119.152.5
external_signaling_address=74.119.152.5

Restart Asterisk and try again.

also the use of an stun server on the client side could help.

This is added to pjsip.transports.conf wich is included in pjsip.conf

[0.0.0.0-udp]
type=transport
protocol=udp
bind=0.0.0.0:55060
external_media_address=74.119.152.5
external_signaling_address=74.119.152.5
allow_reload=yes
local_net=172.20.50.0/24

Also the endpoints have all this:

media_use_received_transport=yes
trust_id_inbound=yes
media_encryption=no
rtp_symmetric=yes
rewrite_contact=yes
force_rport=yes

These where added at initial configuration. Any other settings that might be missing ?