Pjsip, tls over nat No audio either way

I’m have a aws instance of asterisk that I’m building, I have SIP to my sbc thats on prem, and pjsip to a zoiper software that is across the internet. When I’m on prem with no nat the client works but when over the internet I have no audio in either direction.

my pjsip.conf file,
has the following
[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
method=tlsv1
;method tlsv1_2 is support but zoiper doesn’t like it at least not currently
allow_reload = yes
verify_client=no
verify_server=no
external_media_address=18.206.0.119
external_signaling_address=18.206.0.119
local_net=10.123.240.0/24
local_net=10.119.0.0/16

My pjsip_wizards.conf

[dsiemens]
type = wizard
accepts_auth = yes
accepts_registrations = yes
transport = transport-tls
has_hint = yes
hint_exten = 32897
aor/max_contacts = 5
inbound_auth/username = user111
inbound_auth/password = notmyrealpassword
endpoint/allow = g729
endpoint/allow = ulaw
endpoint/context = stations
endpoint/rewrite_contact = yes
endpoint/media_encryption = sdes
endpoint/direct_media = no
;endpoint/media_address = 18.206.0.119
endpoint/force_rport = yes
endpoint/rtp_symmetric = yes

my rtp.conf
I have my rtpstart = 200000 and rtpend = 40000

I have ports opened up on the security group in aws

with Rtp debug on so 172.24.220.13 is my sbc edge,
192.168.1.107 is my client on the internet so its also being masqueraded by a linksys router in this test.

[Nov 1 05:50:23] == Using SIP RTP TOS bits 184
[Nov 1 05:50:23] == Using SIP RTP CoS mark 5
[Nov 1 05:50:23] – Called sip/17146121399@172.24.220.13
[Nov 1 05:50:24] > 0x7efd74025840 – Strict RTP learning after remote address set to: 172.24.220.13:29222
[Nov 1 05:50:24] – SIP/172.24.220.13-00000001 is making progress passing it to PJSIP/username-00000003
[Nov 1 05:50:24] > 0x7efd8011f420 – Strict RTP learning after remote address set to: 192.168.1.107:10000
[Nov 1 05:50:24] > 0x7efd74025840 – Strict RTP switching to RTP target address 172.24.220.13:29222 as source
[Nov 1 05:50:24] Got RTP packet from 172.24.220.13:29222 (type 18, seq 000000, ts 000000, len 000020)
[Nov 1 05:50:24] Sent RTP packet to 192.168.1.107:10000 (type 18, seq 027537, ts 000000, len 000030)
[Nov 1 05:50:24] Got RTP packet from 172.24.220.13:29222 (type 18, seq 000001, ts 000160, len 000020)
[Nov 1 05:50:24] Sent RTP packet to 192.168.1.107:10000 (type 18, seq 027538, ts 000160, len 000030)
[Nov 1 05:50:24] Got RTP packet from 172.24.220.13:29222 (type 18, seq 000002, ts 000320, len 000020)
[Nov 1 05:50:24] Sent RTP packet to 192.168.1.107:10000 (type 18, seq 027539, ts 000320, len 000030)
[Nov 1 05:50:24] Got RTP packet from 172.24.220.13:29222 (type 18, seq 000003, ts 000480, len 000020)
[Nov 1 05:50:24] Sent RTP packet to 192.168.1.107:10000 (type 18, seq 027540, ts 000480, len 000030)
[Nov 1 05:50:24] Got RTP packet from 172.24.220.13:29222 (type 18, seq 000004, ts 000640, len 000020)
[Nov 1 05:50:24] Sent RTP packet to 192.168.1.107:10000 (type 18, seq 027541, ts 000640, len 000030)
[Nov 1 05:50:24] Got RTP packet from 172.24.220.13:29222 (type 18, seq 000005, ts 000800, len 000020)
[Nov 1 05:50:24] Sent RTP packet to 192.168.1.107:10000 (type 18, seq 027542, ts 000800, len 000030)
[Nov 1 05:50:24] Got RTP packet from 172.24.220.13:29222 (type 18, seq 000006, ts 000960, len 000020)
[Nov 1 05:50:24] Sent RTP packet to 192.168.1.107:10000 (type 18, seq 027543, ts 000960, len 000030)
[Nov 1 05:50:24] Got RTP packet from 172.24.220.13:29222 (type 18, seq 000007, ts 001120, len 000020)
[Nov 1 05:50:24] Sent RTP packet to 192.168.1.107:10000 (type 18, seq 027544, ts 001120, len 000030)
[Nov 1 05:50:24] Got RTP packet from 172.24.220.13:29222 (type 18, seq 000008, ts 001280, len 000020)
[Nov 1 05:50:24] Sent RTP packet to 192.168.1.107:10000 (type 18, seq 027545, ts 001280, len 000030)
[Nov 1 05:50:24] Got RTP packet from 172.24.220.13:29222 (type 18, seq 000009, ts 001440, len 000020)
[Nov 1 05:50:24] Sent RTP packet to 192.168.1.107:10000 (type 18, seq 027546, ts 001440, len 000030)
[Nov 1 05:50:24] Got RTP packet from 172.24.220.13:29222 (type 18, seq 000010, ts 001600, len 000020)
[Nov 1 05:50:24] Sent RTP packet to 192.168.1.107:10000 (type 18, seq 027547, ts 001600, len 000030)
[Nov 1 05:50:24] Got RTP packet from 172.24.220.13:29222 (type 18, seq 000011, ts 001760, len 000020)
[Nov 1 05:50:24] Sent RTP packet to 192.168.1.107:10000 (type 18, seq 027548, ts 001760, len 000030)
[Nov 1 05:50:24] Got RTP packet from 172.24.220.13:29222 (type 18, seq 000012, ts 001920, len 000020)
[Nov 1 05:50:24] Sent RTP packet to 192.168.1.107:10000 (type 18, seq 027549, ts 001920, len 000030)
[Nov 1 05:50:24] Got RTP packet from 172.24.220.13:29222 (type 18, seq 000013, ts 002080, len 000020)
[Nov 1 05:50:24] Sent RTP packet to 192.168.1.107:10000 (type 18, seq 027550, ts 002080, len 000030)

"my rtp.conf

I have my rtpstart = 200000 and rtpend = 40000"

rpstart=20000 ( 200000 it`s Error)

typo, sorry.

I figured out the rpt is udp not tcp. so that is my error. I think thats its fixed. I was thinking that with tls that the audio would be encrypted in tcp not udp.