Register on TCP/TLS

Soelvberg · July 12, 2024, 11:54am

For one of our SIP Providers we Register at them via TCP.
We are binding on port 5060 but the REGISTER is sent from a port in the dynamic range (49152 - 65535).
The address we want to receive calls on is shown correctly in the Contact header, but the provider tries to send INVITES to the port that we last registered from.
This works fine while the socket is kept open, but naturally fails when it is broken, because we are not listening on the port that the REGISTER was sent from.

Our current “solution” is to use UDP since the REGISTER requests then are sent from the same port that we bind on - but for customers wanting to use TLS the this is not an option.

Is there some way that I can force REGISTER requests to be sent from our binded TCP or TLS port?
Or is there a way that we can keep the TCP connection for the dynamic port alive?

A slightly redacted version of the tranport-tcp and the siptrunk from pjsip.conf

[transport-tcp]
type=transport
protocol=tcp
bind=0.0.0.0:5060
tos=cs3
cos=3
allow_reload=false
external_media_address=1.2.3.4
external_signaling_address=1.2.3.4
local_net=10.0.0.0/8
external_signaling_port=5060

[3_ProviderXXX]
type=aor
contact=sip:sip3.xxx-xxxl.dk:5060
qualify_frequency=60
[3_ProviderXXX]
type=endpoint
transport=transport-tcp
outbound_proxy=sip:128.123.123.123:5060;transport=tcp;lr
force_rport=no
rewrite_contact=no
disallow=all
allow=alaw
allow=ulaw
dtmf_mode=rfc4733
connected_line_method=update
direct_media_method=invite
direct_media=no
trust_id_inbound=yes
trust_id_outbound=yes
context=from_3_ProviderXXX
tos_audio=ef
cos_audio=5
timers=yes
timers_min_se=90
timers_sess_expires=1800
auth=
aors=3_ProviderXXX
outbound_auth=3_ProviderXXX
[3_ProviderXXX]
type=auth
auth_type=userpass
username=3242xxxx
password=xxxxxxxx
[3_ProviderXXX]
type=registration
transport=transport-tcp
outbound_proxy=sip:128.123.123.123:5060;transport=tcp;lr
outbound_auth=3_ProviderXXX
server_uri=sip:sip3.xxx-xxxl.dk
expiration=3600
client_uri=sip:32422666@sip3.xxx-xxxl.dk
contact_user=32422123
auth_rejection_permanent=no
retry_interval=60
max_retries=10000
[3_ProviderXXX]
type=identify
endpoint=3_ProviderXXX
match=128.123.123.123

jcolp · July 12, 2024, 11:56am

An ephemeral port is how TCP/TLS works. There is no option to change that. As for keeping it open, you can’t force it. Keepalive and OPTIONS will keep traffic going, but the other side could disconnect it or some other issue could occur resulting in it closing.

Soelvberg · July 12, 2024, 12:12pm

Ok
Kind of expected that
No OPTIONS are sent for the ephemeral port though, but I get your point.
We just need to ensure that we use another provider for customers wanting to use TLS.
Thx

system · August 11, 2024, 12:13pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem: Bindport and register port Asterisk Support	5	525	November 12, 2008
TLS: How to advertise actual source port in register contact? Asterisk SIP	4	29	February 2, 2025
Tls sip clients cant register Asterisk SIP	17	4138	August 5, 2019
Problem with register after moving to production env Asterisk Support	1	273	January 21, 2013
Bind port Asterisk Support	5	2535	May 11, 2014

Register on TCP/TLS

Related topics