SIP Unregistering in VPN networks


I have Asterisk version 16 in an office with different branches. All branches are connected through VPN. Asterisk is in the main branch. The issue is that, whenever the VPN connection goes down and comes back, all the extensions in the VPN are getting un-registered. Even though the VPN is back, the extensions are refusing to get registered again. Only solution is to change the IP address of the IP Phones, and then it will get registered. But this process will have to be repeated again if the VPN goes again. I have faces this issue with many clients using different asterisk versions. Is there a solution for this problem ? I tried too much to find a solution, but still not successful.

Kindly help friends,
Thank you

Define “refusing to get registered again”. What actually happens? No SIP traffic appears at Asterisk? The SIP REGISTER comes in, but Asterisk refuses?

What type of VPN are you using?

I have IPsec tunnels over which SIP works fine. I’ve also used OpenVPN.


No SIP Traffic appears in the asterisk console. I couldnt see any registration request coming from the phones.

Is there a stateful firewall (doing NAT?) anywhere along the path between the
phones and Asterisk?

Can you ping the IP address of one of the phones from the Asterisk server
after the VPN has gone down and recovered?


Yes, there is a firewall between the asterisk server and the phones. In fact two firewall devices are there on both branches. Its fortigate devices and I am not much aware whether NAT is configured in the firewall. Once registered, the “sip show peers” command is giving the exact IP address of the phones. And all of those IP are pinging. Even when VPN went down and recovered, these IPs are pinging. But SIP not registering unless the IP is changed

hmm ther is an known issue with the Firewall in fortigate where the sessions will hang
belive it normaly is a configurations issue, but you need to contact a firewall / network / vpn cunsoltant that specialize in fortigate
as they know how to fix it

we had the same problem and it was fixed in an update to our fortigate (3-4y back)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.