Solved: SIP Trunk unreachable but registered

Hello everyone!

I am pretty new to asterisk so my questions might seem a bit trivial to you.

We have a sip trunk to our sip provider.
sip show peers says this trunk is unreachable
sip show registry says it is registered

The console generates the following output every minute:
tcptls.c:446 ast_tcptls_client_start: Unable to connect SIP socket to (IP Adress of Provider):5060: Connection timed out

My provider says that they see a correct login and that this message is ok. According to them it has something to do with encryption and they say that it should be possible to make calls.

So the questions are:
What does it mean when a sip trunk is unreachable but registered?
Is it possible to make a call over this trunk?

Thanks in advance

There seems to be a misconfiguration in the transport protocol: For any reason the Asterisk likes to communicate with TCP/TLS which is really unusual for a trunk-connection to a VOIP-provider. Normally transport should be udp (as it’s the de facto standard). Did Your VOIP-provider explicitly offer You TCP/TLS as transport?
The actual error will prevent asterisk from successfull placing or receiving calls on the trunk.

Also, encrypted connections are normally done on 5061/TCP, not on 5060/TCP.

Unreachable generally means you have qualify=yes, but the peer is ignoring OPTIONS requests.

Thanks for your inputs
It’s a fresh installation of AsteriskNOW
So, I don’t know where I told asterisk to use tcptls.

The trunk configuration looks like this:

nothing concerning TLS here - where could that be?

There should be something in the general sip-configuration (even if this should be ok on a fresh install).
Just post the output of asterisk -rx "sip show peer ". (Not the complete output is needed, interesting are the lines

sip show peers:
Name/username Host Dyn Forcerport ACL Port Status
Telgo_Trunk/username IP-fromProvider a 5060 UNREACHABLE

in the sip.custom.conf I have:
This is also a setting my provider told me to set.

That’s not the information I told You to post, we need

instead of sip show peers

Pls. provide us with this information.

However, we already know, that TCP is enabled and transport is probably setted to tcp. This still gives us no reason, why asterisk tries to connect in TLS-mode.

Sorry, my fault.

Here is the information:
Addr->IP :
Prim.Transp. : TCP
Allowed.Trsp : TCP

Where could I look foor the TLS mode?

I checked the whole /etc/asterisk directory with grep.
tlsenable does not appear in a single file.

So what could cause asterisk to try to eastablish this sip trunk with tls?

Could it have received a Contact: header with a sips: URI?

OK, we found out that the firwall plays a role in this. We changed a few settings on the firewall (Fortigate 100D) and now the error message does not appear anymore. However the sip trunk is still unreachable.

Found It!!!
We had to enter: transport=UDP in the trunk configuration.
I thought asterisk uses udp per default for any sip trunk.

Trunk is up now and calls can be established in both directions.

Thanks for your inputs.