Solved: SIP Trunk unreachable but registered

dormi98 · October 3, 2013, 5:06pm

Hello everyone!

I am pretty new to asterisk so my questions might seem a bit trivial to you.

We have a sip trunk to our sip provider.
sip show peers says this trunk is unreachable
sip show registry says it is registered

The console generates the following output every minute:
tcptls.c:446 ast_tcptls_client_start: Unable to connect SIP socket to (IP Adress of Provider):5060: Connection timed out

My provider says that they see a correct login and that this message is ok. According to them it has something to do with encryption and they say that it should be possible to make calls.

So the questions are:
What does it mean when a sip trunk is unreachable but registered?
Is it possible to make a call over this trunk?

Thanks in advance
Gerald

abw1oim · October 3, 2013, 8:06pm

There seems to be a misconfiguration in the transport protocol: For any reason the Asterisk likes to communicate with TCP/TLS which is really unusual for a trunk-connection to a VOIP-provider. Normally transport should be udp (as it’s the de facto standard). Did Your VOIP-provider explicitly offer You TCP/TLS as transport?
The actual error will prevent asterisk from successfull placing or receiving calls on the trunk.

david55 · October 3, 2013, 8:33pm

Also, encrypted connections are normally done on 5061/TCP, not on 5060/TCP.

Unreachable generally means you have qualify=yes, but the peer is ignoring OPTIONS requests.

dormi98 · October 4, 2013, 6:38am

Thanks for your inputs
It’s a fresh installation of AsteriskNOW
So, I don’t know where I told asterisk to use tcptls.

The trunk configuration looks like this:
type=friend
user=username
fromuser=username
username=username
fromdomain=sip.provider
host=sip.provider
canreinvite=no
context=from-trunk
qualify=yes
allow=all

nothing concerning TLS here - where could that be?

abw1oim · October 4, 2013, 8:01am

There should be something in the general sip-configuration (even if this should be ok on a fresh install).
Just post the output of asterisk -rx "sip show peer ". (Not the complete output is needed, interesting are the lines
[ul]Addr->IP
Prim.Transp.
Allowed.Trsp[/ul]

dormi98 · October 4, 2013, 8:32am

sip show peers:
Name/username Host Dyn Forcerport ACL Port Status
Telgo_Trunk/username IP-fromProvider a 5060 UNREACHABLE

in the sip.custom.conf I have:
tcpenable=yes
transport=tcp
This is also a setting my provider told me to set.

abw1oim · October 4, 2013, 11:49am

That’s not the information I told You to post, we need

instead of sip show peers

Pls. provide us with this information.

However, we already know, that TCP is enabled and transport is probably setted to tcp. This still gives us no reason, why asterisk tries to connect in TLS-mode.

dormi98 · October 7, 2013, 12:37pm

Sorry, my fault.

Here is the information:
Addr->IP : 91.211.35.233:5060
Prim.Transp. : TCP
Allowed.Trsp : TCP

Where could I look foor the TLS mode?

dormi98 · October 9, 2013, 2:44pm

I checked the whole /etc/asterisk directory with grep.
tlsenable does not appear in a single file.

So what could cause asterisk to try to eastablish this sip trunk with tls?

david55 · October 9, 2013, 2:48pm

Could it have received a Contact: header with a sips: URI?

dormi98 · October 23, 2013, 1:07pm

OK, we found out that the firwall plays a role in this. We changed a few settings on the firewall (Fortigate 100D) and now the error message does not appear anymore. However the sip trunk is still unreachable.

dormi98 · October 23, 2013, 8:22pm

Found It!!!
We had to enter: transport=UDP in the trunk configuration.
I thought asterisk uses udp per default for any sip trunk.

Trunk is up now and calls can be established in both directions.

Thanks for your inputs.