QUESTION Outbound Trunk - Cannot hear other party

tipsytopsy

New Member
Joined
May 8, 2016
Messages
6
Reaction score
0
Hi there,

PBXIAF with IncrediblePBX on Centos was a very simple process to setup, but I'm somehow struggling to figure out a small issue. I've tried many combinations of NAT, Firewall, etc. but no luck so far.

I'm trying to setup Twilio Elastic SIP as my trunk provider and for the most part, the setup is correct and also validated according to Twilio guides. Below is the my current status of system and the issue:

Inbound (PSTN Originating) - Works very well for UDP and TCP.
Outbound (Extension Trunking to PSTN) - The call goes through fine and voice from PBX to PSTN is heard fine. But I cannot hear the PSTN voice on the PBX extension.

The only difference I can see between these two scenarios is: Inbound origination - everything is handled using my static IP address and all my firewall rules are working fine. For outbound, my trunk is setup to call host {mytwilioorg}.pstn.twilio.com. So outbound voice to PSTN goes out fine, but I cannot hear their voice (receive RTP packets?).

Can anyone help me with this issue? Or what other things/ settings could I look at? Something in NAT (force_rport,comedia)? Thank you for any help in advance.
 

tipsytopsy

New Member
Joined
May 8, 2016
Messages
6
Reaction score
0
If anyone can help, here's my installation details:
HPX0Z3.jpg


Here is the output for sip show settings:

Global Settings:
----------------
UDP Bindaddress: 0.0.0.0:5060
TCP SIP Bindaddress: 0.0.0.0:5060
TLS SIP Bindaddress: Disabled
Videosupport: No
Textsupport: No
Ignore SDP sess. ver.: No
AutoCreate Peer: Off
Match Auth Username: No
Allow unknown access: Yes
Allow subscriptions: Yes
Allow overlap dialing: Yes
Allow promisc. redir: No
Enable call counters: No
SIP domain support: No
Path support : No
Realm. auth: No
Our auth realm asterisk
Use domains as realms: No
Call to non-local dom.: Yes
URI user is phone no: No
Always auth rejects: Yes
Direct RTP setup: No
User Agent: FPBX-12.0.70(13.9.1)
SDP Session Name: Asterisk PBX 13.9.1
SDP Owner Name: root
Reg. context: (not set)
Regexten on Qualify: No
Trust RPID: No
Send RPID: No
Legacy userfield parse: No
Send Diversion: Yes
Caller ID: Unknown
From: Domain:
Record SIP history: Off
Auth. Failure Events: Off
T.38 support: No
T.38 EC mode: Unknown
T.38 MaxDtgrm: 4294967295
SIP realtime: Disabled
Qualify Freq : 60000 ms
Q.850 Reason header: No
Store SIP_CAUSE: No

Network QoS Settings:
---------------------------
IP ToS SIP: CS3
IP ToS RTP audio: EF
IP ToS RTP video: AF41
IP ToS RTP text: CS0
802.1p CoS SIP: 4
802.1p CoS RTP audio: 5
802.1p CoS RTP video: 6
802.1p CoS RTP text: 5
Jitterbuffer enabled: No

Network Settings:
---------------------------
SIP address remapping: Enabled using externaddr
Externhost: <none>
Externaddr: xx.xx.xx.xx:0
Externrefresh: 10
Localnet: 192.168.29.0/255.255.255.0
192.168.0.0/255.255.0.0

Global Signalling Settings:
---------------------------
Codecs: (ulaw)
Relax DTMF: No
RFC2833 Compensation: No
Symmetric RTP: Yes
Compact SIP headers: No
RTP Keepalive: 0 (Disabled)
RTP Timeout: 30
RTP Hold Timeout: 300
MWI NOTIFY mime type: application/simple-message-summary
DNS SRV lookup: Yes
Pedantic SIP support: Yes
Reg. min duration 60 secs
Reg. max duration: 3600 secs
Reg. default duration: 120 secs
Sub. min duration 60 secs
Sub. max duration: 3600 secs
Outbound reg. timeout: 20 secs
Outbound reg. attempts: 0
Outbound reg. retry 403:0
Notify ringing state: Yes
Include CID: No
Notify hold state: Yes
SIP Transfer mode: open
Max Call Bitrate: 384 kbps
Auto-Framing: No
Outb. proxy: <not set>
Session Timers: Accept
Session Refresher: uas
Session Expires: 1800 secs
Session Min-SE: 90 secs
Timer T1: 500
Timer T1 minimum: 100
Timer B: 32000
No premature media: Yes
Max forwards: 70

Default Settings:
-----------------
Allowed transports: UDP
Outbound transport: UDP
Context: from-sip-external
Record on feature: automon
Record off feature: automon
Force rport: Yes
DTMF: rfc2833
Qualify: 0
Keepalive: 0
Use ClientCode: No
Progress inband: No
Language:
Tone zone: <Not set>
MOH Interpret: default
MOH Suggest:
Voice Mail Extension: *97
 

tipsytopsy

New Member
Joined
May 8, 2016
Messages
6
Reaction score
0
One more data point in case anyone can help. I noticed that when using Obi110 as extension, the called-party audio on Terminating (outbound) calls is never heard. But when I tried using Yate Soft Phone, I noticed any unsual behavior. At sharp 20 second mark of hitting the dial button, a very short ring is heard and audio starts working both ways. So if I picked-up the PSTN phone after 5 seconds, it still would start 2-way audio at sharp 20 seconds (of hitting the dial on Yate soft phone), and same 20 second mark even when PSTN is picked-up at 15 second.

So some kind of timeout is occuring which is causing re-registration. But the same doesn't happen on Obi110 even at 20 second mark. Other thing to notice is that until yesterday - outbound was working perfectly fine and after changing playing around with so many flags and firewall issues, I fixed inbound to work very well, but this 20 second (or unlimited issue for Obi110) has started. And I'm not able to get back to the orignal setting where I had outbound working fine.

Here is the complete log for the call - http://pasted.co/da16a23b :

Last few lines are here:

== Using SIP RTP CoS mark 5
-- Called SIP/mytwiliosip/+1xxxxxxxxxx
-- SIP/mytwiliosip-00000018 is making progress passing it to SIP/402-00000017
-- SIP/mytwiliosip-00000018 is ringing
-- SIP/mytwiliosip-00000018 answered SIP/402-00000017
-- Channel SIP/mytwiliosip-00000018 joined 'simple_bridge' basic-bridge <96d6b384-c4c0-4942-8dba-c42021a15d90>
-- Channel SIP/402-00000017 joined 'simple_bridge' basic-bridge <96d6b384-c4c0-4942-8dba-c42021a15d90>
> 0x7fbf24019430 -- Probation passed - setting RTP source address to xx.xx.xx.xx:23898
> 0x7fbed0a43d10 -- Probation passed - setting RTP source address to 54.172.60.223:17190

The last line for 0x7fbed0a43d10 -- Probation passed - setting RTP source address to 54.172.60.223:17190' happens at exactly 20 second of hitting dial button.
 
Last edited:
Joined
Nov 14, 2008
Messages
1,398
Reaction score
320
What router-firewall is being used? What settings relative to port forwards or rules?
 

tipsytopsy

New Member
Joined
May 8, 2016
Messages
6
Reaction score
0
Router/ Firewall is an Asus AC68U. I've tried Merlin Asus Firmware, Original Asus and Advanced Tomato builds. Basic config is NAT enabled, and port forwarding for 5060-5061(UDP/TCP) to my server and 10000-20000 TCP/UDP for RTP to my server. I've played around with Enable SIP NAT helper enabled and disabled, but didn't help. If I can get this working, it would sit behind a dedicated hardware firewall with a static IP.
 
Joined
Nov 14, 2008
Messages
1,398
Reaction score
320
Problems like this are often router-firewall related. Turn off any SIP or SIP ALG 'helpers. port 5060 should be forwarded from the WAN to your PBX on the LAN. You really should not need to forward the RTP ports try letting the router manage that. I've have never heard of that provider but a quick look at one of their config pages mentioned TLS, I assume you have that off. People have spent a long time working some of these things out but it's usually..... an improper setting or the router itself. Often trying a different router is a quick and easy test. Some use Wireshark to see what's really happening at a low level. The bottom line is the packets aren't getting to the right place.

There can be complicated router issues like this one with Pfsense that effect NAT:

By default pfSense rewrites the source port on all outbound traffic. This is necessary for proper NAT in some circumstances such as having multiple SIP phones behind a single public IP registering to a single external PBX. With a minority of providers, rewriting the source port of RTP can cause one way audio. In that case, setup manual outbound NAT and Static Port on all UDP traffic potentially with the exclusion of UDP 5060.

In old versions (pfSense 1.2.x and before) the firewall performed static port NAT on UDP 5060 traffic by default, but that is not desirable now because it breaks more scenarios than not currently. However, in cases where static port on UDP 5060 is required, configuring manual outbound NAT to perform static port NAT for udp/5060 will allow it to function.
 

tipsytopsy

New Member
Joined
May 8, 2016
Messages
6
Reaction score
0
Problems like this are often router-firewall related. Turn off any SIP or SIP ALG 'helpers. port 5060 should be forwarded from the WAN to your PBX on the LAN. You really should not need to forward the RTP ports try letting the router manage that. I've have never heard of that provider but a quick look at one of their config pages mentioned TLS, I assume you have that off. People have spent a long time working some of these things out but it's usually..... an improper setting or the router itself. Often trying a different router is a quick and easy test. Some use Wireshark to see what's really happening at a low level. The bottom line is the packets aren't getting to the right place.

There can be complicated router issues like this one with Pfsense that effect NAT:

By default pfSense rewrites the source port on all outbound traffic. This is necessary for proper NAT in some circumstances such as having multiple SIP phones behind a single public IP registering to a single external PBX. With a minority of providers, rewriting the source port of RTP can cause one way audio. In that case, setup manual outbound NAT and Static Port on all UDP traffic potentially with the exclusion of UDP 5060.

In old versions (pfSense 1.2.x and before) the firewall performed static port NAT on UDP 5060 traffic by default, but that is not desirable now because it breaks more scenarios than not currently. However, in cases where static port on UDP 5060 is required, configuring manual outbound NAT to perform static port NAT for udp/5060 will allow it to function.

Thank you for your reply Brian!

Yes, I've TLS off and not touched that at all. Yes, I think it is the router which may be the culprit, but I'm not able to figure out why is that 20 second configuration mark. I'll test this again, probably installing PIAF on an Amazon EC2 VM if not on my system again. This is my first time playing with Asterisk and it is so powerful which brings in infinite number of ways to break it :).

I forgot to mention, the outbound with Flow Route works fine without any issues. And I'm 99% sure it is not Twilio's issue either. It is somehow related to ICE/STUN/NAT.

Here's a log from their connection where there is no 20 second delay:
Using SIP RTP CoS mark 5
-- Called SIP/flowrouteLV/+1xxxxxxxxxx
-- SIP/flowrouteLV-00000011 is making progress passing it to SIP/402-00000010
-- SIP/flowrouteLV-00000011 is making progress passing it to SIP/402-00000010
> 0x7fda18026380 -- Probation passed - setting RTP source address to xx.xx.xx.xx:17816
> 0x7fd9ccf7af00 -- Probation passed - setting RTP source address to 12.194.223.216:32450
-- SIP/flowrouteLV-00000011 is ringing
-- SIP/flowrouteLV-00000011 is making progress passing it to SIP/402-00000010
-- SIP/flowrouteLV-00000011 answered SIP/402-00000010
-- Channel SIP/flowrouteLV-00000011 joined 'simple_bridge' basic-bridge <a50a1c1d-6cc4-4946-a615-a9342e8f167d>
-- Channel SIP/402-00000010 joined 'simple_bridge' basic-bridge <a50a1c1d-6cc4-4946-a615-a9342e8f167d>
 

atsak

Guru
Joined
Sep 7, 2009
Messages
2,381
Reaction score
436
I've used the Tomato on an ASUS router before; I did not need to open ports at all if registering every 119 seconds . . . So that should work for you unless your ISP is doing something to the traffic or is not NAT'ing properly . . .
 

tipsytopsy

New Member
Joined
May 8, 2016
Messages
6
Reaction score
0
Thank you @briankelly63 and @atsak for your advice.

Update - I could not get Twilio to work seamlessly (same 20 second one way voice issue on outbound calls). But I was able get a reliably working phone system with Flowroute and Voip.ms with Polycom VVX410 IP phones (awesome phones and easiest setup).

I need one more suggestion if anyone can give advice from your past experience.

I'm doing ll this setup for my sister's upcoming dental office and I've currently parked the vanity DID with Google voice. She needs multiple channel support (at least 2-3) which may not be possible with google voice (plus I don't want a business phone rely on Google voice which can change its policies overnight).

So I would like to port-in the DID to a voip-provider who has the best possible record of reliability (and failover). There should ideally not be a downtime on the DID routing (If SIP is down for any reason, the fallback to PSTN should work). Which provider would you chose out of Vitelity/ Voip.ms (or suggest any other) ? I've tested call quality for Vitelity, Voip.ms and Flowroute and all of them are equally good.
 

atsak

Guru
Joined
Sep 7, 2009
Messages
2,381
Reaction score
436
For reliablity I understand Vitelity is fairly good though I do not use them, flowroute seems to be a favourite (favorite). voip.ms has infrequent but not uncommon outages on various servers of theirs, though they do have a lot of failover options and are really much more configurable than some. I have also been using AnveoDirect which is cheaper than all those and haven't had an outage for the last year and a half or so.
 
Joined
Nov 14, 2008
Messages
1,398
Reaction score
320
I use Anveo.. there is Anveo and Anveo Direct but vitelity or Flowroute is fine. Some people use a local POTS line and then just forward it to a SIP DID. Sometimes the number is with a cable company and sometimes it's a local carrier like Verizon or a smaller local phoneco. The key is being able to change the forwarded number if there is a failure. Some forwarding arrangements will forward multiple calls automatically, some require that the local phone company offer multi-path call forwarding.
 

Members online

Forum statistics

Threads
25,778
Messages
167,504
Members
19,198
Latest member
serhii
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top