Greetings.
I am using the PJSIP driver with TLS transport, and my endpoints are SIP mobile apps operating in environments that I do not control. I would like Asterisk to default to sending INVITES and all other SIP signals to endpoints via the existing SIP TLS connection which is already established, rather than trying to create a new TLS connection to an endpoint which is likely behind a NAT which will not allow a new inbound TCP/TLS connection. My experience with chan_sip suggest to me that this was the default behavior, or more likely a fallback behavior, because I never had this issue before with endpoints not receiving INVITES so long as they were registered and had an open SIP control connection. I thought that I could avoid these failed outbound connections by commenting out the “transport” option on my endpoint configurations, but tcpdump is showing me that asterisk is still trying to create *new* TLS outbound connections to my endpoints, which are failing. Thank you for your time Kevin - My simple pjsip config file: [transport-tls] type=transport protocol=tls bind=0.0.0.0:5061 local_net=10.50.55.0/24 external_media_address=x.x.x.x external_signaling_address=x.x.x.x cert_file=/etc/asterisk/keys/dev1.crt priv_key_file=/etc/asterisk/keys/dev1.key ca_list_file=/etc/asterisk/keys/ca.crt cipher=AES256-SHA method=tlsv1 ;===============EXTENSION 6001 [6000] type=endpoint context=internal disallow=all allow=ulaw ;transport=transport-tls auth=auth6000 aors=6000 direct_media=no rewrite_contact=yes ; necessary if endpoint does not know/register public ip:port ice_support=no force_rport=yes rtp_symmetric=yes media_encryption=sdes [auth6000] type=auth auth_type=userpass password=6000 username=6000 [6000] type=aor max_contacts=1 remove_existing=yes ;===============EXTENSION 6001 [6001] type=endpoint context=internal disallow=all allow=ulaw ;transport=transport-tls auth=auth6001 aors=6001 direct_media=no rewrite_contact=yes ; necessary if endpoint does not know/register public ip:port ice_support=no force_rport=yes rtp_symmetric=yes media_encryption=sdes [auth6001] type=auth auth_type=userpass password=6001 username=6001 [6001] type=aor max_contacts=1 remove_existing=yes
smime.p7s
Description: S/MIME cryptographic signature
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
