On Mon, Feb 29, 2016 at 2:04 PM, Kevin Long <kevin.long at
haloprivacy.com>
wrote:
>
>
> Greetings.
>
>
> I am using the PJSIP driver with TLS transport, and my endpoints are SIP
> mobile apps operating in environments that I do not control.
>
> I would like Asterisk to default to sending INVITES and all other SIP
> signals to endpoints via the existing SIP TLS connection which is already
> established, rather than trying to create a new TLS connection to an
> endpoint which is likely behind a NAT which will not allow a new inbound
> TCP/TLS connection.
>
>
> My experience with chan_sip suggest to me that this was the default
> behavior, or more likely a fallback behavior, because I never had this
> issue before with endpoints not receiving INVITES so long as they were
> registered and had an open SIP control connection.
>
>
> I thought that I could avoid these failed outbound connections by
> commenting out the ?transport? option on my endpoint configurations, but
> tcpdump is showing me that asterisk is still trying to create *new* TLS
> outbound connections to my endpoints, which are failing.
>
>
>
>
This was actually an issue in pjproject which I just fixed last week. :)
It's in pjproject "trunk" so you'll have to download and build
it from
their subversion repository.
Now whether you use "transport=" or not, pjproject will look for an
existing connection to the remote endpoint before attempting to create a
new one.
I tested it with the current Asterisk 13 branch and I *think* it'll work
with recent Asterisk releases as well. If it doesn't, let me know.
> Thank you for your time
>
> Kevin
>
>
> -
>
>
>
>
> My simple pjsip config file:
>
>
>
>
>
> [transport-tls]
> type=transport
> protocol=tls
> bind=0.0.0.0:5061
> local_net=10.50.55.0/24
> external_media_address=x.x.x.x
> external_signaling_address=x.x.x.x
> cert_file=/etc/asterisk/keys/dev1.crt
> priv_key_file=/etc/asterisk/keys/dev1.key
> ca_list_file=/etc/asterisk/keys/ca.crt
> cipher=AES256-SHA
> method=tlsv1
>
> ;===============EXTENSION 6001
>
> [6000]
> type=endpoint
> context=internal
> disallow=all
> allow=ulaw
> ;transport=transport-tls
> auth=auth6000
> aors=6000
> direct_media=no
> rewrite_contact=yes ; necessary if endpoint does not know/register public
> ip:port
> ice_support=no
> force_rport=yes
> rtp_symmetric=yes
> media_encryption=sdes
>
>
> [auth6000]
> type=auth
> auth_type=userpass
> password=6000
> username=6000
>
> [6000]
> type=aor
> max_contacts=1
> remove_existing=yes
>
>
> ;===============EXTENSION 6001
>
> [6001]
> type=endpoint
> context=internal
> disallow=all
> allow=ulaw
> ;transport=transport-tls
> auth=auth6001
> aors=6001
> direct_media=no
> rewrite_contact=yes ; necessary if endpoint does not know/register public
> ip:port
> ice_support=no
> force_rport=yes
> rtp_symmetric=yes
> media_encryption=sdes
>
>
>
> [auth6001]
> type=auth
> auth_type=userpass
> password=6001
> username=6001
>
> [6001]
> type=aor
> max_contacts=1
> remove_existing=yes
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20160229/70dc61f9/attachment.html>