[asterisk-bugs] [JIRA] (ASTERISK-24428) Document that Asterisk will use the default SIP ports (5060 for TCP, 5061 for TLS) if the extern option variants aren't used

sstream (JIRA) noreply at issues.asterisk.org
Thu Nov 20 18:07:29 CST 2014


    [ https://issues.asterisk.org/jira/browse/ASTERISK-24428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=223653#comment-223653 ] 

sstream commented on ASTERISK-24428:
------------------------------------

Please note.
When I do not use TLS, single setting "bindport=10000" works perfectly with behind NAT. 

Only in the case of TLS, we need both "externtlsport=10000" and "tlsbindaddr=0.0.0.0:10000".

I feel this is inconsistent.


> Document that Asterisk will use the default SIP ports (5060 for TCP, 5061 for TLS) if the extern option variants aren't used
> ----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-24428
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24428
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/TCP-TLS
>    Affects Versions: SVN, 1.8.32.0, 11.12.0, 12.7.0, 13.0.0
>         Environment: Ubuntu 14.04, OpenWrt 14.07
>            Reporter: sstream
>
> Using Asterisk 11.12 server behind NAT (router) and Android SIP client (Acrobits or CSipSimple) with the following condition.
> - Router local IP: 192.168.0.1
> - Router domain: sip.example.net (using DNS like DynDNS)
> - Asterisk server local IP: 192.168.0.2
> - SIP protocol: TLS, port=10000 (not default due to security reason)
> - RTP: port=10001 to 10008
> - Android phone has a global IP.
> In router's setting, I opened ports 10000-10008 (TLS and RTP) and forwarded them to Asterisk server IP (192.168.0.2).
> ---
> <sip.conf>
> externhost=sip.example.net
> localnet=192.168.0.0/255.255.255.0
> tlsenable=yes
> tlsbindaddr=0.0.0.0:10000
> tlscertfile=…
> ---
> <rtp.conf>
> rtpstart=10001
> rtpend=10008
> ---
> Under above condition, there is no problem for registration, connection, calling and talking.
> However, Asterisk cannot detect disconnection. (can't disconnect).
> I traced a log and found;
> ---
> SIP/2.0 100 Trying
> Via: SIP/2.0/TLS xxx.xxx.xx.0:xxxxx;branch=;received=;rport=
> From: <sips:xxx@ sip.example.net:10000>;tag=xxx
> To: <sips:yyy@ sip.example.net:10000>
> Call-ID: xxxxx
> CSeq: 1 INVITE
> Server: Asterisk PBX 11.12.0
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
> Supported: replaces, timer
> Contact: <sip:yyy at x.xx.xx.xx:5061;transport=TLS>
> Content-Length: 0
> ---
> In "Contact:" line (2nd line from the bottom), port “5061” suddenly appears, which I never used.
> This problem only occurs under TLS with non-default port (not 5061).
> There is no problem under UDP, even though  non-standard port is set (ex. bindport=10000).
> For testing, in “sip.h”, I changed
> #define STANDARD_TLS_PORT	5061
> to
> #define STANDARD_TLS_PORT	10000
> and compiled.
> As a result, I confirmed that Asterisk works properly (detect disconnection).
> In conclusion, it is better to make an option like “tlsbindport” in sip.conf and make it work like UDP.
> Thank you.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list