[asterisk-users] PJSIP signaling question

[Kevin Long]

Greetings.


I am using the PJSIP driver with TLS transport, and my endpoints are SIP mobile apps operating in environments that I do not control. 

 I would like Asterisk to default to sending INVITES and all other SIP signals to endpoints via the existing SIP TLS connection which is already established, rather than trying to create a new TLS connection to an endpoint which is likely behind a NAT which will not allow a new inbound TCP/TLS connection.


My experience with chan_sip suggest to me that this was the default behavior, or more likely a fallback behavior, because I never had this issue before with endpoints not receiving INVITES so long as they were registered and had an open SIP control connection.


I thought that I could avoid these failed outbound connections by commenting out the “transport” option on my endpoint configurations, but tcpdump is showing me that asterisk is still trying to create *new* TLS outbound connections to my endpoints, which are failing.




Thank you for your time

Kevin


-




My simple pjsip config file:





[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
local_net=10.50.55.0/24
external_media_address=x.x.x.x
external_signaling_address=x.x.x.x
cert_file=/etc/asterisk/keys/dev1.crt
priv_key_file=/etc/asterisk/keys/dev1.key
ca_list_file=/etc/asterisk/keys/ca.crt
cipher=AES256-SHA
method=tlsv1
 
;===============EXTENSION 6001
 
[6000]
type=endpoint
context=internal
disallow=all
allow=ulaw
;transport=transport-tls
auth=auth6000
aors=6000
direct_media=no
rewrite_contact=yes  ; necessary if endpoint does not know/register public ip:port
ice_support=no
force_rport=yes
rtp_symmetric=yes
media_encryption=sdes


[auth6000]
type=auth
auth_type=userpass
password=6000
username=6000
 
[6000]
type=aor
max_contacts=1
remove_existing=yes


;===============EXTENSION 6001

[6001]
type=endpoint
context=internal
disallow=all   
allow=ulaw
;transport=transport-tls
auth=auth6001
aors=6001
direct_media=no
rewrite_contact=yes  ; necessary if endpoint does not know/register public ip:port
ice_support=no
force_rport=yes
rtp_symmetric=yes
media_encryption=sdes



[auth6001]
type=auth
auth_type=userpass
password=6001
username=6001

[6001]
type=aor
max_contacts=1
remove_existing=yes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3587 bytes
Desc: not available
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20160229/10e7d1b3/attachment.bin>