Differences Between Chan_SIP And PJSIP With NAT And STUN

Home » Asterisk Users » Differences Between Chan_SIP And PJSIP With NAT And STUN
Asterisk Users 13 Comments

I have two accounts on Asterisk 13. One uses chan_sip and the other pjsip.

In my snom 760 the setup for these two accounts is identical.

When I call echo test from the account using chan_sip audio comes through fine.

When I call echo test from the account using pjsip there is no audio.

With rtp set debug on, I can see that audio is being sent to the snom’s internal IP 192.168.0.x

I can add a stun server in the config for this account and RTP flows to the Public IP and I get audio.

I was wondering why there is a difference between pjsip and chan_sip so that one works without stun and the other requires it. Does anybody know why? Maybe my settings are off in pjsip.

Here’s how I have my endpoint configured:

[test]
type=endpoint context=dial_out disallow=all allow=alaw allow=speex allow=speex16
allow=speex32
allow=gsm allow=ulaw allow=g722
auth=test aors=test direct_media=no media_encryption=sdes media_encryption_optimistic=yes rtp_symmetric=yes force_rport=no rewrite_contact=yes ; necessary if endpoint does not know/register public ip:port ice_support=yes ;This is specific to clients that support NAT traversal
;for media via ICE,STUN,TURN. See the wiki at:
;https://wiki.asterisk.org/wiki/x/D4FHAQ
;for a deeper explanation of this topic.

[test]
type=auth auth_type=userpass password=redacted username=test

[test]
type=aor remove_existing=yes max_contacts=2
qualify_frequency`

Looking forward to your thoughts.

Kind Regards,

C

13 thoughts on - Differences Between Chan_SIP And PJSIP With NAT And STUN

  • Chirag Desai wrote:

    There should be nothing different, except for how you configure things. What is the full PJSIP configuration? What is the environment where Asterisk is running? Is ICE actually in use on the other side? What is the full SIP trace?

  • The full configuration is here:

    http://pastebin.com/XqZG1m5X

    I am connection over TLS / SRTP on port 5063. When I put in a stun server asterisk sends media to the phone’s external IP.

    The asterisk is has a public IP and internal IP. It is internet facing, and is not behind NAT.

    When I had ICE enabled on the snom, it didnt seem to make any difference. PJ showed an ICE error.

    The sip trace is here:

    http://pastebin.com/fDxbk289

    Thanks for your help.

  • Chirag Desai wrote:

    Have you done a packet capture to see if the RTP from the remote device is hitting the machine to narrow things down?

  • Nope. When I run with RTP encryption on it seems that rewrite_contact does not work in PJSIP.

    When I turn off RTP some calls get media, some don’t. If you look at the SIP trace it seems like the rewrite_contact doesn’t always take affect.

  • Chirag Desai wrote:

    The rewrite_contact shows as working fine in the SIP trace. The log shows the message as received over the socket, before modification. If it wasn’t working then the BYE would be going to the internal IP
    address+port.

    Nothing stands out in the signaling.

  • I’m dialling from the snom and every few calls asterisk sends media to the phones external IP and it works!

    And then now and again it sends the media to the phones internal IP and I
    hear nothing. I’m really at a loss.

  • Chirag Desai wrote:

    In the non-working case check the IP address in the SDP, if it’s the external then we’ve told the phone to send it to the right place. After that do a packet capture and see if the packets are arriving on the machine. If not then look outside the machine at things.

  • In the PCAP I can see asterisk sending UDP packets to my local IP
    192.168.0.5….

    It’s funny, when I switch to TCP on 5060 audio seems to work fine. The moment I go to 5063 on TLS everything goes a bit awry. Any further input is greatly appreciated.

  • Chirag Desai wrote:

    If you don’t see anything arriving from the remote side and we’ve told them the right IP address and ICE is not actually negotiated… then that leans more towards something remote unless there actually is a firewall.

  • So I see:

    EXTERNAL_SNOM_IP -> EXTERNAL_ASTERISK_IP (UDP, length 218, src: 60798, dst 11128)

    EXTERNAL_ASTERISK_IP -> INTERNAL_SNOM_IP (UDP, length 218, src: 11128 dst
    60478

    So i see udp from the phone, but there’s no audio.

    I do also see some packets ::

    EXTERNAL_ASTERISK_IP -> EXTERNAL_SNOM_IP (ICMP, length 246, Destination unreachable (Host administratively prohibited)

  • Chirag Desai wrote:

    If “rtp set debug on” shows no packets being received then they are not being read off the socket, so I’d check the system and make sure there really is no firewall like I said. Once packets start getting received then we’ll change the target address and audio will flow.

    It may even be that when using TCP or UDP you have some sort of helper which is opening up the right firewall ports and when TLS is in use it can’t see the traffic and thus doesn’t.

  • You were right. I had non-default rtp ports open in iptables. Edited rtp.conf et voila. Everything seems to be working.

    Thanks so much for your patience and guidance!

    Have a lovely eening.

  • Stick around on the list long enough and you’ll realise the truth… he always is 😉

    Pete