Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-21273

display warning that 'asterisk restart' needed whenever there is change in local network field.



    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s:
    • Fix Version/s: None
    • Component/s: Asterisk SIP Settings
    • Labels:
    • Bug Tracker:
      Customer Issue
    • Asterisk Version:
    • Distro Version:
    • Distro:
      FreePBX Distro


      Original issue description - *Public IP in contact URI when softphone traffic goes through VPN *

      My phone server is on bare metal. I have a situation where 50+ staff will need to work remotely and need softphone access to the phone server over VPN, but I'm getting a one-way audio issue, that after thorough wiresharking and tcpdumping (detailed below), I've ruled out the router/VPN and the Bria 5 Softphone. It is FreePBX or Asterisk that is randomly putting the public IP into the SDP Contact URI (tell me if this is an Asterisk issue that I need to post a bug ticket with them for).

      I have a Laptop with Bria 5 Softphone, which VPNs into another network (and given an example IP of, and shows up on laptop as another ethernet device, separate from wifi device, so as far as softphone knows, that is the computers IP address) which has access to the phone server dmz (for example is The VPN vlan is listed as one of the local networks on FreePBX portal / Settings / Asterisk SIP Settings / General SIP Settings. I am using PJSIP. If I examine pjsip.conf and pjsip.transports.conf, I see listed for each transport (udp, tcp and tls). Several Asterisk reloads have been done since that was local network was added to the list.

      But when a new call is placed by the softphone (for example 9925550000), it has one-way audio (from phone server to softphone only).

      A tcpdump in phone server terminal shows the phone traffic is not natting or doing anything strange with the traffic (more on that later)… server is sending tcp SIP/SDP and RTP just fine… but the softphone just isn’t sending any RTP back.

      I wireshark on the laptop and find it is sending RTP out the wifi device to the public IP (example of the phone server instead of the internal So I inspect the SDP traffic at beginning of call and find the third, and last, SDP (going from phone server to softphone) with a “Contact URI 9925550000@”. So of course the softphone/laptop is sending RTP to the public IP. I backed up to the tcpdump on the phone server, and sure enough, the last SDP packet it sent has that Contact URI. None of the other packets have anything but internal IPs. 

      Somehow the phone server is getting a clue that the phone is external... even though I don't see any indication of such in the SDP traffic before this. As far as I know, asterisk/FreePBX will only do this if the invite came from an IP that doesn’t fall in the “local networks” listed in General SIP Settings (which seems to populate pjsip.transports.conf).

      Note that I do have a few remote Yealink desk phones with their public IPs whitelisted on router, directly to the phone server (only allowing necessary TLS-SIP and SRTP ports), so I can't just remove the public IP from the SIP Settings.

      While I could whitelist every remote softphone's public IP and run TLS SRTP, this doesn't scale well, increases our attack vector, and I would prefer to keep this traffic over our corporate VPN, because I don't want the phone ringing when these employees are not actively working (logged out of the VPN and done for the day).

      I think I still have Sangoma Support credits if that would speed this ticket up.

        Gliffy Diagrams




              • Assignee:
                itdeptia itdept
              • Votes:
                1 Vote for this issue
                4 Start watching this issue


                • Created:


                  Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.