newspaint

Documenting Problems That Were Difficult To Find The Answer To

How To Change TLS Bind Port In Asterisk

Asterisk doesn’t make it necessarily easy to change the port that TLS is bound to.

In sip.conf I’d set a different port (6000):

tlsbindaddr=0.0.0.0:6000

But when I set sip set debug on I would see a message like the following on answer:

<--- Reliably Transmitting (no NAT) to 5.6.7.8:42849 --->
  P/2.0 200 OK
Via: SIP/2.0/TLS 192.168.1.3:42849;branch=z9hG4bKPjBFu7pgHTfOHCaNamaqTKTq3wenp-G.oY;alias;received=5.6.7.8;rport=42849
From: "myext" ;tag=mQqEvydONdU7yOGgCi2.OiDu8lSfXZuK
To: <sip:test@myhost.com>;tag=as378489ee
Call-ID: tAYfXG5BEF9w8lY.ghupqOtwNyV3J18G
CSeq: 12562 INVITE
Server: Asterisk PBX 13.1.0~dfsg-1.1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Session-Expires: 1800;refresher=uas
Contact: <sip:test@1.2.3.4:5061;transport=TLS>
Content-Type: application/sdp
Require: timer
Content-Length: 387

The problem was that the Contact: header was advertising the wrong TLS port to the extension which would then attempt to contact the wrong port in response to the answered call (so no audio would start getting received by the extension).

The solution was to add to sip.conf:

externtlsport=6000

As mentioned in another article if the advertised IP address is wrong in this Contact: header then you may also want to specify:

externip=1.2.3.4

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: