Network setup: ============= Office network where the phones are: 192.168.10.0/24 Snom320 (peer 105) is ip .105 (Grandstream (peer 104) not in TLS is .104) Public IP is 109.237.252.179. Peer 101744 sip.telecom-object.fr is a provider. Asterisk is in a virtual machine in DC, IP 10.0.70.12. All VOIP ports are redirected from host 10.0.70.1 to VM. Public host IP is 78.46.82.168 (sip3.tootai.net) sip.conf: ======== [general] context=default-SIP ; Default context for incoming calls allowoverlap=no ; Disable overlap dialing support. (Default is yes) realm=realm.tootai.net ; Realm for digest authentication udpbindaddr=0.0.0.0 ; IP address to bind UDP listen socket to (0.0.0.0 binds to all) transport=udp srvlookup=yes ; Enable DNS SRV lookups on outbound calls disallow=all ; First disallow all codecs allow=g722 ; Allow codecs in order of preference allow=ulaw allow=alaw allow=h264 allow=h263p allow=h263 language=fr ; Default language setting for all users/peers useragent=TOOTAiAudio ; Allows you to change the user agent string sdpsession=TOOTAiAudio PBX videosupport=yes ; Turn on support for SIP video. You need to turn this alwaysauthreject = yes ; When an incoming INVITE or REGISTER is to be rejected, registerattempts=0 ; try for ever (default=10) registertimeout=20 ; default #include local/additional_sip-general.conf #include local/additional_sip-register.conf [authentication] #include local/sip.d/*.conf additional_sip-general.conf (additional_sip-register.conf is not relevant) tcpenable=no ; Enable server for incoming TCP connections (default is no) tcpbindaddr=0.0.0.0 ; IP address for TCP server to bind to (0.0.0.0 binds to all interfaces) tlsenable=yes ; Enable server for incoming TLS (secure) connections (default is no) tlsbindaddr=0.0.0.0 ; IP address for TLS server to bind to (0.0.0.0) binds to all interfaces) tlscertfile=/var/lib/asterisk/keys/local/asterisk.pem tlscafile=/var/lib/asterisk/keys/local/ca.crt tlsdontverifyserver=no tlscipher=ALL tlsclientmethod=sslv3 ;with Blink as the client tlsv1 is known to work localnet=10.0.70.0/24 localnet=192.168.111.0/24 externaddr = xx.xx.xx.xx ; public IP t38pt_udptl = yes,fec ; Enables T.38 with FEC error correction. faxdetect = yes nat=force_rport,comedia Relevant peer conf: [vm](!) mailbox=820 vmexten=090 [105](vm) type=peer defaultuser=DH secret=mySecret callerid="Tootai" <0033 nnn nnn nnn> context=from_to-OFFICE host=dynamic qualify=yes disallow=all allow=g722,ulaw,alaw callgroup=1 pickupgroup=1 call-limit=2 busy-limit=2 directmedia=nonat accountcode=TOOTAi setvar=mySkypeUser=xxxxx setvar=myEmailAddr=xxxx@domain.ltd setvar=visio=yes encryption=yes forceencryption=yes transport=tls insecure=invite Dialplan: (called number is 800) ======== [from_to-OFFICE] ; exten => _X.,1,macro(filterExten,${EXTEN}) exten => _X.,n,macro(setDialingExtenFromSipHeader) exten => _X.,n,NoOp(Incoming call from ${CALLERID(num)} ${CALLERID(name)} Extension ${DIALINGEXTEN}) exten => _X.,n,Set(CHANNEL(LANGUAGE)=fr) exten => _X.,n,Set(__X-TOOTAI-LANGUAGE=fr) exten => _X.,n,Set(__MobileOK=yes) exten => _X.,n,Set(__Default_CID=yes) exten => _X.,n,Set(__DIAL_OPTIONS=${DIAL_OPTIONS}T) exten => _X.,n,Set(__DIALEDNUMBER=${EXTEN}) exten => _X.,n,Set(__CONGESTION_GW=${PEERTOBJECT}) exten => _X.,n,Set(__CONGESTION_PREFIX=00) exten => _X.,n,macro(monitor,start,,) exten => _X.,n,Goto(${DIALEDNUMBER},Start) exten => _XXX,20(Start),NoOp(We call Service Numbers) exten => _XXX,n,NoCDR() exten => _XXX,n,macro(monitor,start,,) exten => _XXX,n,Macro(ServiceNumbers,${EXTEN}) exten => _XXX,n,Macro(OFFICE-Numbers,${EXTEN}) exten => _XXX,n,macro(monitor,stop,,${myEmailAddr}) exten => _XXX,n,Hangup [macro-ServiceNumbers] ; exten => 800,1(Start),NoOp(Is channel secure no=0 yes=1. Value is <$[${CHANNEL(secure_signaling)}]>) exten => 800,n,NoOp(Is media secure no=0 yes=1. Value is <$[${CHANNEL(secure_media)}]>) ;exten => 800,n,Dial(Local/600@demo/n,,) exten => 800,n,Playback(demo-echotest) ; Let them know what's going on exten => 800,n,Echo ; Do the echo test exten => 800,n,Playback(demo-echodone) ; Let them know it's over exten => 800,n,Hangup