General SIP settings |
Chan PJSIP Settings |
I have a very small "family and friends" system running Asterisk and FreePBX that I've been using as a gateway to Google Voice, among other things. With the ongoing demise of XMPP connectivity and a couple of other fortuitous events, I decided it was time to build a new system and of course I wanted to include naf's GVSIP packages, although that turned out to be a short-lived experiment. But I figured that if I had to use PJSIP anyway, I might as well see if I could get it to work for my extensions and trunks. I had a very low opinion of PJSIP going in and my initial tests were not encouraging; I had lots of issues. But to make a long story short, the thing that helped the most was adding this line as the very first line in /etc/asterisk/pjsip_custom_post.conf:
endpoint_identifier_order=auth_username,username,ip
BUT you do not need to add that line manually any more, because now you can configure the Endpoint Identifier Order in the Chan PJSIP Settings in FreePBX as shown in the second screenshot above. Also in that screenshot, note that enabling TLS is optional and if you don't use it you can turn it off; it was only originally enabled for GVSIP.
But here is the thing that impressed me. I set all the extensions to use PJSIP, but I figured I was going to have a world of problems because many of them were connecting on ports other than 5060. In some cases it was a two line device connecting on ports 5060 and 5061; in other cases it was to avoid problems with routers or ISP's that seemed to think that traffic on port 5060 should be messed with. So my approach was going to be, bring up the new system and see what failed to connect, and either switch that extension back to Chan_SIP or if possible, try changing the device back to using port 5060. But you can imagine my shock and wonder when EVERY extension apparently connected without issues. And if I run
pjsip show endpoints in the Asterisk CLI, the Contact: field shows the port each device is using. More wondrous is that the connections on port 5061 don't seem to interfere with the TLS stuff.
Maybe I have a fundamental misunderstanding of how SIP is supposed to work, and therefore I should not have been surprised, but it was never that easy in Chan_SIP. It seems to me that the biggest problem with PJSIP is the default configurations. For example, the default of IP matching first caused me a LOT of problems.
I only wanted to post this to say that maybe PJSIP is not something we should all avoid as long as possible. Sure, FreePBX needs to support it a bit better (how do I add the new keep_alive_interval=90 in the [global] section, per naf's instructions?) but I suspect they are learning too. I'm just happy as a clam that I converted all the extensions and trunks to PJSIP, and if you'd asked me a month ago I would not have had a good word to say about it!
Shown above are my current General SIP settings (with IP address redacted, of course) and Chan PJSIP Settings pages. I'm not saying those are the optimum settings (comments are welcome) but they are part of what got it working for me.
NOTE: The "Allow Transports Reload" setting is weird - generally you need to leave it off, or any time you do a configuration reload in FreePBX your PJSIP extensions may get kicked offline, and you may get tons of error messages in the Asterisk CLI and maybe in your log, at which point only restarting Asterisk or rebooting the system will restore connectivity. But on the other hand, you may need to temporarily enable it if you find that nothing will connect using PJSIP, even if you restart Asterisk or Reboot. It apparently only needs to be enabled long enough to allow your extensions and trunks to register, then you can turn it off again. You'll probably only run into this when you first bring up a new system or enable a transport, or if the system has been powered off or disconnected from the Internet for quite some time. I do recommend leaving it set to "No" unless you run into that specific issue.
(The following is GVSIP related information that is no longer relevant, but I moved it to the bottom of the post for historical reasons):
Also, if you set tls - 0.0.0.0 - All to YES in the Chan_PJSIP settings as shown in my Chan PJSIP Settings screenshot, be sure that if you have GVSIP trunks configured in /etc/asterisk/pjsip_custom_post.conf you have the transport line in the registration section for each trunk set to
transport=0.0.0.0-tls
and NOT to the original
transport=transport_tls
from naf's original instructions. If they are set to the original value you can change them using
sed -i -e 's/transport=transport_tls/transport=0.0.0.0-tls/g' /etc/asterisk/pjsip_custom_post.conf
Thanks to dziny
for the above information about changing the transport= line.