Linphone <> Flexisip <> Freeswitch (Telnyx) - Outbound calls hang up in 30 seconds (ACK Timeout)

[Gorbas]

THE PROBLEM

Outbound calls hang up within 30-32 seconds

THE ROOT CAUSE

ACK message sent by Flexisip do not use the IP & Port that Telynx speicfies in the Contact header of the 200 OK message, but the IP & Port of the route specified in routes.conf (sip.telnyx.com:5060 => 192.76.120.10:5060)

Sends: ACK sip:+18004444444@192.76.120.10:5060;transport=tcp SIP/2.0 Instead of: ACK sip:+18004444444@10.239.216.224:5070;transport=tcp SIP/2.0

Notes for the messages:

• Instead of my actual domain I have sent "mydomain.com"
• Instead of my server IP I have sent "1.2.3.4"

200 OK Message

SIP/2.0 200 OK
Via: SIP/2.0/TCP sip.mydomain.com;received=1.2.3.4;rport=44117;branch=z9hG4bK.jHtrc2K0K2yr9Brpe35BttcavH
Via: SIP/2.0/TLS 192.168.28.150:62815;branch=z9hG4bK.NTieNi7RB;rport=62815;received=79.107.55.147
Record-Route: <sip:10.255.0.1;transport=tcp;r2=on;lr;ftag=UJaBmJ-pu>
Record-Route: <sip:192.76.120.10;transport=tcp;r2=on;lr;ftag=UJaBmJ-pu>
Record-Route: <sip:sip.mydomain.com:5060;lr>
Record-Route: <sips:sip.mydomain.com:5061;lr>
From: <sip:+16183678135@sip.mydomain.com>;tag=UJaBmJ-pu
To: "+18004444444" <sip:+18004444444@sip.telnyx.com>;tag=24cQ0v01Q71Fm
Call-ID: ioOMu4fdix
CSeq: 21 INVITE
Contact: <sip:+18004444444@10.239.216.224:5070;transport=tcp>
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REFER, NOTIFY
Supported: path
Allow-Events: talk, hold, conference, refer
Content-Type: application/sdp
Content-Disposition: session
Content-Length: 819

v=0
o=FreeSWITCH 1732673355 1732673356 IN IP4 50.114.150.12
s=FreeSWITCH
c=IN IP4 50.114.150.12
t=0 0
a=msid-semantic: WMS qWvgyfOPKarDikaigTXc3UNdz1Qc4FDl
m=audio 18658 RTP/AVPF 0 100
a=rtpmap:0 PCMU/8000
a=rtpmap:100 telephone-event/8000
a=sendrecv
a=silenceSupp:off - - - -
a=ptime:20
a=mid:audio
a=rtcp:18659 IN IP4 50.114.150.12
a=ice-ufrag:Sc6MWKPlBwnw1RHj
a=ice-pwd:GZYBVk6SX4YK3dEMfAo1a4dC
a=candidate:9928608467 1 udp 2130706431 50.114.150.12 18658 typ host generation 0
a=candidate:9928608467 2 udp 2130706430 50.114.150.12 18659 typ host generation 0
a=end-of-candidates
a=ssrc:123107923 cname:rZrP46vE7M8gX8o3
a=ssrc:123107923 msid:qWvgyfOPKarDikaigTXc3UNdz1Qc4FDl a0
a=ssrc:123107923 mslabel:qWvgyfOPKarDikaigTXc3UNdz1Qc4FDl
a=ssrc:123107923 label:qWvgyfOPKarDikaigTXc3UNdz1Qc4FDla0

ACK Message (WRONG)

ACK sip:+18004444444@192.76.120.10:5060;transport=tcp SIP/2.0
Via: SIP/2.0/TCP sip.mydomain.com;rport;branch=z9hG4bK.6236F89ND9ZaZc3pXXc1eHX1jg
Via: SIP/2.0/TLS 192.168.28.150:62815;rport=62815;branch=z9hG4bK.gW~bPREKg;received=79.107.55.147
From: <sip:+16183678135@sip.mydomain.com>;tag=UJaBmJ-pu
To: "+18004444444" <sip:+18004444444@sip.telnyx.com>;tag=24cQ0v01Q71Fm
CSeq: 21 ACK
Call-ID: ioOMu4fdix
Max-Forwards: 69
Route: <sip:192.76.120.10;transport=tcp;r2=on;lr;ftag=UJaBmJ-pu>
Route: <sip:10.255.0.1;transport=tcp;r2=on;lr;ftag=UJaBmJ-pu>
Proxy-Authorization: Digest realm="sip.mydomain.com", nonce="q0bx6gAAAAApT0w9AAB4YFJDFcYAAAAA", algorithm=SHA-256, opaque="+GNywA==", username="+16183678135", uri="sip:+18004444444@sip.telnyx.com", response="790f972d4857405bc4465a1aeba2282288a89d24355785e1dbfe120f712d8ae0", cnonce="7nwDlIP26gy~DQc9", nc=00000001, qop=auth
User-Agent: MyApp MobileiOS/5.2.3 (iPhone) LinphoneSDK/5.3.91
Content-Length: 0

ACK Message (EXPECTED)

ACK sip:+18004444444@10.239.216.224:5070;transport=tcp SIP/2.0
Via: SIP/2.0/TCP sip.mydomain.com;rport;branch=z9hG4bK.6236F89ND9ZaZc3pXXc1eHX1jg
Via: SIP/2.0/TLS 192.168.28.150:62815;rport=62815;branch=z9hG4bK.gW~bPREKg;received=79.107.55.147
From: <sip:+16183678135@sip.mydomain.com>;tag=UJaBmJ-pu
To: "+18004444444" <sip:+18004444444@sip.telnyx.com>;tag=24cQ0v01Q71Fm
CSeq: 21 ACK
Call-ID: ioOMu4fdix
Max-Forwards: 69
Route: <sip:192.76.120.10;transport=tcp;r2=on;lr;ftag=UJaBmJ-pu>
Route: <sip:10.255.0.1;transport=tcp;r2=on;lr;ftag=UJaBmJ-pu>
Proxy-Authorization: Digest realm="sip.mydomain.com", nonce="q0bx6gAAAAApT0w9AAB4YFJDFcYAAAAA", algorithm=SHA-256, opaque="+GNywA==", username="+16183678135", uri="sip:+18004444444@sip.telnyx.com", response="790f972d4857405bc4465a1aeba2282288a89d24355785e1dbfe120f712d8ae0", cnonce="7nwDlIP26gy~DQc9", nc=00000001, qop=auth
User-Agent: MyApp MobileiOS/5.2.3 (iPhone) LinphoneSDK/5.3.91
Content-Length: 0

FLEXISIP INSTALLATION

flexisip  version: 2.4.0-beta-124-ga6d24413
sofia-sip version 

Compiled with:
- SNMP
- Transcoder
- Redis
- Soci
- Presence
- Conference
- RegEvent
- B2BUA

routes.conf

<sip:127.0.0.1:6060;tansport=tcp> to.uri.domain == 'extsip.mydomain.com' && status.code notin '200'

<sip:sip.telnyx.com:5060;transport=udp>   request.uri.domain == 'sip.telnyx.com'

<sip:sip.mydomain.com:5060;transport=udp> request.uri.domain == '1.2.3.4'

flexisip.conf

[global]
default-servers=proxy
transports=sips:sip.mydomain.com:5061 sip:sip.mydomain.com:5060
tls-certificates-file=/etc/letsencrypt/live/sip.mydomain.com/fullchain.pem
tls-certificates-private-key=/etc/letsencrypt/live/sip.mydomain.com/privkey.pem
log-directory=/var/log/flexisip
log-level=debug
syslog-level=debug
auto-respawn=true
contextual-log-level=debug
contextual-log-filter=true
user-errors-logs=true
show-body-for=true
udp-mtu=1460
enable-snmp=false
unique-id=

[cluster]
enabled=false

[mdns-register]
enabled=false

[event-logs]
enabled=false

[monitor]
enabled=false

[stun-server]
enabled=true
bind-address=0.0.0.0
port=3478

[presence-server]
enabled=true
long-term-enabled=true
soci-user-with-phone-request=SELECT username, phone FROM users WHERE username= :username
soci-users-with-phones-request=SELECT username, phone FROM users
bypass-condition=true

[conference-server]
enabled=true
enable-one-to-one-chat-room=true
local-domains=sip.mydomain.com
check-capabilities=false
supported-media-types=audio video text
conference-factory-uris=sip:conference-factory@sip.mydomain.com
conference-focus-uris=sip:conference-focus@sip.mydomain.com
outbound-proxy=sip:sip.mydomain.com:5060;transport=udp
database-backend=mysql
database-connection-string=db='flexisip_accounts' user='flexisip_user' password='db_pass' host='localhost'
nat-addresses=1.2.3.4 sip.mydomain.com
transport=sip:sip.mydomain.com:6064;transport=udp
empty-chat-room-deletion=false

[regevent-server]
transport=sip:127.0.0.1:6065;transport=udp

[module::DoSProtection]
enabled=true
filter=
time-period=3000
packet-rate-limit=20
ban-time=2
iptables-chain=FLEXISIP

[module::SanityChecker]
enabled=true

[module::Capabilities]
enabled=false

[module::NatHelper]
enabled=true
filter= !(user-agent contains 'No NatHelper')
contact-correction-param=verified
fix-record-routes=false
fix-record-routes-policy=safe

[module::ContactRouteInserter]
enabled=true
insert-domain=true

[module::Authentication]
enabled=true
filter=from.uri.domain contains 'sip.mydomain.com'
trusted-hosts=127.0.0.1 1.2.3.4
auth-domains=sip.mydomain.com sip.telnyx.com extsip.mydomain.com
available-algorithms=SHA-256
tls-client-certificate-required-subject=/etc/letsencrypt/live/sip.mydomain.com/fullchain.pem
db-implementation=soci
soci-backend=mysql
soci-connection-string=db='flexisip_accounts' user='flexisip_user' password='db_pass' host='localhost'
soci-password-request=select password, algorithm from passwords where account_id = (select id from accounts where username= :id and domain= :domain);

[module::Redirect]
enabled=false

[module::RegEvent]
enabled=true
filter=to.uri.domain == 'sip.mydomain.com'
regevent-server=sip:127.0.0.1:6065;transport=udp

[module::B2bua]
enabled=false

[module::Presence]
enabled=false

[module::Registrar]
enabled=true
reg-domains=sip.mydomain.com
max-contacts-by-aor=10
db-implementation=redis
redis-server-domain=localhost
redis-server-port=6379
enable-gruu=true
max-expires=604800

[module::StatisticsCollector]
enabled=false

[module::Router]
enabled=true
resolve-routes=true
use-global-domain=false
fork-late=true
fork-no-global-decline=true
call-fork-timeout=40
call-fork-current-branches-timeout=5
message-fork-late=true
fallback-route=sip:+$ruser@sip.telnyx.com;transport=udp
fallback-route-filter= !(request.uri.user regex '^chatroom-.*$')
# Make chat messages to be held for 7 days
# before dropping them. Call invitations are held for 32s
# in conformance with RFC 3261.
message-delivery-timeout=604800
allow-target-factorization=false
generated-contact-route=
generated-contact-expected-realm=
preroute=
parent-domain-fallback=false

[module::PushNotification]
enabled=true
firebase=true
firebase-service-accounts=1092900707913:/var/www/4f-flexisip-wrapper/firebase_service_account.json
firebase-token-expiration-anticipation-time=300
firebase-default-refresh-interval=60
apple=true
apple-certificate-dir=/var/www/4f-flexisip-wrapper/apn/

[module::MediaRelay]
enabled=true
force-relay-for-non-ice-targets=true
prevent-loops=true
early-media-relay-single=true
sdp-port-range-min=10000
sdp-port-range-max=15000
bye-orphan-dialogs=true
inactivity-period=1800

[module::Forward]
enabled=true
default-transport=tls
routes-config-path=/etc/flexisip/routes.conf

[inter-domain-connections]
accept-domain-registrations=false
assume-unique-domains=false
domain-registrations=/etc/flexisip/domain-registrations.conf
verify-server-certs=true
keepalive-interval=30
reg-when-needed=false

[Failxxx]

Hello @Gorbas, Thank you for taking time to report a problem with Flexisip.

Can you please provide Flexisip debug logs of the processing of these requests? I would like to see how Flexisip received the ACK and how it processed it.

Sincerely, Félix.

[Gorbas]

Hi @Failxxx and thank you for your prompt response

I have attached the Flexisip logs during my call session: flexisip.log

If I have understood correctly you wanted the following?

SIP/2.0 200 OK
Via: SIP/2.0/TLS 192.168.28.150:51381;branch=z9hG4bK.XdNqP-CSR;rport=51381;received=79.107.55.147
Record-Route: <sip:10.255.0.1;transport=tcp;r2=on;lr;ftag=6G4pA6kpY>
Record-Route: <sip:192.76.120.10;transport=tcp;r2=on;lr;ftag=6G4pA6kpY>
Record-Route: <sip:siptst.4freedommobile.com:5060;lr>
Record-Route: <sips:siptst.4freedommobile.com:5061;lr>
From: <sip:+447457412240@siptst.4freedommobile.com>;tag=6G4pA6kpY
To: "+18004444444" <sip:+18004444444@sip.telnyx.com>;tag=7UDrBvHmKKKKB
Call-ID: Kb7RPjkhZa
CSeq: 21 INVITE
Contact: <sip:+18004444444@192.76.120.10:5060;transport=tcp>
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REFER, NOTIFY
Supported: path
Allow-Events: talk, hold, conference, refer
Content-Type: application/sdp
Content-Disposition: session
Content-Length: 274

v=0
o=FreeSWITCH 1732693980 1732693981 IN IP4 50.114.150.12
s=FreeSWITCH
c=IN IP4 5.78.119.75
t=0 0
m=audio 12586 RTP/AVP 0 100
a=rtpmap:0 PCMU/8000
a=rtpmap:100 telephone-event/8000
a=fmtp:100 0-15
a=silenceSupp:off - - - -
a=ptime:20
a=mid:audio
a=rtcp:12587

2024-11-27 15:59:58:810 flexisip-debug- Response is sent through an incoming transaction.
2024-11-27 15:59:58:811 flexisip-debug- nta: sent 200 OK for INVITE (21)
2024-11-27 15:59:58:811 flexisip-debug- nta_incoming_destroy: 0x5582f77350b0
2024-11-27 15:59:58:811 flexisip-debug- Delete IncomingTransaction 0x5582f76f93e0
2024-11-27 15:59:58:811 flexisip-debug- Terminate SipEvent 0x5582f77e4790
2024-11-27 15:59:58:811 flexisip-debug- Destroy SipEvent 0x5582f77e4790
2024-11-27 15:59:59:207 flexisip-debug- RelayChannel [0x5582f76897c0] destination address updated for [RTCP]: local=[5.78.119.75:12587]  remote=[79.107.55.147:7231]
2024-11-27 15:59:59:208 flexisip-debug- RelayChannel [0x5582f76897c0] destination address updated for [RTP]: local=[5.78.119.75:12586]  remote=[79.107.55.147:7230]
2024-11-27 15:59:59:212 flexisip-debug- nta: received ACK sip:+18004444444@192.76.120.10:5060;transport=tcp SIP/2.0 (CSeq 21)
2024-11-27 15:59:59:213 flexisip-debug- nta: Via check: received=79.107.55.147
2024-11-27 15:59:59:213 flexisip-debug- nta: ACK (21) to message callback
2024-11-27 15:59:59:213 flexisip-debug- New SipEvent 0x5582f7708d20 - msg 0x5582f7834b90
2024-11-27 15:59:59:213 flexisip-debug- Receiving new Request SIP message ACK from sip:+447457412240@siptst.4freedommobile.com :
ACK sip:+18004444444@192.76.120.10:5060;transport=tcp SIP/2.0
Via: SIP/2.0/TLS 192.168.28.150:51381;rport=51381;branch=z9hG4bK.rtZI1rfNr;received=79.107.55.147
From: <sip:+447457412240@siptst.4freedommobile.com>;tag=6G4pA6kpY
To: "+18004444444" <sip:+18004444444@sip.telnyx.com>;tag=7UDrBvHmKKKKB
CSeq: 21 ACK
Call-ID: Kb7RPjkhZa
Max-Forwards: 70
Route: <sips:siptst.4freedommobile.com:5061;lr>
Route: <sip:siptst.4freedommobile.com:5060;lr>
Route: <sip:192.76.120.10;transport=tcp;r2=on;lr;ftag=6G4pA6kpY>
Route: <sip:10.255.0.1;transport=tcp;r2=on;lr;ftag=6G4pA6kpY>
Proxy-Authorization: Digest realm="siptst.4freedommobile.com", nonce="WqTx6gAAAADSP2bzAAAz7d3wDdkAAAAA", algorithm=SHA-256, opaque="+GNywA==", username="+447457412240", uri="sip:+18004444444@sip.telnyx.com", response="676d7fc1fb87a198f3a6db7b6b18cf7835cd557362aaa425e79775d8ed8a4531", cnonce="YWRUzOy7hj~llMyz", nc=00000001, qop=auth
User-Agent: 4Freedom MobileiOS/5.2.3 (iPhone) LinphoneSDK/5.3.91
Content-Length: 0

[Failxxx]

Thank you very much for the logs. I guess this issue is related to NATs because I see local IP addresses (192.xx.xx.xx). Can you please retry with the following configuration for the NatHelper module :

[module::NatHelper]
enabled=true
filter= !(user-agent contains 'No NatHelper')

# Strategy to manage client-initiated connections when SIP messages
# are routed through NATs. You can choose between "contact-correction"
# and "flow-token".
# Default: contact-correction
nat-traversal-strategy=flow-token

# Boolean expression in order to force the use of flow-token under
# specific conditions. This expression is only evaluated if the
# "flow-token" strategy is used.
# 
# Default: user-agent contains 'Linphone'
force-flow-token=user-agent contains 'MyApp' || user-agent contains '4Freedom'

fix-record-routes=false
fix-record-routes-policy=safe

[Gorbas]

Thank you very much @Failxxx.

It works fine now and it does use the correct IP & Port.