My router supports UPnP, it's currently accepting the Phoner Lite commands and it shows all the port mappings.
My concern comes from the way FreeSWITCH works for TLS (or the way I believe it works, which may be wrong). I've read somewhere on their doc. that their SIP implementation sometimes establishes a secondary TLS channel (PBX to Client) - probably when they need to send something like an INVITE? (I've noticed PhonerLite doesn't ring when I call).
Anyway, for these specific situations (PBX-to-Client), the PBX won't validate the client certificate because this is the way I have it configured. Of course, I can set it to validate the client certificate as well but, as you've just said... this has proven to be problematic.
So, first of all, can I confirm you are sending "port + 1" in the contact info? Was this done by design? Is PhonerLite actually listening on that port?
If this is the case... it looks like you are not issuing a UPnP command for the specific "port + 1" (UDP/TCP - depending on the protocol), so any attempts from the outside using the contact info. provided won't make it to PhonerLite... and the original port you have configured will only work for UDP, so in this case, for TLS, it won't work either even if you send the same port on the contact info.
Please let me know if I am wrong or if I have misunderstood something. I know that FreeSWITCH's TLS implementation isn't very standard on this particular aspect (or at least I've understood that), but I guess it should still work... what do you think?
So, going back to PhonerLite not ringing, I guess it's probably caused by FreeSWITCH's implementation trying to open a new TLS TCP stream to the port you are sending. But RTP should still be working, which is odd...
So as for the RTP, I am not sure why the outbound stream is not being established properly. I don't have a way to log the IP's that are being used other than your own debug window and the SIP traces that I am sending.
Any Ideas on how to trace this? I have tried to configure Wireshark with the keys to decrypt TLS, but I haven't been lucky.
BTW, I am also interested in collaborating with you if you want, first of all to get these specific issues figured out and solved, if needed, through code. I am a skilled dev, with experience in low level programming in assembler (mainly for automation but I've done some interesting things with 8086 embedded on C), C/C++, C#, Java, scripting, among other technologies.
I would also love to work on the phone UI if you are interested, I am not sure if you are interested, but it will be great to update it's look & feel to a more modern type of UI, but of course, this is only wishfull thinking, I am not sure if I'll have the time, but if you are open to at least give it a try... just let me know.
And hey, thanks for you great support!