* and client behind NAT - RTP sent to private IP address

Asterisk Asterisk Support
1

I’ve read all that is to read but still couldn’t find a solution for my problem.
The asterisk (elastix) is set behind a NAT with no fixed IP address so I’m using dyndns.
Clients are also set behind another NAT. SIP clients can connect and initiate calls but there is no sound either way.
I noticed that that after a call is initiated asterisk tries to send the RTP to the private address of the client.

Tried using STUN server but it is the same.
On the asterisk site all the necessary ports have been forwarded (UDP5004-5037, 5039-5082 ; UDP 8000-20000, UDP4569).
I added this in the sip_custom.conf
nat=yes
externhost=My_DYNDNS_NAME
localnet=192.168.5.0/255.255.255.0
canreinvite=no

Extensions have
NAT=yes and
qualify=yes set.

As i said remote extensions can register and can initiate a call but there is no sound. I noticed on the firewall that the Asterisk is trying to send the RTP stream to the private address of the client instead his public ip address.

Can someone help in resolving this issue?

2

It’s the client’s responsibility to supply the public address, in this context.

3

If I do sip show peers I can see that the asterisk sees the client through it’s public ip address:
5125/5125 X.X.4.219 D N A 10526 OK (34 ms)

By the way is it important that the sip client allways shows up at a different port?

STUN server has also been setup in the client but for some reason the asterisk is truying to send RTP data to the private address of the SIP client.

4

sip show peers doesn’t tell you the RTP address; it isn’t known at that stage. The only place that Asterisk can get the RTP address from is the SDP in the INVITE from the client (or from the NAT server manipulating that INVITE). It is the responsibility of the client or its outbound router to ensure that a public address is placed in the SDP.

5

Calling from outside using extension 5125 to inside extension 5223 results in this below.
The key I guess is the line
Peer audio RTP is at port 192.168.1.2:11758 (192.168.1.2 is the private address of the outside client that is behind X.157.4.219).

How can I fix this?

Thanx for taking the time to reply.

modestib*CLI>
<— SIP read from X.157.4.219:15340 —>
INVITE sip:5223@DYNDNSNAME.no-ip.info SIP/2.0
Via: SIP/2.0/UDP 192.168.1.2:15340;branch=z9hG4bK-d8754z-6e0f3830843a7929-1—d8754z-;rport
Max-Forwards: 70
Contact: sip:5125@X.157.4.219:15340
To: "5223"sip:5223@DYNDNSNAME.no-ip.info
From: "Rabota"sip:5125@DYNDNSNAME.no-ip.info;tag=7405b94c
Call-ID: NDAyM2YwODI3Y2U5MDlhMWM4ZjMxYzAxNDIwMDNhYzU.
CSeq: 1 INVITE
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
Content-Type: application/sdp
User-Agent: X-Lite release 1103d stamp 53117
Content-Length: 310

v=0
o=- 3 2 IN IP4 192.168.1.2
s=CounterPath X-Lite 3.0
c=IN IP4 192.168.1.2
t=0 0
m=audio 11758 RTP/AVP 107 0 8 101
a=alt:1 2 : ZpFm3FT6 GBA6lYJO 192.168.1.2 11758
a=alt:2 1 : SOEKiDYG jj22NqjY 172.31.10.1 11758
a=fmtp:101 0-15
a=rtpmap:107 BV32/16000
a=rtpmap:101 telephone-event/8000
a=sendrecv

<------------->
— (12 headers 12 lines) —
Sending to X.157.4.219 : 15340 (NAT)
Using INVITE request as basis request - NDAyM2YwODI3Y2U5MDlhMWM4ZjMxYzAxNDIwMDNhYzU.

<— Reliably Transmitting (NAT) to X.157.4.219:15340 —>
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 192.168.1.2:15340;branch=z9hG4bK-d8754z-6e0f3830843a7929-1—d8754z-;received=X.157.4.219;rport=15340
From: "Rabota"sip:5125@DYNDNSNAME.no-ip.info;tag=7405b94c
To: "5223"sip:5223@DYNDNSNAME.no-ip.info;tag=as54570cbd
Call-ID: NDAyM2YwODI3Y2U5MDlhMWM4ZjMxYzAxNDIwMDNhYzU.
CSeq: 1 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Proxy-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce="7c3c16ad"
Content-Length: 0

<------------>
Scheduling destruction of SIP dialog ‘NDAyM2YwODI3Y2U5MDlhMWM4ZjMxYzAxNDIwMDNhYzU.’ in 32000 ms (Method: INVITE)
Found user '5125’
modestib*CLI>
<— SIP read from X.157.4.219:15340 —>
ACK sip:5223@DYNDNSNAME.no-ip.info SIP/2.0
Via: SIP/2.0/UDP 192.168.1.2:15340;branch=z9hG4bK-d8754z-6e0f3830843a7929-1—d8754z-;rport
To: "5223"sip:5223@DYNDNSNAME.no-ip.info;tag=as54570cbd
From: "Rabota"sip:5125@DYNDNSNAME.no-ip.info;tag=7405b94c
Call-ID: NDAyM2YwODI3Y2U5MDlhMWM4ZjMxYzAxNDIwMDNhYzU.
CSeq: 1 ACK
Content-Length: 0

<------------->
— (7 headers 0 lines) —
modestib*CLI>
<— SIP read from X.157.4.219:15340 —>
INVITE sip:5223@DYNDNSNAME.no-ip.info SIP/2.0
Via: SIP/2.0/UDP 192.168.1.2:15340;branch=z9hG4bK-d8754z-697ac90470151076-1—d8754z-;rport
Max-Forwards: 70
Contact: sip:5125@X.157.4.219:15340
To: "5223"sip:5223@DYNDNSNAME.no-ip.info
From: “Rabota"sip:5125@DYNDNSNAME.no-ip.info;tag=7405b94c
Call-ID: NDAyM2YwODI3Y2U5MDlhMWM4ZjMxYzAxNDIwMDNhYzU.
CSeq: 2 INVITE
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
Content-Type: application/sdp
Proxy-Authorization: Digest username=“5125”,realm=“asterisk”,nonce=“7c3c16ad”,uri="sip:5223@DYNDNSNAME.no-ip.info”,response=“41dd1b9a534ce29e206a1a6bfbfefba2”,algorithm=MD5
User-Agent: X-Lite release 1103d stamp 53117
Content-Length: 310

v=0
o=- 3 2 IN IP4 192.168.1.2
s=CounterPath X-Lite 3.0
c=IN IP4 192.168.1.2
t=0 0
m=audio 11758 RTP/AVP 107 0 8 101
a=alt:1 2 : ZpFm3FT6 GBA6lYJO 192.168.1.2 11758
a=alt:2 1 : SOEKiDYG jj22NqjY 172.31.10.1 11758
a=fmtp:101 0-15
a=rtpmap:107 BV32/16000
a=rtpmap:101 telephone-event/8000
a=sendrecv

<------------->
— (13 headers 12 lines) —
Sending to X.157.4.219 : 15340 (NAT)
Using INVITE request as basis request - NDAyM2YwODI3Y2U5MDlhMWM4ZjMxYzAxNDIwMDNhYzU.
Found user '5125’
Found RTP audio format 107
Found RTP audio format 0
Found RTP audio format 8
Found RTP audio format 101
Peer audio RTP is at port 192.168.1.2:11758
Found unknown media description format BV32 for ID 107
Found audio description format telephone-event for ID 101
Capabilities: us - 0xc (ulaw|alaw), peer - audio=0xc (ulaw|alaw)/video=0x0 (nothing), combined - 0xc (ulaw|alaw)
Non-codec capabilities (dtmf): us - 0x1 (telephone-event), peer - 0x1 (telephone-event), combined - 0x1 (telephone-event)
Peer audio RTP is at port 192.168.1.2:11758
Looking for 5223 in from-internal (domain DYNDNSNAME.no-ip.info)
list_route: hop: sip:5125@X.157.4.219:15340

<— Transmitting (NAT) to X.157.4.219:15340 —>
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.1.2:15340;branch=z9hG4bK-d8754z-697ac90470151076-1—d8754z-;received=X.157.4.219;rport=15340
From: "Rabota"sip:5125@DYNDNSNAME.no-ip.info;tag=7405b94c
To: "5223"sip:5223@DYNDNSNAME.no-ip.info
Call-ID: NDAyM2YwODI3Y2U5MDlhMWM4ZjMxYzAxNDIwMDNhYzU.
CSeq: 2 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Contact: sip:5223@127.0.0.1
Content-Length: 0

6

The client is transmitting the private address. Fix the client or its router.