Hello, i’m working great with my Asterisk (from debian repo). But now i need access to my Asterisk from two different external networks, I’m using sip.conf and i put the externip into the configuration, but only catch one external IP and I have two… so I need change to pjsip or there is another solution??? thanks
Is it double NAT as the title of this post implies, or is it two separate networks each with their own IP address?
Double NAT, more explicit…
Asterisk (192.168.0.35)
<--------------------------------> LAN 192.168.0.252 (OPNSense with NAT) WAN <---------> 10.0.45.0/24
<--------------------------------> LAN 192.168.0.253 (OPNSense with NAT) WAN <---------> 192.168.44.0/24
Your description is still confusing but chan_sip only allows setting one external address that is used always. For chan_pjsip you can bind it to different ports/addresses and each can have its own external address.
Ohhh then i will change to pjsip, thanks
I try to get that the GSWave (The android SIP client that use my users) connect to my asterisk over the NATs.
More explained:
I have two Firewall behind two routers that are connected to two differents VPN and my users use one or another in any time, because one of them is for a Data Movile Network and the another for external access of my company in another place. So i need configure asterisk with that detect if the connection address is from Firewall 1, then use the external ip of that Firewall (redirected with port-forward to asterisk), and the same to Firewall 2.
I see the PJSip configuration, and binding, but… i bind only with a LAN interface, the only thing i need is define two External Address, how get that, because i see in the configuration multiple transport with different bind, but i can’t bind to the External networks
Then you can’t. There’s nothing built in to know when multiple external addresses would be in use for each request.
And what do you suggest to me to do??
Asterisk won’t do what you need out of the box, so you’d have to find something else or try to put something together yourself.
Your scenario is very uncommon so it’s not something anyone has spent time on.
well i think to put a transport per external address using different port for SIP, but using the same user, then… pjsip can call a user if they is in a transport different to the caller???
Transports are independent.
One way of dealing with broken multi-homing is to use two instances of Asterisk.
And communicate them with IAX2???
And the authentication from PJSIP can do with a samba 4 as AD (simple)
Then I need 3 asterisk instances?? One for each OPNSense and one for the internal network, the thing is that i want that the user dont need to change the configuration of her client when they stay with Movile Data or internal with my local Wifi or the another VPN
I think that is better tree transport, one for local network with 5060 port, and the others with port forward from Firewalls, and the same domain name, the clients dont have to change they configuration. Thanks to all… later i tell how i do…
Is this correct??
==================================================
;===============TRANSPORT
[simpletrans]
type=transport
protocol=udp
bind=0.0.0.0
local_net=127.0.0.1/32
local_net=10.11.0.0/24
local_net=192.168.0.0/24
[simpletrans-vpn]
type=transport
protocol=udp
bind=0.0.0.0:5061
local_net=127.0.0.1/32
local_net=10.11.0.0/24
local_net=192.168.0.0/24
external_media_address=10.11.1.2
external_signaling_address=10.11.1.2
[simpletrans-wan]
type=transport
protocol=udp
bind=0.0.0.0:5062
local_net=127.0.0.1/32
local_net=10.11.0.0/24
local_net=192.168.0.0/24
external_media_address=192.168.44.17
external_signaling_address=192.168.44.17
======================================================
And then in the two firewall add portforward from
5060->5061 (Firewall 1 VPN 10.11.1.2)
5060->5062 (Firewall 2 WAN 192.168.44.17)
That will configure two transports with different external addresses, yes.
But now asterisk respond to a request by te last transport configured
Really that i need install 3 differents asterisk to do this work??
I’m using OPNSense as my firewall that come with, can used it to fix my deploy??