Asterisk SDP info about RTP. NAT

Asterisk Asterisk Support
1

Hello!

I ask for your help to configure asterisk behind NAT. I know, there is a lot of information and documentation, but may be I found a bug or I just can’t configure smth…

I have PBX server behind NAT on virualBOX container of the server that have external IP.
PBX<–>main_server<–>internet<–>router_client<–>client

PBX IP: 192.168.127.14/30
main_server internal IP: 192.168.127.13/30
main_server external IP: ex.ter.n.ip
router_client public IP: dynamic
router_client internal IP: 192.168.1.0/24
client IP: 192.168.1.102/24

I forwarded 5060, 11500-20000 UDP on the main_server to PBX (RTP ports are changed in rtp.conf too).

[code]EXT_IP="ex.ter.n.ip"
INT_IP="192.168.127.13"
EXT_IF=eth0
INT_IF=eth0:3
FAKE_PORT=5060
LAN_IP="192.168.127.14"
SRV_PORT=5060

iptables -t nat -I PREROUTING -d $EXT_IP -p udp --dport $FAKE_PORT -j DNAT --to-destination $LAN_IP:$SRV_PORT
iptables -t nat -I POSTROUTING -d $LAN_IP -p udp --dport $SRV_PORT -j SNAT --to-source $INT_IP
iptables -t nat -I OUTPUT -d $EXT_IP -p udp --dport $SRV_PORT -j DNAT --to-destination $LAN_IP
iptables -I FORWARD 1 -i $EXT_IF -o $INT_IF -d $LAN_IP -p udp --dport $SRV_PORT -j ACCEPT

iptables -t nat -I PREROUTING -d $EXT_IP -p udp --dport 11500:20000 -j DNAT --to-destination $LAN_IP
iptables -t nat -I POSTROUTING -d $LAN_IP -p udp --dport 11500:20000 -j SNAT --to-source $INT_IP
iptables -t nat -I OUTPUT -d $EXT_IP -p udp --dport 11500:20000 -j DNAT --to-destination $LAN_IP
iptables -I FORWARD 1 -i $EXT_IF -o $INT_IF -d $LAN_IP -p udp --dport 11500:20000 -j ACCEPT
[/code]

Checked port forwarding whith “nc -l -u 11504” works great.

asterisk externalIP and localnet configured in general section:

[quote]sip show settings

Global Settings:

UDP Bindaddress: 192.168.127.14:5060
TCP SIP Bindaddress: Disabled
TLS SIP Bindaddress: Disabled
Videosupport: No
Textsupport: No
Ignore SDP sess. ver.: No
AutoCreate Peer: Off
Match Auth Username: No
Allow unknown access: Yes
Allow subscriptions: Yes
Allow overlap dialing: Yes
Allow promisc. redir: No
Enable call counters: No
SIP domain support: No
Realm. auth: No
Our auth realm asterisk
Use domains as realms: No
Call to non-local dom.: Yes
URI user is phone no: No
Always auth rejects: Yes
Direct RTP setup: No
User Agent: FPBX-2.11.0(11.7.0)
SDP Session Name: Asterisk PBX 11.7.0
SDP Owner Name: root
Reg. context: (not set)
Regexten on Qualify: No
Trust RPID: No
Send RPID: No
Legacy userfield parse: No
Send Diversion: Yes
Caller ID: Unknown
From: Domain:
Record SIP history: Off
Call Events: Off
Auth. Failure Events: Off
T.38 support: No
T.38 EC mode: Unknown
T.38 MaxDtgrm: -1
SIP realtime: Disabled
Qualify Freq : 60000 ms
Q.850 Reason header: No
Store SIP_CAUSE: No

Network QoS Settings:

IP ToS SIP: CS3
IP ToS RTP audio: EF
IP ToS RTP video: AF41
IP ToS RTP text: CS0
802.1p CoS SIP: 4
802.1p CoS RTP audio: 5
802.1p CoS RTP video: 6
802.1p CoS RTP text: 5
Jitterbuffer enabled: No

Network Settings:

SIP address remapping: Enabled using externaddr
Externhost:
Externaddr: ex.ter.n.ip:0
Externrefresh: 10
Localnet: 192.168.127.12/255.255.255.252

Global Signalling Settings:

Codecs: (gsm|ulaw|alaw|speex|g722)
Codec Order: ulaw:20,alaw:20,speex:20,g722:20,gsm:20
Relax DTMF: No
RFC2833 Compensation: No
Symmetric RTP: Yes
Compact SIP headers: No
RTP Keepalive: 300
RTP Timeout: 60
RTP Hold Timeout: 900
MWI NOTIFY mime type: application/simple-message-summary
DNS SRV lookup: No
Pedantic SIP support: Yes
Reg. min duration 60 secs
Reg. max duration: 3600 secs
Reg. default duration: 120 secs
Sub. min duration 60 secs
Sub. max duration: 3600 secs
Outbound reg. timeout: 20 secs
Outbound reg. attempts: 0
Outbound reg. retry 403:0
Notify ringing state: Yes
Include CID: No
Notify hold state: Yes
SIP Transfer mode: open
Max Call Bitrate: 384 kbps
Auto-Framing: No
Outb. proxy:
Session Timers: Accept
Session Refresher: uas
Session Expires: 1800 secs
Session Min-SE: 90 secs
Timer T1: 500
Timer T1 minimum: 100
Timer B: 32000
No premature media: Yes
Max forwards: 70

Default Settings:

Allowed transports: UDP
Outbound transport: UDP
Context: from-sip-external
Record on feature: automon
Record off feature: automon
Force rport: Yes
DTMF: rfc2833
Qualify: 0
Keepalive: 0
Use ClientCode: No
Progress inband: Never
Language:
Tone zone:
MOH Interpret: default
MOH Suggest:
Voice Mail Extension: *97
[/code]

NAT=yes in client configuration is enabled:

[code][1001]
deny=0.0.0.0/0.0.0.0
secret=*************
dtmfmode=auto
canreinvite=no
context=from-internal
host=dynamic
trustrpid=yes
sendrpid=no
type=friend
nat=yes
port=5060
qualify=yes
qualifyfreq=60
transport=udp
avpf=no
icesupport=yes
encryption=no
callgroup=
pickupgroup=
dial=SIP/1001
mailbox=1001@device
permit=0.0.0.0/0.0.0.0
callerid=Alex <1001>
callcounter=yes
faxdetect=no
cc_monitor_policy=generic[/quote]

Both server and client are behind NAT. There is no problems with registration. The problem is in RTP packages that are send to local addresses. I configured linphone on my notebook and here the story begins…

Firstly i registered linphone and configurel media ports. When i make a call i can see OK/200 answer when the call is picked up. But RTP packages are send to the local IP of a client. Found https://issues.asterisk.org/jira/browse/ASTERISK-4978 this article and configured STUN server (but this is bad because my main phone doesn’t have STUN server configuration)
before:

[quote]Got RTP packet from 192.168.127.13:11314 (type 00, seq 061142, ts 1742857496, len 000160)
Sent RTP packet to 192.168.1.102:55567 (type 00, seq 045392, ts 1742857496, len 000160)[/quote]

after:

[quote]Got RTP packet from 192.168.127.13:14314 (type 00, seq 061142, ts 1742857496, len 000160)
Sent RTP packet to 95.26.xx.xx:55953 (type 00, seq 045392, ts 1742857496, len 000160)
[/quote]

Great!! i fixed it! but not all… no media again and the call ends after some delay… i made tcpdump on my notebook:

[quote]15:41:53.682387 IP (tos 0xb8, ttl 64, id 4956, offset 0, flags [DF], proto UDP (17), length 200)
192.168.1.102.16566 > 192.168.127.14.12564: [udp sum ok] UDP, length 172
15:41:53.714023 IP (tos 0xb8, ttl 64, id 4957, offset 0, flags [DF], proto UDP (17), length 200)
192.168.1.102.16566 > 192.168.127.14.12564: [udp sum ok] UDP, length 172
15:41:53.721898 IP (tos 0xb8, ttl 64, id 4958, offset 0, flags [DF], proto UDP (17), length 200)
192.168.1.102.16566 > 192.168.127.14.12564: [udp sum ok] UDP, length 172
15:41:53.751919 IP (tos 0xb8, ttl 64, id 4959, offset 0, flags [DF], proto UDP (17), length 200)
192.168.1.102.16566 > 192.168.127.14.12564: [udp sum ok] UDP, length 172
15:41:53.761797 IP (tos 0xb8, ttl 64, id 4960, offset 0, flags [DF], proto UDP (17), length 200)
192.168.1.102.16566 > 192.168.127.14.12564: [udp sum ok] UDP, length 172
[/quote]

And i can see that asterisk asks linphone to send RTP to his local address. off course my router_client drops those packages. All other information on asterisk sends normally. If it will be necessary, i can provide “sip set debug on” but it is too big and too informative.

One more new thing in asterisk 11.x is NAT option:

[quote]module reload chan_sip.so

[2014-01-24 15:52:20] WARNING[1679]: sip/config_parser.c:812 sip_parse_nat_option: nat=yes is deprecated, use nat=force_rport,comedia instead
…[/quote]

I tried those options… Nothing changes

[quote]module reload res_rtp_asterisk.so
– Reloading module ‘res_rtp_asterisk.so’ (Asterisk RTP Stack)
== Parsing ‘/etc/asterisk/rtp.conf’: Found
== Parsing ‘/etc/asterisk/rtp_additional.conf’: Found
== Parsing ‘/etc/asterisk/rtp_custom.conf’: Found
== RTP Allocating from port range 11500 -> 20000
[/quote]
No errors here…

The same problem is on asterisk server’s side if i don’t use STUN server. Asterisk sends RTP to 192.168.1.0/24 but as this network is not connected to main_server and they are gone forever ))

Sorry, may be i missed something, i’m trying to fix this issue for 3 days already,

2

Enabled STUN server on linphone and in iptables on my notebook:

and I can hear!!! But i can’t use this, just for tests. What is wrong? Help me please!

3

Some new options here… Sorry

; The IP address used for media (audio, video, and text) in the SDP can also be overridden by using
; the media_address configuration option. This is only applicable to the general section and
; can not be set per-user or per-peer.
;
; media_address = 172.16.42.1

4

The NAT problem is not fully resolved.
After all, I have audio and about 7 sec of conversation with automatic hangup.

According https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions this article I recieve all media and data and client has to transmit ACK for INVITE. I do receive INVITE but when client answers with ACK, it looks like that:

01:17:19.594385 IP (tos 0x68, ttl 64, id 23277, offset 0, flags [DF], proto UDP (17), length 390) 192.168.1.102.sip > !!!192.168.127.14!!!.sip: SIP, length: 362 ACK sip:1001@!!!192.168.127.14!!!:5060 SIP/2.0 Via: SIP/2.0/UDP 192.168.1.102:5060;rport;branch=z9hG4bK781951231 From: <sip:1002@1xx.xxx.1xx.xxx>;tag=966196714 To: <sip:1001@1xx.xxx.1xx.xxx>;tag=as2d3e8a86 Call-ID: 1238154097 CSeq: 21 ACK Contact: <sip:1002@192.168.127.13:48587> Max-Forwards: 70 User-Agent: Linphone/3.6.1 (eXosip2/3.6.0) Content-Length: 0

I deleted nat option from all extensions and put it only in general. I tried all the combinations:
nat=yes
nat=no
nat=force_rport
nat=comedia
nat=force_rport,comedia
nat=auto_comedia
nat=auto_force_rport
nat=auto_force_rport,auto_comedia

5

Oh my…

I had on option “externip=address” in included file in sip.conf and it doesn’t works now as expected. Sip show settings shows external IP option configured right but packages are send with wrong “Contact” field. http://forums.digium.com/viewtopic.php?p=11203 when i found this article i thought that this can’t be true and this man just made mistake in INCLUDE option. But I putted “externip=” in sip.conf and this didn’t worked because “externip” is deprecated(???). Changed to “externaddr=” solved all the problems.

Conclusion:
Change externIP from included file to sip.conf GENERAL section directly and change the name to externADDR.