Asterisk sending to Wrong Gateway!

Greetings Everyone,

I have been watching Asterisk Essentials Course and have configured Asterisk-13.35 for a remote Sip extension. The extension registers with Asterisk but I get one-way audio if I use my WiFi from a different network; and no audio if I turn my WiFi off and use my carrier’s network. When I look at the network with WireShark, I see my Asterisk box sending rtp to 192.168.0.1 as my gateway. The Asterisk box is on 192.168.1.0/24. I have been through the co nf files trying to find the setting that is causing problems. I have the remote extension set to nat=force_rport,comedia.

In Sip.conf i set the localnet=192.168.1.0/24 and externaddr=XX.XXX.XXX.XXX:5060.

Has anybody seen this before? Where do I set this parameter?

Thank you for helping me these few weeks,

Regards,
Dave

What is your remote peer sending as the media address in its SDP, and what is asterisk sending there?

(At least one of these must actually be a usable address for comedia to work (strictly speaking, it is the one sent by Asterisk that must be usable for comedia to work on Asterisk).

By gateway, do you mean a SIP proxy or an IP gateway? For IP gateways, you will have difficulty telling what address was used, as the traffic is sent to the MAC address, not the IP address.

A SIP gateway would either have to be explicitly specified or introduced by a SIP proxy; some routers may try to proxy SIP by default; that has to be dealt with in the router, not Asterisk.

Also, you appear to be a new user. In that case you should not be using chan_sip, as it has limited support.

–> I see my Asterisk box sending rtp to 192.168.0.1

Asterisk tries to send RTP back to the IP, which was received  in 

SDP(session description proto) from remote side.

sometimes, smart routers modify SDP on the fly (mostly, they use iptables 

modules), replace headers and make more problems then help.
first of all - I think problem with remote peer, it can’t detect its
external IP for RTP back path,
Asterisk ignores SDP and just send it back to the IP:PORT it received from
( 192.168.0.1 ), the router IP , which failes to deliver it.

Try to play with different nat= options, and other asterisk options from
NAT section to find most sutable for your specific NAT

But as for me, best method to fix it - install turnserverd on the
asterisk, and configure remote peers to use it as TURN/STUN, with
login/password.
It will solve 99% of audio issue related to NAT.
And for peer-to-peer connection between servers behind NAT usually VPN (
openVPN ) is better solution.

When Asterisk sends its RTP stream back to the remote endpoint it is sending to 192.168.0.1 instead of 192.168.1.1 which is my routers gateway. The Asterisk box is 192.168.1.227.

The Bria softphone is sending the 192.168.0.1. Asterisk is sending my outside address in SDP.

I have nat=force_rport,comedia set on the user. Should nat be set in the general context?

Doesn’t nat=force_rport force Asterisk to ignore the SIP header address and send to the Softphones outside address?
Actually the endpoint works great. But no audio. The RTP stream should go to 99.203.80.26, the outside address of my Bria softphone.

What to do?

What is “it”? Comedia explicitly requests Asterisk to send media back to the address from which it receives media.

If everything is working, Asterisk will send media to the public address of the peer, as derived from the incoming media. However, as well as having comedia enabled, Asterisk must receive some media before it can know what that address is. The best solution, though, is to make the phone aware that it is behind NAT.

(If Asterisk is properly configured for NAT (e.g. externip is set), Asterisk will send a public address in its SDP, and the phone should then send media to that address, which should result in Asterisk discovering the phone’s real media address. However, until, it has received some media, it will believe the SDP (which helps if accidentally manage to set the equivalent of comedia on both ends).)

force_rport only affects signalling, not media.

Please try to configure rewrite_contact =yes and ice=yes to the endpoint.

These will be ignored as he is using chan_sip, and they are only meaningful for pjsip. It doesn’t have an endpoint concept, either.

David551,

Would PJSIP work here? Can I control the rtp stream with PJSIP?

And when I look at Asterisk logs, what is a “new stack”?

Thank You,
Dave

I think PJSIP has slightly more control of the RTP, but it can’t do miracles. Whilst you should be using, for other reasons, unless there are specific contra-indications, I suspect your real solution lies elsewhere.

In particular, I think rewrite_contact applies to signalling, not to media, and chan_sip also has some ICE support, but getting ICE to work is, I gather, not that easy, and NAT traversal was possible before ICE support was added. Both sides need to support ICE for it to make any difference.

Google doesn’t return anything that suggests that Bria supports ICE.

Have you configured externhost or externip, yet?

I never understood that phrase, but never found that I needed to do so.

Yes. Both localhost= and extrnaddr= are configured in general context of sip.conf.

Shouldn’t comedia solve our problem? If not, should I use a stun servers suggested by A4business?

"But as for me, best method to fix it - install turnserverd on the
asterisk, and configure remote peers to use it as TURN/STUN, with
login/password "

If I had config the endpoints as IAX2, would I have a problem with RTP?

Dave

STUN is good when nothing helps to solve audio issue (for WEBrtc its the only method to work, browser can’t know local interface address). You tried all available optinos of NAT - and still no audio.
buy STUN only helps to solve RTP back IP address , sometime is not anough!

ICE ( is a combination using stun+trun services and IP gathering functions ) helps to proxy RTP via a tunnel (relay host ) , running on asterisk server.
important to have ICE running on asterisk for local calls, the google STUN helps only for external calls from asterisk to voip provider

And its not hard to setup it, I can say it even easy if you have done it once.

wget http://turnserver.open-sys.org/downloads/v4.5.1.1/turnserver-4.5.1.1.tar.gz && tar -xvzf turnserver-4.5.1.1.tar.gz && cd turnserver-4.5.1.1 && ./configure --prefix=/usr && make && make install

Config: /etc/turnserver.conf

listening-ip=[IPADDRESS]
relay-ip=[IPADDRESS]
listening-port=19302

;; Uncoment if you want to use turns or stuns ( encrypted ), and have domain with valid ssl 
;;tls-listening-port=19303
;;cert=/etc/asterisk/keys/TLS.pem
;;pkey=/etc/asterisk/keys/privkey.pem

fingerprint
realm=[IPADDRESS]
server-name=[IPADDRESS]
lt-cred-mech
user=user1:pass123
user=user2:pass123
log-file=/var/log/coturn.log
no-stdout-log

start it using initd script:

#! /bin/sh
# /etc/init.d/$PROG
#
# chkconfig: 2345 90 60
# description: Stun/ Turnserver  for  telephony 
# processname: turnserver

PROG=turnserver

# Some things that run always
touch /var/lock/

# Carry out specific functions when asked to by the system
case "$1" in
  start)
    echo "Starting $PROG "
    cat /etc/turnserver.conf 2>/dev/null |grep '^listen'
    /usr/bin/turnserver -c /etc/turnserver.conf >/var/log/turnserver.log 2>&1 &
     
    ;;
  stop)
    echo "Stopping script $PROG"
    killall -9 turnserver || echo "Failed to stop ${PROG} "
    ;;
  *)
    echo "Usage: /etc/init.d/$PROG {start|stop}"
    exit 1
    ;;
esac

to run it when system starts:

chkconfig turnserverd on
service turnserverd start

on the client device (IPphone or softphone) just enbale using stun/turn and put user name with password - it will enable TURN rtp tunneling

If your asterisk under the NAT, and you want to make external calls to voip provider, you can setup ICE on some public hosted server, or, use google STUN :
In your rtp.conf file, /usr/asterisk/etc/asterisk/rtp.conf , you still

stunaddr=stun.l.google.com:19302
icesupport=true

comedia can only be used at one end. You can specify it at both, but one side mustn’t really need it. Unless one side can find the media address for other without relying on comedia, the other one is never going to learn the media address of the first one.

With comedia, Asterisk will send to the address it obtained without comedia unless and until it receives media from the other side to enable it to learn the real address.

Is there anything I can do with my router to accomplish the desired result? Juniper SRX-210

You haven’t provided enough information to indicate that the router is at fault.

My best guess at the moment is that both Asterisk and the phone are behind different NATs and you have not added passthrough port forwarding for the RTP port range, use, by Asterisk, on your router.

However we really need a good description of the network and the actual SIP protocol and address details from any RTP acutally received.

its not the right place for asking help about Juniper SRX-210,

but, if to folllow their forum, try to disable security algorithms as adviced:

https://forums.juniper.net/t5/SRX-Services-Gateway/VOIP-Allowing-two-way-communication-TCP-UDP-5060-SRX210/td-p/174557

I do not find it as a good solution, but just temporary, it may help to localize the issue .

david551

Right you are. I didn’t forward the rtp to Asterisk.

I have some extra outside IP addresses so I am using a static NAT. Everything goes to Asterisk box. I have two way audio now. Looks like comedia works.

Thank you for help, Guys. I appreciate it.
Dave

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.