Global force_rport='No' peer/user force_rport='Yes'

friends, all my extensions are unset with nat=force_rport,comedia.
In the “global” is set in sip.conf nat = no.

My asterisk version: 11.2.1

Whenever I restart the asterisk it generates a log with the error below:.

PLEASE NOTE: Setting ‘nat’ for a peer/user that differs from the global setting can make the name of that peer/user discoverable by an attacker. Replies for non-existent peers/users will be sent to a different port than replies for an existing peer/user. If at all possible, use the global ‘nat’ setting and do not set ‘nat’ per peer/user. (config category=‘407980’ global force_rport=‘No’ peer/user force_rport=‘Yes’)

SIP.CONF
[general]
context=xxxxxxxxxxx
allowoverlap=no
allowguest=no
alwaysauthreject=yes
autodomain=yes
domain=xxxxx
domain=yyyyyy
domain=vvvvvvv
udpbindaddr=0.0.0.0
tcpenable=no
tcpbindaddr=0.0.0.0
transport=udp
srvlookup=yes
directmedia=no
nat=no
insecure=port,invite
language=en
useragent=NGN
realm=xxx
dtmfmode=rfc2833
videosupport=yes
maxcallbitrate=384
t38pt_udptl = no
disallow=all
allow=g729
allow=alaw
allow=ulaw
allow=h263
allow=h263p
allow=h264

Anyone know how to fix this error?
Thanks.

That message doesn’t appear in chan_sip.c! It appears nowhere in the development trunk version, as of a few second ago.

Are you sure it is an error, not a warning.

It is complaining about a mismatch with a specific peer, but you have not included the sip.conf (or realtime) entry for that peer.

Putting insecure=invite in the general section is not normally a good idea. Unless overridden in specific sections, it allows anyone to impersonate any of your peers or users when calling in to you.

Letting allowguest to default to yes is also not usually a good idea.

It looks like this message is not coming from Asterisk, or is coming from a modified version of Asterisk. In the former case, you may want to take up the issue with the supplier of any GUI front end that you are using.