Good configuration for early media

Hi,
I have a configuration which work with sound and video but I need also early media.
This my architecture:
Asterisk 11.7.0 is in front of Internet with a public address (example of ip: 87.98.130.1) (installed on a public server OVH)
A first station is in a lan in a society 1 (example private ip 192.168.48.132 / public ip 80.74.74.3)
A second station is a sip application a on smartphone (example public ip 80.74.74.4)

This is how i configure my sip.conf to be able to run with audio and video :

[general]
context = mysociety  				; Default context for incoming calls

useragent = Sip Server On Host; Allows you to change the user agent string
                                ; The default user agent string also contains the Asterisk version. 

realm = sip.myserver.fr			; Realm for digest authentication defaults to "asterisk". 
                                ; If you set a system name in asterisk.conf, it defaults to that system name
                                ; Realms MUST be globally unique according to RFC 3261
                                ; Set this to your host name or domain name

srvlookup = yes  				; Enable DNS SRV lookups on outbound calls
                                ; Note: Asterisk only uses the first host in SRV records
                                ; Disabling DNS SRV lookups disables the ability to place SIP calls
                                ; based on domain names to some other SIP users on the Internet
                                ; Specifying a port in a SIP peer definition or when dialing outbound calls 
                                ; will supress SRV lookups for that peer or call.

allowoverlap = no  				; Disable overlap dialing support. (Default is yes)

nat = yes                       ; Force rport to always be on and perform comedia RTP handling. (Default is no)

tcpenable = yes					; Enable server for incoming TCP connections (default is no)
tcpbindaddr = 0.0.0.0  			; IP address for TCP server to bind to (0.0.0.0 binds to all interfaces)
                                ; Optionally add a port number, 192.168.1.1:5062 (default is port 5060)
udpbindaddr = 0.0.0.0  			; IP address to bind UDP listen socket to (0.0.0.0 binds to all)
                                ; Optionally add a port number, 192.168.1.1:5062 (default is port 5060)

;transport = udp,tcp,tls		;
transport = udp,tcp				; TLS is disable because need a root certificate with agrement 

directmedia = no				; Asterisk by default tries to redirect the
                                ; RTP media stream (audio) to go directly from
                                ; the caller to the callee.  Some devices do not
                                ; support this (especially if one of them is
                                ; behind a NAT). (Default is yes)

canreinvite = no				; The "canreinvite" option has changed. canreinvite=yes used to disable re-invites if you had NAT=yes.
								; In 1.4, you need to set canreinvite=nonat to disable re-invites when NAT=yes. 
								; This is propably what you want. The settings are now: "yes", "no", "nonat", "update".
								; canreinvite= was renamed to directmedia= in Asterisk 1.6.2 to more accurately describe what this setting does.

directrtpsetup = no				; Enable the new experimental direct RTP setup. This sets up
                                ; the call directly with media peer-2-peer without re-invites.
                                ; Will not work for video and cases where the callee sends
                                ; RTP payloads and fmtp headers in the 200 OK that does not match the
                                ; callers INVITE. This will also fail if directmedia is enabled when
                                ; the device is actually behind NAT. (Default is yes)

ignoresdpversion = yes			; By default, Asterisk will honor the session version
                                ; number in SDP packets and will only modify the SDP
                                ; session if the version number changes. This option will
                                ; force asterisk to ignore the SDP session version number
                                ; and treat all SDP data as new data.  This is required
                                ; for devices that send us non standard SDP packets
                                ; (observed with Microsoft OCS). By default this option is
                                ; off.

videosupport = yes  			; Turn on support for SIP video. You need to turn this
                                ; on in this section to get any video support at all.
                                ; You can turn it off on a per peer basis if the general
                                ; video support is enabled, but you can't enable it for
                                ; one peer only without enabling in the general section.
                                ; If you set videosupport to "always", then RTP ports will
                                ; always be set up for video, even on clients that don't
                                ; support it.  This assists callfile-derived calls and
                                ; certain transferred calls to use always use video when
                                ; available. [yes|NO|always]

language = fr					; Default language setting for all users/peers - This may also be set for individual users/peers

disallow = all					; First disallow all codecs then allow codecs in order of preference
allow = alaw
allow = ulaw
allow = gsm
allow = h264
allow = h263p

[a-aaa]
context = mysociety
callerid = a
defaultuser = a
secret = aaa
dtmfmode = rfc2833
type = friend
insecure = invite
host = dynamic
qualify = yes

[b_bbb]
context = mysociety
callerid = b
defaultuser = b
secret = bbb
dtmfmode = rfc2833
type = friend
insecure = invite
host = dynamic
qualify = yes

And in extension.conf :

...

[macro--single-dial]
;ARG1: Call timeout
;ARG2: Communication timeout 
;ARG3: Extension for the voicemail
;ARG4: sip number

exten => s,1,Noop(VERSION=1.0.0)
exten => s,n,Set(cn=${CALLERID(name)})
exten => s,n,Set(CHANNEL(hangup_handler_push)=handler,s,1)

exten => s,n,Ringing

;Dial the peer, if no response => voicemail
exten => s,n,Progress()
exten => s,n,Dial(${ARG4},${ARG1},S(${ARG2}))
exten => s,n,Gosub(treat-dial-status,s,1(${ARG3}))

[treat-dial-status]
;ARG1: Extension for the voicemail

exten => s,1,Goto(s-${DIALSTATUS},1)
exten => s-NOANSWER,1,MailboxExists(${ARG1})			;deprecated in v11.2 : should use ${VM_INFO(${ARG3},exists)} instead
;exten => s-NOANSWER,1,${VM_INFO(${ARG1},exists)}
exten => s-NOANSWER,n,Goto(vm${VMBOXEXISTSSTATUS})
exten => s-NOANSWER,n(vmFAILED),Goto(hangup)
exten => s-NOANSWER,n(vmSUCCESS),Voicemail(${ARG1},u)
exten => s-NOANSWER,n(hangup),Hangup()
exten => s-BUSY,1,MailboxExists(${ARG1}) 				;deprecated in v11.2 : should use ${VM_INFO(${ARG3},exists)} instead
;exten => s-BUSY,1,${VM_INFO(${ARG1},exists)}
exten => s-BUSY,n,Goto(vm${VMBOXEXISTSSTATUS})
exten => s-BUSY,n(vmFAILED),Goto(hangup)
exten => s-BUSY,n(vmSUCCESS),Voicemail(${ARG1},b)
exten => s-BUSY,n(hangup),Hangup()
exten => s-CONGESTION,1,Goto(s-BUSY,1)
exten => s-CHANUNAVAIL,1,Hangup()
exten => _s-.,1,Goto(s-BUSY,1)
exten => a,1,VoicemailMain(${ARG1})
exten => s,n,Return()

[mysociety]
exten => a-aaa,1,Macro(single-dial,60,300,a-aaa,SIP/a-aaa)
exten => b_bbb,1,Macro(single-dial,60,300,b_bbb,SIP/b_bbb)

If I disable nat, enable directmedia and directrtpsetup when the first and second station are in the same lan, I can have the early media (audio and video)
How must I do to be able to have early media when peers are not in the same network ?

In my configuration nat is it necessary or should I use a STUN server to get the public IP of the peers ?
Thanks to give me your opinion about my config and how you i should do to get early media available.

No ideas ?
How do you configure your sip server for such architecture ?

I have one more question: I use qualify=yes but my first peer goes UNREACHABLE when the timeout is reach (qualifyfreq by default). The transport is udp.
When I debug I can see the OPTIONS between my server and the peers => the server try to contact the peer without using the private ip, is it normal ? We can see in the reply to the REGISTER than the private ip is used with ‘To:’.

This the debug:

<------------>
Scheduling destruction of SIP dialog '854708309' in 32000 ms (Method: REGISTER)

<--- SIP read from UDP:80.74.74.X:15120 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP 87.98.131.Y:5060;branch=z9hG4bK6354bd17;rport=5060
From: "asterisk" <sip:asterisk@87.98.131.Y>;tag=as10f0d510
To: <sip:labo@192.168.48.132>;tag=618137457
Call-ID: 49d2d9662b26eacd4d2bd00340adc731@87.98.131.Y:5060
CSeq: 102 OPTIONS
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, SUBSCRIBE, NOTIFY, INFO
Accept: application/sdp
User-Agent: Media/3.3.99.11 (eXosip2/3.6.0)
Content-Length: 0

<------------->
...
<------------->

Sending to 80.74.74.X:15120 (NAT)
Reliably Transmitting (NAT) to 80.74.74.X:15120:
OPTIONS sip:labo@80.74.74.X:15120 SIP/2.0
Via: SIP/2.0/UDP 87.98.131.Y:5060;branch=z9hG4bK1aa721dd;rport
Max-Forwards: 70
From: "asterisk" <sip:asterisk@87.98.131.Y>;tag=as153e898a
To: <sip:labo@80.74.74.X:15120>
Contact: <sip:asterisk@87.98.131.Y:5060>
Call-ID: 743129dc28dab8bb0897f36b1389b051@87.98.131.Y:5060
CSeq: 102 OPTIONS
User-Agent: Sip Server (20130523_12h10)
Date: Fri, 21 Mar 2014 10:26:12 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Content-Length: 0

Just tell me if sip.conf and extension.conf seems to be ok for such architecture. Thanks by advance.

First question: This is an unusual requirement.

Second question:

You have not specified a public address or any means of obtaining one, so I don’t understand how you could expect Asterisk to have any choice as the address to use. The destination address for the OPTIONS will be that which it received in the Contact header in the REGISTER, and the source address will be the address that the socket subsystem would use for a UDP packets to that contact address.

Hi david55, thanks for your reply.
For the second question, and if i read the logs, i can see than OPTIONS are sent to the good address, the same than in the contact header
=> i’m in a lan and don’t have access to the gateway/firewall of the society but as i can’t see the OPTIONS on the peer, maybe i should suppose the connection is no more available or something like this. I can’t try with tcp (not implemented) but if so the connection would not leave in this case, right ?

For the 1st question does someone knows if early media is really available in nat context. As i don’t have the same network on the 2 peers and the sip server, i don’t know if i need to add a localnet/externaddr parameter and if so how.
I don’t think is it so unusual today (a sip phone call a smartphone throught a sip server Asterisk on Internet) but maybe early media is not so frequently used…