GSwave, Asterisk and NATTING

Good Day,

I’ve taken over an asterisk server running on ver FreePBX 14.0…
I’ve been tasked with allowing our staff to have their cellphones connect to the server with a sip client.
I’ve forwarded a port on the firewall(mikrotik) to 5060 on the server. I’ve also allowed told the firewall(mikrotik) to dnat the RTP ports 10000 - 20000 to the asterisk server as well.

I am able to connect to the asterisk server via GS WAVE app on my phone. This phone is going via the internet. However, when I dial one of the internal extensions, I can hear it ring but no actual voice is carrying over from either side.

I’ve checked everything on the firewall and I can’t see any limitations. Calls work fine between the various departments inside the company. It’s just when the extension is located on the internet and calling inside the company is there a complication.

What can i check, how can I enable a debug on the log files. I would really appreciate some help.

Kind regards

mikrotik sip alg turned off?

thats is the first place to check


Hi Ben,

Thank you for responding so quickly. I didn’t think to check on that, but I’ve just logged on now

The ports are closed from what I can see

Kind regards

do you have registration ?you mention yes
outgoing calls work ?
is the phone responding try to use a sniffer
which pjsip or chan sip it listen 2 different ports

i’m just trying to think what could be wrong

Hi Ben,
Sorry let me clarify properly.

The asterisk server is working properly. We can make outgoing calls over sip trunks provided by our Internet Service Provider.
The asterisk server is located on a VLAN and all the extensions on the local network are working and voice is running perfectly through the local LAN subnets.

I’ve recently been asked to allow that our staff can connect via their cellphones to the asterisk server via a SIP app on their phones, in this case I’ve used GS WAVE as the test application. That works properly, I’ve been in the LAN with the GS WAVE and it works like a dream, i can call the local extensions and everything goes through perfectly as well.

So I’ve forwarded port 6060 (external mikrotik router) to 5060 on the asterisk box, and fired up GS Wave again on my cellphone from my house. It connects successfully to the asterisk server, however now when I make a call on GS wave from my house I can hear it ring at the respondent’s desk. But no audio comes through. I still think it’s something to do with the RTP’s, but I’m honestly drawing a complete blank. I’ve checked the router more than twelve times and the packet process should be working perfectly.

maybe something is blocked from your house the cellphone blocks 5060? the router in your house ? sip alg is the biggest culprit most of the time from my experience.
try running sngrep to see where stuff are getting stuck

I’d advise against translating the Asterisk port number, although I’d expect it to break at the timeout point for ACKs, not at the start of audio. I’d advise running the whole of Asterisk (chan_sip), or the endpoint(?) (chan_pjsip), directly on the non-standard port number.

For the audio, you will need to forward Asterisk’s RTP port range untranslated, or have the router rewrite the SDP.

I’ve now linked port 5060 dnat to 5060 on the Mikrotik router. You were right it resolved part of the problem. However, audio is now 1 way. I dial one extension, and i can hear the person. I dial another extension, and the person can hear me. I am still battling here. How can i run what tools to diagnose this problem. I wish I could see what was happening at the packet level, although i’m sure it’s a natting factor. A lot of sites are recommending setting up a STUN server. where and how do I configure this. Dr. Google is being slightly vague

Thank you for all your assistance thus far.

Asterisk provides built-in tools to see full details at the SIP./SDP packet level, and, in summary form, at the RTP one. You can also do full packet captures with tcpdump and analyse them with Wireshark.

You can collect packets on the Mikrotik as well.

I find sngrep ( easier to use than Wireshark and it runs over SSH. It doesn’t do as much, but (IMO) it does a better job at the ‘1,000 foot’ view.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.