NAT and two x-lites

I have set up an asterisk server and two x-lite clients. One is on the same network as the asterisk server and the other is on another network. Both networks are behind NAT, but the asterisk network has port forwarding to the asterisk PC. There are also real phone lines and a sip-gate account.

Both x-lites can make and receive external calls through sip-gate / the phone line. Also, both x-lites can take part in a conference using the asterisk PC.

However, calling one x-lite from the other results in one-way audio only.

I have made a diagram of the setup in the following image:

first on the external (NOT asterisk network) xlite, turn on STUN. Enable ‘transmit silence’ on both xlites. Turn OFF stun on the one that is on the same network as *.
On your * box set externip= and localnet=. nat=no for the xlite on same lan, nat=yes for the other one.

finally make sure the * box doesnt have a firewall that is blocking any ports…

Sounds good except for one thing. The x-lites are running on laptops which will be in and out of office depending on circumstance. x-lite only allows 1 account, so this would require us to keep changing settings manually.

Also, has the problem that the asterisk settings would need changing when we move in/out of the office.

Is there anyway to make these changes “auto-detect”?

try this-
set nat=yes everywhere just for kicks. have xlite register to a DNS name. now configure your router to allow loop back- packets sent from inside the network to the network’s external address get looped back to forwarded ports. That may work…
alternatively on the LAN’s DNS server alias that dns name to the asterisk internal IP, so inside the network resolves to 192.168.whatever, but outside it resolves to your public IP…

This is how it is currently working, and it is great as long as the audio for the call has to go through the asterisk box. ie. we can do conferences and the audio is two way, and we can make and receive external calls.

If we could force the audio to go through the asterisk box when we call each other - instead of directly from x-lite to x-lite then I’m sure we’d have two way audio. Any ideas?

I’ve had a further idea. If I was recording all calls then this would mean the voice was going the asterisk server. Maybe people who have done recording of calls will have some idea of how to force audio to go through the asterisk pc?

what do you have set for “canreinvite” for these users ? if the UAs get a reinvite and Asterisk is out of the media path then you’re at the mercy of your firewall/NAT interface and conntracking etc.

I have not got canreinvite specified for most of the users.

I do have it specified for my sipgate account (canreinvite = no) - and this was required to be able to get the audio working between my sip phone and this service.

Should I therefore set canreinvite = no for all the users of x-lite? Or do I need to do something different?


it’s worth trying. that way, you know the RTP stream is always going to be via Asterisk, and not so susceptible to the effects of NAT if you have port-forwarding setup correctly.

i have the same problem. audio only in one direction over nat. i use asterisk 1.2.14 and a grandstream phone. asterisk is behind a firewall, and the phone behind a second one. ports are forwarded and canreinvite=no. when i make a tcpdump on the asterisk machine, i can see the packets from the phone. but when i use rtp debug i can see only that asterisk is sending rtp packets and not receiving.
is this a bug?

its a bug in asterisk 1.2.14.
i compiled 1.2.13 and all works ok