NAT is driving me crazy!

somethingrandom · June 7, 2018, 1:39pm

Hello, I am looking for a little guidance to help me get to the bottom of some Asterisk configuration issues. I have a little Asterisk server at home. Originally I was just going to use it to screen calls at home which is working well, but then I got the idea to setup a SIP client on my mobile so that I could have the convenience of answering and making calls on the home phone from my mobile… Too easy, I thought. Open a few ports… After many late nights, packet tracing and reading up on SIP and SDP I feel no closer to solving this problem.

My home network is quite simple. Asterisk resides on a LAN along with all the other devices at home. A router sits in between me and the internet. As long as I keep my calls internal to the home network, everything works just fine. When I flick my mobile over to 4G and make a call, it may work or not depending on what mood Asterisk is in(well actually I am editing the config quit a bit to troubleshoot, at this point I don’t even know what it’s doing!).

For starters, my 4G carrier uses CG NAT. I can tell this from tracing packets on the Asterisk box, I can see a 10.x.x.x address in the Contact: field in the 200 OK packet. My home connection uses a Dynamic IP address. I am using a dynamic DNS service.

My home router has ports for SIP and RTP forwarded to my Asterisk box.

I have just decided to focus on one issue for now. Calls from my phone(on 4G) to Asterisk. I am making calls to an IVR which I have constructed. When my phone is on the LAN, no problems when I dial the IVR. On 4G, the call is Answered by Asterisk but is dropped due to missing a critical packet. Research tells me this is a missed ARP. My mobile is failing to send the ARP after 200OK from the server. I have confirmed this with wireshark. BTW, I don’t hear any audio on this call. Classic NAT I am told.

I have tried toggling STUN on my mobile.
In my sip.conf I have the following NAT related lines specified:

[general]
localnet=x.x.x.x
externhost=myddnsname:andaport
externrefresh=180

[sipuser]
nat=auto_force_rport,auto_comedia
directmedia=no

Have tried a bunch of combinations but nothing is working for me.

I should mention the mobile client ONLY connects via TCP when I am on 4G, I am not sure why but it seems like that is the way it is.

Anyhow not really sure where to go from here. Any advice or pointers greatly appreciated.

meightee · June 7, 2018, 1:47pm

try nat=force_rport,comedia

Works on asterisk 15.3.0

somethingrandom · June 7, 2018, 9:05pm

Thanks mate, I have tried that but no change.

somethingrandom · June 9, 2018, 6:08am

Just to clarify the situation:

Mobile phone running Zoiper on 4G LTE. Zoiper has STUN enabled. (10.0.0.1), CGNAT, public IP 2.2.2.2

Asterisk on my home internet connection with dynamic IP address(using DDNS). (10.1.1.1), NAT, public IP 3.3.3.3, DDNS hostname = myasterisk.ddns.net

Topology:
Zoiper - CGNAT - internet - NAT (home) - Asterisk

Call is placed from Zoiper to an extension in Asterisk which links to an IVR.
No RTP stream is established. No ACK received from Zoiper after Asterisk sends 200 OK.

Please see the two SDP packets below:

***SDP payload in INVITE packet from Zoiper

v=0
o=Zoiper 0 0 IN IP4 2.2.2.2
s=Zoiper
c=IN IP4 2.2.2.2
t=0 0
m=audio 53244 RTP/AVP 3 101 0 8
a=rtpmap:3 GSM/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=sendrecv

****** SDP payload in the 200 OK packet from Asterisk

v=0
o=root 903343271 903343271 IN IP4 10.1.1.1
s=Asterisk PBX certified/13.13-cert3
c=IN IP4 10.1.1.1
t=0 0
m=audio 10018 RTP/AVP 0 8 3 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=maxptime:150
a=sendrecv

As best as I understand, Asterisk should not be specifying it’s INTERNAL ip address in the c= field for the 200 OK packet’s SDP in this situation. Is this the problem as to why I am getting not RTP stream?

sipuser currently has nat=force_rport,comedia specified. Is this the setting which would tell asterisk what IP address to enter into this field?

Thanks

somethingrandom · June 9, 2018, 6:25am

Before writing my last response I had updated my sip conf with the following:

externaddr:5060=myasterisk.ddns.org

I not currently using the externaddr= or externrefresh= lines in [general]sip.conf.

I have just been having a look in rtp.conf and can see I am able to specify a STUN server for Asterisk which I have not done. Should I be doing this here and is that the problem?

david551 · June 9, 2018, 8:50am

SIP was never designed for NAT, and you have about the worst case, with both incoming and outgoing NAT.

Normlly the outgoing part would be handled with externaddr, and the incoming part with nat=force_rport,comedia, but, in this case, I think you need to take protocol traces and see exactly where things are being told to go, and where they are actually going.

somethingrandom · June 9, 2018, 9:18am

Thanks David. I managed to make it work by switching the mobile client to UDP. I must have had my syntax wrong somewhere. Actually I was under the impression that I could not get my phone to register when on 4G via UDP, but to my surprise it actually connected with UDP without issue. I got rid of all the TCP configuration in sip.conf and low and behold, everything works just as I need it to, local to asterisk, externally on 4G, via my neighbours wifi.

I’m a very happy sip user.

Appreciate your replies.

Thanks