NAT issues

sadzas · February 4, 2009, 3:46pm

I don’t have audio from external locations. My Asterisk has a public IP address.

asterisco*CLI> sip show peers
Name/username              Host            Dyn Nat ACL Port     Status               
Off-net                       200.xx.xx.15      N               5060     Unmonitored           
6005                       (Unspecified)    D   N                0         UNKNOWN              
6004/6004                  192.168.10.151   D   N         5060     OK (39 ms)           
6003/6003                  192.168.10.150   D              5060     OK (35 ms)           
6002/6002                  201.xx.xx.218     D   N         5060     OK (85 ms)           
6001/6001                  201.xx.xx.137     D   N         5060     OK (37 ms)           
43222999                   (Unspecified)       D   N           0        UNKNOWN              
7 sip peers [Monitored: 4 online, 2 offline Unmonitored: 1 online, 0 offline]

SIP.CONF

vmexten=*97
disallow=all
allow=ulaw
allow=alaw
allow=G729
context=micontexto
callerid=Unknown
notifyringing=yes
notifyhold=yes
limitonpeers=yes
tos_sip=cs3
tos_audio=ef
tos_video=af41
transfer=no
insecure=very
permit=0.0.0.0/0.0.0.0

The external extension

[6001]
type=friend
secret=secreto
record_out=Adhoc
record_in=Adhoc
qualify=yes
port=5060
nat=yes
mailbox=6001@device
host=dynamic
dtmfmode=rfc2833
dial=SIP/6001
context=micontexto
canreinvite=no

RTP debug (it doesn’t show the public IP address from my external extension)

Sent RTP packet to      192.168.2.10:9024 (type 18, seq 008915, ts 007200, len 000020)
Got  RTP packet from    192.168.10.150:25930 (type 18, seq 014875, ts 007360, len 000020)
Sent RTP packet to      192.168.2.10:9024 (type 18, seq 008916, ts 007360, len 000020)
Got  RTP packet from    192.168.10.150:25930 (type 18, seq 014876, ts 007520, len 000020)
Sent RTP packet to      192.168.2.10:9024 (type 18, seq 008917, ts 007520, len 000020)
Got  RTP packet from    192.168.10.150:25930 (type 18, seq 014877, ts 007680, len 000020)
Sent RTP packet to      192.168.2.10:9024 (type 18, seq 008918, ts 007680, len 000020)
Got  RTP packet from    192.168.10.150:25930 (type 18, seq 014878, ts 007840, len 000020)
Sent RTP packet to      192.168.2.10:9024 (type 18, seq 008919, ts 007840, len 000020)
Got  RTP packet from    192.168.10.150:25930 (type 18, seq 014879, ts 008000, len 000020)
Sent RTP packet to      192.168.2.10:9024 (type 18, seq 008920, ts 008000, len 000020)
Got  RTP packet from    192.168.10.150:25930 (type 18, seq 014880, ts 008160, len 000020)
Sent RTP packet to      192.168.2.10:9024 (type 18, seq 008921, ts 008160, len 000020)
Got  RTP packet from    192.168.10.150:25930 (type 18, seq 014881, ts 008320, len 000020)
Sent RTP packet to      192.168.2.10:9024 (type 18, seq 008922, ts 008320, len 000020)
Got  RTP packet from    192.168.10.150:25930 (type 18, seq 014882, ts 008480, len 000020)
Sent RTP packet to      192.168.2.10:9024 (type 18, seq 008923, ts 008480, len 000020)
Got  RTP packet from    192.168.10.150:25930 (type 18, seq 014883, ts 008640, len 000020)
Sent RTP packet to      192.168.2.10:9024 (type 18, seq 008924, ts 008640, len 000020)
Got  RTP packet from    192.168.10.150:25930 (type 18, seq 014884, ts 008800, len 000020)
Sent RTP packet to      192.168.2.10:9024 (type 18, seq 008925, ts 008800, len 000020)

Is not a codec issues, it must be a RTP trouble.
any idea?
thanks!

sadzas · February 4, 2009, 5:41pm

Any idea guys?

I think Asterisk is not resolving NAT, because the RTP packets are going to private IP address.

How can I fix that?

Thanks!

atartan · February 5, 2009, 3:34pm

You can use stun server with the phones… I had the same problem and it solved.

david55 · February 11, 2009, 5:18pm

How does this thread differ from http://forums.digium.com/viewtopic.php?p=123956#123956?

MrFidget · February 12, 2009, 1:19pm

Try:

If the Asterisk box is on a public IP address, then you should be OK.
If the box is behind NAT too, you will have to forward the UDP ports for SIP and UDP ports from the extrernal IP of the router to the asterisk box + some other work. haven’t tried it yet, but will be doing it soon.

Good luck
Chris

vanest · June 11, 2009, 8:04am

There’s no sound for remote clients when calling to my Asterisk behind NAT. It plays ringing tone though.

I’ve set following in the

SIP.CONF

externip = public ip address for the broadband router
nat=route
canreinvite=nonat

[natuser]
nat=yes
qualify=yes

Also, I’ve done port forwarding to the Asterisk server, for ports like 5060, 10001-20000.

When using CLI command sip show peers
the NAT column for a natuser connected from a x-lite client shows N. That means, it can’t recognize the client as from a NATed connection, eventhough the user is configure to use NAT all the times.

When testing with the X-lite client networking, it says the firewall type is BLOCKED. But, I’ve disabled firewall on my PC. Do I need to do port forwarding to my PC on the router? However, this is not a preferred solution.

It seems that Asterisk does not regconize the NAT connection from external network, please help.

MrFidget · June 11, 2009, 1:14pm

What sort of router do you have ?

What sort of firewal rules do you have running on it ??

Do the clients stay registered or do they drop out after a minute or so ???

Remember to use:

Cheers
Chris

vanest · June 11, 2009, 8:10pm

Thanks.

I’m using Linksys WRT54GR at home. There’s no firewall rule being set on the routers or Windows.

The phone can be registered without any problem. It can make and receive phone call without sound on both ends.

What I’ve figured it out is that the Asterisk does not recognize the remote client is using NAT. It shows the NAT status as N as shown by SIP SHOW PEERS. The debug log shows that Asterisk was trying to send audio to the private IP of the remote client, so the audio doesn’t send out of the NAT.

The remote client in SIP.conf was already marked NAT=YES. Thanks for your help.

MrFidget · June 12, 2009, 2:45am

OK, so your SIP is OK

I just tried X-ten on my system. All worked OK. Same setup.

Have you got a SIP hadset or just soft clients ???

Try the soft SNOM 360. Its sorta kinda OK, and it does work through NAT

Have you tried form behind a different router ? Somewhere else ?

Is there something on the router for managing SIP already that could be causing grief ??

Try running something like SmartSniff to see whats going on

Can you connect if you just use a PPPoE bridge and give the client a direct connection to the internet.

Can you run your X ten client into a free SIP service and make it work ?

Divide and conquor, swear a little and when its all over, you’ll be able to post a “Guess what I forgot to do…” post that someone at your stage now at around 3am will totally miss the point of before it finally dawns on him at work the following morning during coffee break.

Good luck and keep us informed
Chris

ps. Are you happy to give me a login so I can test off line ?? I can return the same favour to you on my system ? PM me if you want

vanest · June 12, 2009, 10:31pm

Thanks, Chris.

I test with a soft phone client, because this will be used by remote users.

For the same configuration, there’s no problems for the soft phone to hear voice when it connects to the broad band modem directly, ie, by pass the broadband router at home. So, the settings on the Asterisk server works.

Do I need to do port forwording on the home router? However, it’s not the preferred way.

I have the same situation as sadzas posted. It seems that the Asterisk server does not recognize the user connection is a NATted connection. The NAT status is N. Could this be the real issue? And I also believe it’s a RTP issue. The packet sniff shows that the RTP was sent from the Asterisk (private IP) to the remote client’s (private IP). But, these are under two private networks and it’s not routable.

It works fine with VPN connection. But, this will slow down the traffic, so it’s not my preferred solution too.

Thank you very much for all your input and efforts.

Regards
Ernest

vanest · June 12, 2009, 10:37pm

Additional information,

In the SIP.conf, I’m using the local net as, while the private networking at home is using 192.168.1.0

localnet=192.168.0.0/255.255.255.0

[123]
nat=yes
secret=123
mailbox=123
type=friend
host=dynamic
dtmfmode=rfc2833
qualify=yes
canreinvite=no
registertrying=yes
insecure=port,invite
disallow=all
allow=gsm
allow=ulaw

The X-lite is using port range UDP 15000-16000, which has forwarding to the Asterisk server.

MrFidget · July 1, 2009, 2:24pm

How are you going ???

The sip.conf looks fine.

Have you tried the X-ten client with a free SIP service and done an echo test ?? does that work ?? Can you get it to work that way ??

Let me know how you go…

Cheers
Chris

Topic		Replies	Views
Having trouble with externalip Asterisk Support	2	184	January 10, 2014
Having trouble with externalip Asterisk Support	8	2635	January 15, 2014
Audio trouble, help interpreting logs Asterisk Support	6	298	December 2, 2012
Asterisk NAT problem in asterisk server Asterisk SIP	4	476	December 9, 2019
Audio not coming in NAT'd environment Asterisk Support	2	306	July 25, 2012

NAT issues

SIP.CONF

Related topics