NAT rtp problem in Asterisk 1.6.0-beta9


I’m just setting up the 1.6 beta 9 and I’m getting some trouble with nat:

I got a peer (2002) wich connects from outside the office (Tipical DSL + NAT router) so i included nat=yes in his ‘profile’ and canreinvite=no so all the trafic goes through Asterisk

Asterisk internal=
Peer internal= or (tried on different computers)
Peer public=

if i don’t define localnet and externip everithing works fine,

20:27:55.413437 IP > SIP, length: 950 20:27:55.413850 IP > SIP, length: 534 20:27:55.751716 IP > SIP, length: 321 20:27:55.797687 IP > SIP, length: 1109 20:27:55.797950 IP > SIP, length: 470 20:27:55.798169 IP > SIP, length: 860 20:27:55.799336 IP > UDP, length 172 20:27:55.818815 IP > UDP, length 172 20:27:55.838809 IP > UDP, length 172 20:27:55.868805 IP > UDP, length 172 20:27:55.878811 IP > UDP, length 172 20:27:55.908805 IP > UDP, length 172 20:27:55.918807 IP > UDP, length 172 20:27:55.938807 IP > UDP, length 172 20:27:55.968809 IP > UDP, length 172 20:27:55.978807 IP > UDP, length 172 20:27:56.008804 IP > UDP, length 172 20:27:56.018810 IP > UDP, length 172 20:27:56.048804 IP > UDP, length 172 20:27:56.058807 IP > UDP, length 172 20:27:56.082002 IP > UDP, length 132 20:27:56.082042 IP > UDP, length 172 20:27:56.108805 IP > UDP, length 172 20:27:56.118807 IP > UDP, length 172 20:27:56.120227 IP > UDP, length 172 20:27:56.129971 IP > UDP, length 172 20:27:56.138809 IP > UDP, length 172 20:27:56.148460 IP > UDP, length 172

I suppose at first Asterisk tries to send to the local IP of the peer until first peer’s package arrives and knows his IP (don’t know why does not use SIP ip packets address if have nat=yes)

But if I define localnet and externip them with the corrects values, SIP negotiation goes ok, but RTP packets are sent to HIS local ip @, so he does not receive audio:
(tcp dump)

[code]20:51:34.365407 IP > SIP, length: 776
20:51:34.365696 IP > SIP, length: 560
20:51:34.716429 IP > SIP, length: 432
20:51:34.755403 IP > SIP, length: 940
20:51:34.755668 IP > SIP, length: 497
20:51:34.756095 IP > SIP, length: 793
20:51:34.757059 IP > UDP, length 172
20:51:34.776314 IP > UDP, length 172
20:51:34.798811 IP > UDP, length 172
20:51:34.818812 IP > UDP, length 172
20:51:34.838807 IP > UDP, length 172
20:51:34.856306 IP > UDP, length 172
20:51:34.876306 IP > UDP, length 172
20:51:34.896306 IP > UDP, length 172
20:51:34.916306 IP > UDP, length 172
20:51:34.936308 IP > UDP, length 172
20:51:34.956307 IP > UDP, length 172
20:51:34.978806 IP > UDP, length 172
20:51:34.996306 IP > UDP, length 172
20:51:35.016307 IP > UDP, length 172
20:51:35.036306 IP > UDP, length 172
20:51:35.039468 IP > SIP, length: 649
20:51:35.040469 IP > ICMP udp port 5014 unreachable, length 208

i got just SOME more ICMP messages like that and no incomming trafic in peer

If i do a whireShark on peer’s computer I see they packets are being send propertly.
I’m not sure of what the problem is, but i’d say that:
First packet from Asterisk arrives Peer before than the first’s Peer package have gone out and the peer’s router has not already established the nat session. In fact that icmp Message does not came from peer’s computer so it must be the router.

i have the peer’s Wireshar if u need, but 'id say ip’s and ports are ok

Any other ideas? any solution?


Everything works as it should.
Configure localnet and externip on Asterisk side.
Configure STUN on the peer side. BTW, which SIP UA is it?

Hi, thanks for the reply

I tried Ekiga on a Linux box and Xlite in windows, both with the same behaviour

I’ve double checked everithing and i can’t guess whats going on… but i discovered simething else…

Stun server was setup on Ekiga, but not in Xlite, if I set-up stun server in xlite it works and got audio in both ways… but not In Ekiga, if i do a wireshark on peer and tcpdum on host, both points are sending RTP trafic to the correct ports, but any side receives the other side’s traffic…

I think it’s irrelevant but for now i’m using voipbuster’s stun server, by the way the debian Pkg called stun is ok to be a stun server?

So if i call from Xlite and tcpdump asterisk I saw he was trying to reach the internal ip of the peer. the peer is set-up as NAT=yes, in conf files says

"Asterisk ; may override the address/port information specified in the SIP/SDP messages, ; and use the information (sender address) supplied by the network stack instead. ; However, this is only useful if the external traffic can reach us. ; The following settings are allowed (both globally and in individual sections): ; ; nat = no ; default. Use NAT mode only according to RFC3581 (;rport) nat=yes ; Always ignore info and assume NAT"


  1. What’s the problem with Ekiga? why both are sending frames and the other part are not getting them?

  2. I did set it up badly with nat=yes or it’s not valid for RTP only for sip

  3. Is stun debian pkg ok for a stun server? if no… any advice?