No Video Audio with NAT , once again

dmsherazi · May 22, 2019, 12:58pm

I am having TLS and NAT enabled for the extension 140, When calling the local extensions from the 140 I am facing the issue that there is no Audio or Video. In the asterisk CLI I can see that the remote address is set to 10.238.145.46 , but this is neither the public IP behind which the PBX is nor it relates to the IP of the remote phone.

The device that is registered as 140 has an IP 94.185.53.54.

No.   Timestamp  (Dir) Address                  SIP Message                        
===== ========== ============================== ===================================
00000 1558529743 * ==> 82.178.22.45:41296       OPTIONS sip:140@82.178.22.45:41296;transport=TLS SIP/2.0
00001 1558529743 * <== 82.178.22.45:41296       SIP/2.0 200 OK
00002 1558529745 * <== 192.168.1.161:5060       REGISTER sip:192.168.1.18 SIP/2.0
00003 1558529745 * ==> 192.168.1.161:5060       SIP/2.0 401 Unauthorized
00004 1558529745 * <== 192.168.1.161:5060       REGISTER sip:192.168.1.18 SIP/2.0
00005 1558529745 * ==> 192.168.1.161:5060       SIP/2.0 200 OK
00006 1558529746 * <== 192.168.1.161:5060       OPTIONS sip:192.168.1.18 SIP/2.0
00007 1558529746 * ==> 192.168.1.161:5060       SIP/2.0 401 Unauthorized
00008 1558529746 * <== 192.168.1.161:5060       OPTIONS sip:192.168.1.18 SIP/2.0
00009 1558529746 * ==> 192.168.1.161:5060       SIP/2.0 200 OK
00010 1558529751 * <== 94.185.53.54:4135        INVITE sip:161@85.154.105.1:5061 SIP/2.0
00011 1558529751 * ==> 94.185.53.54:4135        SIP/2.0 401 Unauthorized
00012 1558529751 * <== 94.185.53.54:4135        ACK sip:161@85.154.105.1:5061 SIP/2.0
00013 1558529751 * <== 94.185.53.54:4135        INVITE sip:161@85.154.105.1:5061 SIP/2.0
00014 1558529751 * ==> 94.185.53.54:4135        SIP/2.0 100 Trying
00015 1558529751 * ==> 192.168.1.161:5060       INVITE sip:161@192.168.1.161:5060;line=0c57db2d55b8030 SIP/2.0
00016 1558529751 * <== 192.168.1.161:5060       SIP/2.0 100 Trying
00017 1558529751 * <== 192.168.1.161:5060       SIP/2.0 101 Dialog Establishement
00018 1558529751 * <== 192.168.1.161:5060       SIP/2.0 180 Ringing
00019 1558529751 * ==> 94.185.53.54:4135        SIP/2.0 180 Ringing
00020 1558529751 * <== 192.168.1.161:5060       MESSAGE sip:MobileExten140@192.168.1.18 SIP/2.0
00021 1558529751 * ==> 192.168.1.161:5060       SIP/2.0 401 Unauthorized
00022 1558529751 * <== 192.168.1.161:5060       SIP/2.0 200 OK
00023 1558529751 * ==> 192.168.1.161:5060       ACK sip:161@192.168.1.161:5060 SIP/2.0
00024 1558529751 * ==> 94.185.53.54:4135        SIP/2.0 200 OK
00025 1558529751 * <== 192.168.1.161:5060       MESSAGE sip:MobileExten140@192.168.1.18 SIP/2.0
00026 1558529751 * ==> 192.168.1.161:5060       SIP/2.0 404 Not Found
00027 1558529752 * ==> 94.185.53.54:4135        SIP/2.0 200 OK
00028 1558529753 * ==> 94.185.53.54:4135        SIP/2.0 200 OK
00029 1558529755 * ==> 94.185.53.54:4135        SIP/2.0 200 OK
00030 1558529759 * ==> 94.185.53.54:4135        SIP/2.0 200 OK
00031 1558529763 * ==> 94.185.53.54:4135        SIP/2.0 200 OK
00032 1558529767 * ==> 94.185.53.54:4135        SIP/2.0 200 OK
00033 1558529771 * ==> 94.185.53.54:4135        SIP/2.0 200 OK
00034 1558529771 * <== 192.168.1.161:5060       BYE sip:asterisk@192.168.1.18:5060 SIP/2.0
00035 1558529771 * ==> 192.168.1.161:5060       SIP/2.0 200 OK
00036 1558529773 * ==> 192.168.1.102:5060       OPTIONS sip:102@192.168.1.102:5060 SIP/2.0
00037 1558529773 * <== 192.168.1.102:5060       SIP/2.0 200 OK
00038 1558529773 * ==> 192.168.1.110:5060       OPTIONS sip:110@192.168.1.110:5060 SIP/2.0
00039 1558529773 * <== 192.168.1.110:5060       SIP/2.0 200 OK
00040 1558529774 * ==> 192.168.1.105:5060       OPTIONS sip:105@192.168.1.105:5060 SIP/2.0
00041 1558529774 * <== 192.168.1.105:5060       SIP/2.0 200 OK
00042 1558529775 * ==> 192.168.1.107:5060       OPTIONS sip:107@192.168.1.107:5060 SIP/2.0
00043 1558529775 * <== 192.168.1.107:5060       SIP/2.0 200 OK
00044 1558529775 * ==> 192.168.1.106:5060       OPTIONS sip:106@192.168.1.106:5060 SIP/2.0
00045 1558529775 * <== 192.168.1.106:5060       SIP/2.0 200 OK
00046 1558529775 * ==> 94.185.53.54:4135        SIP/2.0 200 OK
00047 1558529775 * ==> 192.168.1.103:5060       OPTIONS sip:103@192.168.1.103:5060 SIP/2.0
00048 1558529775 * <== 192.168.1.103:5060       SIP/2.0 200 OK
00049 1558529776 * <== 192.168.1.161:5060       OPTIONS sip:192.168.1.18 SIP/2.0
00050 1558529776 * ==> 192.168.1.161:5060       SIP/2.0 401 Unauthorized
00051 1558529776 * <== 192.168.1.161:5060       OPTIONS sip:192.168.1.18 SIP/2.0
00052 1558529776 * ==> 192.168.1.161:5060       SIP/2.0 200 OK
00053 1558529777 * ==> 46.140.240.122:56256     OPTIONS sip:140@46.140.240.122:56256;transport=TLS SIP/2.0
00054 1558529778 * <== 46.140.240.122:56256     SIP/2.0 200 OK

jcolp · May 22, 2019, 1:10pm

You need to provide the endpoint and transport configuration.

dmsherazi · May 22, 2019, 1:14pm

This is the config for 140

[140]
type = aor
max_contacts = 20
qualify_frequency = 60
maximum_expiration = 3600
minimum_expiration = 60
default_expiration = 120
remove_existing = yes

[140]
type = auth
username = 140
password = _____


[140]
type = endpoint
;rewrite_contact=yes
context=mobile
dtmf_mode = rfc4733
allow = all
rtp_timeout = 30
timers = yes
direct_media = no
callerid=140 <Mobile Exten 140>
send_pai = yes
auth = 140
outbound_auth = 140
aors = 140
dtmf_mode=rfc4733
media_encryption=sdes
;transport = transport-tls
rtp_symmetric=yes
rewrite_contact=yes
force_rport=yes

and this is the 161

[161]
type = aor
max_contacts = 1
remove_existing = yes
qualify_frequency = 60
maximum_expiration = 3600
minimum_expiration = 60
default_expiration = 120

[161]
type = auth
username = 161
password = _______________

[161]
type = endpoint
context=fullrights
rewrite_contact=yes
dtmf_mode = rfc4733
message_context=some_context_that_does_nothing
disallow = all
allow = ulaw
allow = alaw
allow = gsm
allow = g726
allow = h264
allow = mpeg4
allow = vp8
allow = h263p
rtp_timeout = 30
timers = yes
direct_media = no
callerid=161 <Door_1>
send_pai = yes
use_avpf = no
tos_audio = ef
tos_video = af41
auth = 161
outbound_auth = 161
aors = 161

and the transport is



[transport-udp]
type = transport
protocol = udp
bind = 0.0.0.0:5060
tos = cs3


[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
method=tlsv1
local_net=192.168.1.0/24
local_net=127.0.0.1/24
external_media_address=85.122.125.1
external_signaling_address=85.122.125.1 --> public ip at the moment
external_signaling_port=5061
tos = cs3

jcolp · May 22, 2019, 1:16pm

And if you also set rtp_symmetric for 161? If after that it doesn’t work you’ll need to provide actual SIP traces using “pjsip set logger on” and also examine the flowing RTP traffic using “rtp set debug on”.

dmsherazi · May 22, 2019, 1:32pm

This worked, Thanks alot, should this option be added to all the endpoints?

jcolp · May 22, 2019, 1:34pm

If they are behind NAT, yes. It causes audio to go to the source IP address and port of media, instead of where we are told to send it.

system · June 21, 2019, 1:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

No Video Audio with NAT , ~~once again~~

No Video Audio with NAT , once again