Problem with staying connected with dynamic IP

Hi there,
We are trying to make a Asterisk to AsteriskNow solution where:

Machine A:

  • Asterisk
  • Fixed IP
  • Has trunk (iax2) via Peer to machine B

Machine B:

  • AsteriskNow
  • Dynamic IP (DynDNS)
  • NAT (ports forwarded)
  • Has trunk (iax2) with machine A via User.

Both trunks of both machine connect without problems. But when a IP change on machine B takes place the PEER from A -> B never recovers.
This is not the case of the USER connection from B -> A. We can re-establish the connection by manually running iax2 reload on the asterisk prompt, but this sounds like
shooting with a canon on a fly.

Then we found this website and changed in iax.conf on machine A by adding host=dynamic and register (register => username:secret@IP_of_machineA) in the iax.conf on machine B
But when we run iax2 show registry it always show registering failed.
We haven’t found a way to make a debug that gives more detail on this issue.
How can we fix this?

The problem is not dynamic ISP, but ISPs who abuse it by forcing frequent address changes, rather than just renewing the existing address. The real solution is a server friendly ISP.

@david 55. This ISP, the only one in the country, changes IP only once every 72 hours. So this is not a big problem, and if it was you can’t go around. Well for US$50,- month more you have a fixed IP, but our local currency is 3,5x less worth than the dollar, making it something like US$175,- a month extra… not really an option.
The real problem is that Asterisk in my opinion don’t check if the current IP is still valid and does a new DNS request to update the IP info.

Then use a DDNS in the asterisk box with an extern refresh in sip.conf. Asterisk isn’t the problem but your method to check the new IP.

Long term, the solution to this is to get a new RFC written on how to operate SIP in such an environment. However, to the extent that the ISP is doing this deliberately, rather than through incompetence, they may react to increasing tolerance of this behaviour by finding some other way of frustrating the use of servers.

Incidentally, if they are the only ISP in the country, and they do not offer a static address option, that country is not a true part of the internet, and will have difficulty supporting internet based businesses, something its government should really be worried about.

Thx for all help.

I see a lot of people talk about SIP, but if you read the first post you see we use IAX2, this uses much less bandwidth than SIP and easier to work around SIP restrictions in public networks.
Also I wrote we use DynDNS, but the problem is that Asterisk don’t check if the IP in DynDNS gets updated and use this new IP, although people write there is a solution, which not seem to work.

As far as I know, Asterisk itself does not support checking it’s public IP via DynDNS. Asterisk is intended to run as a server and therefore is expect to have ONE STATIC IP address. Fiddling with dynamic IP addresses is not the way that Asterisk was intended to be used. And that is why everybody that tries this has problem with it. There is no eazy solution for it. Navaismo already gave you an idea for a script that you can run as a cronjob (check public IP and if it has changed, modify Asterisk settings and restart the Asterisk process). This might be the eaziest way.
One more idea is to use a VPN tunnel between the networks where the Asterisk server reside (so telephony traffic runs via a VPN tunnel). That would mean buying two VPN routers, but it definitly is a solution for your case.


Thank you for your help. Strange that such simple as (Perl example)

if ($Connection == "lost") { if ($IpAddress =~ /[a-zA-Z]/) #If string contains character { reload-ip(); } }
has never been implemented and could save Asterisk users a lot of money on not investing in fixed IP connections (on both ends). Almost seems a political decision in stead of a technical issue… :S
I discovered that the examples of “host=dynamic” use ‘friend’ to connect in stead of ‘peer’ or ‘friend’ So we try that today. With ‘friend’ all communication happens in one trunk in stead of two.
We saw that with iax2 reload working connections aren’t reseted.
I would like to check the VPN solution, but more in a software way than an hardware way. But than you need extra scripts to check the status of the VPN. The idea of using an extra intermediate software/hardware layer don’t please me in the sense of stability. One more component means one more component that can fail/cause problems.

I saw this thread and I am facing a similar problem. I may be forced to change my ISP to a new one that charges a lot extra for a static IP. I currently have a static IP, so I’m not having problems, but when I have to go dynamic, then I see all sorts of problems waiting for me.

While I don’t think its a great solution, I should point out that you can get an OpenWRT compatible router for about $50 USD or less and load Tomato/VPN on it and probably do what you you want with VPN. The problem is that VPN adds a delay to the voice and it also requires a VPN router at both ends.

Anyhow, my asterisk runs on a Tomato router Asus RT-N16 with no problem using a static IP. The issue is that I don’t think my off site ATA’s (grandstream, etc) are smart enough to realize that my IP CAN change and will only resolve my domain name once during initialization. So even though dyndns will resolve to the new IP, the grandstream will continue to use the old IP - and fail.

The result is that the remote grandstreams could be off line until somebody manually reboots them and they resolve my domain name to its new IP address.

Does anybody have any thoughts on this?

If I can’t find a better solution, I was thinking about a small process on the remote routers that will forward a local IP address to an external IP address. That is, the grandstreams are given a special local IP such as and as far as they are concerned, that IS the static IP of the asterisk server. The job of the process would be to maintain dynamic IP connectivity and to forward requests from the local IP to the external IP and vice versa. For security purposes, only the resolved external IP would be able to send traffic to the local port from the outside without going through the NAT firewall. To keep it simple, multiple ATA’s would probably have to operate on different ports and asterisk would see a remote ATA directly on the internet with multiple extensions.

Just a theory anyhow.

Dynamic IP doesn’t mean that the address continually changes. That is something done by ISPs, probably to frustrate the use of servers.

Once you negotiate a dynamic address, it should stay the same until you have failed to renew it for some period of time. Even with PPP it should not change until you drop the PPP connection.

From what I hear, this ISP does change the IP with each renewal. That is about 24 hours. This means that off site ATA’s are going to be trying to register to the wrong IP.

One easy solution would be to use ATA’s that are smart enough to figure out what is going on and then re-resolve the domain name to the new IP when the connection is lost. However, knowing which ATA’s are dynamic IP Host friendly is a great mystery.