Remote sip client can not register to asterisk server

Asterisk Asterisk Support
1

Hello,

I am beginner on asterisk server and the problem I have, is that : My Iphone can not register to asterisk server using 3G connection but on wifi at local network , is possible.

Here is my sip.conf

[general]

port=5060
externip=85.94.xxx.xxx
localnet=192.168.178.0/255.255.255.0
nat=yes
qualify=yes
directmedia=no

[2002]

type=friend
secret=1234
host=dynamic
context=my-phones
nat=yes
qualify=yes

Any help if there is error in this configuration will be appreciated

2

First check that your ISP is not blocking the sip port. then yoiu can enable the sip debug in order to see if request are coming into your asterisk. Also check your router port forwarding & the pbx firewall too.

3

My router do not block 5060 port, here is the proof

|_html-title: FRITZ!Box
5060/tcp open sip AVM FRITZ!Box WLAN 7570 vDSL 75.04.91 (Jun 8 2011)
8080/tcp open http AVM FRITZ!Box WLAN 7170 WAP http config
| html-title: Remarque : l’utilisation d’Internet est bloqu\xC3\xA9e.
|_Requested resource was 192.168.178.1:8080/blocked
|_http-open-proxy: Proxy might be redirecting requests

and here is the way I set port forwarding

:stuck_out_tongue:REROUTING ACCEPT [25:1778]
:INPUT ACCEPT [25:1778]
:OUTPUT ACCEPT [36:2449]
:stuck_out_tongue:OSTROUTING ACCEPT [36:2449]
-A PREROUTING -i 85.94.xxx.xxx -p udp -m udp --dport 5060 -j DNAT --to-destination 192.168.178.32
-A PREROUTING -i 85.94.xxx.xxx -p udp -m udp --dport 10000:10100 -j DNAT --to-destination 192.168.178.32

4

It is normally 5060/UDP that would be blocked. You only tested 5060/TCP!

As already suggested, the SIP trace produced by sip set debug on is pretty much essential for all such problems.

Also could you explain why you have “nat=yes”. If this is really needed it is an important piece of information. On the other hand this is possibly the most common incorrect setting, as people think it applies to cases when Asterisk is behind NAT. It is actually a work round for broken NAT on the remote system.

The other common mistake is to use type=friend, rather than type=peer. Both this and the preivous one only really affect security.

Your router configuration requires a non-default rtp.conf, and defines rather a small number of RTP ports (50). This also doesn’t affect registration.