RTP NAT Problem

Hello,

i have a problem with our new asterisk. version: 11.2.1

Following constellation: Snom320 --> FritzBox(Homeoffce Router) --> Internet—> Juniper Firewall --> Asterisk-Server

The snom-phone in the home-office can connect without problems with my asterisk in the company network. (SIP). Also i can call the asterisk. E.g i call the monkey test call and i heard the monkeys.

When i call another user in the company he cant hear me. DTMF dont work, too.

My sip.conf:

bindport=5060 bindaddr=0.0.0.0 disallow=all allow=ulaw allow=alaw allow=g729 allow=gsm call-limit=10 language=de dtmfmode=info allowsubscribe=yes notifyringing=yes notifyhold=yes limitonpeers=yes externip=217.7.X.X externhost=217.7.X.X localnet=192.168.0.0/255.255.192.0 localnet=192.168.115.0/255.255.255.0 nat=force_rport,comedia context=default allowtransfer=yes canreinvite=no directmedia=no allowguest=yes srvlookup=yes

Peer;

[user] defaultuser=user callerid="user" <222> type=friend secret=relation host=dynamic pickupgroup=1 callgroup=1 context=it-administration quailify=yes mailbox=222 call-limit=10 subscribecontext=it-administrationration nat=force_rport,comedia

At the old asterisk-server (version: 1.4) it works without problems.

There any options for the sip.conf or in the snom-config that can fix my problems?

Addidional another question:

Why i must open port 2048 (for sip registration) and rtp ports (for voice-transport) in the firewall of my router in the homeoffice?
I don`t make this in the old verision. I only opened ports at companys firewall.

Does anybody have an idea to solve this problem?

TIA

regards

What is WWW? (World Wide Web refers to a network of hyperlinks, so is not meaningful here. Replacing it by “internet” doesn’t make sense, either.)

What is the evidence that port 2048 is needed? Are you sure that the phone is not specifying this?

The RTP ports always need to be opened. If it was working before, the router must have been opening them automatically.

You have some conflicting settings in your sip.conf. You also have a mix of deprecated and current names for the same option. Are you really sure that you want allowguest=yes?

If you post a SIP trace of call this might help, to diagnose the problem

hello,

here is the sip trace with rtp, rtcp debuging. i make a call to 444 (beep-tone) with following record-function.

217.92.X.X --> Public IP of my Homeoffice Router.

217.7.X.X --> Public IP of the Asterisk

[code]<— SIP read from UDP:217.92.X.X:2048 —>
INVITE sip:444@217.7.X.X SIP/2.0
Via: SIP/2.0/UDP 217.92.X.X:2048;branch=z9hG4bK-dsys34jbftzm;rport
From: sip:user@217.7.X.X;tag=kf0zzs6jky
To: sip:444@217.7.X.X
Call-ID: 3c27a0e8ce1d-6kwv55572kdx
CSeq: 1 INVITE
Max-Forwards: 70
Contact: sip:user@217.92.X.X:2048;reg-id=1
X-Serialnumber: 000413383485
P-Key-Flags: keys="3"
User-Agent: snom320/8.4.32
Accept: application/sdp
Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE, PRACK, MESSAGE, INFO, UPDATE
Allow-Events: talk, hold, refer, call-info
Supported: timer, 100rel, replaces, from-change
Session-Expires: 3600;refresher=uas
Min-SE: 90
Content-Type: application/sdp
Content-Length: 477

v=0
o=root 1669376141 1669376141 IN IP4 217.92.X.X
s=call
c=IN IP4 217.92.X.X
t=0 0
m=audio 63024 RTP/AVP 0 8 9 99 3 18 4 101
a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:YgT6PUdoHKpoA7TVGPgrdbZEW0awM8FwHxcpZPCL
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:9 G722/8000
a=rtpmap:99 G726-32/8000
a=rtpmap:3 GSM/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:4 G723/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=sendrecv
<------------->
— (19 headers 19 lines) —
Sending to 217.92.X.X:2048 (no NAT)
Using INVITE request as basis request - 3c27a0e8ce1d-6kwv55572kdx
Found peer ‘user’ for ‘user’ from 217.92.X.X:2048

<— Reliably Transmitting (NAT) to 217.92.X.X:2048 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 217.92.X.X:2048;branch=z9hG4bK-dsys34jbftzm;received=217.92.X.X;rport=2048
From: sip:user@217.7.X.X;tag=kf0zzs6jky
To: sip:444@217.7.X.X;tag=as62f32bc9
Call-ID: 3c27a0e8ce1d-6kwv55572kdx
CSeq: 1 INVITE
Server: Asterisk PBX 11.2.1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce="07a7ecd6"
Content-Length: 0

<------------>
Scheduling destruction of SIP dialog ‘3c27a0e8ce1d-6kwv55572kdx’ in 6400 ms (Method: INVITE)

<— SIP read from UDP:217.92.X.X:2048 —>
ACK sip:444@217.7.X.X SIP/2.0
Via: SIP/2.0/UDP 217.92.X.X:2048;branch=z9hG4bK-dsys34jbftzm;rport
From: sip:user@217.7.X.X;tag=kf0zzs6jky
To: sip:444@217.7.X.X;tag=as62f32bc9
Call-ID: 3c27a0e8ce1d-6kwv55572kdx
CSeq: 1 ACK
Max-Forwards: 70
Contact: sip:user@217.92.X.X:2048;reg-id=1
Content-Length: 0

<------------->
— (9 headers 0 lines) —

<— SIP read from UDP:217.92.X.X:2048 —>
INVITE sip:444@217.7.X.X SIP/2.0
Via: SIP/2.0/UDP 217.92.X.X:2048;branch=z9hG4bK-s3084kknh7n0;rport
From: sip:user@217.7.X.X;tag=kf0zzs6jky
To: sip:444@217.7.X.X
Call-ID: 3c27a0e8ce1d-6kwv55572kdx
CSeq: 2 INVITE
Max-Forwards: 70
Contact: sip:user@217.92.X.X:2048;reg-id=1
X-Serialnumber: 000413383485
P-Key-Flags: keys="3"
User-Agent: snom320/8.4.32
Accept: application/sdp
Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE, PRACK, MESSAGE, INFO, UPDATE
Allow-Events: talk, hold, refer, call-info
Supported: timer, 100rel, replaces, from-change
Session-Expires: 3600;refresher=uas
Min-SE: 90
Authorization: Digest username=“user”,realm=“asterisk”,nonce=“07a7ecd6”,uri=“sip:444@217.7.X.X”,response=“47084ffc7e3ea362692a5e7ae26db3d9”,algorithm=MD5
Content-Type: application/sdp
Content-Length: 477

v=0
o=root 1669376141 1669376141 IN IP4 217.92.X.X
s=call
c=IN IP4 217.92.X.X
t=0 0
m=audio 63024 RTP/AVP 0 8 9 99 3 18 4 101
a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:YgT6PUdoHKpoA7TVGPgrdbZEW0awM8FwHxcpZPCL
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:9 G722/8000
a=rtpmap:99 G726-32/8000
a=rtpmap:3 GSM/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:4 G723/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=sendrecv
<------------->
— (20 headers 19 lines) —
Sending to 217.92.X.X:2048 (NAT)
Using INVITE request as basis request - 3c27a0e8ce1d-6kwv55572kdx
Found peer ‘user’ for ‘user’ from 217.92.X.X:2048
== Using SIP RTP CoS mark 5
Found RTP audio format 0
Found RTP audio format 8
Found RTP audio format 9
Found RTP audio format 99
Found RTP audio format 3
Found RTP audio format 18
Found RTP audio format 4
Found RTP audio format 101
[Apr 24 10:14:10] ERROR[2134][C-00000007]: chan_sip.c:32788 setup_srtp: No SRTP module loaded, can’t setup SRTP session.
Found audio description format PCMU for ID 0
Found audio description format PCMA for ID 8
Found audio description format G722 for ID 9
Found audio description format G726-32 for ID 99
Found audio description format GSM for ID 3
Found audio description format G729 for ID 18
Found audio description format G723 for ID 4
Found audio description format telephone-event for ID 101
Capabilities: us - (gsm|ulaw|alaw|g729), peer - audio=(g723|gsm|ulaw|alaw|g726|g729|g722)/video=(nothing)/text=(nothing), combined - (gsm|ulaw|alaw|g729)
Non-codec capabilities (dtmf): us - 0x0 (nothing), peer - 0x1 (telephone-event|), combined - 0x0 (nothing)
Peer audio RTP is at port 217.92.X.X:63024
Looking for 444 in it-administration (domain 217.7.X.X)

list_route: hop: sip:user@217.92.X.X:2048

<— Transmitting (NAT) to 217.92.X.X:2048 —>
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 217.92.X.X:2048;branch=z9hG4bK-s3084kknh7n0;received=217.92.X.X;rport=2048
From: sip:user@217.7.X.X;tag=kf0zzs6jky
To: sip:444@217.7.X.X
Call-ID: 3c27a0e8ce1d-6kwv55572kdx
CSeq: 2 INVITE
Server: Asterisk PBX 11.2.1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Session-Expires: 1800;refresher=uas
Contact: sip:444@217.7.X.X:5060
Content-Length: 0

<------------>
– Executing [444@it-administration:1] Answer(“SIP/user-00000007”, “”) in new stack
Audio is at 20024
Adding codec 100003 (ulaw) to SDP
Adding codec 100004 (alaw) to SDP
Adding codec 100008 (g729) to SDP
Adding codec 100002 (gsm) to SDP

<— Reliably Transmitting (NAT) to 217.92.X.X:2048 —>
SIP/2.0 200 OK
Via: SIP/2.0/UDP 217.92.X.X:2048;branch=z9hG4bK-s3084kknh7n0;received=217.92.X.X;rport=2048
From: sip:user@217.7.X.X;tag=kf0zzs6jky
To: sip:444@217.7.X.X;tag=as1d5e4c30
Call-ID: 3c27a0e8ce1d-6kwv55572kdx
CSeq: 2 INVITE
Server: Asterisk PBX 11.2.1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Session-Expires: 1800;refresher=uas
Contact: sip:444@217.7.X.X:5060
Content-Type: application/sdp
Require: timer
Content-Length: 271

v=0
o=root 471051302 471051302 IN IP4 217.7.X.X
s=Asterisk PBX 11.2.1
c=IN IP4 217.7.X.X
t=0 0
m=audio 20024 RTP/AVP 0 8 18 3
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:3 GSM/8000
a=ptime:20
a=sendrecv

<------------>
Retransmitting #1 (NAT) to 217.92.X.X:2048:
SIP/2.0 200 OK
Via: SIP/2.0/UDP 217.92.X.X:2048;branch=z9hG4bK-s3084kknh7n0;received=217.92.X.X;rport=2048
From: sip:user@217.7.X.X;tag=kf0zzs6jky
To: sip:444@217.7.X.X;tag=as1d5e4c30
Call-ID: 3c27a0e8ce1d-6kwv55572kdx
CSeq: 2 INVITE
Server: Asterisk PBX 11.2.1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Session-Expires: 1800;refresher=uas
Contact: sip:444@217.7.X.X:5060
Content-Type: application/sdp
Require: timer
Content-Length: 271

v=0
o=root 471051302 471051302 IN IP4 217.7.X.X
s=Asterisk PBX 11.2.1
c=IN IP4 217.7.X.X
t=0 0
m=audio 20024 RTP/AVP 0 8 18 3
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:3 GSM/8000
a=ptime:20
a=sendrecv


<— SIP read from UDP:217.92.X.X:2048 —>
ACK sip:444@217.7.X.X:5060 SIP/2.0
Via: SIP/2.0/UDP 217.92.X.X:2048;branch=z9hG4bK-mkiuwx78fjvj;rport
From: sip:user@217.7.X.X;tag=kf0zzs6jky
To: sip:444@217.7.X.X;tag=as1d5e4c30
Call-ID: 3c27a0e8ce1d-6kwv55572kdx
CSeq: 2 ACK
Max-Forwards: 70
Contact: sip:user@217.92.X.X:2048;reg-id=1
Content-Length: 0

<------------->
— (9 headers 0 lines) —

<— SIP read from UDP:217.92.X.X:2048 —>
ACK sip:444@217.7.X.X:5060 SIP/2.0
Via: SIP/2.0/UDP 217.92.X.X:2048;branch=z9hG4bK-mkiuwx78fjvj;rport
From: sip:user@217.7.X.X;tag=kf0zzs6jky
To: sip:444@217.7.X.X;tag=as1d5e4c30
Call-ID: 3c27a0e8ce1d-6kwv55572kdx
CSeq: 2 ACK
Max-Forwards: 70
Contact: sip:user@217.92.X.X:2048;reg-id=1
Content-Length: 0

<------------->
— (9 headers 0 lines) —
– Executing [444@it-administration:2] Wait(“SIP/user-00000007”, “2”) in new stack
– Executing [444@it-administration:3] Record(“SIP/user-00000007”, “/drbd-asterisk/var/lib/asterisk/ivrs/technik/test.wav”) in new stack
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003684, ts 000160, len 000160)
– <SIP/user-00000007> Playing ‘beep.gsm’ (language ‘de’)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003685, ts 000320, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003686, ts 000480, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003687, ts 000640, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003688, ts 000800, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003689, ts 000960, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003690, ts 001120, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003691, ts 001280, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003692, ts 001440, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003693, ts 001600, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003694, ts 001760, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003695, ts 001920, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003696, ts 002080, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003697, ts 002240, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003698, ts 002400, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003699, ts 002560, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003700, ts 002720, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003701, ts 002880, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003702, ts 003040, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003703, ts 003200, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003704, ts 003360, len 000160)
Sent RTP packet to 217.92.X.X:63024 (type 00, seq 003705, ts 003520, len 000160)

  • Sent RTCP SR to 217.92.X.X:63025
    Our SSRC: 1381257657
    Sent(NTP): 1366791258.0371900416
    Sent(RTP): 3520
    Sent packets: 22
    Sent octets: 3520
    Report block:
    Fraction lost: 256
    Cumulative loss: 1
    IA jitter: 0.0000
    Their last SR: 0
    DLSR: 37978.0900 (sec)

<— SIP read from UDP:217.92.X.X:2048 —>
BYE sip:444@217.7.X.X:5060 SIP/2.0
Via: SIP/2.0/UDP 217.92.X.X:2048;branch=z9hG4bK-27jw6p9js9rg;rport
From: sip:user@217.7.X.X;tag=kf0zzs6jky
To: sip:444@217.7.X.X;tag=as1d5e4c30
Call-ID: 3c27a0e8ce1d-6kwv55572kdx
CSeq: 3 BYE
Max-Forwards: 70
Contact: sip:user@217.92.X.X:2048;reg-id=1
User-Agent: snom320/8.4.32
RTP-RxStat: Total_Rx_Pkts=22,Rx_Pkts=0,Rx_Pkts_Lost=1,Remote_Rx_Pkts_Lost=1
RTP-TxStat: Total_Tx_Pkts=427,Tx_Pkts=427,Remote_Tx_Pkts=22
Content-Length: 0

<------------->
— (12 headers 0 lines) —
Sending to 217.92.X.X:2048 (NAT)
Scheduling destruction of SIP dialog ‘3c27a0e8ce1d-6kwv55572kdx’ in 6400 ms (Method: BYE)

<— Transmitting (NAT) to 217.92.X.X:2048 —>
SIP/2.0 200 OK
Via: SIP/2.0/UDP 217.92.X.X:2048;branch=z9hG4bK-27jw6p9js9rg;received=217.92.X.X;rport=2048
From: sip:user@217.7.X.X;tag=kf0zzs6jky
To: sip:444@217.7.X.X;tag=as1d5e4c30
Call-ID: 3c27a0e8ce1d-6kwv55572kdx
CSeq: 3 BYE
Server: Asterisk PBX 11.2.1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Content-Length: 0

<------------>
== Spawn extension (it-administration, 444, 3) exited non-zero on ‘SIP/user-00000007’
– Executing [h@it-administration:1] DBdeltree(“SIP/user-00000007”, “GCI/”) in new stack
– DBdeltree: family=GCI
[/code]

Yes, its internet :wink:

I’ve seen this in the sip trace, if port 2048 wasnt openend at the homeoffice router i cant register the telephone at the asterisk. In the telephone i can change the port, but i must always opended a port on my router if i register the snom at the asterisk (SIP).

I tested it with the same router and the old asterisk - it works. Not with the new asterisk :frowning:

[quote]You have some conflicting settings in your sip.conf. You also have a mix of deprecated and current names for the same option. Are you really sure that you want allowguest=yes?
[/quote]

Ive tested some setting in my sip.conf. I dontt need allowguest.

What settings I need urgently for my nat solution?

TIA

This looks to be an issue with how the router auto-opens ports.

If you don’t have any issue in an old version of Asterisk, You are missing the configuration of some parameter in you sip.conf file in the updated version. So study this file the sections of N[b]AT SUPPORT
MEDIA HANDLING -

If not you can play with the ports on the router [/b]