Sip Client behind NAT (No audio until client unmutes)

I have the following setup

client cell phone (PSTN) --sip trunk–> Oracle ACME SBC --sip trunk–> CUCM --sip trunk–> Asterisk -->> Jigasi SIP client

CUCM and Asterisk are in the same network, SIP client is deployed in docker container (it behaves like NAT)

for the sake of it, lets say that
CUCM’s ip: 192.168.1.1/24
Asterisk ip: 192.168.1.2/24
Sip Client’s ips:
172.18.0.6/16(docker interface)
192.168.1.3/24(outside interface)

When the Sip clients registers it looks like this

-- Added contact 'sip:6000@192.168.1.3:5060;registering_acc=mydomain_com;x-ast-orig-host=172.18.0.6:5060' to AOR '6000' with expiration of 600 seconds

Sip client is a conference system.
When I call into the conference, my call gets connected but there is no audio because packets are sent to 172.18.0.6 address.

0x7efee03381d0 -- Strict RTP learning after remote address set to: 172.18.0.6:20029

If there is a user inside the conference room connected with computer audio, once the user unmutes his mic, then it gets locked into the sip’s client outside interface and everything works like a charm

0x7efee03381d0 -- Strict RTP switching source address to 192.168.1.3:20029
0x7efee03381d0 -- Strict RTP learning complete - Locking on source address 192.168.1.3:20029

below is my pjsip.conf

[endpoint_internal](!)
type=endpoint
context=from-internal
disallow=all
allow=ulaw

[auth_userpass](!)
type=auth
auth_type=userpass

[aor_dynamic](!)
type=aor
max_contacts=1

[6000]
type=endpoint
transport=transport-udp
context=from-internal
disallow=all
allow=ulaw
auth=6000
aors=6000
direct_media=no
rtp_symmetric=yes
force_rport=yes
rewrite_contact=yes     ; necessary if endpoint does not know/register public ip:port
ice_support=yes         ; This is specific to clients that support NAT traversal
                        ; for media via ICE,STUN,TURN. See the wiki at:
                        ; https://wiki.asterisk.org/wiki/x/D4FHAQ
                        ; for a deeper explanation of this topic.

[6000]
type=auth
auth_type=userpass
password=6000
username=6000

[6000]
type=aor
max_contacts=2
remove_existing=yes

My obvious question is, can I assign a fix ip address to the client? I am guessing no, based on the information I found online. Do you have any suggestions?

If you mean the contact address manually.,The configuration where you are not expecting the SIP User Agent to register against the AOR. In this case, you can assign contacts manually

Have you try setting the external_media_address option ?

It looks like on my case this option won’t work.
I think external_media_address is helpful when Asterisk is behind NAT. It advertises the public interface of asterisk instead of private IP.
In my case is the other way around. The sip client is the one behind the NAT.

Defening an stun server address on the sip client configuration will help with this

the sip client is Jigasi (a jitsi component), and it does not support stun connections yet :(.

iptables fix the issue but I dont think its a good solution

iptables -t nat -A OUTPUT -d [ipaddress1] -j DNAT --to-destination [ipaddress2]

I am basically re routing any traffic going to the private interface to the public ip address.

1 Like

Have you tried NAT Keep Alive packets?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.