[Asterisk-Users] Nat & Sip & Pain

Tue, 13 Sep 2005 04:45:00 -0700 

Hi everyone,
I decided to have a look at SIP & NAT again and I've been at it for a [quite a] few hours but typically nothing is working for me. Actually I'm not sure if SIP and NAT can ever work but some emails on this list do suggest that someone has got it working, once, maybe. 


I'm experimenting with a ZyXEL 2000W [WiFi Sip phone] which supports 
"Outbound Proxy", "STUN" and "Fake WAN Address on SIP and RTP".  I'm 
using Netfilter (IPTables) on Linux as the Firewall at NAT gateway to 
the Internet.


I'm lacking knowledge in UDP, RTP and SIP - which doesn't help of course.


In my experiments the only thing that seems to allow me to make a call 
is to enter the [public Internet] IP address of my * server into the 
"Outbound Proxy" setting in the SIP phone - then it registers and I can 
make a call but no audio, either direction, is heard.



I would have thought that the "Outbound Proxy" should be inside the NAT 
gateway but then I read the settings for a Budgetone BEHIND nat on the 
FWD webpage 
(http://www.freeworlddialup.com/support/configuration_guide/configure_your_fwd_certified_phone/grandstream_budgetone/outbound_proxy) 
where they suggest that the Outbound Proxy should be an external 
Internet public proxy server ?



Then I was reading about STUN and what a nice sounding solution it is - 
so I downloaded and installed the Vivida STUN server - compilation & 
installation was nice and easy and I set the STUN primary IP address & 
port into the SIP phones STUN servers settings.  I could see that the 
SIP phone communicated with the STUN server (lots of stuff about mapping 
between my local NAT gateway's public IP address and the secondary IP 
address of the STUN server)... but no registration or [apparent] 
communication with the * server.



I didn't try to do anything with the "Fake WAN address.." settings or 
try to redirect incoming UDP ports from the firewall to the SIP phone 
because I'm trying to see if its possible to setup a deploy-anywhere SIP 
phone solution.



Needless to say when I don't have any NAT settings on the SIP phone I 
don't get any registration with the * server (this confuses me too - I'm 
not sure why I only get registration when I set the * server to be the 
outbound proxy?  Maybe its because the SIP phone sends its local IP in 
the RTP packets?).



Does anyone know how to get NAT & SIP working where the SIP phone is 
behind a NAT server talking to a publicly accessible * server?


Thanks for any help!


When I run FWD's "netcheck" on my local PC (also behind the NAT) I get: 
Internet Connection: Connected, Direct/NAT: Using NAT, NAT type: Port 
Restricted Nat, NAT UPnP enabled: No, Local IP Address: 192.168.5.10, 
WAN IP Address: XXX.XXX.XXX.XXX (public IP address), Port 5060: Blocked, 
port 5082: Blocked.



[Maybe] useful Links that I've found on my Nat & SIP travels:-

http://www.voip-info.org/wiki-Asterisk+SIP+NAT+solutions
-------------------------------------------------------------

Here VOIP INFO claim that "Asterisk as a SIP server outside nat, clients 
on the inside connecting to Asterisk" is "solved" with "with nat 
<tiki-index.php?page=Asterisk+sip+nat>=yes and qualify 
<tiki-index.php?page=Asterisk+sip+qualify>=xxx in sip.conf 
<tiki-index.php?page=Asterisk+config+sip.conf> for the client in most 
cases. Some clients (X-lite) assist themselves by using STUN 
<tiki-index.php?page=STUN> and sending UDP keep-alive packets. Qualify 
<tiki-index.php?page=Asterisk+sip+qualify> sends keep-alive packets from 
Asterisk to the client on the inside." - however I can't get it to work


http://www.asteriskguru.com/tutorials/sip_nat_oneway_or_no_audio_asterisk.html
-----------------------------------------------------------------------------------

Here there is some detail about the NAT= option in sip.conf and firewall 
NAT types plus some understandable diagrams of why SIP & NAT is so much 
bother.


http://www.voip-info.org/wiki-STUN
--------------------------------------

The VOIP INFO page about STUN - I don't think I learned much here - 
except the link to the Vovida STUN server software


Asterisk Users - Email from [EMAIL PROTECTED] - 02/July/2005 23:49
--------------------------------------------------------------------

Thierry claims that you need to put special MASQUERADE POSTROUTING rules 
into iptables to make it NAT UDP properly - tried it but didn't work for me


Asterisk Users - Email from [EMAIL PROTECTED] - 16/Aug/2005 10:29
------------------------------------------------------------------------

Kamran Ahmad sounds like someone who [might have] had SIP & NAT working 
- until it wasn't working....





BTW My Current SIP sip.conf entry that I'm using for testing (which 
doesn't work of course!): -

[0035314401789]
context=PublicSip
type=friend
port=5060
username=0035314401789
password=XXXXXXXX
callerId=0035314401789

nat=route                        ; assume a NAT connection (note: route 
doesn't seem to make any difference compared to "yes")

qualify=yes                    ; keep-alive packets to keep NAT SIP open

insecure=yes                        ; insecure and auth don't seem to 
make things work any better/worse!

auth=plaintext                      ;
host=dynamic                    ; and with a dynamic IP address
canreinvite=no                  ; always keep asterisk in the media path
;dtmfmode=info                   ; could be inband ?

dtmfmode=rfc2833                ; could be inband ? but doesn't matter - 
still NAT & SIP isn't working

[EMAIL PROTECTED]
disallow=all
;allow=ilbc
;allow=ulaw
allow=g729
;allow=ulaw
;allow=all


--
Derek Conniffe
Rivertower Ltd
Ireland: (Freephone) 1800 719 400
Ireland: (Local) 01 244 9719
United Kingdom: 0870 068 2368
International: 00 353 1 244 9719
Derek Conniffe DDI: 01 201 0146 (International: 00 353 1 201 0146)
Derek Conniffe Mobile: 086 856 3823 (International: 00 353 86 856 3823)
Fax: 01 201 0085 (International: 00 353 1 201 0085)
Email: [EMAIL PROTECTED]
Web: http://www.rivertowerhosting.com


begin:vcard
fn:Derek Conniffe
n:Conniffe;Derek
org:Rivertower Ltd;IT
adr:Dublin 2;;46 Upper Mount Street;Dublin;Dublin;Dublin 2;Ireland
email;internet:[EMAIL PROTECTED]
tel;work:+353 1 201 0146
tel;fax:+353 1 201 0085
tel;cell:+353 86 856 3823
note;quoted-printable:Ireland: (Freephone) 1800 719 400=0D=0A=
	Ireland: (Local) 01 244 9719=0D=0A=
	United Kingdom: 0870 068 2368=0D=0A=
	International: 00 353 1 244 9719=0D=0A=
	
url:http://www.rivertowerhosting.com
version:2.1
end:vcard


_______________________________________________
--Bandwidth and Colocation sponsored by Easynews.com --

Asterisk-Users mailing list
Asterisk-Users@lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users





















					Reply via email to