Re: [asterisk-users] Asterisk pjsip and NAT just doesn't work
On 02.05.21 at 17:24 Michael Maier wrote: On 02.05.21 at 10:08 Michael Maier wrote: Hello! I've just playing around some time to get NAT and pjsip running with asterisk 18.3 and 18.4 (w/o any patches added). NAT should be used for connection to the trunk. I wasn't able to get it working, because SDP address rewriting just doesn't work as it should. The situation is like this (CentOS 7): - Multihomed - One small net for the trunk 10.15.13.17/32 as alias on one of the existing devices. - TLS for SIP - Added complete masquerading for this IP address - added dnsmanager which provides the global IP address - used direct media no - used rewrite contact yes or no - force rport: yes - transport: external_media_address=external.mydom.org external_signaling_address=external.mydom.org bind to 10.15.13.17 (may I bind to a interface name?) What are the problems? Outbound calls: - Biggest problem: even if the WAN IP is set everywhere correctly in the *initial* INVITE, it's *always* missing in the INVITE *after* the 407 Proxy auth request in the SDP. In the first Invite, the SDP was ok, in the second Invite, the SDP is broken (rewriting doesn't seem to happen). Such calls naturally are dropped by the ISP (ok, one of my providers seems to ignore the entry completely). This problem disappeared as I tested on a simple system holding just one local IP address. Do you have any idea where it could be fixed in the code? - Another problem is, that the given external IP just isn't used consistently, some times it's there - mostly not (always the same easy call setup). I suspect / fear different behavior between reload and restart with same configuration. >> - I expect all IP addresses of mine in all sip headers have to be the WAN IP. - Next finding: The via header in a simple Ack isn't rewritten, too. Seems all packages sent by pjsip itself don't know anything about NAT. This problem persists even on the simple system. Where could it be fixed in the code? - How can I check if NAT is involved at all? - Maybe asterisk gets confused if it can see the WAN IP (it's on the system, too), but is bound to a local IP? But why are some headers written correctly and some wrong? Inbound calls: - Playing announcements doesn't work at all (no sound though rtp packages are flowing in both directions according tcpdump at the WAN interface). - Calls given to local devices are working. Could somebody maybe give me a reference configuration for a working NAT configuration? Thanks Michael -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk pjsip and NAT just doesn't work
On 02.05.21 at 10:08 Michael Maier wrote: Hello! I've just playing around some time to get NAT and pjsip running with asterisk 18.3 and 18.4 (w/o any patches added). NAT should be used for connection to the trunk. I wasn't able to get it working, because SDP address rewriting just doesn't work as it should. The situation is like this (CentOS 7): - Multihomed - One small net for the trunk 10.15.13.17/32 as alias on one of the existing devices. - TLS for SIP - Added complete masquerading for this IP address - added dnsmanager which provides the global IP address - used direct media no - used rewrite contact yes or no - force rport: yes - transport: external_media_address=external.mydom.org external_signaling_address=external.mydom.org bind to 10.15.13.17 (may I bind to a interface name?) What are the problems? Outbound calls: - Biggest problem: even if the WAN IP is set everywhere correctly in the *initial* INVITE, it's *always* missing in the INVITE *after* the 407 Proxy auth request in the SDP. In the first Invite, the SDP was ok, in the second Invite, the SDP is broken (rewriting doesn't seem to happen). Such calls naturally are dropped by the ISP (ok, one of my providers seems to ignore the entry completely). - Another problem is, that the given external IP just isn't used consistently, some times it's there - mostly not (always the same easy call setup). I suspect / fear different behavior between reload and restart with same configuration. - I expect all IP addresses of mine in all sip headers have to be the WAN IP. - Next finding: The via header in a simple Ack isn't rewritten, too. Seems all packages sent by pjsip itself don't know anything about NAT. - How can I check if NAT is involved at all? - Maybe asterisk gets confused if it can see the WAN IP (it's on the system, too), but is bound to a local IP? But why are some headers written correctly and some wrong? Inbound calls: - Playing announcements doesn't work at all (no sound though rtp packages are flowing in both directions according tcpdump at the WAN interface). - Calls given to local devices are working. Could somebody maybe give me a reference configuration for a working NAT configuration? Thanks Michael -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk pjsip and NAT just doesn't work
Hello! I've just playing around some time to get NAT and pjsip running with asterisk 18.3 and 18.4 (w/o any patches added). NAT should be used for connection to the trunk. I wasn't able to get it working, because SDP address rewriting just doesn't work as it should. The situation is like this (CentOS 7): - Multihomed - One small net for the trunk 10.15.13.17/32 as alias on one of the existing devices. - TLS for SIP - Added complete masquerading for this IP address - added dnsmanager which provides the global IP address - used direct media no - used rewrite contact yes or no - force rport: yes - transport: external_media_address=external.mydom.org external_signaling_address=external.mydom.org bind to 10.15.13.17 (may I bind to a interface name?) What are the problems? Outbound calls: - Biggest problem: even if the WAN IP is set everywhere correctly in the *initial* INVITE, it's *always* missing in the INVITE *after* the 407 Proxy auth request in the SDP. In the first Invite, the SDP was ok, in the second Invite, the SDP is broken (rewriting doesn't seem to happen). Such calls naturally are dropped by the ISP (ok, one of my providers seems to ignore the entry completely). - Another problem is, that the given external IP just isn't used consistently, some times it's there - mostly not (always the same easy call setup). I suspect / fear different behavior between reload and restart with same configuration. - I expect all IP addresses of mine in all sip headers have to be the WAN IP. Inbound calls: - Playing announcements doesn't work at all (no sound though rtp packages are flowing in both directions according tcpdump at the WAN interface). - Calls given to local devices are working. Could somebody maybe give me a reference configuration for a working NAT configuration? Thanks Michael -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
