Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Robert L Mathews]

At 11/3/03 6:57 PM, Anthony Wood [EMAIL PROTECTED] 
wrote:

Internals can use the IP address of the NAT box as the Asterisk Server
IP and then it should work.

This doesn't work on my NAT box, unfortunately. Devices behind the NAT 
can't connect to the public IP address and talk to other devices behind 
the NAT.

Don't know why (cheapo NAT box, most likely; it's part of my DSL modem), 
but I believe this situation is fairly common.

-- 
Robert L Mathews, Tiger Technologies  http://www.tigertech.net/

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Clif Jones]

This looks to me like the approach that Pingtel took for NAT.  I think 
it is a good option to
have but having STUN as an additional option is really what we want.  
You can find an
implementation of a STUN library and apps at www.vovida.org.  The 
External IP approach
has some flaws and can be a pain to configure for people that do not 
know what is actually
being done with this data.  I will try to explain this since I have to 
test this stuff on vendor phones
every day...

SIP is a text-based protocol which means that address information is 
embedded in each SIP
message as text.  Unfortunately, most routers, etc. do not have a SIP 
ALG so the address
information in the UDP or TCP connections get corrected through the NAT 
function, the payload
which in this case is SIP and SDP (RTP setup messages) do not get 
translated.  The other end
of the call outside your private network sees your private IP addresses 
and cannot route to them.
External IP basically says put this address in the SIP and SDP messages 
instead of my private address.
The problem here is that if your lease is up on your ISP connection and 
the renew gives you another
address, you're out of business until you update your settings.  The 
other thing is, you must port forward
your SIP port (usually 5060) and every incoming RTP/RTCP port pairs from 
the NAT router to Asterisk.
STUN is pretty simple and works well.  This feature actually queries a 
STUN server on the public side
and askes what does your external IP and port look like.  It also 
determines the level of IP security that
your are using. (Read the RFC on STUN, it is usefull)  You don't have to 
port forward anything because
STUN enabled devices take advantage of the ALG in most firewalls that 
maps incoming traffic back
to the app (Asterisk in this case) if the packets arrive at the same 
address/port that packets just went
out.  If the connection is idle for more than a set number of seconds, 
the mapping is automatically deleted.
This is why you see the devices pinging each other every so often.  
This allows an incoming call to reach
the SIP port.
Having BOTH External IP and STUN would give us the greatest flexibility 
because if we didn't have
a STUN server on the other end we could manually set it.

Martin Pycko wrote:

It's new. It prevents asterisk from putting the private IP in the messages
that asterisk sends with SIP.
Martin

On Mon, 3 Nov 2003, WipeOut wrote:

 

Martin Pycko wrote:

   

You can port forward the 5060 SIP port and use externip keyword in
sip.conf to have it working behind a NAT.
Martin



 

Martin,

Is externip and new parameter??

Does it do a similar thing for the server as what nat=yes does for the
phone?
Later..

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
   

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
 

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[WipeOut]

Robert Mann wrote:

Problem I have is this.  outside firewall (extension 2003) can call me 
inside firewall (extension 2000) and all is fine.  If I call from 
inside firewall (extension 2000) to outside firewall (extension 2003) 
I hear no ringing and person at other end can pick up and I hear for 
maybe a half second then I go to voicemail.  If I add another 
extension on the outside then communication between outside and 
outside through * is not possible at all.  I know I can not be the 
only one who has tried to do this.  Please any help would be greatly 
appreciated.
 
Robert,

You need to get Asterisk onto a public IP address.. Using the DMZ 
function on the router will not work.. If you search the archives you 
will see that it has been attempted many times..

The reason is not in the IP but in the SIP headers.. they will be sent 
out from the Asterisk server with the internal IP address of the server, 
this means that when the SIP UA reads the SIP message and responds it 
will respond to the incorrect IP address..

So the basic rules where NAT is involved are..

Asterisk server must always be on a public IP address..

SIP UA's can be behind NAT but need nat=yes, canreinvite=no and 
qualify=yes set in the phone configuration in sip.conf..

Hope that helps..

Later..

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Brian Capouch]

WipeOut wrote:

So the basic rules where NAT is involved are..

Asterisk server must always be on a public IP address..

You keep saying this, but it is not correct.

I have several asterisk servers running behind NAT servers, and they 
function perfectly.

I won't say configuring them was as easy as doing the ones on public 
IPs, but it is not impossible, just tricky.

B.

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[WipeOut]

Shoval Tom wrote:

Isn't putting asterisk on the public IP network a bad  idea?

Is it a bad idea?, Not really if you take the right precautions..From 
how you described your setup you have connected your server directly to 
the internet anyway.. If you nominated you Asterisk box as the DMZ host 
in your router it effectively is directly on the internet.. if you 
havent secured the box itself I suggest you do.. :)

What about security?

This is somthing that you will need to take care of.. Of course some 
people's opinions on securing a PC is to not connect it to the internet 
at all, of course that is a little silly.. You will have to decied on 
the level of security you are happy with..

This is a topic that can be debated for days so I will not get into it 
any further than that..

And how will all us newbies make the linux box as secure as possible?
 

The quickest way is to setup an IPTABLES firewall.. You will need ports 
5060 and 1 to 2 open for a default Asterisk install using SIP only..

(NOTE: make sure you know how to activate and deactivate IPTABLES from a 
command line because while you are playing there is a good chance you 
will lock yourself out of the server from any remote PC and you can even 
break Xwindows running locally with a firewall..)

Later..

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of WipeOut
Sent: Monday, November 03, 2003 11:05 AM
To: [EMAIL PROTECTED]
Subject: Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing
Robert Mann wrote:

 

Problem I have is this.  outside firewall (extension 2003) can call me 
inside firewall (extension 2000) and all is fine.  If I call from 
inside firewall (extension 2000) to outside firewall (extension 2003) 
I hear no ringing and person at other end can pick up and I hear for 
maybe a half second then I go to voicemail.  If I add another 
extension on the outside then communication between outside and 
outside through * is not possible at all.  I know I can not be the 
only one who has tried to do this.  Please any help would be greatly 
appreciated.

   

Robert,

You need to get Asterisk onto a public IP address.. Using the DMZ 
function on the router will not work.. If you search the archives you 
will see that it has been attempted many times..

The reason is not in the IP but in the SIP headers.. they will be sent 
out from the Asterisk server with the internal IP address of the server, 
this means that when the SIP UA reads the SIP message and responds it 
will respond to the incorrect IP address..

So the basic rules where NAT is involved are..

Asterisk server must always be on a public IP address..

SIP UA's can be behind NAT but need nat=yes, canreinvite=no and 
qualify=yes set in the phone configuration in sip.conf..

Hope that helps..

Later..

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
 



___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Olle E. Johansson]

WipeOut wrote:

Shoval Tom wrote:

And how will all us newbies make the linux box as secure as possible?
 

The quickest way is to setup an IPTABLES firewall.. You will need ports 
5060 and 1 to 2 open for a default Asterisk install using SIP 
only..

Visit the Wiki page
http://www.voip-info.org/tiki-index.php?page=Asterisk+security
where you'll find some information about security in Asterisk. (And some
missing pages, which I invite other mailing list readers to write!)
There's a pointer on that page to a page with a suggested IPTABLES setup.
And, as WipeOut stated, make sure you are aware of what you're doing
when managing IPTABLES. Of course, no one else than Wipeout have locked
himself from the system, no way, we're pro's ;-) hrmm
Regards,
/Olle
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Rich Adamson]

  Problem I have is this.  outside firewall (extension 2003) can call me 
  inside firewall (extension 2000) and all is fine.  If I call from 
  inside firewall (extension 2000) to outside firewall (extension 2003) 
  I hear no ringing and person at other end can pick up and I hear for 
  maybe a half second then I go to voicemail.  If I add another 
  extension on the outside then communication between outside and 
  outside through * is not possible at all.  I know I can not be the 
  only one who has tried to do this.  Please any help would be greatly 
  appreciated.
   
 
 You need to get Asterisk onto a public IP address.. Using the DMZ 
 function on the router will not work.. If you search the archives you 
 will see that it has been attempted many times..

I don't believe a public IP address is required in this case. I've not
actually tried * on a Linksys DMZ, however it appears that Linksys is
exposing all tcp  udp ports and only doing basic NAT. If that
impression is true, it should work.

 The reason is not in the IP but in the SIP headers.. they will be sent 
 out from the Asterisk server with the internal IP address of the server, 
 this means that when the SIP UA reads the SIP message and responds it 
 will respond to the incorrect IP address..

I don't think that is what keeping the original poster's system from
working. The issue is one extension is configured for canreinvite=no
and the other is canreinvite=yes. One extension believes all RTP must
be passed through * while the other is attempting to negotiate a
phone-to-phone RTP session, thus dropping the audio.

There may be some exceptions somewhere, but asterisk located behind
a nat box can work and others have done it. But, it really requires
a basic understanding of how the sip protocol does call setup, the
functions implemented in the sip phones, and the ability to see what
each box is doing in order to set acceptable perameters in each.

One of the key issues in making it work is an understanding that sip
phones (not asterisk) initiates the majority of all actions. By that
I mean:
 1. sip phones must register with * on udp 5060, which is simple layer-3
functions that can be handled by 99% of all nat products.
 2. sip phone to sip phone calls can be handled in two ways:
a. canreinvite=no (all rtp traffic passes through asterisk on rtp
   udp ports that can be specified and properly handled by nat boxes)
b. canreinvite=yes (allowing the two sip phones to negotiate the 
   rtp channel without asterisk involvement)
 3. In both 2a and 2b (for the original poster), the sip phones initiate
the rtp negoitiation process and therefor asterisk does not have to
rewrite the sip headers (only the sip phones). Asterisk already
knows what the Internet address is of the remote sip phone because
the sip phone told it (via it rewriting the header).

The original poster should be able to get either 2a or 2b to work with
the appropriate nat box mappings and sip configuration parameters. He
can't expect it to work when you tell one sip phone to rtp one way and 
tell the second sip phone to do it different way.

If the same original poster had indicated that 100 sip phones existed
on the Internet and another 100 existed on his internal nat'ed network,
then the answer to his question may be completely different.



___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

RE: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Shoval Tom]

WARNING!!! (from bilbo.inter.net.il)

The following message attachments were flagged by the antivirus scanner:

Attachment [2.1] , scan failed: Internal error (0x11).  Action taken: incomplete scan
My asterisk server is inside my LAN. Our branch office is connected to here
via VPN tunnel, traversing several FWs and VPN appliances. And we've been
able to make sip to sip phone calls.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of WipeOut
Sent: Monday, November 03, 2003 1:41 PM
To: [EMAIL PROTECTED]
Subject: Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

Shoval Tom wrote:

Isn't putting asterisk on the public IP network a bad  idea?

Is it a bad idea?, Not really if you take the right precautions..From 
how you described your setup you have connected your server directly to 
the internet anyway.. If you nominated you Asterisk box as the DMZ host 
in your router it effectively is directly on the internet.. if you 
havent secured the box itself I suggest you do.. :)

What about security?

This is somthing that you will need to take care of.. Of course some 
people's opinions on securing a PC is to not connect it to the internet 
at all, of course that is a little silly.. You will have to decied on 
the level of security you are happy with..

This is a topic that can be debated for days so I will not get into it 
any further than that..

And how will all us newbies make the linux box as secure as possible?
  

The quickest way is to setup an IPTABLES firewall.. You will need ports 
5060 and 1 to 2 open for a default Asterisk install using SIP only..

(NOTE: make sure you know how to activate and deactivate IPTABLES from a 
command line because while you are playing there is a good chance you 
will lock yourself out of the server from any remote PC and you can even 
break Xwindows running locally with a firewall..)

Later..

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of WipeOut
Sent: Monday, November 03, 2003 11:05 AM
To: [EMAIL PROTECTED]
Subject: Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

Robert Mann wrote:

  

Problem I have is this.  outside firewall (extension 2003) can call me 
inside firewall (extension 2000) and all is fine.  If I call from 
inside firewall (extension 2000) to outside firewall (extension 2003) 
I hear no ringing and person at other end can pick up and I hear for 
maybe a half second then I go to voicemail.  If I add another 
extension on the outside then communication between outside and 
outside through * is not possible at all.  I know I can not be the 
only one who has tried to do this.  Please any help would be greatly 
appreciated.
 



Robert,

You need to get Asterisk onto a public IP address.. Using the DMZ 
function on the router will not work.. If you search the archives you 
will see that it has been attempted many times..

The reason is not in the IP but in the SIP headers.. they will be sent 
out from the Asterisk server with the internal IP address of the server, 
this means that when the SIP UA reads the SIP message and responds it 
will respond to the incorrect IP address..

So the basic rules where NAT is involved are..

Asterisk server must always be on a public IP address..

SIP UA's can be behind NAT but need nat=yes, canreinvite=no and 
qualify=yes set in the phone configuration in sip.conf..

Hope that helps..

Later..

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

  



___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Martin Pycko]

You can port forward the 5060 SIP port and use externip keyword in
sip.conf to have it working behind a NAT.

Martin

On Mon, 3 Nov 2003, WipeOut wrote:

 Robert Mann wrote:

  Problem I have is this.  outside firewall (extension 2003) can call me
  inside firewall (extension 2000) and all is fine.  If I call from
  inside firewall (extension 2000) to outside firewall (extension 2003)
  I hear no ringing and person at other end can pick up and I hear for
  maybe a half second then I go to voicemail.  If I add another
  extension on the outside then communication between outside and
  outside through * is not possible at all.  I know I can not be the
  only one who has tried to do this.  Please any help would be greatly
  appreciated.
 

 Robert,

 You need to get Asterisk onto a public IP address.. Using the DMZ
 function on the router will not work.. If you search the archives you
 will see that it has been attempted many times..

 The reason is not in the IP but in the SIP headers.. they will be sent
 out from the Asterisk server with the internal IP address of the server,
 this means that when the SIP UA reads the SIP message and responds it
 will respond to the incorrect IP address..

 So the basic rules where NAT is involved are..

 Asterisk server must always be on a public IP address..

 SIP UA's can be behind NAT but need nat=yes, canreinvite=no and
 qualify=yes set in the phone configuration in sip.conf..

 Hope that helps..

 Later..

 ___
 Asterisk-Users mailing list
 [EMAIL PROTECTED]
 http://lists.digium.com/mailman/listinfo/asterisk-users


___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[WipeOut]

Martin Pycko wrote:

You can port forward the 5060 SIP port and use externip keyword in
sip.conf to have it working behind a NAT.
Martin

 

Martin,

Is externip and new parameter??

Does it do a similar thing for the server as what nat=yes does for the 
phone?

Later..

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Martin Pycko]

It's new. It prevents asterisk from putting the private IP in the messages
that asterisk sends with SIP.

Martin

On Mon, 3 Nov 2003, WipeOut wrote:

 Martin Pycko wrote:

 You can port forward the 5060 SIP port and use externip keyword in
 sip.conf to have it working behind a NAT.
 
 Martin
 
 
 
 Martin,

 Is externip and new parameter??

 Does it do a similar thing for the server as what nat=yes does for the
 phone?

 Later..

 ___
 Asterisk-Users mailing list
 [EMAIL PROTECTED]
 http://lists.digium.com/mailman/listinfo/asterisk-users


___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Philipp von Klitzing]

Hi!

 I don't think that is what keeping the original poster's system from
 working. The issue is one extension is configured for canreinvite=no
 and the other is canreinvite=yes. One extension believes all RTP must
 be passed through * while the other is attempting to negotiate a
 phone-to-phone RTP session, thus dropping the audio. 

Are you sure this is 100% correct? I have some doubts since:

- you'd have to consider all possible connection permutations between all 
clients and then set canreinvite= accordingly, which doesn't sound like 
it makes much sense

- sip.conf is for * only, the data are not seen or read by the SIP UA 
themselves. Thus it would appear that it is up to * to permit/not permit 
a reinvite between the two UAs

So bascially from my understanding things work like this: Once one of the 
SIP call parties has a canreinvite=no it won't matter what the other 
party's setting looks like, RTP traffic will travel through * anyway.

Am I wrong here?
Philipp


___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[listas iPfone]

Hi!

How to use that externip new parameter?

Where in sip.conf and what is the format?

thanks


- Original Message - 
From: Martin Pycko [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, November 03, 2003 3:34 PM
Subject: Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing


 It's new. It prevents asterisk from putting the private IP in the messages
 that asterisk sends with SIP.

 Martin

 On Mon, 3 Nov 2003, WipeOut wrote:

  Martin Pycko wrote:
 
  You can port forward the 5060 SIP port and use externip keyword in
  sip.conf to have it working behind a NAT.
  
  Martin
  
  
  
  Martin,
 
  Is externip and new parameter??
 
  Does it do a similar thing for the server as what nat=yes does for the
  phone?
 
  Later..
 
  ___
  Asterisk-Users mailing list
  [EMAIL PROTECTED]
  http://lists.digium.com/mailman/listinfo/asterisk-users
 

 ___
 Asterisk-Users mailing list
 [EMAIL PROTECTED]
 http://lists.digium.com/mailman/listinfo/asterisk-users


___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Olle E. Johansson]

Martin Pycko wrote:

You can port forward the 5060 SIP port and use externip keyword in
sip.conf to have it working behind a NAT.
Martin,
Could you please explain the use of the new externip keyword.
Is it a [general] keyword or something configurable for SIP host/peers/friends?

Thank you!

/Olle

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Andrew Thompson]

According to the source, it goes in the general section of sip.conf:

} else if (!strcasecmp(v-name, externip)) {
if (!(hp = gethostbyname(v-value))) {
ast_log(LOG_WARNING, Invalid address for externip keyword: %s\n, v-value);
} else {
memcpy(__ourip, hp-h_addr, sizeof(__ourip));
use_external_ip = 1;
}

Apparently, it expects the IP address that you want to use instead of the default 
(bindaddr, I guess?).

Can someone tell me, does the second line that I quoted, with the gethostbyname 
function mean that it will accept a hostname instead of just an IP? This would be 
really really good for Dynamic IP users. 

Note: I'm not savy enough to figure out how often this variable is refreshed!

This was taken from the CVS Viewer at: http://asterisk.espia-net.net/
chan_sip.c: 
http://asterisk.espia-net.net/horde/chora/co.php/asterisk/channels/chan_sip.c?login=2r=1.204

-
Andrew Thompson

- Original Message - 
From: Martin Pycko [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, November 03, 2003 12:34 PM
Subject: Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing


 It's new. It prevents asterisk from putting the private IP in the messages
 that asterisk sends with SIP.
 
 Martin
 
 On Mon, 3 Nov 2003, WipeOut wrote:
 
  Martin Pycko wrote:
 
  You can port forward the 5060 SIP port and use externip keyword in
  sip.conf to have it working behind a NAT.
  
  Martin
  
  
  
  Martin,
 
  Is externip and new parameter??
 
  Does it do a similar thing for the server as what nat=yes does for the
  phone?
 
  Later..
 
  ___
  Asterisk-Users mailing list
  [EMAIL PROTECTED]
  http://lists.digium.com/mailman/listinfo/asterisk-users
 
 
 ___
 Asterisk-Users mailing list
 [EMAIL PROTECTED]
 http://lists.digium.com/mailman/listinfo/asterisk-users
 [EMAIL PROTECTED])fjåŠËbú?jË^®+$ºÇ«

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Olle E. Johansson]

Martin Pycko wrote:

It's new. It prevents asterisk from putting the private IP in the messages
that asterisk sends with SIP.
Hmmm. According to the sip.conf example:

  [general]
  externip = 200.201.202.203 :Address that we're going to put in SIP messages if we're 
behind a NAT
Does this apply only for register= connections, where Asterisk acts as a client UA?
Or all SIP Sessions?
Can we apply this only on ONE register= connection, but not as a default? That would 
be done
not in [general] but in a [hostname] section of sip.conf.
/O

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Martin Pycko]

Download the new code and see in asterisk/configs/sip.conf.sample

It can't be easier than that.

Martin

On Mon, 3 Nov 2003, listas iPfone wrote:

 Hi!

 How to use that externip new parameter?

 Where in sip.conf and what is the format?

 thanks


 - Original Message -
 From: Martin Pycko [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Monday, November 03, 2003 3:34 PM
 Subject: Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing


  It's new. It prevents asterisk from putting the private IP in the messages
  that asterisk sends with SIP.
 
  Martin
 
  On Mon, 3 Nov 2003, WipeOut wrote:
 
   Martin Pycko wrote:
  
   You can port forward the 5060 SIP port and use externip keyword in
   sip.conf to have it working behind a NAT.
   
   Martin
   
   
   
   Martin,
  
   Is externip and new parameter??
  
   Does it do a similar thing for the server as what nat=yes does for the
   phone?
  
   Later..
  
   ___
   Asterisk-Users mailing list
   [EMAIL PROTECTED]
   http://lists.digium.com/mailman/listinfo/asterisk-users
  
 
  ___
  Asterisk-Users mailing list
  [EMAIL PROTECTED]
  http://lists.digium.com/mailman/listinfo/asterisk-users
 

 ___
 Asterisk-Users mailing list
 [EMAIL PROTECTED]
 http://lists.digium.com/mailman/listinfo/asterisk-users


___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Martin Pycko]

It's for setting asterisk box with SIP support behind a NAT.
You need to do port redirection of eg. 5060 and then setup
externip=ip_of_your_nat_gateway

Martin

On Mon, 3 Nov 2003, Andrew Thompson wrote:

 According to the source, it goes in the general section of sip.conf:

 } else if (!strcasecmp(v-name, externip)) {
 if (!(hp = gethostbyname(v-value))) {
 ast_log(LOG_WARNING, Invalid address for externip keyword: %s\n, v-value);
 } else {
 memcpy(__ourip, hp-h_addr, sizeof(__ourip));
 use_external_ip = 1;
 }

 Apparently, it expects the IP address that you want to use instead of the default 
 (bindaddr, I guess?).

 Can someone tell me, does the second line that I quoted, with the gethostbyname 
 function mean that it will accept a hostname instead of just an IP? This would be 
 really really good for Dynamic IP users.

 Note: I'm not savy enough to figure out how often this variable is refreshed!

 This was taken from the CVS Viewer at: http://asterisk.espia-net.net/
 chan_sip.c: 
 http://asterisk.espia-net.net/horde/chora/co.php/asterisk/channels/chan_sip.c?login=2r=1.204

 -
 Andrew Thompson

 - Original Message -
 From: Martin Pycko [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Monday, November 03, 2003 12:34 PM
 Subject: Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing


  It's new. It prevents asterisk from putting the private IP in the messages
  that asterisk sends with SIP.
 
  Martin
 
  On Mon, 3 Nov 2003, WipeOut wrote:
 
   Martin Pycko wrote:
  
   You can port forward the 5060 SIP port and use externip keyword in
   sip.conf to have it working behind a NAT.
   
   Martin
   
   
   
   Martin,
  
   Is externip and new parameter??
  
   Does it do a similar thing for the server as what nat=yes does for the
   phone?
  
   Later..
  
   ___
   Asterisk-Users mailing list
   [EMAIL PROTECTED]
   http://lists.digium.com/mailman/listinfo/asterisk-users
  
 
  ___
  Asterisk-Users mailing list
  [EMAIL PROTECTED]
  http://lists.digium.com/mailman/listinfo/asterisk-users
  ÿÿÿÀ²×«ŠÉÿRÇ«²f¢–)à–+-Ë^®+$ýK®ÏåŠËlýØ Šéÿr‰¡¶Úÿÿùb²Ûÿv(ºoÜ¢oæj)fjåŠËbú?jË^®+$þë


___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Robert L Mathews]

At 11/3/03 10:00 AM, Martin Pycko [EMAIL PROTECTED] wrote:

 Is externip and new parameter??

It's new. It prevents asterisk from putting the private IP in the messages
that asterisk sends with SIP.

Does it take an IP address, like externip=1.2.3.4? And does it then 
force the SIP messages for that channel to use the externip value 
instead of the server's local IP address?

If so, that's useful; it will help people who know in advance that a 
certain phone is on one side of a NAT or the other.

However, it would be nicer still if it could fix the SIP messages only 
when necessary, using a subnet mask or STUN, as has been proposed.

The reason is that hard-coding an IP address to use when communicating 
with a certain client means you can't have a phone in an office (on the 
same side of the NAT as Asterisk) during the day, then take the phone 
home at night (on the other side of the NAT) and have it work without 
changing sip.conf.

-- 
Robert L Mathews, Tiger Technologies  http://www.tigertech.net/

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Martin Pycko]

It's not for phones, it's for asterisk behind a NAT.

Martin

On Mon, 3 Nov 2003, Robert L Mathews wrote:

 At 11/3/03 10:00 AM, Martin Pycko [EMAIL PROTECTED] wrote:

  Is externip and new parameter??
 
 It's new. It prevents asterisk from putting the private IP in the messages
 that asterisk sends with SIP.

 Does it take an IP address, like externip=1.2.3.4? And does it then
 force the SIP messages for that channel to use the externip value
 instead of the server's local IP address?

 If so, that's useful; it will help people who know in advance that a
 certain phone is on one side of a NAT or the other.

 However, it would be nicer still if it could fix the SIP messages only
 when necessary, using a subnet mask or STUN, as has been proposed.

 The reason is that hard-coding an IP address to use when communicating
 with a certain client means you can't have a phone in an office (on the
 same side of the NAT as Asterisk) during the day, then take the phone
 home at night (on the other side of the NAT) and have it work without
 changing sip.conf.

 --
 Robert L Mathews, Tiger Technologies  http://www.tigertech.net/

 ___
 Asterisk-Users mailing list
 [EMAIL PROTECTED]
 http://lists.digium.com/mailman/listinfo/asterisk-users


___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Chris Albertson]

--- Robert L Mathews [EMAIL PROTECTED] wrote:
 At 11/3/03 10:00 AM, Martin Pycko [EMAIL PROTECTED] wrote:
 
  Is externip and new parameter??
 
 It's new. It prevents asterisk from putting the private IP in the
 messages
 that asterisk sends with SIP.
 
 Does it take an IP address, like externip=1.2.3.4? And does it then
 
 force the SIP messages for that channel to use the externip value 
 instead of the server's local IP address?
 
 If so, that's useful; it will help people who know in advance that a 
 certain phone is on one side of a NAT or the other.
 
 However, it would be nicer still if it could fix the SIP messages
 only 
 when necessary, using a subnet mask or STUN, as has been proposed.
 
 The reason is that hard-coding an IP address to use when
 communicating 
 with a certain client means you can't have a phone in an office (on
 the 
 same side of the NAT as Asterisk) during the day, then take the phone
 
 home at night (on the other side of the NAT) and have it work without
 
 changing sip.conf.


Hasn't anyone simply _looked_ at the code?  This sounds like the
patch that was posted here to this mailing list last week.
Did it make it into CVS already?

Yes, STUN is the way to go.  It can find out what your external
IP address is and what kind of firewall you have.

I'm currently trying to learn more about STUN and how it could be added
into Astrisk.  You certaily can't have Asterisk block and wait
for a STUN server so I think STUN goes in a new thread.  Who
to do that?  There seem to be enough examples already in Asterisk
I'm reading these.  The other problem is trying to contact the
maintainer of the STUN library.  So far my own post asking Who
maintains this? is the only message  I've seen on their list.
Perhaps the answer is no one?

=
Chris Albertson
  Home:   310-376-1029  [EMAIL PROTECTED]
  Cell:   310-990-7550
  Office: 310-336-5189  [EMAIL PROTECTED]
  KG6OMK

__
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Chris Albertson]

I'm replying to my own post because it is not clear.

1) STUN can find all the firewalls between Aterisk
and whatever else.  It can also find what your public
IP address it.

2) THere is an easy to use opensource STUN library
available but I'm not yet sure how acivly developed it is
currently.  It's e-mail list seems very inactive.

3) Suggestions please:  Where is Asterisk should STUN
code go?  I figure  not in any of the chan_*.c routines
as NAT environment is global to all channels.  You can't
just do it once at startup either as the environment may
be dynamic


--- Chris Albertson [EMAIL PROTECTED] wrote:

 
 Hasn't anyone simply _looked_ at the code?  This sounds like the
 patch that was posted here to this mailing list last week.
 Did it make it into CVS already?
 
 Yes, STUN is the way to go.  It can find out what your external
 IP address is and what kind of firewall you have.
 
 I'm currently trying to learn more about STUN and how it could be
 added
 into Astrisk.  You certaily can't have Asterisk block and wait
 for a STUN server so I think STUN goes in a new thread.  Who
 to do that?  There seem to be enough examples already in Asterisk
 I'm reading these.  The other problem is trying to contact the
 maintainer of the STUN library.  So far my own post asking Who
 maintains this? is the only message  I've seen on their list.
 Perhaps the answer is no one?


=
Chris Albertson
  Home:   310-376-1029  [EMAIL PROTECTED]
  Cell:   310-990-7550
  Office: 310-336-5189  [EMAIL PROTECTED]
  KG6OMK

__
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

RE: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Shoval Tom]

Will extern IP work if I had multiple phones connected behind NAT?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin Pycko
Sent: Monday, November 03, 2003 8:35 PM
To: [EMAIL PROTECTED]
Subject: Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

It's new. It prevents asterisk from putting the private IP in the messages
that asterisk sends with SIP.

Martin

On Mon, 3 Nov 2003, WipeOut wrote:

 Martin Pycko wrote:

 You can port forward the 5060 SIP port and use externip keyword in
 sip.conf to have it working behind a NAT.
 
 Martin
 
 
 
 Martin,

 Is externip and new parameter??

 Does it do a similar thing for the server as what nat=yes does for the
 phone?

 Later..

 ___
 Asterisk-Users mailing list
 [EMAIL PROTECTED]
 http://lists.digium.com/mailman/listinfo/asterisk-users


___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Fwd: RE: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Andrew Thompson]

MOD NOTE:Please kill/bounce my other email, it was accidental.

I just pulled down the newest CVS and recompiled.

FWD (free world dialup) works now from *, and I AM behind a NAT. I've nearly 
given up on the xten lite, iaxcomm sounds better. I'll be trying the other win 
app thats up-and-coming on the list later.

It seems to have broken iptel, but that's not as important to me right now. 

Perhaps there could be some flag on the register line to turn the externip on or 
off.

-- 
Andrew Thompson


Quoting Martin Pycko [EMAIL PROTECTED]:

 It doesn't care about the phones. If you phones are behind nat use nat=yes
 for each defined account.
 
 Martin
 
 On Tue, 4 Nov 2003, Shoval Tom wrote:
 
  Will extern IP work if I had multiple phones connected behind NAT?
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] On Behalf Of Martin Pycko
  Sent: Monday, November 03, 2003 8:35 PM
  To: [EMAIL PROTECTED]
  Subject: Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing
 
  It's new. It prevents asterisk from putting the private IP in the messages
  that asterisk sends with SIP.
 
  Martin
 
  On Mon, 3 Nov 2003, WipeOut wrote:
 
   Martin Pycko wrote:
  
   You can port forward the 5060 SIP port and use externip keyword in
   sip.conf to have it working behind a NAT.
   
   Martin
   
   
   
   Martin,
  
   Is externip and new parameter??
  
   Does it do a similar thing for the server as what nat=yes does for the
   phone?
  
   Later..
  
   ___
   Asterisk-Users mailing list
   [EMAIL PROTECTED]
   http://lists.digium.com/mailman/listinfo/asterisk-users
  
 
  ___
  Asterisk-Users mailing list
  [EMAIL PROTECTED]
  http://lists.digium.com/mailman/listinfo/asterisk-users
 
  ___
  Asterisk-Users mailing list
  [EMAIL PROTECTED]
  http://lists.digium.com/mailman/listinfo/asterisk-users
 
 
 ___
 Asterisk-Users mailing list
 [EMAIL PROTECTED]
 http://lists.digium.com/mailman/listinfo/asterisk-users
 


- End forwarded message -

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[B Yoshimi]

(B
(B
(BI've been using asterisk-0.5.0.
(B
(BI've been reading about the externip param (it 
(Blooks like it is only available in the lastest releases).
(B
(BCould someone tell me the version number (or tag) 
(Bto check out of CVS so I can get this functionality?
(B
(B(And, if its not too much trouble, could someone 
(Btell me the cvs command to check it out? I've already checked out 
(Bthe
(Blatest release with cvs checkout asterisk but it 
(Bgives me a segmentation violationas soon as I make an incoming H.323 
(Bconnection.)
(B
(BMy configuration is RedHat 9.0, 
(Bopenh323 1.12.2
(Bpwlib_1.5.2
(Bgnugk-2.0.6
(Band the 14 Oct 2003 version of ser.
(B
(BThanks,
(B
(B
(BBill
(B
(B

RE: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[William Waites]

On Mon, 3 Nov 2003 17:10:10 -0600 (CST), Martin Pycko wrote
 It doesn't care about the phones. If you phones are behind nat use nat=yes
 for each defined account.

The fix is incorrect. Asterisk chan_sip.c must distinguish between
SIP peers that are behind the firewall (together with the *) and those
that are on the outside. Either the configuration flag use_extern_ip
must be specific to a peer, or it must be figured out in some other
way. A global variable won't do since it creates a situation where
either external or internal peers will work but not both.


___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Rich Adamson]

  I don't think that is what keeping the original poster's system from
  working. The issue is one extension is configured for canreinvite=no
  and the other is canreinvite=yes. One extension believes all RTP must
  be passed through * while the other is attempting to negotiate a
  phone-to-phone RTP session, thus dropping the audio. 
 
 Are you sure this is 100% correct? I have some doubts since:

No, not sure at all as there isn't enough actual data in the original
posters message to qualify the root-cause.

 - you'd have to consider all possible connection permutations between all 
 clients and then set canreinvite= accordingly, which doesn't sound like 
 it makes much sense

Given the original data, the permutations is two extns, nothing more. One
inside and one outside.
 
 - sip.conf is for * only, the data are not seen or read by the SIP UA 
 themselves. Thus it would appear that it is up to * to permit/not permit 
 a reinvite between the two UAs
 
 So bascially from my understanding things work like this: Once one of the 
 SIP call parties has a canreinvite=no it won't matter what the other 
 party's setting looks like, RTP traffic will travel through * anyway.

Don't believe that understanding is correct. Assuming no parameters within
the * sip.conf to suggest otherwise, when phone #1 calls phone #2 asterisk
initiates the call by communicating with the caller (phone #1). 
The caller starts the RTP-port-negotiation process with phone #2. If 
phone #2 calls phone #1 and fails (which was the case stated by the 
poster based only on my memory, which could be wrong), the problem is 
pointing directly to the differences within the extn definitions in 
sip.conf. One phone is told to negotiate directly with the second
phone (within asterisk), and the second phone is told not to negotitate
the rtp channel within asterisk. Since the nat device is only one way
communications, what fails? RTP.






___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Anthony Wood]

On Mon, Nov 03, 2003 at 09:46:40PM -0400, William Waites wrote:
 On Mon, 3 Nov 2003 17:10:10 -0600 (CST), Martin Pycko wrote
  It doesn't care about the phones. If you phones are behind nat use nat=yes
  for each defined account.
 
 The fix is incorrect. Asterisk chan_sip.c must distinguish between
 SIP peers that are behind the firewall (together with the *) and those
 that are on the outside. Either the configuration flag use_extern_ip
 must be specific to a peer, or it must be figured out in some other
 way. A global variable won't do since it creates a situation where
 either external or internal peers will work but not both.

Internals can use the IP address of the NAT box as the Asterisk Server
IP and then it should work.

i.e. don't set your internal SIP UAs to connect to the internal IP
address of the Asterisk Server.

The fix allows asterisk to work together with the NAT box to appear
to all concerned as if it has a real IP address.

cheers,
Woody
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[John Todd]

Martin Pycko wrote:

It's new. It prevents asterisk from putting the private IP in the messages
that asterisk sends with SIP.
Hmmm. According to the sip.conf example:

  [general]
  externip = 200.201.202.203 :Address that we're going to put in SIP 
messages if we're behind a NAT

Does this apply only for register= connections, where Asterisk acts 
as a client UA?
Or all SIP Sessions?

Can we apply this only on ONE register= connection, but not as a 
default? That would be done
not in [general] but in a [hostname] section of sip.conf.

/O
Indeed, sip.conf needs a major overhaul to handle this and quite a 
few other tricks that the more 'advanced' users require.  See the 
thread I started some time ago that died out very quickly:

http://www.mail-archive.com/[EMAIL PROTECTED]/msg01058.html

JT
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Robert L Mathews]

At 11/3/03 2:41 PM, Martin Pycko [EMAIL PROTECTED] wrote:

It's not for phones, it's for asterisk behind a NAT.

My apologies; I'm not making my question clear.

I realize this option is for Asterisk behind a NAT, but of course 
Asterisk uses this parameter to talk to SIP clients (which I referred to, 
perhaps too specifically, as phones), and that's what I meant.

In other words, Asterisk might be talking to SIP phones on either side of 
the NAT. A given SIP phone acting as an extension may be on the same 
private network as Asterisk, or it may be on the other side of the NAT 
(out on the public Internet, possibly even behind its own NAT on the 
other end).

Imagine I have both Asterisk and a SIP phone on my local office network 
using private IP addresses, and I also have a second SIP phone that is in 
another location, at someone's home office on the public Internet.

The externip=a.b.c.d doesn't help in this situation, because it forces 
Asterisk to use the external IP address in all cases, which breaks the 
functionality for local phones. That is, the new option presumably makes 
it possible to have *all* your SIP phones on the other side of the NAT 
from Asterisk, but you can't some phones on both sides. (Indeed, I just 
tried it, and using externip=something prevents SIP phones on the same 
private network as Asterisk from working.)

In Bug ID 104, a patch was suggested that takes the netmask into 
effect and makes the right decision for phones on either side of the NAT. 
However, the code that was added for externip in the current CVS isn't 
that patch; it's just a way of giving me a choice of having SIP phones on 
the outside of the NAT working, or having SIP phones on the inside of the 
NAT working, but not both at the same time.

I guess I'm curious why the hard-coded global option was used, because it 
doesn't really solve the problem in the general case. The whole trouble 
with NAT is that Asterisk may need to use a different IP address 
depending on the IP address of the SIP client it's communicating with, 
and that address needs to be determined on the fly. In a perfect word, 
this would all be handled by magic so it required no configuration (e.g., 
STUN), but the patch in 104 would at least allow phones on both sides 
of the NAT to work with a small amount of configuration, which isn't 
possible now with the CVS code.

Thanks again for the hard work you're putting in to Asterisk!

-- 
Robert L Mathews, Tiger Technologies  http://www.tigertech.net/

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[William Waites]

On Tue, 4 Nov 2003 13:00:44 +1100, Anthony Wood wrote

 Internals can use the IP address of the NAT box as the Asterisk 
 Server IP and then it should work.
 
 i.e. don't set your internal SIP UAs to connect to the internal IP
 address of the Asterisk Server.
 
 The fix allows asterisk to work together with the NAT box to appear
 to all concerned as if it has a real IP address.

That only true for some NAT implementations and configurations.
It is not robust in general. It would require double the ipfilter 
configuration and double the traffic on my NetBSD gateway, for 
example. The patch I submitted last week addresses this problem.

Cheers,
-w
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Chris Albertson]

--- John Todd [EMAIL PROTECTED] wrote:
 I'm replying to my own post because it is not clear.
 
 1) STUN can find all the firewalls between Aterisk
 and whatever else.  It can also find what your public
 IP address it.
 
 Correct.
 
 2) THere is an easy to use opensource STUN library
 available but I'm not yet sure how acivly developed it is
 currently.  It's e-mail list seems very inactive.
 
 My perception of the STUN code is that it's fairly simple to 
 understand, and that it just works, therefore there are few 
 questions on a mature package that needs no additional features at 
 this time.  I could be wrong...

The developers describe their work as alpha Perhaps that description
needs updating but they've not done so yet.  Current version is
0.8.3  But it dose look resonably complete and easy to use
 
 3) Suggestions please:  Where is Asterisk should STUN
 code go?  I figure  not in any of the chan_*.c routines
 as NAT environment is global to all channels.  You can't
 just do it once at startup either as the environment may
 be dynamic
 
 I don't see why it wouldn't go into the respective channel 
 configuration files, and into the applications that ran against those
 
 files.  Perhaps reference some shared library, but I suspect that the
 
 configurations should be in each file independently, so each channel 
 type can carry it's own data structures for internal/external IP 
 address data (which you may want to be different on a 
 channel-by-channel or even host-by-host basis.)

What STUN tells you is the characteristics of a firewall.
Hard to see how a firewall possibly not even under your
control can chage on a per-channel basis.   Possibly, I think
we make a STUN module that any channel can call.  The module
contains a cache of stun results.  I think this lets each
channel look at different interfaces while reducing the global
number of STUN querries.

WHat I'm afraid of is the time.  A call to the STUN library can take
many seconds to return.  You can't hang a channel waiting that long.
The call to the stun lib should be asynchronus


 
 JT
 
 
 
 --- Chris Albertson [EMAIL PROTECTED] wrote:
 
 
   Hasn't anyone simply _looked_ at the code?  This sounds like the
   patch that was posted here to this mailing list last week.
   Did it make it into CVS already?
 
   Yes, STUN is the way to go.  It can find out what your external
   IP address is and what kind of firewall you have.
 
   I'm currently trying to learn more about STUN and how it could be
   added
   into Astrisk.  You certaily can't have Asterisk block and wait
   for a STUN server so I think STUN goes in a new thread.  Who
   to do that?  There seem to be enough examples already in Asterisk
   I'm reading these.  The other problem is trying to contact the
   maintainer of the STUN library.  So far my own post asking Who
   maintains this? is the only message  I've seen on their list.
   Perhaps the answer is no one?
 
 
 =
 Chris Albertson
Home:   310-376-1029  [EMAIL PROTECTED]
Cell:   310-990-7550
Office: 310-336-5189  [EMAIL PROTECTED]
KG6OMK
 ___
 Asterisk-Users mailing list
 [EMAIL PROTECTED]
 http://lists.digium.com/mailman/listinfo/asterisk-users


=
Chris Albertson
  Home:   310-376-1029  [EMAIL PROTECTED]
  Cell:   310-990-7550
  Office: 310-336-5189  [EMAIL PROTECTED]
  KG6OMK

__
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Chris Albertson]

 In Bug ID 104, a patch was suggested that takes the netmask into 
 effect and makes the right decision for phones on either side of the
 NAT. 
 However, the code that was added for externip in the current CVS
 isn't 
 that patch; it's just a way of giving me a choice of having SIP
 phones on 
 the outside of the NAT working, or having SIP phones on the inside of
 the 
 NAT working, but not both at the same time.


There were two patches last wheek that did the right thing.
and checked before stuffing in the external IP address.
These were developed independently.
Who ever put the code into CVS goofed if the subnet check was
ommitted.  Easy enough to fix your
own prevate copy of chan_sip.c until things get put right.





 
 I guess I'm curious why the hard-coded global option was used,
 because it 
 doesn't really solve the problem in the general case. The whole
 trouble 
 with NAT is that Asterisk may need to use a different IP address 
 depending on the IP address of the SIP client it's communicating
 with, 

I'm assuming the reason why is simply a cut and past goof up.

STUN reduce the need for much manual configuration.  The final fix
will be to have chan_sip.c look at the results of a STUN query and
then put the right stuff in the SIP packets, be that the 
external IP address or something else.

Another very much needed fix to SIP is to allow Astrisk to
use SIP proxys.  Just this one thing would allow Asterisk to
rout SIP via (say) SER.  and SER can do magic with the headers
and users a perl-like config file that alows complex SIP
routing.

=
Chris Albertson
  Home:   310-376-1029  [EMAIL PROTECTED]
  Cell:   310-990-7550
  Office: 310-336-5189  [EMAIL PROTECTED]
  KG6OMK

__
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Chris Albertson]

--- William Waites [EMAIL PROTECTED] wrote:
snip
 
 That only true for some NAT implementations and configurations.
 It is not robust in general. It would require double the ipfilter 
 configuration and double the traffic on my NetBSD gateway, for 
 example. The patch I submitted last week addresses this problem.

Did your patch make it to CVS?  Sorry for being lazy and not looking.
From the sounds of thing maybe only half the patch made it
But I'm not at the right machine to look at present.

=
Chris Albertson
  Home:   310-376-1029  [EMAIL PROTECTED]
  Cell:   310-990-7550
  Office: 310-336-5189  [EMAIL PROTECTED]
  KG6OMK

__
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[William Waites]

On Mon, 3 Nov 2003 19:33:36 -0800 (PST), Chris Albertson wrote
 
 Did your patch make it to CVS?  Sorry for being lazy and not looking.
 From the sounds of thing maybe only half the patch made it
 But I'm not at the right machine to look at present.

No, but it may have something to do with the corporate 
machinery churning out a faxed disclaimer -- I'm not 
sure if that's actually been done yet. The patch
(against then current CVS -- there have been some other
changes since then) is at

http://lists.digium.com/pipermail/asterisk-dev/2003-October/002150.html

-w
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Rich Adamson]

Robert,

Try adding canreinvite=no to extn 2000 and reload asterisk. In your 
specific case, it needs to be on each sip.conf extn definition.

Rich


 Problem I have is this.  outside firewall (extension 2003) can call me inside 
firewall (extension 2000) and all is fine.  If I call from
 inside firewall (extension 2000) to outside firewall (extension 2003) I hear no 
ringing and person at other end can pick up and I
 hear for maybe a half second then I go to voicemail.  If I add another extension on 
the outside then communication between
 outside and outside through * is not possible at all.  I know I can not be the only 
one who has tried to do this.  Please any help
 would be greatly appreciated.
  
 My configuration.
  
 Asterisk Server
 --
 Linux RedHat 9.0
 Asterisk CVS Update - 11/02/03 around 10:00AM PT
 Zaptel CVS Update - 11/02/03 around 10:00AM PT
 LinkSys Router with Asterisk server set as DMZ host.
  
 Desktop Computer #1
 ---
 Windows XP
 Xten X-Pro build 1082
 Behind same LinkSys router.
 extension 2000 in asterisk
  
 Desktop Computer #2
 ---
 Windows XP
 Xten X-Pro build 1082
 Not behind any firewall.
 extension 2003 in asterisk
  
 sip.conf
  
 ; General definitions for the sip.conf file.
 [general]
 port = 5060
 bindaddr = 0.0.0.0
 allow = gsm
 context = bogon-calls ; Default any unknown calls
 ;
 [2000]
 type=friend
 username=2000
 secret=grinch
 host=dynamic
 defaultip=192.168.1.210
 context=trusted
 nat=yes
 qualify=1000
 mailbox=2000
 ;
 [2003]
 type=friend
 username=2003
 secret=grinch
 host=dynamic
 context=normal
 nat=yes
 canreinvite=no
 mailbox=2003
  
 extensions.conf
  
 [globals]
 ; Variables to VoIP extensions by name
 ROBERT=SIP/2000 
  
 [general]
 static=yes   ; These two lines prevent the command-line interface
 writeprotect=yes ; from overwriting the config file. Leave them here.
  
 [bogon-calls]
 ; Bogus calls if they find there way in to the system without authorization some 
how.
 exten = _.,1,Congestion ; if someone accidentally finds there way here give them a 
fast busy.
  
 [stations]
 exten = 2000,1,Dial(SIP/2000,20)
 exten = 2000,2,Voicemail(u2000)
 exten = 2000,102,Voicemail(b2000)
 exten = 2000,103,Hangup
 ;
 exten = 2003,1,Dial(SIP/2003,20)
 exten = 2003,2,Voicemail(u2003)
 exten = 2003,102,Voicemail(b2003)
 exten = 2003,103,Hangup
 ;
 exten = 2997,1,VoicemailMain(2997)
 exten = 2998,1,VoicemailMain(2998)
 exten = 2999,1,VoicemailMain(${CALLERIDNUM})
 ;
 ; Direct Dial.  For those trusted to use the phone properly.
 [directdial]
 exten = 9,1,Dial(Zap/g1/${EXTEN:1})
 exten = 9,2,Congestion
 include = international
 ;
 ; International calling code and prefix used for users trusted to make international 
 calls.
 [international]
 exten = _9011.,1,Dial(Zap/g1/${EXTEN:1})
 exten = _9011.,2,Congestion
 include = longdistance
 ;
 ; Long distance calling code and prefix used for users trusted to make long distance 
 calls.
 [longdistance]
 exten = _91NXXNXX,1,Dial(Zap/g1/${EXTEN:1})
 exten = _91NXXNXX,2,Congestion
 include = local
 ;
 ; Local calling code and prefix used for users trusted to make local calls.
 [local]
 exten = _9NXX,1,Dial(Zap/g1/${EXTEN:1})
 exten = _9NXX,2,Congestion
 ;
 ; Trusted users from sip.conf who are able to fully use the phone.
 [trusted]
 include = stations
 include = directdial
 ;
 ; Normal users from sip.conf who are able to make local calls only.
 [normal]
 include = stations
 include = local
 ;
 ; Public area for people who are only allowed to make calls to other extensions
 [public]
 include = stations
 ;
 ; When someone calls the work line of XXX-XXX- they are directed through this.
 [inbound-work]
 exten = s,1,Zapateller(answer|nocallerid)
 exten = s,2,Dial(${ROBERT},20)
 exten = s,3,Voicemail(u2997)
 exten = s,4,Hangup
 exten = s,103,Voicemail(b2997)
 exten = s,104,Hangup
 ;
 ; When someone calls the home line of XXX-XXX- they are directed through this.
 [inbound-home]
 exten = s,1,Dial(${ROBERT},20)   
 exten = s,2,Voicemail(u2998)
 exten = s,3,Hangup
 exten = s,102,Voicemail(b2998)
 exten = s,103,Hangup
  
 Robert
---End of Original Message-


___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users