Re: [Asterisk-Users] Maximum retries exceeded w/SIP
Brian: Thanks! I looked through the list and didn't see a correlation between what I was seeing and those parameters. Must have missed it. Thanks for your help. Andy - Original Message - From: Brian K. West To: [EMAIL PROTECTED] Sent: Saturday, June 19, 2004 11:49 PM Subject: Re: [Asterisk-Users] Maximum retries exceeded w/SIP Usage of externip= and localnet= are what you are looking for. These all have been covered more than once in the mailing list... Remember GOOGLE IS YOUR FRIEND!! :P bkw - Original Message - From: Andrew Sackheim To: [EMAIL PROTECTED] Sent: Saturday, June 19, 2004 9:29 PM Subject: [Asterisk-Users] Maximum retries exceeded w/SIP I struggled with this for several hours tonight.Turns out that if you have an * machine behind NAT, you must put the PUBLIC address in the bindaddr in sip.confIf you don't put it in, the Contact: header contains the NATted address and the sip phone can't get back to *.I don't know what happens if you mix and match sip phones on the local network -- it might not work unless the sipphone uses the public address as well. Hope this helps as I see this thread come up again and again... Andy ---Steve, Sure, I could put all my machines on the public Internet, but that defeats the purpose of having a firewall in the first place. As an alternative, I could only place the * server on the outside, but I'd rather not give the script-kiddies another box to pound. Steve Totaro wrote: > Can you disable your firewall? i am about to start this phase of asterisk > an would like help from one newbie to another. otherwise this newbie will > let you know how i did it. > > > - Original Message - > From: "Brad Waite" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, September 20, 2003 9:07 AM > Subject: [Asterisk-Users] Maximum retries exceeded w/SIP > > > >>First of all, I'd like to send a big "thank you" to all the folks who have >>helped me get this far. >> >>Now on to the next problem. Here's my current network setup: >> >> >>The Big I ---+--- FreeBSD FW --- * (10.0.0.253) PC (10.0.0.1) >> | >> +--- Laptop (public IP) >> >>natd is set up with the following rules: >> >>redirect_port udp 10.0.0.253:1-2 1-2 >>redirect_port udp 10.0.0.253:5060 5060 >> >>* is set up with the demo/sandbox config. >> >>I'm using XLite as my SIP client and have configured it on PC to work with > > *. > >>I'm able to do everything I've tried so far. I should, though - I'm on > > the inside. > >>However, when trying to make a call from the outside (via Laptop), > > something's > >>breaking. I've set up the SIP proxy in XLite to be the external interface > > on > >>the firewall, and am able to log into the proxy without difficulty. And > > while I > >>can begin conversations, I can't keep them going for long. >> >>For instance, when trying to call [EMAIL PROTECTED] (or [EMAIL PROTECTED]), I > > get most > >>of the "demo-abouttotry" message - "I am about to attempt an IAX > > connection to a > >>demonstration server located at Di" - at which point it gets cut off. The >>console spits out the following error: >> >>File chan_sip.c, Line 443 (retrans_pkt): Maximum retries exceeded on call >>[EMAIL PROTECTED] for seqno 12384 > > (Response) > >> >>Any ideas what could be going on? My first guess is the firewall, but I > > can't > >>figure out why some of the packets would get through while others > > apparently are > >>not. I'm at a loss. >> >>Brad Waite >>aka HankPoacher >> >>___ >>Asterisk-Users mailing list >>[EMAIL PROTECTED] >>http://lists.digium.com/mailman/listinfo/asterisk-users >> > > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users >
Re: [Asterisk-Users] Maximum retries exceeded w/SIP
Usage of externip= and localnet= are what you are looking for. These all have been covered more than once in the mailing list... Remember GOOGLE IS YOUR FRIEND!! :P bkw - Original Message - From: Andrew Sackheim To: [EMAIL PROTECTED] Sent: Saturday, June 19, 2004 9:29 PM Subject: [Asterisk-Users] Maximum retries exceeded w/SIP I struggled with this for several hours tonight.Turns out that if you have an * machine behind NAT, you must put the PUBLIC address in the bindaddr in sip.confIf you don't put it in, the Contact: header contains the NATted address and the sip phone can't get back to *.I don't know what happens if you mix and match sip phones on the local network -- it might not work unless the sipphone uses the public address as well. Hope this helps as I see this thread come up again and again... Andy ---Steve, Sure, I could put all my machines on the public Internet, but that defeats the purpose of having a firewall in the first place. As an alternative, I could only place the * server on the outside, but I'd rather not give the script-kiddies another box to pound. Steve Totaro wrote: > Can you disable your firewall? i am about to start this phase of asterisk > an would like help from one newbie to another. otherwise this newbie will > let you know how i did it. > > > - Original Message - > From: "Brad Waite" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, September 20, 2003 9:07 AM > Subject: [Asterisk-Users] Maximum retries exceeded w/SIP > > > >>First of all, I'd like to send a big "thank you" to all the folks who have >>helped me get this far. >> >>Now on to the next problem. Here's my current network setup: >> >> >>The Big I ---+--- FreeBSD FW --- * (10.0.0.253) PC (10.0.0.1) >> | >> +--- Laptop (public IP) >> >>natd is set up with the following rules: >> >>redirect_port udp 10.0.0.253:1-2 1-2 >>redirect_port udp 10.0.0.253:5060 5060 >> >>* is set up with the demo/sandbox config. >> >>I'm using XLite as my SIP client and have configured it on PC to work with > > *. > >>I'm able to do everything I've tried so far. I should, though - I'm on > > the inside. > >>However, when trying to make a call from the outside (via Laptop), > > something's > >>breaking. I've set up the SIP proxy in XLite to be the external interface > > on > >>the firewall, and am able to log into the proxy without difficulty. And > > while I > >>can begin conversations, I can't keep them going for long. >> >>For instance, when trying to call [EMAIL PROTECTED] (or [EMAIL PROTECTED]), I > > get most > >>of the "demo-abouttotry" message - "I am about to attempt an IAX > > connection to a > >>demonstration server located at Di" - at which point it gets cut off. The >>console spits out the following error: >> >>File chan_sip.c, Line 443 (retrans_pkt): Maximum retries exceeded on call >>[EMAIL PROTECTED] for seqno 12384 > > (Response) > >> >>Any ideas what could be going on? My first guess is the firewall, but I > > can't > >>figure out why some of the packets would get through while others > > apparently are > >>not. I'm at a loss. >> >>Brad Waite >>aka HankPoacher >> >>___ >>Asterisk-Users mailing list >>[EMAIL PROTECTED] >>http://lists.digium.com/mailman/listinfo/asterisk-users >> > > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users >
Re: [Asterisk-Users] Maximum retries exceeded w/SIP
On Sat, 2003-09-20 at 23:00, Brad Waite wrote: > Steve, > > If that's the case, why is it that I could get the first 6 seconds of the > demo-abouttotry message? RTP requires two one way UDP streams. phone -> asterisk phone <- asterisk The RTP stream can be routed from the * box to the phone, but not the other way (unless you did what you stated below). So essentially you have a one-way conversation. > As it turns out, if I set up a static route for my inside network on Laptop with > the external interface of the firewall as the gateway, everything works fine. > Of course, I had to turn off my anti-spoofing rules. I am guessing you want to have a phone somewhere else on the Internet so this solution does not meet your requirements. > And what's the nat=yes option supposed to do in sip.conf? I don't know the answer to that one. I am new the *, and have already started down the path that you are going and wanted to help so you don't have to repeat all troubles I had. It sounds like you more than one real IP address to work with, if that is the case there may be a way to make it work in your setup. Let me know. Steve > Brad > > > Stephen Varga wrote: > > > Unfortunetly this setup does not work, when * sends SDP info in the > > INVITE process on how to establish the audio session *'s real IP address > > is in the packet and the outside phone tries to connect to this IP > > address, which of course is unreachable because of the firewall. For > > this to work you need to move * to the firewall and the firewall's ip > > address in the SIP.CONF file. > > > > HTH, > > Steve > > > > On Sat, 2003-09-20 at 12:07, Brad Waite wrote: > > > >>First of all, I'd like to send a big "thank you" to all the folks who have > >>helped me get this far. > >> > >>Now on to the next problem. Here's my current network setup: > >> > >> > >>The Big I ---+--- FreeBSD FW --- * (10.0.0.253) PC (10.0.0.1) > >> | > >> +--- Laptop (public IP) > >> > >>natd is set up with the following rules: > >> > >>redirect_port udp 10.0.0.253:1-2 1-2 > >>redirect_port udp 10.0.0.253:5060 5060 > >> > >>* is set up with the demo/sandbox config. > >> > >>I'm using XLite as my SIP client and have configured it on PC to work with *. > >>I'm able to do everything I've tried so far. I should, though - I'm on the inside. > >> > >>However, when trying to make a call from the outside (via Laptop), something's > >>breaking. I've set up the SIP proxy in XLite to be the external interface on > >>the firewall, and am able to log into the proxy without difficulty. And while I > >>can begin conversations, I can't keep them going for long. > >> > >>For instance, when trying to call [EMAIL PROTECTED] (or [EMAIL PROTECTED]), I get > >>most > >>of the "demo-abouttotry" message - "I am about to attempt an IAX connection to a > >>demonstration server located at Di" - at which point it gets cut off. The > >>console spits out the following error: > >> > >>File chan_sip.c, Line 443 (retrans_pkt): Maximum retries exceeded on call > >>[EMAIL PROTECTED] for seqno 12384 (Response) > >> > >> > >>Any ideas what could be going on? My first guess is the firewall, but I can't > >>figure out why some of the packets would get through while others apparently are > >>not. I'm at a loss. > >> > >>Brad Waite > >>aka HankPoacher > >> > >>___ > >>Asterisk-Users mailing list > >>[EMAIL PROTECTED] > >>http://lists.digium.com/mailman/listinfo/asterisk-users > >> > > > > > > ___ > > Asterisk-Users mailing list > > [EMAIL PROTECTED] > > http://lists.digium.com/mailman/listinfo/asterisk-users > > > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Maximum retries exceeded w/SIP
Steve, If that's the case, why is it that I could get the first 6 seconds of the demo-abouttotry message? As it turns out, if I set up a static route for my inside network on Laptop with the external interface of the firewall as the gateway, everything works fine. Of course, I had to turn off my anti-spoofing rules. And what's the nat=yes option supposed to do in sip.conf? Brad Stephen Varga wrote: Unfortunetly this setup does not work, when * sends SDP info in the INVITE process on how to establish the audio session *'s real IP address is in the packet and the outside phone tries to connect to this IP address, which of course is unreachable because of the firewall. For this to work you need to move * to the firewall and the firewall's ip address in the SIP.CONF file. HTH, Steve On Sat, 2003-09-20 at 12:07, Brad Waite wrote: First of all, I'd like to send a big "thank you" to all the folks who have helped me get this far. Now on to the next problem. Here's my current network setup: The Big I ---+--- FreeBSD FW --- * (10.0.0.253) PC (10.0.0.1) | +--- Laptop (public IP) natd is set up with the following rules: redirect_port udp 10.0.0.253:1-2 1-2 redirect_port udp 10.0.0.253:5060 5060 * is set up with the demo/sandbox config. I'm using XLite as my SIP client and have configured it on PC to work with *. I'm able to do everything I've tried so far. I should, though - I'm on the inside. However, when trying to make a call from the outside (via Laptop), something's breaking. I've set up the SIP proxy in XLite to be the external interface on the firewall, and am able to log into the proxy without difficulty. And while I can begin conversations, I can't keep them going for long. For instance, when trying to call [EMAIL PROTECTED] (or [EMAIL PROTECTED]), I get most of the "demo-abouttotry" message - "I am about to attempt an IAX connection to a demonstration server located at Di" - at which point it gets cut off. The console spits out the following error: File chan_sip.c, Line 443 (retrans_pkt): Maximum retries exceeded on call [EMAIL PROTECTED] for seqno 12384 (Response) Any ideas what could be going on? My first guess is the firewall, but I can't figure out why some of the packets would get through while others apparently are not. I'm at a loss. Brad Waite aka HankPoacher ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Maximum retries exceeded w/SIP
Brad, I've played with XLite, but not with a firewall in this direction, so my comments might be off base. > redirect_port udp 10.0.0.253:1-2 1-2 > redirect_port udp 10.0.0.253:5060 5060 > > * is set up with the demo/sandbox config. > > I'm using XLite as my SIP client and have configured it on PC to work with *. > I'm able to do everything I've tried so far. I should, though - I'm on the inside. > > However, when trying to make a call from the outside (via Laptop), something's > breaking. I've set up the SIP proxy in XLite to be the external interface on > the firewall, and am able to log into the proxy without difficulty. And while I > can begin conversations, I can't keep them going for long. I'd guess that udp/5060 is working fine, but the voice channel is being dropped for a couple of possible reasons. The Xlite doc suggests the voice channel will be using udp/8000-8006 where 8000 & 8001 are used for line #1, etc. Based on the redirect_port statement above, I wonder if one-half of the voice port is being blocked (and therefore times out), or, nat table timeout might might be an issue. > Any ideas what could be going on? My first guess is the firewall, but I can't > figure out why some of the packets would get through while others apparently are > not. I'm at a loss. I'd download ethereal (or whatever other sniffer you'd like) and watch the flow of packets. It should give you a pretty good clue what's happening for real. I'm not so sure you're going to want to live with direction that you're heading (asterisk on the inside) as the nat function is going to limit what can be done. Example, even if you get this to work, trying to make any other call through nat while the first one is happening will be a problem; the first call nails up udp/5060, but the second call will have the udp/5060 nat'ed to some other port which will fail. Reversing the role of * and the laptop will work, and many others have that very implementation working for a single instance of Xlite. Depending upon what your real objectives are for *, I'd suggest either moving * to the outside, or add another NIC to * and placing it on the outside. You should be able to lock down that external interface in such a way as to only allow selected tcp/udp ports to be used. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Maximum retries exceeded w/SIP
Unfortunetly this setup does not work, when * sends SDP info in the INVITE process on how to establish the audio session *'s real IP address is in the packet and the outside phone tries to connect to this IP address, which of course is unreachable because of the firewall. For this to work you need to move * to the firewall and the firewall's ip address in the SIP.CONF file. HTH, Steve On Sat, 2003-09-20 at 12:07, Brad Waite wrote: > First of all, I'd like to send a big "thank you" to all the folks who have > helped me get this far. > > Now on to the next problem. Here's my current network setup: > > > The Big I ---+--- FreeBSD FW --- * (10.0.0.253) PC (10.0.0.1) > | > +--- Laptop (public IP) > > natd is set up with the following rules: > > redirect_port udp 10.0.0.253:1-2 1-2 > redirect_port udp 10.0.0.253:5060 5060 > > * is set up with the demo/sandbox config. > > I'm using XLite as my SIP client and have configured it on PC to work with *. > I'm able to do everything I've tried so far. I should, though - I'm on the inside. > > However, when trying to make a call from the outside (via Laptop), something's > breaking. I've set up the SIP proxy in XLite to be the external interface on > the firewall, and am able to log into the proxy without difficulty. And while I > can begin conversations, I can't keep them going for long. > > For instance, when trying to call [EMAIL PROTECTED] (or [EMAIL PROTECTED]), I get > most > of the "demo-abouttotry" message - "I am about to attempt an IAX connection to a > demonstration server located at Di" - at which point it gets cut off. The > console spits out the following error: > > File chan_sip.c, Line 443 (retrans_pkt): Maximum retries exceeded on call > [EMAIL PROTECTED] for seqno 12384 (Response) > > > Any ideas what could be going on? My first guess is the firewall, but I can't > figure out why some of the packets would get through while others apparently are > not. I'm at a loss. > > Brad Waite > aka HankPoacher > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Maximum retries exceeded w/SIP
Steve, Sure, I could put all my machines on the public Internet, but that defeats the purpose of having a firewall in the first place. As an alternative, I could only place the * server on the outside, but I'd rather not give the script-kiddies another box to pound. Steve Totaro wrote: Can you disable your firewall? i am about to start this phase of asterisk an would like help from one newbie to another. otherwise this newbie will let you know how i did it. - Original Message - From: "Brad Waite" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, September 20, 2003 9:07 AM Subject: [Asterisk-Users] Maximum retries exceeded w/SIP First of all, I'd like to send a big "thank you" to all the folks who have helped me get this far. Now on to the next problem. Here's my current network setup: The Big I ---+--- FreeBSD FW --- * (10.0.0.253) PC (10.0.0.1) | +--- Laptop (public IP) natd is set up with the following rules: redirect_port udp 10.0.0.253:1-2 1-2 redirect_port udp 10.0.0.253:5060 5060 * is set up with the demo/sandbox config. I'm using XLite as my SIP client and have configured it on PC to work with *. I'm able to do everything I've tried so far. I should, though - I'm on the inside. However, when trying to make a call from the outside (via Laptop), something's breaking. I've set up the SIP proxy in XLite to be the external interface on the firewall, and am able to log into the proxy without difficulty. And while I can begin conversations, I can't keep them going for long. For instance, when trying to call [EMAIL PROTECTED] (or [EMAIL PROTECTED]), I get most of the "demo-abouttotry" message - "I am about to attempt an IAX connection to a demonstration server located at Di" - at which point it gets cut off. The console spits out the following error: File chan_sip.c, Line 443 (retrans_pkt): Maximum retries exceeded on call [EMAIL PROTECTED] for seqno 12384 (Response) Any ideas what could be going on? My first guess is the firewall, but I can't figure out why some of the packets would get through while others apparently are not. I'm at a loss. Brad Waite aka HankPoacher ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Maximum retries exceeded w/SIP
Can you disable your firewall? i am about to start this phase of asterisk an would like help from one newbie to another. otherwise this newbie will let you know how i did it. - Original Message - From: "Brad Waite" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, September 20, 2003 9:07 AM Subject: [Asterisk-Users] Maximum retries exceeded w/SIP > First of all, I'd like to send a big "thank you" to all the folks who have > helped me get this far. > > Now on to the next problem. Here's my current network setup: > > > The Big I ---+--- FreeBSD FW --- * (10.0.0.253) PC (10.0.0.1) > | > +--- Laptop (public IP) > > natd is set up with the following rules: > > redirect_port udp 10.0.0.253:1-2 1-2 > redirect_port udp 10.0.0.253:5060 5060 > > * is set up with the demo/sandbox config. > > I'm using XLite as my SIP client and have configured it on PC to work with *. > I'm able to do everything I've tried so far. I should, though - I'm on the inside. > > However, when trying to make a call from the outside (via Laptop), something's > breaking. I've set up the SIP proxy in XLite to be the external interface on > the firewall, and am able to log into the proxy without difficulty. And while I > can begin conversations, I can't keep them going for long. > > For instance, when trying to call [EMAIL PROTECTED] (or [EMAIL PROTECTED]), I get most > of the "demo-abouttotry" message - "I am about to attempt an IAX connection to a > demonstration server located at Di" - at which point it gets cut off. The > console spits out the following error: > > File chan_sip.c, Line 443 (retrans_pkt): Maximum retries exceeded on call > [EMAIL PROTECTED] for seqno 12384 (Response) > > > Any ideas what could be going on? My first guess is the firewall, but I can't > figure out why some of the packets would get through while others apparently are > not. I'm at a loss. > > Brad Waite > aka HankPoacher > > ___ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
