I have recently begun experimenting with Asterisk, and have been
mightily impressed by its capabilities and flexibility. I have run
across one problem, however, that challenges my ability to use it as a
production system.
My Asterisk box has a public Internet IP, and works great with SIP
(ATA 186) clients that also have public IP addresses. Unfortunately,
most of the locations that I would like to put these SIP phones into are
behind NAT. Calls placed from behind NAT are consistantly unsuccessful.
I have read in several places that there are software solutions to this
problem, though I have found no specific references to precisely what
software to use, or how it should be configured to hand these calls off
to Asterisk.
Has anyone on the list successfully overcome this limitation? If
so, any advice you might be able to provide would be greatly
appreciated.
Thanks!
Sincerely,
Matthew Farley
asterisk at wheatstate.net
On 2003-03-05 at 15:08, you wrote:> I would like to put these SIP phones into are behind NAT.I was quite surprised when I tested Vonage's service that I could plug in their ATA 186 behind my NAT/VPN box and it immediately worked, even for incoming calls. They must make an outbound connection and hold it open for the incoming calls that occur. Assuming this is standard SIP stuff, I wonder if Asterisk does or could support this type of registration/setup.
> I have recently begun experimenting with Asterisk, and have been >mightily impressed by its capabilities and flexibility. I have run >across one problem, however, that challenges my ability to use it as a >production system. > > My Asterisk box has a public Internet IP, and works great with SIP >(ATA 186) clients that also have public IP addresses. Unfortunately, >most of the locations that I would like to put these SIP phones into are >behind NAT. Calls placed from behind NAT are consistantly unsuccessful. >I have read in several places that there are software solutions to this >problem, though I have found no specific references to precisely what >software to use, or how it should be configured to hand these calls off >to Asterisk. > > Has anyone on the list successfully overcome this limitation? If >so, any advice you might be able to provide would be greatly >appreciated. > >Thanks! > >Sincerely, >Matthew Farley >asterisk at wheatstate.netInteresting that you bring this topic up - kram was working on this last night (with me testing implementations.) There is now (thanks, Mark!) an addition in sip.conf called "nat=1" that can flag a sip user/peer/friend as being behind a NAT address translator. The good news is that the REGISTER and INVITE requests seem to work on the ATA-186 from which I was experimenting. The bad news is that RTP still doesn't work, and so one-sided conversations occur (ATA->NAT->Asterisk->other party where the other party can hear me, but I cannot hear them.) This of course stems from the fact that NAT (in most cases) requires symmetric port usage to pass packets back inside the NAT to the right host. SIP call process information passes quite well between * and my ATA-186, so half of the problem is solved... Anyone have any ideas? I _know_ it can work, because with the same exact ATA-186, I can connect from behind a NAT to the iconnecthere.com servers, so is this STUN or something else that they're using? I set up the Vocal stund on my * server, but that didn't seem to do the trick. JT
I've just been getting into this as well, and I've run into the same problem. It looks like the only solutions so far are to use a SIP client that supports STUN (the SNOM 100 supports this), or that supports UPnP (with a NAT router that supports UPnP). For Linux NAT routers, there's an ip_masq module for 2.2 Kernels called ip_masq_sip that's supposed to do the trick. I'm in the process of trying this masq module to see if it works. If the Asterisk server itself is behind a NAT router, then that's a whole new problem. -wade> -----Original Message----- > From: asterisk-users-admin at lists.digium.com [mailto:asterisk-users- > admin at lists.digium.com] On Behalf Of Matthew Farley > Sent: Wednesday, March 05, 2003 4:08 PM > To: asterisk-users at lists.digium.com > Subject: [Asterisk-Users] Known SIP - NAT Solutions? > > I have recently begun experimenting with Asterisk, and have been > mightily impressed by its capabilities and flexibility. I have run > across one problem, however, that challenges my ability to use it as a > production system. > > My Asterisk box has a public Internet IP, and works great with SIP > (ATA 186) clients that also have public IP addresses. Unfortunately, > most of the locations that I would like to put these SIP phones into are > behind NAT. Calls placed from behind NAT are consistantly unsuccessful. > I have read in several places that there are software solutions to this > problem, though I have found no specific references to precisely what > software to use, or how it should be configured to hand these calls off > to Asterisk. > > Has anyone on the list successfully overcome this limitation? If > so, any advice you might be able to provide would be greatly > appreciated. > > Thanks! > > Sincerely, > Matthew Farley > asterisk at wheatstate.net > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users at lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users
Finally someone has hit the same problems that we have. Everyone on this
newsgroup seems to have static IPs!
The problems you get can manifest in 2 ways:
1) you cannot get through to the phone at all
2) one-way audio - you can hear the other end but they can't hear you.
The problem is a combination of things:
1) router port forwarding - you have to set udp port 5060 (default sip
signalling port) to be forwarded to the sip phone. This will enable the
initial port can take place i.e. to make the phone ring etc.
2) the router also has to allow symmetrical nat (I think that's what they
call it) so that when your phone opens the relevant rtp port the other end
can talk to your phone along the same temporarily open port connection.
3) asterisk has to support STUN (or something similar). This will enable the
mapping of a phone's internal private address to the router's external
address, so that asterisk knows where to actually send the packets to. At
present it isn't supported.
As an example, the snom phones work from behind nat because they have a stun
client which talks to the snomag.de stun server. So as long as port
forwarding it correctly configured then snom (behind nat) to snom (behind
nat) works. When asterisk gets in the way then it doesn't.
Does anyone know if stun will be implemented within asterisk? We're quite
desperate for this functionality.
Thanks
Tan
----- Original Message -----
From: "Matthew Farley" <asterisk at wheatstate.net>
To: <asterisk-users at lists.digium.com>
Sent: Wednesday, March 05, 2003 9:08 PM
Subject: [Asterisk-Users] Known SIP - NAT Solutions?
I have recently begun experimenting with Asterisk, and have been
mightily impressed by its capabilities and flexibility. I have run
across one problem, however, that challenges my ability to use it as a
production system.
My Asterisk box has a public Internet IP, and works great with SIP
(ATA 186) clients that also have public IP addresses. Unfortunately,
most of the locations that I would like to put these SIP phones into are
behind NAT. Calls placed from behind NAT are consistantly unsuccessful.
I have read in several places that there are software solutions to this
problem, though I have found no specific references to precisely what
software to use, or how it should be configured to hand these calls off
to Asterisk.
Has anyone on the list successfully overcome this limitation? If
so, any advice you might be able to provide would be greatly
appreciated.
Thanks!
Sincerely,
Matthew Farley
asterisk at wheatstate.net
_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
When situations like this arise all the time, why is there such a delay in getting ipv6 rolled out when it solves all these problems ? I realize no one acting alone can roll it out in any sort of meaningful way, but the solution has already been around over 10 years, just not getting used. At 05:06 PM 3/5/2003 -0500, you wrote:>I've just been getting into this as well, and I've run into the same >problem. > >It looks like the only solutions so far are to use a SIP client that >supports STUN (the SNOM 100 supports this), or that supports UPnP (with a >NAT router that supports UPnP). For Linux NAT routers, there's an ip_masq >module for 2.2 Kernels called ip_masq_sip that's supposed to do the trick. >I'm in the process of trying this masq module to see if it works. > >If the Asterisk server itself is behind a NAT router, then that's a whole >new problem. > >-wade > > > > -----Original Message----- > > From: asterisk-users-admin at lists.digium.com [mailto:asterisk-users- > > admin at lists.digium.com] On Behalf Of Matthew Farley > > Sent: Wednesday, March 05, 2003 4:08 PM > > To: asterisk-users at lists.digium.com > > Subject: [Asterisk-Users] Known SIP - NAT Solutions? > > > > I have recently begun experimenting with Asterisk, and have been > > mightily impressed by its capabilities and flexibility. I have run > > across one problem, however, that challenges my ability to use it as a > > production system. > > > > My Asterisk box has a public Internet IP, and works great with SIP > > (ATA 186) clients that also have public IP addresses. Unfortunately, > > most of the locations that I would like to put these SIP phones into are > > behind NAT. Calls placed from behind NAT are consistantly unsuccessful. > > I have read in several places that there are software solutions to this > > problem, though I have found no specific references to precisely what > > software to use, or how it should be configured to hand these calls off > > to Asterisk. > > > > Has anyone on the list successfully overcome this limitation? If > > so, any advice you might be able to provide would be greatly > > appreciated. > > > > Thanks! > > > > Sincerely, > > Matthew Farley > > asterisk at wheatstate.net > > > > _______________________________________________ > > Asterisk-Users mailing list > > Asterisk-Users at lists.digium.com > > http://lists.digium.com/mailman/listinfo/asterisk-users > >_______________________________________________ >Asterisk-Users mailing list >Asterisk-Users at lists.digium.com >http://lists.digium.com/mailman/listinfo/asterisk-users
Matthew Farley wrote:> I have recently begun experimenting with Asterisk, and have been >mightily impressed by its capabilities and flexibility. I have run >across one problem, however, that challenges my ability to use it as a >production system. > > My Asterisk box has a public Internet IP, and works great with SIP >(ATA 186) clients that also have public IP addresses. Unfortunately, >most of the locations that I would like to put these SIP phones into are >behind NAT. Calls placed from behind NAT are consistantly unsuccessful. >I have read in several places that there are software solutions to this >problem, though I have found no specific references to precisely what >software to use, or how it should be configured to hand these calls off >to Asterisk. > > Has anyone on the list successfully overcome this limitation? If >so, any advice you might be able to provide would be greatly >appreciated. > >Thanks! > >Sincerely, >Matthew Farley >asterisk at wheatstate.net > >_______________________________________________ >Asterisk-Users mailing list >Asterisk-Users at lists.digium.com >http://lists.digium.com/mailman/listinfo/asterisk-users > > >There are basically two ways of doing SIP-through-NAT. The first is to configure the firewall to forward ports 5060 and 10000-10100 or whatever the IP phone uses for SIP and RTP. Then configure the IP phone and set its NAT IP address. The second way is to use a RTP Proxy. The way vonage handles SIP-through-NAT is to have their SIP Proxy modify the sdp packets for the INVITE, 183, and 200 OK messages and put the RTP Proxy's IP address and ports into the sdp portion of the message. That way each endpoint sends RTP packets to the RTP Proxy. The RTP Proxy waits for the first packet from each endpoint, then it knows which port to send the RTP packets to. There is an open source project siproxd at http://sf.net/projects/siproxd which has a basic implementation of RTP Proxy. Bill