Hi Guys, After days of fiddling, I can't really get my SIP device to work communicate with Asterisk behind NAT. Sometimes the STUN server is flaky, sometimes the device isn't reachable if the connection is dropped and then put back on, sometimes it registers OK, sometimes it doesn't, etc. I've come to the same conclusion as the wiki: it's probably better to avoid this horrible mess by either using IAX or doing VPN. Letting the IAX option aside, are you aware of any SIP devices that support some simple, easy to use VPN protocol? Cheers, Jean-Michel.
I've got Grandstreams (SIP devices) working behind double NATs, none the less. I recommend turning STUN off and make sure that your SIP devices are generating random port numbers. If they generate static port numbers, you'll get port collisions. The other parameter to watch is the "keep alive" interval. I'm not an expert, but I think this has to be long enough so that the device doesn't disconnect from the router while the various signalling is getting set up. (I've got it set to 20 seconds.) Maybe I'm missing something, but I thought it works quite well without STUN. They've never ever dropped a call. On Fri, 2005-01-28 at 00:18 +0400, Jean-Michel Hiver wrote:> Hi Guys, > > After days of fiddling, I can't really get my SIP device to work > communicate with Asterisk behind NAT. Sometimes the STUN server is > flaky, sometimes the device isn't reachable if the connection is dropped > and then put back on, sometimes it registers OK, sometimes it doesn't, etc. > > I've come to the same conclusion as the wiki: it's probably better to > avoid this horrible mess by either using IAX or doing VPN. Letting the > IAX option aside, are you aware of any SIP devices that support some > simple, easy to use VPN protocol? > > Cheers, > Jean-Michel. > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >-- Kim Lux, Diesel Research Inc.
Jean-Michel Hiver wrote:> Hi Guys, > > After days of fiddling, I can't really get my SIP device to work > communicate with Asterisk behind NAT. Sometimes the STUN server is > flaky, sometimes the device isn't reachable if the connection is > dropped and then put back on, sometimes it registers OK, sometimes it > doesn't, etc.I think you'd better use a SIP proxy with NAT traversal support. I'm using SER with their NAT helper module, it allows the phones to connect from behind most NAT devices. It's not a 100% solution. There're still cases where we need to do port forwarding on the NAT.> > I've come to the same conclusion as the wiki: it's probably better to > avoid this horrible mess by either using IAX or doing VPN. Letting the > IAX option aside, are you aware of any SIP devices that support some > simple, easy to use VPN protocol? > > Cheers, > Jean-Michel. > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
> I don't think you can use NAT = yes unless there is a STUN > server involved. See my post yesterday for my Grandstream settings.No, I had nat=yes working with my Cisco 7960 which did not provide it's public IP. However, you need to tell the IP Phone to start using the IP and port that * received the SIP messages from for RTP traffic (use via IP address and via port). -- Nabeel Jafferali Tel: +1 (416) 628-9342 Toronto +1 (646) 225-7426 New York FWD: 46990 Email/MSN: nabeel<at>jafferali.net