asterisk users - Feb 2014 - Asterisk as a client: can I get the remote SIP server to ignore rport?

Hi list,

I have a fresh install of Asterisk 12.0.0 and I'm going to use it only 
as a client. I'm trying to SIP REGISTER with a remote SIP provider.

The situation is that Asterisk is running in a VMware VM with a RFC IP 
address (192.168.1.2). The provider of the VM performs static NAT from 
the RFC IP address to a dedicated public IP address, however, they are 
rewriting ports at will. That's the problem.

Here's an excerpt from tcpdump:

IP 192.168.1.2.5060 > my.provider.com.5060: UDP, length 411
REGISTER sip:my.provider.com SIP/2.0
Via: SIP/2.0/UDP 192.168.1.2:5060;branch=z9hG4bK25a36d76
Max-Forwards: 70
From: <sip:1234 at my.provider.com>;tag=as762d7322
To: <sip:1234 at my.provider.com>
Call-ID: 778c50f84e80a9db60dcd35a2f8a1498 at 127.0.0.1
CSeq: 228 REGISTER
Supported: replaces, timer
User-Agent: Asterisk PBX 12.0.0
Expires: 120
Contact: <sip:1234 at 192.168.1.2:5060>
Content-Length: 0

Then the remote SIP provider answers of course with "401 Unauthorized"
but that reply never makes it to Asterisk, because it doesn't come in on 
port 5060, where it actually originated on the VM, but on a random port 
that the VM hosting providers' NAT router rewrote to, in the below case 
port 63664. And the remote SIP provider tries to send the reply back on 
that random port. Note MY.PUBLIC.IP.ADDRESS and rport below:

IP my.provider.com.5060 > 192.168.1.2.63664: UDP, length 534
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 
192.168.1.2:5060;branch=z9hG4bK25a36d76;received=MY.PUBLIC.IP.ADDRESS;rport=63664
From: <sip:1234 at my.provider.com>;tag=as762d7322
To: <sip:1234 at my.provider.com>;tag=as45cffa11
Call-ID: 778c50f84e80a9db60dcd35a2f8a1498 at 127.0.0.1
CSeq: 228 REGISTER
Server: FPBX-2.10.0(1.8.15.1)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, 
INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk",
nonce="1d46fec6"
Content-Length: 0

I'm thinking the answer is "no", but is there any option how I can
get
the remote SIP provider to answer me on port 5060? Without having them 
to change anything in their config.

Thank you!
Markus

On Wed, Feb 19, 2014 at 11:53 AM, Markus <universe at truemetal.org>
wrote:
> Hi list,
>
> I have a fresh install of Asterisk 12.0.0 and I'm going to use it only
as a
> client. I'm trying to SIP REGISTER with a remote SIP provider.
>
> The situation is that Asterisk is running in a VMware VM with a RFC IP
> address (192.168.1.2). The provider of the VM performs static NAT from the
> RFC IP address to a dedicated public IP address, however, they are
rewriting
> ports at will. That's the problem.
>
> Here's an excerpt from tcpdump:
<snip>
>
> I'm thinking the answer is "no", but is there any option how
I can get the
> remote SIP provider to answer me on port 5060? Without having them to
change
> anything in their config.
http://www.ietf.org/rfc/rfc3581.txt

To force RFC3581 support for outbound REGISTER messages, you can set
"nat=force_rport" in the general section of your sip.conf. (This also
forces RFC3581 compliance for inbound messages, for any peers that
inherit this general option)

In my testing this results in the outbound REGISTER setting rport like

"Via: SIP/2.0/UDP X.X.X.X:5060;branch=z9hG4bK493d3405;rport"

If the far end supports RFC3581 it should respond back to the port
from what it received requests. That should be 5060 if they receive
the message from 5060. However.. if your VM/Network provider is
rewriting things, then they could potentially remove your rport value,
send it out over a different port, or do any number of crazy things.
Depending on what they have going on in their network, receiving it
back at 5060 is no guarantee it'll get back to your Asterisk VM.

-- 
Rusty Newton
Digium, Inc. | Community Support Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
direct: +1 256 428 6200

Check us out at: http://digium.com & http://asterisk.org