Thank you for the response Joshua . I had rtp_symmetric=yes before I wrote the email, then I set it to no, restart asterisk, and tried to make the call from the remote endpoint again but still tcpdump is showing me the RTP packets are being sent from Asterisk to the private IP. tcpdump on asterisk server showing UDP packet bound for my remote endpoints internal IP: 17:07:57.130212 IP 10.50.55.10.6214 > 10.128.30.239.51126: UDP, length 182 Current pjsip.conf file [transport-tls] type=transport protocol=tls bind=0.0.0.0:5061 local_net=10.50.55.0/24 external_media_address=<scrubbed public ip> external_signaling_address=<scrubbed public ip> cert_file=/etc/asterisk/keys/dev1.crt priv_key_file=/etc/asterisk/keys/dev1.key ca_list_file=/etc/asterisk/keys/ca.crt cipher=AES256-SHA method=tlsv1 ;===============EXTENSION 6001 [6000] type=endpoint context=internal disallow=all allow=ulaw auth=auth6000 aors=6000 direct_media=no rewrite_contact=yes ; necessary if endpoint does not know/register public ip:port ice_support=no force_rport=yes rtp_symmetric=no media_encryption=sdes [auth6000] type=auth auth_type=userpass password=6000 username=6000 [6000] type=aor qualify_frequency=30 max_contacts=1 remove_existing=yes ;===============EXTENSION 6001 [6001] type=endpoint context=internal disallow=all allow=ulaw auth=auth6001 aors=6001 direct_media=no rewrite_contact=yes ; necessary if endpoint does not know/register public ip:port ice_support=no force_rport=yes rtp_symmetric=no media_encryption=sdes [auth6001] type=auth auth_type=userpass password=6001 username=6001 [6001] type=aor qualify_frequency=30 max_contacts=1 remove_existing=yes -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3587 bytes Desc: not available URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20160303/9b829568/attachment.bin>
Kevin Long wrote:> Thank you for the response Joshua . > > > I had rtp_symmetric=yes before I wrote the email, then I set it to > no, restart asterisk, and tried to make the call from the remote > endpoint again but still tcpdump is showing me the RTP packets are > being sent from Asterisk to the private IP. > > tcpdump on asterisk server showing UDP packet bound for my remote > endpoints internal IP: 17:07:57.130212 IP 10.50.55.10.6214> > 10.128.30.239.51126: UDP, length 182It needs to be set to yes, and you also must have received an RTP packet from the remote side. If you haven't received any then check to see if they are being blocked by a firewall, and that the SDP sent to the device contains the public IP address. -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com & www.asterisk.org
Hi Joshua, Looking at the transmitted SIP packets from Asterisk, it looks like Asterisk is only sending it?s own internal IP (it is behind a NAT too, with proper port forwarding) . I did set in my transport the external_signaling_address and external_media_address , and I have now put transport= into my endpoint configuration hoping they will ?inherit? the correct public IP for the media . But Asterisk is still sending RTP to the wrong IP . I am trying to test a ?real world? scenario of public IP and NAT traversal, but I do have split tunnel VPN in my environment so the endpoint and the asterisk server *could* reach each other by the private IP ,but I am actually trying to avoid this with a proper configuration since my real users will not be on any VPN, mostly. ;===============TRANSPORT [transport-tls] type=transport protocol=tls bind=0.0.0.0:5061 local_net=10.50.55.0/24 external_media_address=66.114.139.174 external_signaling_address=66.114.139.174 cert_file=/etc/asterisk/keys/dev1.crt priv_key_file=/etc/asterisk/keys/dev1.key ca_list_file=/etc/asterisk/keys/ca.crt cipher=AES256-SHA method=tlsv1 ;===============EXTENSION 6001 [6000] type=endpoint context=internal disallow=all allow=ulaw transport=transport-tls auth=auth6000 aors=6000 direct_media=no rewrite_contact=yes ; necessary if endpoint does not know/register public ip:port ice_support=no force_rport=yes rtp_symmetric=yes media_encryption=sdes [auth6000] type=auth auth_type=userpass password=6000 username=6000 [6000] type=aor qualify_frequency=30 max_contacts=1 remove_existing=yes ;===============EXTENSION 6001 [6001] type=endpoint context=internal disallow=all allow=ulaw transport=transport-tls auth=auth6001 aors=6001 direct_media=no rewrite_contact=yes ; necessary if endpoint does not know/register public ip:port ice_support=no force_rport=yes rtp_symmetric=yes media_encryption=sdes [auth6001] type=auth auth_type=userpass password=6001 username=6001 [6001] type=aor qualify_frequency=30 max_contacts=1 remove_existing=yes -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3587 bytes Desc: not available URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20160303/29686a06/attachment.bin>
Kevin Long wrote:> Hi Joshua, > > > > Looking at the transmitted SIP packets from Asterisk, it looks like > Asterisk is only sending it?s own internal IP (it is behind a NAT > too, with proper port forwarding) . > > I did set in my transport the external_signaling_address and > external_media_address , and I have now put transport= into my > endpoint configuration hoping they will ?inherit? the correct public > IP for the media . > > But Asterisk is still sending RTP to the wrong IP . > > > I am trying to test a ?real world? scenario of public IP and NAT > traversal, but I do have split tunnel VPN in my environment so the > endpoint and the asterisk server *could* reach each other by the > private IP ,but I am actually trying to avoid this with a proper > configuration since my real users will not be on any VPN, mostly.What version of 13 are you also using? -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com & www.asterisk.org