Problem I have is this. outside firewall (extension 2003) can call me inside firewall (extension 2000) and all is fine. If I call from inside firewall (extension 2000) to outside firewall (extension 2003) I hear no ringing and person at other end can pick up and I hear for maybe a half second then I go to voicemail. If I add another extension on the outside then communication between outside and outside through * is not possible at all. I know I can not be the only one who has tried to do this. Please any help would be greatly appreciated. My configuration. Asterisk Server ---------------------- Linux RedHat 9.0 Asterisk CVS Update - 11/02/03 around 10:00AM PT Zaptel CVS Update - 11/02/03 around 10:00AM PT LinkSys Router with Asterisk server set as DMZ host. Desktop Computer #1 ------------------------------- Windows XP Xten X-Pro build 1082 Behind same LinkSys router. extension 2000 in asterisk Desktop Computer #2 ------------------------------- Windows XP Xten X-Pro build 1082 Not behind any firewall. extension 2003 in asterisk sip.conf ; General definitions for the sip.conf file. [general] port = 5060 bindaddr = 0.0.0.0 allow = gsm context = bogon-calls ; Default any unknown calls ; [2000] type=friend username=2000 secret=grinch host=dynamic defaultip=192.168.1.210 context=trusted nat=yes qualify=1000 mailbox=2000 ; [2003] type=friend username=2003 secret=grinch host=dynamic context=normal nat=yes canreinvite=no mailbox=2003 extensions.conf [globals] ; Variables to VoIP extensions by name ROBERT=SIP/2000 [general] static=yes ; These two lines prevent the command-line interface writeprotect=yes ; from overwriting the config file. Leave them here. [bogon-calls] ; Bogus calls if they find there way in to the system without authorization some how. exten => _.,1,Congestion ; if someone accidentally finds there way here give them a fast busy. [stations] exten => 2000,1,Dial(SIP/2000,20) exten => 2000,2,Voicemail(u2000) exten => 2000,102,Voicemail(b2000) exten => 2000,103,Hangup ; exten => 2003,1,Dial(SIP/2003,20) exten => 2003,2,Voicemail(u2003) exten => 2003,102,Voicemail(b2003) exten => 2003,103,Hangup ; exten => 2997,1,VoicemailMain(2997) exten => 2998,1,VoicemailMain(2998) exten => 2999,1,VoicemailMain(${CALLERIDNUM}) ; ; Direct Dial. For those trusted to use the phone properly. [directdial] exten => 9,1,Dial(Zap/g1/${EXTEN:1}) exten => 9,2,Congestion include => international ; ; International calling code and prefix used for users trusted to make international calls. [international] exten => _9011.,1,Dial(Zap/g1/${EXTEN:1}) exten => _9011.,2,Congestion include => longdistance ; ; Long distance calling code and prefix used for users trusted to make long distance calls. [longdistance] exten => _91NXXNXXXXXX,1,Dial(Zap/g1/${EXTEN:1}) exten => _91NXXNXXXXXX,2,Congestion include => local ; ; Local calling code and prefix used for users trusted to make local calls. [local] exten => _9NXXXXXX,1,Dial(Zap/g1/${EXTEN:1}) exten => _9NXXXXXX,2,Congestion ; ; Trusted users from sip.conf who are able to fully use the phone. [trusted] include => stations include => directdial ; ; Normal users from sip.conf who are able to make local calls only. [normal] include => stations include => local ; ; Public area for people who are only allowed to make calls to other extensions [public] include => stations ; ; When someone calls the work line of XXX-XXX-XXXX they are directed through this. [inbound-work] exten => s,1,Zapateller(answer|nocallerid) exten => s,2,Dial(${ROBERT},20) exten => s,3,Voicemail(u2997) exten => s,4,Hangup exten => s,103,Voicemail(b2997) exten => s,104,Hangup ; ; When someone calls the home line of XXX-XXX-XXXX they are directed through this. [inbound-home] exten => s,1,Dial(${ROBERT},20) exten => s,2,Voicemail(u2998) exten => s,3,Hangup exten => s,102,Voicemail(b2998) exten => s,103,Hangup Robert -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20031102/c53ecf94/attachment.htm
Robert, Try adding "canreinvite=no" to extn 2000 and reload asterisk. In your specific case, it needs to be on each sip.conf extn definition. Rich ------------------------> Problem I have is this. outside firewall (extension 2003) can call me insidefirewall (extension 2000) and all is fine. If I call from> inside firewall (extension 2000) to outside firewall (extension 2003) I hear noringing and person at other end can pick up and I> hear for maybe a half second then I go to voicemail. If I add another extension onthe outside then communication between> outside and outside through * is not possible at all. I know I can not be the onlyone who has tried to do this. Please any help> would be greatly appreciated. > > My configuration. > > Asterisk Server > ---------------------- > Linux RedHat 9.0 > Asterisk CVS Update - 11/02/03 around 10:00AM PT > Zaptel CVS Update - 11/02/03 around 10:00AM PT > LinkSys Router with Asterisk server set as DMZ host. > > Desktop Computer #1 > ------------------------------- > Windows XP > Xten X-Pro build 1082 > Behind same LinkSys router. > extension 2000 in asterisk > > Desktop Computer #2 > ------------------------------- > Windows XP > Xten X-Pro build 1082 > Not behind any firewall. > extension 2003 in asterisk > > sip.conf > > ; General definitions for the sip.conf file. > [general] > port = 5060 > bindaddr = 0.0.0.0 > allow = gsm > context = bogon-calls ; Default any unknown calls > ; > [2000] > type=friend > username=2000 > secret=grinch > host=dynamic > defaultip=192.168.1.210 > context=trusted > nat=yes > qualify=1000 > mailbox=2000 > ; > [2003] > type=friend > username=2003 > secret=grinch > host=dynamic > context=normal > nat=yes > canreinvite=no > mailbox=2003 > > extensions.conf > > [globals] > ; Variables to VoIP extensions by name > ROBERT=SIP/2000 > > [general] > static=yes ; These two lines prevent the command-line interface > writeprotect=yes ; from overwriting the config file. Leave them here. > > [bogon-calls] > ; Bogus calls if they find there way in to the system without authorization somehow.> exten => _.,1,Congestion ; if someone accidentally finds there way here give them afast busy.> > [stations] > exten => 2000,1,Dial(SIP/2000,20) > exten => 2000,2,Voicemail(u2000) > exten => 2000,102,Voicemail(b2000) > exten => 2000,103,Hangup > ; > exten => 2003,1,Dial(SIP/2003,20) > exten => 2003,2,Voicemail(u2003) > exten => 2003,102,Voicemail(b2003) > exten => 2003,103,Hangup > ; > exten => 2997,1,VoicemailMain(2997) > exten => 2998,1,VoicemailMain(2998) > exten => 2999,1,VoicemailMain(${CALLERIDNUM}) > ; > ; Direct Dial. For those trusted to use the phone properly. > [directdial] > exten => 9,1,Dial(Zap/g1/${EXTEN:1}) > exten => 9,2,Congestion > include => international > ; > ; International calling code and prefix used for users trusted to make international calls. > [international] > exten => _9011.,1,Dial(Zap/g1/${EXTEN:1}) > exten => _9011.,2,Congestion > include => longdistance > ; > ; Long distance calling code and prefix used for users trusted to make long distance calls. > [longdistance] > exten => _91NXXNXXXXXX,1,Dial(Zap/g1/${EXTEN:1}) > exten => _91NXXNXXXXXX,2,Congestion > include => local > ; > ; Local calling code and prefix used for users trusted to make local calls. > [local] > exten => _9NXXXXXX,1,Dial(Zap/g1/${EXTEN:1}) > exten => _9NXXXXXX,2,Congestion > ; > ; Trusted users from sip.conf who are able to fully use the phone. > [trusted] > include => stations > include => directdial > ; > ; Normal users from sip.conf who are able to make local calls only. > [normal] > include => stations > include => local > ; > ; Public area for people who are only allowed to make calls to other extensions > [public] > include => stations > ; > ; When someone calls the work line of XXX-XXX-XXXX they are directed through this. > [inbound-work] > exten => s,1,Zapateller(answer|nocallerid) > exten => s,2,Dial(${ROBERT},20) > exten => s,3,Voicemail(u2997) > exten => s,4,Hangup > exten => s,103,Voicemail(b2997) > exten => s,104,Hangup > ; > ; When someone calls the home line of XXX-XXX-XXXX they are directed through this. > [inbound-home] > exten => s,1,Dial(${ROBERT},20) > exten => s,2,Voicemail(u2998) > exten => s,3,Hangup > exten => s,102,Voicemail(b2998) > exten => s,103,Hangup > > Robert---------------End of Original Message-----------------
Robert Mann wrote:> Problem I have is this. outside firewall (extension 2003) can call me > inside firewall (extension 2000) and all is fine. If I call from > inside firewall (extension 2000) to outside firewall (extension 2003) > I hear no ringing and person at other end can pick up and I hear for > maybe a half second then I go to voicemail. If I add another > extension on the outside then communication between outside and > outside through * is not possible at all. I know I can not be the > only one who has tried to do this. Please any help would be greatly > appreciated. >Robert, You need to get Asterisk onto a public IP address.. Using the DMZ function on the router will not work.. If you search the archives you will see that it has been attempted many times.. The reason is not in the IP but in the SIP headers.. they will be sent out from the Asterisk server with the internal IP address of the server, this means that when the SIP UA reads the SIP message and responds it will respond to the incorrect IP address.. So the basic rules where NAT is involved are.. Asterisk server must always be on a public IP address.. SIP UA's can be behind NAT but need "nat=yes", "canreinvite=no" and "qualify=yes" set in the phone configuration in sip.conf.. Hope that helps.. Later..
Robert L Mathews
2003-Nov-03 14:23 UTC
[Asterisk-Users] Asterisk behind LinkSys NAT Routing
At 11/3/03 10:00 AM, Martin Pycko <martinp@digium.com> wrote:>> Is "externip" and new parameter?? > >It's new. It prevents asterisk from putting the private IP in the messages >that asterisk sends with SIP.Does it take an IP address, like "externip=1.2.3.4"? And does it then force the SIP messages for that channel to use the "externip" value instead of the server's local IP address? If so, that's useful; it will help people who know in advance that a certain phone is on one side of a NAT or the other. However, it would be nicer still if it could "fix" the SIP messages only when necessary, using a subnet mask or STUN, as has been proposed. The reason is that hard-coding an IP address to use when communicating with a certain client means you can't have a phone in an office (on the same side of the NAT as Asterisk) during the day, then take the phone home at night (on the other side of the NAT) and have it work without changing sip.conf. -- Robert L Mathews, Tiger Technologies http://www.tigertech.net/
I've been using asterisk-0.5.0. I've been reading about the externip param (it looks like it is only available in the lastest releases). Could someone tell me the version number (or tag) to check out of CVS so I can get this functionality? (And, if its not too much trouble, could someone tell me the cvs command to check it out? I've already checked out the latest release with cvs checkout asterisk but it gives me a segmentation violation as soon as I make an incoming H.323 connection.) My configuration is RedHat 9.0, openh323 1.12.2 pwlib_1.5.2 gnugk-2.0.6 and the 14 Oct 2003 version of ser. Thanks, Bill -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20031103/6e135ca8/attachment.htm
Robert L Mathews
2003-Nov-03 19:05 UTC
[Asterisk-Users] Asterisk behind LinkSys NAT Routing
At 11/3/03 2:41 PM, Martin Pycko <martinp@digium.com> wrote:>It's not for phones, it's for asterisk behind a NAT.My apologies; I'm not making my question clear. I realize this option is for Asterisk behind a NAT, but of course Asterisk uses this parameter to talk to SIP clients (which I referred to, perhaps too specifically, as "phones"), and that's what I meant. In other words, Asterisk might be talking to SIP phones on either side of the NAT. A given SIP phone acting as an extension may be on the same private network as Asterisk, or it may be on the other side of the NAT (out on the public Internet, possibly even behind its own NAT on the other end). Imagine I have both Asterisk and a SIP phone on my local office network using private IP addresses, and I also have a second SIP phone that is in another location, at someone's home office on the public Internet. The "externip=a.b.c.d" doesn't help in this situation, because it forces Asterisk to use the external IP address in all cases, which breaks the functionality for local phones. That is, the new option presumably makes it possible to have *all* your SIP phones on the other side of the NAT from Asterisk, but you can't some phones on both sides. (Indeed, I just tried it, and using "externip=something" prevents SIP phones on the same private network as Asterisk from working.) In Bug ID 0000104, a patch was suggested that takes the netmask into effect and makes the right decision for phones on either side of the NAT. However, the code that was added for "externip" in the current CVS isn't that patch; it's just a way of giving me a choice of having SIP phones on the outside of the NAT working, or having SIP phones on the inside of the NAT working, but not both at the same time. I guess I'm curious why the hard-coded global option was used, because it doesn't really solve the problem in the general case. The whole trouble with NAT is that Asterisk may need to use a different IP address depending on the IP address of the SIP client it's communicating with, and that address needs to be determined on the fly. In a perfect word, this would all be handled by magic so it required no configuration (e.g., STUN), but the patch in 0000104 would at least allow phones on both sides of the NAT to work with a small amount of configuration, which isn't possible now with the CVS code. Thanks again for the hard work you're putting in to Asterisk! -- Robert L Mathews, Tiger Technologies http://www.tigertech.net/
Robert L Mathews
2003-Nov-04 00:00 UTC
[Asterisk-Users] Asterisk behind LinkSys NAT Routing
At 11/3/03 6:57 PM, Anthony Wood <woody+asterisk@switchonline.com.au> wrote:>Internals can use the IP address of the NAT box as the Asterisk Server >IP and then it should work.This doesn't work on my NAT box, unfortunately. Devices behind the NAT can't connect to the public IP address and talk to other devices behind the NAT. Don't know why (cheapo NAT box, most likely; it's part of my DSL modem), but I believe this situation is fairly common. -- Robert L Mathews, Tiger Technologies http://www.tigertech.net/