thr3ads.net - asterisk users - [Asterisk-Users] SIP UA behind NAT and REINVITE ??? [Apr 2005]

If this information is useful, please help other people find it:
Share via:

William M. Sandiford

2005-Apr-07 12:57 UTC

[Asterisk-Users] SIP UA behind NAT and REINVITE ???

Hello:
 
I've read through the list archives and found tonnes of threads on this
topic but there has been no definitive answer, so hopefully someone can give me
one.
 
Can a proper 2-way audio call be established when the UA is behind a NAT
firewall and REINVITE is enabled?
 
Original Call Made
SIP UA 1<--> NAT FIREWALL <---> Asterisk <--> SIP UA 2
 
Then REINVITE occurs and
SIP UA 1<--> NAT FIREWALL <------------------------> SIP UA 2
 
Is this possible?
 
Will using a STUN server help this at all?
 
I have tried and tried and tried to get this working but with no luck (well, I
can get it to work with canreinvite=no, but thats not what I want.  I want * out
of the audio path)
 
I have even tried putting the private IP of SIP UA 1 in the DMZ of the NAT
Firewall and still no luck.
 
Any Suggestions???
 
Bill

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.4 - Release Date: 4/6/2005
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20050407/2ae9d7d0/attachment.htm

Martijn van Oosterhout

2005-Apr-08 03:18 UTC

head link

[Asterisk-Users] SIP UA behind NAT and REINVITE ???

On Thu, Apr 07, 2005 at 03:57:11PM -0400, William M. Sandiford
wrote:> Hello:
>  
> I've read through the list archives and found tonnes of threads on this
topic but there has been no definitive answer, so hopefully someone can give me
one.
>  
> Can a proper 2-way audio call be established when the UA is behind a NAT
firewall and REINVITE is enabled?
>  
> Original Call Made
> SIP UA 1<--> NAT FIREWALL <---> Asterisk <--> SIP UA 2
>  
> Then REINVITE occurs and
> SIP UA 1<--> NAT FIREWALL <------------------------> SIP UA 2
Possible, yes. Whether it works depends on the firewall. Your problem
is that UA2 is sending directly to the firewall and the firewall will
block it because it knows nothing about UA2. Or not, if it supports
partial matching on UDP ports. In theory a packet of UA1 to UA2 should
open the back channel, except you run the risk of the firewall
assigning a new port number, thus breaking everything.

This is a problem uPNP was supposed to solve, the client can request an
externally visible port on the router. Never seen any client that does
this though.

If you only have one UA you can get around it with port forwarding on
the firewall... But you need to know in advance what ports SIP is going
to use...
> I have tried and tried and tried to get this working but with no luck
> (well, I can get it to work with canreinvite=no, but thats not what I
> want.  I want * out of the audio path)
Good luck!

-- 
Martijn van Oosterhout
Ecomtel Pty Ltd

Cameron Beattie

2005-Apr-11 02:12 UTC

head link

[Asterisk-Users] SIP UA behind NAT and REINVITE ???

MessageMy understanding (by no means definitive): 
You need a solution to the NAT problem for the audio stream. STUN will help with
non symmetric NAT but not with symmetric NAT so it's not a complete
solution. If you have UAs behind symmetric NAT you will need Asterisk or an RTP
proxy in the middle of the call.

Regards

Cameron
  ----- Original Message ----- 
  From: William M. Sandiford 
  To: asterisk-users@lists.digium.com 
  Sent: Friday, April 08, 2005 7:57 AM
  Subject: [Asterisk-Users] SIP UA behind NAT and REINVITE ???


  Hello:

  I've read through the list archives and found tonnes of threads on this
topic but there has been no definitive answer, so hopefully someone can give me
one.

  Can a proper 2-way audio call be established when the UA is behind a NAT
firewall and REINVITE is enabled?

  Original Call Made
  SIP UA 1<--> NAT FIREWALL <---> Asterisk <--> SIP UA 2

  Then REINVITE occurs and
  SIP UA 1<--> NAT FIREWALL <------------------------> SIP UA 2

  Is this possible?

  Will using a STUN server help this at all?

  I have tried and tried and tried to get this working but with no luck (well, I
can get it to work with canreinvite=no, but thats not what I want.  I want * out
of the audio path)

  I have even tried putting the private IP of SIP UA 1 in the DMZ of the NAT
Firewall and still no luck.

  Any Suggestions???

  Bill


  --
  No virus found in this outgoing message.
  Checked by AVG Anti-Virus.
  Version: 7.0.308 / Virus Database: 266.9.4 - Release Date: 4/6/2005




------------------------------------------------------------------------------


  _______________________________________________
  Asterisk-Users mailing list
  Asterisk-Users@lists.digium.com
  http://lists.digium.com/mailman/listinfo/asterisk-users
  To UNSUBSCRIBE or update options visit:
     http://lists.digium.com/mailman/listinfo/asterisk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20050411/29bc24bb/attachment.htm

asterisk users - Apr 2005 - SIP UA behind NAT and REINVITE ???

[Asterisk-Users] SIP UA behind NAT and REINVITE ???

[Asterisk-Users] SIP UA behind NAT and REINVITE ???

[Asterisk-Users] SIP UA behind NAT and REINVITE ???