Hi Ray, I was wondering if the "qualify" option is used [in sip.conf] to keep a connection (from the SIP phone inside the firewall to the Asterisk server outside the firewall) open then would the firewall not allow two way communication without incoming port mapping/NAT (providing that the SIP phone started "talking" first)? I'm not sure about that - I'm being hopeful though :) STUN would be very acceptable to me if it worked though ;) Derek razza wrote:>Derek, >I'm not an expert in these area's hence the offer to play, but in answer >to your questions to the best of my ability - > >1. I don't see any reason the outbound proxy cant be in the public >domain although this is where the NAT issues start kicking in >(especially if you want incoming calls), depending on the number of >clients behind the firewall you would have to do lots of port mapping >etc. on the router/firewall, could be done but would be painful. >2. Never played with a STUN server, sorry just another point to break in >the chain? > > >_______________________________________________ >Ray > >_______________________________________________ > > >-----Original Message----- >From: Derek Conniffe [mailto:derek@rivertower.ie] >Sent: 13 September 2005 17:50 >To: Asterisk Users Mailing List - Non-Commercial Discussion; >rjames31@btopenworld.com >Subject: Re: [Asterisk-Users] Nat & Sip & Pain > > >Hi Ray, > >It would be great to find a solution which doesn't need modification of >the firewall setup (like if it was a customers firewall rather than your > >own). > >There is two things I'm wondering about: - > >1) Can a "Outbound SIP Proxy" be a server out on the Internet (i.e. not >in the local network this side of the NAT) and does that provide a way >to make the SIP via NAT work? * > > >2) Is STUN a workable solution. There is no problem running a STUN >server but can the far side of the STUN connection (Internet) talk with >Asterisk and is this a way to make the SIP via NAT work? ** > >* I would have thought that an "Outbound Proxy" would need to be inside >on the local network (a bastion host rather like a squid server for >HTTP) but then I read the FWD documentation about setting the Outbound >Proxy for a budgetone to make it work with NAT and their server - the >Outbound Proxy they specified was out there on the Internet. > >** I've read that Asterisk doesn't currently have STUN support but I'm >not sure what that means exactly: I'm not sure if that means "Asterisk >doesn't have an STUN server built-in" or if it means "Asterisk is not >compatible with an STUN server". > >Thanks, > >Derek > > > >razza wrote: > > > >>Derek, >>You said - >>Needless to say when I don't have any NAT settings on the SIP phone I >>don't get any registration with the * server (this confuses me too - >> >> >I'm > > >>not sure why I only get registration when I set the * server to be the >>outbound proxy? Maybe its because the SIP phone sends its local IP in >>the RTP packets?). >> >>SIP is not NAT friendly (unlike IAX) and yes your device will try to >>send its local IP (in SIP packets), unless in the case of a budgetone >>phone you set the 'Use NAT IP' to your external IP addr. You will also >>have to NAT the public ip for the SIP port (5060?) and RTP ports >>(whatever) to your phones private IP. >> >>Must admit not tried it myself, but happy to jointly experiment if you >>like? >> >>_______________________________________________ >>Ray >> >>_______________________________________________ >> >> >>-----Original Message----- >>From: asterisk-users-bounces@lists.digium.com >>[mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Derek >>Conniffe >>Sent: 13 September 2005 12:44 >>To: Asterisk Users Mailing List - Non-Commercial Discussion >>Subject: [Asterisk-Users] Nat & Sip & Pain >> >> >>Hi everyone, >> >>I decided to have a look at SIP & NAT again and I've been at it for a >>[quite a] few hours but typically nothing is working for me. Actually >>I'm not sure if SIP and NAT can ever work but some emails on this list >>do suggest that someone has got it working, once, maybe. >> >>I'm experimenting with a ZyXEL 2000W [WiFi Sip phone] which supports >>"Outbound Proxy", "STUN" and "Fake WAN Address on SIP and RTP". I'm >>using Netfilter (IPTables) on Linux as the Firewall at NAT gateway to >>the Internet. >> >>I'm lacking knowledge in UDP, RTP and SIP - which doesn't help of >>course. >> >>In my experiments the only thing that seems to allow me to make a call >>is to enter the [public Internet] IP address of my * server into the >>"Outbound Proxy" setting in the SIP phone - then it registers and I can >> >> > > > >>make a call but no audio, either direction, is heard. >> >>I would have thought that the "Outbound Proxy" should be inside the NAT >>gateway but then I read the settings for a Budgetone BEHIND nat on the >>FWD webpage >>(http://www.freeworlddialup.com/support/configuration_guide/configure_y >> >> >o > > >>ur_fwd_certified_phone/grandstream_budgetone/outbound_proxy) >>where they suggest that the Outbound Proxy should be an external >>Internet public proxy server ? >> >>Then I was reading about STUN and what a nice sounding solution it is - >>so I downloaded and installed the Vivida STUN server - compilation & >>installation was nice and easy and I set the STUN primary IP address & >>port into the SIP phones STUN servers settings. I could see that the >>SIP phone communicated with the STUN server (lots of stuff about >> >> >mapping > > >>between my local NAT gateway's public IP address and the secondary IP >>address of the STUN server)... but no registration or [apparent] >>communication with the * server. >> >>I didn't try to do anything with the "Fake WAN address.." settings or >>try to redirect incoming UDP ports from the firewall to the SIP phone >>because I'm trying to see if its possible to setup a deploy-anywhere >> >> >SIP > > >>phone solution. >> >>Needless to say when I don't have any NAT settings on the SIP phone I >>don't get any registration with the * server (this confuses me too - >> >> >I'm > > >>not sure why I only get registration when I set the * server to be the >>outbound proxy? Maybe its because the SIP phone sends its local IP in >>the RTP packets?). >> >>Does anyone know how to get NAT & SIP working where the SIP phone is >>behind a NAT server talking to a publicly accessible * server? >> >>Thanks for any help! >> >>When I run FWD's "netcheck" on my local PC (also behind the NAT) I get: >>Internet Connection: Connected, Direct/NAT: Using NAT, NAT type: Port >>Restricted Nat, NAT UPnP enabled: No, Local IP Address: 192.168.5.10, >>WAN IP Address: XXX.XXX.XXX.XXX (public IP address), Port 5060: >> >> >Blocked, > > >>port 5082: Blocked. >> >> >>[Maybe] useful Links that I've found on my Nat & SIP travels:- >> >>http://www.voip-info.org/wiki-Asterisk+SIP+NAT+solutions >>------------------------------------------------------------- >>Here VOIP INFO claim that "Asterisk as a SIP server outside nat, >>clients >> >>on the inside connecting to Asterisk" is "solved" with "with nat >><tiki-index.php?page=Asterisk+sip+nat>=yes and qualify >><tiki-index.php?page=Asterisk+sip+qualify>=xxx in sip.conf >><tiki-index.php?page=Asterisk+config+sip.conf> for the client in most >>cases. Some clients (X-lite) assist themselves by using STUN >><tiki-index.php?page=STUN> and sending UDP keep-alive packets. Qualify >><tiki-index.php?page=Asterisk+sip+qualify> sends keep-alive packets >> >> >from > > >>Asterisk to the client on the inside." - however I can't get it to work >> >>http://www.asteriskguru.com/tutorials/sip_nat_oneway_or_no_audio_asteri >>s >>k.html >>----------------------------------------------------------------------- >> >> >- > > >>----------- >>Here there is some detail about the NAT= option in sip.conf and >> >> >firewall > > >>NAT types plus some understandable diagrams of why SIP & NAT is so much >>bother. >> >>http://www.voip-info.org/wiki-STUN >>-------------------------------------- >>The VOIP INFO page about STUN - I don't think I learned much here - >>except the link to the Vovida STUN server software >> >>Asterisk Users - Email from wehr@japet.com - 02/July/2005 23:49 >>-------------------------------------------------------------------- >>Thierry claims that you need to put special MASQUERADE POSTROUTING >>rules >> >>into iptables to make it NAT UDP properly - tried it but didn't work >>for me >> >>Asterisk Users - Email from p_kami@yahoo.com - 16/Aug/2005 10:29 >>----------------------------------------------------------------------- >>- >>Kamran Ahmad sounds like someone who [might have] had SIP & NAT working >> >> > > > >>- until it wasn't working.... >> >> >> >>BTW My Current SIP sip.conf entry that I'm using for testing (which >>doesn't work of course!): - >>[0035314401789] >>context=PublicSip >>type=friend >>port=5060 >>username=0035314401789 >>password=XXXXXXXX >>callerId=0035314401789 >>nat=route ; assume a NAT connection (note: route >> >> > > > >>doesn't seem to make any difference compared to "yes") >>qualify=yes ; keep-alive packets to keep NAT SIP >> >> >open > > >>insecure=yes ; insecure and auth don't seem to >>make things work any better/worse! >>auth=plaintext ; >>host=dynamic ; and with a dynamic IP address >>canreinvite=no ; always keep asterisk in the media >> >> >path > > >>;dtmfmode=info ; could be inband ? >>dtmfmode=rfc2833 ; could be inband ? but doesn't matter >> >> >- > > >>still NAT & SIP isn't working >>mailbox=10000@default >>disallow=all >>;allow=ilbc >>;allow=ulaw >>allow=g729 >>;allow=ulaw >>;allow=all >> >> >> >> >> >> > > > >-- Derek Conniffe Rivertower Ltd Ireland: (Freephone) 1800 719 400 Ireland: (Local) 01 244 9719 United Kingdom: 0870 068 2368 International: 00 353 1 244 9719 Derek Conniffe DDI: 01 201 0146 (International: 00 353 1 201 0146) Derek Conniffe Mobile: 086 856 3823 (International: 00 353 86 856 3823) Fax: 01 201 0085 (International: 00 353 1 201 0085) Email: Derek@rivertower.ie Web: http://www.rivertowerhosting.com -------------- next part -------------- A non-text attachment was scrubbed... Name: derek.vcf Type: text/x-vcard Size: 487 bytes Desc: not available Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20050913/d2dc595e/derek.vcf
Zeeshan
2005-Sep-14 04:54 UTC
[Asterisk-Users] Sipura Registration time out, no incoming calls
Hi everybody, My Sipura device registers on an Asterisk server and works fine. Its default registration time out value is 3600s. But I've noticed that once in a while it stops receiving calls but dial out works fine. To solve this problem I've to change registration time out value to 10s. Why is it like that, why doesn't everything work fine with timeout value of 3600s? Zeeshan A Zakaria