Eric Lyons
2006-May-01 16:00 UTC
[Asterisk-Users] SPA-1001 behind NAT -- mucho hair pulling
I've got a Sipura SPA-1001 that I'm trying to get working with an Asterisk server that's on the public Internet, while the SPA-1001 is behind NAT. I did the first obvious thing and mapped ports 5060 and 10000 - 30000 to the local IP address of the SPA-1001. Tried numerous proxy settings, have all the NAT settings == yes. Registration seems to be happening; with sip debug on, I see it get an OK and sip show peers shows it on the list. But I can't get a dial tone. It works fine connecting to a local Asterisk box (not traversing NAT). Anyone know the magic trick? My sip.conf looks like: [homesip] type=friend username=homesip secret=<pw> context=fagi ;qualify=yes host=dynamic nat=yes tried qualify both ways. My sip show peers says: telebox*CLI> sip show peers Name/username Host Dyn Nat ACL Port Status homesip/homesip 67.188.35.109 D N 5060 Unmonitored Can't seem to find enough info to get this to work, any help appreciated greatly, Eric.
Damon Estep
2006-May-01 17:30 UTC
[Asterisk-Users] SPA-1001 behind NAT -- mucho hair pulling
Set nat=yes as you have Enable qualify=yes Important - Do a sip reload or asterisk reload (the nat and qualify settings have to be refreshed, at least with realtime and rtcahcefriends). Turn off all NAT traversal features on the SPA2100 If it still does not work - your NAT router may be the issue, make sure that security policy allows ALL outbound traffic from the SPA2100 (no filters). With Linksys, Belkin, and some 3com/USR NAT routers (among others I am sure) you will need to make sure you have recent firmware on them, older firmware (1 year or older in many cases) does not behave well with SIP and NAT. The NAT=yes tells asterisk to use the IP address and port of the connection socket (a form of NAT discovery similar to a STUN server), not what is in the registration message, and the qualify=yes tells asterisk to send periodic SIP OPTIONS queries to keep the NAT timeout from expiring on the NAT router.> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users- > bounces@lists.digium.com] On Behalf Of Eric Lyons > Sent: Monday, May 01, 2006 5:01 PM > To: asterisk-users@lists.digium.com > Subject: [Asterisk-Users] SPA-1001 behind NAT -- mucho hair pulling > > I've got a Sipura SPA-1001 that I'm trying to get working with anAsterisk> server that's on the public Internet, while the SPA-1001 > is behind NAT. I did the first obvious thing and mapped ports 5060and> 10000 - 30000 to the local IP address of the SPA-1001. > Tried numerous proxy settings, have all the NAT settings == yes. > Registration seems to be happening; with sip debug on, I see it > get an OK and sip show peers shows it on the list. But I can't get adial> tone. > > It works fine connecting to a local Asterisk box (not traversing NAT). > > Anyone know the magic trick? My sip.conf looks like: > [homesip] > type=friend > username=homesip > secret=<pw> > context=fagi > ;qualify=yes > host=dynamic > nat=yes > > tried qualify both ways. My sip show peers says: > > telebox*CLI> sip show peers > Name/username Host Dyn Nat ACL Port Status > homesip/homesip 67.188.35.109 D N 5060 > Unmonitored > > Can't seem to find enough info to get this to work, any helpappreciated> greatly, > > Eric. > > > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > Asterisk-Users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users
Damon Estep
2006-May-01 22:14 UTC
[Asterisk-Users] SPA-1001 behind NAT -- mucho hair pulling
My experience is that a stun server does not do anything that nat=yes in asterisk does not do. Asterisk is capable of determining the source port and ip address of a registration, so there is no need for the UA (ATA) to learn this information form a stun server. Keep it simple if possible, the stun server just adds another device to manage and/or worry about being unreachable. -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of billy@kersting.com Sent: Monday, May 01, 2006 9:04 PM To: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: RE: [Asterisk-Users] SPA-1001 behind NAT -- mucho hair pulling You will probably want to set a stun server in the 2100 if behind a nat. You can use stun.fwdnet.net for testing. With that, you probably wont need to port forward & it should work. -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Damon Estep Sent: Monday, May 01, 2006 8:30 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] SPA-1001 behind NAT -- mucho hair pulling Set nat=yes as you have Enable qualify=yes Important - Do a sip reload or asterisk reload (the nat and qualify settings have to be refreshed, at least with realtime and rtcahcefriends). Turn off all NAT traversal features on the SPA2100 If it still does not work - your NAT router may be the issue, make sure that security policy allows ALL outbound traffic from the SPA2100 (no filters). With Linksys, Belkin, and some 3com/USR NAT routers (among others I am sure) you will need to make sure you have recent firmware on them, older firmware (1 year or older in many cases) does not behave well with SIP and NAT. The NAT=yes tells asterisk to use the IP address and port of the connection socket (a form of NAT discovery similar to a STUN server), not what is in the registration message, and the qualify=yes tells asterisk to send periodic SIP OPTIONS queries to keep the NAT timeout from expiring on the NAT router.> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users- > bounces@lists.digium.com] On Behalf Of Eric Lyons > Sent: Monday, May 01, 2006 5:01 PM > To: asterisk-users@lists.digium.com > Subject: [Asterisk-Users] SPA-1001 behind NAT -- mucho hair pulling > > I've got a Sipura SPA-1001 that I'm trying to get working with anAsterisk> server that's on the public Internet, while the SPA-1001 > is behind NAT. I did the first obvious thing and mapped ports 5060and> 10000 - 30000 to the local IP address of the SPA-1001. > Tried numerous proxy settings, have all the NAT settings == yes. > Registration seems to be happening; with sip debug on, I see it > get an OK and sip show peers shows it on the list. But I can't get adial> tone. > > It works fine connecting to a local Asterisk box (not traversing NAT). > > Anyone know the magic trick? My sip.conf looks like: > [homesip] > type=friend > username=homesip > secret=<pw> > context=fagi > ;qualify=yes > host=dynamic > nat=yes > > tried qualify both ways. My sip show peers says: > > telebox*CLI> sip show peers > Name/username Host Dyn Nat ACL Port Status > homesip/homesip 67.188.35.109 D N 5060 > Unmonitored > > Can't seem to find enough info to get this to work, any helpappreciated> greatly, > > Eric. > > > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > Asterisk-Users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users_______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users __________ NOD32 1.1447 (20060316) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users