Hi all, My Asterisk problem today involves getting a SIP client on a private net to register with a server somewhere else on the Internet. This worked for me about a year ago no problem, but now I see an error message on the remote server every time the client attempts to connect (the server is running Debian lenny with Asterisk 1:1.4.21.2~dfsg-3). Here's an example: [Nov 11 14:29:47] WARNING[6365]: chan_sip.c:1787 __sip_xmit: sip_xmit of 0xb63d5694 (len 444) to 192.168.8.30:5060 returned -1: Operation not permitted "192.168.8.30"? At first I thought maybe the local NAT (iptables SNAT) wasn't doing its job properly, but it seems fine for the rest. Also, the same client, going through the same NAT, has no problem connecting to my ISP's SIP server. Then I thought it might be the SIP client (a Siemens Gigaset S675IP phone), but I get exactly the same problem when using an old analog phone with a Linksys SPA-3000 instead. Has anyone encountered this problem before? If so, what caused it and what solved it? Thanks, Jaap
On 12/11/09 9:04 AM, Jaap Winius wrote:> Hi all, > > My Asterisk problem today involves getting a SIP client on a private > net to register with a server somewhere else on the Internet. This > worked for me about a year ago no problem, but now I see an error > message on the remote server every time the client attempts to connect > (the server is running Debian lenny with Asterisk 1:1.4.21.2~dfsg-3). > Here's an example: > > [Nov 11 14:29:47] WARNING[6365]: chan_sip.c:1787 __sip_xmit: sip_xmit > of 0xb63d5694 (len 444) to 192.168.8.30:5060 returned -1: Operation > not permitted > > "192.168.8.30"? At first I thought maybe the local NAT (iptables SNAT) > wasn't doing its job properly, but it seems fine for the rest. Also, > the same client, going through the same NAT, has no problem connecting > to my ISP's SIP server. Then I thought it might be the SIP client (a > Siemens Gigaset S675IP phone), but I get exactly the same problem when > using an old analog phone with a Linksys SPA-3000 instead. > > Has anyone encountered this problem before? If so, what caused it and > what solved it?Are you binding to an address that the box doesn't own? Check the top of sip.conf. -- Cheers, Matt Riddell Director _______________________________________________ http://www.venturevoip.com/news.php (Daily Asterisk News) http://www.venturevoip.com/st.php (SmoothTorque Predictive Dialer) http://www.venturevoip.com/c3.php (ConduIT3 PABX Systems)
> It's set to bind to 0.0.0.0, which IIRC is nothing strange. > > The question remains: how can a remote Asterisk server be receiving > SIP packets that still contain the private net IP address of a client?It sounds to me as if the client hasn't been told to use its gateway's public IP address in the SIP conversation, and as if the client isn't sending its outbound packets through a gateway/NAT which is SIP-aware and can rewrite the SIP data accordingly. There are several approaches which can work: - The gateway is properly configured to forward its external ports to the client, and the client is manually configured to use the gateway's external IP address in its SIP protocol exchanges. - The gateway does port forwarding and NAT properly, and is also SIP-aware - it intercepts and rewrites the contents of the outbound SIP packets, changing the IP address and port given by the client to its own IP address and whatever external port it has NAT'ed / redirected to the client. - The gateway does port forwarding and NAT properly, and the client is configured to use STUN to figure out what public IP address/port its packets are being NAT'ed to. - The client doesn't talk directly to the outside peers, but goes through a SIP proxy running on the gateway. In your case, it sounds as if the client and gateway aren't doing one of these things. As a result, the client's SIP protocol packets still contain its private-net IP and port, at the time they reach the remote server.