Albert Culleton
2010-Jun-17 14:21 UTC
[asterisk-users] Asterisk no audio on calls problem.
Hi there, I am trying to setup a configuration that requires me to use SIP and asterisk behind a firewall and over a VPN to a remote office and with some local Phones also. I can't use IAX to my provider because they don't offer it and my handsets ( snom 300 ) also don't support IAX so it's all SIP. The configuration is a follows Asterisk PBX 10.202.17.217/24 ------>| 10/100-Switch |-----> Firewall1 pfsense X.Y.Z.250 -------->ITSP Sip Porvider public internet LocalPhones 10.202.17.1-25/24 -_---->| 10/100-Switch |-----> Firewall2 Watchguard ----->ISP internet Connection <-----Firewall3 | remote office | ----Remote User Phone 192.168.97.74/24 There is a Lan2Lan VPN tunnel between the Firewall2 and the Remote Office Firewall3 I can Ping the remote office phone from the asterisk PBX at all times. Now I have my Sip.conf setup with externip= X.Y.Z.250 [general] port = 5060 bindaddr = 0.0.0.0 context = default allowoverlap=no srvlookup = yes : externip externip = x.y.z.250 localnet=10.202.17.0/255.255.255.0 qualify=yes nat=yes register = xxxxxxx:SipServer/xxxxxxxx limitonpeers=yes allowsubscribe=yes notifyringing=yes notifyhold=yes useclientcode=yes canreinvite=no I have pfsense setup to forward ports 5060 and RTP ports over UDP back to the internal asterisk server. And a firewall rule to allow this traffic from only my ITSP SipServer. I can make a call from any phone on the local phones network to the outside world via the SIP proxy with asterisk in the media stream ( canreinvite=no) I can make a call from the remote user phone to a local phone or to any other phone outside the network but I don't get any audio . If I remove the IP address X.Y.Z.250 from the externip setting then I can call remote phone to local phones fine and get audio perfect, but I can't make any outbound calls from local to outside world via my ITSP. Do I need to setup a STUN server to tell the remote Phones that Asterisk is not on the Public address but rather on the LAN address accessible via the VPN? Or should I put a second Network Adapter in the Asterisk PBX and Setup Iptables on this removing the firewall from the equation ? I could send all users to the Public Address X.Y.Z.250 but I want to limit by IP address what is allowed in on this and the remote user has a dynamic IP address on their internet connection. So I want to leave this to the last resort. Has anyone any suggestions? Thanks Albert -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100617/7b4e0ef4/attachment.htm
Albert Culleton
2010-Jun-23 10:36 UTC
[asterisk-users] Asterisk no audio on calls problem.
I found this link which help me solve this problem On reading SIP.CONF it say we can add additional local nets this seems to solve the problem. ; You may add multiple local networks. A reasonable set of defaults ; are: ;localnet=192.168.0.0/255.255.0.0; All RFC 1918 addresses are local networks ;localnet=10.0.0.0/255.0.0.0 ; Also RFC1918 ;localnet=172.16.0.0/12 ; Another RFC1918 with CIDR notation ;localnet=169.254.0.0/255.255.0.0 ;Zero conf local network Basically I added the following line to my sip.conf localnet=192.168.97.0/255.255.255.0 and then I got 2 way audio. This was such an easy fix when you know how! I hope it helps someone else. Regards Albert From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Albert Culleton Sent: 17 June 2010 15:21 To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [asterisk-users] Asterisk no audio on calls problem. Hi there, I am trying to setup a configuration that requires me to use SIP and asterisk behind a firewall and over a VPN to a remote office and with some local Phones also. I can't use IAX to my provider because they don't offer it and my handsets ( snom 300 ) also don't support IAX so it's all SIP. The configuration is a follows Asterisk PBX 10.202.17.217/24 ------>| 10/100-Switch |-----> Firewall1 pfsense X.Y.Z.250 -------->ITSP Sip Porvider public internet LocalPhones 10.202.17.1-25/24 -_---->| 10/100-Switch |-----> Firewall2 Watchguard ----->ISP internet Connection <-----Firewall3 | remote office | ----Remote User Phone 192.168.97.74/24 There is a Lan2Lan VPN tunnel between the Firewall2 and the Remote Office Firewall3 I can Ping the remote office phone from the asterisk PBX at all times. Now I have my Sip.conf setup with externip= X.Y.Z.250 [general] port = 5060 bindaddr = 0.0.0.0 context = default allowoverlap=no srvlookup = yes : externip externip = x.y.z.250 localnet=10.202.17.0/255.255.255.0 qualify=yes nat=yes register = xxxxxxx:SipServer/xxxxxxxx limitonpeers=yes allowsubscribe=yes notifyringing=yes notifyhold=yes useclientcode=yes canreinvite=no I have pfsense setup to forward ports 5060 and RTP ports over UDP back to the internal asterisk server. And a firewall rule to allow this traffic from only my ITSP SipServer. I can make a call from any phone on the local phones network to the outside world via the SIP proxy with asterisk in the media stream ( canreinvite=no) I can make a call from the remote user phone to a local phone or to any other phone outside the network but I don't get any audio . If I remove the IP address X.Y.Z.250 from the externip setting then I can call remote phone to local phones fine and get audio perfect, but I can't make any outbound calls from local to outside world via my ITSP. Do I need to setup a STUN server to tell the remote Phones that Asterisk is not on the Public address but rather on the LAN address accessible via the VPN? Or should I put a second Network Adapter in the Asterisk PBX and Setup Iptables on this removing the firewall from the equation ? I could send all users to the Public Address X.Y.Z.250 but I want to limit by IP address what is allowed in on this and the remote user has a dynamic IP address on their internet connection. So I want to leave this to the last resort. Has anyone any suggestions? Thanks Albert -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100623/0b07f5ed/attachment.htm