John Ervin
2010-Dec-25 14:49 UTC
[asterisk-users] Remote VOIP/SIP Phones through two routers
So, assuming your Asterisk box is behind one firewall (Linksys/Tomato Software) and your Wireless SIP phone is behind another firewall (SonicWall 1260 Enhanced). Is there anything special that I have to do to the firewalls. I do have the Asterisk firewall configured to work (ports 5060 & 10001-20000). But I'm not sure about the other end. Do I need STUN at the SIP Phone end? Do I need to make sure that any particular ports are open. Anybody have specific experience with setting a SonicWall up so that local SIP phones will work. The Specific phone is a D-Link DPH-540 (WiFi). But it would be nice to allow more standard SIP phones like the SPA942 etc. Thanks... -- John F. Ervin Central Florida TeleSource http://jervin.com/cft jervin at jervin.com
On Sat, 25 Dec 2010 09:49:29 -0500, John Ervin <jervin at jervin.com> wrote:>So, assuming your Asterisk box is behind one firewall (Linksys/Tomato >Software) and your Wireless SIP phone is behind another firewall >(SonicWall 1260 Enhanced). Is there anything special that I have to do >to the firewalls.If the SonicWall firewall supports STUN, just configure each SIP client to use this to connect to the Asterisk server. In Asterisk, provided the firewall also provides NAT, use the following settings in sip.conf so that Asterisk knows that SIP packets should be rewritten and how: ==========[general] externip=<public IP of Tomato router> ;the LAN where Asterisk lives localnet=192.168.0.0/255.255.255.0 nat=yes ;all RTP packets go through Asterisk canreinvite=no ;template for SIP users [sets](!) type=friend context=my-phones host=dynamic qualify=yes nat=no [1234](sets) secret=mysecret ========== As for the RTP part : - 10001 is wrong, since RTP always starts on even ports, and AFAIK uses two ports (one for sound TX/RX, and one for RTCP) - unless you need to support 500 concurrent conversations, you can trim it down. Make sure the range mapped on the Tomato matches what it says in rtp.conf HTH,