asterisk users - Jul 2017 - [asterisk13] Multiple transport objects of same protocol in pjsip.conf

Scenario:

Our Asterisk 13 PBX (on network 192.168.254.0/24, bound to 192.168.254.1:5060)
is behind
a NAT, acting as a client to our ITSPs SIP server. But also, this Asterisk is
server for
various VoIP telephones. 

Acoording to Asterisk's wiki, the transport section of pjsip.conf is
configured as
follows:

; Transport via UDP
[transport-nat-udp]
type=                           transport
protocol=                       udp
local_net=                      192.168.254.0/24
local_net=                      127.0.0.1/32
bind=                           192.168.254.1:5060
external_media_address=         ddns.gdr
external_signaling_address=     ddns.gdr

The VoIP phones are also residing on network 192.168.254.0/24, bu they are
separated and
strictly prohibited by firewall rules to act with the outer net. The Asterisk
PBX is
acting as the transition point between our VoIP phones and the ITSPs SIP server.

So, my understanding is that for NAT, the transport is recommended to be
configured as
shown above. But what is about the transport with the phones "inside"?

I'm new to Asterisk, and from the "naiv" understanding of what I
extracted from the
sparse documentation on that subject, for each endpoint associated with a phone,
I need
transport. The protocol used by the phones is UDP, but no NAT. So, I did create
a new
transport section, like

[transport-udp]
type=                           transport
protocol=                       udp
bind=                           0.0.0.0

This results immediately in an error due to the bind= attribute. Asterisk bails
out at
havind the address already in use. In fact, it is the trunk/endpoint consuming
the
192.168.254.1:5060, and since the VoIP phones are all in 192.168.254.0/24, this
results
obviously in an error. This is surprising me :-(

How to deal with this without adding more network complexity like routing (by
putting the
phones into a subnet or other network)?

Kind regards,

oh
-- 
O. Hartmann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20170729/bb0b3798/attachment.pgp>

On Sat, Jul 29, 2017, at 02:55 PM, O. Hartmann wrote:
> Scenario:
> 
> Our Asterisk 13 PBX (on network 192.168.254.0/24, bound to
> 192.168.254.1:5060) is behind
> a NAT, acting as a client to our ITSPs SIP server. But also, this
> Asterisk is server for
> various VoIP telephones. 
> 
> Acoording to Asterisk's wiki, the transport section of pjsip.conf is
> configured as
> follows:
> 
> ; Transport via UDP
> [transport-nat-udp]
> type=                           transport
> protocol=                       udp
> local_net=                      192.168.254.0/24
> local_net=                      127.0.0.1/32
> bind=                           192.168.254.1:5060
> external_media_address=         ddns.gdr
> external_signaling_address=     ddns.gdr
<snip>

You should only need this single transport as it will get used by
everything. Only when contacting external things will the external
values be used instead. This is determined based on the "local_net"
values you've provided.

-- 
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
Check us out at: www.digium.com & www.asterisk.org

On Saturday 29 July 2017 at 19:03:55, Joshua Colp wrote:
> On Sat, Jul 29, 2017, at 02:55 PM, O. Hartmann wrote:
> > Scenario:
> > 
> > Our Asterisk 13 PBX (on network 192.168.254.0/24, bound to
> > 192.168.254.1:5060) is behind
> > a NAT, acting as a client to our ITSPs SIP server. But also, this
> > Asterisk is server for
> > various VoIP telephones.
> > 
> > Acoording to Asterisk's wiki, the transport section of pjsip.conf
is
> > configured as
> > follows:
> > 
> > ; Transport via UDP
> > [transport-nat-udp]
> > type=                           transport
> > protocol=                       udp
> > local_net=                      192.168.254.0/24
> > local_net=                      127.0.0.1/32
> > bind=                           192.168.254.1:5060
> > external_media_address=         ddns.gdr
> > external_signaling_address=     ddns.gdr
> 
> <snip>
> 
> You should only need this single transport as it will get used by
> everything. Only when contacting external things will the external
> values be used instead. This is determined based on the
"local_net"
> values you've provided.
Also, setting a transport to expect NAT, when in fact there isn't any,
won't
cause problems.

Telling Asterisk to expect NAT simply means that it pays attention to where 
the packets come from, not what addresses they contain inside them.

If you have no NAT, these two addresses are the same, so no harm done.


Antony.

-- 
Bill Gates has personally assured the Spanish Academy that he will never allow 
the upside-down question mark to disappear from Microsoft word-processing 
programs, which must be reassuring for millions of Spanish-speaking people, 
though just a piddling afterthought as far as he's concerned.

 - Lynne Truss, "Eats, Shoots and Leaves"

                                                   Please reply to the list;
                                                         please *don't* CC
me.