> On 7/09/2021, at 8:30 AM, Marek Greško <mgresko8 at gmail.com> wrote:
>
> Hello,
>
> it is only local nftables with nf_conntrack_sip on the asterisk
> server. Probably a kernel bug? It did not trigger with previous
> providers since they had working SIP ALG. Now I hear no audio in both
> directions because outgoing rtp stream from asterisk goes to private
> address space and incoming stream is blocked. So the outgoing rtp
> could not be learnt to send to nat addess.
>
Maybe a bug but that’s less likely than a config error. Time to debug your
nftables.
> Marek
>
>
> 2021-09-06 22:17 GMT+02:00, Duncan Turnbull <duncan at
turnbull.co.nz>:
>>
>>
>>>> On 7/09/2021, at 3:08 AM, Marek Greško <mgresko8 at
gmail.com> wrote:
>>>
>>> Hello,
>>>
>>> so when debugging RTP in asterisk there was no rtp income from the
>>> remote site. I did check remote nat ip address and it was same as
the
>>> one in the pjsip show aors. So it is not due to ip address change.
It
>>> seems the local firewall sip module does not allow rtp stream to
get
>>> into. It was working previously with the other provider because of
>>> working SIP ALG on their gateways. But now with this provider and
>>> disabled SIP ALG it is not allowed. As I remeber in the past these
>>> setups did work. What are your experiences on this?
>>>
>> You would need to provide a lot more explanation here. What is your
>> firewall? I am assuming you configure it so find the configuration
that’s
>> blocking the ports and change it.
>>
>> My experience as before was that something is blocking rtp, now you
know
>> what that something is and it’s under your control so you need to check
it’s
>> configuration and fix it. I don’t use a sip firewall. If I have
external sip
>> clients I use a proxy.
>>
>>> Thanks
>>>
>>> Marek
>>>
>>>
>>> 2021-09-06 11:50 GMT+02:00, Marek Greško <mgresko8 at
gmail.com>:
>>>> Sorry rtp set debug on showed something. So let try for the
problem to
>>>> arise again.
>>>>
>>>> Marek
>>>>
>>>>
>>>> 2021-09-06 11:48 GMT+02:00, Marek Greško <mgresko8 at
gmail.com>:
>>>>> Hello,
>>>>>
>>>>>>> I would expect that when asterisk is aware of nat,
it does not send
>>>>>>> the rtp until it receives rtp from other side to
learn the port, but
>>>>>>> OK, no problem to accept the behavior.
>>>>>>>
>>>>>> That’s not how things work. You should google how sip
rtp and Nat work
>>>>>> as
>>>>>> it
>>>>>> will help you
>>>>>
>>>>> no problem if it is intended.
>>>>>
>>>>>>>
>>>>>>>> The question is why your asterisk didn't
learn the external address
>>>>>>>> and
>>>>>>>> port from the received rtp packet
>>>>>>>>
>>>>>>>> You can look at your logs with debug to see
what decisions its
>>>>>>>> making.
>>>>>>>> You
>>>>>>>> can see if different rtp ports have different
results.
>>>>>>>> Your phone provider has rtp on 5010
unsuccessfully and 5016
>>>>>>>> successfully.
>>>>>>>> Your asterisk uses rtp 13786 successfully and
fails when using 18892.
>>>>>>>> Is
>>>>>>>> it
>>>>>>>> possible your firewall is blocking port 18892
and so asterisk never
>>>>>>>> sees
>>>>>>>> the returned packet and can't learn from
it?
>>>>>>>
>>>>>>> It is very unprobable. I see no reason for blocking
the port. The
>>>>>>> problem is asterisk never learns the correct port,
so there is nothing
>>>>>>> to block.
>>>>>> It wasn’t what is probable, look at the asterisk logs
and see what it’s
>>>>>> actually doing. If asterisk never sees the reply then
you will know
>>>>>> something is blocking or stealing the port for some
other service
>>>>>
>>>>> If it is stolen port for rtp, the next call would solve it,
since it
>>>>> will use different one, and it does not solve it.
>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> In any event you should put your debug on and
look at your logs in
>>>>>>>> asterisk
>>>>>>>> to see what it sees and why it doesn't
react to the rtp packet, if it
>>>>>>>> gets
>>>>>>>> it
>>>>>>>
>>>>>>> Could you point me how the debug should be
conducted?
>>>>>>
>>>>>> Using the asterisk cli turn on debug for the peer and
rtp and see what
>>>>>> happens. Match it with the asterisk processes. You have
to do this, you
>>>>>> can
>>>>>> look at cli or the log files, follow it through to see
the rtp packet
>>>>>> being
>>>>>> received. Lots of debug advice on google.
>>>>>
>>>>> Asterisk cli did not show anything interesting. I tried
pjsip set
>>>>> logger verbose on, but no logs showed anywhere. What am I
doing wrong?
>>>>>
>>>>> Marek
>>>>>
>>>>>
>>>>>>>
>>>>>>> Is my suspection that the problem could be caused
by nat ip addres
>>>>>>> changing reasonable? How should asterisk handle the
situation?
>>>>>> I can’t see anything to support that. Everything is
looking normal
>>>>>> except
>>>>>> asterisk doesn’t appear to beseeing the rtp packet
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> Marek
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> Have fun, its all good learning.
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Sun, Sep 5, 2021 at 6:27 PM Marek Greško
<mgresko8 at gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> regarding the ipv6, you see nothing about
that it should be some
>>>>>>>>> type
>>>>>>>>> of ipv6 tunnelling, because also MTU is
lower than expected. You
>>>>>>>>> should not see any ipv6 related
communication in the sniff. Phone is
>>>>>>>>> not aware of it.
>>>>>>>>>
>>>>>>>>> The asterisk's static public ip address
is 198.51.100.1.
>>>>>>>>> The remote provider's dynamic nat pool
is 192.0.2.0/24. By provider
>>>>>>>>> we
>>>>>>>>> mean internet provider the remote phones
are behind. We are not
>>>>>>>>> complaining about voip provider, we have no
problem with that. Only
>>>>>>>>> communication between asterisk and remote
phones behind some
>>>>>>>>> internet
>>>>>>>>> provider. This is the only conversation to
look at.
>>>>>>>>> The phone private address is
192.168.100.235.
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>>
>>>>>>>>> Marek
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 2021-09-05 1:11 GMT+02:00, Duncan Turnbull
<duncan at e-simple.co.nz>:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> On 5/09/2021, at 10:21 AM, Marek
Greško <mgresko8 at gmail.com>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hello,
>>>>>>>>>>>
>>>>>>>>>>> could you please answer my previous
question about anonymizing
>>>>>>>>>>> several
>>>>>>>>>>> parameters? I have the data ready,
but will post after answer. I
>>>>>>>>>>> have
>>>>>>>>>>> no clue whether I could disclose
some important data not deleting
>>>>>>>>>>> them.
>>>>>>>>>>>
>>>>>>>>>>> Regarding sdp, the address will be
the internal one, since the
>>>>>>>>>>> phone
>>>>>>>>>>> is behind nat and it is not aware
of the nat. The provider's nat
>>>>>>>>>>> device is configured as dump nat,
no application tweaking is done.
>>>>>>>>>>> So
>>>>>>>>>>> the asterisk will see the lan
address in the sip.
>>>>>>>>>>>
>>>>>>>>>> There are two conversations to look at
>>>>>>>>>> Provider to Asterisk
>>>>>>>>>> Asterisk to Phone
>>>>>>>>>> You need the packet captures of both.
>>>>>>>>>>
>>>>>>>>>> Your statements are mixing them up
>>>>>>>>>>
>>>>>>>>>> I don’t know what you mean by LAN
address, that’s an ambiguous
>>>>>>>>>> term.
>>>>>>>>>> The
>>>>>>>>> ip
>>>>>>>>>> your asterisk receives from the
provider should be the providers
>>>>>>>>> external ip
>>>>>>>>>> or in the sdp the external address of
the media server which may or
>>>>>>>>>> may
>>>>>>>>> not
>>>>>>>>>> be the same device
>>>>>>>>>>
>>>>>>>>>>> In the working scenario it is
sending rtp packets to the internal
>>>>>>>>>>> address which is wrong, but after
receiving cca 5 rtp packets from
>>>>>>>>>>> the
>>>>>>>>>>> phone it somehow discovers correct
nat ip/port and switches to it.
>>>>>>>>>>> In
>>>>>>>>>>> non-working scenario it never
switches and still sends to the lan
>>>>>>>>>>> address. Strange there is no audio,
even one direction. Another
>>>>>>>>>>> strange thing is there are 2 phones
(different vendors) behind the
>>>>>>>>>>> same nat and the problem appearance
on them is independent,
>>>>>>>>>>> sometimes
>>>>>>>>>>> the first has problem, sometimes
the second and sometimes both.
>>>>>>>>>>>
>>>>>>>>>>> The tcpdumps are made on the
asterisk side. I have currently no
>>>>>>>>>>> means
>>>>>>>>>>> of capturing on phone side.
>>>>>>>>>>>
>>>>>>>>>>> Marek
>>>>>>>>>>>
>>>>>>>>>>> 2021-09-04 23:56 GMT+02:00, Antony
Stone
>>>>>>>>>>> <Antony.Stone at
asterisk.open.source.it>:
>>>>>>>>>>>>>> On Saturday 04
September 2021 at 22:13:32, Marek Greško wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hello,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I agree my knowledge of
SIP itself is poor, but I have quite
>>>>>>>>>>>>>> well
>>>>>>>>>>>>>> general tcp/ip
understanding. What sip parameters should be
>>>>>>>>>>>>>> anonymized? How about
tag, branch, call-id, cseq values?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Show us your packet
captures with meaningful addresses (not
>>>>>>>>>>>>> necessarily
>>>>>>>>>>>>> accurate ones, but at least
unambiguous - see my previous
>>>>>>>>>>>>> suggestion
>>>>>>>>>>>>> re
>>>>>>>>>>>>> RFC5737) and we can help
you to understand them and what they
>>>>>>>>>>>>> mean.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Antony.
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Heisenberg, Gödel, and
Chomsky walk in to a bar.
>>>>>>>>>>>>> Heisenberg says,
"Clearly this is a joke, but how can we work
>>>>>>>>>>>>> out
>>>>>>>>>>>>> if
>>>>>>>>>> it's
>>>>>>>>>>>>> funny or not?"
>>>>>>>>>>>>> Gödel replies, "We
can't know that because we're inside the
>>>>>>>>>>>>> joke."
>>>>>>>>>>>>> Chomsky says, "Of
course it's funny. You're just saying it
>>>>>>>>>>>>> wrong."
>>>>>>>>>>>>>
>>>>>>>>>>>>>
Please reply to
>>>>>>>>>>>>> the
>>>>>>>>>>>>> list;
>>>>>>>>>>>>>
please
>>>>>>>>>>>>> *don't*
>>>>>>>>>> CC
>>>>>>>>>>>>> me.
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>>
_____________________________________________________________________
>>>>>>>>>>>>> -- Bandwidth and Colocation
Provided by
>>>>>>>>>>>>> http://www.api-digital.com
>>>>>>>>>>>>> --
>>>>>>>>>>>>>
>>>>>>>>>>>>> Check out the new Asterisk
community forum at:
>>>>>>>>>>>>>
https://community.asterisk.org/
>>>>>>>>>>>>>
>>>>>>>>>>>>> New to Asterisk? Start
here:
>>>>>>>>>>>>>
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>>>>>>>>>>>>
>>>>>>>>>>>>> asterisk-users mailing list
>>>>>>>>>>>>> To UNSUBSCRIBE or update
options visit:
>>>>>>>>>>>>>
http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>>
_____________________________________________________________________
>>>>>>>>>>>> -- Bandwidth and Colocation
Provided by
>>>>>>>>>>>> http://www.api-digital.com
>>>>>>>>>>>> --
>>>>>>>>>>>>
>>>>>>>>>>>> Check out the new Asterisk
community forum at:
>>>>>>>>>>>> https://community.asterisk.org/
>>>>>>>>>>>>
>>>>>>>>>>>> New to Asterisk? Start here:
>>>>>>>>>>>>
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>>>>>>>>>>>
>>>>>>>>>>>> asterisk-users mailing list
>>>>>>>>>>>> To UNSUBSCRIBE or update
options visit:
>>>>>>>>>>>>
http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>>
_____________________________________________________________________
>>>>>>>>>>> -- Bandwidth and Colocation
Provided by http://www.api-digital.com
>>>>>>>>>>> --
>>>>>>>>>>>
>>>>>>>>>>> Check out the new Asterisk
community forum at:
>>>>>>>>>>> https://community.asterisk.org/
>>>>>>>>>>>
>>>>>>>>>>> New to Asterisk? Start here:
>>>>>>>>>>>
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>>>>>>>>>>
>>>>>>>>>>> asterisk-users mailing list
>>>>>>>>>>> To UNSUBSCRIBE or update options
visit:
>>>>>>>>>>>
http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>>
_____________________________________________________________________
>>>>>>>>>> -- Bandwidth and Colocation Provided by
http://www.api-digital.com
>>>>>>>>>> --
>>>>>>>>>>
>>>>>>>>>> Check out the new Asterisk community
forum at:
>>>>>>>>>> https://community.asterisk.org/
>>>>>>>>>>
>>>>>>>>>> New to Asterisk? Start here:
>>>>>>>>>>
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>>>>>>>>>
>>>>>>>>>> asterisk-users mailing list
>>>>>>>>>> To UNSUBSCRIBE or update options visit:
>>>>>>>>>>
http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>>
_____________________________________________________________________
>>>>>>>> -- Bandwidth and Colocation Provided by
http://www.api-digital.com --
>>>>>>>>
>>>>>>>> Check out the new Asterisk community forum at:
>>>>>>>> https://community.asterisk.org/
>>>>>>>>
>>>>>>>> New to Asterisk? Start here:
>>>>>>>>
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>>>>>>>
>>>>>>>> asterisk-users mailing list
>>>>>>>> To UNSUBSCRIBE or update options visit:
>>>>>>>>
http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>>>>
>>>>>>> --
>>>>>>>
_____________________________________________________________________
>>>>>>> -- Bandwidth and Colocation Provided by
http://www.api-digital.com --
>>>>>>>
>>>>>>> Check out the new Asterisk community forum at:
>>>>>>> https://community.asterisk.org/
>>>>>>>
>>>>>>> New to Asterisk? Start here:
>>>>>>>
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>>>>>>
>>>>>>> asterisk-users mailing list
>>>>>>> To UNSUBSCRIBE or update options visit:
>>>>>>>
http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>>
>>>>
>>>
>>> --
>>>
_____________________________________________________________________
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com
--
>>>
>>> Check out the new Asterisk community forum at:
>>> https://community.asterisk.org/
>>>
>>> New to Asterisk? Start here:
>>> https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>>
>>> asterisk-users mailing list
>>> To UNSUBSCRIBE or update options visit:
>>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> Check out the new Asterisk community forum at:
>> https://community.asterisk.org/
>>
>> New to Asterisk? Start here:
>> https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
https://community.asterisk.org/
>
> New to Asterisk? Start here:
> https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users