Voxilla VoIP Forum

korstad · #1 (**permalink**) March 14th, 2007, 07:24 PM

Bear with me…

I have an Asterisk 1.4 server running on my linux firewall with two interfaces. One is public routable and one is on a 10 net, specifically 10.0.0.254.

I have defined my external routable, externip and my localnet=10.0.0.0/255.0.0.0 in the sip.conf

My internal sip user is 10.0.0.4 using a Linksys pap2t-NA.

I have a Linksys wip330 wifi voip phone.

I can make calls between the phones when they are both on the internal 10 net.

When I travel with the wip330 phone and use it from outside the internal network I have issues and yes, I have nat=yes.

I can use my wip330 and it will register with my distant asterisk server. Since I have nat=yes in the wip330 asterisk config, my asterisk server will ignores the IP address in the SIP invitation and instead checks the IP address of where the message came from. Which is a good thing if I am given a private address at my hotel hot spot. So that work fine, I can call the asterisk server, check voice mail and make external calls using the trunks I have configured on the asterisk server. So I have no problems with the wip330 to the asterisk server, NAT or no NAT.

Things fall apart when I try to call an internal user (the pap2t 10.0.0.4) while I am traveling. If I am at a hotel or hotspot that gives me a routable IP all is good and it works. However if I am given a private IP, it does not work. The internal pap2t sees the private IP address I am given at the distant hotel and tries to talk back to it but it fails since it is not a routable IP.

This phone (wip330) does not support STUN. Do I have any other options?

Below is a tcpdump of my internal Linksys pap2t (10.0.0.4) trying to talk to my distant wip330 at a remote hotspot that only gives out private IP address. The wip330 can get the traffic to the pap2t but the pap2t can not return since is only sees the private IP address from the distant hotspot. Not good.

10.0.0.4-internal linksys pap2t
10.0.0.254- Asterisk server
192.168.1.124 – my distant wip330 and the private ip provide at the hotspot

tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes12:24:37.215320
arp who-has 10.0.0.4 tell 10.0.0.25412:24:37.215931
arp reply 10.0.0.4 is-at 00:18:f8:02:30:8712:24:37.215944
IP 10.0.0.254.5060 > 10.0.0.4.5060: UDP, length 87412:24:37.228094
IP 10.0.0.4.5060 > 10.0.0.254.5060: UDP, length 29212:24:37.240872
IP 10.0.0.4.5060 > 10.0.0.254.5060: UDP, length 31612:24:44.303336
IP 10.0.0.4.5060 > 10.0.0.254.5060: UDP, length 75112:24:44.303609
IP 10.0.0.254.5060 > 10.0.0.4.5060: UDP, length 37712:24:44.304104
IP 10.0.0.254.5060 > 10.0.0.4.5060: UDP, length 81912:24:44.328879
IP 10.0.0.4.5060 > 10.0.0.254.5060: UDP, length 68412:24:44.329114
IP 10.0.0.254.5060 > 10.0.0.4.5060: UDP, length 37712:24:44.338025
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.357177
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.376149
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.397537
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.416515
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.437958
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.457048
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.475993
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.497409
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.516445
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.537836
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.556819
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.575936
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.579667
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.587193
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.590603
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.596656
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.597673
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.616312
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.637721
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.656694
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.678067
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.697238
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.698859
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.704767
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.712778
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.716180
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.717019
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.720752
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.728772
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.733295
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.737613
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.756564
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.762903
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.770875
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.778061
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.797473
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.816400
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.837815
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.856793
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.870599
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.874495
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.878128
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.880538
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.887037
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.893070
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.897311
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.916273
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.923206
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.923391
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.930604
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.937678
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.948667
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.956659
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.969217
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:44.978096
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:44.997210
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.018435
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.037561
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.056520
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.068886
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:45.077306
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:45.078301
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.082321
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:45.086818
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:45.092805
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:45.097057
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.098871
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:45.118172
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.124959
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:45.130850
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:45.137428
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.156396
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.177795
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.196759
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.218096
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.221133
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:45.227010
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:45.231057
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:45.237085
IP 10.0.0.254.10568 > 10.0.0.4.16436: UDP, length 17212:24:45.237304
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.256259
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.277667
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.296634
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.318054
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.337198
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.358433
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.377554
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.396503
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.417647
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.436628
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.458120
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.477244
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.496202
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.517642
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.536575
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.557993
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.577122
IP 10.0.0.4.16436 > 192.168.1.124.10270: UDP, length 17212:24:45.596066

korstad · #2 (**permalink**) March 14th, 2007, 07:41 PM

Replying to my own post,

Looking it the conversations some more;

It appears the when I first make the call from my wip330, the asterisk server talks to the internal pap2t (whom I am calling) and tells the pap2t or forwards the invite from my wip330 to the internal pap2t but leaves the remote nat address in the invite instead of replacing it with IP address I came from.

Below is my wip330 config;

[1004]
fullname = wip330
secret = xxxxxx
email = xxxxxx
cid_number = 1004
zapchan =
context = numberplan-custom-1
hasvoicemail = yes
hasdirectory = yes
hassip = yes
hasmanager = no
callwaiting = yes
threewaycalling = yes
mailbox = 1004
hasagent = yes
group =
host = dynamic
registersip = yes
allow = g729
allow = ulaw
allow = alaw
allow = gsm
dtmfmode = auto
nat = yes

korstad · #3 (**permalink**) March 14th, 2007, 09:40 PM

Here I go replying to my post again but with a solution for others this time.

Many probably already knew, the key is;

canreinvite=no

add it to one or both clients.

If the clients are compatible (codecs and such), Asterisk sends a new SIP INVITE to both of the phones, redirecting the media streams for the current calls to each other. This is called a Re-INVITE, an INVITE where we change media for an existing SIP dialog, not trying to start a new call.

This is fine if all phones are compatible and we have the network configured so that they can talk full duplex to each other. It also saves resources on the Asterisk server as it takes itself out of the picture and just lets the devices pass traffic among themselves. With NAT, they can't and was the problem I was running into.

I needed to set canreinvite=no to make sure Asterisk doesn't even try to re-INVITE.

This keeps my server in the picture and acts as a proxy between them. I don't have a massive user base and this is fine for me.

It is working great now.

User Name		Remember Me?
Password
No account yet? Create one
Forgot your Username or Password?

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Similar Threads for: Asterisk NAT issues between two private networks
Thread	Thread Starter	Forum	Replies	Last Post
asterisk on a VPS virtual private server	boxcar	General VoIP Discussion	1	August 16th, 2006 12:45 PM
Asterisk inside NAT Pap2 inside a different NAT	ygator	Asterisk Support Forum	2	July 11th, 2006 08:16 PM
Asterisk <--> NAT <-> Internet <-> NAT <	syscon	Asterisk Support Forum	1	May 8th, 2006 09:47 AM
nat issues with asterisk@home	hanksmith	Asterisk Support Forum	8	June 2nd, 2005 12:05 AM
Asterisk + FWD not working behind NAT	thameema	Asterisk Support Forum	7	March 4th, 2005 07:39 PM

Voxilla VoIP Forum

Asterisk NAT issues between two private networks