[asterisk-bugs] [Asterisk 0018757]: SIP RTP with 2 UA and Asterisk all NATTED through a stateful (but not SIP aware) firewall
Asterisk Bug Tracker
noreply at bugs.digium.com
Sun Feb 6 08:38:37 CST 2011
The following issue has been SUBMITTED.
======================================================================
https://issues.asterisk.org/view.php?id=18757
======================================================================
Reported By: dercol
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 18757
Category: Core/RTP
Reproducibility: always
Severity: feature
Priority: normal
Status: new
Asterisk Version: 1.8.2.3
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2011-02-06 08:38 CST
Last Modified: 2011-02-06 08:38 CST
======================================================================
Summary: SIP RTP with 2 UA and Asterisk all NATTED through a
stateful (but not SIP aware) firewall
Description:
The situation I'm going to describe is a situation where 2 user agent are
natted between a nat firewall, and Asterisk is also natted. canreinvite=no
so the media stream is handled by asterisk. Asterisk is 1.8.2.1
B is one User Agent
C is the other
A is Asterisk
B and C are registered to the asterisk with they public IP via STUN
server
B call C via the asterisk box.
So on the port 5060 UDP, B send an INVITE to the asterisk (A) BOX with
indication of the udp ports for the RTP stream of the UA (B), asterisk
rings the endpoint C (the endpoint C is reacheable if the firewall that is
natting endpoint C know about an active session on port 5060 between
endpoint C and Asterisk A)
When endpoint C answer, Asterisk try to start a RTP media session from
Asterisk to endpoint B (with parameters included in the INVITE from
endpoint B).
The issue is that firewall doesn't know anything about the new session
starting from A to B because from the firewall point of view is a new
session coming from outside to the inside so it simply disallow it. The
only manner Asterisk (A) can instance an RTP stream to endpoint B is that
endpoint B firstly starts an RTP session to Asterisk, so UDP packets
flowing from Asterisk to B are recognized by the firewall as RELATED to a
request from the SIP UA endpoint.
The question is:
How it is possible to tell asterisk not to start the RTP connection to the
B endpoint? (and even to the A endpoint that suffer for the same issue) but
to force User agents to start the communication?
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
2011-02-06 08:38 dercol New Issue
2011-02-06 08:38 dercol Asterisk Version => 1.8.2.3
2011-02-06 08:38 dercol Regression => No
2011-02-06 08:38 dercol SVN Branch (only for SVN checkouts, not tarball
releases) => N/A
======================================================================
More information about the asterisk-bugs
mailing list