[asterisk-bugs] [JIRA] (ASTERISK-24428) Document that Asterisk will use the default SIP ports (5060 for TCP, 5061 for TLS) if the extern option variants aren't used
sstream (JIRA)
noreply at issues.asterisk.org
Thu Nov 20 18:05:30 CST 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-24428?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
sstream updated ASTERISK-24428:
-------------------------------
Description:
Using Asterisk 11.12 server behind NAT (router) and Android SIP client (Acrobits or CSipSimple) with the following condition.
- Router local IP: 192.168.0.1
- Router domain: sip.example.net (using DNS like DynDNS)
- Asterisk server local IP: 192.168.0.2
- SIP protocol: TLS, port=10000 (not default due to security reason)
- RTP: port=10001 to 10008
- Android phone has a global IP.
In router's setting, I opened ports 10000-10008 (TLS and RTP) and forwarded them to Asterisk server IP (192.168.0.2).
---
<sip.conf>
externhost=sip.example.net
localnet=192.168.0.0/255.255.255.0
tlsenable=yes
tlsbindaddr=0.0.0.0:10000
tlscertfile=…
---
<rtp.conf>
rtpstart=10001
rtpend=10008
---
Under above condition, there is no problem for registration, connection, calling and talking.
However, Asterisk cannot detect disconnection. (can't disconnect).
I traced a log and found;
---
SIP/2.0 100 Trying
Via: SIP/2.0/TLS xxx.xxx.xx.0:xxxxx;branch=;received=;rport=
From: <sips:xxx@ sip.example.net:10000>;tag=xxx
To: <sips:yyy@ sip.example.net:10000>
Call-ID: xxxxx
CSeq: 1 INVITE
Server: Asterisk PBX 11.12.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Contact: <sip:yyy at x.xx.xx.xx:5061;transport=TLS>
Content-Length: 0
---
In "Contact:" line (2nd line from the bottom), port “5061” suddenly appears, which I never used.
This problem only occurs under TLS with non-default port (not 5061).
There is no problem under UDP, even though non-standard port is set (ex. bindport=10000).
For testing, in “sip.h”, I changed
#define STANDARD_TLS_PORT 5061
to
#define STANDARD_TLS_PORT 10000
and compiled.
As a result, I confirmed that Asterisk works properly (detect disconnection).
In conclusion, it is better to make an option like “tlsbindport” in sip.conf and make it work like UDP.
Thank you.
was:
Using Asterisk 11.12 server behind NAT (router) and Android SIP client (Acrobits or CSipSimple) with the following condition.
- Router local IP: 192.168.0.1
- Router domain: sip.example.net (using DNS like DynDNS)
- Asterisk server local IP: 192.168.0.2
- SIP protocol: TLS, port=10000 (not default due to security reason)
- RTP: port=10001 to 10008
- Android phone has a global IP.
In router's setting, I opened ports 10000-10008 (TLS and RTP) and forwarded them to Asterisk server IP (192.168.0.2).
---
<sip.conf>
externhost=sip.example.net
localnet=192.168.0.0/255.255.255.0
tlsenable=yes
tlsbindaddr=0.0.0.0:10000
tlscertfile=…
---
<rtp.conf>
rtpstart=10001
rtpend=10008
---
Under above condition, there is no problem for registration, connection, calling and talking.
However, Asterisk cannot detect disconnection. (can't disconnect).
I traced a log and found;
---
SIP/2.0 100 Trying
Via: SIP/2.0/TLS xxx.xxx.xx.0:xxxxx;branch=;received=;rport=
From: <sips:xxx@ sip.example.net:10000>;tag=xxx
To: <sips:yyy@ sip.example.net:10000>
Call-ID: xxxxx
CSeq: 1 INVITE
Server: Asterisk PBX 11.12.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Contact: <sip:yyy at x.xx.xx.xx:5061;transport=TLS>
Content-Length: 0
---
In "Contact:" line (2nd line from the bottom), port “5061” suddenly appears, which I never used.
This problem only occurs under TLS with non-default port (not 5061).
There is no problem under UDP, even though non-standard port is set (ex. bindaddr=10000).
For testing, in “sip.h”, I changed
#define STANDARD_TLS_PORT 5061
to
#define STANDARD_TLS_PORT 10000
and compiled.
As a result, I confirmed that Asterisk works properly (detect disconnection).
In conclusion, it is better to make an option like “tlsbindport” in sip.conf and make it work like UDP.
Thank you.
> Document that Asterisk will use the default SIP ports (5060 for TCP, 5061 for TLS) if the extern option variants aren't used
> ----------------------------------------------------------------------------------------------------------------------------
>
> Key: ASTERISK-24428
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-24428
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/TCP-TLS
> Affects Versions: SVN, 1.8.32.0, 11.12.0, 12.7.0, 13.0.0
> Environment: Ubuntu 14.04, OpenWrt 14.07
> Reporter: sstream
>
> Using Asterisk 11.12 server behind NAT (router) and Android SIP client (Acrobits or CSipSimple) with the following condition.
> - Router local IP: 192.168.0.1
> - Router domain: sip.example.net (using DNS like DynDNS)
> - Asterisk server local IP: 192.168.0.2
> - SIP protocol: TLS, port=10000 (not default due to security reason)
> - RTP: port=10001 to 10008
> - Android phone has a global IP.
> In router's setting, I opened ports 10000-10008 (TLS and RTP) and forwarded them to Asterisk server IP (192.168.0.2).
> ---
> <sip.conf>
> externhost=sip.example.net
> localnet=192.168.0.0/255.255.255.0
> tlsenable=yes
> tlsbindaddr=0.0.0.0:10000
> tlscertfile=…
> ---
> <rtp.conf>
> rtpstart=10001
> rtpend=10008
> ---
> Under above condition, there is no problem for registration, connection, calling and talking.
> However, Asterisk cannot detect disconnection. (can't disconnect).
> I traced a log and found;
> ---
> SIP/2.0 100 Trying
> Via: SIP/2.0/TLS xxx.xxx.xx.0:xxxxx;branch=;received=;rport=
> From: <sips:xxx@ sip.example.net:10000>;tag=xxx
> To: <sips:yyy@ sip.example.net:10000>
> Call-ID: xxxxx
> CSeq: 1 INVITE
> Server: Asterisk PBX 11.12.0
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
> Supported: replaces, timer
> Contact: <sip:yyy at x.xx.xx.xx:5061;transport=TLS>
> Content-Length: 0
> ---
> In "Contact:" line (2nd line from the bottom), port “5061” suddenly appears, which I never used.
> This problem only occurs under TLS with non-default port (not 5061).
> There is no problem under UDP, even though non-standard port is set (ex. bindport=10000).
> For testing, in “sip.h”, I changed
> #define STANDARD_TLS_PORT 5061
> to
> #define STANDARD_TLS_PORT 10000
> and compiled.
> As a result, I confirmed that Asterisk works properly (detect disconnection).
> In conclusion, it is better to make an option like “tlsbindport” in sip.conf and make it work like UDP.
> Thank you.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list