[asterisk-bugs] [JIRA] (ASTERISK-26438) [patch] chan_sip: auto_force_rport: No NAT = No Symmetric Response.
Alexander Traud (JIRA)
noreply at issues.asterisk.org
Thu Oct 6 18:57:01 CDT 2016
[ https://issues.asterisk.org/jira/browse/ASTERISK-26438?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexander Traud closed ASTERISK-26438.
--------------------------------------
> [patch] chan_sip: auto_force_rport: No NAT = No Symmetric Response.
> -------------------------------------------------------------------
>
> Key: ASTERISK-26438
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-26438
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/IPv6
> Affects Versions: 11.23.1, 13.11.2, 14.0.2
> Reporter: Alexander Traud
> Assignee: Alexander Traud
> Severity: Minor
> Attachments: A_aosp_via_tcp.patch, A_rport_present_nonat.patch, B_aosp_via_tcp.patch, B_rport_present_nonat.patch.patch, C_rport_present_nonat.patch
>
>
> *Steps to Reproduce*
> # Asterisk with {{tcpenable=yes}}
> # Asterisk with IPv6 enabled, like {{bindaddr=::}}
> # VoIP/SIP client is in IPv6 enabled network but with firewall (for example the mobile operator Telekom Deutschland).
> # VoIP/SIP client Google Nexus 5X, Android 7.0
> # Nexus » Menu » Phone » Options » Settings » Calls » Calling accounts » (SIP settings) SIP accounts » Add » Options settings » Transport type: TCP
> # Nexus » Menu » Phone » Options » Settings » Calls » Calling accounts » Receive incoming calls: Yes (The phone sends a SIP-REGISTER, visible via the app Wireshark and the command-line interface of Asterisk {{sip set debug on}}).
> # Asterisk forwards a call and sends a SIP-INVITE to that Android phone.
> *Expected Results*
> The Android phone rings, because Asterisk sends a SIP-INVITE via the existing TCP connection – the TCP connection which was created by the SIP-REGISTER.
> *Actual Results*
> The Android phone does not ring. Although Asterisk is re-using the IP address of the SIP-REGISTER, Asterisk sends the SIP-INVITE to a different port. Because the remote network employs a firewall, that SIP-INVITE is rejected.
> *Notes*
> AOSP sends the parameter {{rport}} (RFC 3581) in UDP and TCP. AOSP does not send the parameter {{ob}} (RFC 5626) as recommend by RFC 6314 section 5.1.1.2.
> _This does not happen, when the Android phone is configured for UDP._
> The built-in VoIP/SIP client of the Android Open Source Project (AOSP) declares a different TCP port in its SIP-REGISTER Contact header. That port was not used for sending the SIP-REGISTER. This behavior exists since day one of that SIP client (Android 2.3) released in December 2010. In UDP, the port is not different between the SIP message and its UDP connection. TLS cannot be tested because this is not offered by the VoIP/SIP client of Android. In AOSP, this affects just TCP.
> _This does not happen, when Asterisk is configured just for IPv4._
> In IPv4, Asterisk considers this a NAT and ignores the Contact header in the SIP-REGISTER and goes for the IP and port of the TCP connection of that SIP-REGISTER right away. This is because of the setting {{nat=auto_force_rport}}, which is the default value. It is believed, similar happens for IPv4, when {{nat=no}} in sip.conf.
> _This does not happen, when there is no firewall on the network of the phone._
> When there is no firewall, Asterisk is able to start a TCP server in the phone via its SIP-INVITE to the TCP port of the Contact header in the SIP message. Consequently, the client is reachable on both TCP ports. This way, when the initial TCP connection got lost somehow, a VoIP server is able to leverage the TCP port of the SIP message as fallback address. Of course, this fails when there is a firewall (or NAT). Nevertheless, this second TCP port is an additional, last resort to start a connection anyway.
> *Workaround*
> {{nat=force_rport}} fixed the issue for me, because in that case the port of the TCP connection is used, not the port within of the Contact header of the SIP message. The state of {{comedia}} does not matter here although I use {{nat=force_rport,auto_comedia}}.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list