[Asterisk-Users] Confused about NAT and Authentication with FWD

ian at drumoak.demon.co.uk ian at drumoak.demon.co.uk
Thu Oct 7 06:47:49 MST 2004 

I have recently started experimenting with Asterisk. I am running the system the other side of the a NAT router and trying to connect to FWD. I have opened UDP ports and have configured sip.conf to handle NAT.

The problem:	

I can call from the FWD phone and the extension on Asterisk rings and there is two way sound so no problem.

Now if in the extension.conf file I have, 
exten => _.,3,Dial(SIP/${EXTEN}@fwd,20)

where fwd is the same name as the definition in sip.conf then I can see that Asterisk is handling the call as if it is going across the NAT ( see attached sip debug output). However (there is always a however) I get  and the call fails.

Oct  6 20:01:20 NOTICE[1087269568]: chan_sip.c:6766 handle_response: Failed to authenticate on INVITE to '"465605" <sip:465605 at fwd.pulver.com>;tag=as1ba1c908'

If I change the Dial entry in extension.conf to 

exten => _.,3,Dial(SIP/${EXTEN}@fwd.pulver.com,20)

Then I no longer see the outgoing connection being handled as if it is going across a NAT. The call does connect but there is only sound from the asterisk originating end I cannot get sound from the FWD end.

What Am I doing wrong.


CALL with exten => _.,3,Dial(SIP/${EXTEN}@fwd,20)

Contact: <sip:465605 at 68.107.251.237>
Call-ID: 2317f28d1068db997e49c4d57ae5c27e at fwd.pulver.com
CSeq: 103 ACK
User-Agent: Asterisk PBX
Content-Length: 0
 
 (NAT) to 69.90.155.70:5060
We're at 68.107.251.237 port 16988
Answering/Requesting with root capability 4
Answering with preferred capability 0x8(ALAW)
Answering with non-codec capability 0x1(G723)
Reliably Transmitting:
INVITE sip:467919 at fwd.pulver.com SIP/2.0
Via: SIP/2.0/UDP 68.107.251.237:5060;branch=z9hG4bK5ff7a339;rport
From: "465605" <sip:465605 at fwd.pulver.com>;tag=as1ba1c908
To: <sip:467919 at fwd.pulver.com>
Contact: <sip:465605 at 68.107.251.237>
Call-ID: 2317f28d1068db997e49c4d57ae5c27e at fwd.pulver.com
CSeq: 104 INVITE
User-Agent: Asterisk PBX
Proxy-Authorization: Digest username="", realm="fwd.pulver.com", algorithm=MD5, uri="sip:467919 at fwd.pulver.com", nonce="4164968c9e998958628497b2972ac7a4f16294a3", response="a2898d0ce04b6e2eab98239005f7fdef", opaque=""
Date: Thu, 07 Oct 2004 01:01:20 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
Content-Type: application/sdp
Content-Length: 242
 
v=0
o=root 3282 3284 IN IP4 68.107.251.237
s=session
c=IN IP4 68.107.251.237
t=0 0
m=audio 16988 RTP/AVP 0 8 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -
 (NAT) to 69.90.155.70:5060
 
 
Sip read:
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 68.107.251.237:5060;branch=z9hG4bK5ff7a339;rport=5060
From: "465605" <sip:465605 at fwd.pulver.com>;tag=as1ba1c908
To: <sip:467919 at fwd.pulver.com>;tag=cb2000b247d89723001a836145f3b053.3772
Call-ID: 2317f28d1068db997e49c4d57ae5c27e at fwd.pulver.com
CSeq: 104 INVITE
Proxy-Authenticate: Digest realm="fwd.pulver.com", nonce="4164968c9e998958628497b2972ac7a4f16294a3"
Server: Sip EXpress router (0.8.12 (i386/linux))
Content-Length: 0
 
 
9 headers, 0 lines
Transmitting:
ACK sip:467919 at fwd.pulver.com SIP/2.0
Via: SIP/2.0/UDP 68.107.251.237:5060;branch=z9hG4bK5ff7a339;rport
From: "465605" <sip:465605 at fwd.pulver.com>;tag=as1ba1c908
To: <sip:467919 at fwd.pulver.com>;tag=cb2000b247d89723001a836145f3b053.3772
Contact: <sip:465605 at 68.107.251.237>
Call-ID: 2317f28d1068db997e49c4d57ae5c27e at fwd.pulver.com
CSeq: 104 ACK
User-Agent: Asterisk PBX
Content-Length: 0
 
 (NAT) to 69.90.155.70:5060
Oct  6 20:01:20 NOTICE[1087269568]: chan_sip.c:6766 handle_response: Failed to authenticate on INVITE to '"465605" <sip:465605 at fwd.pulver.com>;tag=as1ba1c908'
Reliably Transmitting:
CANCEL sip:467919 at fwd.pulver.com SIP/2.0
Via: SIP/2.0/UDP 68.107.251.237:5060;branch=z9hG4bK5ff7a339;rport
From: "465605" <sip:465605 at fwd.pulver.com>;tag=as1ba1c908
To: <sip:467919 at fwd.pulver.com>
Contact: <sip:465605 at 68.107.251.237>
Call-ID: 2317f28d1068db997e49c4d57ae5c27e at fwd.pulver.com
CSeq: 104 CANCEL
User-Agent: Asterisk PBX
Proxy-Authorization: Digest username="", realm="fwd.pulver.com", algorithm=MD5, uri="sip:467919 at fwd.pulver.com", nonce="4164968c9e998958628497b2972ac7a4f16294a3", response="8228360b3e3e342544e5c08d16cc824e", opaque=""
Content-Length: 0


Call with exten => _.,3,Dial(SIP/${EXTEN}@fwd.pulver.com,20)


Sip read:
INVITE sip:467919 at 192.168.0.163 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.160:5060;branch=z9hG4bK-2729a2aa
From: SPA2202 <sip:2000 at 192.168.0.163>;tag=d7f857520fa6972o0
To: <sip:467919 at 192.168.0.163>
Call-ID: 4dd7bf1-74628526 at 192.168.0.160
CSeq: 101 INVITE
Max-Forwards: 70
Contact: SPA2202 <sip:2000 at 192.168.0.160:5060>
Expires: 240
User-Agent: Sipura/SPA2000-2.0.10(e)
Content-Length: 428
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
Supported: x-sipura
Content-Type: application/sdp
 
v=0
o=- 25855460 25855460 IN IP4 192.168.0.160
s=-
c=IN IP4 192.168.0.160
t=0 0
m=audio 16388 RTP/AVP 2 0 4 8 18 96 97 98 100 101
a=rtpmap:2 G726-32/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:4 G723/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729a/8000
a=rtpmap:96 G726-40/8000
a=rtpmap:97 G726-24/8000
a=rtpmap:98 G726-16/8000
a=rtpmap:100 NSE/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:30
a=sendrecv
 
14 headers, 19 lines
Using latest request as basis request
Sending to 192.168.0.160 : 5060 (NAT)
Found RTP audio format 2
Found RTP audio format 0
Found RTP audio format 4
Found RTP audio format 8
Found RTP audio format 18
Found RTP audio format 96
Found RTP audio format 97
Found RTP audio format 98
Found RTP audio format 100
Found RTP audio format 101
Peer audio RTP is at port 192.168.0.160:16388
Found description format G726-32
Found description format PCMU
Found description format G723
Found description format PCMA
Found description format G729a
Found description format G726-40
Found description format G726-24
Found description format G726-16
Found description format NSE
Found description format telephone-event
Capabilities: us - 0xc(ULAW|ALAW), peer - audio=0x51d(G723|ULAW|ALAW|G726|G729A|ILBC)/video=0x0(EMPTY), combined - 0xc(ULAW|ALAW)
Non-codec capabilities: us - 0x1(G723), peer - 0x1(G723), combined - 0x1(G723)
Reliably Transmitting (no NAT):
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 192.168.0.160:5060;branch=z9hG4bK-2729a2aa
From: SPA2202 <sip:2000 at 192.168.0.163>;tag=d7f857520fa6972o0
To: <sip:467919 at 192.168.0.163>;tag=as054b897b
Call-ID: 4dd7bf1-74628526 at 192.168.0.160
CSeq: 101 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
Contact: <sip:467919 at 192.168.0.163>
Proxy-Authenticate: Digest realm="asterisk", nonce="21a2c901"
Content-Length: 0
 
 
 to 192.168.0.160:5060
Scheduling destruction of call '4dd7bf1-74628526 at 192.168.0.160' in 15000 ms
Found user '2000'
 
 
Sip read:
ACK sip:467919 at 192.168.0.163 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.160:5060;branch=z9hG4bK-2729a2aa
From: SPA2202 <sip:2000 at 192.168.0.163>;tag=d7f857520fa6972o0
To: <sip:467919 at 192.168.0.163>;tag=as054b897b
Call-ID: 4dd7bf1-74628526 at 192.168.0.160
CSeq: 101 ACK
Max-Forwards: 70
Contact: SPA2202 <sip:2000 at 192.168.0.160:5060>
User-Agent: Sipura/SPA2000-2.0.10(e)
Content-Length: 0
 
 
10 headers, 0 lines
 
 
Sip read:
INVITE sip:467919 at 192.168.0.163 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.160:5060;branch=z9hG4bK-1051ed72
From: SPA2202 <sip:2000 at 192.168.0.163>;tag=d7f857520fa6972o0
To: <sip:467919 at 192.168.0.163>
Call-ID: 4dd7bf1-74628526 at 192.168.0.160
CSeq: 102 INVITE
Max-Forwards: 70
Proxy-Authorization: Digest username="2000",realm="asterisk",nonce="21a2c901",uri="sip:467919 at 192.168.0.163",algorithm=MD5,response="8471345eb0616f4f354cb5da516e4c19"
Contact: SPA2202 <sip:2000 at 192.168.0.160:5060>
Expires: 240
User-Agent: Sipura/SPA2000-2.0.10(e)
Content-Length: 428
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
Supported: x-sipura
Content-Type: application/sdp
 
v=0
o=- 25855460 25855460 IN IP4 192.168.0.160
s=-
c=IN IP4 192.168.0.160
t=0 0
m=audio 16388 RTP/AVP 2 0 4 8 18 96 97 98 100 101
a=rtpmap:2 G726-32/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:4 G723/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729a/8000
a=rtpmap:96 G726-40/8000
a=rtpmap:97 G726-24/8000
a=rtpmap:98 G726-16/8000
a=rtpmap:100 NSE/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:30
a=sendrecv
 
15 headers, 19 lines
Using latest request as basis request
Sending to 192.168.0.160 : 5060 (non-NAT)
Found RTP audio format 2
Found RTP audio format 0
Found RTP audio format 4
Found RTP audio format 8
Found RTP audio format 18
Found RTP audio format 96
Found RTP audio format 97
Found RTP audio format 98
Found RTP audio format 100
Found RTP audio format 101
Peer audio RTP is at port 192.168.0.160:16388
Found description format G726-32
Found description format PCMU
Found description format G723
Found description format PCMA
Found description format G729a
Found description format G726-40
Found description format G726-24
Found description format G726-16
Found description format NSE
Found description format telephone-event
Capabilities: us - 0xc(ULAW|ALAW), peer - audio=0x51d(G723|ULAW|ALAW|G726|G729A|ILBC)/video=0x0(EMPTY), combined - 0xc(ULAW|ALAW)
Non-codec capabilities: us - 0x1(G723), peer - 0x1(G723), combined - 0x1(G723)
Found user '2000'
Looking for 467919 in sip
list_route: hop: <sip:2000 at 192.168.0.160:5060>
Transmitting (no NAT):
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.0.160:5060;branch=z9hG4bK-1051ed72
From: SPA2202 <sip:2000 at 192.168.0.163>;tag=d7f857520fa6972o0
To: <sip:467919 at 192.168.0.163>;tag=as4fa94ab9
Call-ID: 4dd7bf1-74628526 at 192.168.0.160
CSeq: 102 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
Contact: <sip:467919 at 192.168.0.163>
Content-Length: 0
 
 
 to 192.168.0.160:5060
We're at 68.107.251.237 port 13108
Answering/Requesting with root capability 4
Answering with preferred capability 0x8(ALAW)
Answering with non-codec capability 0x1(G723)
12 headers, 11 lines
Reliably Transmitting:
INVITE sip:467919 at fwd.pulver.com SIP/2.0
Via: SIP/2.0/UDP 68.107.251.237:5060;branch=z9hG4bK4b2b17a4
From: "465605" <sip:465605 at 68.107.251.237>;tag=as7dd80117
To: <sip:467919 at fwd.pulver.com>
Contact: <sip:465605 at 68.107.251.237>
Call-ID: 6ddd80ff6e776bc610230a926b4cf89d at 68.107.251.237
CSeq: 102 INVITE
User-Agent: Asterisk PBX
Date: Thu, 07 Oct 2004 00:56:48 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
Content-Type: application/sdp
Content-Length: 242
 
v=0
o=root 3282 3282 IN IP4 68.107.251.237
s=session
c=IN IP4 68.107.251.237
t=0 0
m=audio 13108 RTP/AVP 0 8 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -
 (no NAT) to 69.90.155.70:5060
 
 
Sip read:
SIP/2.0 100 trying -- your call is important to us
Via: SIP/2.0/UDP 68.107.251.237:5060;branch=z9hG4bK4b2b17a4
From: "465605" <sip:465605 at 68.107.251.237>;tag=as7dd80117
To: <sip:467919 at fwd.pulver.com>
Call-ID: 6ddd80ff6e776bc610230a926b4cf89d at 68.107.251.237
CSeq: 102 INVITE
Server: Sip EXpress router (0.8.12 (i386/linux))
Content-Length: 0



sip.conf

[general]
port = 5060    
bindaddr = 192.168.0.163    		
externip = 68.107.251.237	
localnet = 192.168.0.0/255.255.255.0
context = sip
serverlookup = yes
tos = reliability
nat=yes
disallow = all          		
allow = ulaw			
allow = alaw			
context = from-sip
reinvite = no
caninvite = no	
maxexpirey = 180
defaultexpirey = 160

register => 465605:password at fwd.pulver.com/2000


[fwd]
type=friend
secret=password
usename=465605
fromuser=465605
fromdomain=fwd.pulver.com
host=fwd.pulver.com
dtmfmode=rfc2833
disallow=all
allow=ulaw
allow=alaw
nat=yes
reinvite=no
canreinvite=no
insecure=very
qualify=yes
context=sip
promsicredir=yes


[2000]

type=friend           
username=2000         
secret=password           
host=dynamic          
context=sip      	
mailbox=2000          
callerid="SPA1" <2000>           
dtmfmode=inband
disallow=all          
allow=ulaw
allow=alaw
nat=0


extension conf 

[general]

static=yes       
writeprotect=yes 

[sip]

exten => 2000,1,Dial(SIP/2000,20)
exten => 2000,2,Voicemail(u2000)
exten => 2000,102,Voicemail(b2000)
exten => 2000,103,Hangup


exten => _.,1,SetCallerID(465605)
exten => _.,2,SetCIDName(465605)
exten => _.,3,Dial(SIP/${EXTEN}@fwd,20)


Thanks 

Ian L

More information about the asterisk-users mailing list