[asterisk-users] Asterisk and Client NAT
Gordon Henderson
gordon+asterisk at drogon.net
Sun Aug 19 05:08:57 CDT 2007
On Sun, 19 Aug 2007, G B wrote:
>
> Hi,
>
>
> I realize that this is amongst the worst configurations, but I have been
> made to believe that it can work... eventually. However, currently SIP
> call set up seems to go fine, but no media is transferred in either
> direction. For example, the following is output on the asterisk CLI
> despite no voice being heard. -- Executing [101 at john:1]
> Playback('SIP/john-081da978', 'hello-world') in new stack
*sigh* The old NAT & SIP issue - again... )-:
There is a lot of the VoIP WiKi on it. Eg:
http://www.voip-info.org/wiki-Asterisk+SIP+NAT+solutions
However, assuming the asterisk and client are behind different NAT
firewalls, do this:
1. Tell the client to use a stun server and don't fiddle with the client's
firewall (other than to make sure it's not actually firewalling 5060 and
10000-20000)
If you're stuck for a stun server, use stun1.drogon.net:3478
2. Port forward 5060-5069 and 10000-20000 on the firewall that fronts the
asterisk box to the asterisk box.
3. Tell asterisk it's behind a NAT firewall.
> 1. sip.conf
> [global]
> nat=yes
> canreinvite=no
This isn't enough. You also need to tell it the IP address of the external
firewall, and your local network address.
nat=yes
localnet=192.168.2.0/24
externip=1.2.3.4
Where 1.2.3.4 is the external IP address - the one the client is pointing
to. This needs to be a static IP address (or at least not change for the
duration of your use) the client can be behind a dynamic IP address.
you might need a bit more in the client definition - eg:
[100]
context=internal
type=friend
secret=very
qualify=yes
nat=yes
host=dynamic
canreinvite=no
dtmfmode=rfc2833
mailbox=100
callerid=Joe Bloggs <100>
callgroup=1
pickupgroup=1
subscribecontext=BLF
And that's it.
Gordon
More information about the asterisk-users
mailing list