[asterisk-users] Asterisk/iaxclient IAX2 source port

Tue Dec 18 15:52:01 CST 2007

All,

 	I have a simple question and a complicated reason for asking:

Is it possible to change asterisk's source port for outbound IAX2 
connections?

I've tried using "sourceaddress" to no avail.  I can set it to:

proper.ip.of.box:4569

or

0.0.0.0:4569

and it works as expected.  But if I try to set it to:

proper.ip.of.box:5000

or

0.0.0.0:5000

it fails around line 8536 in channels/chan_iax2.c, function 
peer_set_srcaddr, specifically:

if (ast_netsock_find(netsock, &sin)) {

always returns false unless the port is set to 4569.  Thus tripping the 
error message:

chan_iax2.c:8940 peer_set_srcaddr: Non-local or unbound address specified 
(0.0.0.0:5000) in sourceaddress for 'test-trunk', reverting to default

Is there any way to get asterisk to listen for inbound connections on 
4569, but to use a non-4569 source port?  (Ephemeral ports would be great)

 	Below is the reason for my asking, for the curious:

 	Currently, asterisk uses port 4569 as both the source and 
destination port for all its outbound connections.  This is generally 
fine, but I find myself in a very frustrating NAT issue as a result of 
iaxclient also defaulting to using 4569 for both source and destination 
ports.  We run several sites around the world, all using ENUM to place 
calls between sites.  Thus, none of the sites register with each other. 
Thus, until a call is made, there is no connection between site A and site 
B, and thus no NAT entries in the router at site B for site A.

 	Normally, this is fine.  A call is placed from A to B and the 
packets come into the router at B and get NATed properly:

A.ext:4569 - B.ext:4569 -> A.ext:4569 - B.int.asterisk:4569

 	The trouble though, comes when someone who normally works at site 
A vists site B, but has their IAX softphone (zoiper) set to register back 
to site A.  By default, this softphone, like asterisk, uses 4569 for both 
the source and destination port.  Thus, if there is no call between site A 
and site B and a softphone registers back to site A, a NAT mapping gets 
created that looks like:

A.ext:4569 - B.ext:4569 -> A.ext:4569 - B.int.softphone:4569

 	Now, for the life of this NAT entry, if someone at site A dials 
site B, their call will be routed to the "lucky" softphone that got this 
entry, and not to the asterisk server at site B.  Of course, calls out 
from site B to site A still work properly, since the NAT device just 
changes the port number on the fly since 4569 already has a mapping:

B.int.asterisk:4569 - A.ext:4569 -> B.ext:65535 - A.ext:4569

 	There are three options I see that would fix this:

1. Prevent the linux router at site B from giving the 4569/4569 conntrack 
entry to a softphone.  Would be great, but as far as I can tell, there's 
no way to do this using a standard distribution kernel.  (Hopefully I'm 
wrong, but my research hasn't turned up anything at all useful in this 
regard)

2. Reconfigure all softphones to use a port other than 4569 as their 
source port.  In theory this is possible, but a huge pain to find/change 
every existing softphone, as well as to ensure that people don't 
accidentally end up with the default config in the future causing the 
same problem.

3. Reconfigure asterisk to use a port other than 4569 for its source port 
on outbound connections.  The number of asterisk servers relative to 
softphones is small, and the asterisk servers are configured/controlled by 
admins, not end users.  Thus we could have some guarantee that this 
solution couldn't be circumvented.

 	Am I overlooking something?  Is there an obvious solution here 
that's escaped me?

 	(Ugh, why couldn't iaxclient/zoiper/asterisk all just follow the 
RFCs and use ephemeral source ports to begin with?)

 	Thanks,

 	Chris