[asterisk-users] Re: NAT: RTP Path Optimization

Brad Templeton brad+aster at templetons.com
Tue Jan 30 13:32:05 MST 2007


On Tue, Jan 30, 2007 at 12:00:17PM +0100, Patrick Cervicek wrote:
> Brad Templeton schrieb:
> >On Mon, Jan 29, 2007 at 12:05:28PM +0100, Benny Amorsen wrote:
> >
> >>PC> When I set for Extern1/2 canreinvite=yes it works, but
> >>PC> "Intern-2-Extern" doesn't work because Asteisk gives out the
> >>PC> private IP-Adresses of Int1/2
> >>
> >>Asterisk can't give out a public IP-address for Int1/2. Where
> >>would it get one from?
> >>
> >
> >Correct that it doesn't.   But some kind sould could indeed code a
> >variety of techniques to get it, such as:
> 
> Again: My Problem is not "Intern-to-Extern" (NAT,Stun). My Problem is 
> "Extern-to-Extern", that the external phones are not talking RTP 
> *directly* to each other. This is bad, when Asterisk is in Europe and 
> the Phones are in Asia.
> _______________________________________________


That you can usually make work with most phones today, as long as
the phone has some NAT penetration in it.    The most versatile
approach is STUN -- see if you can configure STUN on your phones.

Some phones that don't have STUN do support a hard-configured external
address.  However, they often require a numeric IP, which means
that they only work if you have a static IP, and your RTP port number
never changes on the outside.

A few phones also support extracting information from rport fields etc.
However, they tend to have STUN too.

Then you must also keep a port in the NAT open, by one of the following
methods.

    a) Manual hole in the NAT -- most NATs support this ("port forwarding")
        and it is recommended.     Set your phone to a fixed SIP Port
        and port forward that to your phone.  Requires phone have a fixed
        internal IP usually.

    b) Keep alive transmitted by phone (will be on phone's config)

    c) qualify=yes in asterisk sip.conf sends keep alive from asterisk.
       Works, but if it ever fails your phone won't ring until it
       re-registers.

    d) Very short registration time, like 30 seconds to 1 minute.  This
       will effectively do a keep alive from the phone.   I like this
       least.



If your phone does not understand NAT properly it will forward
a useless SDP that is internal.   This is what some Cisco phones
do.  For those, you are currently screwed.   Some day Asterisk might
support rewriting SDPs that contain unreachable addresses but it
does not, at present, do this.


More information about the asterisk-users mailing list