[asterisk-users] Re: SIP & NAT ...

[Gordon Henderson]

On Fri, 1 Jun 2007, Gordon Henderson wrote:

> So I thought I had SIP and NAT cracked a long time ago, but something's just 
> happened that's sort of upset the cart )-:
>
> I have an * box behind a NAT firewall. Nothing unusual there, this is 
> something I've done many times - sip.conf has the correct
>
>  nat=
>  localnet=
>  externip=
>
> settings, the router has ports 5060-5069 and 10000-20000 forwarded to the 
> internal IP address of the * box. (and 4569 for IAX, but we're just using SIP 
> here)
>
> The * server has a few internal (LAN) and external SIP phones, but also has 2 
> SIP connections to an external PSTN provider. I don't know what this is as I 
> don't have any control or access to it, but both go to the same IP address 
> with different account details (username/passwords)
>
> Both these SIP -> external PSTN provider connections register OK on the * 
> box, and outgoing calls placed over either connection works perfectly. 
> Outgoing callerId (set by the external provider) works as expected. ) I have 
> dialling prefixes for each 'line', nothing special there, that side of it all 
> works as expected.
>
> The problem is that only the last one in the sip.conf file actually accepts 
> incoming calls when dialled from the PSTN side. (They have different PSTN 
> phone numbers) If I swap their entries over in the sip.conf file, then the 
> other one takes the calls.
>
> When dialling the first number, nothing seems to get through to the * box at 
> all - nothing on the console in verbose mode, nothing in the log-file.
>
> The 2 SIP account setups are otherwise identical (generated by a web 
> interface), just the usenrname & password differing, and the account name.

So I have now had to time to get to the bottom of this and it seems to be 
nothing to do with NAT.

I even found some pages on the WiKi that were useful: (Although not under 
any heading I'd have thought of!)

http://www.voip-info.org/wiki/view/Asterisk+SIP+user+vs+peer

or at least talked about others having the same problem and presents some 
solutions one of which I managed to adapt for my situation.

I'm not sure if I'd call this a bug, feature or just a PITA )-:

Incoming SIP calls (from registered hosts, when we're a peer?) start from 
the bottom of the sip.conf file and work upwards. However the bottom entry 
would appear to be the one that's used to authenticate all of this type of 
incoming SIP calls, the others aren't.

So I created a new peer entry at the bottom of the file, insecure=invite, 
and a new context to send incoming calls to and it seems to work. The 
far-end is OpenSER in-case anyone knows of that having issues.

And while it works, I don't think it's too satisfactory a solution, (and I 
can't work out how to put this into a GUI yet!) but there you go.

Gordon