[asterisk-users] Asterisk 1.8.7 and client outside network

Tarek Sawah tareksawah at hotmail.com
Sun Oct 16 09:51:46 CDT 2011 

One more thing can you post your peer's configs as you have it in the config file?  and can you register with the same user from within the lan?



Tarek Sawah

Information Technology  Adviser

Integrated Digital Systems

CCNP, MCSE, RHCE, TELECOM

USA: +1 386 492 9993



> Date: Sun, 16 Oct 2011 12:33:27 +0200
> From: admin at tootai.net
> To: asterisk-users at lists.digium.com
> Subject: Re: [asterisk-users] Asterisk 1.8.7 and client outside network
> 
> Hi Tarek
> 
> Le 15/10/2011 20:28, Tarek Sawah a écrit :
> > Hello Daniel
> > First question, do you have a firewall application or hardware 
> > installed on the network?
> 
> The Asterisk server is also the firewall/router, iptables running on it.
> 
> >
> > Second do you have some software similar to fail2ban?
> 
> Yes, but I put the domain IP in ignoreip list. I checked fail2ban 
> iptables rules, no trace of this IP
> 
> >
> > Third check your IPTABLES if you can post the output  of iptables-save 
> > would be good.
> >
> > if you can replace the localnet=<Asterisk server external IP/32>   
> > with externip=<Asterisk server external IP/32>
> 
> I didn't send this info but externalip is setted to <Asterisk server 
> external IP/32>
> 
> >
> > then we will be able to check your problem?
> 
> This setup is working on tens of customers servers (1.2, 1.4 and 1.6), 
> but this is the first one running 1.8 version. The same phone connect 
> perfectly to our 1.6 server in the same conditions, so it's seems 
> something related to 1.8 version.
> 
> What I don't understand is that (violating IP ) should display the IP 
> but in my case it's blank (or empty). Should domain contain as well the 
> port despite the fact that we have insecure=port,invite?
> 
> Thanks for your help
> 
> Daniel
> 
> >
> >
> > > Date: Sat, 15 Oct 2011 19:08:10 +0200
> > > From: admin at tootai.net
> > > To: asterisk-users at lists.digium.com
> > > Subject: Re: [asterisk-users] Asterisk 1.8.7 and client outside network
> > >
> > > Hi,
> > >
> > > no clue on this?
> > >
> > > I found a thread in march from Faisal Hanif having the same problem but
> > > no one of the proposed ideas where working (reverse permit/deny, tried
> > > with only permit=0.0.0.0/0.0.0.0, aso), no luck :-) I don't now if it's
> > > solved for him.
> > >
> > > If someone had a solution on this, would be great to share ;-)
> > >
> > > Regards
> > >
> > > --
> > > Daniel
> > >
> > >
> > > Le 07/10/2011 15:01, Administrator TOOTAI a écrit :
> > > > Hi,
> > > >
> > > > my asterisk 1.8.7 is working well with phones (SNOM, Gigaset 620 and
> > > > GrandStream) connected from the lan
> > > >
> > > > I now want to connect a snom320 from outside but it failed, having 
> > always
> > > >
> > > > [Oct 7 14:48:04] ERROR[3870]: netsock2.c:94 
> > ast_sockaddr_stringify_fmt:
> > > > getnameinfo(): ai_family not supported
> > > > [Oct 7 14:48:04] WARNING[3870]: chan_sip.c:13597 
> > parse_register_contact:
> > > > Domain 'XX.XXX.XXX.XX:2048' disallowed by contact ACL (violating IP )
> > > > [Oct 7 14:48:04] WARNING[3870]: chan_sip.c:14306 register_verify:
> > > > Registration denied because of contact ACL
> > > >
> > > > doesn't matter if I connect through a VPN or to the public IP 
> > using STUN.
> > > >
> > > >
> > > > My sip.conf:
> > > >
> > > > localnet=172.24.0.0/12
> > > > localnet=169.254.0.0/255.255.0.0 ; Zero conf local network
> > > > localnet=<Asterisk server external IP/32>
> > > > autodomain=yes
> > > > ;allowexternaldomains=yes
> > > > domain=172.24.30.250 ;Asterisk Server IP
> > > > domain=<Public Hostname>
> > > > domain=<Another Public Hostname>
> > > >
> > > > [309](snom320,ulaw-phone,callgroup1)
> > > > type=friend
> > > > insecure=port,invite
> > > > secret=VoIP2auDIo
> > > > contactdeny=0.0.0.0/0.0.0.0
> > > > contactpermit=XX.XXX.XXX.XX/32 ; External IP from phone, same as
> > > > disallowed by contact ACL
> > > > deny=0.0.0.0/0.0.0.0
> > > > permit=XX.XXX.XXX.XX/32
> > > > nat=yes
> > > >
> > > > Any clue? Why violating IP is empty?
> 
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20111016/bfdeae8c/attachment.htm>

More information about the asterisk-users mailing list