[asterisk-users] Asterisk 1.8.7 and client outside network

Administrator TOOTAI admin at tootai.net
Tue Oct 18 11:02:55 CDT 2011 

Hello everybody, sorry for delay

Le 16/10/2011 16:51, Tarek Sawah a écrit :
> One more thing can you post your peer's configs as you have it in the 
> config file?

It's below, at the end of the original message. Tried as well type=peer 
with no luck

Details:

[snom320](!)
type=peer
host=dynamic
context=default
nat=no
canreinvite=no
qualify=yes
dtmfmode=rfc2833
language=fr
allow=all
call-limit=2
busy-limit=2
language=fr
mailbox=100
vmexten=090

[ulaw-phone](!)                   ; and another one for ulaw-only
         disallow=all
         allow=ulaw
         allow=alaw

[callgroup1](!)
callgroup=1
pickupgroup=1

> and can you register with the same user from within the lan?

Yes. And as I told, on 1.6.20 there is no problem. On the lan they are 5 
SNOM300, 4 Siemens C610IP and 1 SNOM320 (not the same I tried to 
connect) and they are connecting well.

Thanks for your help

>
> > Date: Sun, 16 Oct 2011 12:33:27 +0200
> > From: admin at tootai.net
> > To: asterisk-users at lists.digium.com
> > Subject: Re: [asterisk-users] Asterisk 1.8.7 and client outside network
> >
> > Hi Tarek
> >
> > Le 15/10/2011 20:28, Tarek Sawah a écrit :
> > > Hello Daniel
> > > First question, do you have a firewall application or hardware
> > > installed on the network?
> >
> > The Asterisk server is also the firewall/router, iptables running on it.
> >
> > >
> > > Second do you have some software similar to fail2ban?
> >
> > Yes, but I put the domain IP in ignoreip list. I checked fail2ban
> > iptables rules, no trace of this IP
> >
> > >
> > > Third check your IPTABLES if you can post the output of iptables-save
> > > would be good.
> > >
> > > if you can replace the localnet=<Asterisk server external IP/32>
> > > with externip=<Asterisk server external IP/32>
> >
> > I didn't send this info but externalip is setted to <Asterisk server
> > external IP/32>
> >
> > >
> > > then we will be able to check your problem?
> >
> > This setup is working on tens of customers servers (1.2, 1.4 and 1.6),
> > but this is the first one running 1.8 version. The same phone connect
> > perfectly to our 1.6 server in the same conditions, so it's seems
> > something related to 1.8 version.
> >
> > What I don't understand is that (violating IP ) should display the IP
> > but in my case it's blank (or empty). Should domain contain as well the
> > port despite the fact that we have insecure=port,invite?
> >
> > Thanks for your help
> >
> > Daniel
> >
> > >
> > >
> > > > Date: Sat, 15 Oct 2011 19:08:10 +0200
> > > > From: admin at tootai.net
> > > > To: asterisk-users at lists.digium.com
> > > > Subject: Re: [asterisk-users] Asterisk 1.8.7 and client outside 
> network
> > > >
> > > > Hi,
> > > >
> > > > no clue on this?
> > > >
> > > > I found a thread in march from Faisal Hanif having the same 
> problem but
> > > > no one of the proposed ideas where working (reverse permit/deny, 
> tried
> > > > with only permit=0.0.0.0/0.0.0.0, aso), no luck :-) I don't now 
> if it's
> > > > solved for him.
> > > >
> > > > If someone had a solution on this, would be great to share ;-)
> > > >
> > > > Regards
> > > >
> > > > --
> > > > Daniel
> > > >
> > > >
> > > > Le 07/10/2011 15:01, Administrator TOOTAI a écrit :
> > > > > Hi,
> > > > >
> > > > > my asterisk 1.8.7 is working well with phones (SNOM, Gigaset 
> 620 and
> > > > > GrandStream) connected from the lan
> > > > >
> > > > > I now want to connect a snom320 from outside but it failed, 
> having
> > > always
> > > > >
> > > > > [Oct 7 14:48:04] ERROR[3870]: netsock2.c:94
> > > ast_sockaddr_stringify_fmt:
> > > > > getnameinfo(): ai_family not supported
> > > > > [Oct 7 14:48:04] WARNING[3870]: chan_sip.c:13597
> > > parse_register_contact:
> > > > > Domain 'XX.XXX.XXX.XX:2048' disallowed by contact ACL 
> (violating IP )
> > > > > [Oct 7 14:48:04] WARNING[3870]: chan_sip.c:14306 register_verify:
> > > > > Registration denied because of contact ACL
> > > > >
> > > > > doesn't matter if I connect through a VPN or to the public IP
> > > using STUN.
> > > > >
> > > > >
> > > > > My sip.conf:
> > > > >
> > > > > localnet=172.24.0.0/12
> > > > > localnet=169.254.0.0/255.255.0.0 ; Zero conf local network
> > > > > localnet=<Asterisk server external IP/32>
> > > > > autodomain=yes
> > > > > ;allowexternaldomains=yes
> > > > > domain=172.24.30.250 ;Asterisk Server IP
> > > > > domain=<Public Hostname>
> > > > > domain=<Another Public Hostname>
> > > > >
> > > > > [309](snom320,ulaw-phone,callgroup1)
> > > > > type=friend
> > > > > insecure=port,invite
> > > > > secret=VoIP2auDIo
> > > > > contactdeny=0.0.0.0/0.0.0.0
> > > > > contactpermit=XX.XXX.XXX.XX/32 ; External IP from phone, same as
> > > > > disallowed by contact ACL
> > > > > deny=0.0.0.0/0.0.0.0
> > > > > permit=XX.XXX.XXX.XX/32
> > > > > nat=yes
> > > > >
> > > > > Any clue? Why violating IP is empty?

More information about the asterisk-users mailing list