[asterisk-users] dreaded one-way audio with nat=yes

Vladimir Mikhelson vlad at mikhelson.com
Fri Mar 9 23:13:07 CST 2012 

Sean,

I do not have experience with the Amazon service.  Cannot advise how to
implement it in their environment.

You need to have a route from your public IP(s) to your Asterisk
instance for all incoming connections on RTP ports.

Absence of this routing explains why SIP connection to your home
(egress) worked whereas incoming SIP connection from your SIP provider
(ingress) has a packed drop issue.  The egress connection is initiated
from the LAN and firewall happily NATs in this case. On the ingress
connection firewall drops all RTP traffic originated by your provider
while happily NATing the traffic originated by your Asterisk.

It is also a good idea to have "qualify=yes" in your SIP peers' settings
to keep these NAT tables on the firewall updated for incoming SIP traffic.

-Vladimir




On 3/9/2012 9:15 PM, sean darcy wrote:
> On 03/09/2012 09:42 PM, Arstan Jusupov wrote:
>> Udp port 5060, udp port range 10000-20000 open? Those are for sip.
>>
>> For iax2 udp port 4569
>>
>> Make sure they are open.
>>
>> Also can you register two ext from the same instance and see if you
>> can hear both ways....
>>
>> What kind of trunk do you have to the other side you calling?
>>
>> Arstan
>> Sent from my iPhone
>>
>> On Mar 10, 2012, at 10:20 AM, sean darcy<seandarcy2 at gmail.com>  wrote:
>>
>>> On 03/09/2012 07:20 PM, Arstan Jusupov wrote:
>>>> It may sound silly but did you configure/open firewall ports on
>>>> amazon ec2? The instance itself as we as from the amazon ec2 panel?
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On Mar 10, 2012, at 7:16 AM, sean darcy<seandarcy2 at gmail.com>   wrote:
>>>>
>>>>> On 03/09/2012 04:16 PM, sean darcy wrote:
>>>>>> I'm trying to move the asterisk server to an Amazon Web instance. We
>>>>>> have teliax for our sip provider. I'd like for our DID lines to be
>>>>>> connected to a users cell phone.
>>>>>>
>>>>>> Seems simple enough, but I'm getting the dreaded one-way audio, even
>>>>>> with nat=yes everyplace I can think of.
>>>>>>
>>>>>> The dialplan is real easy:
>>>>>>
>>>>>> [from-teliax-sip]
>>>>>> exten =>   _j.,1,NoOp("From teliax sip with exten "${EXTEN}")
>>>>>> exten =>   _j.,n,Set(3digitexten=${EXTEN:12:3}
>>>>>> exten =>   _j.,n,NoOp("Callerid is " ${CALLERID(all)} )
>>>>>> exten =>   _j.,n,GoTo(from-outside,${3digitexten},1)
>>>>>>
>>>>>> [from-outside]
>>>>>> exten =>   123,1,NoOp()
>>>>>> exten =>   123,n,Answer()
>>>>>> exten =>   123,n,Dial(SIP/jnctn/1212xxxyyyy)
>>>>>> exten =>   123,n,HangUp()
>>>>>>
>>>>>> sip.conf:
>>>>>> [general]
>>>>>> externaddr=xx.yyy.zz.aa
>>>>>> nat=yes
>>>>>> directmedia=no ; tried nonat
>>>>>>
>>>>>> sip show peer jnctn:
>>>>>> Insecure : invite
>>>>>> Force rport : Yes
>>>>>> .........
>>>>>> DirectMedia : No
>>>>>>
>>>>>> sip show peer teliax:
>>>>>> Insecure : port,invite
>>>>>> Force rport : Yes
>>>>>> ........
>>>>>> DirectMedia : No
>>>>>>
>>>>>>
>>>>>>
>>>>>> And the cli doesn't show any problems:
>>>>>>
>>>>>> NoOp("SIP/teliax-00000022", ""From teliax sip with exten
>>>>>> "<somename12lg>(123)"") in new stack
>>>>>> Set("SIP/teliax-00000022", "3digitexten=123") in new stack
>>>>>> NoOp("SIP/teliax-00000022", ""Callerid is " "") in new stack
>>>>>> Goto("SIP/teliax-00000022", "from-outside,123,1") in new stack
>>>>>> -- Goto (from-outside,123,1)
>>>>>> NoOp("SIP/teliax-00000022", "") in new stack
>>>>>> Answer("SIP/teliax-00000022", "") in new stack
>>>>>> Dial("SIP/teliax-00000022", "SIP/jnctn/1212aaabbbb") in new stack
>>>>>> == Using SIP RTP TOS bits 184
>>>>>> == Using SIP RTP CoS mark 5
>>>>>> -- Called SIP/jnctn/1212aaabbbb
>>>>>> -- SIP/jnctn-00000023 is making progress passing it to
>>>>>> SIP/teliax-00000022
>>>>>> -- SIP/jnctn-00000023 answered SIP/teliax-00000022
>>>>>> -- Locally bridging SIP/teliax-00000022 and SIP/jnctn-00000023
>>>>>> == Spawn extension (from-outside, 123, 3) exited non-zero on
>>>>>> 'SIP/teliax-00000022'
>>>>>>
>>>>>> The called party can hear the calling party, but not the reverse!
>>>>>>
>>>>>> Any help really appreciated!
>>>>>>
>>>>>> sean
>>>>>>
>>>>>
>>>>> So I tried having teliax connect to the asterisk box with iax. But
>>>>> now I get no audio both ways!
>>>>>
>>>>>        Answer("IAX2/iaxtest-1945", "") in new stack
>>>>>        GotoIf("IAX2/iaxtest-1945", "1?123,1") in new stack
>>>>>
>>>>>     -- Goto (from-outside,123,1)
>>>>>     -- Executing [123 at from-outside:1] NoOp("IAX2/iaxtest-1945",
>>>>> "") in new stack
>>>>>     -- Executing [123 at from-outside:2] Dial("IAX2/iaxtest-1945",
>>>>> "SIP/jnctn/1aaabbbcccc") in new stack
>>>>>   == Using SIP RTP TOS bits 184
>>>>>   == Using SIP RTP CoS mark 5
>>>>>     -- Called SIP/jnctn/1aaabbbcccc
>>>>>     -- IAX2/iaxtest-1945 requested special control 20, passing it
>>>>> to SIP/jnctn-00000000
>>>>>     -- IAX2/iaxtest-1945 requested special control 20, passing it
>>>>> to SIP/jnctn-00000000
>>>>>     -- IAX2/iaxtest-1945 requested special control 20, passing it
>>>>> to SIP/jnctn-00000000
>>>>>     -- SIP/jnctn-00000000 is ringing
>>>>>     -- IAX2/iaxtest-1945 requested special control 20, passing it
>>>>> to SIP/jnctn-00000000
>>>>>     -- IAX2/iaxtest-1945 requested special control 20, passing it
>>>>> to SIP/jnctn-00000000
>>>>>     -- SIP/jnctn-00000000 answered IAX2/iaxtest-1945
>>>>>
>>>>> Really puzzled.
>>>>>
>>>>> sean
>>>
>>> Well that's interesting. I hadn't realized that iptables was set up
>>> on the instance, as well as the firewall from the security group on
>>> the control panel.
>>>
>>> Flushed the instance iptables, which fixed a problem I was having
>>> with a phone registering.
>>>
>>> But I still have my one-way audio. The calling party hears nothing
>>> from the called party.
>>>
>>> sean
>>>
>
> The instance firewall is flushed. The security group allows udp
> 10000-20000 , 5060 and 4569.
>
> Well it gets stranger:
>
> I set up a sip link to my home. Dialed the teliax number from my cell.
> Asterisk used the sip link to my home - and that worked!
>
> Dial("IAX2/iaxtest-584", "SIP/sip-to-home")
>
> Which seems to mean that the teliax <-> asterisk link is fine.
>
> But if I use a SIP/PSTN provider , I get one-way audio:
>
> Dial("IAX2/iaxtest-515", "SIP/jnctn/<home-pstn>")
>
> Completely baffled.
>
> sean
>
>
> -- 
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>

More information about the asterisk-users mailing list