[asterisk-users] dreaded one-way audio with nat=yes

sean darcy seandarcy2 at gmail.com
Sat Mar 10 10:07:41 CST 2012 

On 03/10/2012 12:13 AM, Vladimir Mikhelson wrote:
> Sean,
>
> I do not have experience with the Amazon service.  Cannot advise how to
> implement it in their environment.
>
> You need to have a route from your public IP(s) to your Asterisk
> instance for all incoming connections on RTP ports.
>
> Absence of this routing explains why SIP connection to your home
> (egress) worked whereas incoming SIP connection from your SIP provider
> (ingress) has a packed drop issue.  The egress connection is initiated
> from the LAN and firewall happily NATs in this case. On the ingress
> connection firewall drops all RTP traffic originated by your provider
> while happily NATing the traffic originated by your Asterisk.
>
> It is also a good idea to have "qualify=yes" in your SIP peers' settings
> to keep these NAT tables on the firewall updated for incoming SIP traffic.
>
> -Vladimir
>
>
>
>
> On 3/9/2012 9:15 PM, sean darcy wrote:
>> On 03/09/2012 09:42 PM, Arstan Jusupov wrote:
>>> Udp port 5060, udp port range 10000-20000 open? Those are for sip.
>>>
>>> For iax2 udp port 4569
>>>
>>> Make sure they are open.
>>>
>>> Also can you register two ext from the same instance and see if you
>>> can hear both ways....
>>>
>>> What kind of trunk do you have to the other side you calling?
>>>
>>> Arstan
>>> Sent from my iPhone
>>>
>>> On Mar 10, 2012, at 10:20 AM, sean darcy<seandarcy2 at gmail.com>   wrote:
>>>
>>>> On 03/09/2012 07:20 PM, Arstan Jusupov wrote:
>>>>> It may sound silly but did you configure/open firewall ports on
>>>>> amazon ec2? The instance itself as we as from the amazon ec2 panel?
>>>>>
>>>>> Sent from my iPhone
>>>>>
>>>>> On Mar 10, 2012, at 7:16 AM, sean darcy<seandarcy2 at gmail.com>    wrote:
>>>>>
>>>>>> On 03/09/2012 04:16 PM, sean darcy wrote:
>>>>>>> I'm trying to move the asterisk server to an Amazon Web instance. We
>>>>>>> have teliax for our sip provider. I'd like for our DID lines to be
>>>>>>> connected to a users cell phone.
>>>>>>>
>>>>>>> Seems simple enough, but I'm getting the dreaded one-way audio, even
>>>>>>> with nat=yes everyplace I can think of.
>>>>>>>
>>>>>>> The dialplan is real easy:
>>>>>>>
>>>>>>> [from-teliax-sip]
>>>>>>> exten =>    _j.,1,NoOp("From teliax sip with exten "${EXTEN}")
>>>>>>> exten =>    _j.,n,Set(3digitexten=${EXTEN:12:3}
>>>>>>> exten =>    _j.,n,NoOp("Callerid is " ${CALLERID(all)} )
>>>>>>> exten =>    _j.,n,GoTo(from-outside,${3digitexten},1)
>>>>>>>
>>>>>>> [from-outside]
>>>>>>> exten =>    123,1,NoOp()
>>>>>>> exten =>    123,n,Answer()
>>>>>>> exten =>    123,n,Dial(SIP/jnctn/1212xxxyyyy)
>>>>>>> exten =>    123,n,HangUp()
>>>>>>>
>>>>>>> sip.conf:
>>>>>>> [general]
>>>>>>> externaddr=xx.yyy.zz.aa
>>>>>>> nat=yes
>>>>>>> directmedia=no ; tried nonat
>>>>>>>
>>>>>>> sip show peer jnctn:
>>>>>>> Insecure : invite
>>>>>>> Force rport : Yes
>>>>>>> .........
>>>>>>> DirectMedia : No
>>>>>>>
>>>>>>> sip show peer teliax:
>>>>>>> Insecure : port,invite
>>>>>>> Force rport : Yes
>>>>>>> ........
>>>>>>> DirectMedia : No
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> And the cli doesn't show any problems:
>>>>>>>
>>>>>>> NoOp("SIP/teliax-00000022", ""From teliax sip with exten
>>>>>>> "<somename12lg>(123)"") in new stack
>>>>>>> Set("SIP/teliax-00000022", "3digitexten=123") in new stack
>>>>>>> NoOp("SIP/teliax-00000022", ""Callerid is " "") in new stack
>>>>>>> Goto("SIP/teliax-00000022", "from-outside,123,1") in new stack
>>>>>>> -- Goto (from-outside,123,1)
>>>>>>> NoOp("SIP/teliax-00000022", "") in new stack
>>>>>>> Answer("SIP/teliax-00000022", "") in new stack
>>>>>>> Dial("SIP/teliax-00000022", "SIP/jnctn/1212aaabbbb") in new stack
>>>>>>> == Using SIP RTP TOS bits 184
>>>>>>> == Using SIP RTP CoS mark 5
>>>>>>> -- Called SIP/jnctn/1212aaabbbb
>>>>>>> -- SIP/jnctn-00000023 is making progress passing it to
>>>>>>> SIP/teliax-00000022
>>>>>>> -- SIP/jnctn-00000023 answered SIP/teliax-00000022
>>>>>>> -- Locally bridging SIP/teliax-00000022 and SIP/jnctn-00000023
>>>>>>> == Spawn extension (from-outside, 123, 3) exited non-zero on
>>>>>>> 'SIP/teliax-00000022'
>>>>>>>
>>>>>>> The called party can hear the calling party, but not the reverse!
>>>>>>>
>>>>>>> Any help really appreciated!
>>>>>>>
>>>>>>> sean
>>>>>>>
>>>>>>
>>>>>> So I tried having teliax connect to the asterisk box with iax. But
>>>>>> now I get no audio both ways!
>>>>>>
>>>>>>         Answer("IAX2/iaxtest-1945", "") in new stack
>>>>>>         GotoIf("IAX2/iaxtest-1945", "1?123,1") in new stack
>>>>>>
>>>>>>      -- Goto (from-outside,123,1)
>>>>>>      -- Executing [123 at from-outside:1] NoOp("IAX2/iaxtest-1945",
>>>>>> "") in new stack
>>>>>>      -- Executing [123 at from-outside:2] Dial("IAX2/iaxtest-1945",
>>>>>> "SIP/jnctn/1aaabbbcccc") in new stack
>>>>>>    == Using SIP RTP TOS bits 184
>>>>>>    == Using SIP RTP CoS mark 5
>>>>>>      -- Called SIP/jnctn/1aaabbbcccc
>>>>>>      -- IAX2/iaxtest-1945 requested special control 20, passing it
>>>>>> to SIP/jnctn-00000000
>>>>>>      -- IAX2/iaxtest-1945 requested special control 20, passing it
>>>>>> to SIP/jnctn-00000000
>>>>>>      -- IAX2/iaxtest-1945 requested special control 20, passing it
>>>>>> to SIP/jnctn-00000000
>>>>>>      -- SIP/jnctn-00000000 is ringing
>>>>>>      -- IAX2/iaxtest-1945 requested special control 20, passing it
>>>>>> to SIP/jnctn-00000000
>>>>>>      -- IAX2/iaxtest-1945 requested special control 20, passing it
>>>>>> to SIP/jnctn-00000000
>>>>>>      -- SIP/jnctn-00000000 answered IAX2/iaxtest-1945
>>>>>>
>>>>>> Really puzzled.
>>>>>>
>>>>>> sean
>>>>
>>>> Well that's interesting. I hadn't realized that iptables was set up
>>>> on the instance, as well as the firewall from the security group on
>>>> the control panel.
>>>>
>>>> Flushed the instance iptables, which fixed a problem I was having
>>>> with a phone registering.
>>>>
>>>> But I still have my one-way audio. The calling party hears nothing
>>>> from the called party.
>>>>
>>>> sean
>>>>
>>
>> The instance firewall is flushed. The security group allows udp
>> 10000-20000 , 5060 and 4569.
>>
>> Well it gets stranger:
>>
>> I set up a sip link to my home. Dialed the teliax number from my cell.
>> Asterisk used the sip link to my home - and that worked!
>>
>> Dial("IAX2/iaxtest-584", "SIP/sip-to-home")
>>
>> Which seems to mean that the teliax<->  asterisk link is fine.
>>
>> But if I use a SIP/PSTN provider , I get one-way audio:
>>
>> Dial("IAX2/iaxtest-515", "SIP/jnctn/<home-pstn>")
>>
>> Completely baffled.
>>
>> sean
>>

Solved.

[general]
externaddr=<myip>
nat=yes
media_address=<myip>
directmedia=no

The secret was adding media_address=

puzzled why that would be necessary - why would asterisk give out an 
address other than the externaddr?

May be product of virtualization. ifconfig gives a 10.0.0.0 address, 
though the instance does have an external ipaddress assigned to it. 
Still odd * wouldn't use the externaddr though.

sean

More information about the asterisk-users mailing list