[asterisk-users] Asterisk pjsip and NAT just doesn't work

Michael Maier m1278468 at mailbox.org
Sun May 2 10:24:58 CDT 2021

On 02.05.21 at 10:08 Michael Maier wrote:
> Hello!
> I've just playing around some time to get NAT and pjsip running with asterisk 18.3 
> and 18.4 (w/o any patches added). NAT should be used for connection to the trunk.
> I wasn't able to get it working, because SDP address rewriting just doesn't work 
> as it should.
> The situation is like this (CentOS 7):
> - Multihomed
> - One small net for the trunk as alias on one of the existing devices.
> - TLS for SIP
> - Added complete masquerading for this IP address
> - added dnsmanager which provides the global IP address
> - used direct media no
> - used rewrite contact yes or no
> - force rport: yes
> - transport:
>      external_media_address=external.mydom.org
>      external_signaling_address=external.mydom.org
>      bind to (may I bind to a interface name?)
> What are the problems?
> Outbound calls:
> - Biggest problem: even if the WAN IP is set everywhere correctly in the *initial* 
> INVITE, it's *always* missing in the INVITE *after* the 407 Proxy auth request in 
> the SDP. In the first Invite, the SDP was ok, in the second Invite, the SDP is 
> broken (rewriting doesn't seem to happen). Such calls naturally are dropped by the 
> ISP (ok, one of my providers seems to ignore the entry completely).
> - Another problem is, that the given external IP just isn't used consistently, 
> some times it's there - mostly not (always the same easy call setup). I suspect / 
> fear different behavior between reload and restart with same configuration.
> - I expect all IP addresses of mine in all sip headers have to be the WAN IP.

- Next finding: The via header in a simple Ack isn't rewritten, too. Seems all 
packages sent by pjsip itself don't know anything about NAT.

- How can I check if NAT is involved at all?

- Maybe asterisk gets confused if it can see the WAN IP (it's on the system, too), 
but is bound to a local IP? But why are some headers written correctly and some wrong?

> Inbound calls:
> - Playing announcements doesn't work at all (no sound though rtp packages are 
> flowing in both directions according tcpdump at the WAN interface).
> - Calls given to local devices are working.
> Could somebody maybe give me a reference configuration for a working NAT 
> configuration?
> Thanks
> Michael

