[asterisk-users] Asterisk pjsip and NAT just doesn't work

Michael Maier m1278468 at mailbox.org
Sun May 2 23:44:30 CDT 2021 

On 02.05.21 at 17:24 Michael Maier wrote:
> 
> On 02.05.21 at 10:08 Michael Maier wrote:
>>
>> Hello!
>>
>> I've just playing around some time to get NAT and pjsip running with asterisk 
>> 18.3 and 18.4 (w/o any patches added). NAT should be used for connection to the 
>> trunk.
>>
>> I wasn't able to get it working, because SDP address rewriting just doesn't work 
>> as it should.
>>
>> The situation is like this (CentOS 7):
>>
>> - Multihomed
>> - One small net for the trunk 10.15.13.17/32 as alias on one of the existing 
>> devices.
>> - TLS for SIP
>> - Added complete masquerading for this IP address
>> - added dnsmanager which provides the global IP address
>> - used direct media no
>> - used rewrite contact yes or no
>> - force rport: yes
>> - transport:
>>      external_media_address=external.mydom.org
>>      external_signaling_address=external.mydom.org
>>      bind to 10.15.13.17 (may I bind to a interface name?)
>>
>>
>> What are the problems?
>>
>> Outbound calls:
>> - Biggest problem: even if the WAN IP is set everywhere correctly in the 
>> *initial* INVITE, it's *always* missing in the INVITE *after* the 407 Proxy auth 
>> request in the SDP. In the first Invite, the SDP was ok, in the second Invite, 
>> the SDP is broken (rewriting doesn't seem to happen). Such calls naturally are 
>> dropped by the ISP (ok, one of my providers seems to ignore the entry completely).

This problem disappeared as I tested on a simple system holding just one local IP 
address. Do you have any idea where it could be fixed in the code?

>> - Another problem is, that the given external IP just isn't used consistently, 
>> some times it's there - mostly not (always the same easy call setup). I suspect 
>> / fear different behavior between reload and restart with same configuration.
 >>
>> - I expect all IP addresses of mine in all sip headers have to be the WAN IP.
> 
> - Next finding: The via header in a simple Ack isn't rewritten, too. Seems all 
> packages sent by pjsip itself don't know anything about NAT.

This problem persists even on the simple system. Where could it be fixed in the code?

> - How can I check if NAT is involved at all?
> 
> - Maybe asterisk gets confused if it can see the WAN IP (it's on the system, too), 
> but is bound to a local IP? But why are some headers written correctly and some 
> wrong?
>>
>> Inbound calls:
>> - Playing announcements doesn't work at all (no sound though rtp packages are 
>> flowing in both directions according tcpdump at the WAN interface).
>> - Calls given to local devices are working.
>>
>>
>>
>> Could somebody maybe give me a reference configuration for a working NAT 
>> configuration?
>>
>>
>> Thanks
>> Michael
>>

More information about the asterisk-users mailing list