<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'><div dir='ltr'>
One more thing can you post your peer's configs as you have it in the config file? and can you register with the same user from within the lan?<br><br><br><br>Tarek Sawah<br><br>Information Technology Adviser<br><br>Integrated Digital Systems<br><br>CCNP, MCSE, RHCE, TELECOM<br><br>USA: +1 386 492 9993<br><br><br><br><div>> Date: Sun, 16 Oct 2011 12:33:27 +0200<br>> From: admin@tootai.net<br>> To: asterisk-users@lists.digium.com<br>> Subject: Re: [asterisk-users] Asterisk 1.8.7 and client outside network<br>> <br>> Hi Tarek<br>> <br>> Le 15/10/2011 20:28, Tarek Sawah a écrit :<br>> > Hello Daniel<br>> > First question, do you have a firewall application or hardware <br>> > installed on the network?<br>> <br>> The Asterisk server is also the firewall/router, iptables running on it.<br>> <br>> ><br>> > Second do you have some software similar to fail2ban?<br>> <br>> Yes, but I put the domain IP in ignoreip list. I checked fail2ban <br>> iptables rules, no trace of this IP<br>> <br>> ><br>> > Third check your IPTABLES if you can post the output of iptables-save <br>> > would be good.<br>> ><br>> > if you can replace the localnet=<Asterisk server external IP/32> <br>> > with externip=<Asterisk server external IP/32><br>> <br>> I didn't send this info but externalip is setted to <Asterisk server <br>> external IP/32><br>> <br>> ><br>> > then we will be able to check your problem?<br>> <br>> This setup is working on tens of customers servers (1.2, 1.4 and 1.6), <br>> but this is the first one running 1.8 version. The same phone connect <br>> perfectly to our 1.6 server in the same conditions, so it's seems <br>> something related to 1.8 version.<br>> <br>> What I don't understand is that (violating IP ) should display the IP <br>> but in my case it's blank (or empty). Should domain contain as well the <br>> port despite the fact that we have insecure=port,invite?<br>> <br>> Thanks for your help<br>> <br>> Daniel<br>> <br>> ><br>> ><br>> > > Date: Sat, 15 Oct 2011 19:08:10 +0200<br>> > > From: admin@tootai.net<br>> > > To: asterisk-users@lists.digium.com<br>> > > Subject: Re: [asterisk-users] Asterisk 1.8.7 and client outside network<br>> > ><br>> > > Hi,<br>> > ><br>> > > no clue on this?<br>> > ><br>> > > I found a thread in march from Faisal Hanif having the same problem but<br>> > > no one of the proposed ideas where working (reverse permit/deny, tried<br>> > > with only permit=0.0.0.0/0.0.0.0, aso), no luck :-) I don't now if it's<br>> > > solved for him.<br>> > ><br>> > > If someone had a solution on this, would be great to share ;-)<br>> > ><br>> > > Regards<br>> > ><br>> > > --<br>> > > Daniel<br>> > ><br>> > ><br>> > > Le 07/10/2011 15:01, Administrator TOOTAI a écrit :<br>> > > > Hi,<br>> > > ><br>> > > > my asterisk 1.8.7 is working well with phones (SNOM, Gigaset 620 and<br>> > > > GrandStream) connected from the lan<br>> > > ><br>> > > > I now want to connect a snom320 from outside but it failed, having <br>> > always<br>> > > ><br>> > > > [Oct 7 14:48:04] ERROR[3870]: netsock2.c:94 <br>> > ast_sockaddr_stringify_fmt:<br>> > > > getnameinfo(): ai_family not supported<br>> > > > [Oct 7 14:48:04] WARNING[3870]: chan_sip.c:13597 <br>> > parse_register_contact:<br>> > > > Domain 'XX.XXX.XXX.XX:2048' disallowed by contact ACL (violating IP )<br>> > > > [Oct 7 14:48:04] WARNING[3870]: chan_sip.c:14306 register_verify:<br>> > > > Registration denied because of contact ACL<br>> > > ><br>> > > > doesn't matter if I connect through a VPN or to the public IP <br>> > using STUN.<br>> > > ><br>> > > ><br>> > > > My sip.conf:<br>> > > ><br>> > > > localnet=172.24.0.0/12<br>> > > > localnet=169.254.0.0/255.255.0.0 ; Zero conf local network<br>> > > > localnet=<Asterisk server external IP/32><br>> > > > autodomain=yes<br>> > > > ;allowexternaldomains=yes<br>> > > > domain=172.24.30.250 ;Asterisk Server IP<br>> > > > domain=<Public Hostname><br>> > > > domain=<Another Public Hostname><br>> > > ><br>> > > > [309](snom320,ulaw-phone,callgroup1)<br>> > > > type=friend<br>> > > > insecure=port,invite<br>> > > > secret=VoIP2auDIo<br>> > > > contactdeny=0.0.0.0/0.0.0.0<br>> > > > contactpermit=XX.XXX.XXX.XX/32 ; External IP from phone, same as<br>> > > > disallowed by contact ACL<br>> > > > deny=0.0.0.0/0.0.0.0<br>> > > > permit=XX.XXX.XXX.XX/32<br>> > > > nat=yes<br>> > > ><br>> > > > Any clue? Why violating IP is empty?<br>> <br>> --<br>> _____________________________________________________________________<br>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --<br>> New to Asterisk? Join us for a live introductory webinar every Thurs:<br>> http://www.asterisk.org/hello<br>> <br>> asterisk-users mailing list<br>> To UNSUBSCRIBE or update options visit:<br>> http://lists.digium.com/mailman/listinfo/asterisk-users<br></div> </div></body>
</html>