Re: [Asterisk-Users] Asterisk behind NAT to SIP provider
Jan Janak wrote: I experimented a little bit and Asterisk behind NAT with SIP works. I created an account at iptel.org and use that account for outbound SIP traffic from Asterisk. I can confirm that Asterisk behind NAT can call out to IPtel.org ...and users connected to iptel.org can call me, if my server is registred to iptel.org. As stated earlier, the iptel.org SIP express router is configured with a development version of the nathelper module, that assists SIP clients inside a NAT to keep sessions open, allowing incoming calls. In this configuration, Asterisk is simply just another SIP phone, seen from iptel.org's point of view. I'll update the information on the wiki so you can experiment with this. Thank you, Jan Janak @iptel.org, for testing with me! /Olle ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind NAT to SIP provider
I experimented a little bit and Asterisk behind NAT with SIP works. I created an account at iptel.org and use that account for outbound SIP traffic from Asterisk. I can confirm that Asterisk behind NAT can call out to IPtel.org ...and users connected to iptel.org can call me, if my server is registred to iptel.org. As stated earlier, the iptel.org SIP express router is configured with a development version of the nathelper module, that assists SIP clients inside a NAT to keep sessions open, allowing incoming calls. In this configuration, Asterisk is simply just another SIP phone, seen from iptel.org's point of view. I'll update the information on the wiki so you can experiment with this. Thank you, Jan Janak @iptel.org, for testing with me! Olle, That's exactly one of the methods I was referring to in my long-winded dissertation on asterisk with nat. There are others as well. It would be nice if some detailed technical explanation was included in the documentation as to why it works, and not just refer to nathelper as though everyone reading the doc will understand what that module is actually doing. (It probably won't help the plug-n-play newbies, but will certainly enlighten those that keep posting unqualified responses similar to asterisk won't work behind a nat box.) If possible, I'd also ensure you test the config with two or more simultanous conversations (through the nat box) as there are likely to be some limitations that should probably be noted as well. Rich ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind NAT to SIP provider
Jan Janak wrote: I experimented a little bit and Asterisk behind NAT with SIP works. I created an account at iptel.org and use that account for outbound SIP traffic from Asterisk. Great! I copied your information for other users to the Wiki. http://www.voip-info.org/tiki-index.php?page=Asterisk%20sip%20client%20SER Now, I have to check why it doesn't work on my Asterisk. Propably newbie behind console keyboard, but anyway... /O ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind NAT to SIP provider
I experimented a little bit and Asterisk behind NAT with SIP works. I created an account at iptel.org and use that account for outbound SIP traffic from Asterisk. Great! I copied your information for other users to the Wiki. http://www.voip-info.org/tiki-index.php?page=Asterisk%20sip%20client%20SER Now, I have to check why it doesn't work on my Asterisk. Propably newbie behind console keyboard, but anyway... There has been a fair amount of discussion on the list as to whether nat works with various/different configurations of sip phones with *. The exact configuration required is highly dependent on a number of technical factors that must be well understood before anyone can make a generic statement relative to whether it works or doesn't work. Without that understanding, practically every statement made on the list has been based on opinion and/or some trial error methodology that has resulted in a working example. (Nothing wrong with that, but the majority of the postings leave out critical info that causes the next person to attempt the same implementation but fails, and additional questions are generated.) The critical information needed to understand nat config's include: 1. Is * behind a nat box, sip phone behind a nat box, or both? 2. Is the nat box sip aware? 3. Can the nat box be programmed to forward a static range of ports to the inside? 4. Are there two nat boxes involved (one at each end of an expected sip-based connection)? 5. Does the sip phone support nat (eg, play nice with headers)? 6. Does * support nat (eg, play nice with headers) and is it config'ed? 7. Are there timers involved at either end of a nat traversal that are intended to keep nat table entries from timing out? 8. If so, what are the actual timeout values used for the specific nat box, and are sip end-point timers less then those of the nat box? (Don't assume all sip phones with nat functions are equal.) 9. What is the nat impact of a sip phone that has been configured to re-register every 60 seconds? 10. What is the range of rtp ports expected by the sip phone (eg, 7960's range from 16384 to 32766, but can be changed; xten uses 8000 to 8012 or something like that)? 11. Can the user implement iax (instead of sip) between end points? 12. When nat is found to function correctly, which end originated the nat traversal (makes a BIG difference)? And, probably another half dozen technical parameters that I'm forgetting to mention. I've spent many years working with corporate clients in more then 40 states diagnosing networking issues, doing protocol analysis, etc, and have seen a large number of nat boxes. The nat implementations from various vendors range from very basic translation tables to some rather sophisticated functions. And, just because a nat implementation comes from a well-known vendor doesn't mean anything (even Cisco has problems with no nat timeouts in certain boxes today). With that said, here's a couple of high-level examples that could work but these are not based on actual lab tests, etc. 1. If * is behind a nat box and * inititiates a tcp/udp conversation with a non-nat'ed address, some form of timer-based keep alive packet will keep the nat-box-table-entries active allowing the implementation to work. (Obviously assumes equipment can support sip header functions.) What are some of the configuration issues that may need to be addressed? a. limit the port numbers that can be used by * (rtp.conf) b. limit the port numbers that can be used by the sip phone. c. may still need to map the specific rtp port range in the nat box depending upon the nat box functionality. d. probably define nat=yes within *. (The real issue here is which end initiated the conversation and what is used to keep the nat translations active. I think we've already heard some folks doing this with certain Internet-based companies, but the postings left out a bunch of technical configuration data on both ends.) 2. * = nat = Internet = nat = sip phone Implement a combination of #1, above, at both ends assuming the end-point equipment has the capability to be configured (including the sip phone, nat boxes, etc). What tends to aggravate nat implementations are those NAT boxes that also implement PAT (port address translation), and the box vendor doesn't bother to hint at it in their documentation. (There are a very large number of networking folks that don't understand this, and its probably safe to assume 99.99% of the user community has never heard of it.) The PAT issues usually end up with someone suggesting sip phone #1 works but #2 doesn't and they are configured exactly the same. Or, call #1 works but call #2 fails. (And then the next person on the list says it works fine for them, but doesn't mention who's nat box he's using or what it's actually doing from a technical perspective.) I'd bet a small amount of money that
Re: [Asterisk-Users] Asterisk behind NAT to SIP provider
Rich Adamson wrote: I experimented a little bit and Asterisk behind NAT with SIP works. I created an account at iptel.org and use that account for outbound SIP traffic from Asterisk. Great! I copied your information for other users to the Wiki. http://www.voip-info.org/tiki-index.php?page=Asterisk%20sip%20client%20SER Now, I have to check why it doesn't work on my Asterisk. Propably newbie behind console keyboard, but anyway... There has been a fair amount of discussion on the list as to whether nat works with various/different configurations of sip phones with *. The exact configuration required is highly dependent on a number of technical factors that must be well understood before anyone can make a generic statement relative to whether it works or doesn't work. Without that understanding, practically every statement made on the list has been based on opinion and/or some trial error methodology that has resulted in a working example. (Nothing wrong with that, but the majority of the postings leave out critical info that causes the next person to attempt the same implementation but fails, and additional questions are generated.) Rich, Thank you for your additional information on the NAT/VoIP issue. Is it ok with you if I add it to the Wiki? As you say, we need to collect information and compose a data base of what works and what's not working in certain circumstances. Jan got * - SER working, I can't. We have different NAT:s. To try to solve my problem I made sure his solution was documented so far. There's no silver bullet here. With NATs, we've built a network without end-to-end connectivity and we need to patch it up to get VoIP working on an IPv4 network with NATs in every corner. I just hope that IPv6 will make life easier for the next generation of VoIP users. Right now, we need to understand all variables. /O ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind NAT to SIP provider
My asterisk server(s) are behind NAT, and I am a customer of Vonage (thrice-over), iconnecthere, and Net2Phone. There are still some rough edges (especially with iconnecthere) but overall it is not correct to say that they won't work. B. Thats great to hear. Can you please share your config files that connect iconnecthere and net2phone via SIP? I think there are a number of people here who have tried and not been able to get it to work. Robert ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind NAT to SIP provider
rnc Info Lists wrote: Thats great to hear. Can you please share your config files that connect iconnecthere and net2phone via SIP? I think there are a number of people here who have tried and not been able to get it to work. Here's what I'm using for iconnecthere. They provide me with both origination and termination, btw, so there are clauses that handle each. *** in sip.conf: register = 18005551212:[EMAIL PROTECTED] (first part is my inbound phone number, second is account password) [iconnect] type=peer username=12312312 secret= callerid = My Name 18005551212 host=213.137.73.140 And in extensions.conf: exten = _11.,1,Goto,iconn|BYEXTENSION|1 Later on. . . [iconn] exten = _11NXXNXX,1,StripMSD,1 exten = _1NXXNXX,2,Prefix, exten = _1NXXNXX,3,Dial,SIP/[EMAIL PROTECTED]||r For origination: exten = 15126919417,1,Dial,SIP/ata1|23 Note I'm using the old (deprecated) syntax for the various commands. And I don't pretend this is beautiful or optimal syntax. The preceding the number was something they told me to use to get gsm encoding. FWIW. B. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind NAT to SIP provider
I experimented a little bit and Asterisk behind NAT with SIP works. I created an account at iptel.org and use that account for outbound SIP traffic from Asterisk. I am using [EMAIL PROTECTED], all the SIP traffic will be sent to iptel.org proxy and the proxy will take care of NAT traversal. Currently I forward all numbers begining with 3 to iptel.org beucase I don't know how to create fall-back rule that will match when there are no other rules (neither i nor _. works for me). In the other direction, calls to [EMAIL PROTECTED] get translated to [EMAIL PROTECTED] and user jan registered at the asterisk box will receive them. To able able to call anywhere through iptel.org, From header field must contain iptel.org so fromdomain parameter is necesarry in [iptel] section. Testing scenario was as follows: [Caller][*]---[NAT][iptel.org (public inet)][NAT]---[Callee] and vice versa. sip.conf and extensions.conf follow. I have no previous experience in configuriing asterisk so maybe the config files are not the best ones, I simply took John Todd's config files and tweaked them a bit, it seems to work for me. To iptel.org proxy asterisk looks like a normal SIP user agent behind NAT. iptel.org is running SER with extended nathelper and RTP proxy. Jan. ; ; SIP Configuration for Asterisk ; [general] port = 5060 ; Port to bind to bindaddr = 0.0.0.0 ; Address to bind to context = from-sip ; Default for incoming calls ; register = asterisk:[EMAIL PROTECTED]/jan ; Register with a SIP provider [iptel] type=friend username=asterisk secret=password fromdomain=iptel.org host=iptel.org [jan] type=friend username=jan host=dynamic canreinvite=no extensions.conf: [from-sip] exten = jan,1,Dial(SIP/jan) exten = jan,2,Hangup exten = _3.,1,SetCallerID(jan) exten = _3.,2,SetCIDName(Jan Janak) exten = _3.,3,Dial(SIP/${EXTEN:[EMAIL PROTECTED]) exten = _3.,4,Playback(invalid) exten = _3.,5,Hangup ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind NAT to SIP provider
Jonathan Hogg wrote: OK. I've tried trawling the archives, but I'm not getting very far. I've got an Asterisk box behind a NAT which I want to register with a SIP provider. If you've travelled around the archives, you should now that this is a FAQ. At this moment, Asterisk behind a NAT can't connect to an outside SIP provider. If you put asterisk outside your NAT, your inside clients can connect to Asterisk and Asterisk will be able to connect to your providers. There are bug reports, web pages and mail in the archive that document this. Start at http://www.voip-info.org - click on Asterisk. /O ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind NAT to SIP provider
On 24/10/2003 16:05, Olle E. Johansson wrote: If you've travelled around the archives, you should now that this is a FAQ. I'm sure it is, but in the absence of a FAQ on the Asterisk website, this is a little hard for new users to determine. At this moment, Asterisk behind a NAT can't connect to an outside SIP provider. If you put asterisk outside your NAT, your inside clients can connect to Asterisk and Asterisk will be able to connect to your providers. I suspected this would be the case. The problem is that I have no control over the NAT. I guess I'll just have to work on my provider a bit more to support IAX. There are bug reports, web pages and mail in the archive that document this. Start at http://www.voip-info.org - click on Asterisk. I could find plenty of emails from people asking how to do it, but I couldn't find any answers - odd that Google only seems to show the questions, but not the answers. Thanks for the link and the help. Jonathan -- Jonathan Hogg Director, Technology Seventh Wave Systems Ltd. 4-14 Tabernacle Street London EC2A 4LU Telephone: +44 20 7074 0423 http://www.seventh-wave-systems.com/ ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind NAT to SIP provider
... At this moment, Asterisk behind a NAT can't connect to an outside SIP provider. If you put asterisk outside your NAT, your inside clients can connect to Asterisk and Asterisk will be able to connect to your providers. I suspected this would be the case. The problem is that I have no control over the NAT. I guess I'll just have to work on my provider a bit more to support IAX. Jonathan, I have the same problem and have solved it by using iaxtel.com. Asterisk talks to IAXtel quite well on inbound and outbound from behind my NAT router. While I don't have the dialplan inside Asterisk completed yet it does do the following: - outbound calls from any internal extension to any service reachable over iaxtel.com. I've tested the following: - USA toll-free numbers (until they stopped working this week.. seems to be an IAXTel problem) - other IAXtel numbers - FWD numbers (1 700 99 x) - inbound calls from FWD to my IAXTEL number ring into the Asterisk box. Currently I play a message then forward them to an internal extension as proof of concept. If you would like the parts of extensions.conf and iax.conf that seem to make it work let me know. I pulled bits and pieces from various places, including a number of the postings on this list over the last 2 days. All of this is rather impressive for me but my wife really wonders if I've lost my sanity... Hunker down everyone.. here comes the solar flare. Robert ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind NAT to SIP provider
We just made interconnection from NAT-ed Asteriks to our softswitch. And everything worked well... maybe because of our softswitch ..which is really powerfull. We can test with you to see if it is a case. Let me know. Alexander - Original Message - From: rnc Info Lists [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 24, 2003 2:31 PM Subject: Re: [Asterisk-Users] Asterisk behind NAT to SIP provider ... At this moment, Asterisk behind a NAT can't connect to an outside SIP provider. If you put asterisk outside your NAT, your inside clients can connect to Asterisk and Asterisk will be able to connect to your providers. I suspected this would be the case. The problem is that I have no control over the NAT. I guess I'll just have to work on my provider a bit more to support IAX. Jonathan, I have the same problem and have solved it by using iaxtel.com. Asterisk talks to IAXtel quite well on inbound and outbound from behind my NAT router. While I don't have the dialplan inside Asterisk completed yet it does do the following: - outbound calls from any internal extension to any service reachable over iaxtel.com. I've tested the following: - USA toll-free numbers (until they stopped working this week.. seems to be an IAXTel problem) - other IAXtel numbers - FWD numbers (1 700 99 x) - inbound calls from FWD to my IAXTEL number ring into the Asterisk box. Currently I play a message then forward them to an internal extension as proof of concept. If you would like the parts of extensions.conf and iax.conf that seem to make it work let me know. I pulled bits and pieces from various places, including a number of the postings on this list over the last 2 days. All of this is rather impressive for me but my wife really wonders if I've lost my sanity... Hunker down everyone.. here comes the solar flare. Robert ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Asterisk behind NAT to SIP provider
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rnc Info Lists Sent: 24 October 2003 19:32 To: [EMAIL PROTECTED] Subject: Re: [Asterisk-Users] Asterisk behind NAT to SIP provider ... At this moment, Asterisk behind a NAT can't connect to an outside SIP provider. If you put asterisk outside your NAT, your inside clients can connect to Asterisk and Asterisk will be able to connect to your providers. I suspected this would be the case. The problem is that I have no control over the NAT. I guess I'll just have to work on my provider a bit more to support IAX. I've currently got Asterisk running behind NAT with iconnecthere and it works with incoming and outgoing calls. All I did enable nat in sip.conf (nat=1) and authenticate against natrelay.deltathree.com. The only 'special' thing I can see about my setup is that the NAT device supports UPNP. I haven't port forwarded any external ports internally. -Nathan ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind NAT to SIP provider
I've currently got Asterisk running behind NAT with iconnecthere and it works with incoming and outgoing calls. All I did enable nat in sip.conf (nat=1) and authenticate against natrelay.deltathree.com. The only 'special' thing I can see about my setup is that the NAT device supports UPNP. I haven't port forwarded any external ports internally. Great! I wonder what their natrelay is really doing. Deltathree have published a very good white paper on NAT and SIP, so they propably know what they're doing. Please debug with CLI sip debug and try to understand what really goes on and please tell us, or forward the debug. A register and a call setup would be interesting. Also, please mail your configuration for us to consider. Every little step forward... /O ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind NAT to SIP provider
On 24/10/2003 19:31, rnc Info Lists wrote: I have the same problem and have solved it by using iaxtel.com. Asterisk talks to IAXtel quite well on inbound and outbound from behind my NAT router. Yeah, I got that working as a test that Asterisk could successfully route calls in and out to my extensions, but I need a PSTN gateway service that can offer numbers in London and NY. I'm talking to a UK provider, but they only do SIP at the moment. I'm working with one of their tech guys to see if they can support IAX via an Asterisk installation at their end. Jonathan -- Jonathan Hogg Director, Technology Seventh Wave Systems Ltd. 4-14 Tabernacle Street London EC2A 4LU Telephone: +44 20 7074 0423 http://www.seventh-wave-systems.com/ ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind NAT to SIP provider
Try to register your Asterisk with iptel.org. There is a public SIP proxy running with support for NAT traversal. To do so, disable any NAT traversal features in Asterisk (the proxy can detect that you are behind a NAT and will modify the messages accordingly). You don't have to setup anything in your NAT box. Let me know if that doesn't work (I will need your username in that case to find out why). Jan. On 24-10 23:00, Jonathan Hogg wrote: On 24/10/2003 19:31, rnc Info Lists wrote: I have the same problem and have solved it by using iaxtel.com. Asterisk talks to IAXtel quite well on inbound and outbound from behind my NAT router. Yeah, I got that working as a test that Asterisk could successfully route calls in and out to my extensions, but I need a PSTN gateway service that can offer numbers in London and NY. I'm talking to a UK provider, but they only do SIP at the moment. I'm working with one of their tech guys to see if they can support IAX via an Asterisk installation at their end. Jonathan -- Jonathan Hogg Director, Technology Seventh Wave Systems Ltd. 4-14 Tabernacle Street London EC2A 4LU Telephone: +44 20 7074 0423 http://www.seventh-wave-systems.com/ ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind NAT to SIP provider
Jonathan Hogg wrote: At this moment, Asterisk behind a NAT can't connect to an outside SIP provider. If you put asterisk outside your NAT, your inside clients can connect to Asterisk and Asterisk will be able to connect to your providers. Not true. My asterisk server(s) are behind NAT, and I am a customer of Vonage (thrice-over), iconnecthere, and Net2Phone. There are still some rough edges (especially with iconnecthere) but overall it is not correct to say that they won't work. B. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users