have but having STUN as an additional option is really what we want. You can find an
implementation of a STUN library and apps at www.vovida.org. The External IP approach
has some flaws and can be a pain to configure for people that do not know what is actually
being done with this data. I will try to explain this since I have to test this stuff on vendor phones
every day...
SIP is a text-based protocol which means that address information is embedded in each SIP
message as "text". Unfortunately, most routers, etc. do not have a SIP ALG so the address
information in the UDP or TCP connections get corrected through the NAT function, the payload
which in this case is SIP and SDP (RTP setup messages) do not get translated. The other end
of the call outside your private network sees your private IP addresses and cannot route to them.
External IP basically says "put this address in the SIP and SDP messages instead of my private address".
The problem here is that if your lease is up on your ISP connection and the renew gives you another
address, you're out of business until you update your settings. The other thing is, you must port forward
your SIP port (usually 5060) and every incoming RTP/RTCP port pairs from the NAT router to Asterisk.
STUN is pretty simple and works well. This feature actually queries a STUN server on the public side
and askes what does your external IP and port look like. It also determines the level of IP security that
your are using. (Read the RFC on STUN, it is usefull) You don't have to port forward anything because
STUN enabled devices take advantage of the ALG in most firewalls that maps incoming traffic back
to the app (Asterisk in this case) if the packets arrive at the same address/port that packets just went
out. If the connection is idle for more than a set number of seconds, the mapping is automatically deleted.
This is why you see the devices "pinging" each other every so often. This allows an incoming call to reach
the SIP port.
Having BOTH External IP and STUN would give us the greatest flexibility because if we didn't have
a STUN server on the other end we could manually set it.
Martin Pycko wrote:
It's new. It prevents asterisk from putting the private IP in the messages that asterisk sends with SIP.
Martin
On Mon, 3 Nov 2003, WipeOut wrote:
Martin Pycko wrote:
Martin,You can port forward the 5060 SIP port and use externip keyword in sip.conf to have it working behind a NAT.
Martin
Is "externip" and new parameter??
Does it do a similar thing for the server as what "nat=yes" does for the phone?
Later..
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
