[Asterisk-Users] Almost there--Remote connection
G'Day All; Greetings and best wishes. I need some help as follows: My Grandstream 100 is at a remote location on broadband and connects to my * server else where. From a POST line I dial the 3 to the * server and selects the ext # of the remote GS100 IP phone. The GS100 rings. When answered I can clearly hear everything coming from the phone that's calling in. The caller cannot hear anything coming from the GS100 IP phone. If I make a call out from the GS100 to a POTS #, the POTS number rings. Upon answering, the GS100 can also hear everything from the POTS phone but the POTS phone is not hearing anything from the GS100. I believe the phone is setup right. The * server is behind a firewall and I have opened ports 1-10100 5060 5004 4569 So it seems that my something is not allowing signal from the GS100 IP phone out but is allowing signal in. Any thoughts one where/what I should be modifying? Thanks much. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Almost there--Remote connection
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferguson, Michael Sent: 19 October 2004 16:18 To: [EMAIL PROTECTED] Subject: [Asterisk-Users] Almost there--Remote connection [snip] The * server is behind a firewall and I have opened ports 1-10100 5060 5004 4569 IIRC, SIP uses 1-2 by default. Have you changed this to 1-10100? Cheers, Karl This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Almost there--Remote connection
The 1-10100 was given to me by a prior post so I really do not know. I will change the forewall to allow 1-2 and see if it works. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karl Dyson Sent: Tuesday, October 19, 2004 11:22 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferguson, Michael Sent: 19 October 2004 16:18 To: [EMAIL PROTECTED] Subject: [Asterisk-Users] Almost there--Remote connection [snip] The * server is behind a firewall and I have opened ports 1-10100 5060 5004 4569 IIRC, SIP uses 1-2 by default. Have you changed this to 1-10100? Cheers, Karl This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Almost there--Remote connection
My firewall script has something to the effect of: # Allow Existing traffic through -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Incoming VOIP Ports -A INPUT -m state --state NEW -m tcp -p tcp --dport 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 2727:2727 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 4569:4569 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5060:5061 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 1:2 -j ACCEPT That's for IAX2 and SIP. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karl Dyson Sent: Tuesday, October 19, 2004 11:22 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferguson, Michael Sent: 19 October 2004 16:18 To: [EMAIL PROTECTED] Subject: [Asterisk-Users] Almost there--Remote connection [snip] The * server is behind a firewall and I have opened ports 1-10100 5060 5004 4569 IIRC, SIP uses 1-2 by default. Have you changed this to 1-10100? Cheers, Karl This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Almost there--Remote connection
Thanks. I think that's Iptables. No? I have a hardware firewall. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Deon Rodden Sent: Tuesday, October 19, 2004 11:35 AM To: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: RE: [Asterisk-Users] Almost there--Remote connection My firewall script has something to the effect of: # Allow Existing traffic through -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Incoming VOIP Ports -A INPUT -m state --state NEW -m tcp -p tcp --dport 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 2727:2727 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 4569:4569 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5060:5061 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 1:2 -j ACCEPT That's for IAX2 and SIP. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karl Dyson Sent: Tuesday, October 19, 2004 11:22 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferguson, Michael Sent: 19 October 2004 16:18 To: [EMAIL PROTECTED] Subject: [Asterisk-Users] Almost there--Remote connection [snip] The * server is behind a firewall and I have opened ports 1-10100 5060 5004 4569 IIRC, SIP uses 1-2 by default. Have you changed this to 1-10100? Cheers, Karl This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Almost there--Remote connection
I made the firewall changes but still the same result. On the GS100 phone, what us STUN server? Why is it important? If it say No in the config, I hear nothing. If it says and has GS's STUN IP the connection is one way as noted prior. Might this be the culprit? Thanks... I am almost there!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Deon Rodden Sent: Tuesday, October 19, 2004 11:35 AM To: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: RE: [Asterisk-Users] Almost there--Remote connection My firewall script has something to the effect of: # Allow Existing traffic through -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Incoming VOIP Ports -A INPUT -m state --state NEW -m tcp -p tcp --dport 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 2727:2727 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 4569:4569 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5060:5061 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 1:2 -j ACCEPT That's for IAX2 and SIP. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karl Dyson Sent: Tuesday, October 19, 2004 11:22 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferguson, Michael Sent: 19 October 2004 16:18 To: [EMAIL PROTECTED] Subject: [Asterisk-Users] Almost there--Remote connection [snip] The * server is behind a firewall and I have opened ports 1-10100 5060 5004 4569 IIRC, SIP uses 1-2 by default. Have you changed this to 1-10100? Cheers, Karl This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Almost there--Remote connection
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferguson, Michael Sent: 19 October 2004 16:49 To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection Thanks. I think that's Iptables. No? I have a hardware firewall. First, have a peek in rtp.conf and see what it says its using. For example, my (modified) version looks like: ; ; RTP Configuration ; [general] ; ; RTP start and RTP end configure start and end addresses ; rtpstart=15000 rtpend=17000 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Deon Rodden Sent: Tuesday, October 19, 2004 11:35 AM To: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: RE: [Asterisk-Users] Almost there--Remote connection My firewall script has something to the effect of: # Allow Existing traffic through -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Incoming VOIP Ports -A INPUT -m state --state NEW -m tcp -p tcp --dport 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 2727:2727 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 4569:4569 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5060:5061 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 1:2 -j ACCEPT That's for IAX2 and SIP. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karl Dyson Sent: Tuesday, October 19, 2004 11:22 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferguson, Michael Sent: 19 October 2004 16:18 To: [EMAIL PROTECTED] Subject: [Asterisk-Users] Almost there--Remote connection [snip] The * server is behind a firewall and I have opened ports 1-10100 5060 5004 4569 IIRC, SIP uses 1-2 by default. Have you changed this to 1-10100? Cheers, Karl __ __ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk __ __ ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users __ __ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk __ __ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Almost there--Remote connection
Thanks. Mine says rtpstart=1 rtpend=2 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karl Dyson Sent: Tuesday, October 19, 2004 12:13 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferguson, Michael Sent: 19 October 2004 16:49 To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection Thanks. I think that's Iptables. No? I have a hardware firewall. First, have a peek in rtp.conf and see what it says its using. For example, my (modified) version looks like: ; ; RTP Configuration ; [general] ; ; RTP start and RTP end configure start and end addresses ; rtpstart=15000 rtpend=17000 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Deon Rodden Sent: Tuesday, October 19, 2004 11:35 AM To: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: RE: [Asterisk-Users] Almost there--Remote connection My firewall script has something to the effect of: # Allow Existing traffic through -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Incoming VOIP Ports -A INPUT -m state --state NEW -m tcp -p tcp --dport 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 2727:2727 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 4569:4569 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5060:5061 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 1:2 -j ACCEPT That's for IAX2 and SIP. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karl Dyson Sent: Tuesday, October 19, 2004 11:22 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferguson, Michael Sent: 19 October 2004 16:18 To: [EMAIL PROTECTED] Subject: [Asterisk-Users] Almost there--Remote connection [snip] The * server is behind a firewall and I have opened ports 1-10100 5060 5004 4569 IIRC, SIP uses 1-2 by default. Have you changed this to 1-10100? Cheers, Karl __ __ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk __ __ ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users __ __ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk __ __ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Almost there--Remote connection
I just realised that I neglected to mention that the remote GS100 phone is sitting behind a firewall also. Do I need to open any outgoing ports on that firewall? Considering that one cannot hear anything from the GS100 IP phone? Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferguson, Michael Sent: Tuesday, October 19, 2004 12:32 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection Thanks. Mine says rtpstart=1 rtpend=2 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karl Dyson Sent: Tuesday, October 19, 2004 12:13 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferguson, Michael Sent: 19 October 2004 16:49 To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection Thanks. I think that's Iptables. No? I have a hardware firewall. First, have a peek in rtp.conf and see what it says its using. For example, my (modified) version looks like: ; ; RTP Configuration ; [general] ; ; RTP start and RTP end configure start and end addresses ; rtpstart=15000 rtpend=17000 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Deon Rodden Sent: Tuesday, October 19, 2004 11:35 AM To: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: RE: [Asterisk-Users] Almost there--Remote connection My firewall script has something to the effect of: # Allow Existing traffic through -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Incoming VOIP Ports -A INPUT -m state --state NEW -m tcp -p tcp --dport 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 2727:2727 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 4569:4569 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5060:5061 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 1:2 -j ACCEPT That's for IAX2 and SIP. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karl Dyson Sent: Tuesday, October 19, 2004 11:22 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferguson, Michael Sent: 19 October 2004 16:18 To: [EMAIL PROTECTED] Subject: [Asterisk-Users] Almost there--Remote connection [snip] The * server is behind a firewall and I have opened ports 1-10100 5060 5004 4569 IIRC, SIP uses 1-2 by default. Have you changed this to 1-10100? Cheers, Karl __ __ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk __ __ ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users __ __ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk __ __ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk
RE: [Asterisk-Users] Almost there--Remote connection
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferguson, Michael Sent: 19 October 2004 18:30 To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection I just realised that I neglected to mention that the remote GS100 phone is sitting behind a firewall also. Do I need to open any outgoing ports on that firewall? Considering that one cannot hear anything from the GS100 IP phone? Yes, both phones will need to have ports 1-2 open (having seen your rtp.conf) if they are going o register with your * server. Mine says rtpstart=1 rtpend=2 This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Almost there--Remote connection
On Tue, 19 Oct 2004 11:18:17 -0400, Ferguson, Michael [EMAIL PROTECTED] wrote: My Grandstream 100 is at a remote location on broadband and connects to my * server else where. and: The * server is behind a firewall and: The GS100 rings. When answered I can clearly hear everything coming from the phone that's calling in. The caller cannot hear anything coming from the GS100 IP phone. Of course not. Running a SIP server behind a Firewall does not exactly make things straightforward. Is your server is only behind a firewall or is it also behind a NAT? If it is behind NAT you should know that that SIP/NAT traversal workarounds are for clients behind NAT connecting to servers on public IPs, not for clients on public IPs connecting to servers behind NAT. rgds benjk -- Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya, Tokyo, Japan. NB: Spam filters in place. Messages unrelated to the * mailing lists may get trashed. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Almost there--Remote connection
Thanks. The server is NAT'd. So, Am I to conclude that it is not going to work and I should abandon it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benjamin on Asterisk Mailing Lists Sent: Tuesday, October 19, 2004 1:51 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Almost there--Remote connection On Tue, 19 Oct 2004 11:18:17 -0400, Ferguson, Michael [EMAIL PROTECTED] wrote: My Grandstream 100 is at a remote location on broadband and connects to my * server else where. and: The * server is behind a firewall and: The GS100 rings. When answered I can clearly hear everything coming from the phone that's calling in. The caller cannot hear anything coming from the GS100 IP phone. Of course not. Running a SIP server behind a Firewall does not exactly make things straightforward. Is your server is only behind a firewall or is it also behind a NAT? If it is behind NAT you should know that that SIP/NAT traversal workarounds are for clients behind NAT connecting to servers on public IPs, not for clients on public IPs connecting to servers behind NAT. rgds benjk -- Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya, Tokyo, Japan. NB: Spam filters in place. Messages unrelated to the * mailing lists may get trashed. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Almost there--Remote connection
Thanks. I opened 1-2 also on the remote firewall, but still no success. Quite frustrating. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karl Dyson Sent: Tuesday, October 19, 2004 1:45 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferguson, Michael Sent: 19 October 2004 18:30 To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection I just realised that I neglected to mention that the remote GS100 phone is sitting behind a firewall also. Do I need to open any outgoing ports on that firewall? Considering that one cannot hear anything from the GS100 IP phone? Yes, both phones will need to have ports 1-2 open (having seen your rtp.conf) if they are going o register with your * server. Mine says rtpstart=1 rtpend=2 This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Almost there--Remote connection
On Tue, 2004-19-10 at 14:07 -0400, Ferguson, Michael wrote: Thanks. The server is NAT'd. So, Am I to conclude that it is not going to work and I should abandon it? I've been down this road. Follow this thread: http://thread.gmane.org/gmane.comp.telephony.pbx.asterisk.user/45339 Ryan Courtnage ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Almost there--Remote connection
On Tue, 19 Oct 2004 14:07:46 -0400, Ferguson, Michael [EMAIL PROTECTED] wrote: Thanks. The server is NAT'd. So, Am I to conclude that it is not going to work and I should abandon it? Port forwarding alone won't work because SIP is really SIP+2xRTP which means there are three data streams that from a TCP/IP point of view are three different and unrelated connections: one SIP (signalling) and two RTP (audio) streams. Only the content of the SIP messages makes them logically belong together, but TCP/IP is meant to only care about the envelope, not what's inside the packets. So, your first challenge is to get your NAT router to not throw away the incoming audio. It does so because it doesn't know nor care about the content of the SIP messages which say that the two RTP audio streams belong together and are to be passed on to your Asterisk server. Your second challenge is to get your Asterisk server to match everything up. Because of the NAT, the picture the SIP messages describe doesn't match the picture your server actually sees, and since computer software is pretty bad at guessing, it will simply ignore the bits that it cannot make sense of. My advice would be this: If you are curious and feel that a challenge is always worth taking even if only for the learning experience, then you may want to play with this a little. You may or may not get it to work, I tend to think you won't, but trying to make it work will give you insights in how SIP and NAT work, and in particular how they are not really meant to work together. This is an insight worth struggling for and it will help you later to get other things working or be able to make a good assessment of whether something is just a waste of time. As you might have guessed, I am one of those rebellious minds who didn't take the advice from others that SIP and NAT was a waste of time, I had to find out by myself and I didn't find the holy grail with the magic oil that makes SIP/NAT traversal work, but I am grateful for what I learned in the process of trying. However, if you are a more rational and want to get the job done with a minimal amount of time and effort, regardless of all the fun you might miss out on ;-) then you may want to look at alternatives that are more promising. In the former case, you will want to put your server into the DMZ and then use SIP debug on your Asterisk console to see what the SIP messages say and compare that to a successful SIP connection from within the NAT. Then you want to play with certain parameters at your disposal in /etc/asterisk/sip.conf, such as externip, fromdomain, fromuser etc etc trying to repair the incoming SIP messages so that they make as much sense to your server as the ones of the successful connection from within the NAT. This is a little more challenging than if you had the opposite situation (phone behind NAT, server on a public IP) because you cannot tweak those parameters on your Grandstream phone which is where the broken SIP messages are going to come from and where naturally the best place would be to tweak things. You can already see where the learning is going to come from ;-) In the latter case, if you just want to get the job done fast, then your alternatives are this: 1) put your Asterisk server on a public IP 2) connect your Asterisk server and your Grandstream phone to FWD [Asterisk]---SIP---[NAT router]---SIP---[FWD]---SIP---[Grandstream] this way, your server becomes a client of FWD, where the FWD is a server with a public IP. Then all you have to solve is how to connect your Asterisk client behind NAT to a SIP server outside of the NAT. That's a lot less of a challenge. If you still have problems with SIP/NAT traversal, you could always use IAX to connect to FWD and that's a walk in the park. 3) build a tunnel between the Asterisk server and the Grandstream phone If your hardware firewall supports a tunneling protocol, ie GRE, IPsec or PPTP, then you could get some device that supports the same protocol at the place where your Grandstream phone is and build a tunnel through which SIP and RTP will travel smoothly without seeing the NAT. hope this helps rgds benjk -- Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya, Tokyo, Japan. NB: Spam filters in place. Messages unrelated to the * mailing lists may get trashed. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Almost there--Remote connection
Ryan, Thanks. That looks hopeful. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Courtnage Sent: Tuesday, October 19, 2004 2:25 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection On Tue, 2004-19-10 at 14:07 -0400, Ferguson, Michael wrote: Thanks. The server is NAT'd. So, Am I to conclude that it is not going to work and I should abandon it? I've been down this road. Follow this thread: http://thread.gmane.org/gmane.comp.telephony.pbx.asterisk.user/45339 Ryan Courtnage ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Almost there--Remote connection
Benjamin, Thanks for your feedback. -Original Message- From: Benjamin on Asterisk Mailing Lists [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 2:53 PM To: Ferguson, Michael Cc: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Almost there--Remote connection On Tue, 19 Oct 2004 14:07:46 -0400, Ferguson, Michael [EMAIL PROTECTED] wrote: Thanks. The server is NAT'd. So, Am I to conclude that it is not going to work and I should abandon it? Port forwarding alone won't work because SIP is really SIP+2xRTP which means there are three data streams that from a TCP/IP point of view are three different and unrelated connections: one SIP (signalling) and two RTP (audio) streams. Only the content of the SIP messages makes them logically belong together, but TCP/IP is meant to only care about the envelope, not what's inside the packets. So, your first challenge is to get your NAT router to not throw away the incoming audio. It does so because it doesn't know nor care about the content of the SIP messages which say that the two RTP audio streams belong together and are to be passed on to your Asterisk server. Your second challenge is to get your Asterisk server to match everything up. Because of the NAT, the picture the SIP messages describe doesn't match the picture your server actually sees, and since computer software is pretty bad at guessing, it will simply ignore the bits that it cannot make sense of. My advice would be this: If you are curious and feel that a challenge is always worth taking even if only for the learning experience, then you may want to play with this a little. You may or may not get it to work, I tend to think you won't, but trying to make it work will give you insights in how SIP and NAT work, and in particular how they are not really meant to work together. This is an insight worth struggling for and it will help you later to get other things working or be able to make a good assessment of whether something is just a waste of time. As you might have guessed, I am one of those rebellious minds who didn't take the advice from others that SIP and NAT was a waste of time, I had to find out by myself and I didn't find the holy grail with the magic oil that makes SIP/NAT traversal work, but I am grateful for what I learned in the process of trying. However, if you are a more rational and want to get the job done with a minimal amount of time and effort, regardless of all the fun you might miss out on ;-) then you may want to look at alternatives that are more promising. In the former case, you will want to put your server into the DMZ and then use SIP debug on your Asterisk console to see what the SIP messages say and compare that to a successful SIP connection from within the NAT. Then you want to play with certain parameters at your disposal in /etc/asterisk/sip.conf, such as externip, fromdomain, fromuser etc etc trying to repair the incoming SIP messages so that they make as much sense to your server as the ones of the successful connection from within the NAT. This is a little more challenging than if you had the opposite situation (phone behind NAT, server on a public IP) because you cannot tweak those parameters on your Grandstream phone which is where the broken SIP messages are going to come from and where naturally the best place would be to tweak things. You can already see where the learning is going to come from ;-) In the latter case, if you just want to get the job done fast, then your alternatives are this: 1) put your Asterisk server on a public IP 2) connect your Asterisk server and your Grandstream phone to FWD [Asterisk]---SIP---[NAT router]---SIP---[FWD]---SIP---[Grandstream] this way, your server becomes a client of FWD, where the FWD is a server with a public IP. Then all you have to solve is how to connect your Asterisk client behind NAT to a SIP server outside of the NAT. That's a lot less of a challenge. If you still have problems with SIP/NAT traversal, you could always use IAX to connect to FWD and that's a walk in the park. 3) build a tunnel between the Asterisk server and the Grandstream phone If your hardware firewall supports a tunneling protocol, ie GRE, IPsec or PPTP, then you could get some device that supports the same protocol at the place where your Grandstream phone is and build a tunnel through which SIP and RTP will travel smoothly without seeing the NAT. hope this helps rgds benjk -- Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya, Tokyo, Japan. NB: Spam filters in place. Messages unrelated to the * mailing lists may get trashed. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Almost there--Remote connection
On Tue, 19 Oct 2004 13:30:20 -0400, Ferguson, Michael [EMAIL PROTECTED] wrote: I just realised that I neglected to mention that the remote GS100 phone is sitting behind a firewall also. Double NAT ?! Boy, you are really asking for trouble. It's either tunneling or FWD then. Sign up for two free accounts with FWD at http://www.freeworlddialup.com, one for your Asterisk server, one for your Grandstream phone. Then on both the Asterisk server and the phone, register with the FWD server. Put reinvite=no and canreinvite=no into your sip.conf for FWD (or use IAX to connect to FWD). Finally set up your dialplan so that you call the phone's FWD number if you dial the extension you want to give the phone, like so ... exten = 2001,3,Dial(SIP/[EMAIL PROTECTED],60,r) ... assuming that your Grandstream phone's FWD number was 12345 On your Asterisk server, the phone would then be known as 2001 but it would be dialled as 12345 on FWD. You could then send incoming calls from FWD with the caller ID of your GS phone to a context where it gets an IVR menu that allows it to dial other extensions on your Asterisk server. keywords for this are GotoIf, Background and DISA. rgds benjk -- Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya, Tokyo, Japan. NB: Spam filters in place. Messages unrelated to the * mailing lists may get trashed. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
