Asterisk NAT

Home » Asterisk Users » Asterisk NAT
Asterisk Users 10 Comments

I have an Asterisk box with a public IP address and two SIP clients behind the same NAT device(I also have SIP clients behind different NATs). I want to know is it possible for Asterisk to detect if both clients are behind the same NAT and use direct media between them and use other options for clients that are behind different NATs?

By detection I mean is it possible for Asterisk to take a look at the public IP address of packets and if both packets have the same IP address it tells the clients to send RTP traffic directly to each other. Is there a module or piece of code for this behavior in Asterisk??

PS:I assumed each NAT box has a single external IP address, and this assumption is good for me.

10 thoughts on - Asterisk NAT

  • If it were only so easy…

    Participation in these lists is purely voluntary.

    You only get a reply if you managed to pique somebody’s interest and they feel they have something to offer — which may be commiseration rather than an answer.

    Having said all that, there are some incredibly knowledgeable and generous participants who have helped me out of some sticky situations.

    Think of it like a message in a bottle. You cast it out to sea and you may make an incredible contact. You may not.

    Something to keep in mind. These lists is largely ‘US centric’ by which I
    mean that if you post after the US work day ends (even accounting for
    ‘programmer hours’) you are limiting your potential audience.

    Posting late on a Friday afternoon can be an exercise in futility.

  • I can’t help on the “can Asterisk detect they’re behind the same NAT”
    part of the question, but I would caution you that an assumption that
    ‘each NAT box has a single external IP’ is risky – especially if you have to deal with the possibility of double-NAT and other such evilness
    (and it’s hard to avoid sometimes – how many non-tech people go and buy a wireless router to ‘extend their WiFi’ rather than an access point, or don’t know how to switch said router into AP-only mode).

    You also have to consider users who have multiple LANs (which might not necessarily be able to route between themselves) behind a single external IP: this one’s quite common in shared/managed office environments – one external IP and several RFC1918 VLANs internally, with no routing between them.

    So in summary, unless you have a considerable level of control over your endpoints such that you can be sure these (and no doubt other) scenarios don’t apply, it’s probably safest to send RTP traffic through Asterisk regardless, otherwise you’re potentially opening up a support nightmare for yourself.

    Kind regards,

    Chris

  • There is a bit of a tendency on this list to ignore questions that have been answered before. It’s disconcerting at first, but remember: *you* are the stereotype tourist here, and *not repeating oneself* is a part of the natives’
    culture. It is not exactly rudeness, per se, even though it might look that way; just an aversion to saying the same thing twice.

    No answer on the list probably just means the question was answered before; so your best bet is to search the mailing list archives and the wiki at http://voip-info.org Eventually, you will have been yomping around in Tech Land for long enough to graduate from “ignorant tourist” to “seasoned traveller” — and then you get to ignore noob questions yourself. Or set yourself up as a tour guide, if you feel that way inclined 🙂

  • Hi! As many others mentioned, if you don’t get an answer, first go googling then try the #asterisk IRC channel, or maybe the forums at forums.asterisk.org. I noticed your first post today and was going to answer it there, before I saw this new post as well…

    To attempt answering your question… I believe so. The NAT section of the sip.conf sample contains a lot of helpful options, including:

    ;directmedia=nonat ; An additional option is to allow media path redirection
    ; (reinvite) but only when the peer where the media is being
    ; sent is known to not be behind a NAT
    (as the RTP core can
    ; determine it based on the apparent IP address the media
    ; arrives from).

    That is for chan_sip in Asterisk 11, and should also be available in Asterisk 1.8

    I’ve not used a config with this option before, but it sounds like the intent is what you may need.

    A link to the sample file (that is also included with your source files) http://svnview.digium.com/svn/asterisk/branches/11/configs/sip.conf.sample?view=markup

  • It is worth nothing that the official Asterisk wiki is at http://wiki.asterisk.org. If there is something missing from there, feel free to let me or someone in #asterisk-dev know and we’ll make sure things get updated. One thing I do have on my to-do list is a NAT
    guide.

  • Dear Mr. Newton Thank you for your response. I red the wiki and sip.conf sample file and I
    know about directmedia option. Actually these options are for times that you know about your connected networks (you know which clients are behind NAT and which are not). But my configuration is different. I have an A2Billing server + Asterisk (these two share a database using ARA); I also wrote a web service that allows users to automatically register and get a username and password. After registration users can connect to Asterisk to call other users. Here I want Asterisk to automatically detect when two users are behind the same NAT and redirect their traffic inside that NAT;
    this way the load of RTP traffic on Asterisk server will be reduced.

  • From my understanding and the documentation, the intent with directmedia=nonat is that it will act like directmedia=yes if the peer is detected as *not* being behind NAT, and directmedia=no if the peer is detected as being behind NAT. This implies that the administrator would not know ahead of time what is needed, otherwise seemingly you would just use yes or no. However I’m still not sure that will be helpful for your particular scenario.

    I don’t know that this is possible with any simple Asterisk configuration. Good luck!