Problem With Rport (CGNAT) Going From Linux Kernel 3.16 To 4.9
Hello,
I operate an Asterisk server (v11.13.1) on Debian stable, and it’s rock-solid. The other day, however, I accidentally upgraded the kernel from the stable 3.16.0 to 4.9.0. Subsequently, audio stopped working.
Below you can find my analysis while running the 4.9.0 kernel. 888
is a simply Echo() extension. I am calling it from a phone behind carrier-grade NAT (“mtvic-main”). The problem is that the Asterisk server sends RTP to the 100.64.0.0/10 address I have on the internal side of NAT, even though the Asterisk server correctly (?)
transports the actual socket on the outside via rport (cf. the 401
Unauth response).
Once I boot back into 3.16.0, it all works again. I didn’t capture any logs yet, but since audio works, I am led to believe that the
100.64.0.0/10 address is not being used.
Right now it works, but eventually, the kernel upgrade will be required. It’s possible that a newer Asterisk will work with the v4
kernel, but in any case I’d be interested in finding out the root of the problem at hand.
Any hints appreciated. Thank you!
[general]
nat=auto_force_rport,auto_comedia
[mtvic-main]
md5secret=xxx context=mtvic-in-main callerid=”Martin in windy Wellington <60>”
dtmfmode=rfc2833
context=from-office type=friend directmedia=no host=dynamic nat=force_rport,comedia
# sip show peer output below
[Feb 2 08:35:24] <--- SIP read from UDP:219.88.239.74:43525 --->
[Feb 2 08:35:24] INVITE sip:888@madduck.net;user=phone SIP/2.0
[Feb 2 08:35:24] Via: SIP/2.0/UDP 100.64.45.19:5865;branch=z9hG4bK2c95e270486c659f91f1baa7712ebc80;rport
[Feb 2 08:35:24] From: “Penny & Martin / Wellington”
[Feb 2 08:35:24] To:
[Feb 2 08:35:24] Call-ID: 4239363066@192_168_15_112
[Feb 2 08:35:24] CSeq: 2 INVITE
[Feb 2 08:35:24] Contact:
[Feb 2 08:35:24] Max-Forwards: 70
[Feb 2 08:35:24] User-Agent: S685IP/022270000000
[Feb 2 08:35:24] Supported: replaces
[Feb 2 08:35:24] Allow-Events: message-summary, refer
[Feb 2 08:35:24] Allow: INVITE, ACK, CANCEL, BYE, OPTIONS, INFO, REFER, SUBSCRIBE, NOTIFY
[Feb 2 08:35:24] Content-Type: application/sdp
[Feb 2 08:35:24] Content-Length: 375
[Feb 2 08:35:24]
[Feb 2 08:35:24] v=0
[Feb 2 08:35:24] o=mtvic-main 8602 68 IN IP4 100.64.45.19
[Feb 2 08:35:24] s=Mapping
[Feb 2 08:35:24] c=IN IP4 100.64.45.19
[Feb 2 08:35:24] t=0 0
[Feb 2 08:35:24] m=audio 8602 RTP/AVP 9 8 0 96 97 2 18 101
[Feb 2 08:35:24] a=rtpmap:9 G722/8000
[Feb 2 08:35:24] a=rtpmap:8 PCMA/8000
[Feb 2 08:35:24] a=rtpmap:0 PCMU/8000
[Feb 2 08:35:24] a=rtpmap:96 G726-32/8000
[Feb 2 08:35:24] a=rtpmap:97 AAL2-G726-32/8000
[Feb 2 08:35:24] a=rtpmap:2 G726-32/8000
[Feb 2 08:35:24] a=rtpmap:18 G729/8000
[Feb 2 08:35:24] a=fmtp:18 annexb=no
[Feb 2 08:35:24] a=rtpmap:101 telephone-event/8000
[Feb 2 08:35:24] a=fmtp:101 0-16
[Feb 2 08:35:24] <------------->
[Feb 2 08:35:24] — (14 headers 16 lines) –