PJSIP, NAT And STUN/ICE
I’m quite new to Asterisk and using Asterisk 13 on FreeBSD current. Asterisk is behind a NAT router, the physical setup is very much a trivial one. The Asterisk PBX is supposed to act as the telephone gateway for several VoIP/SIP phones.
I’m using throughout pjsip as configuration, I have no experience with chan_sip since I
started recently using Asterisk for several SoHo and lab’s projects. So be alarmed, there may come some noobish questions.
When planning and setting up the Asterisk, I had to deal with NAT. The Asterisk config object of type=transport knows about essential entries:
local_net= 192.168.254.1/24
bind= 192.168.254.1:5060
external_media_address= dyndns FQDN
external_signaling_address= dyndns FQDN
direct_media= no rtp_symmetric= yes force_rport= yes
dyndns FQDN is the FQDN of my broadband access point provided by some dynamical DNS
provider.
This setup is not working properly with when external_media_address= and external_signaling_address= are set that way, but commenting out both makes all of the ITSP which provides me with service happy.
I think, at this point I have no idea of the concept or, there is simply a missing link, even a (dangerously) misconfigured router – on which the Asterisk runs. When external_xxxx_xxxx are not set, I suppose they’re set to 0.0.0.0/0.0.0.0, aren’t they, implying that they listen on all configured IPs?
If so, is there a way to show the setting of external_media_address= and external_signaling_address= on the CLI?
When using PJSIP with the setting excluding attributes external_xxx_xxx, does pjsip do some magic to traverse the NAT in a proper way? At this very moment, I do not understand how things would work avoiding setting external_media_address= and external_signaling_address=. The Asterisk 13 I’m running is supposed to be bound to IP
192.168.254.1, which is routed to the gateway.
My problem is, I don not understand why the communication is working fluently with both external_xxx_xxx atrributes commeneted out which I suppose to be crucial – following the Asterisk 13 documentation!
Maybe someone can sched some light onto this. I think, my view on the matter is completely confused.
Thanks in advance,
oh
Another point
6 thoughts on - PJSIP, NAT And STUN/ICE
Well, I can answer one of your questions.
To see the current external_media_address and external_signalling_address from the CLI you can issue a ‘pjsip show transport‘
Your router could have a built in sip helper that is rewriting the contact for your packets.
the external_xxx settings are not configuring where to listen. Simply tell asterisk what IP to put in the SDP data. You don’t need to suppose or guess the content of the SIP/SDP packets, you can look at them by enabling asterisk debug output.
you can enable it following this guide:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+PJSIP+Troubleshooting+Guide
Am Tue, 10 Oct 2017 09:32:54 +0200 schrieb:
Guido Falsi
Thank you very much.
That is the way I figured out that the DDNS has been inserted into the packets and not, as expected, my “outbound” IP (I expected the IP to be resolved by giving the DDNS FQDN). Commenting out the options in question made Asterisk then work properly with the ITSP. Obviously, Asterisk 13.17.2 is capable of figuring this out by itself, I try to understand.
Am Mon, 9 Oct 2017 15:07:46 -0700 schrieb:
John Kiniston
Thank you for your answer.
This is the output of
pjsip show transport transport-nat-udp (name of the transport object defined):
external_media_address :
external_signaling_address :
external_signaling_port : 0
It is set, as expected, to nothing since I didn’t set anything to make it work. I guess, from this point, Asterisk figures somehow out itself how to traverse the NAT (in my simple standard setup).
I’m just curious. Maybe I’m on the wrong page here and the setup I have is that common, that those extra options doesn’t matter and NAT is easily circumferenced. As I said in my introduction, Asterisk and pjsip are new to me (and I have no experience with chan_sip) ;-).
Kind regards,
oh
It should be:
localnet = 192.168.254.0/255.255.255.0
Whoops…
local_net=192.168.254.0/24