Asterisk, SIP and NAT
Asterisk can both act as a SIP client and a SIP server. Asterisk as a SIP client is configured with type=peer (or type=friend) in one or more client sections of sip.conf and, optionally, one or more register=> lines in the [general] section of sip.conf. Asterisk as a SIP server connects clients (SIP Phones) configured by specifying their own username, secret, etc. (and either type=peer or type=friend) in client sections of sip.conf.
Asterisk SIP channels in a NATed network can be generalized like this:
- Asterisk as a SIP client behind nat, connecting to outside SIP Proxies
- Asterisk as a SIP client behind nat, connecting to inside SIP proxies
- Asterisk as a SIP server behind nat, clients on the outside connecting to Asterisk
- Asterisk as a SIP server behind nat, clients on the outside behind a second NAT connecting to Asterisk
- Asterisk as a SIP server behind nat, clients on the inside connecting to Asterisk
- Asterisk as a SIP client outside nat, connecting to outside SIP proxies
- Asterisk as a SIP client outside nat, connecting to inside SIP proxies
- Asterisk as a SIP server outside nat, clients on the outside connecting to Asterisk
- Asterisk as a SIP server outside nat, clients on the inside connecting to Asterisk
Every setup works somewhere, but it depends on the client, the NAT, the server and many other factors. In most cases, 1 and 3 is broken. SIP is a peer-to-peer protocol and a NAT can be generalized and simplified as a solution that allows clients on the inside to connect to servers on the outside and _not_ allow clients on the outside to connect to any server on the inside.
- #1 works with a NAT-supporting proxy as SIP Express router as the outside proxy. (Get an account at IPtel.org and try!). Fails with Free World Dialup.
- #2 Works- no NAT in between
- #3 Works with port forwarding and some header mangling magic tips
- #4 Works with port forwarding, STUN on the remote and some fine tuning of RTP port allocation
- #5 Works - no NAT in between
- #6 is no problem. No NAT in the middle
- #7 is a problem if no port forwarding is done, similar to 3 above.
- #8 is no problem. No NAT in the middle
- #9 is solved with nat=yes and qualify=xxx in sip.conf for the client in most cases. Some clients (X-lite) assist themselves by using STUN and sending UDP keep-alive packets. Qualify sends keep-alive packets from Asterisk to the client on the inside.
Then we have even worse cases...
9. Asterisk inside a NAT, client inside ANOTHER NAT <---Isn't this the same as previous option 4???
In this case, we need a middle man to even find each other, an outbound SIP proxy that handles the SIP transaction and is reachable by all parties. To get media streams from point to point we need another middle man, a media server. Asterisk could be that media server, that could add media codec conversion. RTPProxy or AG Projects MediaProxy works together with SIP Express router as a media server in this situation.
I would like to add that this option contains the largest amount of cow poop around it. I've been searching for some time to fix this problem, and I'm sure it's very fixable. Also, this does seem to be a very common thing to do, so, does anyone have a GOOD solution?
I'm sure we can find case #10-xx as well.
For sample config files to setup Asterisk behind a NAT router to make and receive Free World Dialup calls see: Asterisk FWD NAT Config Example
Olles comments 2003-11-04:
I'm afraid if I configure externalIP= in
sip.conf, 1 works, like with FWD, but 2 is broken.
I don't know what happens with 4 if I at the same time use externalip= and have clients
configured as 3.
As I see it, externalip= is an ugly hack that causes problems. There are better solutions
in the bug tracking system, being discussed and refined.
STUN support, and the netmask/ip-network configuration helps asterisk to find out itself
if there's a NAT in the middle and if something should be done.
Other solutions
IP Tunneling Solution
If you have an asterisk server, you are obvoiusly running linux (or something that can handle IPIP and GRE tunnels). In most cases when people have just 1 phone, I use an IAXy, and it is no setup required behind nat. In cases where multiple phones are required, IE setting up an client office w/ a virtual PBX, the only real hardphones out are SIP.
Farfon.... been waiting a while...
What I have done to fix this SIP NAT issue is install a small linux router at the client site, which has a public IP, and is the gateway for a private network. Using netfilter and NAT, you can do anything you want, and all you need to do is setup an IPIP tunnel back to your asterisk server to allow SIP phones to have a direct IP connection.
Server
- iptunnel add iptun0 mode ipip remote $CLIENTROUTERIP (tunnel)
- ifconfig iptun0 200.0.0.1 pointopoint 200.0.1.1 (tunnel endpoint)
- route add -net 200.0.1.0/24 dev iptun0 (tunnel network)
- route add -net 10.0.0.0/24 dev iptun0 (client network)
- route add -net 10.0.0.0/24 gw 200.0.1.1 (client gateway)
Client
- iptunnel add iptun0 mode ipip remote $ASTERISKIP (tunnel)
- ifconfig iptun0 200.0.1.1 pointopoint 200.0.0.1 (tunnel endpoint)
From anywhere inside the client 10.0.0.0/24 network, you can access 200.0.0.1 (asterisk) and vice versa. This totally eliminates your SIP NAT issues.
Yes this is insecure compared to IPSEC or the like, however, if you are wanting to run SIP over the net without IPSEC, this is the exact same thing, and a lot easier to setup then IPSEC.
You may want to use this script for multiple ipip tunnels
/!/bin/sh
/#ON CLIENT
/#iptunnel add iptun0 mode ipip remote 69.56.173.241
/#ifconfig iptun0 200.0.1.1 pointopoint 200.0.0.1
/#EACH TUNNEL ON NEWLINE
/#FORMAT IS CLIENTIP:CLIENT NETWORK
TUNNELS="0.0.0.0:10.0.0.0/24"
start()
{
c=0
for tun in $TUNNELS
do
d1=`echo $tun | cut -d ":" -f 1`
d2=`echo $tun | cut -d ":" -f 2`
iptunnel add iptun$c mode ipip remote $d1
ifconfig iptun$c 200.$c.0.1 pointopoint 200.$c.1.1
route add -net 200.$c.1.0/24 dev iptun$c
route add -net $d2 dev iptun$c
route add -net $d2 gw 200.$c.1.1
c += 1
done
}
stop()
{
c=0
for tun in $TUNNELS
do
iptunnel del iptun$c
c += 1
done
}
case "$1" in
start)
start ;;
stop)
stop ;;
restart)
stop
start ;;
esac
分享到:
相关推荐
sip server 环境详细手册!VMware player的安装配置、CentOS5.5安装配置、asterisk安装配置,以及常用sip命令
使用Asterisk作为SIP.2 H.323网关配置
包含:asterisk.18.11.1源码...asterisk-18-current.tar.gz libedit_3.1-20210910.orig.tar.gz openssl-1.1.1.tar.gz jansson-2.11.tar.gz sqlite-autoconf-3380200.tar.gz pjproject-2.10.tar.gz libuuid-1.0.3.tar.gz
基于sip协议,用asterisk作为服务器,实现voip软电话功能,实现了接听,呼叫,挂机,呼叫转移,以及通信录等功能。
用法:check_asterisk_siptrunk.pl [-v | --verbose] [--host | -H主机] [--port | -P端口] --user AMIUser --pass AMIPass --peer SIP Peer -?, --usage Print usage information -h, --help Print detailed ...
SIP协议讲座-Asterisk.pptSIP协议讲座-Asterisk.ppt
原名: Asterisk Cookbook: Solutions to Everyday Telephony Problems 作者: Leif Madsen Russell Bryant 资源格式: PDF 版本: 英文文字版/更新EPUB版本 出版社: O'Reilly书号: 978-1-4493-0382-2发行时间: 2011年03...
extensions.conf中使用sip设备的语法是SIP/devicename,devicename名在下一节中说明。 如果用户在Internet上,可以使用SIP/username@domain形式,同时不要忘记打开DNS SRV功能。 如果定义了一个SIP代理,可以使用SIP/...
COMPONENTE DE DELPHI PARA LLAMADAS EN ASTERISK POR EL PUERTO SIP ES NECESARIO HACER LA INTALACION CORRESPONDIENTE Y CARGAR LA RUTA DEL ARCHIVO FUENTE.
asterisk SIP 开源的 asterisk 编程参考
and implementers, then show solutions to those problems using the Asterisk dialplan. As you go through the recipes and start looking at the solutions, you may think, “Oh, that’s a neat idea, but ...
借鉴asterisk sip 服务器 实现一个工具连。
一套完整的基于asterisk的ip电话配置。Asterisk PBX 快速安装向导,以及sip设置实现sip通话,以及Win32下的wxCommunicator的配置
讲座-Asterisk
修改sip_general_custom.conf(作为测试,在所有SIP 通道上启用提示语为中文,在实际应用中,可根据需要修改--zapata-channels.conf,sipXXX.conf,IAXXXX.conf...,也可在FreePBX的WEB界面中有language选项的地方修改--...
Now it's time to compile and install Asterisk. Let's change to the directory which contains the Asterisk source code. 从源代码安装 asterisk sipserver VOIP RTP pjsip webrtc
phones (POTS)ISDN (Integrated Services Digital Network)Both BRI (Basic Rate)and PRI (Primary Rate)Asterisk 支持的协议包括:Session Initiation Protocol (SIP)H. 323 (ITU standard, contributed...
Asterisk 简介 Asterisk 架构 Asterisk程序框图
Asterisk学习必备,共5本书籍,学习助手 Asterisk权威文档(第3版).pdf Asterisk,the future of telephony.pdf Building+Telephony+Systems+with+Asterisk.pdf Asterisk+For+Dummies+2006.pdf Asterisk_Developers_...
asterisk 代码分析, sip_chan