SER is simply a proxy - it does not handle media in the same way that asterisk does. When you have both clients registered with SER, once the initial call set up has been completed, no further traffic runs through SER. Search this list for explanations as to why RTP traffic doesn't really run through NAT without a helping hand.
If you want to be able to make calls without any special client/NAT router settings, check out RTPproxy/NAThelper and Mediaproxy - they do the RTP proxy bit that Asterisk has built in.
Hope this helps.
Dave
-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Morten Kuehl Sent: 13 September 2004 22:35 To: serusers@lists.iptel.org Subject: [Serusers] NAT with SER and ASTERISK, strange behaviour
Hi folks, I just spent the evening with trying to find a logical solution to a NAT problem but I had no success. I decided therefore to go to bed and let the more intelligent guys have a guess ;):
I do have the following setup: Cisco 7960G with public IP Xlite behind router with NAT Ser server with a public ip Asterisk with a public ip
Xlite finds out that it is behind a symetric firewall while starting and sends the external ip of the nat device in its sip messages.
I want to call the xlite client behind NAT from the Cisco phone. It works when the cisco phone and the xlite client are registered with the asterisk server. I have set nat=yes and canreinvite=no in the account settings for the xlite client in the sip.conf of the asterisk server. The Cisco phone has a normal account. I had a look at the sip messages and as configured, the Asterisk server works as a rtp proxy for the media stream. Audio works in both ways.
When I use ser and register both clients with ser and start a call, audio works only outbound from xlite to the cisco phone but not inbound from the cisco phone to xlite through the nat device.
I digged the sip messages several times and did not see any big difference between the two sip conversations, besides having the asterisk as an rtp proxy in the middle in the first attempt. Neither did I see an approach of asterisk to make xlite pinhole the nat device as describe for example in the sip cookbook.
Unfortunately I am stuck at this stage and cannot find a logical explanation for the described behaviour. If anyone can give me a hint or needs further information to assist, please let me know!
Cheers Morten
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi,
I am aware of the difference between media and signalling as well as the way an rtp proxy works. But still do I think that this is a different case:
When using asterisk, xlite does symetric rtp streams aka. sends from port 8000 and listens on port 8000. The port is therefore open on nat and udp pakets can travel through the nat with the correct public ip in the sip messages. When I do have the setup with ser and the sip messages look the same, aka. xlite says "I am listening on 8000 on public ip" and send via 8000 to the cisco phone which says "I am listening on port x on my ip". So there should be no need for an rtp proxy as the rtp stream from xlite is symetric and the nat port is open. But still there is no incoming audio. I can understand that with clients like MS messenger there is a need to rewrite the sdp and sip messages.
So where is the problem in my szenario, what little magic does asterisk do that I do not see in the sip messages???
Cheers Morten
SER is simply a proxy - it does not handle media in the same way that asterisk does. When you have both clients registered with SER, once the initial call set up has been completed, no further traffic runs through SER. Search this list for explanations as to why RTP traffic doesn't really run through NAT without a helping hand.
If you want to be able to make calls without any special client/NAT router settings, check out RTPproxy/NAThelper and Mediaproxy - they do the RTP proxy bit that Asterisk has built in.
Hope this helps.
Dave
Now, symmetric rtp only means your ua will send and receive rtp packets on the same port, 8000 in your case. It does not automatically means that the NAT device will open port 8000 for incoming packets, unless you have port forwarding in place. Mostly importantly, your NAT device does not necessary use port 8000 to map your port 8000 for outgoing. It can be something else, say 60000.
For the Cisco side, it will see rtp stream coming from <ua1 pub ip:60000>.
From the SDP it received previously, it will send rtp stream back to <ua1
pub ip:8000>. Now, unless you have port forwarding in place, your NAT device will drop the packets as the "hole" is not opened.
Both Asterisk and rtpproxy do this by sending the packet back to where it receive from, that is <ua1 pub ip:60000>, and ignoring the SDP. Asterisk does this automatically and you have to instruct SER and rtpproxy to do that manually.
Hope it answer your question.
Zeus
-----Original Message----- From: serusers-bounces@lists.iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Morten Kuehl Sent: Tuesday, 14 September 2004 7:50 PM To: serusers@lists.iptel.org Subject: RE: [Serusers] NAT with SER and ASTERISK, strange behaviour
Hi,
I am aware of the difference between media and signalling as well as the way an rtp proxy works. But still do I think that this is a different case:
When using asterisk, xlite does symetric rtp streams aka. sends from port 8000 and listens on port 8000. The port is therefore open on nat and udp pakets can travel through the nat with the correct public ip in the sip messages. When I do have the setup with ser and the sip messages look the same, aka. xlite says "I am listening on 8000 on public ip" and send via 8000 to the cisco phone which says "I am listening on port x on my ip". So there should be no need for an rtp proxy as the rtp stream from xlite is symetric and the nat port is open. But still there is no incoming audio. I can understand that with clients like MS messenger there is a need to rewrite the sdp and sip messages.
So where is the problem in my szenario, what little magic does asterisk do that I do not see in the sip messages???
Cheers Morten
SER is simply a proxy - it does not handle media in the
same way that
asterisk does. When you have both clients registered with
SER, once
the initial call set up has been completed, no further traffic runs through SER. Search this list for explanations as to why
RTP traffic
doesn't really run through NAT without a helping hand.
If you want to be able to make calls without any special client/NAT router settings, check out RTPproxy/NAThelper and
Mediaproxy - they do
the RTP proxy bit that Asterisk has built in.
Hope this helps.
Dave
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Dave Bath -
Morten Kuehl -
Zeus Ng