Contact Header host-part override/configuration (Internal S-NAT)

sgelardi · March 18, 2020, 12:54pm

Setup:

SIP Trunk --------- (WAN IP) Router ------ VM — 172.19.0.3 Container FreePBX — 192.168.253.4 VM — 192.168.253.16 IP Phone.

The SIP Trunk in this case is not a problem and is handled by external_media_address and external_signaling_address being configured.

The problem is for an example is an outbound call IP-Phone -> PSTN is that when the 200 OK is sent from FreePBX to the IP Phone the Contact header has the Container’s IP (172.19.0.3) and not the Static NAT IP of (192.168.253.4). The SDP was easily corrected using hte media_address parameter but there is not an equivelant for signaling.

Is there a different context to use perhaps? BTW if it makes a difference I am using pjsip.

The same type of issue would manifest itself the same way outside of a container enviornment if having a Remote FEU but over a different public IP than the SIP Trunk, or using floating ips in OpenStack or AWS.

Thanks in advance for any advice/help.

jcolp · March 18, 2020, 12:55pm

What version of Asterisk is in use and what is the actual configuration?

sgelardi · March 18, 2020, 2:41pm

Asterisk 16.7.0

Which specific configuration are you looking for? The endpoint?

If so here:

pjsip.endpoint.conf

[101]
type=endpoint
aors=101
auth=101-auth
tos_audio=ef
tos_video=af41
cos_audio=5
cos_video=4
allow=ulaw,alaw,gsm,g726,g722
context=from-internal
callerid=Stephen Desk <101>

dtmf_mode=rfc4733
direct_media=yes
mailboxes=101@default

mwi_subscribe_replaces_unsolicited=yes
aggregate_mwi=yes
use_avpf=no
rtcp_mux=no
max_audio_streams=1
max_video_streams=1
bundle=no
ice_support=no
media_use_received_transport=no
trust_id_inbound=yes
send_connected_line=yes
media_encryption=no
timers=yes
timers_min_se=90
media_encryption_optimistic=no
refer_blind_progress=yes
refer_blind_progress=yes
send_pai=yes
rtp_symmetric=yes
rewrite_contact=yes
force_rport=yes
language=en
one_touch_recording=on
record_on_feature=apprecord
record_off_feature=apprecord

pjsip.endpoint_custom_post.conf

[101](+)
media_address=192.168.253.4
contact_user=fpbx
from_domain=freepbx.home

Sample 200 OK sent to phone

<--- Transmitting SIP response (1065 bytes) to UDP:192.168.253.16:5060 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.253.16:5060;rport=5060;received=192.168.253.16;branch=z9hG4bK-228a-86ecef-570adbc4
Call-ID: 875c70-10fda8c0-13c4-55013-228a-309a763b-228a
From: "Stephen Gelardi" <sip:[email protected]>;tag=868850-10fda8c0-13c4-55013-228a-53842c11-228a
To: <sip:[email protected]>;tag=95625a8c-f76f-4aeb-aa36-e6a834304464
CSeq: 2 INVITE
Server: SJGFPBX-15.0.16.44(16.7.0)
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER
Contact: <sip:172.19.0.3:5060>
Supported: 100rel, timer, replaces, norefersub
Session-Expires: 1800;refresher=uac
Require: timer
P-Asserted-Identity: "CID:XXXXXXXXXXXXX" <sip:[email protected]>
Content-Type: application/sdp
Content-Length:   287

v=0
o=- 1584542757 1584542759 IN IP4 192.168.253.4
s=Asterisk
c=IN IP4 192.168.253.4
t=0 0
m=audio 18032 RTP/AVP 0 8 9 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv

jcolp · March 18, 2020, 2:44pm

All configuration, including transports.

sgelardi · March 18, 2020, 3:29pm

As requested.

asterisk.tgz (46.2 KB)

jcolp · March 18, 2020, 3:31pm

What is the output of “pjsip show transport 0.0.0.0-udp” within Asterisk?

sgelardi · March 18, 2020, 4:41pm

Transport:  <TransportId........>  <Type>  <cos>  <tos>  <BindAddress....................>
==========================================================================================

Transport:  0.0.0.0-udp               udp      3     96  0.0.0.0:5060

 ParameterName              : ParameterValue
 ========================================================
 allow_reload               : false
 async_operations           : 1
 bind                       : 0.0.0.0:5060
 ca_list_file               :
 ca_list_path               :
 cert_file                  :
 cipher                     :
 cos                        : 3
 domain                     :
 external_media_address     : sip.vornamenachname.com
 external_signaling_address : sip.vornamenachname.com
 external_signaling_port    : 0
 local_net                  : 192.168.253.0/255.255.255.0
 method                     : unspecified
 password                   :
 priv_key_file              :
 protocol                   : udp
 require_client_cert        : No
 symmetric_transport        : false
 tos                        : 96
 verify_client              : No
 verify_server              : No
 websocket_write_timeout    : 100

root@freepbx:/# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.19.0.3  netmask 255.255.0.0  broadcast 172.19.255.255
        ether 02:42:ac:13:00:03  txqueuelen 0  (Ethernet)
        RX packets 178700  bytes 122373951 (116.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 165693  bytes 34423077 (32.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 418423  bytes 50282039 (47.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 418423  bytes 50282039 (47.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

jcolp · March 18, 2020, 4:43pm

That doesn’t match the configuration you provided. Did you restart Asterisk after making changes?

sgelardi · March 18, 2020, 4:47pm

Probably. I see you are talking about:

the local_net no longer being 172.19.0.0/16 right?

I tried both and it did not seem to have any influence on the contact header. Would you expect it to? Remember these are “internal endpoints” which are using hte context from-internal. They are not trunks.

jcolp · March 18, 2020, 4:48pm

The local_net value is how the code determines if it should replace the various places with the configured external address or leave it alone. If the target IP address is within local_net it is left alone, if it is not it is modified.

sgelardi · March 18, 2020, 5:00pm

Ok, that is moving in a positive direction. Thanks.

Oddly a core reload did not apply that config. I had to restart asterisk completely. So from my uploading/posting to you I didn’t change anything. It was only prior to that.

Just to confirm, because I hate working with ALG’s in general but I think I am going to be stuck with that.

I have for simplicity 2 external IPs because this install is in a container.

External to the world (public ip)
External to the local network. (private S-NAT (docker))

Right now ACK messages are going from my handset to the Router WAN interface and then back to hte private network and eventually hitting the container, instead of going directly to private’s network address and being NAT’d to the container.

I hope that makes sense as it can be a bit confusing.

Is there a way to have more than 1 external address. E.g. one assigned to extensions?

jcolp · March 18, 2020, 5:15pm

External addresses can only be configured per-transport, there is no ability on a per-endpoint basis.

sgelardi · March 18, 2020, 5:26pm

So what you are saying though is I could use UDP for public, TCP or TLS for internal and then I would be able to define 2 external addresses?

jcolp · March 18, 2020, 5:28pm

Possibly. You could also try two UDP transports. You’re in uncharted territory.

sgelardi · March 18, 2020, 9:08pm

@jcolp

Thanks agian for your help.

Adding another listener on another port was the trick. Then I was able to get everything to work as I expect it to.

system · March 25, 2020, 9:08pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.