IP Phone over WAN to Asterisk

We’ve given up on getting it to work with the public ip. We have set up a VPN between the office and the house. The two routers are the same draytec vigor. The phone started working perfectly for a while then just stopped. :frowning: Any idea what I should do to figure out why?

If it will work or did work with a VPN then it is a network NAT issue.

Try removing the firewall at the remote end. Place the phone on the DMZ or plug it directly into your network connection. See if you can get service then.

Also, in your router/firewall see if there are settings for ALG’s (Application Level Gateway). You may have a check box for sip. If you do and it is checked uncheck it. If it is unchecked then check it and try again. I found on one of the DLink routers I have setup that I had to play with the ALG’s to get rid of one way audio and registration. Also check in your router that you have the lease restrictive nat setting available. Again in the DLink there are a couple of options and the one that worked for me I think was endpoint independent.

Rob

I had a look around the router and couldn’t see any refer to ALGs.

newbie question here. When people say “one way audio”, are they refering to the problem i’m having (my phone at the house can make calls to the office, but the office phones cant make calls to it because asterisk reports it’s status as unknown or unreachable) or are they refering to a slightly different thing?

Generally one way audio is you can hear the other person and they cannot hear you or you can hear them and they cannot hear you.

one way audio normally means that a call connects and one side can hear the call and the other side can’t. It’s like when you take a phone handset, open it up and take out the speaker portion that goes next to your ear.

Your problem as your decsribed it is that the Classic firewall NAT issue where a remote phone can’t or doesn’t register and communicate properly with the server.

Assuming you have all the proper registration information setup properly (that is user ID/Auth ID, secret, sip registation/registrar IP, sip proxy IP are all set properly) then you just have a NAT/firewall issue.

Now what is interesting is that both have the same basic problem, one way audio is normally a partially setup firewall, but not registering and working means you’ve not even gotten that far.

you need to have the following settings

In the extensions that are remote set NAT to yes in the extension settings.

In sip_nat.conf or sip_general_custom.cong put the following lines:
nat=yes
externalip= (the external IP of your box as the outside see’s it).
localnet= (The IP subnet of your network, if you use a VPN or have multiple subnets you’ll need multiple lines covering each subnet).

Then in the firewall you need to port forward UDP ports 5060 (for sip), 4569 (if you use IAX only), and range 10000 to 20000 from the external IP to the internal phone system.

Now sometimes on the remote side you might need to also port forward UDP 5060 to point to the phone. But only do this if you can’t get it working without it. On the remote side in the phone you point the SIP registration addresses at the external address of the phone server. While for internal phones you point it at the internal IP of the phone system.

This was in my sip_nat.conf:

nat=yes exterhost=<our-IP> externrefresh=60 localnet=192.168.2.0/255.255.255.0 qualify=yes

we have 5060-5081 UDP&TCP, and 10000-20000 UDP&TCP forwarded on the pbx side and 5060 forwarded on the phone side plus we tried setting the phone as that side’s DMZ. We also tried a router-to-router VPN so we could use the private IPs but that didn’t work either, actually it worked for half a day then stopped.

when you add the VPN you need to do two things. include an additional localnet=(vpnsubnte/mask) in the sip_nat.conf, make sure that the system reloads to read it. and also make sure that the phones on the otherside of the VPN are then using the internal IP of the server.

Otherwise things get weird.

I quickly scanned all the postings. and I didn’t see it… Who’s firewall and firmware rev are you using? There might be a issue with it…

whta exactly to do i need to add to sip_nat? (192.168.2.* is our office subnet and 192.168.0.* is the house)

The router at the Asterisk end is Vigor2600 annex A with Firmware v2.5.5_UK, I’ld have to check the other end later.

you need to have these lines in your sip_nat.conf file
nat=yes
exterhost=
localnet-192.168.2.0/255.255.255.0
localnet=192.168.0.0/255.255.255.0

I’ll try and dig up some doc’s on the router and see if there is anything that sticks out.

i am facing issue only with WAN ip calls gettings hangup error is
NOTICE[1865]: chan_sip.c:26548 check_rtp_timeout: Disconnecting call ‘SIP/1800-00000000’ for lack of RTP activity in 31 seconds.

on internal ip working fine.