So I’m having a problem with NAT which I’m sure doesn’t surprise anyone considering the amount of information that is available out there. I’ve been able to resolve NAT issues in the past quite easily however I am a bit stuck with my latest setup.
I have FreePBX installed on a server that is NATed behind a firewall (all required ports are forwarded and open). My test phones are also being NATed behind a DIFFERENT firewall. So there is NAT going on both ends.
I am able to get my two test phones to call each other and they do connect so the SIP signalling is working just fine. However the RTP is where the problem is. I get no audio.
I did a packet trace on one of my phones and noticed that it was sending it’s RTP data to the private IP of FreePBX. Which of course won’t go anywhere as they’ are two different and separate private networks. It should be sending this data to the public IP of the FreePBX’s firewall for which it is behind.
All my reading up on this states that I need to set the “External Address” and “Local Networks” in the Sip Settings on FreePBX. Which I have done and have confirmed they are correct (Clicking the “Detect Network Settings” did it nicely.) The local network on the freepbx side is in the 172.31.x.x range. Whereas my phones are in the 10.x.x.x range. So there should be no confusion there. However FreePBX is sending it’s private IP in the contact headers when it should be sending it’s external address.
Any suggestions on what to look at? Here are the settings from the CLI…
p_jsip show transport 0.0.0.0-udp_
Transport: <TransportId…> <BindAddress…>
Transport: 0.0.0.0-udp udp 0 0 0.0.0.0:5060
ParameterName : ParameterValue
allow_reload : true
async_operations : 1
bind : 0.0.0.0:5060
ca_list_file :
ca_list_path :
cert_file :
cipher :
cos : 0
domain :
external_media_address : [FREEPBX’s PUBLIC IP]
external_signaling_address : [FREEPBX’s PUBLIC IP]
external_signaling_port : 0
local_net : 172.31.32.0/255.255.240.0
method : unspecified
password :
priv_key_file :
protocol : udp
require_client_cert : No
symmetric_transport : false
tos : 0
verify_client : No
verify_server : No
websocket_write_timeout : 100
And here is my endpoint config.
pjsip show endpoint 105
Endpoint: <Endpoint/CID…> <State…> <Channels.>
I/OAuth: <AuthId/UserName…>
Aor: <Aor…>
Contact: <Aor/ContactUri…> <Hash…> <RTT(ms)…>
Transport: <TransportId…> <BindAddress…>
Identify: <Identify/Endpoint…>
Match: <criteria…>
Channel: <ChannelId…> <State…> <Time…>
Exten: <DialedExten…> CLCID: <ConnectedLineCID…>
Endpoint: 105/105 Not in use 0 of inf
InAuth: 105-auth/105
Aor: 105 1
Contact: 105/sip:105@[MY PHONE’S PUBLIC IP]:35408;ob 932322892e Avail 47.560
Identify: 105-identify/105
ParameterName : ParameterValue
100rel : yes
accountcode :
acl :
aggregate_mwi : true
allow : (ulaw|alaw|gsm|g726)
allow_overlap : true
allow_subscribe : true
allow_transfer : true
aors : 105
asymmetric_rtp_codec : false
auth : 105-auth
bind_rtp_to_media_address : false
call_group :
callerid : “device” <105>
callerid_privacy : allowed_not_screened
callerid_tag :
connected_line_method : invite
contact_acl :
context : from-internal
cos_audio : 0
cos_video : 0
device_state_busy_at : 0
direct_media : true
direct_media_glare_mitigation : none
direct_media_method : invite
disable_direct_media_on_nat : false
dtls_ca_file :
dtls_ca_path :
dtls_cert_file :
dtls_cipher :
dtls_fingerprint : SHA-256
dtls_private_key :
dtls_rekey : 0
dtls_setup : active
dtls_verify : No
dtmf_mode : rfc4733
fax_detect : false
fax_detect_timeout : 0
force_avp : false
force_rport : true
from_domain :
from_user :
g726_non_standard : false
ice_support : false
identify_by : username
inband_progress : false
language : en
mailboxes :
media_address :
media_encryption : no
media_encryption_optimistic : false
media_use_received_transport : false
message_context :
moh_suggest : default
mwi_from_user :
mwi_subscribe_replaces_unsolicited : false
named_call_group :
named_pickup_group :
one_touch_recording : false
outbound_auth :
outbound_proxy :
pickup_group :
record_off_feature : automixmon
record_on_feature : automixmon
rewrite_contact : true
rpid_immediate : false
rtcp_mux : false
rtp_engine : asterisk
rtp_ipv6 : false
rtp_keepalive : 0
rtp_symmetric : true
rtp_timeout : 0
rtp_timeout_hold : 0
sdp_owner : -
sdp_session : Asterisk
send_diversion : true
send_pai : true
send_rpid : false
set_var :
srtp_tag_32 : false
sub_min_expiry : 0
subscribe_context :
t38_udptl : false
t38_udptl_ec : none
t38_udptl_ipv6 : false
t38_udptl_maxdatagram : 0
t38_udptl_nat : false
timers : yes
timers_min_se : 90
timers_sess_expires : 1800
tone_zone :
tos_audio : 0
tos_video : 0
transport :
trust_id_inbound : true
trust_id_outbound : false
use_avpf : false
use_ptime : false
user_eq_phone : false
voicemail_extension :
All those settings have been setup by FreePBX using the UI.
Also in the Advanced Settings I have SIP nat set to YES.
So I’m a bit confused as to what I could be missing. Welcome any comments here.