Problems with Audio


Asterisk -
Freepbx -

I have am extension connected to the PBX through 2 Routers, each both performing NAT

Calling the externsion in both directions works OK, however Audio does not working in either direction

Port Forwarding is setup for both SIP and RDP UDP/5060, UDP/10001-20000

In my quest to find a solution, I came across the suggsetion to change the Extension NAT setting from YES (current setting) to NAT = 1

Inorder to change this i assume the file sip_custom_post.conf should be modified, and a couple of lines should be added the 1st to remove the existing setting, the 2nd to add the new setting ie…

NAT = Yes

NAT = 1

Is this the correct method ? or is only the (+) line required, ie overwriting the previous setting

Does anyone else have any sugsestions on resolving a my double natting problem ?

Thank you

You need to fully explain your “2 router” setup. Chances are you have a fundamental design flaw in your network.

NAT=1 is not a valid setting.

Below is the documentation on Asterisk and NAT, Please not lines 721 and 722, it does not mention trying random settings you found on a post somewhere.

;----------------------------------------- NAT SUPPORT ------------------------
720 ;
721 ; WARNING: SIP operation behind a NAT is tricky and you really need
722 ; to read and understand well the following section.
723 ;
724 ; When Asterisk is behind a NAT device, the "local" address (and port) that
725 ; a socket is bound to has different values when seen from the inside or
726 ; from the outside of the NATted network. Unfortunately this address must
727 ; be communicated to the outside (e.g. in SIP and SDP messages), and in
728 ; order to determine the correct value Asterisk needs to know:
729 ;
730 ; + whether it is talking to someone "inside" or "outside" of the NATted network.
731 ;   This is configured by assigning the "localnet" parameter with a list
732 ;   of network addresses that are considered "inside" of the NATted network.
734 ;   Multiple entries are allowed, e.g. a reasonable set is the following:
735 ;
736 ;      localnet= ; RFC 1918 addresses
737 ;      localnet=      ; Also RFC1918
738 ;      localnet=           ; Another RFC1918 with CIDR notation
739 ;      localnet= ; Zero conf local network
740 ;
741 ; + the "externally visible" address and port number to be used when talking
742 ;   to a host outside the NAT. This information is derived by one of the
743 ;   following (mutually exclusive) config file parameters:
744 ;
745 ;   a. "externaddr = hostname[:port]" specifies a static address[:port] to
746 ;      be used in SIP and SDP messages.
747 ;      The hostname is looked up only once, when [re]loading sip.conf .
748 ;      If a port number is not present, use the port specified in the "udpbindaddr"
749 ;      (which is not guaranteed to work correctly, because a NAT box might remap the
750 ;      port number as well as the address).
751 ;      This approach can be useful if you have a NAT device where you can
752 ;      configure the mapping statically. Examples:
753 ;
754 ;        externaddr =          ; use this address.
755 ;        externaddr =     ; use this address and port.
756 ;        externaddr =   ; Public address of my nat box.
757 ;        externtcpport = 9900   ; The externally mapped tcp port, when Asterisk is behind a static NAT or PAT. 
758 ;                               ; externtcpport will default to the externaddr or externhost port if either one is set. 
759 ;        externtlsport = 12600  ; The externally mapped tls port, when Asterisk is behind a static NAT or PAT.
760 ;                               ; externtlsport port will default to the RFC designated port of 5061.	
761 ;
762 ;   b. "externhost = hostname[:port]" is similar to "externaddr" except
763 ;      that the hostname is looked up every "externrefresh" seconds
764 ;      (default 10s). This can be useful when your NAT device lets you choose
765 ;      the port mapping, but the IP address is dynamic.
766 ;      Beware, you might suffer from service disruption when the name server
767 ;      resolution fails. Examples:
768 ;
769 ;       ; refreshed periodically
770 ;        externrefresh=180               ; change the refresh interval
771 ;
772 ;   Note that at the moment all these mechanism work only for the SIP socket.
773 ;   The IP address discovered with externaddr/externhost is reused for
774 ;   media sessions as well, but the port numbers are not remapped so you
775 ;   may still experience problems.
776 ;
777 ; NOTE 1: in some cases, NAT boxes will use different port numbers in
778 ; the internal<->external mapping. In these cases, the "externaddr" and
779 ; "externhost" might not help you configure addresses properly.
780 ;
781 ; NOTE 2: when using "externaddr" or "externhost", the address part is
782 ; also used as the external address for media sessions. Thus, the port
783 ; information in the SDP may be wrong!
784 ;
785 ; In addition to the above, Asterisk has an additional "nat" parameter to
786 ; address NAT-related issues in incoming SIP or media sessions.
787 ; In particular, depending on the 'nat= ' settings described below, Asterisk
788 ; may override the address/port information specified in the SIP/SDP messages,
789 ; and use the information (sender address) supplied by the network stack instead.
790 ; However, this is only useful if the external traffic can reach us.
791 ; The following settings are allowed (both globally and in individual sections):
792 ;
793 ;        nat = no                ; Default. Use rport if the remote side says to use it.
794 ;        nat = force_rport       ; Force rport to always be on.
795 ;        nat = yes               ; Force rport to always be on and perform comedia RTP handling.
796 ;        nat = comedia           ; Use rport if the remote side says to use it and perform comedia RTP handling.
797 ;
798 ; 'comedia RTP handling' refers to the technique of sending RTP to the port that the
799 ; the other endpoint's RTP arrived from, and means 'connection-oriented media'. This is
800 ; only partially related to RFC 4145 which was referred to as COMEDIA while it was in
801 ; draft form. This method is used to accomodate endpoints that may be located behind
802 ; NAT devices, and as such the port number they tell Asterisk to send RTP packets to
803 ; for their media streams is not actual port number that will be used on the nearer
804 ; side of the NAT.
805 ;
806 ; In addition to these settings, Asterisk *always* uses 'symmetric RTP' mode as defined by
807 ; RFC 4961; Asterisk will always send RTP packets from the same port number it expects
808 ; to receive them on.
809 ;
810 ; The IP address used for media (audio, video, and text) in the SDP can also be overridden by using
811 ; the media_address configuration option. This is only applicable to the general section and
812 ; can not be set per-user or per-peer.
813 ;
814 ; media_address =
815 ;
816 ; Through the use of the res_stun_monitor module, Asterisk has the ability to detect when the
817 ; perceived external network address has changed.  When the stun_monitor is installed and
818 ; configured, chan_sip will renew all outbound registrations when the monitor detects any sort
819 ; of network change has occurred. By default this option is enabled, but only takes effect once
820 ; res_stun_monitor is configured.  If res_stun_monitor is enabled and you wish to not
821 ; generate all outbound registrations on a network change, use the option below to disable
822 ; this feature.
823 ;
824 ; subscribe_network_change_event = yes ; on by default
826 ;----------------------------------- MEDIA HANDLING --------------------------------
827 ; By default, Asterisk tries to re-invite media streams to an optimal path. If there's
828 ; no reason for Asterisk to stay in the media path, the media will be redirected.
829 ; This does not really work well in the case where Asterisk is outside and the
830 ; clients are on the inside of a NAT. In that case, you want to set directmedia=nonat.
831 ;
832 ;directmedia=yes                ; Asterisk by default tries to redirect the
833                                 ; RTP media stream to go directly from
834                                 ; the caller to the callee.  Some devices do not
835                                 ; support this (especially if one of them is behind a NAT).
836                                 ; The default setting is YES. If you have all clients
837                                 ; behind a NAT, or for some other reason want Asterisk to
838                                 ; stay in the audio path, you may want to turn this off.
840                                 ; This setting also affect direct RTP
841                                 ; at call setup (a new feature in 1.4 - setting up the
842                                 ; call directly between the endpoints instead of sending
843                                 ; a re-INVITE).
845                                 ; Additionally this option does not disable all reINVITE operations.
846                                 ; It only controls Asterisk generating reINVITEs for the specific
847                                 ; purpose of setting up a direct media path. If a reINVITE is
848                                 ; needed to switch a media stream to inactive (when placed on
849                                 ; hold) or to T.38, it will still be done, regardless of this 
850                                 ; setting. Note that direct T.38 is not supported.
852 ;directmedia=nonat              ; An additional option is to allow media path redirection
853                                 ; (reinvite) but only when the peer where the media is being
854                                 ; sent is known to not be behind a NAT (as the RTP core can
855                                 ; determine it based on the apparent IP address the media
856                                 ; arrives from).
858 ;directmedia=update             ; Yet a third option... use UPDATE for media path redirection,
859                                 ; instead of INVITE. This can be combined with 'nonat', as
860                                 ; 'directmedia=update,nonat'. It implies 'yes'.
862 ;directrtpsetup=yes             ; Enable the new experimental direct RTP setup. This sets up
863                                 ; the call directly with media peer-2-peer without re-invites.
864                                 ; Will not work for video and cases where the callee sends
865                                 ; RTP payloads and fmtp headers in the 200 OK that does not match the
866                                 ; callers INVITE. This will also fail if directmedia is enabled when
867                                 ; the device is actually behind NAT.
869 ;directmediadeny=      ; Use directmediapermit and directmediadeny to restrict 
870 ;directmediapermit=; which peers should be able to pass directmedia to each other
871                                 ; (There is no default setting, this is just an example)
872                                 ; Use this if some of your phones are on IP addresses that
873                                 ; can not reach each other directly. This way you can force 
874                                 ; RTP to always flow through asterisk in such cases.
876 ;ignoresdpversion=yes           ; By default, Asterisk will honor the session version
877                                 ; number in SDP packets and will only modify the SDP
878                                 ; session if the version number changes. This option will
879                                 ; force asterisk to ignore the SDP session version number
880                                 ; and treat all SDP data as new data.  This is required
881                                 ; for devices that send us non standard SDP packets
882                                 ; (observed with Microsoft OCS). By default this option is
883                                 ; off.
885 ;sdpsession=Asterisk PBX        ; Allows you to change the SDP session name string, (s=)
886                                 ; Like the useragent parameter, the default user agent string
887                                 ; also contains the Asterisk version.
888 ;sdpowner=root                  ; Allows you to change the username field in the SDP owner string, (o=)
889                                 ; This field MUST NOT contain spaces
890 ;encryption=no                  ; Whether to offer SRTP encrypted media (and only SRTP encrypted media)
891                                 ; on outgoing calls to a peer. Calls will fail with HANGUPCAUSE=58 if
892                                 ; the peer does not support SRTP. Defaults to no.