Summary:ASTERISK-02891: IAX2 transfers fails when one party is behind nat and iax port isn't dnat'ed inside
Reporter:Matteo Brancaleoni (mbrancaleoni)Labels:
Date Opened:2004-11-26 04:49:31.000-0600Date Closed:2011-06-07 14:10:22
Versions:Frequency of
Description:iax2 transfers fails in the scenario below:
SERVER is on a public IP
CLIENT is on a lan, nat'ed, but iax2 port is not dnat'ed inside
from the client gw to CLIENT.
ClENT calls SERVER whic calls SERVER2. Now transfer is tried
between CLIENT and SERVER2, but fails.

looking into iax2 debug I've found the following:
SERVER asks CLIENT and SERVER2 to transfer
both starts transfer procedure, but:
SERVER2 can't connect to CLIENT since is behind nat.
but CLIENT can connect SERVER2, and we see TXCNT packets
arriving on SERVER2 with correct transferid.
BUT, since CLIENT is behind nat and the transfer request
is a 2nd call, SERVER2 sees TXCNT pkts arriving from a different CLIENT port (but with correct trasnferid),
thus ignoring them and leading to transfer failure.

I think that is such cases, iax2 should work only on transferid, ignoring at least CLIENT port.

Don't know right now how and if this can be fixed.

****** STEPS TO REPRODUCE ******

just put a server on a public ip and a client on a nat'ed one
(but don't dnat iax port to the client)


Don't tried on CVS but I think the issue is the same.
Comments:By: Brian West (bkw918) 2004-11-30 00:20:28.000-0600

This is a config issue.  Please join #asterisk for help.... you'll need to forward 4569 otherwise it will fail.