Summary:ASTERISK-10994: Asterisk providing SIP proxy with incorrect routing information
Reporter:Patrick Baker (patbaker82)Labels:
Date Opened:2007-12-07 16:17:11.000-0600Date Closed:2008-03-03 11:57:36.000-0600
Versions:Frequency of
Environment:Attachments:( 0) analysis.txt
( 1) sip-debug.txt
( 2) sip-tcpdump.txt
( 3) sip-tcpdump-pcap
Description:In attempts to setup asterisk with openSER, I've encountered many issues with asterisk providing incorrect information to the proxy.  In turn the proxy is attempting to use provided information and unable to communicate ACKS and BYE messages back to asterisk.


## SIP.CONF ###



### NOTES ###
SIP client:
PUBLIC-IP: xxx.206.xxx.136

In this current setup, when an INVITE is sent to asterisk and the INVITE is coming from the "localnet", from bug 0008821, I would assume setting "matchexterniplocally=yes" would replace the contact header and SDP with the localIP  Instead it seams to be replaced with the externip and since the SIP client is within the localnet it will not be able to route back out and in the firewall ( elbow route ).

I've also attempted to turn off "matchexterniplocally", with no success.  I've also played with the nat settings as well.  The only resolution that I can find is to comment out the "externip", but unfortunately this breaks clients existing outside the local network.

I will attach SIP debug and SIP tcpdump information to outline the issue more.
Comments:By: Patrick Baker (patbaker82) 2007-12-12 11:08:47.000-0600

Has anyone had a chance to peak at this?

By: Patrick Baker (patbaker82) 2007-12-13 12:02:58.000-0600

It would appear with SVN r92526 the reverse is happening.  Internal clients are now working again, but external clients are having issues responding with ACK / BYE messages as previously stated.

By: a3ulafia (a3ulafia) 2007-12-13 13:41:23.000-0600

get rid of nat=yes

By: Patrick Baker (patbaker82) 2007-12-14 10:44:57.000-0600

Please review the analysis.txt.

Removing nat=yes did not resolve the issue.

It would appear that asterisk isn't handling NAT for media correctly.  The contact address in the sdp is not being changed from the 10.x private address.

By: Joshua C. Colp (jcolp) 2008-01-15 20:56:41.000-0600

So here's the issue:

Asterisk determines whether something is local or not by looking at the IP address the packet was received from. Since you are using a SIP proxy in between the outside world and the inside world Asterisk has no idea that it actually came from the outside, to it it came from the proxy (as it did).

Is this a bug? Sure, unique to your specific scenario and setup currently. Presently I can't think of a way to solve it either.

By: Olle Johansson (oej) 2008-01-22 09:29:53.000-0600

Why don't you use NAThelper in OpenSER to do the translation for you? Using externip in combination with SER seems very messy.

By: Olle Johansson (oej) 2008-01-22 09:34:33.000-0600

A patch that could solve this would be to parse the via header, the bottom via header indicates the address of the actual device. But that would require some extra coding.

With a proxy in between, NAT=yes can be bad, depending on the layout of your network.

By: Patrick Baker (patbaker82) 2008-01-25 10:40:44.000-0600

Thank you all for your comments.  

To be "matter of fact", would the recommendation be to configure this within the NATHelper module of openser as suggested, or take the route of fixing the bug within Asterisk.  I feel from the comments that their is a teetering balance of which route to take.


By: Joshua C. Colp (jcolp) 2008-03-03 11:57:08.000-0600

I'll step in here and make the final decision for this... in your scenario it is much better to do the NAT handling at your proxy instead of Asterisk.