Summary:ASTERISK-12371: [patch] sip_nat_settings - script to generate externip and localnet
Reporter:Tzafrir Cohen (tzafrir)Labels:
Date Opened:2008-07-13 01:23:07Date Closed:2009-01-09 17:24:06.000-0600
Versions:Frequency of
Environment:Attachments:( 0) sip_nat_settings
( 1) sip_nat_settings_2
( 2) sip_nat_settings_3
( 3) sip_nat_settings_4
( 4) sip_nat_settings_5
( 5) sip_nat_settings_6
Description:If an Asterisk system is behind NAT, SIP calls outside will usually have no audio unless externip and localnet are set.

In most cases (a single network interface) it is possible to give a sane value for localnet. figuring out externip cannot be done locally. I simply ended up asking http://whatismyip.org/ (and big thanks to whoever set it up).

Naturally those are sane defaults only if I know in advance that the system is behind NAT.

I used it with asterisk 1.4 on several occasions. AFAIK it is still needed (and with the same ocnfiguration directives) in trunk.

Example output:

externip =
localnet =
Comments:By: Tilghman Lesher (tilghman) 2008-07-13 11:38:51

Output on FreeBSD:
usage: ifconfig interface address_family [address [dest_address]]
      ifconfig -a [-d] [-u] [address_family]
      ifconfig -l [-d] [-u] [address_family]</pre>

By: Tzafrir Cohen (tzafrir) 2008-07-13 12:26:15

It looks like it is not trivial to make it work on other OSes. Maybe commit it as is, and wait for a patch to fix it for a different OS, if any?

I bet that the output format on FreeBSD is different enough to make the filtering line fail.

(after all, it is just a silly helper script)

something in the lines of:
case `uname -s` in
FreeBSD) do something # is that the right name?
*) current case

By: Tilghman Lesher (tilghman) 2008-07-13 12:57:08

For me to commit this, I would need reasonable output on other OSes.  Perhaps make it output only on Linux and for all other OSes, print a warning.

By: Michiel van Baak (mvanbaak) 2008-07-13 12:58:35

This is how OpenBSD outputs interface info with ifconfig:

$ /sbin/ifconfig trunk0
lladdr 00:15:58:c6:24:d8
trunk: trunkproto loadbalance
trunkport wpi0 active
trunkport em0 active
groups: trunk egress
media: Ethernet autoselect
status: active
inet6 fe80::215:58ff:fec6:24d8%trunk0 prefixlen 64 scopeid 0x5
inet netmask 0xffffff00 broadcast
inet6 2001:888:152c:0:215:58ff:fec6:24d8 prefixlen 64 autoconf pltime 604533 vltime 2591733

By: Michiel van Baak (mvanbaak) 2008-07-15 17:12:32

Fixed the OpenBSD part for you :)

By: Michiel van Baak (mvanbaak) 2008-07-16 01:29:58

localnet should be ip/subnetmask instead of just the subnetmask.

The linux part did this already. Now the OpenBSD part as well.
As with the linux part, use the broadcast address instead of the interface's assigned specific ip address.

By: Donny Kavanagh (donnyk) 2008-07-17 11:33:49

I'm curious if this is even necessary given the existence of externhost & a dynamic dns client updater of some sort?

By: Tzafrir Cohen (tzafrir) 2008-07-17 11:59:28

Depends on your setup. In my case I'm behind a static IP address in both cases.

anyway, the localnet part would still be required.

Now that you mention it, if one has a dynamic IP address, the output of the script will work on first shot, but fail later. And this is misleading. Unless oyu know what you're doing.

So maybe:

;externhost = get-yourself-a-name-from.dyndns.org
externip =
localnet =

Anyway, I don't feel strongly either way (this is just a silly little script, after all).

By: Michiel van Baak (mvanbaak) 2008-07-17 12:36:59

now that it works we put this script into our vm applience image.
Customers can simply boot it, and everything will be setup for them.
Maybe we are lucky, but all business connections (dsl and cable) come with static ip.

Oh, it also eases setup for our guys if we do the install etc ourselves.
With this little script we dont have to copy/paste or handcopy the external ip and stuff.

By: Michiel van Baak (mvanbaak) 2008-07-19 06:16:55

new version of this script

- OpenBSD and FreeBSD have the same output in ifconfig
- dont exit with code 1 in the Open/FreeBSD part
- dont echo externip= when we have an unsupported OS

Tested on OpenBSD 4.3, OpenBSD 4.4-beta and FreeBSD 7-STABLE

By: Paul Belanger (pabelanger) 2008-07-19 11:15:04

Problems running v5 on FreeBSD 6.2-RELEASE-p8.

> ./sip_nat_settings
wget: not found
externip =
./sip_nat_settings: arithmetic expression: syntax error: "0xffffff00

wget is not installed by default, it has to be installed via the ports. fetch is the default client.

By: Michiel van Baak (mvanbaak) 2008-10-04 18:04:40

New version that checks for wget and/or fetch
Also, the bitstuff is not working on older versions of ksh and/or tcsh so add a check for Freebsd 7 or newer.

How is this ?
Can we get this in ?

By: dovid (dovid) 2008-10-07 13:35:44

If your DNS is not working (for instance if I set wwww.whatismyip.org to another IP) I get:
externip =
localnet =

Wouldn't we want some error in case their DNS goes down or if the users DNS has issues ? Seems to be taking a chance on relying on one URL.

By: Paul Belanger (pabelanger) 2008-10-08 01:11:01

>  ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:1e:c9:bb:f4:2b
         inet addr:  Bcast:  Mask:
         RX packets:5496484 errors:0 dropped:0 overruns:0 frame:0
         TX packets:6981446 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:3948404552 (3.6 GB)  TX bytes:4141116534 (3.8 GB)

> sh ./sip_nat_settings_6
externip =
localnet =

Question: shouldn't the localnet actually be for the network?  Not the broadcast?

By: Leif Madsen (lmadsen) 2009-01-09 13:46:47.000-0600

Ping! Anyone have a couple spare cycles to resolve the last few remaining issues?

By: Michiel van Baak (mvanbaak) 2009-01-09 16:44:37.000-0600 and are the same.
The broadcast is most of the time the last ip in the range, and the network the first. The subnetmask is just a bitmask that indicates what the range is. and both come down to: 172.16.1/24

And since we can get the broadcast and the subnetmask this way it doesn't matter. It will work both ways.

As for the DNS failure thing: if DNS fails asterisk has more severe issues with that. Feel free to add some extra stuff to this script if you want, otherwise I'm ok with how it is now and vote for commit

By: Digium Subversion (svnbot) 2009-01-09 17:05:02.000-0600

Repository: asterisk
Revision: 168265

U   trunk/CHANGES
A   trunk/contrib/scripts/sip_nat_settings

r168265 | mvanbaak | 2009-01-09 17:05:02 -0600 (Fri, 09 Jan 2009) | 9 lines

Add a script to find out the correct settings for Asterisk behind NAT

(closes issue ASTERISK-12371)
Reported by: tzafrir
     sip_nat_settings uploaded by tzafrir (license 46)
     sip_nat_settings_6 uploaded by mvanbaak (license 7)
Tested by: tzafrir, pabelanger, Dovid and moi



By: Digium Subversion (svnbot) 2009-01-09 17:24:05.000-0600

Repository: asterisk
Revision: 168288

_U  branches/1.6.1/

r168288 | mmichelson | 2009-01-09 17:24:04 -0600 (Fri, 09 Jan 2009) | 16 lines

Blocked revisions 168265 via svnmerge

r168265 | mvanbaak | 2009-01-09 17:04:46 -0600 (Fri, 09 Jan 2009) | 9 lines

Add a script to find out the correct settings for Asterisk behind NAT

(closes issue ASTERISK-12371)
Reported by: tzafrir
     sip_nat_settings uploaded by tzafrir (license 46)
     sip_nat_settings_6 uploaded by mvanbaak (license 7)
Tested by: tzafrir, pabelanger, Dovid and moi