Hi,
I would like to raise the following question:
The situation:
- an Asterisk is behind a firewall (basic firewall, eg. IP-Tables) on a public static address
- on the other end is an SIP-Phone, mostly behind a firewall
e.g.:
Asterisk 1.4 --- NAT/Firewall --- INTERNET --- SIP-Phone
--- NAT/Firewall (dynamic IP) --- SIP-Phone (with STUN)
--- SIP-Phone (wthout STUN, e.g. Nokia E61)
I've seen it is possible to use it this way: "Masquerading an Asterisk box".
But please can you explain what is necessary to speak SIP with the mentioned Asterisk BOX.
What about STUN, what about RTP (maybe secure Registration + SRTP).
Thanks for any advise
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The "Masquerading an Asterisk box" refers to the following scenario:
Asterisk Box ---- NAT+siproxd ---- Internet
So this should allow you to overcome the NAT on the Asterisk side. Then on the client side (SIP Phones) you would need again a siproxd (or try if STUN works - it depends a lot of the type of NAT you have).
So the "fully siproxd featured" situation then looks:
Asterisk --- Siproxd+NAT ---- Internet ---- NAT+Siproxd --- SIP Phone
Siproxd does allow you to overcome NAT traversal on the local side only, it is not a "far side NAT traversal" solution (it does not fix SIP dialogs that have been messed up by NAT on the remote side).
About secure SIP and secure RTP:
Siproxd does not support Secure SIP. SRTP *should* work, as siproxd only does the forwarding of RTP traffic and does not manipulate anything.
Regards,
/Thomas
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have a similar situation where Asterisk is behind a Smoothwall Express 3 NAT router and several remote phones are behind other Smoothwall Express 3 routers. I turned on siproxd in the two remote locations and phones are able to register and pass traffic without port forwarding, STUN, etc.
Now I'm wondering about the Asterisk server side. At the moment siproxd is OFF on that firewall. I've got 5060 and the RTP range 10000-20000 port forwarded to the Asterisk box. I've got sip_nat.conf configured as follows:
Thanks for your clarification.
But this would mean something like http://www.dd-wrt.com on the client side (if this would be an office etc.). But in this case I can use IAX (Intra-Company / Asterisk to Asterisk) which is far easier to handle. In this case there is no need to have a proxy.
Only if you are on the road!! it is not very easy as you want to use a normal reachable (typically a SIP) hard phone and not an IAX softphone...
And for the Asterisk side I would concentrate on IAX providers, so there are no concerns regarding SIP.
I am not sure why SIP makes the deal whereas IAX is not very welcomed...
Thanks in dead
Jochen
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
> I am not sure why SIP makes the deal whereas IAX is not very welcomed...
As far as I know, IAX is a "proprietary" (not an IETF standard) protocol (although it is open and documented), whereas SIP is an IETF standard. Also, I think SIP was first and IAX came later on, taking care of some issues that have been observed with SIP (i.e. NAT issues)
I *think* there are some VoIP hardphones on the market that do support the IAX protocol (SNOM?).
If you have one central SIP Registrar (Asterisk for example) and a lot of moving road warriors, you could also imagine to use an VPN tunnel (e.g. OpenVPN) to connect to the Asterisk machine.
Asterisk -- OpenVPN =====Internet===== Sip Phone w/ OpenVPN support
Again, SNOM 370 seems to support that. Seems that I have to look for some money to get my hands on one of those...
Regards,
/Thomas
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
thanks - SNOM also has ICE (which deals with NAT issues) but is an SIP-Phone.
I like the typical European design.
I just bought (or better some month ago) an Cisco 7970 which is terrible to configure (because of no existing documentation beside some communities like voip.org, etc.). But it's also SIP and so you need a proxy on your location.
On the road you will find typically IP-limitations in hotels e.g. or in some companies where you are working.
Also I am not quite sure if open VPN gives you the necessary voice quality you need (jitter, delay, etc.). But I will give it a try.
But what I am looking for would be ideally an DECT/IAX Phone which not exists on the world :-(
Only plug in, let open only ONE firewall port, that's it.
Best regards Jochen
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
I would like to raise the following question:
The situation:
- an Asterisk is behind a firewall (basic firewall, eg. IP-Tables) on a public static address
- on the other end is an SIP-Phone, mostly behind a firewall
e.g.:
Asterisk 1.4 --- NAT/Firewall --- INTERNET --- SIP-Phone
--- NAT/Firewall (dynamic IP) --- SIP-Phone (with STUN)
--- SIP-Phone (wthout STUN, e.g. Nokia E61)
I've seen it is possible to use it this way: "Masquerading an Asterisk box".
But please can you explain what is necessary to speak SIP with the mentioned Asterisk BOX.
What about STUN, what about RTP (maybe secure Registration + SRTP).
Thanks for any advise
The "Masquerading an Asterisk box" refers to the following scenario:
Asterisk Box ---- NAT+siproxd ---- Internet
So this should allow you to overcome the NAT on the Asterisk side. Then on the client side (SIP Phones) you would need again a siproxd (or try if STUN works - it depends a lot of the type of NAT you have).
So the "fully siproxd featured" situation then looks:
Asterisk --- Siproxd+NAT ---- Internet ---- NAT+Siproxd --- SIP Phone
Siproxd does allow you to overcome NAT traversal on the local side only, it is not a "far side NAT traversal" solution (it does not fix SIP dialogs that have been messed up by NAT on the remote side).
About secure SIP and secure RTP:
Siproxd does not support Secure SIP. SRTP *should* work, as siproxd only does the forwarding of RTP traffic and does not manipulate anything.
Regards,
/Thomas
I have a similar situation where Asterisk is behind a Smoothwall Express 3 NAT router and several remote phones are behind other Smoothwall Express 3 routers. I turned on siproxd in the two remote locations and phones are able to register and pass traffic without port forwarding, STUN, etc.
Now I'm wondering about the Asterisk server side. At the moment siproxd is OFF on that firewall. I've got 5060 and the RTP range 10000-20000 port forwarded to the Asterisk box. I've got sip_nat.conf configured as follows:
nat=yes
externhost=my-fqdn
externrefresh=10
localnet=192.168.10.0/255.255.255.0
Two things are unclear to me:
1) can I eliminate the port forwards and use siproxd instead, and
2) what corresponding changes I need to change in the asterisk config
I would really appreciate some guidance on this.
Many thanks,
Randy
Thanks for your clarification.
But this would mean something like http://www.dd-wrt.com on the client side (if this would be an office etc.). But in this case I can use IAX (Intra-Company / Asterisk to Asterisk) which is far easier to handle. In this case there is no need to have a proxy.
Only if you are on the road!! it is not very easy as you want to use a normal reachable (typically a SIP) hard phone and not an IAX softphone...
And for the Asterisk side I would concentrate on IAX providers, so there are no concerns regarding SIP.
I am not sure why SIP makes the deal whereas IAX is not very welcomed...
Thanks in dead
Jochen
> I am not sure why SIP makes the deal whereas IAX is not very welcomed...
As far as I know, IAX is a "proprietary" (not an IETF standard) protocol (although it is open and documented), whereas SIP is an IETF standard. Also, I think SIP was first and IAX came later on, taking care of some issues that have been observed with SIP (i.e. NAT issues)
I *think* there are some VoIP hardphones on the market that do support the IAX protocol (SNOM?).
If you have one central SIP Registrar (Asterisk for example) and a lot of moving road warriors, you could also imagine to use an VPN tunnel (e.g. OpenVPN) to connect to the Asterisk machine.
Asterisk -- OpenVPN =====Internet===== Sip Phone w/ OpenVPN support
Again, SNOM 370 seems to support that. Seems that I have to look for some money to get my hands on one of those...
Regards,
/Thomas
Hi,
thanks - SNOM also has ICE (which deals with NAT issues) but is an SIP-Phone.
I like the typical European design.
I just bought (or better some month ago) an Cisco 7970 which is terrible to configure (because of no existing documentation beside some communities like voip.org, etc.). But it's also SIP and so you need a proxy on your location.
On the road you will find typically IP-limitations in hotels e.g. or in some companies where you are working.
Also I am not quite sure if open VPN gives you the necessary voice quality you need (jitter, delay, etc.). But I will give it a try.
But what I am looking for would be ideally an DECT/IAX Phone which not exists on the world :-(
Only plug in, let open only ONE firewall port, that's it.
Best regards Jochen