Date: Sat, 12 Jun 2021 01:34:33 +0200 From: Harry Schmalzbauer <freebsd@omnilan.de> To: David Mehler <dave.mehler@gmail.com>, freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: FreeBSD, Asterisk 16, pf, and pjsip, nat Message-ID: <c3a25ca8-12c1-1352-4438-d200e93f532c@omnilan.de> In-Reply-To: <CAPORhP4nb_a5gFwpgk5zXKuKN48yOYCv1vjKyuZaYMxFZjMXaQ@mail.gmail.com> References: <CAPORhP4nb_a5gFwpgk5zXKuKN48yOYCv1vjKyuZaYMxFZjMXaQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 09.03.2019 um 22:49 schrieb David Mehler: > Hello, > > I'm running Asterisk 16 via ports on a FreeBSD 11 system. I'm running > pf and believe I have things correct, I'm allowing ports UDP 5060 and > 5061, as well as for rtp UDP 10000 to 20000 through. I'm running this > on a vps with an public IP, it is not natted. My local connection to > the internet is behind a natted cable modem. I can connect via soft > phone to the asterisk sip server, says account ready. Everything works > except audio. I believe I'm having a nat issue as the connecting : : : > Suggestions welcome. I had a similar issue today. Mine was suspicious to NAT too, but turned out to be a source selection problem of the RTP socket. Solution came from: https://community.asterisk.org/t/pjsip-no-audo-port-unreachable/79482 (haven't read the whole thread/problem descrition, but these are the originally well formatted finalizing lines: So I tried adding to the endpoint config: media_address=10.0.0.202 bind_rtp_to_media_address=yes ) Last time I checked with asterisk's SIP configuration was a decade ago for chan_sip. Today, there are many copy'n'paste templates out there - more or less correct and more or less outdated - but all of them almost completely lack any documentation/description/defaults. I'd like to share what I collected so far for the pjsip module to setup an outbound registration and RTP peering with asterisk 18, with details for SIP-trunk of Deutsche Telekom. Hopefully the one or the other comment helps fellows finding out the right thing to do. Might look confusing at a first sight, but I think there's no single superflous word and hopefully nothing missing aswell... Your welcome to add blank lines yourself for better reading, but order/blocks should reflect dependencies/relations. ; pjsip-registrations.conf ; ; To be included by pjsip.conf. ; This separate config file is used to define REGISTER relevant sections ; describing 3rd party telco peers (DeutschlandLAN SIP-Trunk by Telekom). ; For easier maintenance, we also define the corresponding endpoint(s) here! ; ; Created based on Asterisk 18 available documentation and 1TR118, published by ; Telekom Deutschland GmbH (https://www.telekom.de/hilfe/downloads/1tr118.pdf. ; Any non-self-explaning parameters are documented, hence it doesn't look ; too user friendly, but it is if you want/need to adjust! ; ; see xten/globalvars.conf for the following variables: ;internationalPrefix=+ ;localCountryCode=49 ;nationalPrefix=0 ;localAreaCode=89 ;telcolink1=SIP/telekom_trunk10SITE1 ;PSTNpnTrunk1=181 (pilot number only) ;and $idpfxTelco1 to match 'contact_user'. ;------ TRANSPORTS for PSTN/remote peers ------ [NATv4plain_tcp] type=transport protocol=tcp ;udp,tcp,tls,ws,wss,flow bind=192.0.2.140 ;${nativeIPv4address} local_net=192.0.2.0/24 local_net=127.0.0.1/32 external_media_address=198.51.100.5 ;${publicIPv4address} external_signaling_address=198.51.100.5 ;${publicIPv4address} ; ; REGISTER ; [telcolink1] type=registration transport=NATv4plain_tcp ;match your arbitrary (but suitable) definition server_uri=sip:sip-trunk.telekom.de ;(sip:sip-trunk.telekom.de:5060) outbound_auth=telcolink1_181trunk10 ;match your arbitrary definition auth_rejection_permanent=no ;non-critical (default=yes) max_retries=5 ;non-critical (default=10) retry_interval=45 ;non-critical (default=60) forbidden_retry_interval=90 ;non-critical (default=0) expiration=120 ;(480=t-online, 120=telekom, default=3600) outbound_proxy=sip:reg.sip-trunk.telekom.de ; provider dependent _URI_! ;_client_uri_: ; Both header fields "From:" and "To:" of the REGISTER message are composed ; from the 'client_uri' variable. ; According to 1TR118, for the (NGN) SIP-trunk, one of the routable and ; customer specific provisioned E.164 prefix numbers (number blocks, ; pilot number) must be used (${internationalPrefix}${localAreaCode}${PSTNpn}) client_uri=sip:+49228181@sip-trunk.telekom.de ;not appending port (:5060) ;_contact_user_: ; The "Contact:" header field of REGISTER messages is composed of it's value. ; RFC 3261 specifies that a FQTN@ part is to be used, while RFC 6140 requires ; a IP socket to be defined (Contact:sip:164.168.138.1:5060;bnc e.g.). ; pjsip appends @IPboundto:5060,;transport=${TRANSPORT->protocol} to ; 'contact_user'. There is currently no possibility to define the complete ; "Contact:" header fiels, so RFC 6140 is not supported as of asterisk 18. ; IMPORTANT: Telekom (SIP-Trunk) respects the "Contact:" header sent within ; our registration message. What we define with 'contact_user' will be ; used for all provider initiated messages, like INVITE messages. contact_user=+49228181 ;To be set according to idpfxTelcoN definition ;(in xten/globalvars.conf)!!! line=yes ; Telekom supports line parameter in the Contact: header field endpoint=telekom_trunk10SITE1 ;This defines the endpoint to use for messages ;containing the negotiated line parameter for ;our registration ; ; authentication object(s) ; [telcolink1_181trunk10] type=auth auth_type=userpass ;md5 unavailable (handle_client_registration(void *)): ; Failed to set initial authentication credentials ;Take care of file permissions! username=550123456789 password=hgfedcba realm=sip-trunk.telekom.de ; ; endpoint (B2BUA to telco provider - receiving calls) ; [telekom_trunk10SITE1] ; 0228-181 0-9 Telekom DeutschlandLAN SIP-Trunk type=endpoint aors=telekom_trunk10SITE1 ;where to look whom to send outgoing calls to context=pstn_incoming ;where to look for incoming calls identify_by=header,ip ;this is fallback order for identify sections only, ;we define line/endpoint during registration! allow_unauthenticated_options=yes ;RFC 3261 requires OPTIONS to be handled ;like INVITE (default=no) allow_subscribe=yes allow=!all,g722,g726,alaw ;NGN SIP-Trunk consistently uses g722 as of 2021 dtmf_mode=auto ;(default=rfc4733) SIP INFO is unsupported with NGN SIP-Trunk, ;auto uses INBAND if rfc4733 fails (auto_info was valid too) outbound_auth=telcolink1_181trunk10 ;match your arbitrary definition outbound_proxy=sip:reg.sip-trunk.telekom.de ;provider dependent _URI_! timers=no ;Session timers for SIP packets (default=yes) ;force_rport=yes ;Force use of return port (default=yes) ;ice_support=no ;no NAT traversal help needed, see 1TR118 (default=no) ; --- NAT specific endpoint settings (NGN/SIP-Trunk) ------------------------- rewrite_contact=yes ;(default=no) sdp contact fields become (transport) ; external_media_address, header contact field becomes ; external_signaling_address (as defined in transport). disable_direct_media_on_nat=yes ;no direct_mediasession refreshes (default=no) ; ---------------------------------------------------------------------------- ;direct_media=no ;default=yes, we do disable direct_media_on_nat, keep ; allowed for non-NAT (IPv6). ;rtp_symmetric=yes ;ignore c= and m= of sdp, send media back to source IP. ;Recommended for dynamic IPv4 and NAT environments. ;Not necessary if external_media_address matches static ;IPv4 and rewrite_contact=yes rtp_keepalive=15 ;seconds between RTP comfort noise keepalive packets rtp_timeout=30 ;terminate call if no RTP (while off hold) is exceeded rtp_timeout_hold=7200 ;allowed time for calls on hold before terminating ; all RTP timeout values above are '0' by default (no timeout) ignore_183_without_sdp=yes ;cosmetic (default=no) sdp_session=OmniPBX (pjsip-ast18) ;.------ Special tuning, needed only for FreeBSD jails without vimage -------. ; If peer receives no media and 'rtp set debug on' reveals negative length for ; correct IP in "Sent RTP packet to", you want these two lines: media_address=192.0.2.140 ;specify the (source) IP of the interface to be bind_rtp_to_media_address=yes ;used for RTP (pre-NAT) and tie socket to it. ; '----- (rtp media transmitted on wrong interface) -------------------------' asymmetric_rtp_codec=yes ;TO BE OBSERVED: Differing codecs for receiving ;and sending media shouldn't cause any problems. ;send_pai=no ;default=no, we add PPI using dialplan function PJSIP_HEADER() from_user=+492281810 ;always append 0 to pilot number from_domain=site1.example.org ;will be replaced by NGN (@telekom.de) contact_user=+49228181 ;To be set according to idpfxTelcoN definition ;(in xten/globalvars.conf)!!! language=de ;which IVR subdirectories to use e.g. ; ; Address of Records, the location information(s) for endpoints to use outbound ; [telekom_trunk1SITE1] type=aor outbound_proxy=sip:reg.sip-trunk.telekom.de ;used for sending OPTIONS request ;_contact_: ; Permanent contacts assigned to AoR (endpoints use this location(s) URI(s) to ; send calls to). contact=sip:+49228181@sip-trunk.telekom.de ;consistent with contact_user default_expiration=600 ;default=3600 qualify_frequency=180 ;default=0 ; ; Identify (endpoints selection criterias for inbound requests) ; [telekom_trunk10SITE1] type=identify ;srv_lookups=no ;lookup _sip._udp, _sip._tcp, and _sips._tcp (defaults to yes) ;match=reg.sip-trunk.telekom.de ;IP or hostname (exapmple:'[2001:db8:0::1]:5060') match_header=To: /181.*@sip-trunk.telekom.de/ ;/.../ means regex endpoint=telekom_trunk10SITE1 ;match your arbitrary definition
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c3a25ca8-12c1-1352-4438-d200e93f532c>