GO HERE Anveo Outgoing Help - No Audio either way - calls connect, does RTP channel connect?

[newvoiper]

For the benefit of anyone else looking at this thread later and needing to fight with a double nat'd environment, an epilogue: the configuration change needed to make Anveo work for me, also led to a double nat which broke my Tomato Router's ability to handle NAT Loopback on its own--it could no longer see the public IP address. As a result, the extensions became unable to dial each other, and all soft phones configured using my home network's FQDN, stopped working (natively) in my home network. I managed to fix these problems by manually adding two PREROUTING rules to my Tomato Router (using Tools-->System Commands). The rules that needed to be added looked like this:

iptables -t nat -A PREROUTING -i MyLANInterface -s LocalNetworkCDR -d MyPubIPCDR -p udp -m udp --dport 5060 -j DNAT --to-destination MyPrivIPofPBX

iptables -t nat -A PREROUTING -i MyLANInterface -s LocalNetworkCDR -d MyPubIPCDR -p udp -m udp --dport 5060 -j DNAT --to-destination MyPrivIPofPBX

Note: For FreshTomato, MyLANInterface is br0 (& no rule needed for wireless LAN interface called eth1).

@kenn10: As a non Tomato user who seems to know a lot about it, do you have any idea why these commands won't survive a reboot when I add them to the Firewall, Initialization, or WanUP sections of the Administration-->Scripts page?

 

[kenn10]

@newvoiper the operating system is stored in nvram. There are many discussions on the web about how to make iptables persistent but I don't know if there is a solution. You either need to get a decent router or change out to a modem that lets you do a true bridge mode. I'm fortunate to have had a cable modem all these years once I ditched AT&T many years ago. Even when I had a Ma Bell dsl modem, I could put it in a true bridge mode.

I guess you could try taking your telco router out of simulated bridge mode and put your PBX directly into the telco router. The PBX is protected by its own firewall and you could use your Tomato router for the rest of the house. Clearly the situation you are in will continue to be a nightmare so long as you double-NAT.

Again, I don't now what you're protecting in your house but you can always set up the PBX in the cloud and close access to the house from the outside. Set up an OpenVPN access or something for when you are away. As I recall, Tomato has flavors with OpenVPN baked in.

Unless you're using all this as a learning experience, you're wasting way too much time trying to overcome the obstacles. If everything worked before Anveo, just dump Anveo and use BulkVS. Life is too short.....

 

[newvoiper]

@kenn10 Thank you for the ideas. It never occurred to me that one of the trade-offs of using "AT&T Uverse" might be that I can't have a modem that permits true bridge mode. In hindsight, that was kind of the original sin.

I like your alternative of letting just my PBX bypass the Tomato Router and will keep it in mind if I can't make the double-NAT work for me. For whatever reason, everything with the PBX (& everything else I've tried so far) seems to be OK with the double-nat, I just have the inconvenience (for now) of having to issue 2 iptables commands whenever the router is rebooted, which isn't more often than once/month, if that.

I have considered using the OpenVPN Server feature of the Tomato router, but the nvram memory on my router is just about used up (just 5% free) so I am not too sure I have that alternative for now.

I will spend a little more effort trying to make the scripts feature work for me. If I had realized that making Anveo work would turn out to be this difficult, I would have just switched to BulkVS as you suggested. But since I'm here now, I'll live with this setup for a while & see how it goes and if I learn more about why so many of you dislike the double nat.

Thank you very much for the ideas. I'm pretty sure one of them will work if the double-nat I have now causes more issues than I have seen so far. I didn't think SIP would work as well in this configuration as it has been for me (so far at least, fingers crossed).