One Way Audio - NAT - Remote Extension

[jlaighto]

I know there are allot of discussions on the problems with NAT and possible solution however I have yet to completely fix my issues. I have a simple network where I have a remote site with a GVX-3000 Video phone connecting to a remote PBX with SIP. Each end is behind a firewall where the local device is on the DMZ. SIP signaling works fine in either case but depening on the externip value in the sip_nat.conf I get different behaviour. If I have externip value commented out I can make calls from the PBX in adn out with no issues however my remote IP phone will get one way speech. If I remove the comment on externip (activate) it I will get the remote extension working fine but then I get one way speech on local PBX side either in or outbound calls. I have put a sniffer on the PBX side and in either case it looks to be the PBX which gets the RTP stream but does not pass it out the other side. I have looked thru the debug logs on the PBX and see nothing of note indicating the problem.

I have a ton of data and can provide if anyone is interested. It would seem there is a setting which would allow both PBX based and Remote calls to work fine. Right now I leave externip commented out and then if I need to use the remote extension I will remove the commnet line. Let me know if there are any suggestions.


sip_nat.conf
;externip=76.183.x.x (Wan side of NAT Router on PBX Side - Dynamic address but never changes)
nat=yes
localnet=192.168.1.0/255.255.255.0
externrefresh=10

 

[wardmundy]

First off, if your devices are on the DMZ, they are NOT behind your firewall. Unless you just like water torture, I'd get both ends out of the DMZ immediately. You're just inviting trouble.

Then set up NAT in the usual way. Open and redirect the required ports on both firewalls to support your videophone at the one end and your remote server at the other. Assuming you redirect the proper ports and then adjust your setup above to match your external IP and internal subnets, everything will work just fine.

 

[jmullinix]

Is the externip directive in the actual file commented out?

Shouldn't

;externip...

be

externip...

 

[jlaighto]

I have gone back to a true NAT environment with both ends now attached to routers that have port forwarding on (UDP 5004 to 5082 and 10000 to 20000). DMZ disabled on both ends and externip active in sip_nat.conf. Now my remote extension works fine. I can make calls from outside my pbx network in (I use a cell phone and call in to my did) but on outbound calls (from an extension behind pbx to my cell) I get one way speech. I have a sniffer in place and on the problem scenario (outbound call) I see sip working fine on both legs of the call (Trunk to PBX and PBX to Extension). However I only see the RTP stream incoming from Trunk (Vitelity) and never see any return stream (from PBX back to Trunk). If I look between the PBX and the extension I see no RTP at all. It looks like the PBX gets the stream but does not know how to pass to the extension and eats the packets. Any suggestions?

 

[wardmundy]

What's in sip_nat.conf??

 

[jlaighto]

externip=76.183.x.x
nat=yes
localnet=192.168.1.0/255.255.255.0
externrefresh=10

 

[Phone_User]

Are you sure your local net is 192.168.1.0 ?

 

[jlaighto]

I am sure. I have traces of a good and a bad call (depending on externip setting) I can provide.

 

[jlaighto]

When I comment it out I can make calls in and out of site where PBX is Local with no problems yet the remote extension will not work. If I have it set, as I think it should, with the externip activated (no comment) then the remote extension works fine but calls in and out of side local to be PBX get one way speech. I can get it to work one way or the other but not both at the same time depending on externip setting.

 

[wardmundy]

Try adding STUN on the videophone end.

 

[jd01]

...I have a sniffer in place and on the problem scenario (outbound call) I see sip working fine on both legs of the call (Trunk to PBX and PBX to Extension). However I only see the RTP stream incoming from Trunk (Vitelity) and never see any return stream (from PBX back to Trunk). If I look between the PBX and the extension I see no RTP at all. It looks like the PBX gets the stream but does not know how to pass to the extension and eats the packets. Any suggestions?

I don't want to hijack the thread, but can I ask a side question?

Could you tell me how your doing sniffing? What program are you using (wireshark maybe?) and what key "things" do you look for in the sniffed output? Do you setup a filter to capture only certain data to make your job easier? Did you follow a thread elsewhere with some details on doing this type of stuff?

Thanks. I'm not an expert using sniffers, and I relaize how valuable they can be in situations like this... I just though I might be able to use this as a learning experience.

Thanks in advance.

 

[jlaighto]

I use TCPdump to capture the file then, ftp it off then use wireshark to review the race. TCPdump I use teh command as follows "tcpdump -s 1024 -w filename" and it will capture the whole frame and write the contents to a file name of your choosing.

It terms of what to look for is pretty tough to say. For me I filter on either SIP to see the signaling and if you see two way communication and what ports its using. If there is an error it will show in the SIP header as well. The other area would be the RTP stream and once again look for two way communication. In my case I see the one way speech as I only see one side sending. Hope this helps....
​

 

[jeremywillden]

One thought: make sure the configuration for the remote extension is set for canreinvite=no which may avoid possible reinvitation issues. Not sure if it will help, but worth a shot.

Another nice packet sniffer operates from the command line:

ngrep -Wbyline host x.x.x.x and port 5060

ngrep -Wbyline host my.favorite.dns.name

ngrep -Wbyline port 5060 and port 10001

and so on...

It dumps to the console. If you want to save it to a file:

ngrep -Wbyline host x.x.x.x > myfilename.txt

Control-c gets you out of the program.