David L. West
Guru
- Joined
- Jun 18, 2014
- Messages
- 13
- Reaction score
- 6
Scenario: running a SIP client from a hotel room, connecting to two different Asterisk servers. Call then "old" and "new", each on totally seperate ISPs and infrastructure. Using the hotel wifi I can connect to both. But the hotel wifi is, well, hotel wifi: crappy uplink so call quality suffers. My T-Mobile hotspot gives me much better speed, but when I use that my SIP client registers successfully on "old" but not on "new". My first thought was T-Mobile was blocking SIP/RTP (Verizon does, so I know to watch for that) but since "old" works, "new" ought to. You'd think.
I've checked DNS resolution is good in both cases, and did a packet capture. On trying to connect to "new" I can see the REGISTER request go out and a 401-Unauthorized come back. What the heck? If T-Mobile was munging my REGISTER request why would it do it to "new" but not "old"? "Old" is Asterisk 1.2, "new" is 11.6 -- not that I can think of why that would make a difference but maybe it does.
In the same vein, I also had problems accessing some (but not all) HTTPS websites until I disabled IPv6. That solved that problem but not this one. Also already checked that my T-Mobile wasn't getting snagged by Fail2Ban, and no error appears on the Asterisk console when my SIP client attempts to login.
Wondered if maybe T-Mobile is double-NATing me at some point along the way but don't know how to detect that or even if that CAN be detected w/o access to the underlying net architecture. I suspect this may be the case because the 2nd-4th hops in a traceroute are private IPs, but my knowledge is insufficent here to say if that itself means there are double layers of NAT. Maybe newer Asterisk has different rules about this than older?
Been scratching my head on this one all week and can't figure out where to go. I thought of calling T-Mobile (and have for other reasons) and then fell down laughing.
I've checked DNS resolution is good in both cases, and did a packet capture. On trying to connect to "new" I can see the REGISTER request go out and a 401-Unauthorized come back. What the heck? If T-Mobile was munging my REGISTER request why would it do it to "new" but not "old"? "Old" is Asterisk 1.2, "new" is 11.6 -- not that I can think of why that would make a difference but maybe it does.
In the same vein, I also had problems accessing some (but not all) HTTPS websites until I disabled IPv6. That solved that problem but not this one. Also already checked that my T-Mobile wasn't getting snagged by Fail2Ban, and no error appears on the Asterisk console when my SIP client attempts to login.
Wondered if maybe T-Mobile is double-NATing me at some point along the way but don't know how to detect that or even if that CAN be detected w/o access to the underlying net architecture. I suspect this may be the case because the 2nd-4th hops in a traceroute are private IPs, but my knowledge is insufficent here to say if that itself means there are double layers of NAT. Maybe newer Asterisk has different rules about this than older?
Been scratching my head on this one all week and can't figure out where to go. I thought of calling T-Mobile (and have for other reasons) and then fell down laughing.
Phone System 