SIP signalling and voice media take independent IP routes. Futhermore the up and down streams are independently routed.
The voice media is transported over RTP. One port is used for the upstream and another port, for downstream. Due to that mode of operation, the IP back route cannot be learned from the incoming route, as it was done for the SIP signaling.
By tradition these RTP ports are taken in sequence and many SIP Phone configuration softwares will only ask for one port (expecting that you will enter an even port value) and will silently configure the next odd port for the up stream. Originally SIP was not designed for NAT, so you need to read carefully your SIP phone documentation to know what will be done from your entered values.
SIP protocol has no concept of master /slave, we will use that side of the protocol to force the SIP Phone and Asterisk to select ports in two independant pre-defined ranges that we will smartly NAT. As stated before, SIP software will most likly silently assume the use of odd and even port. As this is outside of our control, so we will stupidly NAT both odd and even RTP ports to cover our back and be sure to route the right one. We will get the help of a STUN service to achieve an adequate IP routing.
Port configuration
Asterisk side
Configure Asterisk to select ports known to be open for incoming traffic on the remote firewall. Any open port range of at least two ports will do. The AOL ports are very useful because they are likely to be open (port 5190-5193).
The range span will limit the number of simultaneous communication that you can acheive. In the reality of a home based Asterisk server this should not be an issue. In any case the low upstream bandwidth of an ADSL or a cable modem service (typical 128 to 256 Kbps) will not let you run more than a few phone calls in parallel.
The RTP port configuration is done by modifying the file /etc/asterisk/rtp.conf
------------------- /etc/asterisk/rtp.conf --------------
[general]
rtpstart=5190
rtpend=5192
Note that Asterisk will silently use the port 5193 when rtpend is given as 5192.
SIP phone side
Each SIP phone configuration is different. On the Gigaset 450 IP, the RTP ports can be configured by the Web interface. The use of random RTP port must be deactivated.
As we have no control of the mapping of the RTP port inside the University domain and the public Internet and we cannot rely on a traffic in the other direction to establish the route (media by oppostion to signaling uses different paths for up and down streams) we must activate the STUN service which will be used by the SIP phone to publish port number that will be visible from the outside and will map with the configured port. STUN server uses by default the port 3478 which needs to be open.
If you SIP phone does not support the STUN service, it will not work.
NAT configuration
Local Site
You simply need to configure your broadband gateway to redirect the traffic coming from the RTP port configured on your SIP phone on the A1 interface toward the same port on your A2 interface. Remember to forward the even and the odd port numbers.
Then open your firewall 1st and 2nd level for the same port range. If your Asterisk server is not co-localised with your 2nd level firewall, you need to add a extra NAT rule to push the traffic to your Asterisk server IP address on your home LAN.
Remote Site
You simply need to configure your broadband gateway to redirect the traffic coming from the RTP port configured in Asterisk to the same port on your SIP phone. Remember to forward the even and the odd port number. If you have followed my previous advise, the remote SIP phone should have a fixed IP address (not a DHCP allocated) what make the NAT stable over power cycle.
If you use a consumer gateway (e.g. Linksys) , activating a NAT for a port range opens the firewall at the same time.
Note : The proposed trick only works because we deactivate the SIP ReInvite functionality and force the SIP communication (Signaling and Medi) to keep going through the Asterisk server. You must set ReInvite to NO.
| < Prev | Next > |
|---|
