> On 7/09/2021, at 8:30 AM, Marek Greško <[email protected]> wrote: > > Hello, > > it is only local nftables with nf_conntrack_sip on the asterisk > server. Probably a kernel bug? It did not trigger with previous > providers since they had working SIP ALG. Now I hear no audio in both > directions because outgoing rtp stream from asterisk goes to private > address space and incoming stream is blocked. So the outgoing rtp > could not be learnt to send to nat addess. > Maybe a bug but that’s less likely than a config error. Time to debug your nftables.
> Marek > > > 2021-09-06 22:17 GMT+02:00, Duncan Turnbull <[email protected]>: >> >> >>>> On 7/09/2021, at 3:08 AM, Marek Greško <[email protected]> wrote: >>> >>> Hello, >>> >>> so when debugging RTP in asterisk there was no rtp income from the >>> remote site. I did check remote nat ip address and it was same as the >>> one in the pjsip show aors. So it is not due to ip address change. It >>> seems the local firewall sip module does not allow rtp stream to get >>> into. It was working previously with the other provider because of >>> working SIP ALG on their gateways. But now with this provider and >>> disabled SIP ALG it is not allowed. As I remeber in the past these >>> setups did work. What are your experiences on this? >>> >> You would need to provide a lot more explanation here. What is your >> firewall? I am assuming you configure it so find the configuration that’s >> blocking the ports and change it. >> >> My experience as before was that something is blocking rtp, now you know >> what that something is and it’s under your control so you need to check it’s >> configuration and fix it. I don’t use a sip firewall. If I have external sip >> clients I use a proxy. >> >>> Thanks >>> >>> Marek >>> >>> >>> 2021-09-06 11:50 GMT+02:00, Marek Greško <[email protected]>: >>>> Sorry rtp set debug on showed something. So let try for the problem to >>>> arise again. >>>> >>>> Marek >>>> >>>> >>>> 2021-09-06 11:48 GMT+02:00, Marek Greško <[email protected]>: >>>>> Hello, >>>>> >>>>>>> I would expect that when asterisk is aware of nat, it does not send >>>>>>> the rtp until it receives rtp from other side to learn the port, but >>>>>>> OK, no problem to accept the behavior. >>>>>>> >>>>>> That’s not how things work. You should google how sip rtp and Nat work >>>>>> as >>>>>> it >>>>>> will help you >>>>> >>>>> no problem if it is intended. >>>>> >>>>>>> >>>>>>>> The question is why your asterisk didn't learn the external address >>>>>>>> and >>>>>>>> port from the received rtp packet >>>>>>>> >>>>>>>> You can look at your logs with debug to see what decisions its >>>>>>>> making. >>>>>>>> You >>>>>>>> can see if different rtp ports have different results. >>>>>>>> Your phone provider has rtp on 5010 unsuccessfully and 5016 >>>>>>>> successfully. >>>>>>>> Your asterisk uses rtp 13786 successfully and fails when using 18892. >>>>>>>> Is >>>>>>>> it >>>>>>>> possible your firewall is blocking port 18892 and so asterisk never >>>>>>>> sees >>>>>>>> the returned packet and can't learn from it? >>>>>>> >>>>>>> It is very unprobable. I see no reason for blocking the port. The >>>>>>> problem is asterisk never learns the correct port, so there is nothing >>>>>>> to block. >>>>>> It wasn’t what is probable, look at the asterisk logs and see what it’s >>>>>> actually doing. If asterisk never sees the reply then you will know >>>>>> something is blocking or stealing the port for some other service >>>>> >>>>> If it is stolen port for rtp, the next call would solve it, since it >>>>> will use different one, and it does not solve it. >>>>> >>>>>>> >>>>>>>> >>>>>>>> In any event you should put your debug on and look at your logs in >>>>>>>> asterisk >>>>>>>> to see what it sees and why it doesn't react to the rtp packet, if it >>>>>>>> gets >>>>>>>> it >>>>>>> >>>>>>> Could you point me how the debug should be conducted? >>>>>> >>>>>> Using the asterisk cli turn on debug for the peer and rtp and see what >>>>>> happens. Match it with the asterisk processes. You have to do this, you >>>>>> can >>>>>> look at cli or the log files, follow it through to see the rtp packet >>>>>> being >>>>>> received. Lots of debug advice on google. >>>>> >>>>> Asterisk cli did not show anything interesting. I tried pjsip set >>>>> logger verbose on, but no logs showed anywhere. What am I doing wrong? >>>>> >>>>> Marek >>>>> >>>>> >>>>>>> >>>>>>> Is my suspection that the problem could be caused by nat ip addres >>>>>>> changing reasonable? How should asterisk handle the situation? >>>>>> I can’t see anything to support that. Everything is looking normal >>>>>> except >>>>>> asterisk doesn’t appear to beseeing the rtp packet >>>>>>> >>>>>>> Thanks >>>>>>> >>>>>>> Marek >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> Have fun, its all good learning. >>>>>>>> >>>>>>>> >>>>>>>>> On Sun, Sep 5, 2021 at 6:27 PM Marek Greško <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> regarding the ipv6, you see nothing about that it should be some >>>>>>>>> type >>>>>>>>> of ipv6 tunnelling, because also MTU is lower than expected. You >>>>>>>>> should not see any ipv6 related communication in the sniff. Phone is >>>>>>>>> not aware of it. >>>>>>>>> >>>>>>>>> The asterisk's static public ip address is 198.51.100.1. >>>>>>>>> The remote provider's dynamic nat pool is 192.0.2.0/24. By provider >>>>>>>>> we >>>>>>>>> mean internet provider the remote phones are behind. We are not >>>>>>>>> complaining about voip provider, we have no problem with that. Only >>>>>>>>> communication between asterisk and remote phones behind some >>>>>>>>> internet >>>>>>>>> provider. This is the only conversation to look at. >>>>>>>>> The phone private address is 192.168.100.235. >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> >>>>>>>>> Marek >>>>>>>>> >>>>>>>>> >>>>>>>>> 2021-09-05 1:11 GMT+02:00, Duncan Turnbull <[email protected]>: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> On 5/09/2021, at 10:21 AM, Marek Greško <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> Hello, >>>>>>>>>>> >>>>>>>>>>> could you please answer my previous question about anonymizing >>>>>>>>>>> several >>>>>>>>>>> parameters? I have the data ready, but will post after answer. I >>>>>>>>>>> have >>>>>>>>>>> no clue whether I could disclose some important data not deleting >>>>>>>>>>> them. >>>>>>>>>>> >>>>>>>>>>> Regarding sdp, the address will be the internal one, since the >>>>>>>>>>> phone >>>>>>>>>>> is behind nat and it is not aware of the nat. The provider's nat >>>>>>>>>>> device is configured as dump nat, no application tweaking is done. >>>>>>>>>>> So >>>>>>>>>>> the asterisk will see the lan address in the sip. >>>>>>>>>>> >>>>>>>>>> There are two conversations to look at >>>>>>>>>> Provider to Asterisk >>>>>>>>>> Asterisk to Phone >>>>>>>>>> You need the packet captures of both. >>>>>>>>>> >>>>>>>>>> Your statements are mixing them up >>>>>>>>>> >>>>>>>>>> I don’t know what you mean by LAN address, that’s an ambiguous >>>>>>>>>> term. >>>>>>>>>> The >>>>>>>>> ip >>>>>>>>>> your asterisk receives from the provider should be the providers >>>>>>>>> external ip >>>>>>>>>> or in the sdp the external address of the media server which may or >>>>>>>>>> may >>>>>>>>> not >>>>>>>>>> be the same device >>>>>>>>>> >>>>>>>>>>> In the working scenario it is sending rtp packets to the internal >>>>>>>>>>> address which is wrong, but after receiving cca 5 rtp packets from >>>>>>>>>>> the >>>>>>>>>>> phone it somehow discovers correct nat ip/port and switches to it. >>>>>>>>>>> In >>>>>>>>>>> non-working scenario it never switches and still sends to the lan >>>>>>>>>>> address. Strange there is no audio, even one direction. Another >>>>>>>>>>> strange thing is there are 2 phones (different vendors) behind the >>>>>>>>>>> same nat and the problem appearance on them is independent, >>>>>>>>>>> sometimes >>>>>>>>>>> the first has problem, sometimes the second and sometimes both. >>>>>>>>>>> >>>>>>>>>>> The tcpdumps are made on the asterisk side. I have currently no >>>>>>>>>>> means >>>>>>>>>>> of capturing on phone side. >>>>>>>>>>> >>>>>>>>>>> Marek >>>>>>>>>>> >>>>>>>>>>> 2021-09-04 23:56 GMT+02:00, Antony Stone >>>>>>>>>>> <[email protected]>: >>>>>>>>>>>>>> On Saturday 04 September 2021 at 22:13:32, Marek Greško wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>> >>>>>>>>>>>>>> I agree my knowledge of SIP itself is poor, but I have quite >>>>>>>>>>>>>> well >>>>>>>>>>>>>> general tcp/ip understanding. What sip parameters should be >>>>>>>>>>>>>> anonymized? How about tag, branch, call-id, cseq values? >>>>>>>>>>>>> >>>>>>>>>>>>> Show us your packet captures with meaningful addresses (not >>>>>>>>>>>>> necessarily >>>>>>>>>>>>> accurate ones, but at least unambiguous - see my previous >>>>>>>>>>>>> suggestion >>>>>>>>>>>>> re >>>>>>>>>>>>> RFC5737) and we can help you to understand them and what they >>>>>>>>>>>>> mean. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Antony. >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Heisenberg, Gödel, and Chomsky walk in to a bar. >>>>>>>>>>>>> Heisenberg says, "Clearly this is a joke, but how can we work >>>>>>>>>>>>> out >>>>>>>>>>>>> if >>>>>>>>>> it's >>>>>>>>>>>>> funny or not?" >>>>>>>>>>>>> Gödel replies, "We can't know that because we're inside the >>>>>>>>>>>>> joke." >>>>>>>>>>>>> Chomsky says, "Of course it's funny. You're just saying it >>>>>>>>>>>>> wrong." >>>>>>>>>>>>> >>>>>>>>>>>>> Please reply to >>>>>>>>>>>>> the >>>>>>>>>>>>> list; >>>>>>>>>>>>> please >>>>>>>>>>>>> *don't* >>>>>>>>>> CC >>>>>>>>>>>>> me. >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> _____________________________________________________________________ >>>>>>>>>>>>> -- Bandwidth and Colocation Provided by >>>>>>>>>>>>> http://www.api-digital.com >>>>>>>>>>>>> -- >>>>>>>>>>>>> >>>>>>>>>>>>> Check out the new Asterisk community forum at: >>>>>>>>>>>>> https://community.asterisk.org/ >>>>>>>>>>>>> >>>>>>>>>>>>> New to Asterisk? Start here: >>>>>>>>>>>>> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >>>>>>>>>>>>> >>>>>>>>>>>>> asterisk-users mailing list >>>>>>>>>>>>> To UNSUBSCRIBE or update options visit: >>>>>>>>>>>>> http://lists.digium.com/mailman/listinfo/asterisk-users >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> _____________________________________________________________________ >>>>>>>>>>>> -- Bandwidth and Colocation Provided by >>>>>>>>>>>> http://www.api-digital.com >>>>>>>>>>>> -- >>>>>>>>>>>> >>>>>>>>>>>> Check out the new Asterisk community forum at: >>>>>>>>>>>> https://community.asterisk.org/ >>>>>>>>>>>> >>>>>>>>>>>> New to Asterisk? Start here: >>>>>>>>>>>> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >>>>>>>>>>>> >>>>>>>>>>>> asterisk-users mailing list >>>>>>>>>>>> To UNSUBSCRIBE or update options visit: >>>>>>>>>>>> http://lists.digium.com/mailman/listinfo/asterisk-users >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> _____________________________________________________________________ >>>>>>>>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com >>>>>>>>>>> -- >>>>>>>>>>> >>>>>>>>>>> Check out the new Asterisk community forum at: >>>>>>>>>>> https://community.asterisk.org/ >>>>>>>>>>> >>>>>>>>>>> New to Asterisk? Start here: >>>>>>>>>>> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >>>>>>>>>>> >>>>>>>>>>> asterisk-users mailing list >>>>>>>>>>> To UNSUBSCRIBE or update options visit: >>>>>>>>>>> http://lists.digium.com/mailman/listinfo/asterisk-users >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> _____________________________________________________________________ >>>>>>>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com >>>>>>>>>> -- >>>>>>>>>> >>>>>>>>>> Check out the new Asterisk community forum at: >>>>>>>>>> https://community.asterisk.org/ >>>>>>>>>> >>>>>>>>>> New to Asterisk? Start here: >>>>>>>>>> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >>>>>>>>>> >>>>>>>>>> asterisk-users mailing list >>>>>>>>>> To UNSUBSCRIBE or update options visit: >>>>>>>>>> http://lists.digium.com/mailman/listinfo/asterisk-users >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> _____________________________________________________________________ >>>>>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>>>>>>> >>>>>>>> Check out the new Asterisk community forum at: >>>>>>>> https://community.asterisk.org/ >>>>>>>> >>>>>>>> New to Asterisk? Start here: >>>>>>>> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >>>>>>>> >>>>>>>> asterisk-users mailing list >>>>>>>> To UNSUBSCRIBE or update options visit: >>>>>>>> http://lists.digium.com/mailman/listinfo/asterisk-users >>>>>>> >>>>>>> -- >>>>>>> _____________________________________________________________________ >>>>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>>>>>> >>>>>>> Check out the new Asterisk community forum at: >>>>>>> https://community.asterisk.org/ >>>>>>> >>>>>>> New to Asterisk? Start here: >>>>>>> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >>>>>>> >>>>>>> asterisk-users mailing list >>>>>>> To UNSUBSCRIBE or update options visit: >>>>>>> http://lists.digium.com/mailman/listinfo/asterisk-users >>>>> >>>> >>> >>> -- >>> _____________________________________________________________________ >>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>> >>> Check out the new Asterisk community forum at: >>> https://community.asterisk.org/ >>> >>> New to Asterisk? Start here: >>> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >>> >>> asterisk-users mailing list >>> To UNSUBSCRIBE or update options visit: >>> http://lists.digium.com/mailman/listinfo/asterisk-users >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> >> Check out the new Asterisk community forum at: >> https://community.asterisk.org/ >> >> New to Asterisk? Start here: >> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
