Summary: | ASTERISK-25007: Notify packet to private IP endpoint behind nat with pjsip tls transport | ||||
Reporter: | Fco Javier (fcocor) | Labels: | |||
Date Opened: | 2015-04-24 04:45:42 | Date Closed: | 2015-04-24 05:31:12 | ||
Priority: | Major | Regression? | |||
Status: | Closed/Complete | Components: | Resources/res_pjsip | ||
Versions: | 13.3.2 | Frequency of Occurrence | Constant | ||
Related Issues: |
| ||||
Environment: | Debian 7, Asterisk 13.3.2, Kernel 3.2, pjsip 2.3 | Attachments: | |||
Description: | test scenario:
- two endpoints behind nat (yealink and jitsi) - Asterisk 13.3.2 behind firewall - pjsip 2.3 configured with tls transport The endpoints register correctly and i can make calls. After register the phone, when asterisk sends a notify packet when the state change on another endpoint, this packet goes out with private ip of endpoint. This is the transport configuration: [transport-tls-nat] type=transport protocol=tls bind=0.0.0.0:5071 local_net=192.168.1.0/24 external_media_address=222.222.222.222 external_signaling_address=222.222.222.222 ;TLS cert_file=/var/lib/asterisk/keys/asterisk.crt priv_key_file=/var/lib/asterisk/keys/asterisk.key ca_list_file=/var/lib/asterisk/keys/ca.crt method=tlsv1 require_client_cert=yes verify_client=yes verify_server=yes and this is the endpiont configuration: [508] type=endpoint rtp_symmetric=yes force_rport=yes rewrite_contact=yes device_state_busy_at=1 allow_subscribe=yes sub_min_expiry=30 aggregate_mwi=yes media_encryption=sdes direct_media=no disallow=all allow=alaw message_context=messages context=pbx-incoming language=es call_group=1 pickup_group=1 callerid=EXT 508<508> mailboxes=508@default mwi_from_user=508 aors=508 auth=508 This is the register for endpoint 508: <--- Received SIP request (563 bytes) from TLS:79.168.115.36:17193 ---> REGISTER sip:222.222.222.222:5071 SIP/2.0 Via: SIP/2.0/TLS 10.0.0.24:17193;branch=z9hG4bK1569966680 From: "508" <sip:508@222.222.222.222:5071>;tag=1202817422 To: "508" <sip:508@222.222.222.222:5071> Call-ID: 1904297113@10.0.0.24 CSeq: 1 REGISTER Contact: <sip:508@10.0.0.24:17193;transport=TLS> Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE Max-Forwards: 70 User-Agent: Yealink SIP-T28P 2.72.0.80 Expires: 3600 Allow-Events: talk,hold,conference,refer,check-sync Content-Length: 0 <--- Transmitting SIP response (476 bytes) to TLS:79.168.115.36:17193 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS 10.0.0.24:17193;rport=17193;received=79.168.115.36;branch=z9hG4bK1569966680 Call-ID: 1904297113@10.0.0.24 From: "508" <sip:508@222.222.222.222>;tag=1202817422 To: "508" <sip:508@222.222.222.222>;tag=z9hG4bK1569966680 CSeq: 1 REGISTER WWW-Authenticate: Digest realm="asterisk",nonce="1429863879/3c64b644dddf290b142711576e38cb78",opaque="20ffa10f43871d4c",algorithm=md5,qop="auth" Server: Asterisk PBX 13.3.2 Content-Length: 0 <--- Received SIP request (844 bytes) from TLS:79.168.115.36:17193 ---> REGISTER sip:222.222.222.222:5071 SIP/2.0 Via: SIP/2.0/TLS 10.0.0.24:17193;branch=z9hG4bK1919829619 From: "508" <sip:508@222.222.222.222:5071>;tag=1202817422 To: "508" <sip:508@222.222.222.222:5071> Call-ID: 1904297113@10.0.0.24 CSeq: 2 REGISTER Contact: <sip:508@10.0.0.24:17193;transport=TLS> Authorization: Digest username="pepito", realm="asterisk", nonce="1429863879/3c64b644dddf290b142711576e38cb78", uri="sip:222.222.222.222:5071", response="abd906a13f910b1d9365a6dd6de9a7fe", algorithm=MD5, cnonce="0a4f113b", opaque="20ffa10f43871d4c", qop=auth, nc=00000001 Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE Max-Forwards: 70 User-Agent: Yealink SIP-T28P 2.72.0.80 Expires: 3600 Allow-Events: talk,hold,conference,refer,check-sync Content-Length: 0 -- Added contact 'sip:508@79.168.115.36:17193;transport=TLS' to AOR '508' with expiration of 3600 seconds <--- Transmitting SIP response (438 bytes) to TLS:79.168.115.36:17193 ---> SIP/2.0 200 OK Via: SIP/2.0/TLS 10.0.0.24:17193;rport=17193;received=79.168.115.36;branch=z9hG4bK1919829619 Call-ID: 1904297113@10.0.0.24 From: "508" <sip:508@222.222.222.222>;tag=1202817422 To: "508" <sip:508@222.222.222.222>;tag=z9hG4bK1919829619 CSeq: 2 REGISTER Date: Fri, 24 Apr 2015 08:24:39 GMT Contact: <sip:508@79.168.115.36:17193;transport=TLS>;expires=3599 Expires: 3600 Server: Asterisk PBX 13.3.2 Content-Length: 0 <--- Received SIP request (444 bytes) from TLS:79.168.115.36:17193 ---> SUBSCRIBE sip:503@222.222.222.222:5071 SIP/2.0 Via: SIP/2.0/TLS 10.0.0.24:17193;branch=z9hG4bK1940910600 From: "508" <sip:508@222.222.222.222:5071>;tag=744674526 To: <sip:503@222.222.222.222:5071> Call-ID: 1232464291@10.0.0.24 CSeq: 1 SUBSCRIBE Contact: <sip:508@10.0.0.24:17193;transport=TLS> Accept: application/dialog-info+xml Max-Forwards: 70 User-Agent: Yealink SIP-T28P 2.72.0.80 Expires: 1800 Event: dialog Content-Length: 0 <--- Transmitting SIP response (470 bytes) to TLS:79.168.115.36:17193 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS 10.0.0.24:17193;rport=17193;received=79.168.115.36;branch=z9hG4bK1940910600 Call-ID: 1232464291@10.0.0.24 From: "508" <sip:508@222.222.222.222>;tag=744674526 To: <sip:503@222.222.222.222>;tag=z9hG4bK1940910600 CSeq: 1 SUBSCRIBE WWW-Authenticate: Digest realm="asterisk",nonce="1429863879/3c64b644dddf290b142711576e38cb78",opaque="17d8f99064c34a01",algorithm=md5,qop="auth" Server: Asterisk PBX 13.3.2 Content-Length: 0 <--- Received SIP request (465 bytes) from TLS:79.168.115.36:17193 ---> SUBSCRIBE sip:508@222.222.222.222:5071 SIP/2.0 Via: SIP/2.0/TLS 10.0.0.24:17193;branch=z9hG4bK925409121 From: "508" <sip:508@222.222.222.222:5071>;tag=521164520 To: "508" <sip:508@222.222.222.222:5071> Call-ID: 1245340423@10.0.0.24 CSeq: 1 SUBSCRIBE Contact: <sip:508@10.0.0.24:17193;transport=TLS> Accept: application/simple-message-summary Max-Forwards: 70 User-Agent: Yealink SIP-T28P 2.72.0.80 Expires: 3600 Event: message-summary Content-Length: 0 <--- Transmitting SIP response (474 bytes) to TLS:79.168.115.36:17193 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS 10.0.0.24:17193;rport=17193;received=79.168.115.36;branch=z9hG4bK925409121 Call-ID: 1245340423@10.0.0.24 From: "508" <sip:508@222.222.222.222>;tag=521164520 To: "508" <sip:508@222.222.222.222>;tag=z9hG4bK925409121 CSeq: 1 SUBSCRIBE WWW-Authenticate: Digest realm="asterisk",nonce="1429863879/3c64b644dddf290b142711576e38cb78",opaque="2271d35939c4549c",algorithm=md5,qop="auth" Server: Asterisk PBX 13.3.2 Content-Length: 0 <--- Received SIP request (751 bytes) from TLS:79.168.115.36:17193 ---> SUBSCRIBE sip:508@222.222.222.222:5071 SIP/2.0 Via: SIP/2.0/TLS 10.0.0.24:17193;branch=z9hG4bK1689103066 From: "508" <sip:508@222.222.222.222:5071>;tag=521164520 To: "508" <sip:508@222.222.222.222:5071> Call-ID: 1245340423@10.0.0.24 CSeq: 2 SUBSCRIBE Contact: <sip:508@10.0.0.24:17193;transport=TLS> Authorization: Digest username="pepito", realm="asterisk", nonce="1429863879/3c64b644dddf290b142711576e38cb78", uri="sip:508@222.222.222.222:5071", response="29e7d48d8f867288a8f7011c220c173b", algorithm=MD5, cnonce="0a4f113b", opaque="2271d35939c4549c", qop=auth, nc=00000001 Accept: application/simple-message-summary Max-Forwards: 70 User-Agent: Yealink SIP-T28P 2.72.0.80 Expires: 3600 Event: message-summary Content-Length: 0 <--- Transmitting SIP response (562 bytes) to TLS:79.168.115.36:17193 ---> SIP/2.0 200 OK Via: SIP/2.0/TLS 10.0.0.24:17193;rport=17193;received=79.168.115.36;branch=z9hG4bK1689103066 Call-ID: 1245340423@10.0.0.24 From: "508" <sip:508@222.222.222.222>;tag=521164520 To: "508" <sip:508@222.222.222.222>;tag=baa993ec-dc26-46fc-bd1a-6c2db441d988 CSeq: 2 SUBSCRIBE Expires: 3600 Contact: <sip:222.222.222.222:5071;transport=TLS> Allow: OPTIONS, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REGISTER, REFER Supported: 100rel, timer, replaces, norefersub Server: Asterisk PBX 13.3.2 Content-Length: 0 <--- Transmitting SIP request (684 bytes) to TLS:79.168.115.36:17193 ---> NOTIFY sip:508@79.168.115.36:17193;transport=TLS SIP/2.0 Via: SIP/2.0/TLS 222.222.222.222:5071;rport;branch=z9hG4bKPjfc2ca8c2-b94e-4dac-805c-060495d28633;alias From: "508" <sip:508@222.222.222.222>;tag=baa993ec-dc26-46fc-bd1a-6c2db441d988 To: "508" <sip:508@222.222.222.222>;tag=521164520 Contact: <sip:222.222.222.222:5071;transport=TLS> Call-ID: 1245340423@10.0.0.24 CSeq: 28883 NOTIFY Event: message-summary Subscription-State: active;expires=3599 Allow-Events: message-summary, presence, dialog, refer Max-Forwards: 70 User-Agent: Asterisk PBX 13.3.2 Content-Type: application/simple-message-summary Content-Length: 48 Messages-Waiting: no Voice-Message: 0/0 (0/0) <--- Received SIP request (728 bytes) from TLS:79.168.115.36:17193 ---> SUBSCRIBE sip:503@222.222.222.222:5071 SIP/2.0 Via: SIP/2.0/TLS 10.0.0.24:17193;branch=z9hG4bK766939248 From: "508" <sip:508@222.222.222.222:5071>;tag=744674526 To: <sip:503@222.222.222.222:5071> Call-ID: 1232464291@10.0.0.24 CSeq: 2 SUBSCRIBE Contact: <sip:508@10.0.0.24:17193;transport=TLS> Authorization: Digest username="pepito", realm="asterisk", nonce="1429863879/3c64b644dddf290b142711576e38cb78", uri="sip:503@222.222.222.222:5071", response="01c1e7ab670f410eed0dc2a51a42279c", algorithm=MD5, cnonce="0a4f113b", opaque="17d8f99064c34a01", qop=auth, nc=00000001 Accept: application/dialog-info+xml Max-Forwards: 70 User-Agent: Yealink SIP-T28P 2.72.0.80 Expires: 1800 Event: dialog Content-Length: 0 <--- Transmitting SIP response (555 bytes) to TLS:79.168.115.36:17193 ---> SIP/2.0 200 OK Via: SIP/2.0/TLS 10.0.0.24:17193;rport=17193;received=79.168.115.36;branch=z9hG4bK766939248 Call-ID: 1232464291@10.0.0.24 From: "508" <sip:508@222.222.222.222>;tag=744674526 To: <sip:503@222.222.222.222>;tag=af671a2f-0001-42af-96cf-0f86e3d85c10 CSeq: 2 SUBSCRIBE Expires: 1800 Contact: <sip:222.222.222.222:5071;transport=TLS> Allow: OPTIONS, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REGISTER, REFER Supported: 100rel, timer, replaces, norefersub Server: Asterisk PBX 13.3.2 Content-Length: 0 <--- Transmitting SIP request (856 bytes) to TLS:79.168.115.36:17193 ---> NOTIFY sip:508@79.168.115.36:17193;transport=TLS SIP/2.0 Via: SIP/2.0/TLS 222.222.222.222:5071;rport;branch=z9hG4bKPjb4b191b0-df38-41e9-bd93-11bf763f8106;alias From: <sip:503@222.222.222.222>;tag=af671a2f-0001-42af-96cf-0f86e3d85c10 To: "508" <sip:508@222.222.222.222>;tag=744674526 Contact: <sip:222.222.222.222:5071;transport=TLS> Call-ID: 1232464291@10.0.0.24 CSeq: 8461 NOTIFY Event: dialog Subscription-State: active;expires=1799 Allow-Events: message-summary, presence, dialog, refer Max-Forwards: 70 User-Agent: Asterisk PBX 13.3.2 Content-Type: application/dialog-info+xml Content-Length: 243 <?xml version="1.0" encoding="UTF-8"?> <dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" version="0" state="full" entity="sip:503@192.168.1.6:5071;transport=TLS"> <dialog id="503"> <state>terminated</state> </dialog> </dialog-info> <--- Received SIP response (408 bytes) from TLS:79.168.115.36:17193 ---> SIP/2.0 200 OK Via: SIP/2.0/TLS 222.222.222.222:5071;rport;branch=z9hG4bKPjfc2ca8c2-b94e-4dac-805c-060495d28633;alias From: "508" <sip:508@222.222.222.222>;tag=baa993ec-dc26-46fc-bd1a-6c2db441d988 To: "508" <sip:508@222.222.222.222>;tag=521164520 Call-ID: 1245340423@10.0.0.24 CSeq: 28883 NOTIFY Contact: <sip:508@10.0.0.24:17193;transport=TLS> User-Agent: Yealink SIP-T28P 2.72.0.80 Content-Length: 0 <--- Received SIP response (401 bytes) from TLS:79.168.115.36:17193 ---> SIP/2.0 200 OK Via: SIP/2.0/TLS 222.222.222.222:5071;rport;branch=z9hG4bKPjb4b191b0-df38-41e9-bd93-11bf763f8106;alias From: <sip:503@222.222.222.222>;tag=af671a2f-0001-42af-96cf-0f86e3d85c10 To: "508" <sip:508@222.222.222.222>;tag=744674526 Call-ID: 1232464291@10.0.0.24 CSeq: 8461 NOTIFY Contact: <sip:508@10.0.0.24:17193;transport=TLS> User-Agent: Yealink SIP-T28P 2.72.0.80 Content-Length: 0 And this is the asterisk nofity packet sent to endpoint 508 when 503 is busy: <--- Transmitting SIP request (848 bytes) to TLS:10.0.0.24:17193 ---> NOTIFY sip:508@10.0.0.24:17193;transport=TLS SIP/2.0 Via: SIP/2.0/TLS 192.168.1.6:58575;rport;branch=z9hG4bKPjad44ff79-019d-45c5-8134-4c1b85385f8b;alias From: <sip:503@222.222.222.222>;tag=af671a2f-0001-42af-96cf-0f86e3d85c10 To: "508" <sip:508@222.222.222.222>;tag=744674526 Contact: <sip:192.168.1.6:58575;transport=TLS> Call-ID: 1232464291@10.0.0.24 CSeq: 8462 NOTIFY Event: dialog Subscription-State: active;expires=1603 Allow-Events: message-summary, presence, dialog, refer Max-Forwards: 70 User-Agent: Asterisk PBX 13.3.2 Content-Type: application/dialog-info+xml Content-Length: 243 <?xml version="1.0" encoding="UTF-8"?> <dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" version="1" state="full" entity="sip:503@192.168.1.6:5071;transport=TLS"> <dialog id="503"> <state>terminated</state> </dialog> </dialog-info> [Apr 24 10:27:55] ERROR[10900]: pjsip:0 <?>: tlsc0x38004b8 TLS connect() error: No route to host [code=120113] [Apr 24 10:27:55] WARNING[10900]: pjsip:0 <?>: tsx0x3b868d8 Failed to send Request msg NOTIFY/cseq=8462 (tdta0x3f70160)! err=120113 (No route to host) Thanks for your help. Regards | ||||
Comments: |