ASTERISK-28768: No audio on remote NATted phone when using local

[Home]

Summary: ASTERISK-28768: No audio on remote NATted phone when using local_net behind another NATted Asterisk

Reporter: Marc Ketel (MarcReset) Labels: patch

Date Opened: 2020-03-05 02:21:06.000-0600 Date Closed: 2020-03-09 06:01:23

Priority: Major Regression?

Status: Closed/Complete Components: Resources/res_pjsip

Versions: 16.8.0 Frequency of
Occurrence

Related
Issues:

Environment: Asterisk 16.8.0 running on Centos 7 x64. Attachments: ( 0) ASTERISK-27248_undo_undo.patch
( 1) Network_layout.png
( 2) SIP_trace_asterisk16.8.0_with_pre-ASTERISK-27248_functionality_local_phone_2995_to_asterisk_playback_-_audio_works_with_local_net.txt
( 3) SIP_trace_asterisk16.8.0_with_pre-ASTERISK-27248_functionality_remote_phone_2003_to_asterisk_playback_-_audio_works_with_local_net.txt
( 4) SIP_trace_asterisk16.8.0_with_pre-ASTERISK-27248_functionality_remote_phone_2003_to_asterisk_playback_-_audio_works_without_local_net.txt
( 5) SIP_trace_asterisk16.8.0_local_phone_2995_to_asterisk_playback_-_audio_works_with_2_local_net.txt
( 6) SIP_trace_asterisk16.8.0_local_phone_2995_to_asterisk_playback_-_audio_works_with_local_net.txt
( 7) SIP_trace_asterisk16.8.0_local_phone_2995_to_asterisk_playback_-_audio_works_without_local_net.txt
( 8) SIP_trace_asterisk16.8.0_remote_phone_2003_to_asterisk_playback_-_audio_works_with_2_local_nets.txt
( 9) SIP_trace_asterisk16.8.0_remote_phone_2003_to_asterisk_playback_-_audio_works_without_local_net.txt
(10) SIP_trace_asterisk16.8.0_remote_phone_2003_to_asterisk_playback_-_no_audio_with_local_net.txt

Description: The changes in issue https://issues.asterisk.org/jira/browse/ASTERISK-27248 causes local_net to not function correctly.

In Asterisk 11.10, local_net functioned correctly, in Asterisk 16.8.0 local_net does not function correctly. I traced the change to issue https://issues.asterisk.org/jira/browse/ASTERISK-27248.

Scenario: both Asterisk and phone1 are behind same NAT. phone2 is remotely behind nat. When configuring some unrelated ip subnet in local_net the remote phone2's audio is being send from Asterisk to the local ip of the remote phone2, which does not work. Disabling local_net makes the remote phone2 work.

When undoing ASTERISK-27248_undo.patch and configuring local_net to the network of phone1 all phones work. The local phone gets RTP from the local address of Asterisk, the remote phone gets audio to its external nat ip.

Remote phone with correct external media adress and working RTP
{noformat}
[Mar 4 14:16:25] DEBUG[31740]: res_pjsip_session.c:902 handle_negotiated_sdp_session_media: Applied negotiated SDP media stream 'audio' using audio SDP handler
[Mar 4 14:16:25] DEBUG[31740]: res_pjsip_session.c:3498 handle_outgoing_response: Method is INVITE, Response is 200 OK
[Mar 4 14:16:25] DEBUG[31740]: res_pjsip/pjsip_message_filter.c:288 filter_on_tx_message: Re-wrote Contact URI host/port to 172.17.32.36:5060 (this may be re-written again later)
[Mar 4 14:16:25] DEBUG[31740]: netsock2.c:170 ast_sockaddr_split_hostport: Splitting '198.51.100.50' into...
[Mar 4 14:16:25] DEBUG[31740]: netsock2.c:224 ast_sockaddr_split_hostport: ...host '198.51.100.50' and port ''.
[Mar 4 14:16:25] DEBUG[31740]: res_pjsip_nat.c:414 process_nat: Re-wrote Contact URI port to 5060
[Mar 4 14:16:25] DEBUG[31740]: netsock2.c:170 ast_sockaddr_split_hostport: Splitting '172.17.32.36' into...
[Mar 4 14:16:25] DEBUG[31740]: netsock2.c:224 ast_sockaddr_split_hostport: ...host '172.17.32.36' and port ''.
[Mar 4 14:16:25] DEBUG[31740]: res_pjsip_session.c:4338 session_outgoing_nat_hook: Setting external media address to 203.0.113.102
<--- Transmitting SIP response (880 bytes) to TCP:198.51.100.50:56924 --->
{noformat}
Local phone that is correctly identified as local with local_net=10.215.152.0/255.255.255.0
{noformat}
[Mar 4 14:19:47] DEBUG[31740]: res_pjsip_session.c:902 handle_negotiated_sdp_session_media: Applied negotiated SDP media stream 'audio' using audio SDP handler
[Mar 4 14:19:47] DEBUG[31740]: res_pjsip_session.c:3498 handle_outgoing_response: Method is INVITE, Response is 200 OK
[Mar 4 14:19:47] DEBUG[31740]: res_pjsip/pjsip_message_filter.c:288 filter_on_tx_message: Re-wrote Contact URI host/port to 172.17.32.36:5060 (this may be re-written again later)
[Mar 4 14:19:47] DEBUG[31740]: netsock2.c:170 ast_sockaddr_split_hostport: Splitting '10.215.152.3' into...
[Mar 4 14:19:47] DEBUG[31740]: netsock2.c:224 ast_sockaddr_split_hostport: ...host '10.215.152.3' and port ''.
[Mar 4 14:19:47] DEBUG[31740]: res_pjsip_nat.c:403 process_nat: Request is being sent to local address, skipping NAT manipulation
<--- Transmitting SIP response (797 bytes) to UDP:10.215.152.3:50611 --->
{noformat}
{noformat}
+ /* Reversed check here. We don't check the remote
+ * endpoint being in our local net, but whether our
+ * outgoing session IP is local. If it is, we'll do
+ * rewriting. No localnet configured? Always rewrite. */
{noformat}
Please reconsider checking the remote ip of the phone and not the outgoing session ip.

Relevant configuration:
{noformat}
[template-transport-ipv6](!)
;local_net=
;external_media_address=
;external_signaling_address=

[template-transport-ipv4](!)
local_net=10.215.152.0/255.255.255.0

external_media_address=203.0.113.102
external_signaling_address=203.0.113.102

[template-transport](!)
type=transport
external_signaling_port=5060
allow_reload=yes
symmetric_transport=yes

[transport-auto-udp6](template-transport,template-transport-ipv6)
protocol=udp
bind=::

[transport-auto-udp4](template-transport,template-transport-ipv4)
protocol=udp
bind=0.0.0.0

[transport-auto-tcp6](template-transport,template-transport-ipv6)
protocol=tcp
bind=::

[transport-auto-tcp4](template-transport,template-transport-ipv4)
protocol=tcp
bind=0.0.0.0

[user_defaults](!)
type = wizard
accepts_registrations = yes
sends_registrations = no
accepts_auth = yes
sends_auth = no
has_hint = yes
hint_context = hints
hint_application = Dial(PJSIP/${EXTEN})

endpoint/allow = !all,alaw,ulaw
endpoint/allow_subscribe = yes
endpoint/allow_transfer = yes
endpoint/context = uitbellen
endpoint/device_state_busy_at = 1
endpoint/direct_media = no
endpoint/direct_media_method = invite
endpoint/disable_direct_media_on_nat = yes
endpoint/force_rport = yes
endpoint/ice_support = no
endpoint/inband_progress = yes
endpoint/moh_suggest = default
endpoint/rewrite_contact = yes
endpoint/rtp_ipv6 = yes
endpoint/rtp_keepalive = 15
endpoint/rtp_timeout = 60
endpoint/rtp_timeout_hold = 14400
endpoint/rtp_symmetric = yes
endpoint/send_diversion = yes
endpoint/send_pai = no
endpoint/send_rpid = no
endpoint/subscribe_context = hints
endpoint/trust_id_inbound = no
endpoint/trust_id_outbound = no
endpoint/language = nl
endpoint/send_connected_line = true
endpoint/trust_connected_line = true

aor/qualify_frequency = 60
aor/authenticate_qualify = no
aor/max_contacts = 1
aor/remove_existing = yes
aor/minimum_expiration = 30
aor/support_path = yes

;(Mitel 6865i)
[2003](user_defaults)
aor/mailboxes=
inbound_auth/username=2003
inbound_auth/password=xxx
endpoint/dtmf_mode=auto
endpoint/call_group=
endpoint/pickup_group=

;Marc softphone ()
[2995](user_defaults)
aor/mailboxes=
inbound_auth/username=2995
inbound_auth/password=xxx
endpoint/call_group=
endpoint/pickup_group=
{noformat}

Comments: By: Asterisk Team (asteriskteam) 2020-03-05 02:21:07.852-0600

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur.
By: Marc Ketel (MarcReset) 2020-03-05 02:22:11.458-0600

Undo patch used to test pre ASTERISK-27248 functionality.
By: Joshua C. Colp (jcolp) 2020-03-05 07:24:07.833-0600

Please provide actual full SIP traces as well, and describe the network layout in more detail.
By: Marc Ketel (MarcReset) 2020-03-05 09:06:19.099-0600

Network layout.
By: Marc Ketel (MarcReset) 2020-03-05 09:07:15.063-0600

SIP traces with and without pre-ASTERISK-27248 functionality.
By: Marc Ketel (MarcReset) 2020-03-05 09:10:45.690-0600

Possibly line 196 in "SIP trace asterisk16.8.0 remote phone 2003 to asterisk playback - no audio with local_net.txt" is the most intresting:
o=- 0 3 IN IP4 172.17.32.36

Versus line 196 in "Z:\Projecten\PBX Smart\Fourwire PBX 1900 en later\ASTERISK-28768\SIP trace asterisk16.8.0 (with pre-ASTERISK-27248 functionality) remote phone 2003 to asterisk playback - audio works with local_net.txt":
o=- 0 3 IN IP4 203.0.113.102

In the first case, audio is incorrectly send to the LAN adress of phone 2003.
In the second case (with the pre-ASTERISK-27248 functionality) audio is correctly send to the WAN IP 198.51.100.50 where 2003 is located.

By: Joshua C. Colp (jcolp) 2020-03-05 09:13:29.022-0600

Is there a reason why you don't configure the transport with a second local_net for the local network that Asterisk is actually in?
By: Marc Ketel (MarcReset) 2020-03-05 09:36:12.001-0600

No particular reason other than in this setup there are no phones in the same subnet as Asterisk. Normally all directly reachable (no NAT) phone subnets are put in local_net.

By: Joshua C. Colp (jcolp) 2020-03-05 09:45:32.646-0600

If you do that does it then behave as expected?
By: Marc Ketel (MarcReset) 2020-03-09 04:38:04.779-0500

SIP traces with 2 localnets.
By: Marc Ketel (MarcReset) 2020-03-09 04:40:43.392-0500

Adding the local ip range of the Asterisk machine to local_net seems to work for both the local and remote phone.
I do not understand why this works. Specifically, if the local_net check in res_pjsip checks its outgoing session IP, then would all sessions be local?

By: Joshua C. Colp (jcolp) 2020-03-09 05:19:21.858-0500

It's not strictly for that. The res_pjsip_nat module examines where the traffic is going against local_net and updates accordingly. Without the local net being included in local_net the early code that initially sets IP addresses was placing the external information in it, since it thought everything was remote since it wasn't part of the configured local_net settings. It is expected that all local nets, including the one Asterisk is in, be configured.
By: Marc Ketel (MarcReset) 2020-03-09 06:00:15.003-0500

Thank you for the explanation. I understand.