Jump to content

Double NAT


RobertoAchab
 Share

Recommended Posts

Hello,

I've read this article http://wiki.pbxnsip.com/index.php/Office_w...ic_IP_addresses, but I'm trying since this morning and I'm not reached any goal.

Pheraphs what I want to do is not possible, but I'd like to be supported by someone else having the same problems.

I have a pbxnsip installed on a new machine in the office of a costumer, it's behind a NAT firewall (a WatchGuard, unfortunately I can't put my hands on it) that's forwarding all ports to it.

Infact I can connect in remote terminal to the XP machine, in HTTP to the PBX and so on.

They want to connect some shops via a VPN, and they work, then some agents that have offices connected via simple ADSLs with NATting routers.

They can't do it, the phone they are using are old and can't connect in TCP, so I tried from my home

From home I can connect using a public IP from my PC and Eye-beam, so I'm on the Internet and I can phone.

The other option from my home is to use NAT myself and a SNOM320 Phone, in this second situation (but it's the same the costumer have) I can register, but I can't hear any sound.

The configuration of the modem at home is also in port-forwarding, infact I can connect to the web-page of the SNOM from external.

In the end the configuration is:

 

My cell-Phone<->PSTNGW192.168.0.21<->PBXnSIP192.168.0.127<->192.168.0.13WatchGuard203.xxx.xxx.xxx<->213.xxx.xxx.xxxHome(alcatelST)10.0.0.138<->10.0.0.135SNOM

 

I set the IP replacement list "192.168.0.127/203.xxx.xxx.xxx" so the pbx should announce itself with the public ip, I've tried to use the phone with and without STUN, in UDP, TCP and TLS(in TLS doesn't even register), making all the mixed trials I could think of.

The result is always the same, I can place a phone call, but i can't hear anything.

It happens in both directions.

 

Running WireShark I can see a strange behaviour, even setting TCP and registering in TCP (rebooting the phone, to be sure to really re-register) the voice-traffic seems to be in UDP, I thought it tunnel the RTP in TCP also, not only SIP.

The DST and SRC in data packet are the public ips, as i think it's correct, I can't think about why it's not working.

 

I assume this is solved using phones with integrated VPN clients, but the costumer already has a lot of not-so-sophisticated Siemens C450, so I must be sure before asking him to change the phones...

Link to comment
Share on other sites

Generally speaking, if you want to use the PBX service, the PBX must have a routable IP address. Behind a firewall which does NAT that is not so easy. Actually, it is the intention of the firewall to make it as hard as possible.

 

Even if you get it working, it will likely be instable. Not being able to change the firewall does not make the job easier. And one thing is also guaranteed: It will be a lot of work, setting it up and keeping it running.

 

Bottom line: Try to make your life easier and change the setup. Ideally just get a public IP directly to the PBX and then it will be a easy setup.

Link to comment
Share on other sites

Generally speaking, if you want to use the PBX service, the PBX must have a routable IP address. Behind a firewall which does NAT that is not so easy. Actually, it is the intention of the firewall to make it as hard as possible.

 

Even if you get it working, it will likely be instable. Not being able to change the firewall does not make the job easier. And one thing is also guaranteed: It will be a lot of work, setting it up and keeping it running.

 

Bottom line: Try to make your life easier and change the setup. Ideally just get a public IP directly to the PBX and then it will be a easy setup.

 

Yes, I must face it, unfortunately they don't have a transparent FW, so to have a routable IP I must put the PBX outside the network.

Anyway, I will do it.

About the more "theorical" questions, I'm curious about the reason why I see UDP packets during conversations when pbxnsip is configured for TCP, I thought it used RTP over TCP...

Link to comment
Share on other sites

About the more "theorical" questions, I'm curious about the reason why I see UDP packets during conversations when pbxnsip is configured for TCP, I thought it used RTP over TCP...

 

Nonono. Audio is always sent over UDP. TCP has huge delay if a packet gets lost. Instead of repeating a lost packet (and letting all other packets wait) you better just play back a little click and then the audio will go on.

Link to comment
Share on other sites

Just in case someone searches for a "workaround"...

I tried the same thing at the office, I didn't want to put a second NIC of the server, 'cause usually the NIc registters on the DNS and the users trying to connect to it sometime receive a wrong IP (the public one, not reachable by clients)...

So I decided to use our SIP-Gateway, that also does NAT, but a full-cone NAT, the only one VoIP can survive, I put it in the WAN (Well, actually behind a transparent-mode firewall...) and NATted the private ip of the pbxnsip, now I can phone well...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...