Asterisk 11 for NAT. No Sound One Side, No Sound \ Voice… How to solve?
Overcoming NAT for Asterisk can be very difficult (there is no sound) because RTP traffic and SIP signaling go separately. On the Internet, almost all descriptions of the NAT option settings are reduced to the older version of Asterisk 1.8. Let’s try to consider the settings options for the current Asterisk 11 – Asterisk settings.
If you have this problem – do not have sound, no sound in one direction, no audibility, read this instruction carefully.
Asterisk Client for NAT
When a client attempts to initiate a communication session, he sends a SIP message containing its IP address and some additional information. After receiving this message, Asterisk uses it to determine where to send the response to this message. Because the device is behind NAT, the SIP message will have a gray address, for example, 192.168.1.104. However, we can tell Asterisk, ignore the SIP address of this message, and instead use what is supplied by the network stack.
Let’s consider what options we can use in sip.conf to overcome NAT:
- NAT = no; do not perform any special NAT processing other than the one specified in RFC 3581.
- NAT = force_rport; even if no rport parameter was specified, act as if it were.
- NAT = comedia; send RTP packets back to the port from which they were received, ignoring the required port in the SDP header.
- NAT = auto_force_rport; if Asterisk can determine that the device is behind NAT, set the force_rport option. The default value, unless the nat option is specified.
- NAT = auto_comedia; if Asterisk can determine that the device is behind NAT, set the comedia
- NAT = force_rport, comedia; option replacing nat = yes in the newer version of Asterisk.
Asterisk version 11: NAT = yes is obsolete, and you need to use NAT = force_rport, comedia.
RFC 3581 allows one client to use the rport parameter to tell another client that he needs to respond to the source IP address and request theport, rather than to the IP address written in the SIP header. Setting the rport parameter can occur when the device knows that it is behind NAT and cannot write down the information that would be needed for both directions in the SIP header. Asterisk always reads the rport parameter if it is passed, but since it does not happen as often as we would like, we can force Asterisk to assume that the device will pass the rport parameter. By doing this, we force Asterisk to always respond to the IP address and the source port of the message from which it received the request. If NAT settings are not defined explicitly, Asterisk will execute auto_force_rport, as the default setting. You can force this behavior by setting nat = force_rport.
In many NAT implementations, when the dialog support packages are not received, the connection can be closed. In Asterisk, to prevent this, use the qualify = yes option, which sends OPTIONS to the server every 2000 milliseconds (2 seconds), preventing the NAT session from closing the device. You can also specify your time in milliseconds:
You can also specify your time in milliseconds:
- Qualifyfreq = 60; customer availability checks (probing), at the far end every 60 seconds.
- Qualify = 120000; check connections by OPTIONS every 10 seconds.
- Qualify = yes; check connections by OPTIONS every 2 seconds.
Tech specialist and web blogger.