Asterisk does not use externip

mattm asked:

I am trying to setup a cloud Asterisk server that is behind a NAT with the hello-world example. I have NAT issues. The IP address Asterisk is supplying to the client through the SDP is its local address behind the NAT, not the external address.

I have attempted to set the externip value in sip.conf, but this seems to have no effect.


The SDP received at the client is not consistent with the server externip setting:

o=root 291445984 291445984 IN IP4
s=Asterisk PBX 11.7.0~dfsg-1ubuntu1
c=IN IP4
t=0 0
m=audio 10078 RTP/AVP 0 101
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
m=video 0 RTP/AVP 96

I expect the address in the SDP to match that provided in the externip field. I have tried both the actual IP address, as well as the server name, which correctly resolves to the IP address through DNS.

Am I setting the externip value incorrectly? Or is there a different setting that is required to have Asterisk advertise its external IP address?

My answer:

You forgot to set localnet. The configuration file did warn you that you have to set this equal to the netblock of your local network.

;----------------------------------------- NAT SUPPORT ------------------------
; WARNING: SIP operation behind a NAT is tricky and you really need
; to read and understand well the following section.
; When Asterisk is behind a NAT device, the "local" address (and port) that
; a socket is bound to has different values when seen from the inside or
; from the outside of the NATted network. Unfortunately this address must
; be communicated to the outside (e.g. in SIP and SDP messages), and in
; order to determine the correct value Asterisk needs to know:
; + whether it is talking to someone "inside" or "outside" of the NATted network.
;   This is configured by assigning the "localnet" parameter with a list
;   of network addresses that are considered "inside" of the NATted network.
;   Multiple entries are allowed, e.g. a reasonable set is the following:
;      localnet= ; RFC 1918 addresses
;      localnet=      ; Also RFC1918
;      localnet=           ; Another RFC1918 with CIDR notation
;      localnet= ; Zero conf local network

It’s usually fine, in fact, to just uncomment all four of the example localnet directives and call it a day.

(And you should complain very loudly about your service provider’s lack of IPv6 support…)

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.