Yes, Asterisk doesn't support STUN. But with a Port Restricted NAT like
m0n0wall (at least in my setup) STUN does nothing more than provide the
outside IP address to the client. So Asterisk uses the IP supplied by
the externip option in its SIP messages. It also only works if the SIP
proxy you are connecting to has NAT transversal support.
One other thing should be noted. If you have internal SIP clients and
connect to external SIP servers/clients. Be sure to set the localnet
option like the example below. If this doesn't get set your internal
clients will stop working.
localnet = 192.168.X.0/255.255.255.0
Here is a little more info.
Mark Phillips wrote:
> Internally using SIP perhaps. Not externally unless you are using a STUN
> Your audio travels in the RTP packets. On the outbound journey they'll
> have no problem but on the inbound you should hear nothing.
> As part of the SIP call setup you tell the other party what port he
> should send his audio to. This port must be open on the firewall in
> order to receive the stream.
> When using a STUN server the audio from the STUN server to you travels
> over the STUN data stream. The audio from the remote end to the STUN
> server travels in the normal RTP manner.
> It is impossible for you to be able to hear a remote SIP caller unless
> you either open your RTP ports up or use a STUN server.
> Asterisk doesn't support STUN yet so I don't understand how you are able
> to make external calls using SIP without your RTP ports open.
> On Tue, 2006-04-25 at 22:03 -0600, Jonathan Karras wrote:
>> Mark Phillips wrote:
>>> This advice is WRONG.
>>> You not only need to forward port 5060 but also your RTP ports as well
>>> (10K to 20K by AAH default). Without any RTP you'll get a call setup
>>> correctly but no audio will flow.
>>> When using IAX2 you only need forward port 4569 to your Asterisk server.
>>> You should check with your ITSP which version of IAX he supports. It's
>>> probably IAX2 (been around since Asterisk V1) but it could be IAX if
>>> he's on older software (pre V1).
>> I use Asterisk fine without forwarding the RTP ports. But I also have
>> mine setup for use with the externIP option. You also have to turn off
>> reinvite on your SIP extensions. If you don't turn off reinvite on your
>> sip extension they will attempt to bypass Asterisk with the media
>> stream. I guess you could leave it on if you setup a different port
>> range to forward for each device and set the device to only use that
>> range for RTP.
>> Asterisk really only works in this setup if both the clients(extensions)
>> and the server are behind the same NAT. Which is my case. If the
>> extensions are outside the NAT they must be public IP's. My setup I have
>> asterisk and two SIP phones behind M0n0wall. Then I connect to 2 SIP
>> providers. I also connect to two IAX2 providers they work great with the
>> simple one port forwarded through. It also makes it nice because I use
>> idefisk for my softphone on my laptop when I am traveling. Idefisk is a
>> small Win32 IAX2 softphone.
>> For more Asterisk NAT help see: