[Freeswitch-users] NAT issues - Outbound Call drops after ~30 seconds

Kristian Kielhofner kris at kriskinc.com
Tue Mar 20 23:52:34 MSK 2012


Expanding on this a bit:

It appears as though the internal profile of FreeSWITCH is providing
the external STUN discovered IP as its local IP in the Contact header
in the 200 OK.  The GS is more than likely sending the ACK to this
address (which is correct).

Try one (or both) of these things:

1)  Check your localnet/localnet.auto ACL definition and make sure
192.168.1.0/24 (at least) is included.  That should prevent FreeSWITCH
from using ext-*-ip to those networks.  Also check and make sure that
local-network-acl is set to localnet or localnet.auto on your internal
profile.

2)  Disable external STUN address discovery completely on the internal profile.

On Tue, Mar 20, 2012 at 1:15 PM, Michael Collins <msc at freeswitch.org> wrote:
>
> This is why I love Wireshark so much! Look at this purdee graph it makes:
>
>
>
>
> See all those 200 OK's that your FS is sending to the Grandstream? Guess what your GS is sending in response to those: NADA! If you look at the BYE that FS sends to the GS you'll even see the reason:
>
> SIP;cause=408;text=\"ACK Timeout\"
>
> FS never gets an ACK back from the GS. So the question is: why? I'm unfamiliar with the GS so I'll have to defer to those with more experience than I. However, I think you'll find that tcpdumps and analyzing w/ Wireshark is extremely helpful. (Open the pcap, click "Telephony > VoIP calls" and then a new dialog opens. In this case it shows two calls - meaning two call legs. Click "Select All" then click "Flow" and you'll get the cool graph. Click around and see what other stuff does. :)
>
> I'm thinking of doing a FreeSWITCH conference call presentation on the subject of collecting pcaps and doing Wireshark analysis. Let me know if you guys think that's a good presentation.
>
> -MC
>
>
>
> On Tue, Mar 20, 2012 at 10:00 AM, Brian Foster <bdfoster at endigotech.com> wrote:
>>
>> Andrew,
>>
>> root at homeserver:/usr/local/stund# ./client stunserver.org
>> STUN client version 0.97
>> Primary: Independent Mapping, Independent Filter, preserves ports, will hairpin
>> Return value is 0x000003
>>
>> http://da1.endigovoip.com/dump.pcap
>>
>> Kristian,
>>
>> http://pastebin.freeswitch.org/18708
>>
>> Michael,
>>
>> I did replace the IP's for security purposes, but now I've realized that it's needed and it's not really that big of a deal. I'll end up changing the Flowroute creds after this is fixed up. The prior siptrace is exactly one call (two legs). I don't think it's a carrier issue, as I've tried calling a buddy's server direct sip with the same issues.
>>
>> -BDF
>>
>> On Tue, Mar 20, 2012 at 11:34 AM, Michael Collins <msc at freeswitch.org> wrote:
>>>
>>> We have scores of machines behind NAT talking to Flowroute with no problems, so there's got to be something potentially non-obvious but easy that needs to be set/unset. I noticed in the SIP trace that there are several calls. It's hard to know what's what. I think your best bet is a pcap analyzed with Wireshark, as was mentioned elsewhere in this thread. I also noticed that you redacted IP addrs - you won't be able to do this with a pcap. If security is an issue then I'd say get the pcap and let us know here on the list, then those who can have a look will email you privately and you can send the pcap file to them.
>>>
>>> -MC
>>>
>>>
>>> On Mon, Mar 19, 2012 at 12:12 PM, Brian Foster <bdfoster at endigotech.com> wrote:
>>>>
>>>> Alright, so I admit... I'm a little rusty when it comes to NAT, etc. I've only set up FS so far on machines with no NAT, so this is sort of a new experience for me.
>>>>
>>>> I have a FreeSWITCH server located on the same local network as all of my phones here at the house. When I try to make a call to Flowroute, after about 30 seconds the call drops. It also does the exact same thing when I call a buddy's server directly via SIP.
>>>>
>>>> Here's a siptrace of the call (I didn't think that the actual FS log would be much help):
>>>> http://pastebin.freeswitch.org/18697
>>>>
>>>> ...and here's a paste of 'sofia status':
>>>> http://pastebin.freeswitch.org/18698
>>>>
>>>> ...and just for good measure, here's a paste of vars.xml:
>>>> http://pastebin.freeswitch.org/18699
>>>>
>>>>
>>>> --
>>>> Brian D. Foster
>>>> Endigo Computer LLC
>>>> Email: bdfoster at endigotech.com
>>>> Phone: 317-800-7876
>>>> Indianapolis, Indiana, USA
>>>>
>>>> This message contains confidential information and is intended for those listed in the "To:", "CC:", and/or "BCC:" fields of the message header. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
>>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>>
>> --
>> Brian D. Foster
>> Endigo Computer LLC
>> Email: bdfoster at endigotech.com
>> Phone: 317-800-7876
>> Indianapolis, Indiana, USA
>>
>> This message contains confidential information and is intended for those listed in the "To:", "CC:", and/or "BCC:" fields of the message header. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



--
Kristian Kielhofner



Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list