[Freeswitch-users] AASTRA Phones - NAT issue

[Sean Devoy]

Brian,
Thanks for the prompt response.  However, I have searched the web config pages, users guide and administrator’s guides.  I cannot find any reference to “rport”.  Could it be hiding under some other name I don’t know?

Here is the SIP config page:
Global SIP Settings
Top of Form
Basic SIP Authentication Settings


Screen Name


Phone Number


Caller ID


Authentication Name


Password


BLA Number


Line Mode





Basic SIP Network Settings

Proxy Server


Proxy Port


Outbound Proxy Server


Outbound Proxy Port


Registrar Server


Registrar Port


Registration Period




Advanced SIP Settings

Explicit MWI Subscription

Enabled

Send MAC Address in REGISTER Message

Enabled

Send Line Number in REGISTER Message

Enabled

Session Timer


T1 Timer


T2 Timer



Transaction Timer


Transport Protocol



Registration Retry Timer


BLF Subsription Period




RTP Settings

RTP Port


Basic Codecs (G.711 u-Law, G.711 a-Law, G.729)

Enabled

Force RFC2833 Out-of-Band DTMF

Enabled

Customized Codec Preference List


DTMF Method



Silence Suppression

Enabled

Bottom of Form

Thanks again,
Sean


From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Brian West
Sent: Thursday, October 16, 2014 6:47 PM
To: FreeSWITCH Users Help
Subject: Re: [Freeswitch-users] AASTRA Phones - NAT issue

None of those will have anything to do with this issue, in fact most of those aren't even needed, enable rport in your device and the problems go away.  None of those can actually apply during the challenge phase its a chicken egg scenario as the user isn't looked up at that point, its just a blind challenge.

On Thu, Oct 16, 2014 at 5:23 PM, Chris Tunbridge <blasterjr at gmail.com<mailto:blasterjr at gmail.com>> wrote:
i have a deployment with 10x480i's 20x6730i's and 8x6757i's

i use <variable name="sip-force-contact" value="NDLB-connectile-dysfunction"/>

and i have aggressive-nat-detection enabled, as well as some other NDLB settings in my internal.xml
Brian mentioned rport, i don't personally use it with any of my stuff, however i have seen it used in the past.
Here's the settings i have set, not sure if all of them are needed, but i do have working 480i's with this configuration

<param name="aggressive-nat-detection" value="true"/>
<param name="NDLB-broken-auth-hash" value="true"/>
<param name="NDLB-sendrecv-in-session" value="true"/>
<param name="NDLB-received-in-nat-reg-contact" value="true"/>


On Thu, Oct 16, 2014 at 4:16 PM, Brian West <brian at freeswitch.org<mailto:brian at freeswitch.org>> wrote:
And by rport I mean in the Aasstra phone.

On Thu, Oct 16, 2014 at 5:15 PM, Brian West <brian at freeswitch.org<mailto:brian at freeswitch.org>> wrote:
Its because you don't have rport enabled, if you notice your register says in the contact 71.121.183.4:5067<http://71.121.183.4:5067> so thats where we send the 401, chances are your phone doesn't get it because we are going to the contact.  In this case the phone never gets the 401 and we keep sending it.

On Thu, Oct 16, 2014 at 4:57 PM, Sean Devoy <sdevoy at bizfocused.com<mailto:sdevoy at bizfocused.com>> wrote:
Hi All,

I am trying to get an AASTRA 480i working with FS.  I have other phones working just fine (Cisco and Polycom).  I have updated the firmware.  I can see in the “sofia global siptrace” the REGISTER request, the Unauthorized response, but it does not appear to be making it back to the phone.  That statement is based on my observation the CSEQ does not change.

I have added and removed:
  <variable name="sip-force-contact" value="NDLB-connectile-dysfunction"/>

I have tried many different option through the phones web interface, but no luck yet.

Anyone have a working configuration (phone and FS) they could share)?

The key siptrace packets are here (these happen to be from the attempt with both UDP and TCP):
recv 811 bytes from udp/[71.121.183.4]:5060 at 19:28:05.468752:
   ------------------------------------------------------------------------
   REGISTER sip:fs_bfis.bizfocused.com:5060<http://fs_bfis.bizfocused.com:5060> SIP/2.0
   Via: SIP/2.0/UDP 71.121.183.4:5067;branch=z9hG4bKba321b220
   Max-Forwards: 70
   Content-Length: 0
   To: 224 <sip:224 at fs_bfis.bizfocused.com:5060<http://sip:224@fs_bfis.bizfocused.com:5060>>
   From: 224 <sip:224 at fs_bfis.bizfocused.com:5060<http://sip:224@fs_bfis.bizfocused.com:5060>>;tag=23c56ce0efc9c8d
   Call-ID: 9fda297c6de44793402fc2f778f24fb0 at 71.121.183.4<mailto:9fda297c6de44793402fc2f778f24fb0 at 71.121.183.4>
   CSeq: 7581459 REGISTER
   Contact: 224 <sip:224 at 71.121.183.4:5067;srcadr=10.10.40.49:5060;srcadr=10.10.40.49:5060<http://10.10.40.49:5060>>;expires=300
   Contact: 224 <sip:224 at 71.121.183.4:5067;transport=tcp;srcadr=10.10.40.49:5060;srcadr=10.10.40.49:5060<http://10.10.40.49:5060>>;expires=300
   Proxy-Require: com.nortelnetworks.firewall
   Allow-Events: talk,hold,conference
   Allow:NOTIFY,REFER,OPTIONS,INVITE,ACK,CANCEL,BYE,INFO
   Aastra-Mac:00085D03237F
   Aastra-Line:1
   User-Agent: Aastra 480i/1.4.0.1048 Brcm Callctrl/1.5.1.0<http://1.5.1.0> MxSF/v3.2.6.26

 ------------------------------------------------------------------------
send 667 bytes to udp/[71.121.183.4]:5067 at 19:28:05.470167:
   ------------------------------------------------------------------------
   SIP/2.0 401 Unauthorized
  Via: SIP/2.0/UDP 71.121.183.4:5067;branch=z9hG4bKba321b220
   From: 224 <sip:224 at fs_bfis.bizfocused.com:5060<http://sip:224@fs_bfis.bizfocused.com:5060>>;tag=23c56ce0efc9c8d
   To: 224 <sip:224 at fs_bfis.bizfocused.com:5060<http://sip:224@fs_bfis.bizfocused.com:5060>>;tag=eKgtr8tcS78QH
   Call-ID: 9fda297c6de44793402fc2f778f24fb0 at 71.121.183.4<mailto:9fda297c6de44793402fc2f778f24fb0 at 71.121.183.4>
   CSeq: 7581459 REGISTER
   User-Agent: FreeSWITCH-mod_sofia/1.2.22+git~20140309T212137Z~65fed130e5~64bit
   Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
   Supported: path, replaces
   WWW-Authenticate: Digest realm="fs_bfis.bizfocused.com<http://fs_bfis.bizfocused.com>", nonce="33a7d4af-e832-4d75-a284-b7002edadfc5", algorithm=MD5, qop="auth"
   Content-Length: 0

 ------------------------------------------------------------------------
recv 811 bytes from udp/[71.121.183.4]:5060 at 19:28:05.970923:
   ------------------------------------------------------------------------
   REGISTER sip:fs_bfis.bizfocused.com:5060<http://fs_bfis.bizfocused.com:5060> SIP/2.0
   Via: SIP/2.0/UDP 71.121.183.4:5067;branch=z9hG4bKba321b220
   Max-Forwards: 70
   Content-Length: 0
   To: 224 <sip:224 at fs_bfis.bizfocused.com:5060<http://sip:224@fs_bfis.bizfocused.com:5060>>
   From: 224 <sip:224 at fs_bfis.bizfocused.com:5060<http://sip:224@fs_bfis.bizfocused.com:5060>>;tag=23c56ce0efc9c8d
   Call-ID: 9fda297c6de44793402fc2f778f24fb0 at 71.121.183.4<mailto:9fda297c6de44793402fc2f778f24fb0 at 71.121.183.4>
   CSeq: 7581459 REGISTER
   Contact: 224 <sip:224 at 71.121.183.4:5067;srcadr=10.10.40.49:5060;srcadr=10.10.40.49:5060<http://10.10.40.49:5060>>;expires=300
   Contact: 224 <sip:224 at 71.121.183.4:5067;transport=tcp;srcadr=10.10.40.49:5060;srcadr=10.10.40.49:5060<http://10.10.40.49:5060>>;expires=300
   Proxy-Require: com.nortelnetworks.firewall
   Allow-Events: talk,hold,conference
   Allow:NOTIFY,REFER,OPTIONS,INVITE,ACK,CANCEL,BYE,INFO
   Aastra-Mac:00085D03237F
   Aastra-Line:1
   User-Agent: Aastra 480i/1.4.0.1048 Brcm Callctrl/1.5.1.0<http://1.5.1.0> MxSF/v3.2.6.26

 ------------------------------------------------------------------------
send 667 bytes to udp/[71.121.183.4]:5067 at 19:28:05.971138:
------------------------------------------------------------------------
   SIP/2.0 401 Unauthorized
   Via: SIP/2.0/UDP 71.121.183.4:5067;branch=z9hG4bKba321b220
   From: 224 <sip:224 at fs_bfis.bizfocused.com:5060<http://sip:224@fs_bfis.bizfocused.com:5060>>;tag=23c56ce0efc9c8d
  To: 224 <sip:224 at fs_bfis.bizfocused.com:5060<http://sip:224@fs_bfis.bizfocused.com:5060>>;tag=eKgtr8tcS78QH
   Call-ID: 9fda297c6de44793402fc2f778f24fb0 at 71.121.183.4<mailto:9fda297c6de44793402fc2f778f24fb0 at 71.121.183.4>
   CSeq: 7581459 REGISTER
   User-Agent: FreeSWITCH-mod_sofia/1.2.22+git~20140309T212137Z~65fed130e5~64bit
   Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
   Supported: path, replaces
   WWW-Authenticate: Digest realm="fs_bfis.bizfocused.com<http://fs_bfis.bizfocused.com>", nonce="33a7d4af-e832-4d75-a284-b7002edadfc5", algorithm=MD5, qop="auth"
   Content-Length: 0

Thanks,
Sean

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com




FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org



--

Brian West
brian at freeswitch.org<mailto:brian at freeswitch.org>

[http://billing.freeswitch.org/templates/default/img/whmcslogo.png]

Twitter: @FreeSWITCH , @briankwest
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com

T:+19184209001<tel:%2B19184209001> | F:+19184209002<tel:%2B19184209002> | M:+1918424WEST (9378)
iNUM:+883 5100 1420 9001 | ISN:410*543 | Skype:briankwest



--

Brian West
brian at freeswitch.org<mailto:brian at freeswitch.org>

[http://billing.freeswitch.org/templates/default/img/whmcslogo.png]

Twitter: @FreeSWITCH , @briankwest
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com

T:+19184209001<tel:%2B19184209001> | F:+19184209002<tel:%2B19184209002> | M:+1918424WEST (9378)
iNUM:+883 5100 1420 9001 | ISN:410*543 | Skype:briankwest

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com




FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com




FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org



--

Brian West
brian at freeswitch.org<mailto:brian at freeswitch.org>

[http://billing.freeswitch.org/templates/default/img/whmcslogo.png]

Twitter: @FreeSWITCH , @briankwest
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com

T:+19184209001 | F:+19184209002 | M:+1918424WEST (9378)
iNUM:+883 5100 1420 9001 | ISN:410*543 | Skype:briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20141017/0315b87c/attachment-0001.html