[Freeswitch-users] AASTRA Phones - NAT issue
Paul Hayes
paul at provu.co.uk
Tue Oct 21 14:38:37 MSD 2014
On 17/10/14 18:53, Sean Devoy wrote:
> Right, because I would ask on here without Googling it first – come
> one. I found how to do it for many AASTRA models, but nothing on the 480i.
>
But also this setting on FS should do the trick:
http://wiki.freeswitch.org/wiki/NDLB#NDLB-force-rport
As it forces it to use rport even when the phone doesn't request it.
> I did find a newer version of “the latest” firmware (1.4.3.1001 Fed
> 2013). Still no RPORT in admin screens. As for being on the Network
> Screen, see page pasted below.
>
> So, seriously DOES ANYONE *actually have* an AASTRA 480i (or 480iCT)
> working with FS? I don’t mean some other model that has Firmware with
> all the features you need.
>
> Sean
>
> Network Settings
>
> Top of Form
>
> *Basic Network Settings*
>
>
>
> DHCP
>
>
>
> Enabled
>
> IP Address
>
>
>
> Subnet Mask
>
>
>
> Gateway
>
>
>
> Primary DNS
>
>
>
> Secondary DNS
>
>
>
>
>
> *Advanced Network Settings*
>
>
>
> NAT IP
>
>
>
> NAT Port
>
>
>
> Nortel NAT Traversal Enabled
>
>
>
> Nortel NAT Timer (seconds)
>
>
>
> NTP Time Servers
>
>
>
> Enabled
>
> Time Server 1
>
>
>
> Time Server 2
>
>
>
> Time Server 3
>
>
>
>
>
> *Type of Service, DSCP*
>
>
>
> SIP
>
>
>
> RTP
>
>
>
> RTCP
>
>
>
>
>
> *VLAN*
>
>
>
> *Global*
>
>
>
> VLAN Enable
>
>
>
> Enabled
>
> Priority, Non-IP Packet
>
>
>
>
>
> *Port 0*
>
>
>
> VLAN id
>
>
>
> SIP Priority
>
>
>
> RTP Priority
>
>
>
> RTCP Priority
>
>
>
>
>
> *Port 1*
>
>
>
> VLAN id
>
>
>
> Priority
>
>
>
> Bottom of Form
>
> *From:*freeswitch-users-bounces at lists.freeswitch.org
> [mailto:freeswitch-users-bounces at lists.freeswitch.org] *On Behalf Of
> *Brian West
> *Sent:* Friday, October 17, 2014 7:39 AM
> *To:* FreeSWITCH Users Help
> *Subject:* Re: [Freeswitch-users] AASTRA Phones - NAT issue
>
> http://bit.ly/1qHErz0
>
> On Thursday, October 16, 2014, Sean Devoy <sdevoy at bizfocused.com
> <mailto:sdevoy at bizfocused.com>> wrote:
>
> Brian,
>
> Thanks for the prompt response. However, I have searched the web
> config pages, users guide and administrator’s guides. I cannot find
> any reference to “rport”. Could it be hiding under some other name
> I don’t know?
>
> Here is the SIP config page:
>
> *Global SIP Settings*
>
> Top of Form
>
> *Basic SIP Authentication Settings*
>
>
>
> Screen Name
>
>
>
> Phone Number
>
>
>
> Caller ID
>
>
>
> Authentication Name
>
>
>
> Password
>
>
>
> BLA Number
>
>
>
> Line Mode
>
>
>
>
>
> *Basic SIP Network Settings*
>
>
>
> Proxy Server
>
>
>
> Proxy Port
>
>
>
> Outbound Proxy Server
>
>
>
> Outbound Proxy Port
>
>
>
> Registrar Server
>
>
>
> Registrar Port
>
>
>
> Registration Period
>
>
>
>
>
> *Advanced SIP Settings*
>
>
>
> Explicit MWI Subscription
>
>
>
> Enabled
>
> Send MAC Address in REGISTER Message
>
>
>
> Enabled
>
> Send Line Number in REGISTER Message
>
>
>
> Enabled
>
> Session Timer
>
>
>
> T1 Timer
>
>
>
> T2 Timer
>
>
>
>
> Transaction Timer
>
>
>
> Transport Protocol
>
>
>
> Registration Retry Timer
>
>
>
> BLF Subsription Period
>
>
>
>
>
> *RTP Settings*
>
>
>
> RTP Port
>
>
>
> Basic Codecs (G.711 u-Law, G.711 a-Law, G.729)
>
>
>
> Enabled
>
> Force RFC2833 Out-of-Band DTMF
>
>
>
> Enabled
>
> Customized Codec Preference List
>
>
>
> DTMF Method
>
>
>
> Silence Suppression
>
>
>
> Enabled
>
> Bottom of Form
>
> Thanks again,
>
> Sean
>
> *From:*freeswitch-users-bounces at lists.freeswitch.org
> <javascript:_e(%7B%7D,'cvml','freeswitch-users-bounces at lists.freeswitch.org');>
> [mailto:freeswitch-users-bounces at lists.freeswitch.org
> <javascript:_e(%7B%7D,'cvml','freeswitch-users-bounces at lists.freeswitch.org');>]
> *On Behalf Of *Brian West
> *Sent:* Thursday, October 16, 2014 6:47 PM
> *To:* FreeSWITCH Users Help
> *Subject:* Re: [Freeswitch-users] AASTRA Phones - NAT issue
>
> None of those will have anything to do with this issue, in fact most
> of those aren't even needed, enable rport in your device and the
> problems go away. None of those can actually apply during the
> challenge phase its a chicken egg scenario as the user isn't looked
> up at that point, its just a blind challenge.
>
> On Thu, Oct 16, 2014 at 5:23 PM, Chris Tunbridge
> <blasterjr at gmail.com
> <javascript:_e(%7B%7D,'cvml','blasterjr at gmail.com');>> wrote:
>
> i have a deployment with 10x480i's 20x6730i's and 8x6757i's
>
> i use <variable name="sip-force-contact"
> value="NDLB-connectile-dysfunction"/>
>
> and i have aggressive-nat-detection enabled, as well as some
> other NDLB settings in my internal.xml
>
> Brian mentioned rport, i don't personally use it with any of my
> stuff, however i have seen it used in the past.
>
> Here's the settings i have set, not sure if all of them are
> needed, but i do have working 480i's with this configuration
>
>
> <param name="aggressive-nat-detection" value="true"/>
> <param name="NDLB-broken-auth-hash" value="true"/>
> <param name="NDLB-sendrecv-in-session" value="true"/>
> <param name="NDLB-received-in-nat-reg-contact" value="true"/>
>
> On Thu, Oct 16, 2014 at 4:16 PM, Brian West
> <brian at freeswitch.org
> <javascript:_e(%7B%7D,'cvml','brian at freeswitch.org');>> wrote:
>
> And by rport I mean in the Aasstra phone.
>
> On Thu, Oct 16, 2014 at 5:15 PM, Brian West
> <brian at freeswitch.org
> <javascript:_e(%7B%7D,'cvml','brian at freeswitch.org');>> wrote:
>
> Its because you don't have rport enabled, if you notice
> your register says in the contact 71.121.183.4:5067
> <http://71.121.183.4:5067> so thats where we send the
> 401, chances are your phone doesn't get it because we
> are going to the contact. In this case the phone never
> gets the 401 and we keep sending it.
>
> On Thu, Oct 16, 2014 at 4:57 PM, Sean Devoy
> <sdevoy at bizfocused.com
> <javascript:_e(%7B%7D,'cvml','sdevoy at bizfocused.com');>>
> wrote:
>
> Hi All,
>
> I am trying to get an AASTRA 480i working with FS.
> I have other phones working just fine (Cisco and
> Polycom). I have updated the firmware. I can see
> in the “sofia global siptrace” the REGISTER request,
> the Unauthorized response, but it does not appear to
> be making it back to the phone. That statement is
> based on my observation the CSEQ does not change.
>
> I have added and removed:
>
> <variablename="sip-force-contact"value="NDLB-connectile-dysfunction"/>
>
> I have tried many different option through the
> phones web interface, but no luck yet.
>
> Anyone have a working configuration (phone and FS)
> they could share)?
>
> The key siptrace packets are here (these happen to
> be from the attempt with both UDP and TCP):
>
> recv 811 bytes from udp/[71.121.183.4]:5060 at
> 19:28:05.468752:
>
>
> ------------------------------------------------------------------------
>
> REGISTER sip:fs_bfis.bizfocused.com:5060
> <http://fs_bfis.bizfocused.com:5060> SIP/2.0
>
> Via: SIP/2.0/UDP
> 71.121.183.4:5067;branch=z9hG4bKba321b220
>
> Max-Forwards: 70
>
> Content-Length: 0
>
> To: 224 <sip:224 at fs_bfis.bizfocused.com:5060
> <http://sip:224@fs_bfis.bizfocused.com:5060>>
>
> From: 224 <sip:224 at fs_bfis.bizfocused.com:5060
> <http://sip:224@fs_bfis.bizfocused.com:5060>>;tag=23c56ce0efc9c8d
>
> Call-ID:
> 9fda297c6de44793402fc2f778f24fb0 at 71.121.183.4
> <javascript:_e(%7B%7D,'cvml','9fda297c6de44793402fc2f778f24fb0 at 71.121.183.4');>
>
> CSeq: 7581459 REGISTER
>
> Contact: 224
> <sip:224 at 71.121.183.4:5067;srcadr=10.10.40.49:5060;srcadr=10.10.40.49:5060
> <http://10.10.40.49:5060>>;expires=300
>
> Contact: 224
> <sip:224 at 71.121.183.4:5067;transport=tcp;srcadr=10.10.40.49:5060;srcadr=10.10.40.49:5060
> <http://10.10.40.49:5060>>;expires=300
>
> Proxy-Require: com.nortelnetworks.firewall
>
> Allow-Events: talk,hold,conference
>
>
> Allow:NOTIFY,REFER,OPTIONS,INVITE,ACK,CANCEL,BYE,INFO
>
> Aastra-Mac:00085D03237F
>
> Aastra-Line:1
>
> User-Agent: Aastra 480i/1.4.0.1048 Brcm
> Callctrl/1.5.1.0 <http://1.5.1.0> MxSF/v3.2.6.26
>
> ------------------------------------------------------------------------
>
> send 667 bytes to udp/[71.121.183.4]:5067 at
> 19:28:05.470167:
>
>
> ------------------------------------------------------------------------
>
> SIP/2.0 401 Unauthorized
>
> Via: SIP/2.0/UDP
> 71.121.183.4:5067;branch=z9hG4bKba321b220
>
> From: 224 <sip:224 at fs_bfis.bizfocused.com:5060
> <http://sip:224@fs_bfis.bizfocused.com:5060>>;tag=23c56ce0efc9c8d
>
> To: 224 <sip:224 at fs_bfis.bizfocused.com:5060
> <http://sip:224@fs_bfis.bizfocused.com:5060>>;tag=eKgtr8tcS78QH
>
> Call-ID:
> 9fda297c6de44793402fc2f778f24fb0 at 71.121.183.4
> <javascript:_e(%7B%7D,'cvml','9fda297c6de44793402fc2f778f24fb0 at 71.121.183.4');>
>
> CSeq: 7581459 REGISTER
>
> User-Agent:
> FreeSWITCH-mod_sofia/1.2.22+git~20140309T212137Z~65fed130e5~64bit
>
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS,
> MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY,
> PUBLISH, SUBSCRIBE
>
> Supported: path, replaces
>
> WWW-Authenticate: Digest
> realm="fs_bfis.bizfocused.com
> <http://fs_bfis.bizfocused.com>",
> nonce="33a7d4af-e832-4d75-a284-b7002edadfc5",
> algorithm=MD5, qop="auth"
>
> Content-Length: 0
>
> ------------------------------------------------------------------------
>
> recv 811 bytes from udp/[71.121.183.4]:5060 at
> 19:28:05.970923:
>
>
> ------------------------------------------------------------------------
>
> REGISTER sip:fs_bfis.bizfocused.com:5060
> <http://fs_bfis.bizfocused.com:5060> SIP/2.0
>
> Via: SIP/2.0/UDP
> 71.121.183.4:5067;branch=z9hG4bKba321b220
>
> Max-Forwards: 70
>
> Content-Length: 0
>
> To: 224 <sip:224 at fs_bfis.bizfocused.com:5060
> <http://sip:224@fs_bfis.bizfocused.com:5060>>
>
> From: 224 <sip:224 at fs_bfis.bizfocused.com:5060
> <http://sip:224@fs_bfis.bizfocused.com:5060>>;tag=23c56ce0efc9c8d
>
> Call-ID:
> 9fda297c6de44793402fc2f778f24fb0 at 71.121.183.4
> <javascript:_e(%7B%7D,'cvml','9fda297c6de44793402fc2f778f24fb0 at 71.121.183.4');>
>
> CSeq: 7581459 REGISTER
>
> Contact: 224
> <sip:224 at 71.121.183.4:5067;srcadr=10.10.40.49:5060;srcadr=10.10.40.49:5060
> <http://10.10.40.49:5060>>;expires=300
>
> Contact: 224
> <sip:224 at 71.121.183.4:5067;transport=tcp;srcadr=10.10.40.49:5060;srcadr=10.10.40.49:5060
> <http://10.10.40.49:5060>>;expires=300
>
> Proxy-Require: com.nortelnetworks.firewall
>
> Allow-Events: talk,hold,conference
>
>
> Allow:NOTIFY,REFER,OPTIONS,INVITE,ACK,CANCEL,BYE,INFO
>
> Aastra-Mac:00085D03237F
>
> Aastra-Line:1
>
> User-Agent: Aastra 480i/1.4.0.1048 Brcm
> Callctrl/1.5.1.0 <http://1.5.1.0> MxSF/v3.2.6.26
>
> ------------------------------------------------------------------------
>
> send 667 bytes to udp/[71.121.183.4]:5067 at
> 19:28:05.971138:
>
> ------------------------------------------------------------------------
>
> SIP/2.0 401 Unauthorized
>
> Via: SIP/2.0/UDP
> 71.121.183.4:5067;branch=z9hG4bKba321b220
>
> From: 224 <sip:224 at fs_bfis.bizfocused.com:5060
> <http://sip:224@fs_bfis.bizfocused.com:5060>>;tag=23c56ce0efc9c8d
>
> To: 224 <sip:224 at fs_bfis.bizfocused.com:5060
> <http://sip:224@fs_bfis.bizfocused.com:5060>>;tag=eKgtr8tcS78QH
>
> Call-ID:
> 9fda297c6de44793402fc2f778f24fb0 at 71.121.183.4
> <javascript:_e(%7B%7D,'cvml','9fda297c6de44793402fc2f778f24fb0 at 71.121.183.4');>
>
> CSeq: 7581459 REGISTER
>
> User-Agent:
> FreeSWITCH-mod_sofia/1.2.22+git~20140309T212137Z~65fed130e5~64bit
>
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS,
> MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY,
> PUBLISH, SUBSCRIBE
>
> Supported: path, replaces
>
> WWW-Authenticate: Digest
> realm="fs_bfis.bizfocused.com
> <http://fs_bfis.bizfocused.com>",
> nonce="33a7d4af-e832-4d75-a284-b7002edadfc5",
> algorithm=MD5, qop="auth"
>
> Content-Length: 0
>
> Thanks,
>
> Sean
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> <javascript:_e(%7B%7D,'cvml','consulting at freeswitch.org');>
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-powered IP PBX: The CudaTel Communication
> Server
>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <javascript:_e(%7B%7D,'cvml','FreeSWITCH-users at lists.freeswitch.org');>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> --
>
> */Brian West/*
> brian at freeswitch.org
> <javascript:_e(%7B%7D,'cvml','brian at freeswitch.org');>
>
> */Twitter: @FreeSWITCH , @briankwest/*
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
>
> *T:*+19184209001 <tel:%2B19184209001> | *F:*+19184209002
> <tel:%2B19184209002> | *M:*+1918424WEST (9378)
> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 |
> *Skype:*briankwest
>
>
>
> --
>
> */Brian West/*
> brian at freeswitch.org
> <javascript:_e(%7B%7D,'cvml','brian at freeswitch.org');>
>
> */Twitter: @FreeSWITCH , @briankwest/*
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
>
> *T:*+19184209001 <tel:%2B19184209001> | *F:*+19184209002
> <tel:%2B19184209002> | *M:*+1918424WEST (9378)
> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> <javascript:_e(%7B%7D,'cvml','consulting at freeswitch.org');>
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
>
>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <javascript:_e(%7B%7D,'cvml','FreeSWITCH-users at lists.freeswitch.org');>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> <javascript:_e(%7B%7D,'cvml','consulting at freeswitch.org');>
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
>
>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <javascript:_e(%7B%7D,'cvml','FreeSWITCH-users at lists.freeswitch.org');>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> --
>
> */Brian West/*
> brian at freeswitch.org
> <javascript:_e(%7B%7D,'cvml','brian at freeswitch.org');>
>
> */Twitter: @FreeSWITCH , @briankwest/*
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
>
> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>
>
>
> --
>
> */Brian West/*
> brian at freeswitch.org <mailto:brian at freeswitch.org>
>
> */Twitter: @FreeSWITCH , @briankwest/*
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
>
> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
>
>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list