diff options
author | Terry Wilson <twilson@digium.com> | 2011-11-21 21:09:59 +0000 |
---|---|---|
committer | Terry Wilson <twilson@digium.com> | 2011-11-21 21:09:59 +0000 |
commit | 32d0faac9cb7576520d326ddd15d9fc7a0b47252 (patch) | |
tree | f75414aa3d0e226e2cc130bf5f91e27c70a4d62c /configs | |
parent | 298d015828a638a8ab0f07f8f8205ef04026bdd8 (diff) |
Default to nat=yes; warn when nat in general and peer differ
It is possible to enumerate SIP usernames when the general and user/peer
nat settings differ in whether to respond to the port a request is sent
from or the port listed for responses in the Via header. In 1.4 and 1.6.2,
this would mean if one setting was nat=yes or nat=route and the other was
either nat=no or nat=never. In 1.8 and 10, this would mean when one was
nat=force_rport and the other was nat=no.
In order to address this problem, it was decided to switch the default
behavior to nat=yes/force_rport as it is the most commonly used option
and to strongly discourage setting nat per-peer/user when at all possible.
For more discussion of the issue, please see:
http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html
(closes issue ASTERISK-18862)
Review: https://reviewboard.asterisk.org/r/1591/
........
Merged revisions 345776 from http://svn.asterisk.org/svn/asterisk/branches/1.4
........
Merged revisions 345800 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
........
Merged revisions 345828 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 345830 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@345831 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'configs')
-rw-r--r-- | configs/sip.conf.sample | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample index 3c77a88be..cb492161e 100644 --- a/configs/sip.conf.sample +++ b/configs/sip.conf.sample @@ -824,6 +824,14 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ; for their media streams is not actual port number that will be used on the nearer ; side of the NAT. ; +; IT IS IMPORTANT TO NOTE that if the nat setting in the general section differs from +; the nat setting in a peer definition, then the peer username will be discoverable +; by outside parties as Asterisk will respond to different ports for defined and +; undefined peers. For this reason it is recommended to ONLY DEFINE NAT SETTINGS IN THE +; GENERAL SECTION. Specifically, if nat=force_rport in one section and nat=no in the +; other, then valid users with settings differing from those in the general section will +; be discoverable. +; ; In addition to these settings, Asterisk *always* uses 'symmetric RTP' mode as defined by ; RFC 4961; Asterisk will always send RTP packets from the same port number it expects ; to receive them on. @@ -1212,12 +1220,10 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls type=friend [natted-phone](!,basic-options) ; another template inheriting basic-options - nat=yes directmedia=no host=dynamic [public-phone](!,basic-options) ; another template inheriting basic-options - nat=no directmedia=yes [my-codecs](!) ; a template for my preferred codecs @@ -1257,7 +1263,6 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ;description=Courtesy Phone ; Description of the peer. Shown when doing 'sip show peers'. ;host=192.168.0.23 ; we have a static but private IP address ; No registration allowed -;nat=no ; there is not NAT between phone and Asterisk ;directmedia=yes ; allow RTP voice traffic to bypass Asterisk ;dtmfmode=info ; either RFC2833 or INFO for the BudgeTone ;call-limit=1 ; permit only 1 outgoing call and 1 incoming call at a time @@ -1287,7 +1292,6 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ;regexten=1234 ; When they register, create extension 1234 ;callerid="Jane Smith" <5678> ;host=dynamic ; This device needs to register -;nat=yes ; X-Lite is behind a NAT router ;directmedia=no ; Typically set to NO if behind NAT ;disallow=all ;allow=gsm ; GSM consumes far less bandwidth than ulaw @@ -1361,9 +1365,6 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ;type=friend ;secret=blah ;qualify=200 ; Qualify peer is no more than 200ms away -;nat=yes ; This phone may be natted - ; Send SIP and RTP to the IP address that packet is - ; received from instead of trusting SIP headers ;host=dynamic ; This device registers with us ;directmedia=no ; Asterisk by default tries to redirect the ; RTP media stream (audio) to go directly from |