4

We currently have a school-project going in which we need to set up an PBX with Asterisk. Thus we have installed asteriskNow in a virtual environment (with virtualBox) on ubuntu 12.10. We tried the configuration by registering some SIP-Phones via X-Lite in the local network, and it worked. But now, we would like to be able to access the server also from the internet - this is what we're strugglin with ... Here's what we have done so far:

  • In X-Lite we specified the IP of the modem of the local network in which the asterisk server resides.

  • On the modem we forwarded all incoming requests on port 5060 to the local router and this router forwards all requests to the local IP of our asterisk-server.

  • We configured the IP of the asterisk server as static.

  • We dissabled the ubuntu-firewall

Now, I know it's a very vague description of our problem and the error could be anywhere - but we don't even know where to start to look for the error. Do you have any suggestions what we could do? Would may be wireshark be of any help? Any information, help or suggestion is much appreciated (also if you know good tutorials how to set up asterisk with freepbx)!

kafman
  • 141
  • 1
  • 6
  • 1
    "Server Fault is for Information Technology Professionals needing expert answers related to managing computer systems in a **professional** capacity." – TheCleaner May 08 '13 at 19:11
  • @TheCleaner So where am I supposed to ask this question? – kafman May 08 '13 at 19:25
  • If you want to ask on one of the SE sites, I would recommend SuperUser per this Meta question: http://meta.stackexchange.com/questions/131750/which-is-the-best-stackexchange-site-to-ask-questions-concerning-asterisk – TheCleaner May 08 '13 at 19:38
  • @TheCleaner Why should schools not be considered a professional environment? It's not home stuff where "you can do what you want". – Hauke Laging May 08 '13 at 19:52
  • 2
    @HaukeLaging - he's a student....look at his profile. He's not an IT pro at the school asking about the environment there. I don't mind either way, I'm not a moderator. – TheCleaner May 08 '13 at 19:53
  • 2
    @TheCleaner A **computer science** student. How narrow shall "IT professional" be defined? "Get paid", "Get paid better than..."? I wouldn't vote against a question if you have to look at the questioner's profile to argue against it... I just had to review this one and accepted it. Consider the amount of `iptables` question which appear here every day. With half of them I wonder "How IT pro can you be **not** to know how this works?"... – Hauke Laging May 08 '13 at 20:03
  • 1
    "in a professional capacity" was what I referred to, hence the bold. He said "school project" and then I clicked his profile to verify before I commented. – TheCleaner May 08 '13 at 20:30
  • 2
    The question of whether or not a CS student is an "IT Professional" is really a subject to be discussed on [Meta](http://meta.serverfault.com). Generally speaking though, school projects/assignments are considered off-topic for Server Fault. The inherent problem then becomes "There's really no other site in [the network](http://stackexchange.com) with the kind of knowledge required to answer this question" -- what we do about that is *also* a topic to discuss on Meta. – voretaq7 May 08 '13 at 20:48
  • (in other words, I won't personally mod-hammer this question, but I'm also not going to jump in and save it if the community closes it. I might take a stab at answering it though if I have time. I will however be *aggressively* policing further commentary on the subject of topicality, closure, or voting on this question. Please take such discussion to [Meta](http://meta.serverfault.com)) – voretaq7 May 08 '13 at 20:50

3 Answers3

5

A few general points --

  • Asterisk does very poorly in virtual machines.
    I don't know if they have specific guidance on this, but my experience is even in high-end VMWare environments you can get into all sorts of odd trouble with virtualized VoIP servers.
    I would strongly advise troubleshooting on dedicated physical hardware.

  • SIP (the VoIP protocol behind Asterisk) HATES NAT
    SIP was never really designed to work with network address translation.
    Again, try getting things working on the same subnet, with no NAT or routing involved, before moving on to more difficult tasks.
    NAT-related issues usually affect calls more than registration, and there is lots of info on how to deal with it if you google around.

  • A good packet sniffer is your friend when troubleshooting VoIP
    If you watch the data going back and forth you'll probably come up with a reasonable idea of where the problem is.

So basically - start by getting things working inside your firewall. Then slowly work your way up to dealing with traversing firewalls and NAT.

In terms of Asterisk tutorials, these abound on the net (and Server Fault is not really a resource for "Find me a tutorial" -- Google stays up to date on this stuff better than we ever could).
I would definitely recommend using a prepackaged Asterisk distribution if you're new to VoIP stuff -- AsteriskNOW should be fine, but I personally use the FreePBX distro in production and have had excellent results with it (and it's good at auto-configuring for NAT-related issues which saves me some headaches.)

voretaq7
  • 79,345
  • 17
  • 128
  • 213
  • Thank you very much for your hints! We have finally managed to get our server working: as you recommended, it is not behind a NAT and not in a virtual machine. Regarding the asterisk-tutorials: we did search for them on Google before we posted the question. The problem was that they all had some small differences and unfortunately we didn't have enough know-how (nor the time to acquire it) to differentiate what matters for us and what not. Again, I'm sorry for the vague question - all the more, thanks for taking the time to help us! – kafman May 13 '13 at 16:23
2

But now, we would like to be able to access the server also from the internet - this is what we're strugglin with

Things to check:

  1. Verify the correct ports that you require "open". If it is just 5060, fine...but verify.
  2. Verify that the external IP of the modem is responding on the right ports by using something like http://www.t1shopper.com/tools/port-scan or similar
  3. Verify the routing between modem, internal router, and PBX in both directions, looking for NATing issues, routing issues, etc. using ping, tracert, and other tools.
  4. Make sure you are testing the IP phone from outside the modem/firewall and that it doesn't have a firewall blocking outbound to those ports.

Hope that helps you out...not trying to be draconian with the rules.

TheCleaner
  • 32,352
  • 26
  • 126
  • 188
  • Thanks for the help and I'm sorry if the question was too vague resp. if we mistook the primary intention of this forum. We were pretty desperated when our server wouldn't work even after hours of searching tutorials and help on the internet. Since other stacks have helped us greatly in the past, we thought we might get some help here as well - which in fact we did, so thanks! – kafman May 13 '13 at 16:15
1

I'd just like to add that since this asterisk has a public IP address, you might want to consider how to secure it as there are bots scanning for open 5060 ports, trying to gain access to VoIP servers/phones/etc. You might want to use Fail2ban and choose good passwords for your asterisk peers.

manjiki
  • 350
  • 3
  • 11