IAX2 register problem after pppoe static IP disconnect / reconnect behind NAT

Hi all,

My Trixbox 2.0 (asterisk 1.2.18) server is behind a linux router (Nated) with a pppoe link (bridged ADSL modem). The router is using Openwrt Whiterussian 0.9 linux 2.4 kernel based distribution.

The NAT is a classical port restricted cone.

The pppoe link is configured as a dynamic pppoe link, and the provider is delivering everytime the same public IP address.

This static IP adddress seems to cause a lot of problems.

The problem is that the trixbox box loose IAX connectivity after each pppoe reconnect.

This is very strange because everything seems to works correctly on the trixbox machine.
ICMP, UDP, TCP connectivity seems ok, even after the pppoe disconnect/reconnect.

Only IAX2 register stop to work. So Trixbox cannot register with his peer on Internet.

Strangely, restarting the asterisk deamon (amportal restart) don't restore connectivity. I need to reboot the asterisk machine, or reboot the router to get IAX connectivity restored.

Again all is working nicely, before pppoe disconnect / reconnect.

I can't explain why connectivity is restored only when the router or the asterisk machine is rebooted.

This exclude the possibility of a problem with asterik or the router himself. It seems like there is a combination of problems, only solved by a reboot of one of the 2 boxes, router or trixbox one.

Could it be an ARP or other low level problem trigered by the reconnect ? A problem inside the linux kernels ?

For information, dns is not used for this IAX connection, and the asterisk LAN machine has a static IP, so we can exclude dns and dhcp from the problem.

I've found this thread, it seems that it is a well know problem, but i've found no real solution to solve it.

"Workaround for Less Featured NAT Devices"

This is something i've run into myself, and my VOIP IAX2 provider has this issue with many clients running Asterisk on TrixBox or custom made systems.

If our PPPoE goes down, we have to reboot our trixbox to get our IAX2 link to re-register. It will try and just keep timing out. I have the 4569 forwarded internal. I've put TCPDUMP on my Router. We have a fixed IP, i've done it all ;)

I have a dirty script that avoids havig to reboot the TrixBox and restore our service within 2 minutes of a blip automatically, and logs the 'blips' so i can see how 'reliable' our service is.

Here is the script. Its dirty, but it works. *IF* someone can help me get IAX2 working behind our NAT DSL session, let me know. I think its related to me not being able to use "Consistent NAT". We're using a Linksys WRT54GS with DD-WRT v230-SP2. Yes SPI is turned off, I tried all types and kinds of forwarding too! I'm a bigtime network guy so reply with detailed info if you have it for me....

With the script below, use a CRON job to execute it. Say every two minutes. Warning, memory leak will occur over time during LONG outages as when the system unloads/releads the IAX2 stuff a little bit of memory never gets released.

If anyone has feedback let me know. I'm not a bash guru but i solved the problem for us, so hey hey. The time delay between unloaing and reloading is key, not having that prevents the registration from working.

I'd say the guys who wrote the chan_iax2.so need to make it generate network traffic however this 'hack' does, if they DID, then IAX2 would work behind ANY flavor of NAT device, no matter how crappy and those of us stuck with PPPoE sessions. Get on it guys!
#!/bin/sh

#We record the status of the IAX2 Trunk

cd /root/ # I have script live in root,

#change to suit or use full
# paths in rest of script,
# i'm not BASH guru

/usr/sbin/asterisk -rx 'iax2 show registry' > reg_status
sleep 1

#We then Scan the Status and see if we're online or not...

TEST="Registered"
if grep $TEST reg_status > /dev/null
then
exit #Abort, we are online, all is well...
fi

#IF we're this far down, we've lost IAX. Log the incident.

date >> slap.log

#Restart the IAX2 trunk. Delay required for some reason.

/usr/sbin/asterisk -rx 'unload chan_iax2.so' > /dev/null
sleep 60
/usr/sbin/asterisk -rx 'load chan_iax2.so' > /dev/null