The Linux Fix uses some pretty cool gear to run our phone system.   With some help from VMWare, an install of Trixbox here in the California office is trunked to a few Broadvoice SIP business accounts.  Internally, we use some nice Aastra 480i IP Hardphones in the office that communicate via SIP to the Trixbox PBX.

This setup provides us with inexpensive long distance, a $5.00 toll-free number, as well as the ability to do ring-groups and call forwarding to mobile phones when customers dial in and need support.

The Linux Fix also has a few people that help out and live out of state.  For one of these guys, we have established a permanent VPN setup a few months ago (with the help of a few Fortigate units) to provide them with an actual extension and ease management tasks.

Ever since we’ve had this setup, there was a nagging issue that we just couldn’t get to the bottom of.   When calling from the office->out, everything worked fine.   However, when the remotes called into the office, or try to dial out (remember, everything is trunked from the Trixbox here in California), the call would last exactly 20 seconds and then just suddenly disconnect.  Trixbox would also log something along the lines of:

“Hanging up call 699105eb51dc2bb700889eafbf955a5e@10.0.2.10 – no reply to our critical packet.”

Googling around reveals that quite a few people have at least some variation of the same problem.  After some research we finally figured it out.   It all has to do with NAT, Firewalling, and Trixbox (and thus Asterisk’s) NAT settings.  It’s a a bit hard to explain in a blog post, so hopefully these diagrams will sort it out and help explain what is going on.

The “Wrong” Way, and, The “Right”Way