Ok I finally fixed it thanks to Skype Tech support and an Asterisk Ninja :)
This is what must be in sip.conf in order for Skype connect to work:
register => SKYPE_CONNECT_ID:SKYPE_CONNECT_PASS@sip.skype.com/SKYPE_CONNECT_ID
That Register line MUST be near the begining of the file, where the "register =>" examples are.
Skype Trunk details (near the end of sip.conf or at the end):
[skype]
type=friend
context=from-skype
username=SKYPE_CONNECT_ID
secret=SKYPE_CONNECT_PASS
canreinvite=no
insecure=port,invite
dtmfmode=rfc2833
host=sip.skype.com
nat=no
qualify=yes
fromuser=SKYPE_CONNECT_ID
fromdomain=sip.skype.com
disallow=all
allow=g729
allow=ulaw
allow=alaw
Note: If you are using Asterisk-gui, you can do all of this through the gui.
When setting up the SIP trunk, you need to go back and edit it, because edit reveals more options for you to put in.
Fill out:
Hostname: sip.skype.com
Username: SKYPE_CONNECT_ID
Password: SKYPE_CONNECT_PASSWORD
Codecs: G729, Ulaw, Alaw
Fromdomain: sip.skype.com
Fromuser: SKYPE_CONNECT_ID
There is one more hidden option that you must set in order for INCOMING call
Options/Advanced/Show hidden options
With this setup, outgoing calls should work. Remeber to make the outgoing rule so that you get an international number out. My example in asterisk-gui.
US office calls only US numbers.
Outgoing rule: _XXXXXXXXXX
Prepend: +
Same thing with bare-bones asterisk: (extensions.conf)
exten => _X.,n,Dial(SIP/skype/+1${EXTEN},90)
In the example above, there is a skype trunk defined in sip.conf
After this. Everything worked fine. Now I seem to have some other problems :)
You don't have to explicitly forward RTP ports (>1024) as you have sip inspect
turned on. When a SIP INVITE
comes through, the router will open the appropriate RTP ports for the duration of the call.
As far as NATing SIP, you are missing the NAT command, and the access-list entry:
! this should be tightened to allow traffic only from your telephone company, or
! people with bad intent will happily place international calls on your account
access-list outside_access_in extended permit udp any host 192.168.3.150 eq 5060
! nat 5060 to 5060
object network NEC_DSX
nat (inside,outside) static interface service udp 5060 5060
Though it is not needed, the proper syntax to forward a range is:
object service rtp-1024-1215
service udp source range 1024 1215
object network NEC_DSX_RTP
host 192.168.3.150
nat (inside,outside) static interface service rtp-1024-1215 rtp-1024-1215
Best Answer
With PF, you could do it with variables.
myports = "{ 22 25 2022 2222 8000 }" rdr on $ext_if proto udp from any to $ext_if port $myports -> 192.168.1.7
...or something.