I have a Pi Appliance node 629653 inside my firewall at home. I can connect to it both with and without WT mode from my outside WAN connection. That is I turn off Wi-Fi and use the mobile connection. This is using the latest DVSM app.
I have a pair of DVSM accounts for 629653: one for the WAN and one for the LAN. Only the host value is different. So it’s easy to switch between the two depending on the network.
If I connect to this node from the inside my LAN, WT mode calls fail. I get this error in messages.log:
The 192.168.1.180 address above is the DVSM device. The node is at 192.168.1.150. This is the condition where the WT mode fails with the above error. It’s like my router is blocking the WT CallToken.
I’ve seen this error before on forums. But none relate to my situation. Being inside the firewall for both the node and DVSM, it would seem like ports wouldn’t matter. But seems to here.
Usually, you can’t connect WT from inside the LAN because the router isn’t supporting hairpin NAT properly. In this case, though, packets are making it to the IAX port. This might require further packet inspection. Not sure.
Could you post the full progress of the call until it gets to that point?
What client are you using? This is not really a fix (don’t know exactly what is going on there) but with DVSwitch Mobile, Repeaterphone and Transceive for Mac OS, you can optionally connect to an iax stanza instead of using WT. In that case, you could use the local IP of the node while on your LAN.
I’d be more than willing if you could post some instructions. Otherwise I’ll describe my user scenario below.
Packet inspection is beyond my skillset. But I can describe my setup.
The node is the unmodified installation of the Pi Appliance on a Pi 3B. This includes ASL3 and Allmon3.
The router is an Asus RT-AC68U. I forwarded a large number of ports to the Pi device, in fact all of the ports listed in Pi Appliance firewall settings. Probably forwared more ports than necessary. The all important port 4569 UDP is forwarded. Of course ports 80, 443, 9090, 22 TCP etc.
The client I use most is DVSwitch Mobile or DVSM on Android. It offers both stanza connections or WT connections. By what you call stanza connections, I can use remote connections by use of the DTMF pad with appropriate prefixes. Again I can’t do WT connection unless I run DVSM on an external mobile connection or internally through a VPN.
I also use RepeaterPhone but only for stanza connections, again doing remote calls via DTMF pad. It doesn’t support WT calls so far as I’m aware.
It would seem to me that the issue is NAT.
The connection from inside your network it is pointed to.
My thought is that it should be pointed to the network WT to be inbound accepted by network interface from the outside as the software is expecting.
I can’t say my thinking is completely clear on this.
But while local, why not use a iaxrpt type connection.
I don’t use WT connections but I would run the issue to the group