Unable to connect to a node, very odd problem

I am working remotely on a node for some friends that is in a remote location. It connects outbound fine. Inbound is the issue. First off I can get into it with IAXRPT just fine. That works but when I try to connect from one of my local nodes the error from asterisk has me puzzled. See:

[Mar 26 09:25:51] WARNING[380]: chan_iax2.c:7690 registry_rerequest: REGISTER-LOG: registry rereqquest
-- Accepting UNAUTHENTICATED call from x.x.x.209:
> requested format = gsm,
> requested prefs = (gsm|g726aal2|ulaw),
> actual format = ulaw,
> host prefs = (ulaw|adpcm|g722|g726aal2|gsm|ilbc),
> priority = mine
-- ExAX2/x.x.x.209:4569-720'
651413CLI>ecuting [651413@radio-secure:1] Rpt("IAX2/x.x.x.209:4569-720", "651413") in new stack*
== Parsing '/var/lib/asterisk/rpt_extnodes': Found
[Mar 26 09:26:09] WARNING[9454]: app_rpt.c:22930 rpt_exec: Node 28599 IP 108.196.236.231 does not match link IP x.x.x.209!!
== Spawn extension (radio-secure, 651413, 1) exited non-zero on 'IAX2/x.x.x.209:4569-720'
-- Hungup 'I

x.x.x.209 is the site's public IP address. It shows me trying to connect FROM that address. I'm connecting from 108.196.236.231:4569 (node 28599)

At first I thought the UNAUTHENTICATED was the issue but then saw that inbound connections to my other nodes report the same. So I'm assuming the IP address mismatch is the issue but really not sure. Anybody have any hints where to look. I've compared config files to my other nodes iax.conf and extension.conf files as well as look at rpt.conf to see if under [nodes] there is something squirrely but no.

The site is remote and not easy to access so I need to do this via ssh from my home.

I'm puzzled. Been using allstar since 2010 and never saw this problem...

GeorgeC W2DB
Crowley, TX

does this info look right for node# 651413 ?

$ sudo asl-node-lookup 651413

SRV (_iax._udp.651413.nodes.allstarlink.org)
  10 10 4569 651413.nodes.allstarlink.org.

A (651413.nodes.allstarlink.org)
  72.12.122.209

TXT (651413.nodes.allstarlink.org)
  NN=651413
    IP=72.12.122.209
    PT=4569

RPT LOOKUP (651413)
  radio@72.12.122.209:4569/651413,72.12.122.209
  radio@72.12.122.209:4569/651413,72.12.122.209

i can connect (briefly) but ultimately all my attempts end in a dropped connection to 651413

public info about node# 28599 is

$ sudo asl-node-lookup 28599

SRV (_iax._udp.28599.nodes.allstarlink.org)
  10 10 4569 28599.nodes.allstarlink.org.

A (28599.nodes.allstarlink.org)
  108.196.236.231

TXT (28599.nodes.allstarlink.org)
  NN=28599
    IP=108.196.236.231
    PT=4569

RPT LOOKUP (28599)
  radio@108.196.236.231:4569/28599,108.196.236.231
  radio@108.196.236.231:4569/28599,108.196.236.231

that look OK, too?

The last two lines...is there a double definition in your rpt.conf? I have only one line there.

Otherwise mine look the same.

EDIT: Also my internal net definitions end with NONE, not an IP address.

This is a classic CGNAT issue. Please run asl-node-auth-check on both sides. Good chance the one side on something like a T-Mobile connection that implemented CGNAT recently.

yes, that info looks correct
GeorgeC

root@651413:/etc/asterisk# asl-node-auth-check
bash: asl-node-auth-check: command not found
root@651413:/etc/asterisk#

I need to check with the folks out there what their internet connection is

you should have this result

$ ls /usr/bin/asl-node-*
/usr/bin/asl-node-auth-check  /usr/bin/asl-node-lookup