<div dir="ltr">Hi!<div><br></div><div>Sorry if you received an empty email, accidently clicked the send button when resizing the windows.</div><div><br></div><div>I am finally able to test a setup with both kamailio and asterisk on public network.</div><div>Currently I struggle with RTP flow - what do I need to change to have rtp flow directly to asterisk instead of rtpproxy?</div><div>Rtpproxy is working fine but when I disable NAT, there is no audio (did not yet check SDP).</div><div><br></div><div>Kind regards</div><div>Kevin</div><div><br><div class="gmail_quote"><div dir="ltr">Am Do., 16. Aug. 2018 um 12:47 Uhr schrieb Dmitri Savolainen <<a href="mailto:savolainen@erinaco.ru" target="_blank">savolainen@erinaco.ru</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">is RTP folowing to FS directly in this case?<span> </span></span></blockquote><div>Yes, it woks fine in 99% and no any additional <span style="font-size:12.8px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">STUN/ICE are required</span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 16 August 2018 at 13:32, Kevin Olbrich <span dir="ltr"><<a href="mailto:ko@sv01.de" target="_blank">ko@sv01.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Dmitri,<div><br></div><div>is RTP folowing to FS directly in this case? This would allow us to use STUN as well as ICE, etc. from Asterisk (which is currently the case without Kamailio SBC in prod).</div><span class="m_8600628983709173538m_-5149080411804444065HOEnZb"><font color="#888888"><div><br></div></font></span><div><span class="m_8600628983709173538m_-5149080411804444065HOEnZb"><font color="#888888">Kevin</font></span><div><div class="m_8600628983709173538m_-5149080411804444065h5"><br><br><br><div class="gmail_quote"><div dir="ltr">Am Do., 16. Aug. 2018 um 12:29 Uhr schrieb Dmitri Savolainen <<a href="mailto:savolainen@erinaco.ru" target="_blank">savolainen@erinaco.ru</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Kevin.<div>I use Kamailio as FreeSwitch set balancer almost without rtpengine (<span style="font-size:small;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">rtpengine is used only in some specific cases</span>). All in public IPs. </div><div>I just tune FS SIP profile to let it get requests only from Kamailio IP:PORT and add same firewall rules also. </div><div>All RPC commands work via local interface only.</div><div><span style="font-size:12.8px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">PUBLIC NET <span style="text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">SIP-Phone</span> ==> Kamailio<span style="text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">(PUBLIC)</span> ==> FS(PUBLIC) ==> <span style="text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Kamailio<span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">(PUBLIC)</span> <span> </span></span>==> Carrier</span> </div><div> </div></div><div class="gmail_extra"><br><div class="gmail_quote">On 16 August 2018 at 12:57, Kevin Olbrich <span dir="ltr"><<a href="mailto:ko@sv01.de" target="_blank">ko@sv01.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi!<div><br></div><div>I am working successfully with Kamailio in my lab setup where Kamailio is the SBC for Asterisk.</div><div>The network layout is looking like this:</div><div><br></div><div>SIP-Phone <== PUBLIC NET ==> Kamailio (SBC) <== PRIVATE NET ==> Asterisk <== PUBLIC NET ==> Carrier</div><div><br></div><div>Each public network is reachable from the internet and has a local firewall with IP whitelists.</div><div>The internal SIP transactions are UDP-only but for external phones I would like to also listen for TCP/TLS.</div><div><br></div><div>For this layout to work with rtpproxy (before we move on to RTPengine), we have to enable mhomed in Kamailio.</div><div>We also have some routing issues with packets leaving with the wrong IP via rtpproxy (when call between carrier and external phone needs to be bridged).</div><div><br></div><div>Most examples show that Asterisk is deployed on the same network as the external interface of Kamailio (-> Asterisk exposed to the public network).</div><div>In our tests, this works much better but I have great security concerns because this Asterisk instance itself does not need to be reachable from external.</div><div><br></div><div>How do other users deploy Kamailio in front of Asterisk or similar as SBC to secure internals?</div><div>There is lot of docs for Kamailio's config but IMHO less for the setup as DMZ (SBC) proxy.</div><div><br></div><div>Thank you very much.</div><div><br></div><div>Kind regards</div><span class="m_8600628983709173538m_-5149080411804444065m_7915506406548193616m_-4116121297838903910HOEnZb"><font color="#888888"><div>Kevin</div></font></span></div>
<br>_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="m_8600628983709173538m_-5149080411804444065m_7915506406548193616m_-4116121297838903910gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>Savolainen Dmitri</div></div></div></div></div>
</div>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div></div></div></div></div>
<br>_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="m_8600628983709173538m_-5149080411804444065gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>Savolainen Dmitri</div></div></div></div></div>
</div>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div></div></div>