Hello,
there is no way of going through symmetric NAT without a media stream relay on a public ip address.
The media relay system can be:
1) server side relay controlled by sip server, like rtpengine or rtpproxy 2) dedicated SBC boxes put between end device and sip server, like Oracle (former ACME) SBC 3) TURN servers, which is concept similar to rtpengine/rtpproxy, but it is the end device interacting directly with it (sip server does not interact with the TURN server), so the end device must support TURN protocol
If you do not control the end device or the end device doesn't support TURN, then the solution has to be 1) or 2). The 2) can be expensive and adds additional ongoing operations costs.
Note that you can put rtpproxy/rtpengine on a different system than kamailio. Also, there can be many of them, with kamailio doing sort of load balancing to distribute calls across all available rtpproxy/rtpengine instance.
The is an alternative by creating a VPN between end devices and core infrastructure, so everyone is in the network. However, all packets, including the RTP/media streams are relayed by the VPN server, so you still get the traffic in the core network.
Cheers, Daniel
On 08.05.18 08:29, Pinter, Gerd. wrote:
Hello Henning, hello Community
we are using high quality Codecs with bitrates up to 1500Kbit (PCM), but usually 128kbit (Mpeg1 Layer3 or AAC-LD). 128 is Not too much, but I want to be on the save side and therefore I prefer solution without Proxy. By the way I am audio engineer at a german commercial radio broadcast network and we try to establish our own "ISDN replacement-SIP Network" for reporting from events like Soccer Games, Karneval, Rock Concerts, Political Party Summits, Lawsuits... whatever. I want to keep frontend as simple as it gets for the reporter. Anyway, people told me that the SIP Server of "Mayah Communications" is working without the need of stun or other Client side gadgets, but I am also told that this Mayah server works without Proxy functions. That Company won't tell me their settings of course, but if possible I'd like to have this feature for our SIP Server. At the moment I have still vast problems with connectivity from Devices that are logged on via Vodafone Mobile Network. Even Stun does not work. I guess that CGNAT of Vodafone (All of the Devices I have tested within Vodafone allocate IP Addresses in private range!) opens different Ports for different outbound connections which is the case if I use a 3rd party Stun Server. I have read a lot about this issue these days and there is solution, but I am not too deep into scripting an how to edit the kamailio.cfg. For example, I tried to start Kamailio with Stun, but if I tried to use the built in Stun, I've got error messages on the Client and also in the logfile of the SIP Server (incomplete header of Stun message) Anyone can help, please?
Best regards Gerd
Von: Henning Westerholt hw@kamailio.org Gesendet: Montag, 7. Mai 2018 20:56 An: sr-users@lists.kamailio.org Cc: Pinter, Gerd. G.Pinter@radionrw.de Betreff: Re: [SR-Users] Connecting UAs behind Firewall/CgNat with Kamailio without using a Stun Server
Am Montag, 7. Mai 2018, 13:11:50 CEST schrieb Pinter, Gerd.:
Hi Won't RTP Proxy cause al lot of traffic? We only have 155mbit for all IT traffic, and our Sip Server also have to manage connections outbound our house, where I thought it might be better let those clients do the payload by peer to peer connection. If I got it right this traffic would flow thru our Sip server with RTP Proxy enabled. Thanks a lot
Hello Gerd, you understood it correctly, indeed using rtpengine/rtpproxy would mean routing additionally your RTP traffic to your network. Depending on the number of sessions and the used codec it may work perfectly, only with some QoS tuning or not at all. You can estimate the bandwith, there are also some calculators online. Best regards, Henning Westerholt
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users