Re: [SR-Users] FW: Client site NAT negotiation with no STUN.

14 Feb 2014


      Lol,
Thanks Daniel! I was concerned my art may get munged, I was using a mobile device to write the original message and was kind of hoping it would have used a monospaced fonts.... go windows phone.
Anyway, I've had a look at the change you've suggested, unfortunately it seems to have made little difference and the RTP proxy is still trying to send traffic to the client SIPPhones private ip address and not the firewall.
It's probably worth clarifying (seen as the diagram got mangled)  that I don't have an RTPproxy at our client site only in our data centre paid with our kamailio.
Here's another attempt at the diagram this looks like it's going in munged but we'll see I guess:
-------------                        
                                                     -------|  RTPproxy   |------                 
 ---------          ---------                        |       -------------      |      ---------- 
|SIP Phone|--------|Firewall |---------internet-------------|  kamailio   |-----------|Freeswitch|
 ---------          ---------                                -------------             ----------
Any other suggestions?
-----Original Message-----
From: sr-users-bounces@lists.sip-router.org [mailto:sr-users-bounces@lists.sip-router.org] On Behalf Of Daniel Tryba
Sent: 14 February 2014 09:45
To: sr-users@lists.sip-router.org
Subject: Re: [SR-Users] FW: Client site NAT negotiation with no STUN.
On Friday 14 February 2014 10:18:07 Rob Moore wrote:
...
(please excuse the beautiful ASCI art)
You failed, it's not beatifull, it's a mess (be sure to use a monospaced font and spaces when drawing ASCII art (since not all clients use monospaced to display it will always fail in some clients)). See http://lists.sip-router.org/pipermail/sr-users/2014-February/081601.html
for the result as I've seen your art :)
...
Can anyone suggest any other potential methods for getting around this 
problem?
I learned to never trust anything a client tells me in a SIP message, forcing all rtp through the rtpproxy only leaves firewall issues at the client IMHO. 
On an SBC kind of setup just always call rtpproxy_manage() regardless wheter you detect a natted client.
In the "default" kamailio.conf just move rtpproxy_manage in the route[NATMANAGE] to the beginning of the route (the f to use the local rtpproxy even if an other rtpproxy is detected)
# RTPProxy control
route[NATMANAGE] {
#!ifdef WITH_NAT
    rtpproxy_manage("f");
    
    if (is_request()) {
....
-- 

POCOS B.V. - Croy 9c - 5653 LC Eindhoven
Telefoon: 040 293 8661 - Fax: 040 293 8658
http://www.pocos.nl/   - http://www.sipo.nl/
K.v.K. Eindhoven 17097024

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [SR-Users] FW: Client site NAT negotiation with no STUN.