We’re using the dispatcher with MySQL. Here’s the setid from kamcmd dispatcher.list, this dns resolves to the Asterisk local ip
10.2.5.206, are you saying I should use udp: instead of sip: for my DEST entry? Would that really make any difference?
SET: {
ID: 100
TARGETS: {
DEST: {
URI: sip:rtp-media.opm-media-namespace:5080?transport=DNS
FLAGS: AX
PRIORITY: 0
}
}
}
/M
From:
Daniel-Constantin Mierla <miconda@gmail.com>
Date: Thursday, 4 September 2025 at 09:05
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>, miconda@gmail.com <miconda@gmail.com>
Cc: Martin Nyström <martin.nystrom@connectel.se>
Subject: Re: [SR-Users] Re: Kamailio behind NAT
|
CAUTION: This email originated from outside the organization. Do not click links or open attachments
unless you recognize the sender and know the content is safe. |
In the dispatcher routing records, be sure you have the attribute socket=udp:localip:5080.
Cheers,
Daniel
On 03.09.25 13:03, Martin Nyström via sr-users wrote:
I did the suggested changes, I think. But the INVITE sent from Kamailio to Asterisk still holds the external advertised DNS in the RR.
Here’s the INVITE sent to Asterisk from Kamailio:
eth1 Out IP 10.3.124.192.5060 > 10.2.5.206.5080: SIP: INVITE sip:010xxxxxxx@sbc.coolcompany.com SIP/2.0
INVITE sip:010xxxxxxx@sbc.coolcompany.com SIP/2.0
Record-Route: <sip:sbc.coolcompany.com;lr;ftag=5914da19-6958-4b8f-b521-d74c78af6120>
Record-Route: <sip:sip-provider.com;lr=on>
Call-ID: GEWPF3PEVFCQNL7FLWOMPWVH5A@x.x.x.x
CSeq: 25896 INVITE
From: <sip:076xxxxxxx@sip-provider.com>;tag=5914da19-6958-4b8f-b521-d74c78af6120
To: <sip:010xxxxxxx@sbc.coolcompany.com>
Contact: <sip:0101388290@10.3.124.192:5080>
Via: SIP/2.0/UDP sbc.coolcompany.com:5060;branch=z9hG4bKb32c.739784aeb0177ad4d3e181098a071abb.0;rport
Via: SIP/2.0/UDP sip-provider.com;branch=z9hG4bKb32c.79821495565acb8af61a7ebecb22b26d.0
Via: SIP/2.0/UDP sip-provider.com:5060;branch=z9hG4bK-323035-3a9c396118a108606e6234ff3013ed5b
Max-Forwards: 67
Content-Type: application/sdp
User-Agent: XXXX
Content-Length: 293
Asterisk attempts to reply to the BYE on the external IP:
<--- Transmitting SIP request (616 bytes) to UDP:sbc.coolcompany.com:5060 --->
BYE sip:010xxxx@10.3.124.192:5080 SIP/2.0
Via: SIP/2.0/UDP 10.2.5.206:5080;rport;branch=z9hG4bKPj917dd0c5-192b-457d-ae1a-ef693895e0c7
From: <sip:010xxxxx@sbc.coolcompany.com>;tag=1f88f783-83a4-419f-a7c3-3c37a40dada6
To: <sip:076xxxxxx@sip-provider.com>;tag=3c6c6d47-8beb-4c71-a829-15138869defd
Call-ID: 2XKUHXTUNNC7HPW7BFTI3TMT2E@x.x.x.x
CSeq: 25915 BYE
Route: <sip:sbc.coolcompany.com;lr;ftag=3c6c6d47-8beb-4c71-a829-15138869defd>
Route: <sip:x.x.x.x;lr>
Reason: Q.850;cause=16
Max-Forwards: 70
User-Agent: xxxx
Content-Length: 0
Here’s again my dumbed down CFG with changes:
debug=2
log_stderror=yes
fork=yes
tcp_accept_no_cl=yes
onsend_route_reply=yes
pv_buffer_size=2048
enable_tls=1
listen=udp:<LOCAL_IP>:5060 advertise <DOMAIN>:5060
listen=tcp:<LOCAL_IP>:5060 advertise <DOMAIN>:5060
listen=tls:<LOCAL_IP>:5061 advertise <DOMAIN>:5061
# INFO: Asterisk gateway listening
listen=udp:<LOCAL_IP>:5080
listen=tcp:<LOCAL_IP>:5080
listen=tls:<LOCAL_IP>:5081
local_rport=on
mpath="/usr/local/lib/kamailio/modules_k/:/usr/lib/x86_64-linux-gnu/kamailio/modules/"
loadmodule "rr.so"
modparam("rr", "force_send_socket", 1)
route {
route(FROM_PROVIDER);
exit;
}
route[RELAY] {
if(!t_relay()) {
sl_reply_error();
}
exit;
}
route[FROM_PROVIDER] {
# INFO: The Asterisk
ds_select_dst(100, 4);
if(!has_totag()) {
record_route();
}
route(RELAY);
exit;
}
/M
From: Martin Nyström <martin.nystrom@connectel.se>
Date: Wednesday, 3 September 2025 at 10:59
To: miconda@gmail.com <miconda@gmail.com>, Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] Kamailio behind NATUsing a different port for Asterisk is not a bad idea. I might just try that. I will return with the results or any follow up questions.
/M
From: Daniel-Constantin Mierla <miconda@gmail.com>
Date: Wednesday, 3 September 2025 at 10:54
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Cc: Martin Nyström <martin.nystrom@connectel.se>
Subject: Re: [SR-Users] Kamailio behind NAT
CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hello,
the simplest way is to listen on another port (e.g., 5080) and use that socket to communicate with Asterisk. For that listen parameter, do not set the advertise address. You can use $fs or force_send_socket() to specify the socket to be used for sending out to Asterisk.
The alternative is to play in the config file with the function of the rr module that allow you to set the address in the Record-/Route headers, but it may increase the complexity of the config.
Cheers,
Daniel
On 03.09.25 10:42, Martin Nyström via sr-users wrote:
Hello,
I am not successful in my attempts to configure my Kamailio to work behind NAT.
The flow of an incoming call is Provider (Internet) -> AWS LoadBalancer -> Kamailio -> Asterisk
Both the Kamailio and Asterisk is on the internal network. The issue I am having is that I need to add Record-Route to the traffic sent back towards the provider, but not to the Asterisk. Currently when I add the record_route() the header is sent to Asterisk which makes it reply to the Kamailio advertised external address for ACKs, BYEs etc.
I have dumbed down my Kamailio config as much as possible for this, to show what I am currently doing.
debug=2
log_stderror=yes
fork=yes
tcp_accept_no_cl=yes
onsend_route_reply=yes
pv_buffer_size=2048
enable_tls=1
listen=udp:<LOCAL_IP>:5060 advertise <EXTERNAL_DOMAIN>:5060
listen=tcp:<LOCAL_IP>:5060 advertise <EXTERNAL_DOMAIN>:5060
listen=tls:<LOCAL_IP>:5061 advertise <EXTERNAL_DOMAIN>:5061
local_rport=on
mpath="/usr/local/lib/kamailio/modules_k/:/usr/lib/x86_64-linux-gnu/kamailio/modules/"
# MODULES
loadmodule "..."
route {
route(FROM_PROVIDER);
}
route[RELAY] {
if(!t_relay()) {
sl_reply_error();
}
exit;
}
route[FROM_PROVIDER] {
# The Asterisk that should not receive the external dns in the record route headerds_select_dst(100, 4);
# INFO: This adds the Record-Route in all directions
if(!has_totag()) {
record_route();
}
route(RELAY);
exit;
}
/M
__________________________________________________________Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.orgTo unsubscribe send an email to sr-users-leave@lists.kamailio.orgImportant: keep the mailing list in the recipients, do not reply only to the sender!
--Daniel-Constantin Mierla (@ asipto.com)twitter.com/miconda -- linkedin.com/in/micondaKamailio Consultancy, Training and Development Services -- asipto.com
__________________________________________________________Kamailio - Users Mailing List - Non Commercial Discussions -- sr-users@lists.kamailio.orgTo unsubscribe send an email to sr-users-leave@lists.kamailio.orgImportant: keep the mailing list in the recipients, do not reply only to the sender!
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com