This might help you, you need to set directions (as suggested)

https://github.com/davidcsi/kamailio-private-public/blob/master/kamailio.cfg#L1220


On Sun, 23 May 2021 at 11:22, M Arqum CH <marqumch@gmail.com> wrote:
Hi Mehai, 

Bind rtpengine with local ip as well. 

use direction flags  in  rtpengine_offer function .  https://kamailio.org/docs/modules/5.2.x/modules/rtpengine.html#rtpengine.f.rtpengine_offer

From Rtpenigne Doc:

direction

Contains a list of two strings and corresponds to the rtpproxy e and i flags. Each element must correspond to one of the named logical interfaces configured on the command line (through --interface). For example, if there is one logical interface named pub and another one named priv, then if side A (originator of the message) is considered to be on the private network and side B (destination of the message) on the public network, then that would be rendered within the dictionary as:

  { ..., "direction": [ "priv", "pub" ], ... }

Cheers,
Arqum

On Fri, May 21, 2021 at 10:39 PM Mihai Cezar <cezar@mokalife.ro> wrote:
Hi All,

I've been using Kamailio as a proxy for asterisk (with public ips),
everything was fine  until i've changed the setup to private ips for
asterisk.

What I did so far:
- Kamailio and rtpengine are on a box with 1 public IP.
- Asterisk containers on private ips each asterisk has 2 trunks (
1trunk voip provider 1trunk the Proxy).

What works:
- Proxy registrations and sip signaling works.

What it does not  work:
- On the asterisk I got only on rtp connexion, my guess is that has
something to do with the SDP, asterisk put the private ip in the SDP
header.

RTPengine is configured using this guide https://github.com/sipwise/rtpengine

Can you have a look at the kamailio config, i think i am missing
something or do something wrong.

Thank you!

command to start was:
rtpengine --table=42 --listen-ng=127.0.0.1:2223
--interface=public/110.20.20.1 --tos=184 --pidfile=/run/rtpengine.pid
--no-fallback

and the Kamailio cfg is this:

#!KAMAILIO

#!define FLT_ACC 1
#!define FLT_ACCMISSED 2
#!define FLT_ACCFAILED 3
#!define FLT_FS 10

#!define FLT_NATS 5
#!define FLB_NATB 6
#!define FLB_NATSIPPING 7

#!define WITH_DEBUG
#!define WITH_NAT


## This is the main configuration file for our proxy!

####### Global Parameters #########

#!ifdef WITH_DEBUG
debug=4
memdbg=5
memlog=5
log_stderror=yes
disable_core_dump=no
sip_warning=yes
#!else
debug=-0
log_stderror=no
sip_warning=no
disable_core_dump=yes
#!endif

log_facility=LOG_LOCAL0

fork=yes
children=8
auto_aliases=no
port=5060
disable_tcp=yes

server_id = 1
server_signature=yes
server_header="Server: proxy"

dns_try_ipv6=no
dns_try_naptr=no
dns_retr_time=1
dns_retr_no=1
rev_dns=no

####### Modules Section ########

#loadmodule "db_mysql.so"
loadmodule "jsonrpcs.so"
loadmodule "kex.so"
loadmodule "corex.so"
loadmodule "tm.so"
loadmodule "tmx.so"
loadmodule "sl.so"
loadmodule "rr.so"
loadmodule "pv.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "siputils.so"
loadmodule "xlog.so"
loadmodule "sanity.so"
loadmodule "ctl.so"
loadmodule "acc.so"
loadmodule "dispatcher.so"
loadmodule "path.so"
loadmodule "nathelper.so"
loadmodule "rtpengine.so"


####### Modules Settings
# ----------------- setting module-specific parameters ---------------

modparam("xlog", "buf_size", 4096)
modparam("xlog", "prefix", "xlog: ")
modparam("xlog", "log_facility", "LOG_DAEMON")
modparam("xlog", "log_colors", "L_ERR=cr")
modparam("xlog", "log_colors", "L_ERR=cr;L_WARN=px")

# ----- jsonrpcs params -----
modparam("jsonrpcs", "pretty_format", 1)

# ----- tm params -----
modparam("tm", "failure_reply_mode", 3)
modparam("tm", "fr_timer", 30000)
modparam("tm", "fr_inv_timer", 120000)

# ----- rr params -----
modparam("rr", "enable_full_lr", 1)
modparam("rr", "append_fromtag", 0)

#!ifdef WITH_NAT
modparam("nathelper", "received_avp", "$avp(RECEIVED)")
modparam("nathelper", "nortpproxy_str", "a=sdpmangled:yes\r\n")
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
modparam("nathelper", "sipping_from", "sip:pinger@proxy")

# params needed for NAT traversal in other modules
modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
modparam("usrloc", "nat_bflag", FLB_NATB)

modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:2223")
modparam("rtpengine", "rtpengine_retr", 2)
modparam("rtpengine", "hash_table_size", 256)
modparam("rtpengine", "hash_table_tout", 600)
#!endif

# ----- registrar params -----
modparam("registrar", "method_filtering", 1)
modparam("registrar", "append_branches", 0)
modparam("registrar", "max_expires", 3600)
modparam("registrar", "gruu_enabled", 1)

# ----- acc params -----
modparam("acc", "early_media", 0)
modparam("acc", "report_ack", 0)
modparam("acc", "report_cancels", 0)
modparam("acc", "detect_direction", 0)
modparam("acc", "log_flag", FLT_ACC)
modparam("acc", "log_missed_flag", FLT_ACCMISSED)
modparam("acc", "log_extra",
"src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd;src_ip=$si")
modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)

# ----- dispatcher params -----
modparam("dispatcher", "list_file", "/etc/kamailio/plugins/dispatcher.list")
modparam("dispatcher", "xavp_dst", "_dsdst_")
modparam("dispatcher", "xavp_ctx", "_dsctx_")
modparam("dispatcher", "ds_ping_from", "sip:ping@proxy")
modparam("dispatcher", "ds_probing_mode", 1)

modparam("path", "use_received", 1)


####### Routing Logic ###########
# main request routing logic

request_route {

    # per request initial checks
    route(REQINIT);

    # NAT detection
    route(NATDETECT);

    if(ds_is_from_list()) {
            setflag(FLT_FS);
    }

    # CANCEL processing
    if (is_method("CANCEL")) {
        rtpengine_delete();
        if (t_check_trans()) {
            route(RELAY);
        }
        exit;
    }

    # handle retransmissions
    if (!is_method("ACK")) {
        if(t_precheck_trans()) {
            t_check_trans();
            exit;
        }
        t_check_trans();
    }

    # handle requests within SIP dialogs
    route(WITHINDLG);

    if (isflagset(FLT_FS)) {
            route(FROM_WORLD);
            exit;
    }

    ### only initial requests (no To tag)

    # record routing for dialog forming requests (in case they are routed)
    # - remove preloaded route headers
    remove_hf("Route");
    if (is_method("INVITE|SUBSCRIBE")) {
        record_route();
    }

    # account only INVITEs
    if (is_method("INVITE")) {
        setflag(FLT_ACC); # do accounting
        sl_send_reply("100","Trying");
    }

    # handle presence related requests
    route(PRESENCE);

    # handle registrations
    route(REGISTRAR);

    if ($rU==$null) {
        # request with no Username in RURI
        sl_send_reply("484","Address Incomplete");
        exit;
    }

    # dispatch destinations
    route(DISPATCH);
}

route[FROM_WORLD]
{
        record_route();
        route(RELAY);
        exit;
}

route[RELAY] {
    if (!t_relay()) {
        sl_reply_error();
    }

    if (!add_path()) {
        sl_send_reply("503", "Internal Path Error");
    }

    if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) {
        if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH");
    }
    if (is_method("INVITE|SUBSCRIBE|UPDATE")) {
        if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY");
    }
    if (is_method("INVITE")) {
        if(!t_is_set("failure_route")) t_on_failure("MANAGE_FAILURE");
    }

    if (has_body("application/sdp")) {
            rtpengine_manage();
    }

    append_hf("Supported: path\r\n");
    exit;
}

# Per SIP request initial checks
route[REQINIT] {

    if (!mf_process_maxfwd_header("10")) {
        sl_send_reply("483","Too Many Hops");
        exit;
    }

    if(is_method("OPTIONS") && uri==myself && $rU==$null) {
        sl_send_reply("200","Keepalive");
        exit;
    }

    if(!sanity_check("1511", "7")) {
        xlog("L_WARN","Malformed SIP message from $si:$sp\n");
        exit;
    }
}

# Handle requests within SIP dialogs
route[WITHINDLG] {
    if (has_totag()) {
        # sequential request withing a dialog should
        # take the path determined by record-routing
        if (loose_route()) {
            if (is_method("BYE")) {
                rtpengine_delete();
                setflag(FLT_ACC); # do accounting ...
                setflag(FLT_ACCFAILED); # ... even if the transaction fails
            } else if ( is_method("ACK") ) {
                # ACK is forwarded statelessly
                route(NATMANAGE);
            } else if ( is_method("NOTIFY") ) {
                # Add Record-Route for in-dialog NOTIFY as per RFC 6665.
                record_route();
            }
            route(RELAY);
            # exit;

        } else {

            if (is_method("SUBSCRIBE") && uri == myself) {
                # in-dialog subscribe requests
                route(PRESENCE);
                exit;
            }
            if ( is_method("ACK") ) {
                if ( t_check_trans() ) {
                    # non loose-route, but stateful ACK; must be ACK
after a 487 or e.g. 404 from upstream server
                    t_relay();
                    exit;
                } else {
                    # ACK without matching transaction ... ignore and discard.
                    exit;
                }
            }
            sl_send_reply("404","Not here");
        }
        exit;
    }
}

# Handle SIP registrations
route[REGISTRAR] {

    if(!is_method("REGISTER"))
        return;

    if(isflagset(FLT_NATS)) {
        setbflag(FLB_NATB);
    }

    if (!add_path_received()) {
        sl_send_reply("503", "Internal Path Error");
    };

    route(DISPATCH);
}

# Presence server route
route[PRESENCE] {
    if(!is_method("PUBLISH|SUBSCRIBE"))
        return;

    sl_send_reply("404", "Not found");
    exit;
}


# Dispatch requests
route[DISPATCH] {
    # to add more servers in k8s
    if (!ds_select_dst("1", "4")) {
                    send_reply(503, "Service Unavailable $fd");
                    exit;
    }

    t_on_failure("RTF_DISPATCH");
    route(RELAY);
    exit;
}

# Caller NAT detection
route[NATDETECT] {
#!ifdef WITH_NAT
     if (nat_uac_test("3")) {
               if (is_method("REGISTER")) {
                           xlog("L_WARN", "natdetect
fix_nated_register ip: $si\n");
                       fix_nated_register();
               } else {
                           xlog("L_WARN", "natdetect set_contact_alias
ip: $si\n");
                       fix_nated_contact();
               }
               force_rport();
       }
       if (has_body("application/sdp") && nat_uac_test("8")) {
               xlog("L_WARN", "sdp fix ip: $si\n");
               fix_nated_sdp("10");
       }
#!endif
    return;
}

# RTPProxy control and signaling updates for NAT traversal
route[NATMANAGE] {
#!ifdef WITH_NAT
        if (is_request()) {
                if(has_totag()) {
                        if(check_route_param("nat=yes")) {
                                setbflag(FLB_NATB);
                        }
                }
        }
        if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB))) return;

        if(nat_uac_test("8")) {
            xlog("L_WARN", "nat_uac_test 1...");
            rtpengine_manage("replace-origin
replace-session-connection direction=public ICE=force");
        } else {
            xlog("L_WARN", "nat_uac_test addrtp...");
            rtpengine_manage("codec-strip-all codec-transcode-PCMA
codec-transcode-PCMU codec-transcode-G729 replace-origin
replace-session-connection direction=public ICE=force ");
        }

        if (is_request()) {
                if (!has_totag()) {
                        if(t_is_branch_route()) {
                                add_rr_param(";nat=yes");
                        }
                }
        }
        if (is_reply()) {
                if(isbflagset(FLB_NATB)) {
                        if(is_first_hop())
                                set_contact_alias();
                }
        }
#!endif
        return;
}

# Manage outgoing branches
branch_route[MANAGE_BRANCH] {
    xlog("L_WARN", "new branch [$T_branch_idx] to $ru\n");
    route(NATMANAGE);
}

# Manage incoming replies
onreply_route[MANAGE_REPLY] {
        xlog("L_WARN", "incoming reply\n");

        if(status=~"[12][0-9][0-9]") {
                route(NATMANAGE);
        }
        if (has_body("application/sdp")) {
                rtpengine_manage();
        }

}

onreply_route[REPLY_ROUTE] {
    if(status=~"2[0-9][0-9]") {
        rtpengine_answer("replace-session-connection replace-origin");
    }
    if (has_body("application/sdp")) {
        rtpengine_offer();
    }
}

# Manage failure routing cases
failure_route[MANAGE_FAILURE] {
    xlog("L_WARN", "failure route\n");
    route(NATMANAGE);
    if (t_is_canceled()) exit;
}

# Try next destionations in failure route
failure_route[RTF_DISPATCH] {
    if (t_is_canceled()) {
        exit;
    }
    # next DST - only for 500 or local timeout
    if (t_check_status("500")
            or (t_branch_timeout() and !t_branch_replied())) {
        if(ds_next_dst()) {
            xlog("Retrying to <$ru> via <$du> (attrs:
$xavp(_dsdst_=>attrs))\n");
            t_on_failure("RTF_DISPATCH");
            route(RELAY);
            exit;
        }
    }
}

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users


--
Regards
M Arqum
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Regards,

David Villasmil
email: david.villasmil.work@gmail.com
phone: +34669448337