Hello,

 

We have a transparent proxy in front of Asterisk boxes. The media is handled by rtpengine, and the „manage” work is done by Kamailio in the route[NATMANAGE] section like this:

 

        if(nat_uac_test("8")) {

 

 

                # Packet from backend server

                if(ds_is_from_list()){

                    if (rtpengine_manage("replace-origin replace-session-connection direction=internal direction=pub")) {

                        xdbg("NATMANAGE --- Success rtpengine_manage() RTP from INTERNAL to EXTERNAL $ru");

                    }

                }

                else

                {

                    if (rtpengine_manage("replace-origin replace-session-connection direction=pub direction=internal")) {

                        xdbg("NATMANAGE --- Success rtpengine_manage() RTP from EXTERNAL to INTERNAL $ru");

                    }

                }

 

        } else {

 

                # Packet from backend server

                if(ds_is_from_list()){

                    if (rtpengine_manage("replace-origin replace-session-connection trust-address direction=internal direction=pub")) {

                        xdbg("NATMANAGE --- Success rtpengine_manage() RTP from INTERNAL to EXTERNAL $ru");

                    }

                }

                else

                {

                    if (rtpengine_manage("replace-origin replace-session-connection trust-address direction=pub direction=internal")) {

                        xdbg("NATMANAGE --- Success rtpengine_manage() RTP from EXTERNAL to INTERNAL $ru");

                    }

                }

 

        }

 

Everything is working fine, but with some clients (like Grandstream phone) the RTCP session wants to go tot he private address of the phone. Here is the log of one of these strange calls:

 

Apr 27 16:54:38 rtp1 rtpengine[2273]: INFO: [312ed76c31f21b71452e91e5184ad25b@172.16.2.210:5060]: [core] --------- Port  178.238.213.14:11088 <>    81.183.216.3:5068 , SSRC 77c19488, 625 p, 107500 b, 0 e, 29 ts

Apr 27 16:54:38 rtp1 rtpengine[2273]: INFO: [312ed76c31f21b71452e91e5184ad25b@172.16.2.210:5060]: [core] --------- Port  178.238.213.14:11089 <>      10.0.5.192:5069  (RTCP), SSRC 0, 0 p, 0 b, 0 e, 43 ts

 

As you can see the RTP itself is okay, but the RTCP will somehow go to the private address. If we tracing the sdp messages in sngrep, then we can see that Kamailio transforming IP addresses for the backend servers to the public (and the private address of the rtpengine) addresses.

 

We are missing something?

 

Thank you!

With kind regards,

Zoltan