Hi Greger,
I see your idea, nd I like it :-)
-A
* Greger V. Teigre greger@teigre.com [051110 08:36]:
Atle, Thanks for pointing this out, I was exhausted ;-) after my long email. We have received requests for this feature at onsip.org a few times. The reason why we haven't added it is exactly the issue you point out. We have at one point talked about adding an Appendix to the Getting Started document called "Suggestions for additions and changes to your ser.cfg" where things like this can be documented separately. People can then add the feature to their configs themselves if they like. g-)
----- Original Message ----- From: "Atle Samuelsen" clona@cyberhouse.no To: "Greger V. Teigre" greger@teigre.com Cc: "Noel Sharpe" noels@radnetwork.co.uk; "'SER Users'" serusers@lists.iptel.org Sent: Thursday, November 10, 2005 8:19 AM Subject: Re: [Serusers] UA's behind the same NAT
Hi Noel,
Just a tought, (dont know if your users does this, but just to lighten the aera)
what happens if there is a double NAT here, and you say, that users behind the same nat (atleast with the logic G wrote) they would have the same source-ip and the same ruri ip, but would'nt be on the same physical lan..
see setup : B C NAT-->UA2 A / ser - NAT \ NAT -->UA1 D E
A= Public IP B= NAT1's public IP C= NAT1's Local Subnet D= NAT2's public ip E= NAT2's Local subnet
The from would look like: (ua2) from:blablasip:UA2@C (UA1) from:blublusip:UA1@E
e.request-uri would be : (UA2) sip:ua2@A (UA1) sip:ua1@a
SourceIP for both request's would be A, So, you cant really (by this) know if UA1 and UA2 is behind the same nat, esesially if there is a double, or triple or so...
-Atle
- Greger V. Teigre greger@teigre.com [051110 07:50]:
Noel, If you send the config showing how you do it, it will be easier to comment. :-)
In general, what you should do is this:
- Starting from onsip.org configs, there are three locations you need to
change: route[4] NAT Traversal, loose route handling and onreply
- I suggest creating a new route block where you test the src_ip of the
message against the looked up location of ruri/domain, i.e. this only works after a successful lookup("location") has been done. This should be the (untested) code snippet: avp_write("$ruri/domain", "i:624"); if (avp_check("i:624","eq/$src_ip")) { setflag(SAME_NAT); } (NOTE: I'm not sure about how avp_write will handle $ruri/domain as :port is at the end of the domain for ruri after a lookup. You should probably turn on debugging and use avp_print)
- Then run the test from the NAT traversal route, as well as the loose
route (not in onreply) and check for the flag before doing force_rtp_proxy
- In onreply add && !isflagset(SAME_NAT) to the NAT if test
No guarantees... This has not been tested. However, if you can report that it works (or whatever was wrong), I will submit the code piece as a suggestion for the ONsip.org Getting Started document. g-)
----- Original Message ----- From: "Noel Sharpe" noels@radnetwork.co.uk To: "'SER Users'" serusers@lists.iptel.org Sent: Wednesday, November 09, 2005 9:15 PM Subject: [Serusers] UA's behind the same NAT
Hi All
I am trying to improve my proxy setup to force clients behind the same NAT device to connect each other directly. My setup is fairly complex, (rtpproxy / NAT Helper, PSTN gateways, different peers etc) but it's loosely based on the OnSip.org setup. The current config works correctly for all clients, whether behind a NAT or not, but I'd prefer not to have to use RTP proxy to allow UA's on the same nat to contact each other. I've seen the document from the AVPops module, but I can't get the example to work. I think the problem is WHERE I put the avpops config. As this works on FWD, I think it's possible. Has anyone got this working?
Noel
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers