Good morning Daniel,
If RTPEngine is on the same server as Kamailio (Asterisk being on another server), and RTP traffic is sent to and from RTPEngine, then the provider only needs to whitelist one IP-Address. I thought with RTPEngine that all RTP traffic would go through it and then it would pass it on to the correct destination. Is this correct?
Thank you
-----Original Message----- From: sr-users sr-users-bounces@lists.kamailio.org On Behalf Of Daniel Tryba Sent: Thursday, August 23, 2018 4:36 AM To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Subject: Re: [SR-Users] Struggling with RTPProxy and RTPEngine
MITRE WARNING: Do not open unexpected password-protected attachments.
Email originates from a non-MITRE system. Use caution.<<<
On Wed, Aug 22, 2018 at 05:05:02PM +0000, Wilkins, Steve wrote:
The SIP traffic is working this way for me but I still see RTP traffic going directly from Asterisk to the UAC, which means they need to whitelist asterisk IP. Am I missing something?
In what sense do they need whitelisting? In a common NATed solution where is no white/blacklist needed. UA gets RTP endpoints from SDP, starts sending packets to ip/port and the destination will send back packets to the source ip/port, the router/firewall will just send this to the actual UA. I have yet to find an UA that cares about where the RTP stream is coming from with regards to the SIP traffic.
On Thu, Aug 23, 2018 at 11:39:32AM +0000, Wilkins, Steve wrote:
Yes it is, if you tell kamailio to rewrite SDP by calling rtpengine functions.
During your previous messages I never got the idea you were talking about an uplink/provider interconnect (might be me just skimming your mails). But without a config (of kamailio and rtpengine and a clear network topology) it is not possible to tell what the problem is.
The standard config in the kamailio repo does NAT checks before calling rtpengine, if you scrap those conditions it will trigger rtpengine on all calls.
-
Daniel Tryba -
Wilkins, Steve