Hi there, I have a question concerning the following situation: One client makes a call to another client in the same (private) LAN over a SER located in the public network. It is easy to check if both clients are behind the same NAT. So one can avoid using the mediaproxy and therefore the mediastream stays in the local LAN.
But there is a problem if one client uses STUN to detect the outbound IP of the NAT-Box and changes the IP-Address of his SDP body to the outbound IP-address of the NAT-Box. The original local IP-Address ist lost. This value must be recovered by SER - otherwise the RTP-stream of this local connection is relayed over the public internet. I managed getting the original IP-Address (external script which extracts the IP-Addr from the Call-ID header, if it is there...) and store it persistant in the Location Database.
My question: How is it possible to mangle the SDP-body by SER with the sdp_mangle_ip() - function and a non static argument. I have to use this function with an argument given by an external script. Is it possible or does anybody know another possibility to get rid of this mess? regards, Philipp
Hi,
On Tuesday 15 February 2005 23:37, Alexander Philipp Lintenhofer wrote:
Hi there, I have a question concerning the following situation: One client makes a call to another client in the same (private) LAN over a SER located in the public network. It is easy to check if both clients are behind the same NAT. So one can avoid using the mediaproxy and therefore the mediastream stays in the local LAN.
are you sure that it is easy? How do you detect if a UA is NATed twice (or even more times) or not? Just because two UAs have the same external IP does not mean that they are in same (local) network.
Greetings Nils
are you sure that it is easy? How do you detect if a UA is NATed twice (or even more times) or not? Just because two UAs have the same external IP does not mean that they are in same (local) network.
I save the original IP-Address in a second location database and compare the network parts of caller and callee in addition to the value of the outbound ip-address. This really does not work if they are natted 3 times and the first and third have the same RFC1918 net-class. But i don't mention this case - the probability is really low.
Nils Ohlmeier schrieb:
Hi,
On Tuesday 15 February 2005 23:37, Alexander Philipp Lintenhofer wrote:
Hi there, I have a question concerning the following situation: One client makes a call to another client in the same (private) LAN over a SER located in the public network. It is easy to check if both clients are behind the same NAT. So one can avoid using the mediaproxy and therefore the mediastream stays in the local LAN.
are you sure that it is easy? How do you detect if a UA is NATed twice (or even more times) or not? Just because two UAs have the same external IP does not mean that they are in same (local) network.
Greetings Nils
And how does it behave in this situation?
1.2.3.4 NAT / \ 10.0.0.2 10.0.0.3 NAT NAT / \ 192.168.0.2 192.168.0.2
The clients have the same "public IP address" 1.2.3.4 and the same local IP address.
IMO getting back the local IP address. The client peforms NAT traversal and you are going to revert the NAT traversal. Even if you can recover the IP address from the call-id, how do you find out the local RTP port if the client uses stun?
regards, klaus
Alexander Philipp Lintenhofer wrote:
are you sure that it is easy? How do you detect if a UA is NATed twice (or even more times) or not? Just because two UAs have the same external IP does not mean that they are in same (local) network.
I save the original IP-Address in a second location database and compare the network parts of caller and callee in addition to the value of the outbound ip-address. This really does not work if they are natted 3 times and the first and third have the same RFC1918 net-class. But i don't mention this case - the probability is really low.
Nils Ohlmeier schrieb:
Hi,
On Tuesday 15 February 2005 23:37, Alexander Philipp Lintenhofer wrote:
Hi there, I have a question concerning the following situation: One client makes a call to another client in the same (private) LAN over a SER located in the public network. It is easy to check if both clients are behind the same NAT. So one can avoid using the mediaproxy and therefore the mediastream stays in the local LAN.
are you sure that it is easy? How do you detect if a UA is NATed twice (or even more times) or not? Just because two UAs have the same external IP does not mean that they are in same (local) network.
Greetings Nils
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Alexander Philipp Lintenhofer wrote:
Hi there, But there is a problem if one client uses STUN to detect the outbound IP of the NAT-Box and changes the IP-Address of his SDP body to the outbound IP-address of the NAT-Box. The original local IP-Address ist lost. This value must be recovered by SER - otherwise the RTP-stream of this local connection is relayed over the public internet. I managed
By using STUN and the public IP address, the call does not goes into the public internet - only to the NAT-box and back into the LAN. btw: this works only if the NAT box supports "hairpin of media". If not, you also have to use an RTP proxy.
regards, klaus
-
Alexander Philipp Lintenhofer -
Klaus Darilion -
Nils Ohlmeier