dear users can i get the RTPPROXY runing in another PC, maybe in a CO-located PC in another country. all for the expensive cost of internet in mine. or maybe i need to move all , the server and the rtpproxy module to another PC ??? if yes, how can be done ?? some examples will be apreciates. Regards
Gustavo Villegas
Hi Gustavo,
You can set UDP connection between SER and RTPROXY if you want to have it on a different machine. Anyhow, I would say it's a little bit dangerous if the IP distance between is big, since the protocol used to control RTPPROXY wasn't design for this case. But you can give it a try :-)
Best regards, Marian
Gustavo Villegas wrote:
dear users can i get the RTPPROXY runing in another PC, maybe in a CO-located PC in another country. all for the expensive cost of internet in mine. or maybe i need to move all , the server and the rtpproxy module to another PC ??? if yes, how can be done ?? some examples will be apreciates. Regards
Gustavo Villegas
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
We run ser on a server in one hosting center and we have the rtpproxy located locally where subscribers are. All ser-rtpproxy communications are run inside an ipsec tunnel using udp. Both for security reasons and stability, I recommend using ipsec. We have experienced no problems whatsoever with this setup.
This is the nathelper setup: modparam("nathelper", "rtpproxy_sock", "udp:10.192.0.5:22222")
Note that 10.192.0.5 is the private address of the server running the rtpproxy and you must start up rtpproxy to listen to UDP (rtpproxy -l 10.192.0.5 -s udp:*). You can of course also configure the ipsec tunnel on each side to route traffic to the other server's public address through the ipsec tunnel and thus avoid using private addresses. However, if you do use a private address (a more typical ipsec scenario), you need to tell rtpproxy which public IP address to use when rewriting SDP (10.192.0.5 would normally be used). I have submitted (to this list) a patch for rtpproxy where you can specify the public address on rtpproxy's command line. I have also sent the patch to Maxim. I have seen that he is preparing several updates to nathelper and rtpproxy now, and I hope he will include my patch also.
With the patch you start rtpproxy with: -l 10.192.0.5 -i public_ip -s udp:* g-)
Marian Dumitru wrote:
Hi Gustavo,
You can set UDP connection between SER and RTPROXY if you want to have it on a different machine. Anyhow, I would say it's a little bit dangerous if the IP distance between is big, since the protocol used to control RTPPROXY wasn't design for this case. But you can give it a try :-) Best regards, Marian
Gustavo Villegas wrote:
dear users can i get the RTPPROXY runing in another PC, maybe in a CO-located PC in another country. all for the expensive cost of internet in mine. or maybe i need to move all , the server and the rtpproxy module to another PC ??? if yes, how can be done ?? some examples will be apreciates. Regards
Gustavo Villegas
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi Greger,
Indeed, with your scenario you solve the biggest problem of a remote rtpproxy, which is reliability, by using an ipsec tunnel. So, if I get it right, you use a private address for control communication and a public one for the media relaying. If so, why don't you just do : rtpproxy -s udp:private_ip -l public_ip
Best regards, Marian
Greger V. Teigre wrote:
We run ser on a server in one hosting center and we have the rtpproxy located locally where subscribers are. All ser-rtpproxy communications are run inside an ipsec tunnel using udp. Both for security reasons and stability, I recommend using ipsec. We have experienced no problems whatsoever with this setup.
This is the nathelper setup: modparam("nathelper", "rtpproxy_sock", "udp:10.192.0.5:22222")
Note that 10.192.0.5 is the private address of the server running the rtpproxy and you must start up rtpproxy to listen to UDP (rtpproxy -l 10.192.0.5 -s udp:*). You can of course also configure the ipsec tunnel on each side to route traffic to the other server's public address through the ipsec tunnel and thus avoid using private addresses. However, if you do use a private address (a more typical ipsec scenario), you need to tell rtpproxy which public IP address to use when rewriting SDP (10.192.0.5 would normally be used). I have submitted (to this list) a patch for rtpproxy where you can specify the public address on rtpproxy's command line. I have also sent the patch to Maxim. I have seen that he is preparing several updates to nathelper and rtpproxy now, and I hope he will include my patch also.
With the patch you start rtpproxy with: -l 10.192.0.5 -i public_ip -s udp:* g-)
Marian Dumitru wrote:
Hi Gustavo,
You can set UDP connection between SER and RTPROXY if you want to have it on a different machine. Anyhow, I would say it's a little bit dangerous if the IP distance between is big, since the protocol used to control RTPPROXY wasn't design for this case. But you can give it a try :-) Best regards, Marian
Gustavo Villegas wrote:
dear users can i get the RTPPROXY runing in another PC, maybe in a CO-located PC in another country. all for the expensive cost of internet in mine. or maybe i need to move all , the server and the rtpproxy module to another PC ??? if yes, how can be done ?? some examples will be apreciates. Regards
Gustavo Villegas
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi Marian, Good question :-) I forgot another detail, which was the reason for the patch: The server does not have an interface with public_ip, it is behind a firewall, i.e. 10.192.0.5 is the only interface. The public_ip is mapped to 10.192.0.5 using static/mapped IP NATing in the firewall. This way we use only one interface for both private and public communication and the secondary interface is standby for redundancy. g-)
Marian Dumitru wrote:
Hi Greger,
Indeed, with your scenario you solve the biggest problem of a remote rtpproxy, which is reliability, by using an ipsec tunnel. So, if I get it right, you use a private address for control communication and a public one for the media relaying. If so, why don't you just do : rtpproxy -s udp:private_ip -l public_ip
Best regards, Marian
Greger V. Teigre wrote:
We run ser on a server in one hosting center and we have the rtpproxy located locally where subscribers are. All ser-rtpproxy communications are run inside an ipsec tunnel using udp. Both for security reasons and stability, I recommend using ipsec. We have experienced no problems whatsoever with this setup.
This is the nathelper setup: modparam("nathelper", "rtpproxy_sock", "udp:10.192.0.5:22222")
Note that 10.192.0.5 is the private address of the server running the rtpproxy and you must start up rtpproxy to listen to UDP (rtpproxy -l 10.192.0.5 -s udp:*). You can of course also configure the ipsec tunnel on each side to route traffic to the other server's public address through the ipsec tunnel and thus avoid using private addresses. However, if you do use a private address (a more typical ipsec scenario), you need to tell rtpproxy which public IP address to use when rewriting SDP (10.192.0.5 would normally be used). I have submitted (to this list) a patch for rtpproxy where you can specify the public address on rtpproxy's command line. I have also sent the patch to Maxim. I have seen that he is preparing several updates to nathelper and rtpproxy now, and I hope he will include my patch also. With the patch you start rtpproxy with: -l 10.192.0.5 -i public_ip -s udp:* g-)
Marian Dumitru wrote:
Hi Gustavo,
You can set UDP connection between SER and RTPROXY if you want to have it on a different machine. Anyhow, I would say it's a little bit dangerous if the IP distance between is big, since the protocol used to control RTPPROXY wasn't design for this case. But you can give it a try :-) Best regards, Marian
Gustavo Villegas wrote:
dear users can i get the RTPPROXY runing in another PC, maybe in a CO-located PC in another country. all for the expensive cost of internet in mine. or maybe i need to move all , the server and the rtpproxy module to another PC ??? if yes, how can be done ?? some examples will be apreciates. Regards
Gustavo Villegas
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Greger V. Teigre -
Gustavo Villegas -
Marian Dumitru