The intended setup is as you described in option a.
And the behaviour of rewriting SDP using private/public ports is what I understood the rtpproxy_manage was tasked to do.
As it is not working the way I expected, what is the best way to proceed? To check if the IP is from the outside and then rewrite via rtpproxy_offer in the NATMANAGE block?
Thank you
----- Original Message ----- From: Klaus Darilion Sent: 01/21/14 05:25 AM To: Kamailio (SER) - Users Mailing List Subject: Re: [SR-Users] Kamailio behind NAT
On 21.01.2014 13:24, John Smith wrote:
I might be making wrong assumptions regarding this traffic flow. Is that correct?
That depends on your policy. It is up to you to define how RTP should be routed. There are basically 2 choices:
a) RTP from clients is handled by rtpproxy:
phone1 <-nat-> rtpproxy <--> Asterisk <--> rtpproxy <-nat-> phone2
In this case, only the private IP of Kamailio and rtpproxy (can be the same IP address) must be mapped to a public IP address.
b) RTP directly to Asterisk:
phone1 <-nat-> Asterisk <-nat-> phone2
In this case, the private IPs of Kamailio and Asterisk must be mapped to a public IP address.
When using version a) you have to make sure to set the proper IP address in the SDP. For example, SDPs in messages from Kamailio to the phone must contains the PUBLIC IP of rtpproxy in the c=... line. SDPs in messages from Kamailio to Asterisk must contain the PRIVATE IP of rtpproxy in the c=... line.
regards Klaus
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Yes, when calling rtpproxy (whatever function you use, manage/offer/answer/force), every function accepts as second parameter the IP address which should be written into the SDP c=... line.
So, detect the direction (eg based on source-ip) and put the respective internal or external IP address into the SDP.
Of course the NAT must be a static 1:1 NAT without any PAT.
Btw: you have the same problem with some SIP headers, like Record-Route or Via. Kamailio has to insert the respective public/private IP, depending on where to send the message. If Kamailio uses only a single socket, then you have to do this manually. The automatic approach is to configure 2 listen=... sockets. One for the internal side, and one for the external side. On the "external" socket you add the "advertise" option - then Kamailio will automatically put the correct IP addresses in RR and Via, eg:
# public IP address of Kamailio/rtpproxy: 3.3.3.3 # internal socket listen=udp:10.10.0.2 # external socket listen=udp:10.10.0.3 advertise 3.3.3.3:5060 mhomed=0
You could use separate subnets for the 2 sockets, or you could also use only a single IP address with 2 different ports for the 2 sockets.
regards Klaus
On 21.01.2014 14:50, John Smith wrote:
The intended setup is as you described in option a.
And the behaviour of rewriting SDP using private/public ports is what I understood the rtpproxy_manage was tasked to do.
As it is not working the way I expected, what is the best way to proceed? To check if the IP is from the outside and then rewrite via rtpproxy_offer in the NATMANAGE block?
Thank you
----- Original Message ----- From: Klaus Darilion Sent: 01/21/14 05:25 AM To: Kamailio (SER) - Users Mailing List Subject: Re: [SR-Users] Kamailio behind NAT
On 21.01.2014 13:24, John Smith wrote:
I might be making wrong assumptions regarding this traffic flow. Is that correct?
That depends on your policy. It is up to you to define how RTP should be routed. There are basically 2 choices:
a) RTP from clients is handled by rtpproxy:
phone1 <-nat-> rtpproxy <--> Asterisk <--> rtpproxy <-nat-> phone2
In this case, only the private IP of Kamailio and rtpproxy (can be the same IP address) must be mapped to a public IP address.
b) RTP directly to Asterisk:
phone1 <-nat-> Asterisk <-nat-> phone2
In this case, the private IPs of Kamailio and Asterisk must be mapped to a public IP address.
When using version a) you have to make sure to set the proper IP address in the SDP. For example, SDPs in messages from Kamailio to the phone must contains the PUBLIC IP of rtpproxy in the c=... line. SDPs in messages from Kamailio to Asterisk must contain the PRIVATE IP of rtpproxy in the c=... line.
regards Klaus
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
John Smith -
Klaus Darilion