[Serusers] Problem with SER-Mediaproxy and VPN

Bernie Hoeneisen bhoeneis at switch.ch
Mon Oct 25 19:46:00 CEST 2004 

Hi!

I have the following setup:

* Client A is behind a VPN, which make a NAT as follows:
  - IP Address on the interface:  80.32.110.203
  - IP address for VPN:  80.32.23.17 (as seen outside the VPN-NAT)
  - The client beliefs that it has IP 80.32.110.203, and uses this for its
    SIP and SDP messages.

* Client B uses IP 80.32.6.184 (no VPN)

* The SER-Mediaproxy runs on  80.32.10.95


If Client A (VPN) calls client B, there is no problem:
SER and  SERMediaproxy handle it correctly. So far so good.


But, if Client B wants to call Client A (the one with VPN), no audio is
transmitted. While tracing, I figured out the following:

- Client A sends its RTPs from  80.32.23.17 to the SER-Mediaproxy, which
  the SER-Mediaproxy considers a as 3rd party, and therefore it ignors
  RTP packets coming from that source IP.

- Client B sends its RTP to the SER-Mediaproxy, which forwards them to
  80.32.110.203 (the Interface, which Client A has put to the SDP).
  Those are ignored by the VPN on the host of client A, as it only accepts
  packets belonging to the VPN tunel.

  --> Ergo, no RTP goes through. :-(

Any ideas, on how I can tell SER-Mediaproxy to accept packets from
80.32.23.17 ?
According to the logs the SER-Mediaproxy knows about this IP...

cheers,
 Bernie


PS: The mediaproxy.log look as follows:


normaluser at test-sip.ch   calls   vpnuser at test-sip.ch
----------------------------------------------------

command request 000bfd32-e66e0027-0b258da4-1e55a8b9 at 80.32.6.184
80.32.6.184:16672:audio 80.32.6.184 test-sip.ch local 217.162.217.186
remote CSCO/7
info=from:normaluser at test-sip.ch,to:vpnuser at test-sip.ch,fromtag:000bfd32e66e00627e7b69c3-6f480ec5,totag:,dispatcher
session 000bfd32-e66e0027-0b258da4-1e55a8b9 at 80.32.6.184: started.
listening on 80.32.10.95:16604
command execution time:  2.80 ms
command lookup 000bfd32-e66e0027-0b258da4-1e55a8b9 at 80.32.6.184
80.32.110.203:16384:audio 80.32.23.17 test-sip.ch local test-sip.ch
unknown SJLabs-SJphone/1.30.235a
info=from:normaluser at test-sip.ch,to:vpnuser at test-sip.ch,fromtag:000bfd32e66e00627e7b69c3-6f480ec5,totag:3505347165,dispatcher
command execution time:  0.52 ms
warning: Received packet from a third party: 80.32.23.17:16384
                                             ^^^^^^^^^^^^^^^^^
session 000bfd32-e66e0027-0b258da4-1e55a8b9 at 80.32.6.184: caller signed in
from 80.32.6.184:16672 (RTP) (will return to 80.32.6.184:16672)
command lookup 000bfd32-e66e0027-0b258da4-1e55a8b9 at 80.32.6.184
80.32.110.203:16384:audio 80.32.23.17 test-sip.ch local test-sip.ch
unknown SJLabs-SJphone/1.30.235a
info=from:normaluser at test-sip.ch,to:vpnuser at test-sip.ch,fromtag:000bfd32e66e00627e7b69c3-6f480ec5,totag:3505347165,dispatcher
command execution time:  0.20 ms
command lookup 000bfd32-e66e0027-0b258da4-1e55a8b9 at 80.32.6.184
80.32.110.203:16384:audio 80.32.23.17 test-sip.ch local test-sip.ch
unknown SJLabs-SJphone/1.30.235a
info=from:normaluser at test-sip.ch,to:vpnuser at test-sip.ch,fromtag:000bfd32e66e00627e7b69c3-6f480ec5,totag:3505347165,dispatcher
command execution time:  0.25 ms
command lookup 000bfd32-e66e0027-0b258da4-1e55a8b9 at 80.32.6.184
80.32.110.203:16384:audio 80.32.23.17 test-sip.ch local test-sip.ch
unknown SJLabs-SJphone/1.30.235a
info=from:normaluser at test-sip.ch,to:vpnuser at test-sip.ch,fromtag:000bfd32e66e00627e7b69c3-6f480ec5,totag:3505347165,dispatcher
command execution time:  0.21 ms
session 7FB39E34-1DD2-11B2-A6E5-C208B29D816F at 80.32.110.203: 0/0/0 packets,
0/0/0 bytes (caller/called/relayed)
session 7FB39E34-1DD2-11B2-A6E5-C208B29D816F at 80.32.110.203: ended (did
timeout).
command delete 000bfd32-e66e0027-0b258da4-1e55a8b9 at 80.32.6.184
info=dispatcher
session 000bfd32-e66e0027-0b258da4-1e55a8b9 at 80.32.6.184: 515/0/515
packets, 103000/0/103000 bytes (caller/called/relayed)
session 000bfd32-e66e0027-0b258da4-1e55a8b9 at 80.32.6.184: ended.
command execution time:  0.47 ms



vpnuser at test-sip.ch  calls   normaluser at test-sip.ch
---------------------------------------------------

command request ADFBCDAC-1DD1-11B2-8626-975F6F226C9C at 80.32.110.203
80.32.110.203:16386:audio 80.32.23.17 test-sip.ch local 80.32.6.184 remote
SJLabs-SJphone/1.30.235a
info=from:vpnuser at test-sip.ch,to:normaluser at test-sip.ch,fromtag:3505381983,totag:,dispatcher
session ADFBCDAC-1DD1-11B2-8626-975F6F226C9C at 80.32.110.203: started.
listening on 80.32.10.95:16606
command execution time:  0.97 ms
command lookup ADFBCDAC-1DD1-11B2-8626-975F6F226C9C at 80.32.110.203
80.32.6.184:16674:audio 80.32.6.184 test-sip.ch local test-sip.ch unknown
CSCO/7
info=from:vpnuser at test-sip.ch,to:normaluser at test-sip.ch,fromtag:3505381983,totag:000bfd32e66e00630d9f84f8-56b109d0,dispatcher
command execution time:  0.50 ms
session ADFBCDAC-1DD1-11B2-8626-975F6F226C9C at 80.32.110.203: caller signed
in from 80.32.23.17:16386 (RTP) (will return to 80.32.23.17:16386)
session ADFBCDAC-1DD1-11B2-8626-975F6F226C9C at 80.32.110.203: called signed
in from 80.32.6.184:16674 (RTP) (will return to 80.32.6.184:16674)
command delete ADFBCDAC-1DD1-11B2-8626-975F6F226C9C at 80.32.110.203
info=dispatcher
session ADFBCDAC-1DD1-11B2-8626-975F6F226C9C at 80.32.110.203: 327/316/643
packets, 65400/63200/128600 bytes (caller/called/relayed)
session ADFBCDAC-1DD1-11B2-8626-975F6F226C9C at 80.32.110.203: ended.
command execution time:  0.48 ms

More information about the sr-users mailing list