[Serusers] How to Minimize rtp proxy usage for all cases including when behind the same NAT

sip sip at arcdiv.com
Tue Dec 6 04:16:02 CET 2005 

The tricky part of such a modification to store pre-STUN addresses lies in
determining what's local. 

For instance.... if I'm on a 192.168.1.X subnet behind a NAT at my home, and
my friend is on a 192.168.1.X subnet behind a NAT at HIS home, it becomes very
tricky to determine if we're both local to each other or not.  Now, you could
do some fancy tricks where you check the NAT AND the rewritten IPs and try and
match...  but then, when you toss in multiple NATs, it gets impossible to even
do that. 

Imagine I'm behind a NAT at my home on a 192.168.1.X network, and my friend is
behind a NAT at his home on a 192.168.1.X network. Together, we both use the
same internet service provider who has us BOTH given 'external' IPs which are
really 10.1.1.X numbers behind a large NAT in their subnet. 

Now, SER, off on some other network, sees the external IP from the ISP's NAT,
and maps it back to our 10.1.1.X numbers. But if it stores our original IPs,
it will still have 192.168.1.X numbers that APPEAR to be on the same subnet
but which in fact are not. 

The problem is that SIP is inherently NAT unfriendly, and there are hacks and
kludges to get around these inherent inabilities, but they remain just that --
hacks and kludges. 

Strangely, I noticed this evening that, using WinSTUN, my Linksys gateway is
reported as not supporting Hairpinning... and yet it clearly does. What are
the sort of tests done to check that in a test program like WinSTUN? 

N.


On Mon, 05 Dec 2005 16:45:06 -0800, S G wrote
> Hello,
> 
> I have SER setup to only use the rtpproxy if the client is behind a 
> symmetric NAT. This is accomplished by using STUN since STUN will 
> not modify the contact headers if it detects a symmetric NAT. So SER 
> see's the local address in the contact header and only forces 
> rtpproxy for those types of call. When users are behind the same NAT 
> then ser detects this using AVP's and force_rtpproxy is not used for 
> the call. This only works when STUN is not enabled. Since when STUN 
> succeeds the orignal local address of the phone is changed to the 
> public address in the sip message. So when two STUN enabled clients 
> try to call each other from behind the same nat the call fails. The 
> call fails because the NAT does not support harpin of media as most 
> don't. The only way this call would work is if the contacts could be 
> changed back to use their local addresses pre-STUN. How can SER be 
> instructed to use the local address for calls behind the same NAT 
> when STUN is enabled? One way I can think of doing this is to change 
> nathelper to extract the original IP from the VIA header and rewrite 
> the SDP. In the SIP trace i see only IP's in contact headers and SDP 
> are changed when STUN succeeds. Is there a simpler way to accomplish 
> this?
> 
> Thanks,
> Sumeet
> 
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today - it's 
> FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list