[Serusers] How to Minimize rtp proxy usage for all cases including when behind the same NAT

S G skg1010 at hotmail.com
Wed Dec 7 19:23:38 CET 2005 

It's pretty simple actually, to determine if your behind the same NAT. You 
just check if the request for both parties are coming from the same external 
public IP. Sure, this might not account for every case, multiple subnets, 
multiple NAT setups, but it takes care of a great deal of them. I would say 
most home users and offices have a simple single NAT setup. The problem is 
when using STUN how to set the SDP's to use the pre-STUN local ip's. Without 
STUN it works just fine, but you of course end up rtpproxying ever call.

-Sumeet

>From: "sip" <sip at arcdiv.com>
>To: "S G" <skg1010 at hotmail.com>, serusers at lists.iptel.org
>Subject: Re: [Serusers] How to Minimize rtp proxy usage for all cases 
>including when behind the same NAT
>Date: Mon, 5 Dec 2005 22:16:02 -0500
>
>The tricky part of such a modification to store pre-STUN addresses lies in
>determining what's local.
>
>For instance.... if I'm on a 192.168.1.X subnet behind a NAT at my home, 
>and
>my friend is on a 192.168.1.X subnet behind a NAT at HIS home, it becomes 
>very
>tricky to determine if we're both local to each other or not.  Now, you 
>could
>do some fancy tricks where you check the NAT AND the rewritten IPs and try 
>and
>match...  but then, when you toss in multiple NATs, it gets impossible to 
>even
>do that.
>
>Imagine I'm behind a NAT at my home on a 192.168.1.X network, and my friend 
>is
>behind a NAT at his home on a 192.168.1.X network. Together, we both use 
>the
>same internet service provider who has us BOTH given 'external' IPs which 
>are
>really 10.1.1.X numbers behind a large NAT in their subnet.
>
>Now, SER, off on some other network, sees the external IP from the ISP's 
>NAT,
>and maps it back to our 10.1.1.X numbers. But if it stores our original 
>IPs,
>it will still have 192.168.1.X numbers that APPEAR to be on the same subnet
>but which in fact are not.
>
>The problem is that SIP is inherently NAT unfriendly, and there are hacks 
>and
>kludges to get around these inherent inabilities, but they remain just that 
>--
>hacks and kludges.
>
>Strangely, I noticed this evening that, using WinSTUN, my Linksys gateway 
>is
>reported as not supporting Hairpinning... and yet it clearly does. What are
>the sort of tests done to check that in a test program like WinSTUN?
>
>N.
>
>
>On Mon, 05 Dec 2005 16:45:06 -0800, S G wrote
> > Hello,
> >
> > I have SER setup to only use the rtpproxy if the client is behind a
> > symmetric NAT. This is accomplished by using STUN since STUN will
> > not modify the contact headers if it detects a symmetric NAT. So SER
> > see's the local address in the contact header and only forces
> > rtpproxy for those types of call. When users are behind the same NAT
> > then ser detects this using AVP's and force_rtpproxy is not used for
> > the call. This only works when STUN is not enabled. Since when STUN
> > succeeds the orignal local address of the phone is changed to the
> > public address in the sip message. So when two STUN enabled clients
> > try to call each other from behind the same nat the call fails. The
> > call fails because the NAT does not support harpin of media as most
> > don't. The only way this call would work is if the contacts could be
> > changed back to use their local addresses pre-STUN. How can SER be
> > instructed to use the local address for calls behind the same NAT
> > when STUN is enabled? One way I can think of doing this is to change
> > nathelper to extract the original IP from the VIA header and rewrite
> > the SDP. In the SIP trace i see only IP's in contact headers and SDP
> > are changed when STUN succeeds. Is there a simpler way to accomplish
> > this?
> >
> > Thanks,
> > Sumeet
> >
> > _________________________________________________________________
> > Express yourself instantly with MSN Messenger! Download today - it's
> > FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >
> > _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
>

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

More information about the sr-users mailing list