[Serusers] RTPPROXY in another PC

Greger V. Teigre greger at teigre.com
Sun Feb 6 14:53:49 CET 2005


Hi Marian,
Good question :-)  I forgot another detail, which was the reason for the 
patch: The server does not have an interface with public_ip, it is behind a 
firewall, i.e. 10.192.0.5 is the only interface.  The public_ip is mapped to 
10.192.0.5 using static/mapped IP NATing in the firewall.  This way we use 
only one interface for both private and public communication and the 
secondary interface is standby for redundancy.
g-)

Marian Dumitru wrote:
> Hi Greger,
>
> Indeed, with your scenario you solve the biggest problem of a remote
> rtpproxy, which is reliability, by using an ipsec tunnel.
> So, if I get it right, you use a private address for control
> communication and a public one for the media relaying. If so, why
> don't you just do :
> rtpproxy -s udp:private_ip -l public_ip
>
>
> Best regards,
> Marian
>
> Greger V. Teigre wrote:
>> We run ser on a server in one hosting center and we have the rtpproxy
>> located locally where subscribers are.  All ser-rtpproxy
>> communications are run inside an ipsec tunnel using udp. Both for
>> security reasons and stability, I recommend using ipsec. We have
>> experienced no problems whatsoever with this setup.
>>
>> This is the nathelper setup:
>> modparam("nathelper", "rtpproxy_sock", "udp:10.192.0.5:22222")
>>
>> Note that 10.192.0.5 is the private address of the server running the
>> rtpproxy and you must start up rtpproxy to listen to UDP (rtpproxy -l
>> 10.192.0.5 -s udp:*).
>> You can of course also configure the ipsec tunnel on
>> each side to route traffic to the other server's public address
>> through the ipsec tunnel and thus avoid using private addresses. However, 
>> if you do use
>> a private address (a more typical ipsec scenario), you need to tell
>> rtpproxy
>> which public IP address to use when rewriting SDP (10.192.0.5 would
>> normally
>> be used).  I have submitted (to this list) a patch for rtpproxy
>> where you can specify the public address on rtpproxy's command line.
>> I have also sent
>> the patch to Maxim. I have seen that he is preparing several updates
>> to nathelper and rtpproxy now, and I hope he will include my patch
>> also. With the patch you start rtpproxy with: -l 10.192.0.5 -i public_ip
>> -s udp:* g-)
>>
>> Marian Dumitru wrote:
>>
>>> Hi Gustavo,
>>>
>>> You can set UDP connection between SER and RTPROXY if you want to
>>> have it on a different machine. Anyhow, I would say it's a little
>>> bit dangerous if the IP distance between is big, since the protocol
>>> used to control RTPPROXY wasn't design for this case. But you can
>>> give it a try :-)
>>> Best regards,
>>> Marian
>>>
>>> Gustavo Villegas wrote:
>>>
>>>> dear users
>>>>  can i get the RTPPROXY runing in another PC, maybe in a CO-located
>>>> PC in another country.
>>>> all for the expensive cost of internet in mine.
>>>> or maybe i need to move all , the server and the rtpproxy module to
>>>> another PC ???
>>>> if yes, how can be done ??
>>>> some examples will be apreciates.
>>>> Regards
>>>>
>>>> Gustavo Villegas
>>>>
>>>> _______________________________________________
>>>> Serusers mailing list
>>>> serusers at lists.iptel.org
>>>> http://lists.iptel.org/mailman/listinfo/serusers 




More information about the sr-users mailing list