[Serusers] Re-post of working SER/rtpproxy working bridge setup

Greger V. Teigre greger at teigre.com
Fri Jul 14 12:32:37 CEST 2006 

Credits to Joao Pereira for this.
g-)
--------------------

Ok, After a while, I was able to put it to work in the bridging mode.
Here is the ser.cfg for those with the same setup:
SER + NAThelper + RTPproxy
and with a PC with two IPs, in two non routable networks
Joao Pereira




Klaus Darilion wrote:

> Joao Pereira wrote:
>
>> Ok, from what I read, its not possible to make calls between two non 
>> routable networks using the SER  / RTPproxy solution (if you know the 
>> way, please tell me).
>
>
> Where have you read that it is not possible? Have you read my email 
> from yesterday and the corresponding link?
>
> I guess not. Because the author describes this feature and also 
> provided a sample configuration script how to do it.
>
> Thus, you should read 
> http://mail.iptel.org/pipermail/serusers/2004-March/006514.html 
> carefully, and also take a look at the attached config:
> http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/nathelper/examples/alg.cfg?rev=1.1&content-type=text/plain 
>
>
>
> klaus
>
>> And using MediaProxy? Or other SIP proxy? Is there any way we can 
>> have SER proxying calls between two non routable networks?
>> Thanks
>> Joao Pereira
>> www.fccn.pt
>>
>> Jose Soler wrote:
>>
>>> Hi Joao,
>>> No I was not able to solve the issue.
>>> It seems (this is my guess tough) that the Portaone RTP proxy 
>>> assumes that it has one public IP adress, so the valid configuration 
>>> to use it is Public Nt-Private Nt. I was not able to make it work in 
>>> other configurations (neiher I got feedback from Portaone to do so).
>>> Nevertheless the code is available, so it could be modified...as 
>>> long as you have the time and will to do so. I did not ;).
>>>
>>> Best regards,
>>>
>>> josé
>>>
>>> -----Original Message-----
>>> From: Joao Pereira [mailto:joao.pereira at fccn.pt] Sent: 19. oktober 
>>> 2005 20:17
>>> To: Jose Soler; serusers at iptel.org
>>> Subject: Re: [Serusers] RTP proxy between two subnetworks with 
>>> private @s
>>>
>>>
>>> Hello, did you made it to put the clients of networks A and B to 
>>> call each other?
>>> I  want to do the same, and tried a lot of SER/RTPproxy 
>>> configurations, including the one in: 
>>> /ser-0.9.0/modules/nathelper/examples/alg.cfg
>>> and also tried to run rtpproxy with the "-l 10.0.0.135/193.136.2.2" 
>>> option. But I just was able to ring the phones (wen calling between 
>>> networks), but the RTP doesnt pass...
>>> If you found the solution, please tell me.
>>> Thanks
>>> Joao Pereia
>>> www.fccn.pt
>>>
>>>
>>> Jose Soler wrote:
>>>
>>>  
>>>
>>>> Hi,
>>>>
>>>> I am trying to figure out how to solve the follwoing problem. I 
>>>> have two subnetworks, A and B, with different private ip adressing 
>>>> schemes (IP at A <mailto:IP at A>) and (IP at B <mailto:IP at B>).
>>>>
>>>> SER is installed in a computer with network interfaces towards both
>>>> subnetworks.
>>>> SER's SIP signalling proxying operation works properly within the 
>>>> subnetworks and when trying to set up a communication between users 
>>>> in A and B. But in that last case, obviously there is no media at 
>>>> all circulating among the subnetworks.
>>>>
>>>> Portaone's RTP proxy has been installed and configured in the computer
>>>> with interfaces towards both subnetworks where SER is installed.
>>>> I am trying to configure SER so that, based on the nathelper module,
>>>> when communication between both subnetworks occurs, the RTP proxy 
>>>> is involved and the communication (also media and not only 
>>>> signalling) is possible. BUT I am making something wrong, becouse 
>>>> it does not work ...
>>>>
>>>> Can anyone give me  a hand /hint?
>>>> Thanks a lot in advance / in any case.
>>>>
>>>> My SER config file is the following:
>>>>
>>>>
>>>> #
>>>>
>>>> # ----------- global configuration parameters ------------------------
>>>>
>>>> /* Uncomment these lines to enter debugging mode
>>>>
>>>> debug=7
>>>>
>>>> fork=no
>>>>
>>>> log_stderror=yes
>>>>
>>>> */
>>>>
>>>> check_via=no # (cmd. line: -v)
>>>>
>>>> dns=no # (cmd. line: -r)
>>>>
>>>> rev_dns=no # (cmd. line: -R)
>>>>
>>>> fifo="/tmp/ser_fifo"
>>>>
>>>> fifo_mode=0662
>>>>
>>>> alias=wirelessip.x.x.x
>>>>
>>>> alias=sip..x.x.x
>>>>
>>>> alias=x.x.x
>>>>
>>>> log_stderror=no
>>>>
>>>> debug=3
>>>>
>>>> children=3
>>>>
>>>> mhomed=1
>>>>
>>>> # ------------------ module loading ----------------------------------
>>>>
>>>> # Uncomment this if you want to use SQL database
>>>>
>>>> loadmodule "/lib/ser/modules/mysql.so"
>>>>
>>>> loadmodule "/lib/ser/modules/sl.so"
>>>>
>>>> loadmodule "/lib/ser/modules/tm.so"
>>>>
>>>> loadmodule "/lib/ser/modules/rr.so"
>>>>
>>>> loadmodule "/lib/ser/modules/maxfwd.so"
>>>>
>>>> loadmodule "/lib/ser/modules/usrloc.so"
>>>>
>>>> loadmodule "/lib/ser/modules/textops.so"
>>>>
>>>> loadmodule "/lib/ser/modules/registrar.so"
>>>>
>>>> # Uncomment this if you want digest authentication
>>>>
>>>> # mysql.so must be loaded !
>>>>
>>>> loadmodule "/lib/ser/modules/auth.so"
>>>>
>>>> loadmodule "/lib/ser/modules/auth_db.so"
>>>>
>>>> # For NAT support / media proxying
>>>>
>>>> loadmodule "/lib/ser/modules/nathelper.so"
>>>>
>>>> # ----------------- setting module-specific parameters ---------------
>>>>
>>>> # -- usrloc params --
>>>>
>>>> #modparam("usrloc", "db_mode", 0)
>>>>
>>>> # Uncomment this if you want to use SQL database
>>>>
>>>> # for persistent storage and comment the previous line
>>>>
>>>> modparam("usrloc", "db_mode", 2)
>>>>
>>>> # -- auth params --
>>>>
>>>> # Uncomment if you are using auth module
>>>>
>>>> modparam("auth_db", "calculate_ha1", yes)
>>>>
>>>> # If you set "calculate_ha1" parameter to yes (which true in this
>>>> config),
>>>>
>>>> # uncomment also the following parameter)
>>>>
>>>> modparam("auth_db", "password_column", "password")
>>>>
>>>> # -- rr params --
>>>>
>>>> # add value to ;lr param to make some broken UAs happy
>>>>
>>>> modparam("rr", "enable_full_lr", 1)
>>>>
>>>> # For NAT
>>>>
>>>> # We will use flag 6 to mark NATed contacts
>>>>
>>>> modparam("registrar", "nat_flag", 6)
>>>>
>>>> # Enable NAT pinging
>>>>
>>>> modparam("nathelper", "natping_interval", 60)
>>>>
>>>> # Ping only contacts that are known to be
>>>>
>>>> # behind NAT
>>>>
>>>> modparam("nathelper", "ping_nated_only", 1)
>>>>
>>>> # ------------------------- request routing logic -------------------
>>>>
>>>> # main routing logic
>>>>
>>>> route{
>>>>
>>>> # initial sanity checks -- messages with
>>>>
>>>> # max_forwards==0, or excessively long requests
>>>>
>>>> if (!mf_process_maxfwd_header("10")) {
>>>>
>>>> sl_send_reply("483","Too Many Hops");
>>>>
>>>> break;
>>>>
>>>> };
>>>>
>>>> if ( msg:len > max_len ) {
>>>>
>>>> sl_send_reply("513", "Message too big");
>>>>
>>>> break;
>>>>
>>>> };
>>>>
>>>> # special handling for NATed clients; first, nat test is
>>>>
>>>> # executed: it looks for via!=received and RFC1918 addresses
>>>>
>>>> # in Contact (may fail if line-folding used); also,
>>>>
>>>> # the received test should, if complete, should check all
>>>>
>>>> # vias for presence of received
>>>>
>>>> if (nat_uac_test("3")) {
>>>>
>>>> # allow RR-ed requests, as these may indicate that
>>>>
>>>> # a NAT-enabled proxy takes care of it; unless it is
>>>>
>>>> # a REGISTER
>>>>
>>>> if (method == "REGISTER" || ! search("^Record-Route:")) {
>>>>
>>>> log("LOG: Someone trying to register from private IP, rewriting\n");
>>>>
>>>> # This will work only for user agents that support symmetric
>>>>
>>>> # communication. We tested quite many of them and majority is
>>>>
>>>> # smart smart enough to be symmetric. In some phones, like
>>>>
>>>> # it takes a configuration option. With Cisco 7960, it is
>>>>
>>>> # called NAT_Enable=Yes, with kphone it is called
>>>>
>>>> # "symmetric media" and "symmetric signaling". (The latter
>>>>
>>>> # not part of public released yet.)
>>>>
>>>> fix_nated_contact(); # Rewrite contact with source IP of signalling
>>>>
>>>> if (method == "INVITE") {
>>>>
>>>> fix_nated_sdp("1"); # Add direction=active to SDP
>>>>
>>>> };
>>>>
>>>> force_rport(); # Add rport parameter to topmost Via
>>>>
>>>> setflag(6); # Mark as NATed
>>>>
>>>> };
>>>>
>>>> };
>>>>
>>>> # we record-route all messages -- to make sure that
>>>>
>>>> # subsequent messages will go through our proxy; that's
>>>>
>>>> # particularly good if upstream and downstream entities
>>>>
>>>> # use different transport protocol
>>>>
>>>> record_route();
>>>>
>>>> # loose-route processing
>>>>
>>>> if (loose_route()) {
>>>>
>>>> t_relay();
>>>>
>>>> break;
>>>>
>>>> };
>>>>
>>>> lookup("aliases");
>>>>
>>>> # if the request is for other domain use UsrLoc
>>>>
>>>> # (in case, it does not work, use the following command
>>>>
>>>> # with proper names and addresses in it)
>>>>
>>>> if (uri==myself) {
>>>>
>>>> if (method=="REGISTER") {
>>>>
>>>> # Uncomment this if you want to use digest authentication
>>>>
>>>> if (!www_authorize("com.dtu.dk", "subscriber")) {
>>>>
>>>> www_challenge("com.dtu.dk", "0");
>>>>
>>>> break;
>>>>
>>>> };
>>>>
>>>> save("location");
>>>>
>>>> break;
>>>>
>>>> };
>>>>
>>>> # native SIP destinations are handled using our USRLOC DB
>>>>
>>>> if (!lookup("location")) {
>>>>
>>>> sl_send_reply("404", "Not Found");
>>>>
>>>> break;
>>>>
>>>> };
>>>>
>>>> };
>>>>
>>>> # forward to current uri now; use stateful forwarding; that
>>>>
>>>> # works reliably even if we forward from TCP to UDP
>>>>
>>>> if (!t_relay()) {
>>>>
>>>> sl_reply_error();
>>>>
>>>> };
>>>>
>>>> }
>>>>
>>>> #
>>>>
>>>> # Forcing media relay if necessary
>>>>
>>>> #
>>>>
>>>> route[1] {
>>>>
>>>> #if (uri=~"[@:](192\.168\.|10\.|172\.16)" && !search("^Route:")){
>>>>
>>>> # sl_send_reply("479", "We don't forward to private IP addresses");
>>>>
>>>> # break;
>>>>
>>>> #};
>>>>
>>>> #if (isflagset(6)) {
>>>>
>>>> force_rtp_proxy(); # I force everything through the proxy
>>>>
>>>> t_on_reply("1");
>>>>
>>>> append_hf("P-Behind-NAT: Yes\r\n");
>>>>
>>>> #};
>>>>
>>>> if (!t_relay()) {
>>>>
>>>> sl_reply_error();
>>>>
>>>> break;
>>>>
>>>> };
>>>>
>>>> }
>>>>
>>>> onreply_route[1] {
>>>>
>>>> if (status =~ "(183)|2[0-9][0-9]") {
>>>>
>>>> fix_nated_contact();
>>>>
>>>> force_rtp_proxy();
>>>>
>>>> };
>>>>
>>>> }
>>>>
>>>>
>>>>
>>>>
>>>>  
>>>>
>>>>
>>>>
>>>> ----------------------------------------------------------------------- 
>>>>
>>>> -
>>>>
>>>> _______________________________________________
>>>> Serusers mailing list
>>>> Serusers at iptel.org http://mail.iptel.org/mailman/listinfo/serusers
>>>>
>>>>
>>>>   
>>>
>>>
>>>
>>>  
>>>
>>
>> _______________________________________________
>> Serusers mailing list
>> Serusers at iptel.org
>> http://mail.iptel.org/mailman/listinfo/serusers
>>
>>
>
>

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ser.cfg_bridging
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060714/a0fb4fcb/attachment.asc>

More information about the sr-users mailing list