[OpenSER-Users] OpenSER as NAT traversal proxy HELP!

[Robert Dyck]

I have a couple ideas for you if you decide to pursue openser further. It is 
not necessary for rtpproxy to be in bridge mode to service your LAN. When you 
configure your UA's, point them at the public address of openser for otg 
proxy. Secondly the nat travesal functions in openser were not intended for 
local UA's but rather on some external LAN. They expect the source address to 
be public. You can use the textops module to do your own mangling with 
regular expressions ( what a pain ). I have successfully used both ideas but 
of course your topology is a bit unusual. Also a minor code change in 
rtpproxy may be all that is needed for you to specify the port range.
Good luck

On Friday 25 July 2008, Joris Dobbelsteen wrote:
> Klaus Darilion wrote:
> > Hi Joris!
> >
> > Testing with XLite I meant to find out if the problem is a problem of
> > the ANT or of the client (zyxel) as Xlite does NAT traversal very well.
> >
> > If Zyxel does not support NAT traversal and also voipbuster fails to
> > traverse your special NAT, then you yre right and need your own NAT
> > traversal solution e.g. as you tried with openser (multihomed)  and
> > rtpproxy in (bridge mode). You could also try
> > http://sourceforge.net/projects/siproxd/
>
> I did, and with both I had several problems I have no knowledge of
> understanding what is going wrong and how to solve it.
> With siproxd I got to the point that everything should have worked, at
> least in my opinion. I could see all the traffic flowing and it seemed
> to be OK and with correct IPs and correct ports. Either incoming or
> outgoing audio remained to be a problem, so after two and a half day I
> gave up and reconfigured the ZyXEL (plus other parts on the network)
> into the ISP intended configuration. This at least solved the VoIP
> issues I had.
> Its not what I had intended though, but its a "production" system and it
> just needs to work. I had other people complaining, because VoIP was
> down mostly for 2 weeks while I was away.
> It used to work before with plain NAT (most of the time) but something
> seems to have changed in the meanwhile (my ISP also had a few days
> outage on their VoIP service, so its well possible that they made big
> changes/replaced equipment to get them resolved). I only had problems
> with jitter at that time and I had resolved these.
>
> Maybe I'll try again at some later date. In any case, OpenSER + rtpproxy
> don't seem to be really nice for the setup I thought about. NAT seems
> mostly an afterthought and I seriously miss control over the UTP ports
> to be used. I like to lock down my firewall as tight as possible, but
> this just not an option with this software. Its better with siproxd,
> where you actually can configure the UTP ports to use.
> Nevertheless, its quite nice to see OpenSER a bit and I got an light
> impression of what it is capable of. The design allows you to do
> everything you could think of. The only other disadvantage is its
> unpolished support for postgresql, especially for someone who values
> ACID properties and MySQL lacks/violates those mostly. Still I should
> complement all the people who have designed and implemented this software.
>
> Also thanks for those who tried to help me with my issues. Its at least
> encouraging for taking another attempt to get it to work at some later
> date.
>
> Regards,
>
> - Joris
>
> [snip]