[Kamailio-Users] NAT transversal without mediaproxy or rtpproxy

Wed Sep 3 13:03:24 CEST 2008

François,

If your SIP UA (phone or softphone) is behind the NAT and doesn't support
STUN and if you want the SIP Proxy to “fix” the address information then you
need to use the functions exported by the NAT modules in Kamailio.

But as indicated in other posts if it is symmetric NAT you're dealing with
then will have to relay the Media to allow user-to-user conversations. If
all you are doing is allowing PSTN breakout to a gateway, then you can
rewrite() to the gateway address as the destination and t_relay() the
signalling to the gateway.

The code below I have quickly hacked together for the .cfg file and is not
complete or tested - but should give you some ideas.

To fix the contact address for registration use something like:

Route {
#=====SNIP========

if (method=="REGISTER") {

# Use digest authentication
   if (!www_authorize("domain.com", "subscriber")) {
       www_challenge("domain.com", "0");
       break;
   }; # endif (!www_authorize...)

# Check if client is behind NAT
   if (nat_uac_test("3")) {
      fix_nated_contact();
      save("location");
      force_rport();
      break;
      }
   else {
      save("location");
      break;
      }; # endif (nat_uac_test...)

}; # endif (method=="REGISTER")

#=====SNIP======

To fix the INVITE processing to forward to the gateway for PSTN breakout use
something like:

#=====SNIP=====
if (method == "INVITE") {
# Basically challenge all end-points that make calls
# before we ship the call to PSTN gateway
	if (!proxy_authorize("domain.com","subscriber"))  {
      	proxy_challenge("domain.com", "0");
            break;
      }; # endif (!proxy_ath..)

# Fixed NATed SDP and contact headers                           
      if (nat_uac_test("3")) {
          	log(1, "Inside NATed INVITE Processing\n");
            fix_nated_contact();
            fix_nated_sdp("3");
            t_on_reply("1");
		break;
      }# endif (nat_uac_test...)

}; # endif (method=="INVITE")

========= SNIP ===========
Called parties not in the location database and not from PSTN, forward to
PSTN gateway
You might want to consider the permissions module for the allow_trusted()
function to process inbound calls From the gateway.
(http://www.kamailio.net/docs/modules/1.4.x/permissions.html#id2507554)

#====== SNIP=============
onreply_route[1] {

                if (status =~ "(180)|(183)|2[0-9][0-9]") {
                        log(1, "Inside 180|183|200 Processing\n");
                        fix_nated_contact();
                        fix_nated_sdp("3");
                }; # endif (status...)
} # end onreply processing

Neill...;O)

Neill Wilkinson
Principal Consultant

Aeonvista Ltd - opening up new ideas

-----Original Message-----
From: users-bounces at lists.kamailio.org
[mailto:users-bounces at lists.kamailio.org] On Behalf Of David Villasmil
Sent: 03 September 2008 10:17
To: BERGANZ François
Cc: users at lists.kamailio.org
Subject: Re: [Kamailio-Users] NAT transversal without mediaproxy or rtpproxy

François,

You need to use SOMETHING, it doesn't work by magic.
Maybe you should start by reading this:

http://en.wikipedia.org/wiki/NAT_traversal

It explains WHAT and WHY you need the stuff you need to do NAT
Traversal. Its a read, but it is very enlightening!

Cheers

David

On Wed, Sep 3, 2008 at 11:04 AM, BERGANZ François
<francois at acropolistelecom.net> wrote:
> But, if it dont use STUN, what have I to do more?
>
> -----Message d'origine-----
> De : Daniel-Constantin Mierla [mailto:miconda at gmail.com]
> Envoyé : mercredi 3 septembre 2008 11:00
> À : BERGANZ François
> Cc : users at lists.kamailio.org
> Objet : Re: [Kamailio-Users] NAT transversal without mediaproxy or
rtpproxy
>
>
>
> On 09/03/08 11:55, BERGANZ François wrote:
>> Have you an example?
>>
> if the phones use STUN then the server has nothing to do. Their will
> appear as having a public routable IP address. You do not need anything
> particular in kamailio configuration.
>
> Cheers,
> Daniel
>
>> -----Message d'origine-----
>> De : Daniel-Constantin Mierla [mailto:miconda at gmail.com]
>> Envoyé : mercredi 3 septembre 2008 10:44
>> À : BERGANZ François
>> Cc : users at lists.kamailio.org
>> Objet : Re: [Kamailio-Users] NAT transversal without mediaproxy or
> rtpproxy
>>
>> Hello,
>>
>> On 09/03/08 11:40, BERGANZ François wrote:
>>
>>> Hello,
>>>
>>> I am looking for to do nat transversal without mediaproxy or rtpproxy!
>>>
>>> I can't find any example without mediaproxy or rtpproxy.
>>>
>>> Have you an idea?
>>>
>>> I need to register my users, and contact them after

>>>
>>>
>> if your subscribers are not behind a symmetric nat and their phones can
>> do STUN, then this is a solution that doesn't require media relaying on
>> server side.
>>
>> If you have to deal with symmetric nat, then you are stuck with media
>> relaying on server side.
>>
>> Cheers,
>> Daniel
>>
>>
>
> --
> Daniel-Constantin Mierla
> http://www.asipto.com
>
>
> _______________________________________________
> Users mailing list
> Users at lists.kamailio.org
> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
>

_______________________________________________
Users mailing list
Users at lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users