[SR-Users] SIP UA's behind same NAT

Deon Vermeulen vermeulen.deon at gmail.com
Mon Dec 20 14:32:24 CET 2010 

Hi Daniel

Thank you so much for your feedback.

I came upon the below post, but I'm unable to find the example Norman posted.
http://www.mail-archive.com/users@openser.org/msg01932.html

In short the end solution is:

  # If both clients are behind nat we can check to see if they are behind the same
  # external IP and optimize the media path to go directly between them
else if ( isflagset(2) and isflagset(3) )
        {
            log(1, "Both Clients are behind NAT");

            # Store the destination domain into an AVP
            avp_printf("i:450", "$dd");
       
            if ( avp_check("i:450", "eq/$src_ip/g") )
            {
                xlog("L_INFO", "Detected Two Clients Behind the Same NAT - Disabling Mediaproxy");
           
                # Do not use mediaproxy as the clients seem to be behind the same NAT
                resetflag(2);
                resetflag(3);
            }           
       
        }



I haven't tested yet, but would I be right in saying my config should look something like:


####### Routing Logic ########


# Main SIP request routing logic
# - processing of any incoming SIP request starts with this route
route {

       # per request initial checks
       route(REQINIT);

       # NAT detection
       route(NAT);




# Caller NAT detection route
route[NAT] {
#!ifdef WITH_NAT
       force_rport();
       if (nat_uac_test("19")) {
               if (method=="REGISTER") {
                       fix_nated_register();
               } else {
                       fix_nated_contact();
               }
               setflag(FLT_NATS);

               # If both clients are behind nat we can check to see if they are behind the same
               # external IP and optimize the media path to go directly between them
               else if ( isflagset(FLT_NATS) and isflagset(FLT_NATB) ) {
                                log(1, "Both Clients are behind NAT");

               # Store the destination domain into an AVP
                                avp_printf("i:450", "$dd");
       
                                if ( avp_check("i:450", "eq/$src_ip/g") ) {
                                                         xlog("L_INFO", "Detected Two Clients Behind the Same NAT - Disabling RTPproxy");
           
                                # Do not use rtpproxy as the clients seem to be behind the same NAT
                                                         resetflag(FLT_NATS);
                                                         resetflag(FLT_NATB);
                                }
                }
         }
#!endif
       return;
}

# RTPProxy control
route[RTPPROXY] {
#!ifdef WITH_NAT
       if (is_method("BYE")) {
               unforce_rtp_proxy();
       } else if (is_method("INVITE")){
               force_rtp_proxy();
       }
       if (!has_totag()) add_rr_param(";nat=yes");
#!endif
       return;
}


Rgds
Deon


On Dec 20, 2010, at 2:41 PM, Daniel-Constantin Mierla wrote:

> Hello,
> 
> On 12/20/10 11:25 AM, Deon Vermeulen wrote:
>> Hi List
>> 
>> Can someone please help me?
>> 
>> I need to implement PBX Services for a customer that has 10 IP Phones at his Main site and then 20 IP Phones located over 5 Branches.
>> 
>> My goal is to have RTP go end to end and not proxied.
>> 
>> I had a look at the below link and tried  it, but with no luck.
>> 
>> http://kamailio.org/dokuwiki/doku.php/examples:caller-callee-behind-same-nat
>> 
>> Here is a partial output of my kamailio.cfg file if someone would be so kind to help me.
>> 
>> 
>> #!ifdef WITH_NAT
>> # ----- rtpproxy params -----
>> modparam("rtpproxy", "rtpproxy_sock", "udp:localhost:7722")
>> 
>> # ----- nathelper params -----
>> modparam("nathelper", "natping_interval", 30)
>> modparam("nathelper", "ping_nated_only", 1)
>> modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
>> modparam("nathelper", "sipping_from", "sip:pinger at x.x.x.x")
>> 
>> # params needed for NAT traversal in other modules
>> modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
>> modparam("usrloc", "nat_bflag", FLB_NATB)
>> #!endif
>> 
>> 
>> 
>> ####### Routing Logic ########
>> 
>> 
>> # Main SIP request routing logic
>> # - processing of any incoming SIP request starts with this route
>> route {
>> 
>>         # per request initial checks
>>         route(REQINIT);
>> 
>>         # NAT detection
>>         route(NAT);
>> 
>> 
>> 
>> 
>> # Caller NAT detection route
>> route[NAT] {
>> #!ifdef WITH_NAT
>>         force_rport();
>>         if (nat_uac_test("19")) {
>>                 if (method=="REGISTER") {
>>                         fix_nated_register();
>>                 } else {
>>                         fix_nated_contact();
>>                 }
>>                 setflag(FLT_NATS);


>>         }
>> #!endif
>>         return;
>> }
>> 
>> # RTPProxy control
>> route[RTPPROXY] {
>> #!ifdef WITH_NAT
>>         if (is_method("BYE")) {
>>                 unforce_rtp_proxy();
>>         } else if (is_method("INVITE")){
>>                 force_rtp_proxy();
>>         }
>>         if (!has_totag()) add_rr_param(";nat=yes");
>> #!endif
>>         return;
>> }
>> 
>> 
> what you have to do is to check if the source is natted and $si==$dd, then callee and caller are behind same nat (if there is one level of nat), so you don't force rtpproxy usage.
> 
> Cheers,
> Daniel
> 
> -- 
> Daniel-Constantin Mierla
> Kamailio (OpenSER) Advanced Training
> Jan 24-26, 2011, Irvine, CA, USA
> http://www.asipto.com
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20101220/d7520e04/attachment-0001.htm>

More information about the sr-users mailing list