[SR-Users] Kamailio + rtpproxy talking to multiple carrier gateways

Sarat C. Vemuri sarat.vemuri at fthco.com
Tue Sep 6 02:07:10 CEST 2011 

Again, I apologize for this clumsy way of replying.

Ovidiu,

Thanks for the pointer on set_advertised_address.  I had to patch rtpproxy module (and rr module for the two parameters to request_route_preset) since I am running 3.1.

However, I still have a problem with ACKs after following what you suggested.

INVITE from Internal to Carrier routes properly (two Request-Route headers, one internal IP and other public IP).  On 200 OK, the carrier GW properly copies the route set in to Route header.  Now the route contains two entries, the public IP and the private IP of Kamailio.  The Internal UAC then sends the ACK back to Kamailio.  Everything is fine till this point.  Now, Kamailio removes the top entry, which is the private IP and then promptly sends the ACK to the public IP of itself!.  Of course, that doesn't go anywhere.

How do I remove the "public IP" entry from the route set before forwarding the reply to Internal UAC?  Is there another way to deal with this?  I've tried to set an alias= core parameter with the public IP, but doesn't seem to have any effect. The public IP is not reachable from internal network.

Thanks for your help

SV.
------------------------------

Message: 3
Date: Sat, 3 Sep 2011 16:44:22 -0700
From: Ovidiu Sas <osas at voipembedded.com>
Subject: Re: [SR-Users] Kamailio + rtpproxy talking to multiple
	carrier gateways - some via Firewall/NAT
To: "SIP Router - Kamailio (OpenSER) and SIP Express Router (SER) -
	Users	Mailing List" <sr-users at lists.sip-router.org>
Message-ID:
	<CAND0Lkt_dpcTm2WKMywMhX6rdsX1ia0r=LYrzB1WfX3oN32Wrg at mail.gmail.com>
Content-Type: text/plain; charset=windows-1252

It is feasable to what you want: kamailio behind NAT proxying traffic
from/to public internet to/from private network.
You will need to properly craft the INVITE and use proper record route headers.
Use set_advertised_address when needed:
http://kamailio.org/dokuwiki/doku.php/core-cookbook:3.1.x#set_advertised_address
Also, use record_route_preset (note that there are two parameters):
http://kamailio.org/docs/modules/devel/modules_k/rr.html#id2547566

That should do it.  You don't need any patches for rtpproxy.
Just use force_rtpp_proxy (and force the IP address):
http://kamailio.org/docs/modules/devel/modules/rtpproxy.html#id2546034


Note: Make sure that you understand how in-dialog requests are routed
by a proxy in order to know how to properly handle the initial INVITE.


Regards,
Ovidiu Sas

On Sat, Sep 3, 2011 at 2:53 PM, Sarat C. Vemuri <sarat.vemuri at fthco.com> wrote:
> We are trying to configure Kamailio ?(3.1.x) as a ?boarder proxy? where it
> acts as the front for various carrier gateways so that internal UACs and
> UASs are unaware of the carrier gateways.
>
>
>
> Let me try to present a clear picture of our setup.
>
> 1.?????? Kamailio has several NICs (physical or vlan).? Each on a different
> subnet. One subnet is internal/has routes for internal.? Other subnets are
> private connections to carriers or a ?route to public Internet.
>
> 2.?????? All of these subnets are non-routable from Internet. In addition ,
> the carrier private connections are not routable internally.
>
> 3.?????? Connection to public internet is via a FW/NAT (one-to-one NAT),
> which maps to one of the interfaces.
>
> 4.?????? All internal? UAC/UAS connect on the internal subnet.
>
> 5.?????? We are using RTPProxy? (at least one instance per carrier) to relay
> media between internal and carrier subnets
>
>
>
> We are able to make this setup up work great except for one scenario.? One
> of the carriers is only reachable via public Internet.? Due to security
> requirements, our Kamailio cannot have a public IP address and must use
> FW/NAT. I guess this scenario is ??Proxy behind NAT? and not really
> encouraged. But I would like to see if there is a way to make this work.? We
> cannot use the ?advertised_address? since it changes the IP for every
> ?route?.
>
>
>
> We were able to get this mostly ?working by doing the following
>
> 1.?????? mhomed=1
>
> 2.?????? Small patch in the rtpproxy module so that ?force_rtp_proxy
> actually uses the IP address passed (public IP).
>
> 3.?????? Using request_route_preset(?publicIP?)
>
>
>
> The above ?mostly? works.? By that I mean, the INVITE transaction is
> properly passed between internal UAS and carrier SBC and the call is setup.
> However, further transactions (BYE/re-INVITE) etc do not work properly. So,
> far-end hangups are not ?working etc.
>
>
>
> I?ve searched various archives of this and other SER lists looking to see if
> anyone was able to get this scenario working, but couldn?t find a definitive
> answer.? Most of them point to using ?advertised_address?.
>
>
>
> So, and ideas on how to make ?Proxy behind NAT? work without using
> advertised_address?? Am I wasting my time?
>
>
>
> Thanks in advance for any help you can offer.
>
>
>
> SV.
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>

More information about the sr-users mailing list