[SR-Users] Kamailio behind NAT - best practice

SamyGo govoiper at gmail.com
Sun Jan 27 15:05:29 CET 2013 

+1 Klaus - I used your tips and Kamailio is working great behind NAT. I'll
try to test different types of NATs and see if SIP and RTP works perfectly
for all scenarios.

Thanks and cheers
Sammy


On Fri, Jan 11, 2013 at 1:42 PM, Klaus Darilion <
klaus.mailinglists at pernau.at> wrote:

>  Am 11.01.2013 02:12, schrieb Richard Brady:
>
> Hi Klaus
>
>  Thanks for posting the  working solution.
>
>  You are right that mhomed=1 won't help if the sockets both have same IP
> address.
>
>
> That's true.
>
>  Though I think if you used it with two different IPs and the correct
> routing tables on the OS then it would work.
>
>
> I have not tried it, but I think it depends on the actual setup.
>
> If both IP addresses are in the same subnet, then it might work if Linux
> uses the "local" IP address for local calls and the "external" IP address
> for external call (i think this can be done with having the local as eth0
> and the external as eth0.1 and specyfing the default gateway for eth0.1
> instead for eth0.)
>
> If the two IP addresses are in different subnets, then mhomed=1 should
> indeed work and the force_send_socket() calls could be removed.
>
> regards
> Klaus
>
>
>
>  In any case your solution is a good one.
>
>  Richard
>
> On 7 January 2013 15:45, Klaus Darilion <klaus.mailinglists at pernau.at>wrote:
>
>> Hi all!
>>
>>
>> On 04.01.2013 18:57, Ovidiu Sas wrote:
>>
>>> Hello Klauss,
>>>
>>> I use record_route_preset for this kind of scenarios:
>>> http://kamailio.org/docs/modules/3.3.x/modules_k/rr.html#id2550086
>>> That was the main reason that I enhanced record_route_preset with the
>>> second parameter (see the Note on string2).
>>>
>>> I haven't tried your idea with two sockets.  Let us know if it's working.
>>> If you need to use the same port on the internal and external
>>> interface, you could add a new IP to the host and listen on two
>>> sockets on the same port and force the socket when sending a request
>>> out.
>>> listen=udp:10.10.0.2
>>> listen=udp:10.10.0.3 advertise pu.bl.ic.ip
>>>
>>
>>  I did some basic tests (incoming, outgoing, on/off-hold). The service
>> provider's SIP trunk was an Asterisk with NAT traversal disabled. Kamailio
>> was NATed 1:1 to the public IP address (exclusively, without port
>> translation). I tested Kamailio only doing near-end NAT-traversal (taking
>> care of its own NAT).
>>
>> I used two IP addresses for the two sockets, but I must works also with a
>> single IP address and different ports.
>>
>> Conclusion: works :-)
>>
>> Following is the setup how I tested it (if you need to add far-end NAT
>> traversal (SIP clients behind another NAT) then it will more complex).
>>
>> regards
>> Klaus
>>
>>
>> # Service Provider for SIP Trunk:         5.5.5.5
>> # public IP address of Kamailio/rtpproxy: 3.3.3.3
>> # rtpproxy binds to 10.10.0.3
>> listen=udp:10.10.0.2
>> listen=udp:10.10.0.3 advertise 3.3.3.3:5060
>> mhomed=0
>>
>> route[RELAY] {
>>         if (src_ip == 5.5.5.5) {
>>                 force_send_socket("10.10.0.2");
>>                 rtpproxy_manage("","10.10.0.3");
>>         } else {
>>                 force_send_socket("10.10.0.3");
>>                 rtpproxy_manage("","3.3.3.3");
>>         }
>>         ...
>>         t_relay();
>> }
>>
>>
>> onreply_route {
>>         if (src_ip == 5.5.5.5) {
>>                 force_send_socket("10.10.0.2");
>>                 rtpproxy_manage("","10.10.0.3");
>>         } else {
>>                 force_send_socket("10.10.0.3");
>>                 rtpproxy_manage("","3.3.3.3");
>>
>>         }
>> }
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing listsr-users at lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20130127/4a059d7c/attachment.htm>

More information about the sr-users mailing list