[SR-Users] FW: Client site NAT negotiation with no STUN.

Rob Moore Rob.Moore at Aeriandi.com
Fri Feb 14 16:31:20 CET 2014 

Lol,

Thanks Daniel! I was concerned my art may get munged, I was using a mobile device to write the original message and was kind of hoping it would have used a monospaced fonts.... go windows phone.

Anyway, I've had a look at the change you've suggested, unfortunately it seems to have made little difference and the RTP proxy is still trying to send traffic to the client SIPPhones private ip address and not the firewall.

It's probably worth clarifying (seen as the diagram got mangled)  that I don't have an RTPproxy at our client site only in our data centre paid with our kamailio.

Here's another attempt at the diagram this looks like it's going in munged but we'll see I guess: 

                                                             -------------                        
                                                     -------|  RTPproxy   |------                 
 ---------          ---------                        |       -------------      |      ---------- 
|SIP Phone|--------|Firewall |---------internet-------------|  kamailio   |-----------|Freeswitch|
 ---------          ---------                                -------------             ----------

Any other suggestions?

-----Original Message-----
From: sr-users-bounces at lists.sip-router.org [mailto:sr-users-bounces at lists.sip-router.org] On Behalf Of Daniel Tryba
Sent: 14 February 2014 09:45
To: sr-users at lists.sip-router.org
Subject: Re: [SR-Users] FW: Client site NAT negotiation with no STUN.

On Friday 14 February 2014 10:18:07 Rob Moore wrote:
> (please excuse the beautiful ASCI art)

You failed, it's not beatifull, it's a mess (be sure to use a monospaced font and spaces when drawing ASCII art (since not all clients use monospaced to display it will always fail in some clients)). See http://lists.sip-router.org/pipermail/sr-users/2014-February/081601.html
for the result as I've seen your art :)

> Can anyone suggest any other potential methods for getting around this 
> problem?

I learned to never trust anything a client tells me in a SIP message, forcing all rtp through the rtpproxy only leaves firewall issues at the client IMHO. 
On an SBC kind of setup just always call rtpproxy_manage() regardless wheter you detect a natted client. 

In the "default" kamailio.conf just move rtpproxy_manage in the route[NATMANAGE] to the beginning of the route (the f to use the local rtpproxy even if an other rtpproxy is detected)

# RTPProxy control
route[NATMANAGE] {
#!ifdef WITH_NAT
	rtpproxy_manage("f");
	
	if (is_request()) {
....

-- 

POCOS B.V. - Croy 9c - 5653 LC Eindhoven
Telefoon: 040 293 8661 - Fax: 040 293 8658
http://www.pocos.nl/   - http://www.sipo.nl/
K.v.K. Eindhoven 17097024

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users at lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

More information about the sr-users mailing list