[SR-Users] Kamailio behind NAT

Klaus Darilion klaus.mailinglists at pernau.at
Tue Jan 21 16:25:31 CET 2014


Yes, when calling rtpproxy (whatever function you use, 
manage/offer/answer/force), every function accepts as second parameter 
the IP address which should be written into the SDP c=... line.

So, detect the direction (eg based on source-ip) and put the respective 
internal or external IP address into the SDP.

Of course the NAT must be a static 1:1 NAT without any PAT.

Btw: you have the same problem with some SIP headers, like Record-Route 
or Via. Kamailio has to insert the respective public/private IP, 
depending on where to send the message. If Kamailio uses only a single 
socket, then you have to do this manually. The automatic approach is to 
configure 2 listen=... sockets. One for the internal side, and one for 
the external side. On the "external" socket you add the "advertise" 
option - then Kamailio will automatically put the correct IP addresses 
in RR and Via, eg:

# public IP address of Kamailio/rtpproxy: 3.3.3.3
# internal socket
listen=udp:10.10.0.2
# external socket
listen=udp:10.10.0.3 advertise 3.3.3.3:5060
mhomed=0

You could use separate subnets for the 2 sockets, or you could also use 
only a single IP address with 2 different ports for the 2 sockets.


regards
Klaus


On 21.01.2014 14:50, John Smith wrote:
> The intended setup is as you described in option a.
>
> And the behaviour of rewriting SDP using private/public ports is what I understood the rtpproxy_manage was tasked to do.
>
> As it is not working the way I expected, what is the best way to proceed? To check if the IP is from the outside and then rewrite via rtpproxy_offer in the NATMANAGE block?
>
> Thank you
>
>> ----- Original Message -----
>> From: Klaus Darilion
>> Sent: 01/21/14 05:25 AM
>> To: Kamailio (SER) - Users Mailing List
>> Subject: Re: [SR-Users] Kamailio behind NAT
>>
>> On 21.01.2014 13:24, John Smith wrote:
>>> I might be making wrong assumptions regarding this traffic flow. Is that correct?
>>
>> That depends on your policy. It is up to you to define how RTP should be
>> routed. There are basically 2 choices:
>>
>> a) RTP from clients is handled by rtpproxy:
>>
>> phone1 <-nat-> rtpproxy <--> Asterisk <--> rtpproxy <-nat-> phone2
>>
>> In this case, only the private IP of Kamailio and rtpproxy (can be the
>> same IP address) must be mapped to a public IP address.
>>
>>
>> b) RTP directly to Asterisk:
>>
>> phone1 <-nat-> Asterisk <-nat-> phone2
>>
>> In this case, the private IPs of Kamailio and Asterisk must be mapped to
>> a public IP address.
>>
>>
>> When using version a) you have to make sure to set the proper IP address
>> in the SDP. For example, SDPs in messages from Kamailio to the phone
>> must contains the PUBLIC IP of rtpproxy in the c=... line. SDPs in
>> messages from Kamailio to Asterisk must contain the PRIVATE IP of
>> rtpproxy in the c=... line.
>>
>> regards
>> Klaus
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>



More information about the sr-users mailing list