[SR-Users] Connecting UAs behind Firewall/CgNat with Kamailio without using a Stun Server
miconda at gmail.com
Tue May 8 08:54:05 CEST 2018
there is no way of going through symmetric NAT without a media stream
relay on a public ip address.
The media relay system can be:
1) server side relay controlled by sip server, like rtpengine or rtpproxy
2) dedicated SBC boxes put between end device and sip server, like
Oracle (former ACME) SBC
3) TURN servers, which is concept similar to rtpengine/rtpproxy, but
it is the end device interacting directly with it (sip server does not
interact with the TURN server), so the end device must support TURN protocol
If you do not control the end device or the end device doesn't support
TURN, then the solution has to be 1) or 2). The 2) can be expensive and
adds additional ongoing operations costs.
Note that you can put rtpproxy/rtpengine on a different system than
kamailio. Also, there can be many of them, with kamailio doing sort of
load balancing to distribute calls across all available
The is an alternative by creating a VPN between end devices and core
infrastructure, so everyone is in the network. However, all packets,
including the RTP/media streams are relayed by the VPN server, so you
still get the traffic in the core network.
On 08.05.18 08:29, Pinter, Gerd. wrote:
> Hello Henning, hello Community
> we are using high quality Codecs with bitrates up to 1500Kbit (PCM), but usually 128kbit (Mpeg1 Layer3 or AAC-LD). 128 is Not too much, but I want to be on the save side and therefore I prefer solution without Proxy.
> By the way I am audio engineer at a german commercial radio broadcast network and we try to establish our own "ISDN replacement-SIP Network" for reporting from events like Soccer Games, Karneval, Rock Concerts, Political Party Summits, Lawsuits... whatever. I want to keep frontend as simple as it gets for the reporter.
> Anyway, people told me that the SIP Server of "Mayah Communications" is working without the need of stun or other Client side gadgets, but I am also told that this Mayah server works without Proxy functions. That Company won't tell me their settings of course, but if possible I'd like to have this feature for our SIP Server. At the moment I have still vast problems with connectivity from Devices that are logged on via Vodafone Mobile Network. Even Stun does not work. I guess that CGNAT of Vodafone (All of the Devices I have tested within Vodafone allocate IP Addresses in private range!) opens different Ports for different outbound connections which is the case if I use a 3rd party Stun Server. I have read a lot about this issue these days and there is solution, but I am not too deep into scripting an how to edit the kamailio.cfg. For example, I tried to start Kamailio with Stun, but if I tried to use the built in Stun, I've got error messages on the Client and also in the logfile of the SIP Server (incomplete header of Stun message) Anyone can help, please?
> Best regards Gerd
> Von: Henning Westerholt <hw at kamailio.org>
> Gesendet: Montag, 7. Mai 2018 20:56
> An: sr-users at lists.kamailio.org
> Cc: Pinter, Gerd. <G.Pinter at radionrw.de>
> Betreff: Re: [SR-Users] Connecting UAs behind Firewall/CgNat with Kamailio without using a Stun Server
> Am Montag, 7. Mai 2018, 13:11:50 CEST schrieb Pinter, Gerd.:
>> Won't RTP Proxy cause al lot of traffic? We only have 155mbit for all IT
>> traffic, and our Sip Server also have to manage connections outbound our
>> house, where I thought it might be better let those clients do the payload
>> by peer to peer connection. If I got it right this traffic would flow thru
>> our Sip server with RTP Proxy enabled.
>> Thanks a lot
> Hello Gerd,
> you understood it correctly, indeed using rtpengine/rtpproxy would mean routing additionally your RTP traffic to your network. Depending on the number of sessions and the used codec it may work perfectly, only with some QoS tuning or not at all. You can estimate the bandwith, there are also some calculators online.
> Best regards,
> Henning Westerholt
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
More information about the sr-users