[SR-Users] NAT problem

Henning Westerholt hw at skalatan.de
Wed Sep 18 20:21:29 CEST 2019 

Hello Arnout,

don't worry, everybody started somewhere. Great that it works now. :-)

About the changing the from and to header - there is indeed functionality in the uac module for that, look for the "replace" functions there.

Cheers,

Henning

Am 17.09.19 um 13:35 schrieb Arnout Van Den Kieboom:
Yes sorry, it is a typo.

I meant public ip...

But indeed, it does go once again through the firewall.
I am thinking the problem is here:

In the tcpdump (on kamailio) I see it says incoming call from:

sip:number at IP OF CARRIER

Ans it is forwarded this way to pbx

I "think" that this way the PBX will send a reply directly to the IP of the carrier for RTP.
When I look at the tcpdump (on the pbx) it does seem this way.
(I am still trying to comprehend the whole sip dialog, learning bit by bit)

So, I am trying to change the "from" and "to" header to use the ip of kamailio, and not of the carrier.
For this I am using uac module. But no success until now...

I had to do this to get call from extension on pbx, through kamailio , to carrier to work (And this works (hurray)).

(Maybe I'm saying stupid stuff and I'm totally wrong)

Thanks a lot for the help!

Arnout

Op di 17 sep. 2019 om 11:01 schreef Daniel-Constantin Mierla <miconda at gmail.com<mailto:miconda at gmail.com>>:
Hello,

might be just a typing mistake, but:

rtpproxy -A  "private ip" -F -l "local ip" -m 10000 -M 20000 -s udp:*:7722 -d INFO

says that -A is private ip, it should be public IP.

Then, towards asterisk, is it everything on a private network, or does it go again through some FW with public ip and port forwarding?

Cheers,
Daniel

On Tue, Sep 17, 2019 at 10:23 AM Arnout Van Den Kieboom <arnoutvdkieboom at gmail.com<mailto:arnoutvdkieboom at gmail.com>> wrote:
Hi,

Firewall (PFsense) does port forwarding:

inbound publicIP:5060 -->  private ip (192.168.150.119)

inbound PublicIP:10000 to 20000 -> private ip (192.168.150.119)

The public ip is set in the config file (kamailio.cfg) and RTP proxy is started with

rtpproxy -A  "private ip" -F -l "local ip" -m 10000 -M 20000 -s udp:*:7722 -d INFO

In the cfg file NATtin is defined. (define with_nat)
rtpproxy module is loaded.

This works for most audio situations, except with the carrier
Also very important: the carrier i am using for testing requires authentication, so I am using the uac module.

I can see the registration with the provider, i see the inbound call in kamailio, I see the inbound call in asterisk.
A connection is set up like it should, but then there is One way audio.

The weird thing is:
this route works without a problem: carrier --> FW -->kamailio --> (back through firewall) FW --> user subscribed to kamaiolio.
(which should imply the same NAT'ing problems?)

If you need more info, feel free to ask!

PS: What i haven't tried yet is to call from asterisk through kamailio to the carrier number, this is what i'll set up and test next)

Arnout

Op ma 16 sep. 2019 om 13:26 schreef Daniel-Constantin Mierla <miconda at gmail.com<mailto:miconda at gmail.com>>:
Hello,

is Kamailio and RTPProxy (or Asterisk) using public IP addresses? Or they listen on a private address and the firewall does port forwarding of a public IP address?

Cheers,
Daniel

On Mon, Sep 16, 2019 at 10:51 AM Arnout Van Den Kieboom <arnoutvdkieboom at gmail.com<mailto:arnoutvdkieboom at gmail.com>> wrote:
Hi,

First of all, I'm really new to Kamailio. So sorry if I ask a stupid question, or perhaps a really weird one.

I started using kamailio in a test environment about a week ago.

for setup i have the situation for inbound calls: Carrier --> FW (NAT) --> Kamailio
for outbound to an asterisk box i have: Kamailio --> FW (NAT) --> Asterisk
for outbound to users i have: Kamailio --> FW (NAT) --> sip-phone (yealink) or grandstream

During that time i was able to :
Set up calls to users,
Use the dispatcher module
use the avpops module to do data lookups.
Get calls from asterisk to kamailio user to work.
Also calls between users (even though behind nat) are having good audio.

I have installed rtpproxy and it works nicely.

There is just one situation where it fails:

Carrier --> FW (NAT) Kamailio --> asterisk

There is only one way audio (from asterisk to carrier) but not from carrier to asterisk.

I believe I need to do something with the rtp proxy module ... and tried different things (forcing the r flag, forcing the w flag)
Any idea where I might need to start looking? It's been driving me crazy...

Thanks

Pemp


_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users


--
Daniel-Constantin Mierla - https://www.asipto.com
https://twitter.com/miconda - https://www.linkedin.com/in/miconda
Kamailio Advanced Training - https://www.asipto.com/u/kat
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users


--
Daniel-Constantin Mierla - https://www.asipto.com
https://twitter.com/miconda - https://www.linkedin.com/in/miconda
Kamailio Advanced Training - https://www.asipto.com/u/kat
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users



_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users


--
Kamailio Merchandising - https://skalatan.de/merchandising/
Kamailio services - https://skalatan.de/services
Henning Westerholt - https://skalatan.de/blog/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20190918/443717fa/attachment.html>

More information about the sr-users mailing list