[SR-Users] Using Kamalio as a proxy for internal servers
Moshe Katz
kohenkatz at gmail.com
Sun Sep 6 17:34:30 CEST 2020
Hello all,
(Note: I previously posted a more detailed version of this question on
StackOverflow at https://stackoverflow.com/q/63760506/829970 . This version
is simplified to fit better in an email.)
I have Kamailio 5.4.1 (and RTPEngine) running on an internal server with a
private IP address 172.31.7.96 and One-to-one NAT to an external IP
address. The external IP is 192.0.2.100. (Note: The internal IP addresses
are all unedited, but the public IPs have been replaced with TEST-NET-1 and
TEST-NET-2 example addresses.) I will eventually be doing transcoding with
RTPEngine, but for now this is a simple SIP Proxy.
Kamailio is installed on Ubuntu 18.04 using the DEB packages from
dev.kamailio.org/kamailio54 and is using the stock configuration that comes
with those packages, except for the following changes:
#!define WITH_NAT
#!define WITH_RTPENGINE
#!define WITH_MYSQL
#!define WITH_AUTH
#!define WITH_IPAUTH
listen=udp:0.0.0.0:5060 advertise 192.0.2.100:5060
#!define DBURL "mysql://kamailio:REAL_PASSWORD_HERE@127.0.0.1/kamailio"
I have internal SIP servers with private IP addresses in the 172.31.7.0/24
range that I want to have send all SIP traffic through the Kamailio server.
The internal servers are running a Java SIP client with the
`OUTBOUND_PROXY` setting set to 172.31.7.96.
The problem I have is that the SIP `200 OK` message sent by Kamailio to my
SIP server has its `Record-Route` header set to the public IP address
`192.0.2.100` instead of the private address `172.31.7.96`. The SIP client
therefore tries to send the `ACK` message back to the public address, but
it has no route to the public address so the ACK never gets sent.
How can I configure Kamailio to use the public IP for external traffic but
the private IP for communicating with internal machines on the same subnet?
I tried setting `mhomed=1`, but the machine isn't actually multi-homed so
that didn't work.
I thought of adding a second listen line `listen=udp:172.31.7.96:5061` and
having the internal servers talk to port 5061, but that doesn't work
because Kamailio uses the 5061 definition for the external side too.
I see in the docs that it is possible to name the listener lines, but I
don't understand how to use those names in a way that would be relevant to
my issue.
Thank you very much for your help,
Moshe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200906/1685ffa6/attachment.htm>
More information about the sr-users
mailing list