[Kamailio-Users] if client has stun support, does kamailio still needs to support NAT/rtpproxy ?

[Iñaki Baz Castillo]

2003/12/5 Jinsong <jinsong_hu at hotmail.com>:
> Hi, There:
>  I have been wondering that , if client/phone has stun support, does kamailio still needs to support NAT/rtpproxy ?
> in theory, when the client has stun support, it can find out its own public address and port, and from kamailio's point of view,
> it just looks like the client is in the public internet. so kamailio should have no need to do NAT/rtpproxy.  without NAT/rtpproxy,
> the bandwidth requirement on the kamailio is drastically cut down, because kamailio only needs to handle signal.
>  What I am not sure is , for the clients with sip support, will it constantly send out requests, say, every 2 minutes,
> so the firewall won't expire the mapping of private/public address and port on the firewall itself. in case the client
> doesn't send out requests constantly, then the mapping may expire and that may present a problem. in that case,
> if we let kamailio send out OPTIONS every 1 minute to the client, then the mapping can be kept alive. if that is true,
> then we will still don't need rtpproxy, thus saving bandwidth on the server and scales much better.
>  Is that I described true ?

As you said, a client supporting STUN behaves as a client with public
IP. In fact, a proxy *cannot* differenciate between a client with real
public address and other client doing STUN.

However, note that STUN doesn't work behind symmetric NAT routers. The
client detects this kind of NAT when performing the initial STUN test.

Also, a client doing STUN already knows that it is behind NAT so it
mantains open the UDP "connection" by sending keepalives (OPTIONS
i.e.).


-- 
Iñaki Baz Castillo
<ibc at aliax.net>