[SR-Users] Kamailio behind NAT

John Smith jsmith.15 at mail.com
Tue Jan 21 17:33:53 CET 2014 

Hello Klaus,

I have changed the rtpproxy_manage() in the route(NATMANAGE) to no avail. The c= in the Invite that arrives to Asterisk still points to the public IP of the Phone1. 

Code is as follows:

route[NATMANAGE] {
#!ifdef WITH_NAT
 if (is_request()) {
 if(has_totag()) {
 if(check_route_param("nat=yes")) {
 setbflag(FLB_NATB);
 }
 }
 }
 if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB)))
 return;
 
 if (src_ip == ip.pbx.priva.te) {
                rtpproxy_manage();
        } else {
                rtpproxy_manage("","ip.kamailio.priva.te");
        }
 
 if (is_request()) {
 if (!has_totag()) {
 add_rr_param(";nat=yes");
 }
 }
 if (is_reply()) {
 if(isbflagset(FLB_NATB)) {
 fix_nated_contact();
 }
 }

The next test has been to comment out the rtpproxy_manage at NATMANAGE function and to put it both at route[RELAY] and onreply(route) following your post in this list from January 2013: http://lists.sip-router.org/pipermail/sr-users/2013-January/076254.html.

Now the media flows from Phone1 to Kamailio, from Kamailio to Asterisk and back, but it gets stuck at Kamailio. I cannot see it flow towards the public IP of the Phone2.

The force_send_socket you used could be of any use here?

Thank you

> ----- Original Message -----
> From: Klaus Darilion
> Sent: 01/21/14 07:25 AM
> To: Kamailio (SER) - Users Mailing List
> Subject: Re: [SR-Users] Kamailio behind NAT
> 
> Yes, when calling rtpproxy (whatever function you use, 
> manage/offer/answer/force), every function accepts as second parameter 
> the IP address which should be written into the SDP c=... line.
> 
> So, detect the direction (eg based on source-ip) and put the respective 
> internal or external IP address into the SDP.
> 
> Of course the NAT must be a static 1:1 NAT without any PAT.
> 
> Btw: you have the same problem with some SIP headers, like Record-Route 
> or Via. Kamailio has to insert the respective public/private IP, 
> depending on where to send the message. If Kamailio uses only a single 
> socket, then you have to do this manually. The automatic approach is to 
> configure 2 listen=... sockets. One for the internal side, and one for 
> the external side. On the "external" socket you add the "advertise" 
> option - then Kamailio will automatically put the correct IP addresses 
> in RR and Via, eg:
> 
> # public IP address of Kamailio/rtpproxy: 3.3.3.3
> # internal socket
> listen=udp:10.10.0.2
> # external socket
> listen=udp:10.10.0.3 advertise 3.3.3.3:5060
> mhomed=0
> 
> You could use separate subnets for the 2 sockets, or you could also use 
> only a single IP address with 2 different ports for the 2 sockets.
> 
> 
> regards
> Klaus
> 
> 
> On 21.01.2014 14:50, John Smith wrote:
> > The intended setup is as you described in option a.
> >
> > And the behaviour of rewriting SDP using private/public ports is what I understood the rtpproxy_manage was tasked to do.
> >
> > As it is not working the way I expected, what is the best way to proceed? To check if the IP is from the outside and then rewrite via rtpproxy_offer in the NATMANAGE block?
> >
> > Thank you
> >
> >> ----- Original Message -----
> >> From: Klaus Darilion
> >> Sent: 01/21/14 05:25 AM
> >> To: Kamailio (SER) - Users Mailing List
> >> Subject: Re: [SR-Users] Kamailio behind NAT
> >>
> >> On 21.01.2014 13:24, John Smith wrote:
> >>> I might be making wrong assumptions regarding this traffic flow. Is that correct?
> >>
> >> That depends on your policy. It is up to you to define how RTP should be
> >> routed. There are basically 2 choices:
> >>
> >> a) RTP from clients is handled by rtpproxy:
> >>
> >> phone1 <-nat-> rtpproxy <--> Asterisk <--> rtpproxy <-nat-> phone2
> >>
> >> In this case, only the private IP of Kamailio and rtpproxy (can be the
> >> same IP address) must be mapped to a public IP address.
> >>
> >>
> >> b) RTP directly to Asterisk:
> >>
> >> phone1 <-nat-> Asterisk <-nat-> phone2
> >>
> >> In this case, the private IPs of Kamailio and Asterisk must be mapped to
> >> a public IP address.
> >>
> >>
> >> When using version a) you have to make sure to set the proper IP address
> >> in the SDP. For example, SDPs in messages from Kamailio to the phone
> >> must contains the PUBLIC IP of rtpproxy in the c=... line. SDPs in
> >> messages from Kamailio to Asterisk must contain the PRIVATE IP of
> >> rtpproxy in the c=... line.
> >>
> >> regards
> >> Klaus
> >>
> >> _______________________________________________
> >> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> >> sr-users at lists.sip-router.org
> >> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
> >
> >
> > _______________________________________________
> > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> > sr-users at lists.sip-router.org
> > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
> >
> 
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

More information about the sr-users mailing list