subject:"\[SR\-Users\] Using Kamalio as a proxy for internal servers"

Re: [SR-Users] Using Kamalio as a proxy for internal servers

2020-09-11 Thread Henning Westerholt

Hi Moshe,

usually you specify the socket that you be used (either by IP, or in new 
release by socket name). That can be done in the cfg or also in some modules, 
e.g. dispatcher.

Cheers,

Henning

--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com<https://gilawa.com/>

From: sr-users  On Behalf Of Moshe Katz
Sent: Monday, September 7, 2020 2:45 PM
To: Kamailio (SER) - Users Mailing List 
Subject: Re: [SR-Users] Using Kamalio as a proxy for internal servers

Olle,
If I define another listen line, how do I tell Kamailio to use one listen line 
for inside traffic and the other for outside traffic?


Sergey,

Using IPv6 internally is a great idea. I'll have to see if I can try it.


Thank you both!


On Mon, Sep 7, 2020 at 7:39 AM Olle E. Johansson 
mailto:o...@edvina.net>> wrote:



On 7 Sep 2020, at 12:24, Sergey Safarov 
mailto:s.safa...@gmail.com>> wrote:

To resolve such an issue I switched to use IPv6 on internal SIP servers for 
signaling and IPv4 for RTPmedia.

For me works like a charm.
Very elegant solution!

/O


On Mon, Sep 7, 2020 at 9:58 AM Olle E. Johansson 
mailto:o...@edvina.net>> wrote:
You need to define another listen= without the advertise for communication with 
internal servers. Either another IP or another port.

/O


On 6 Sep 2020, at 17:34, Moshe Katz 
mailto:kohenk...@gmail.com>> wrote:

Hello all,

(Note: I previously posted a more detailed version of this question on 
StackOverflow at https://stackoverflow.com/q/63760506/829970 . This version is 
simplified to fit better in an email.)

I have Kamailio 5.4.1 (and RTPEngine) running on an internal server with a 
private IP address 172.31.7.96 and One-to-one NAT to an external IP address. 
The external IP is 192.0.2.100. (Note: The internal IP addresses are all 
unedited, but the public IPs have been replaced with TEST-NET-1 and TEST-NET-2 
example addresses.) I will eventually be doing transcoding with RTPEngine, but 
for now this is a simple SIP Proxy.

Kamailio is installed on Ubuntu 18.04 using the DEB packages from 
dev.kamailio.org/kamailio54<http://dev.kamailio.org/kamailio54> and is using 
the stock configuration that comes with those packages, except for the 
following changes:


#!define WITH_NAT

#!define WITH_RTPENGINE

#!define WITH_MYSQL

#!define WITH_AUTH

#!define WITH_IPAUTH



listen=udp:0.0.0.0:5060<http://0.0.0.0:5060/> advertise 
192.0.2.100:5060<http://192.0.2.100:5060/>



#!define DBURL 
"mysql://kamailio:REAL_PASSWORD_HERE@127.0.0.1/kamailio<http://kamailio:REAL_PASSWORD_HERE@127.0.0.1/kamailio>"

I have internal SIP servers with private IP addresses in the 
172.31.7.0/24<http://172.31.7.0/24> range that I want to have send all SIP 
traffic through the Kamailio server. The internal servers are running a Java 
SIP client with the `OUTBOUND_PROXY` setting set to 172.31.7.96.

The problem I have is that the SIP `200 OK` message sent by Kamailio to my SIP 
server has its `Record-Route` header set to the public IP address `192.0.2.100` 
instead of the private address `172.31.7.96`. The SIP client therefore tries to 
send the `ACK` message back to the public address, but it has no route to the 
public address so the ACK never gets sent.

How can I configure Kamailio to use the public IP for external traffic but the 
private IP for communicating with internal machines on the same subnet?

I tried setting `mhomed=1`, but the machine isn't actually multi-homed so that 
didn't work.

I thought of adding a second listen line 
`listen=udp:172.31.7.96:5061<http://172.31.7.96:5061/>` and having the internal 
servers talk to port 5061, but that doesn't work because Kamailio uses the 5061 
definition for the external side too.

I see in the docs that it is possible to name the listener lines, but I don't 
understand how to use those names in a way that would be relevant to my issue.

Thank you very much for your help,

Moshe
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Using Kamalio as a proxy for internal servers

2020-09-07 Thread Moshe Katz

Olle,

If I define another listen line, how do I tell Kamailio to use one listen
line for inside traffic and the other for outside traffic?


Sergey,

Using IPv6 internally is a great idea. I'll have to see if I can try it.


Thank you both!



On Mon, Sep 7, 2020 at 7:39 AM Olle E. Johansson  wrote:

>
>
> On 7 Sep 2020, at 12:24, Sergey Safarov  wrote:
>
> To resolve such an issue I switched to use IPv6 on internal SIP servers
> for signaling and IPv4 for RTPmedia.
>
> For me works like a charm.
>
> Very elegant solution!
>
> /O
>
>
> On Mon, Sep 7, 2020 at 9:58 AM Olle E. Johansson  wrote:
>
>> You need to define another listen= without the advertise for
>> communication with internal servers. Either another IP or another port.
>>
>> /O
>>
>> On 6 Sep 2020, at 17:34, Moshe Katz  wrote:
>>
>> Hello all,
>>
>> (Note: I previously posted a more detailed version of this question on
>> StackOverflow at https://stackoverflow.com/q/63760506/829970 . This
>> version is simplified to fit better in an email.)
>>
>> I have Kamailio 5.4.1 (and RTPEngine) running on an internal server with
>> a private IP address 172.31.7.96 and One-to-one NAT to an external IP
>> address. The external IP is 192.0.2.100. (Note: The internal IP addresses
>> are all unedited, but the public IPs have been replaced with TEST-NET-1 and
>> TEST-NET-2 example addresses.) I will eventually be doing transcoding with
>> RTPEngine, but for now this is a simple SIP Proxy.
>>
>> Kamailio is installed on Ubuntu 18.04 using the DEB packages from
>> dev.kamailio.org/kamailio54 and is using the stock configuration that
>> comes with those packages, except for the following changes:
>>
>> #!define WITH_NAT
>> #!define WITH_RTPENGINE
>> #!define WITH_MYSQL
>> #!define WITH_AUTH
>> #!define WITH_IPAUTH
>>
>> listen=udp:0.0.0.0:5060 advertise 192.0.2.100:5060
>>
>> #!define DBURL "mysql://kamailio:REAL_PASSWORD_HERE@127.0.0.1/kamailio"
>>
>>
>> I have internal SIP servers with private IP addresses in the
>> 172.31.7.0/24 range that I want to have send all SIP traffic through the
>> Kamailio server. The internal servers are running a Java SIP client with
>> the `OUTBOUND_PROXY` setting set to 172.31.7.96.
>>
>> The problem I have is that the SIP `200 OK` message sent by Kamailio to
>> my SIP server has its `Record-Route` header set to the public IP address
>> `192.0.2.100` instead of the private address `172.31.7.96`. The SIP client
>> therefore tries to send the `ACK` message back to the public address, but
>> it has no route to the public address so the ACK never gets sent.
>>
>> How can I configure Kamailio to use the public IP for external traffic
>> but the private IP for communicating with internal machines on the same
>> subnet?
>>
>> I tried setting `mhomed=1`, but the machine isn't actually multi-homed so
>> that didn't work.
>>
>> I thought of adding a second listen line `listen=udp:172.31.7.96:5061`
>> and having the internal servers talk to port 5061, but that doesn't work
>> because Kamailio uses the 5061 definition for the external side too.
>>
>> I see in the docs that it is possible to name the listener lines, but I
>> don't understand how to use those names in a way that would be relevant to
>> my issue.
>>
>> Thank you very much for your help,
>>
>> Moshe
>> ___
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>> ___
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Using Kamalio as a proxy for internal servers

2020-09-07 Thread Olle E. Johansson



> On 7 Sep 2020, at 12:24, Sergey Safarov  wrote:
> 
> To resolve such an issue I switched to use IPv6 on internal SIP servers for 
> signaling and IPv4 for RTPmedia.
> 
> For me works like a charm.
Very elegant solution!

/O
> 
> On Mon, Sep 7, 2020 at 9:58 AM Olle E. Johansson  > wrote:
> You need to define another listen= without the advertise for communication 
> with internal servers. Either another IP or another port.
> 
> /O
> 
>> On 6 Sep 2020, at 17:34, Moshe Katz > > wrote:
>> 
>> Hello all,
>> 
>> (Note: I previously posted a more detailed version of this question on 
>> StackOverflow at https://stackoverflow.com/q/63760506/829970 
>>  . This version is simplified 
>> to fit better in an email.)
>> 
>> I have Kamailio 5.4.1 (and RTPEngine) running on an internal server with a 
>> private IP address 172.31.7.96 and One-to-one NAT to an external IP address. 
>> The external IP is 192.0.2.100. (Note: The internal IP addresses are all 
>> unedited, but the public IPs have been replaced with TEST-NET-1 and 
>> TEST-NET-2 example addresses.) I will eventually be doing transcoding with 
>> RTPEngine, but for now this is a simple SIP Proxy.
>> 
>> Kamailio is installed on Ubuntu 18.04 using the DEB packages from 
>> dev.kamailio.org/kamailio54  and is 
>> using the stock configuration that comes with those packages, except for the 
>> following changes:
>> 
>> #!define WITH_NAT
>> #!define WITH_RTPENGINE
>> #!define WITH_MYSQL
>> #!define WITH_AUTH
>> #!define WITH_IPAUTH
>> 
>> listen=udp:0.0.0.0:5060  advertise 192.0.2.100:5060 
>> 
>> 
>> #!define DBURL "mysql://kamailio:REAL_PASSWORD_HERE@127.0.0.1/kamailio 
>> "
>> 
>> I have internal SIP servers with private IP addresses in the 172.31.7.0/24 
>>  range that I want to have send all SIP traffic 
>> through the Kamailio server. The internal servers are running a Java SIP 
>> client with the `OUTBOUND_PROXY` setting set to 172.31.7.96.
>> 
>> The problem I have is that the SIP `200 OK` message sent by Kamailio to my 
>> SIP server has its `Record-Route` header set to the public IP address 
>> `192.0.2.100` instead of the private address `172.31.7.96`. The SIP client 
>> therefore tries to send the `ACK` message back to the public address, but it 
>> has no route to the public address so the ACK never gets sent.
>> 
>> How can I configure Kamailio to use the public IP for external traffic but 
>> the private IP for communicating with internal machines on the same subnet?
>> 
>> I tried setting `mhomed=1`, but the machine isn't actually multi-homed so 
>> that didn't work.
>> 
>> I thought of adding a second listen line `listen=udp:172.31.7.96:5061 
>> ` and having the internal servers talk to port 
>> 5061, but that doesn't work because Kamailio uses the 5061 definition for 
>> the external side too.
>> 
>> I see in the docs that it is possible to name the listener lines, but I 
>> don't understand how to use those names in a way that would be relevant to 
>> my issue.
>> 
>> Thank you very much for your help,
>> 
>> Moshe
>> ___
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org 
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users 
>> 
> 
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org 
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users 
> 
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Using Kamalio as a proxy for internal servers

2020-09-07 Thread Sergey Safarov

To resolve such an issue I switched to use IPv6 on internal SIP servers for
signaling and IPv4 for RTPmedia.

For me works like a charm.

On Mon, Sep 7, 2020 at 9:58 AM Olle E. Johansson  wrote:

> You need to define another listen= without the advertise for communication
> with internal servers. Either another IP or another port.
>
> /O
>
> On 6 Sep 2020, at 17:34, Moshe Katz  wrote:
>
> Hello all,
>
> (Note: I previously posted a more detailed version of this question on
> StackOverflow at https://stackoverflow.com/q/63760506/829970 . This
> version is simplified to fit better in an email.)
>
> I have Kamailio 5.4.1 (and RTPEngine) running on an internal server with a
> private IP address 172.31.7.96 and One-to-one NAT to an external IP
> address. The external IP is 192.0.2.100. (Note: The internal IP addresses
> are all unedited, but the public IPs have been replaced with TEST-NET-1 and
> TEST-NET-2 example addresses.) I will eventually be doing transcoding with
> RTPEngine, but for now this is a simple SIP Proxy.
>
> Kamailio is installed on Ubuntu 18.04 using the DEB packages from
> dev.kamailio.org/kamailio54 and is using the stock configuration that
> comes with those packages, except for the following changes:
>
> #!define WITH_NAT
> #!define WITH_RTPENGINE
> #!define WITH_MYSQL
> #!define WITH_AUTH
> #!define WITH_IPAUTH
>
> listen=udp:0.0.0.0:5060 advertise 192.0.2.100:5060
>
> #!define DBURL "mysql://kamailio:REAL_PASSWORD_HERE@127.0.0.1/kamailio"
>
>
> I have internal SIP servers with private IP addresses in the 172.31.7.0/24
> range that I want to have send all SIP traffic through the Kamailio server.
> The internal servers are running a Java SIP client with the
> `OUTBOUND_PROXY` setting set to 172.31.7.96.
>
> The problem I have is that the SIP `200 OK` message sent by Kamailio to my
> SIP server has its `Record-Route` header set to the public IP address
> `192.0.2.100` instead of the private address `172.31.7.96`. The SIP client
> therefore tries to send the `ACK` message back to the public address, but
> it has no route to the public address so the ACK never gets sent.
>
> How can I configure Kamailio to use the public IP for external traffic but
> the private IP for communicating with internal machines on the same subnet?
>
> I tried setting `mhomed=1`, but the machine isn't actually multi-homed so
> that didn't work.
>
> I thought of adding a second listen line `listen=udp:172.31.7.96:5061`
> and having the internal servers talk to port 5061, but that doesn't work
> because Kamailio uses the 5061 definition for the external side too.
>
> I see in the docs that it is possible to name the listener lines, but I
> don't understand how to use those names in a way that would be relevant to
> my issue.
>
> Thank you very much for your help,
>
> Moshe
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Using Kamalio as a proxy for internal servers

2020-09-07 Thread Olle E. Johansson

You need to define another listen= without the advertise for communication with 
internal servers. Either another IP or another port.

/O

> On 6 Sep 2020, at 17:34, Moshe Katz  wrote:
> 
> Hello all,
> 
> (Note: I previously posted a more detailed version of this question on 
> StackOverflow at https://stackoverflow.com/q/63760506/829970 
>  . This version is simplified to 
> fit better in an email.)
> 
> I have Kamailio 5.4.1 (and RTPEngine) running on an internal server with a 
> private IP address 172.31.7.96 and One-to-one NAT to an external IP address. 
> The external IP is 192.0.2.100. (Note: The internal IP addresses are all 
> unedited, but the public IPs have been replaced with TEST-NET-1 and 
> TEST-NET-2 example addresses.) I will eventually be doing transcoding with 
> RTPEngine, but for now this is a simple SIP Proxy.
> 
> Kamailio is installed on Ubuntu 18.04 using the DEB packages from 
> dev.kamailio.org/kamailio54  and is using 
> the stock configuration that comes with those packages, except for the 
> following changes:
> 
> #!define WITH_NAT
> #!define WITH_RTPENGINE
> #!define WITH_MYSQL
> #!define WITH_AUTH
> #!define WITH_IPAUTH
> 
> listen=udp:0.0.0.0:5060  advertise 192.0.2.100:5060 
> 
> 
> #!define DBURL "mysql://kamailio:REAL_PASSWORD_HERE@127.0.0.1/kamailio 
> "
> 
> I have internal SIP servers with private IP addresses in the 172.31.7.0/24 
>  range that I want to have send all SIP traffic through 
> the Kamailio server. The internal servers are running a Java SIP client with 
> the `OUTBOUND_PROXY` setting set to 172.31.7.96.
> 
> The problem I have is that the SIP `200 OK` message sent by Kamailio to my 
> SIP server has its `Record-Route` header set to the public IP address 
> `192.0.2.100` instead of the private address `172.31.7.96`. The SIP client 
> therefore tries to send the `ACK` message back to the public address, but it 
> has no route to the public address so the ACK never gets sent.
> 
> How can I configure Kamailio to use the public IP for external traffic but 
> the private IP for communicating with internal machines on the same subnet?
> 
> I tried setting `mhomed=1`, but the machine isn't actually multi-homed so 
> that didn't work.
> 
> I thought of adding a second listen line `listen=udp:172.31.7.96:5061 
> ` and having the internal servers talk to port 
> 5061, but that doesn't work because Kamailio uses the 5061 definition for the 
> external side too.
> 
> I see in the docs that it is possible to name the listener lines, but I don't 
> understand how to use those names in a way that would be relevant to my issue.
> 
> Thank you very much for your help,
> 
> Moshe
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] Using Kamalio as a proxy for internal servers

2020-09-06 Thread Moshe Katz

Hello all,

(Note: I previously posted a more detailed version of this question on
StackOverflow at https://stackoverflow.com/q/63760506/829970 . This version
is simplified to fit better in an email.)

I have Kamailio 5.4.1 (and RTPEngine) running on an internal server with a
private IP address 172.31.7.96 and One-to-one NAT to an external IP
address. The external IP is 192.0.2.100. (Note: The internal IP addresses
are all unedited, but the public IPs have been replaced with TEST-NET-1 and
TEST-NET-2 example addresses.) I will eventually be doing transcoding with
RTPEngine, but for now this is a simple SIP Proxy.

Kamailio is installed on Ubuntu 18.04 using the DEB packages from
dev.kamailio.org/kamailio54 and is using the stock configuration that comes
with those packages, except for the following changes:

#!define WITH_NAT
#!define WITH_RTPENGINE
#!define WITH_MYSQL
#!define WITH_AUTH
#!define WITH_IPAUTH

listen=udp:0.0.0.0:5060 advertise 192.0.2.100:5060

#!define DBURL "mysql://kamailio:REAL_PASSWORD_HERE@127.0.0.1/kamailio"


I have internal SIP servers with private IP addresses in the 172.31.7.0/24
range that I want to have send all SIP traffic through the Kamailio server.
The internal servers are running a Java SIP client with the
`OUTBOUND_PROXY` setting set to 172.31.7.96.

The problem I have is that the SIP `200 OK` message sent by Kamailio to my
SIP server has its `Record-Route` header set to the public IP address
`192.0.2.100` instead of the private address `172.31.7.96`. The SIP client
therefore tries to send the `ACK` message back to the public address, but
it has no route to the public address so the ACK never gets sent.

How can I configure Kamailio to use the public IP for external traffic but
the private IP for communicating with internal machines on the same subnet?

I tried setting `mhomed=1`, but the machine isn't actually multi-homed so
that didn't work.

I thought of adding a second listen line `listen=udp:172.31.7.96:5061` and
having the internal servers talk to port 5061, but that doesn't work
because Kamailio uses the 5061 definition for the external side too.

I see in the docs that it is possible to name the listener lines, but I
don't understand how to use those names in a way that would be relevant to
my issue.

Thank you very much for your help,

Moshe
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Using Kamalio as a proxy for internal servers

Re: [SR-Users] Using Kamalio as a proxy for internal servers

Re: [SR-Users] Using Kamalio as a proxy for internal servers

Re: [SR-Users] Using Kamalio as a proxy for internal servers

Re: [SR-Users] Using Kamalio as a proxy for internal servers

[SR-Users] Using Kamalio as a proxy for internal servers

6 matches

Site Navigation

Mail list logo

Footer information