Morning Kennard I really appreciate your feedback.
I will be serving different networks, but will have control over most of them or at least be able to assist 3rd party vendors for those I don't. As for another NAT device behind the "Main" Firewall, there wouldn't be an issue like that, but would be a "nice to have" just in case I run into something like that. I think it would be best that I explain what I would like to achieve to clarify what my idea is: I have a Multi-Tenant solution running on Multiple Asterisk Servers. The solution currently works for customer that has an VPN/MPLS connection to me, but I would like to expand my services over the Internet for smaller customers who can not afford VPN/MPLS connections to me, but would like to make use of this service. I would also like to extend this service to have Follow me for my current customers via their mobile devices, from home, etc... The Multi-Tenant Asterisk Servers use one Database and handle all Media including Hunt groups, IVR, Speed Dials, Black/White listing, Connectivity to the PSTN via external Gateways, etc... I am looking at OpenSIPS to only help resolve the NAT issue and do Load-Balancing between my Asterisk Multi-Tenant servers. Hope this clarifies what I am looking to achieving. I would really appreciate your help with this. Perhaps a sample config of how you would do this would be awesome. Thanks again. Best Regards Deon So, I am looking at OpenSIPS to help provide LoadBalancing/Load Sharing between couple of Asterisk Servers, which will cut down a lot on expenses. On 03 Nov 2010, at 5:26 AM, Kennard White wrote: > Hi Deon, > > For better or worse there are many ways to configure opensips > depending upon exactly what you are doing. Re your route6, it should > be invoked from some branch route. One way branch routes are > established is using t_on_branch(). Your route(3) (or somewhere) > must be doing a lookup() and establish a branch route. > > As someone else said, a key question with what you're trying to do > is: is your network an open or closed environment? If open > environment (where you cannot control/know the networks where your > users are) then non-ICE short-circuiting media relay will fail for > people behind non-hairpinning firewalls or double firewalls. ICE > (and yes, full ICE, not just STUN) is more robust way of avoiding > media-relay when not needed. Of course, it has its own issues :-). > > Kennard > > On Tue, Nov 2, 2010 at 11:11 AM, Deon Vermeulen <[email protected] > > wrote: > Hi Kennard > > Thanks for the ideas. > I really appreciate it. > > I got the config as an example from the Building Telephony systems > with OpenSER. > I choose the OpenSER implementation as it describes the implenetation > of MediaProxy. > Reason for choosing MediaProxy is because I am very, very interested > in getting the ICE feature. > > I thought best to first get this config working before playing around > with the ICE configuration. > > Could you be so kind and perhaps show me where I should call up > route(6)? > > I use fully qualified domain names (i.e domaina.com) for the domain. > At the moment I specify the proxy with the IP of my Server as I > haven't setup the DNS records yet. > > I really appreciate your feedback and assistance. > > Regards > Deon > > > On 02 Nov 2010, at 5:08 PM, Kennard White wrote: > > > Hi Deon, > > > > Some ideas: > > 1. Capture the SIP traffic and see if media proxy is being invoked > > in the request and/or response (look for your P-hint messages), and > > the IP addresses. > > 2. Add xlog messages when you invoke mediarelay to confirm that they > > are getting called. > > 3. You're comparing $dd (which is a domain) to $si (which is an IP > > address). I don't think this will work in the general case, but > > maybe you're using IP addresses as your domains? > > 4. I don't see the code that invokes route(6) -- I assume that is in > > a branch_route not the request route? > > > > Good luck, > > Kennard > > > > On Tue, Nov 2, 2010 at 5:25 AM, Deon Vermeulen <[email protected] > > > wrote: > > Hi List > > > > I'm trying to setup NAT to NOT use MediaProxy when it detects that 2 > > devices are behind the same NAT Device, but rather have coms go > > directly between them. > > At the moment I can dial between the 2 phones and answer the call. > > The callee phone says "Call Established" upon answer, but the caller > > phone still says "trying/connecting". > > I am sure this has something to do with my configuration, but I have > > "NO IDEA" where to start looking. > > The phones are setup to use their local IPs with no other STUN, ICE, > > or "proxy like" configurations. > > Below is a snipped from my opensips.cfg with the NAT configs and > would > > really appreciate any help to get this working. > > > > modparam("rr", "enable_full_lr", 1) > > modparam("registrar", "received_avp", "$avp(i:42)") > > modparam("usrloc", "db_mode", 2) > > modparam("usrloc", "nat_bflag", 6) > > modparam("domain", "db_mode", 1) # Use caching > > modparam("auth_db|usrloc|uri|avpops", "use_domain", 1) > > modparam("auth_db|alias_db|domain|uri|uri_db|usrloc|permissions| > > siptrace|group|avpops|presence", "db_url", "mysql:// > > opensips:opensip...@localhost/opensips") > > modparam("nathelper", "natping_interval", 10) > > modparam("nathelper", "received_avp", "$avp(i:42)") > > modparam("mediaproxy", "mediaproxy_socket", "/var/run/mediaproxy- > > dispatcher.sock") > > modparam("mediaproxy", "mediaproxy_timeout", 500) > > modparam("mi_datagram", "socket_name", "/var/run/opensips/ > > opensips.sock") > > modparam("mi_datagram", "children_count", 4) > > > > > > # ------------------------- request routing logic > > ------------------- # > > > > route{ > > > > # > > # -- 1 -- Request Validation > > # > > if (!mf_process_maxfwd_header("10")) { > > sl_send_reply("483","Too Many Hops"); > > exit; > > } > > > > if (msg:len >= 2048 ) { > > sl_send_reply("513", "Message too big"); > > exit; > > } > > > > # > > # -- 2 -- Routing Preprocessing > > # > > ## Record-route all except Register > > ## Mark packets with nat=yes > > ## This mark will be used to identify the request in the loose > > ## route section > > if(!is_method("REGISTER")){ > > if(nat_uac_test("19")){ > > record_route(";nat=yes"); > > } else { > > record_route(); > > } > > } > > > > ##Loose_route packets > > if (has_totag()) { > > #sequential request withing a dialog should > > # take the path determined by record-routing > > if (loose_route()) { > > #Check authentication of re-invites > > if(method=="INVITE") { > > if (!proxy_authorize("","subscriber")) { > > proxy_challenge("","1"); > > exit; > > } else if (!db_check_from()) { > > sl_send_reply("403", "Forbidden, use From=ID"); > > exit; > > } > > } > > ## BYE and CANCEL message handling > > if(method=="BYE" || method=="CANCEL") { > > end_media_session(); > > } > > ##Detect requests in the dialog behind NAT and flag with 6 > > if(nat_uac_test("19") || search("^Route:.*;nat=yes")){ > > append_hf("P-hint: LR|fixcontact,setflag6, > mediaproxy > > \r\n"); > > fix_contact(); > > setbflag(6); > > use_media_proxy(); > > } > > route(1); > > } else { > > sl_send_reply("404","Not here"); > > } > > exit; > > } > > > > #CANCEL processing > > if (is_method("CANCEL")) { > > if (t_check_trans()) { > > end_media_session(); > > t_relay(); > > } > > exit; > > } > > > > t_check_trans(); > > > > # > > # -- 3 -- Determine Request Target > > # > > if (method=="REGISTER") { > > route(2); > > } else { > > route(3); > > } > > } > > > > > > route[1] { > > # > > # -- 4 -- Forward request to target > > # > > # Forward statefully > > t_on_reply("1"); > > t_on_failure("1"); > > if (!t_relay()) { > > sl_reply_error(); > > } > > exit; > > } > > > > route[2] { > > ## Register request handler > > if (is_uri_host_local()) { > > if (!www_authorize("", "subscriber")) { > > www_challenge("", "1"); > > exit; > > } > > > > if (!db_check_to()) { > > sl_send_reply("403", "Forbidden"); > > exit; > > } > > > > # Test to see if Caller is behind NAT > > if(!search("^Contact:[ ]*\*") && client_nat_test("7")) { > > setbflag(6); > > fix_nated_register(); > > force_rport(); > > } > > save("location"); > > exit; > > > > } else { > > sl_send_reply("403", "Forbidden"); > > } > > } > > > > > > route[3] { > > ## Requests handler > > if (is_from_local()){ > > # From an internal domain -> check the credentials and the > > FROM > > #if(!allow_trusted()){ > > if (!proxy_authorize("","subscriber")) { > > proxy_challenge("","0"); > > exit; > > } else if(!db_check_from()) { > > sl_send_reply("403", "Forbidden, use From=ID"); > > exit; > > } > > > > if (client_nat_test("3")) { > > append_hf("P-hint: route(3)| > > setflag7,forcerport,fix_contact\r\n"); > > setbflag(7); > > force_rport(); > > fix_contact(); > > } > > > > .............. > > > > route[6] { > > # > > # -- NAT Traversal handling -- > > # > > # Route[6] is the routing block responsible for activating the > > MediaProxy, whenever > > # the caller or callee is behind NAT (flags 6 or 7 > respectively). > > if (isbflagset(6) || isbflagset(7)) { > > if ( $dd == $si ) { > > xlog("L_INFO", "Both users behind same NAT, so we > > dont use MediaProxy\n"); > > resetbflag(6); # Unset NAT flag general. > > resetbflag(7); # Unset NAT flag general. > > } else > > append_hf("P-hint: Route[6]: mediaproxy \r\n"); > > use_media_proxy(); > > } > > } > > > > ............. > > > > onreply_route[1] { > > # > > #-- On-replay block routing -- > > # > > if (client_nat_test("1")) { > > append_hf("P-hint: Onreply-route - fixcontact \r\n"); > > fix_contact(); > > } > > > > if ((isbflagset(6) || isbflagset(7)) && (status=~"(180)|(183)| > > 2[0-9][0-9]")) { > > if (search("^Content-Type:[ ]*application/sdp")) { > > append_hf("P-hint: onreply_route|usemediaproxy \r\n"); > > use_media_proxy(); > > } > > } > > exit; > > } > > > > > > Thanks again for helping. Really appreciate it. > > > > Regards > > Deon > > > > _______________________________________________ > > Users mailing list > > [email protected] > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > _______________________________________________ > > Users mailing list > > [email protected] > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
