Hi List Anyone else able to assist me?
Really appreciate any help I can get. Regards Deon On 03 Nov 2010, at 8:17 AM, Deon Vermeulen wrote: > Morning Kennard > > I really appreciate your feedback. > > I will be serving different networks, but will have control over > most of them or at least be able to assist 3rd party vendors for > those I don't. > > As for another NAT device behind the "Main" Firewall, there wouldn't > be an issue like that, but would be a "nice to have" just in case I > run into something like that. > > I think it would be best that I explain what I would like to achieve > to clarify what my idea is: > > I have a Multi-Tenant solution running on Multiple Asterisk Servers. > The solution currently works for customer that has an VPN/MPLS > connection to me, but I would like to expand my services over the > Internet for smaller customers who can not afford VPN/MPLS > connections to me, but would like to make use of this service. > I would also like to extend this service to have Follow me for my > current customers via their mobile devices, from home, etc... > The Multi-Tenant Asterisk Servers use one Database and handle all > Media including Hunt groups, IVR, Speed Dials, Black/White listing, > Connectivity to the PSTN via external Gateways, etc... > I am looking at OpenSIPS to only help resolve the NAT issue and do > Load-Balancing between my Asterisk Multi-Tenant servers. > > Hope this clarifies what I am looking to achieving. > > I would really appreciate your help with this. > Perhaps a sample config of how you would do this would be awesome. > > Thanks again. > > Best Regards > Deon > > > So, I am looking at OpenSIPS to help provide LoadBalancing/Load > Sharing between couple of Asterisk Servers, which will cut down a > lot on expenses. > > On 03 Nov 2010, at 5:26 AM, Kennard White wrote: > >> Hi Deon, >> >> For better or worse there are many ways to configure opensips >> depending upon exactly what you are doing. Re your route6, it >> should be invoked from some branch route. One way branch routes are >> established is using t_on_branch(). Your route(3) (or somewhere) >> must be doing a lookup() and establish a branch route. >> >> As someone else said, a key question with what you're trying to do >> is: is your network an open or closed environment? If open >> environment (where you cannot control/know the networks where your >> users are) then non-ICE short-circuiting media relay will fail for >> people behind non-hairpinning firewalls or double firewalls. ICE >> (and yes, full ICE, not just STUN) is more robust way of avoiding >> media-relay when not needed. Of course, it has its own issues :-). >> >> Kennard >> >> On Tue, Nov 2, 2010 at 11:11 AM, Deon Vermeulen <[email protected] >> > wrote: >> Hi Kennard >> >> Thanks for the ideas. >> I really appreciate it. >> >> I got the config as an example from the Building Telephony systems >> with OpenSER. >> I choose the OpenSER implementation as it describes the implenetation >> of MediaProxy. >> Reason for choosing MediaProxy is because I am very, very interested >> in getting the ICE feature. >> >> I thought best to first get this config working before playing around >> with the ICE configuration. >> >> Could you be so kind and perhaps show me where I should call up >> route(6)? >> >> I use fully qualified domain names (i.e domaina.com) for the domain. >> At the moment I specify the proxy with the IP of my Server as I >> haven't setup the DNS records yet. >> >> I really appreciate your feedback and assistance. >> >> Regards >> Deon >> >> >> On 02 Nov 2010, at 5:08 PM, Kennard White wrote: >> >> > Hi Deon, >> > >> > Some ideas: >> > 1. Capture the SIP traffic and see if media proxy is being invoked >> > in the request and/or response (look for your P-hint messages), and >> > the IP addresses. >> > 2. Add xlog messages when you invoke mediarelay to confirm that >> they >> > are getting called. >> > 3. You're comparing $dd (which is a domain) to $si (which is an IP >> > address). I don't think this will work in the general case, but >> > maybe you're using IP addresses as your domains? >> > 4. I don't see the code that invokes route(6) -- I assume that is >> in >> > a branch_route not the request route? >> > >> > Good luck, >> > Kennard >> > >> > On Tue, Nov 2, 2010 at 5:25 AM, Deon Vermeulen <[email protected] >> > > wrote: >> > Hi List >> > >> > I'm trying to setup NAT to NOT use MediaProxy when it detects >> that 2 >> > devices are behind the same NAT Device, but rather have coms go >> > directly between them. >> > At the moment I can dial between the 2 phones and answer the call. >> > The callee phone says "Call Established" upon answer, but the >> caller >> > phone still says "trying/connecting". >> > I am sure this has something to do with my configuration, but I >> have >> > "NO IDEA" where to start looking. >> > The phones are setup to use their local IPs with no other STUN, >> ICE, >> > or "proxy like" configurations. >> > Below is a snipped from my opensips.cfg with the NAT configs and >> would >> > really appreciate any help to get this working. >> > >> > modparam("rr", "enable_full_lr", 1) >> > modparam("registrar", "received_avp", "$avp(i:42)") >> > modparam("usrloc", "db_mode", 2) >> > modparam("usrloc", "nat_bflag", 6) >> > modparam("domain", "db_mode", 1) # Use caching >> > modparam("auth_db|usrloc|uri|avpops", "use_domain", 1) >> > modparam("auth_db|alias_db|domain|uri|uri_db|usrloc|permissions| >> > siptrace|group|avpops|presence", "db_url", "mysql:// >> > opensips:opensip...@localhost/opensips") >> > modparam("nathelper", "natping_interval", 10) >> > modparam("nathelper", "received_avp", "$avp(i:42)") >> > modparam("mediaproxy", "mediaproxy_socket", "/var/run/mediaproxy- >> > dispatcher.sock") >> > modparam("mediaproxy", "mediaproxy_timeout", 500) >> > modparam("mi_datagram", "socket_name", "/var/run/opensips/ >> > opensips.sock") >> > modparam("mi_datagram", "children_count", 4) >> > >> > >> > # ------------------------- request routing logic >> > ------------------- # >> > >> > route{ >> > >> > # >> > # -- 1 -- Request Validation >> > # >> > if (!mf_process_maxfwd_header("10")) { >> > sl_send_reply("483","Too Many Hops"); >> > exit; >> > } >> > >> > if (msg:len >= 2048 ) { >> > sl_send_reply("513", "Message too big"); >> > exit; >> > } >> > >> > # >> > # -- 2 -- Routing Preprocessing >> > # >> > ## Record-route all except Register >> > ## Mark packets with nat=yes >> > ## This mark will be used to identify the request in the loose >> > ## route section >> > if(!is_method("REGISTER")){ >> > if(nat_uac_test("19")){ >> > record_route(";nat=yes"); >> > } else { >> > record_route(); >> > } >> > } >> > >> > ##Loose_route packets >> > if (has_totag()) { >> > #sequential request withing a dialog should >> > # take the path determined by record-routing >> > if (loose_route()) { >> > #Check authentication of re-invites >> > if(method=="INVITE") { >> > if (!proxy_authorize("","subscriber")) { >> > proxy_challenge("","1"); >> > exit; >> > } else if (!db_check_from()) { >> > sl_send_reply("403", "Forbidden, use From=ID"); >> > exit; >> > } >> > } >> > ## BYE and CANCEL message handling >> > if(method=="BYE" || method=="CANCEL") { >> > end_media_session(); >> > } >> > ##Detect requests in the dialog behind NAT and flag with 6 >> > if(nat_uac_test("19") || search("^Route:.*;nat=yes")){ >> > append_hf("P-hint: LR|fixcontact,setflag6, >> mediaproxy >> > \r\n"); >> > fix_contact(); >> > setbflag(6); >> > use_media_proxy(); >> > } >> > route(1); >> > } else { >> > sl_send_reply("404","Not here"); >> > } >> > exit; >> > } >> > >> > #CANCEL processing >> > if (is_method("CANCEL")) { >> > if (t_check_trans()) { >> > end_media_session(); >> > t_relay(); >> > } >> > exit; >> > } >> > >> > t_check_trans(); >> > >> > # >> > # -- 3 -- Determine Request Target >> > # >> > if (method=="REGISTER") { >> > route(2); >> > } else { >> > route(3); >> > } >> > } >> > >> > >> > route[1] { >> > # >> > # -- 4 -- Forward request to target >> > # >> > # Forward statefully >> > t_on_reply("1"); >> > t_on_failure("1"); >> > if (!t_relay()) { >> > sl_reply_error(); >> > } >> > exit; >> > } >> > >> > route[2] { >> > ## Register request handler >> > if (is_uri_host_local()) { >> > if (!www_authorize("", "subscriber")) { >> > www_challenge("", "1"); >> > exit; >> > } >> > >> > if (!db_check_to()) { >> > sl_send_reply("403", "Forbidden"); >> > exit; >> > } >> > >> > # Test to see if Caller is behind NAT >> > if(!search("^Contact:[ ]*\*") && client_nat_test("7")) { >> > setbflag(6); >> > fix_nated_register(); >> > force_rport(); >> > } >> > save("location"); >> > exit; >> > >> > } else { >> > sl_send_reply("403", "Forbidden"); >> > } >> > } >> > >> > >> > route[3] { >> > ## Requests handler >> > if (is_from_local()){ >> > # From an internal domain -> check the credentials and the >> > FROM >> > #if(!allow_trusted()){ >> > if (!proxy_authorize("","subscriber")) { >> > proxy_challenge("","0"); >> > exit; >> > } else if(!db_check_from()) { >> > sl_send_reply("403", "Forbidden, use From=ID"); >> > exit; >> > } >> > >> > if (client_nat_test("3")) { >> > append_hf("P-hint: route(3)| >> > setflag7,forcerport,fix_contact\r\n"); >> > setbflag(7); >> > force_rport(); >> > fix_contact(); >> > } >> > >> > .............. >> > >> > route[6] { >> > # >> > # -- NAT Traversal handling -- >> > # >> > # Route[6] is the routing block responsible for activating the >> > MediaProxy, whenever >> > # the caller or callee is behind NAT (flags 6 or 7 >> respectively). >> > if (isbflagset(6) || isbflagset(7)) { >> > if ( $dd == $si ) { >> > xlog("L_INFO", "Both users behind same NAT, so >> we >> > dont use MediaProxy\n"); >> > resetbflag(6); # Unset NAT flag general. >> > resetbflag(7); # Unset NAT flag general. >> > } else >> > append_hf("P-hint: Route[6]: mediaproxy \r\n"); >> > use_media_proxy(); >> > } >> > } >> > >> > ............. >> > >> > onreply_route[1] { >> > # >> > #-- On-replay block routing -- >> > # >> > if (client_nat_test("1")) { >> > append_hf("P-hint: Onreply-route - fixcontact \r\n"); >> > fix_contact(); >> > } >> > >> > if ((isbflagset(6) || isbflagset(7)) && (status=~"(180)|(183)| >> > 2[0-9][0-9]")) { >> > if (search("^Content-Type:[ ]*application/sdp")) { >> > append_hf("P-hint: onreply_route|usemediaproxy \r\n"); >> > use_media_proxy(); >> > } >> > } >> > exit; >> > } >> > >> > >> > Thanks again for helping. Really appreciate it. >> > >> > Regards >> > Deon >> > >> > _______________________________________________ >> > Users mailing list >> > [email protected] >> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > >> > _______________________________________________ >> > Users mailing list >> > [email protected] >> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
