Hi Kennard Thanks for coming back to me. Do you perhaps have a working MediaProxy config example that should solve most of the NAT issues?
If I can just get a working example then I should be able to work it from there. Thanks again. I really appreciate it. Best Regards Deon On 03 Nov 2010, at 8:43 PM, Kennard White wrote: > Hi Deon, > > I don't have experience doing what you're trying to doing. Only > comment I have is that I doubt short-circuiting media-relay based > upon SIP message source IPs is unlikely to work well. > > Kennard > > On Tue, Nov 2, 2010 at 11:17 PM, Deon Vermeulen <[email protected] > > wrote: > Morning Kennard > > I really appreciate your feedback. > > I will be serving different networks, but will have control over most > of them or at least be able to assist 3rd party vendors for those I > don't. > > As for another NAT device behind the "Main" Firewall, there wouldn't > be an issue like that, but would be a "nice to have" just in case I > run into something like that. > > I think it would be best that I explain what I would like to achieve > to clarify what my idea is: > > I have a Multi-Tenant solution running on Multiple Asterisk Servers. > The solution currently works for customer that has an VPN/MPLS > connection to me, but I would like to expand my services over the > Internet for smaller customers who can not afford VPN/MPLS connections > to me, but would like to make use of this service. > I would also like to extend this service to have Follow me for my > current customers via their mobile devices, from home, etc... > The Multi-Tenant Asterisk Servers use one Database and handle all > Media including Hunt groups, IVR, Speed Dials, Black/White listing, > Connectivity to the PSTN via external Gateways, etc... > I am looking at OpenSIPS to only help resolve the NAT issue and do > Load-Balancing between my Asterisk Multi-Tenant servers. > > Hope this clarifies what I am looking to achieving. > > I would really appreciate your help with this. > Perhaps a sample config of how you would do this would be awesome. > > Thanks again. > > Best Regards > Deon > > > So, I am looking at OpenSIPS to help provide LoadBalancing/Load > Sharing between couple of Asterisk Servers, which will cut down a lot > on expenses. > > On 03 Nov 2010, at 5:26 AM, Kennard White wrote: > > > Hi Deon, > > > > For better or worse there are many ways to configure opensips > > depending upon exactly what you are doing. Re your route6, it should > > be invoked from some branch route. One way branch routes are > > established is using t_on_branch(). Your route(3) (or somewhere) > > must be doing a lookup() and establish a branch route. > > > > As someone else said, a key question with what you're trying to do > > is: is your network an open or closed environment? If open > > environment (where you cannot control/know the networks where your > > users are) then non-ICE short-circuiting media relay will fail for > > people behind non-hairpinning firewalls or double firewalls. ICE > > (and yes, full ICE, not just STUN) is more robust way of avoiding > > media-relay when not needed. Of course, it has its own issues :-). > > > > Kennard > > > > On Tue, Nov 2, 2010 at 11:11 AM, Deon Vermeulen <[email protected] > > > wrote: > > Hi Kennard > > > > Thanks for the ideas. > > I really appreciate it. > > > > I got the config as an example from the Building Telephony systems > > with OpenSER. > > I choose the OpenSER implementation as it describes the > implenetation > > of MediaProxy. > > Reason for choosing MediaProxy is because I am very, very interested > > in getting the ICE feature. > > > > I thought best to first get this config working before playing > around > > with the ICE configuration. > > > > Could you be so kind and perhaps show me where I should call up > > route(6)? > > > > I use fully qualified domain names (i.e domaina.com) for the domain. > > At the moment I specify the proxy with the IP of my Server as I > > haven't setup the DNS records yet. > > > > I really appreciate your feedback and assistance. > > > > Regards > > Deon > > > > > > On 02 Nov 2010, at 5:08 PM, Kennard White wrote: > > > > > Hi Deon, > > > > > > Some ideas: > > > 1. Capture the SIP traffic and see if media proxy is being invoked > > > in the request and/or response (look for your P-hint messages), > and > > > the IP addresses. > > > 2. Add xlog messages when you invoke mediarelay to confirm that > they > > > are getting called. > > > 3. You're comparing $dd (which is a domain) to $si (which is an IP > > > address). I don't think this will work in the general case, but > > > maybe you're using IP addresses as your domains? > > > 4. I don't see the code that invokes route(6) -- I assume that > is in > > > a branch_route not the request route? > > > > > > Good luck, > > > Kennard > > > > > > On Tue, Nov 2, 2010 at 5:25 AM, Deon Vermeulen <[email protected] > > > > wrote: > > > Hi List > > > > > > I'm trying to setup NAT to NOT use MediaProxy when it detects > that 2 > > > devices are behind the same NAT Device, but rather have coms go > > > directly between them. > > > At the moment I can dial between the 2 phones and answer the call. > > > The callee phone says "Call Established" upon answer, but the > caller > > > phone still says "trying/connecting". > > > I am sure this has something to do with my configuration, but I > have > > > "NO IDEA" where to start looking. > > > The phones are setup to use their local IPs with no other STUN, > ICE, > > > or "proxy like" configurations. > > > Below is a snipped from my opensips.cfg with the NAT configs and > > would > > > really appreciate any help to get this working. > > > > > > modparam("rr", "enable_full_lr", 1) > > > modparam("registrar", "received_avp", "$avp(i:42)") > > > modparam("usrloc", "db_mode", 2) > > > modparam("usrloc", "nat_bflag", 6) > > > modparam("domain", "db_mode", 1) # Use caching > > > modparam("auth_db|usrloc|uri|avpops", "use_domain", 1) > > > modparam("auth_db|alias_db|domain|uri|uri_db|usrloc|permissions| > > > siptrace|group|avpops|presence", "db_url", "mysql:// > > > opensips:opensip...@localhost/opensips") > > > modparam("nathelper", "natping_interval", 10) > > > modparam("nathelper", "received_avp", "$avp(i:42)") > > > modparam("mediaproxy", "mediaproxy_socket", "/var/run/mediaproxy- > > > dispatcher.sock") > > > modparam("mediaproxy", "mediaproxy_timeout", 500) > > > modparam("mi_datagram", "socket_name", "/var/run/opensips/ > > > opensips.sock") > > > modparam("mi_datagram", "children_count", 4) > > > > > > > > > # ------------------------- request routing logic > > > ------------------- # > > > > > > route{ > > > > > > # > > > # -- 1 -- Request Validation > > > # > > > if (!mf_process_maxfwd_header("10")) { > > > sl_send_reply("483","Too Many Hops"); > > > exit; > > > } > > > > > > if (msg:len >= 2048 ) { > > > sl_send_reply("513", "Message too big"); > > > exit; > > > } > > > > > > # > > > # -- 2 -- Routing Preprocessing > > > # > > > ## Record-route all except Register > > > ## Mark packets with nat=yes > > > ## This mark will be used to identify the request in the loose > > > ## route section > > > if(!is_method("REGISTER")){ > > > if(nat_uac_test("19")){ > > > record_route(";nat=yes"); > > > } else { > > > record_route(); > > > } > > > } > > > > > > ##Loose_route packets > > > if (has_totag()) { > > > #sequential request withing a dialog should > > > # take the path determined by record-routing > > > if (loose_route()) { > > > #Check authentication of re-invites > > > if(method=="INVITE") { > > > if (!proxy_authorize("","subscriber")) { > > > proxy_challenge("","1"); > > > exit; > > > } else if (!db_check_from()) { > > > sl_send_reply("403", "Forbidden, use From=ID"); > > > exit; > > > } > > > } > > > ## BYE and CANCEL message handling > > > if(method=="BYE" || method=="CANCEL") { > > > end_media_session(); > > > } > > > ##Detect requests in the dialog behind NAT and flag with 6 > > > if(nat_uac_test("19") || search("^Route:.*;nat=yes")){ > > > append_hf("P-hint: LR|fixcontact,setflag6, > > mediaproxy > > > \r\n"); > > > fix_contact(); > > > setbflag(6); > > > use_media_proxy(); > > > } > > > route(1); > > > } else { > > > sl_send_reply("404","Not here"); > > > } > > > exit; > > > } > > > > > > #CANCEL processing > > > if (is_method("CANCEL")) { > > > if (t_check_trans()) { > > > end_media_session(); > > > t_relay(); > > > } > > > exit; > > > } > > > > > > t_check_trans(); > > > > > > # > > > # -- 3 -- Determine Request Target > > > # > > > if (method=="REGISTER") { > > > route(2); > > > } else { > > > route(3); > > > } > > > } > > > > > > > > > route[1] { > > > # > > > # -- 4 -- Forward request to target > > > # > > > # Forward statefully > > > t_on_reply("1"); > > > t_on_failure("1"); > > > if (!t_relay()) { > > > sl_reply_error(); > > > } > > > exit; > > > } > > > > > > route[2] { > > > ## Register request handler > > > if (is_uri_host_local()) { > > > if (!www_authorize("", "subscriber")) { > > > www_challenge("", "1"); > > > exit; > > > } > > > > > > if (!db_check_to()) { > > > sl_send_reply("403", "Forbidden"); > > > exit; > > > } > > > > > > # Test to see if Caller is behind NAT > > > if(!search("^Contact:[ ]*\*") && client_nat_test("7")) { > > > setbflag(6); > > > fix_nated_register(); > > > force_rport(); > > > } > > > save("location"); > > > exit; > > > > > > } else { > > > sl_send_reply("403", "Forbidden"); > > > } > > > } > > > > > > > > > route[3] { > > > ## Requests handler > > > if (is_from_local()){ > > > # From an internal domain -> check the credentials and the > > > FROM > > > #if(!allow_trusted()){ > > > if (!proxy_authorize("","subscriber")) { > > > proxy_challenge("","0"); > > > exit; > > > } else if(!db_check_from()) { > > > sl_send_reply("403", "Forbidden, use From=ID"); > > > exit; > > > } > > > > > > if (client_nat_test("3")) { > > > append_hf("P-hint: route(3)| > > > setflag7,forcerport,fix_contact\r\n"); > > > setbflag(7); > > > force_rport(); > > > fix_contact(); > > > } > > > > > > .............. > > > > > > route[6] { > > > # > > > # -- NAT Traversal handling -- > > > # > > > # Route[6] is the routing block responsible for activating the > > > MediaProxy, whenever > > > # the caller or callee is behind NAT (flags 6 or 7 > > respectively). > > > if (isbflagset(6) || isbflagset(7)) { > > > if ( $dd == $si ) { > > > xlog("L_INFO", "Both users behind same NAT, > so we > > > dont use MediaProxy\n"); > > > resetbflag(6); # Unset NAT flag general. > > > resetbflag(7); # Unset NAT flag general. > > > } else > > > append_hf("P-hint: Route[6]: mediaproxy \r\n"); > > > use_media_proxy(); > > > } > > > } > > > > > > ............. > > > > > > onreply_route[1] { > > > # > > > #-- On-replay block routing -- > > > # > > > if (client_nat_test("1")) { > > > append_hf("P-hint: Onreply-route - fixcontact \r\n"); > > > fix_contact(); > > > } > > > > > > if ((isbflagset(6) || isbflagset(7)) && (status=~"(180)|(183)| > > > 2[0-9][0-9]")) { > > > if (search("^Content-Type:[ ]*application/sdp")) { > > > append_hf("P-hint: onreply_route|usemediaproxy \r\n"); > > > use_media_proxy(); > > > } > > > } > > > exit; > > > } > > > > > > > > > Thanks again for helping. Really appreciate it. > > > > > > Regards > > > Deon > > > > > > _______________________________________________ > > > Users mailing list > > > [email protected] > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > > _______________________________________________ > > > Users mailing list > > > [email protected] > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > > _______________________________________________ > > Users mailing list > > [email protected] > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > _______________________________________________ > > Users mailing list > > [email protected] > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
