All,
I've seen many requests for an example working config that shows a working RTPproxy configuration with NATed clients, but I haven't seen many responses. I recently spent an absurd amount of time getting a working configuration in place so I thought I would post it here in case it's helpful to anyone. Three quick points: 1. I have only tested this with clients behind a NAT firewall, i.e. I haven't tested with clients that have a public IP. 2. My OpenSIPS server is behind a NAT firewall itself. To deal with this, I added the two "advertised" options, as follows: advertised_address="xx.xx.xx.xx" alias="xx.xx.xx.xx:5060 (Replace the "xx.xx.xx.xx" with the NAT firewall's public IP.) I also had to use a modified version of RTPproxy that presents the firewall's public IP even though it binds to a private IP. Here's a post which summarizes that version of RTPproxy: http://opensips-open-sip-server.1449251.n2.nabble.com/Rtpproxy-behind-the-NAT-td5008041.html I run RTPproxy like this: rtpproxy -A xx.xx.xx.xx -l 192.168.20.154 -s udp:127.0.0.1:12221 -m 25000 -M 65000 -F -d DBUG:LOCAL1 3. I had to "tell" OpenSIPS that my firewall's public IP was one of its local domains. I'm using MySQL as you'll see in the config file so all I had to do was insert a value into the 'domain' table. That was pretty obvious, i.e.: mysql> insert into domain (domain) values ("xx.xx.xx.xx"); (Replace 'xx.xx.xx.xx' with your public IP.) Here's my 'opensips.cfg' file: -- # ----------- global configuration parameters ------------------------ debug=3 fork=yes log_facility=LOG_LOCAL0 log_stderror=no children=4 port=5060 dns=no rev_dns=no advertised_address="xx.xx.xx.xx" alias="xx.xx.xx.xx:5060" # ------------------ module loading ---------------------------------- mpath="/usr/local/lib64/opensips/modules/" loadmodule "db_mysql.so" loadmodule "signaling.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "mi_fifo.so" loadmodule "uri.so" loadmodule "nathelper.so" loadmodule "domain.so" # ----------------- setting module-specific parameters --------------- modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo") modparam("usrloc", "db_url", "mysql://opensipsrw:opensip...@localhost/opensips") modparam("usrloc", "db_mode", 2) modparam("rr", "enable_full_lr", 1) modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:12221") modparam("nathelper", "nortpproxy_str", "") modparam("domain", "db_url", "mysql://opensipsrw:opensip...@localhost/opensips") ################## NAT ###################### modparam("usrloc", "nat_bflag", 6) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "sipping_bflag", 8) modparam("nathelper", "received_avp", "$avp(i:801)") ################## NAT ###################### # main routing logic route { # initial sanity checks if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; ################## NAT ###################### if (nat_uac_test("3")) { if (is_method("REGISTER") && !is_present_hf("Record-Route")) { # Rewrite contact with source IP of signalling fix_nated_contact(); force_rport(); setbflag(6); # Mark as NATed # if you want SIP NAT pinging setbflag(8); }; }; ################## NAT ###################### if (!method=="REGISTER") record_route(); # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); }; if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); }; if (uri==myself) { if (method=="REGISTER") { save("location"); exit; }; } if (is_method("BYE")) unforce_rtp_proxy(); if (!lookup("location","m")) { switch ($retcode) { case -1: case -3: t_newtran(); t_on_failure("1"); t_reply("404", "Not Found"); exit; case -2: sl_send_reply("405", "Method Not Allowed"); exit; } }; route(1); } route[1] { ################## NAT ###################### if (uri=~"[@:](192\.168\.10\.172\.(1[6-9]2[0-9]3[0-1])\.)" && !search("^Route:")) { sl_send_reply("479", "We don't forward to private IP addresses"); exit; }; # if client or server know to be behind a NAT, enable relay if (isbflagset(6)) { if (has_body("application/sdp")) { rtpproxy_offer("o"); }; }; t_on_reply("1"); ################## NAT ###################### # send it out now; use stateful forwarding as it works # reliably even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit; } onreply_route[1] { ################## NAT ###################### if (isbflagset(6) && status =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); if (has_body("application/sdp")) { rtpproxy_answer("o"); }; # Is this a transaction behind a NAT and we did not # know at time of request processing? } else if (nat_uac_test("1")) { fix_nated_contact(); }; ################## NAT ###################### } failure_route[1] { unforce_rtp_proxy(); } -- I hope this saves someone some time. Damon _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
