Bogdan, Wow, I didn't know about the live DVD. Any chance someone could create this as an OpenVZ container in addition to VMWare?
-- James On Mon, Jan 10, 2011 at 2:25 AM, Bogdan-Andrei Iancu <[email protected]> wrote: > Hi Damon, > > Well, the answer is simple - download the opensips virtual machine > (http://www.voice-system.ro/shortcuts::opensips_livedvd) were you have a > ready to run opensips platform with NAT traversal support - you can see in > the script form the VM how the NAT traversal is done (for signalling and > media). > > If you have questions on that, please come back here. > > Regards, > Bogdan > > Damon Miller wrote: >> >> All, >> >> >> I've seen many requests for an example working config that shows a working >> RTPproxy configuration with NATed clients, but I haven't seen many >> responses. I recently spent an absurd amount of time getting a working >> configuration in place so I thought I would post it here in case it's >> helpful to anyone. >> >> Three quick points: >> >> 1. I have only tested this with clients behind a NAT firewall, i.e. I >> haven't tested with clients that have a public IP. >> >> >> 2. My OpenSIPS server is behind a NAT firewall itself. To deal with >> this, I added the two "advertised" options, as follows: >> >> advertised_address="xx.xx.xx.xx" >> alias="xx.xx.xx.xx:5060 >> >> >> (Replace the "xx.xx.xx.xx" with the NAT firewall's public IP.) >> >> I also had to use a modified version of RTPproxy that presents the >> firewall's public IP even though it binds to a private IP. Here's a post >> which summarizes that version of RTPproxy: >> >> >> http://opensips-open-sip-server.1449251.n2.nabble.com/Rtpproxy-behind-the-NAT-td5008041.html >> >> >> I run RTPproxy like this: >> >> rtpproxy -A xx.xx.xx.xx -l 192.168.20.154 -s udp:127.0.0.1:12221 -m 25000 >> -M 65000 -F -d DBUG:LOCAL1 >> >> >> 3. I had to "tell" OpenSIPS that my firewall's public IP was one of its >> local domains. I'm using MySQL as you'll see in the config file so all I >> had to do was insert a value into the 'domain' table. That was pretty >> obvious, i.e.: >> >> mysql> insert into domain (domain) values ("xx.xx.xx.xx"); >> >> (Replace 'xx.xx.xx.xx' with your public IP.) >> >> >> >> Here's my 'opensips.cfg' file: >> >> -- >> >> # ----------- global configuration parameters ------------------------ >> debug=3 >> fork=yes >> log_facility=LOG_LOCAL0 >> log_stderror=no >> children=4 >> port=5060 >> dns=no >> rev_dns=no >> >> advertised_address="xx.xx.xx.xx" >> alias="xx.xx.xx.xx:5060" >> >> # ------------------ module loading ---------------------------------- >> mpath="/usr/local/lib64/opensips/modules/" >> loadmodule "db_mysql.so" >> loadmodule "signaling.so" >> loadmodule "sl.so" >> loadmodule "tm.so" >> loadmodule "rr.so" >> loadmodule "maxfwd.so" >> loadmodule "usrloc.so" >> loadmodule "registrar.so" >> loadmodule "textops.so" >> loadmodule "mi_fifo.so" >> loadmodule "uri.so" >> loadmodule "nathelper.so" >> loadmodule "domain.so" >> >> # ----------------- setting module-specific parameters --------------- >> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo") >> modparam("usrloc", "db_url", >> "mysql://opensipsrw:opensip...@localhost/opensips") >> modparam("usrloc", "db_mode", 2) >> modparam("rr", "enable_full_lr", 1) >> modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:12221") >> modparam("nathelper", "nortpproxy_str", "") >> modparam("domain", "db_url", >> "mysql://opensipsrw:opensip...@localhost/opensips") >> >> ################## NAT ###################### >> modparam("usrloc", "nat_bflag", 6) >> modparam("nathelper", "ping_nated_only", 1) >> modparam("nathelper", "sipping_bflag", 8) >> modparam("nathelper", "received_avp", "$avp(i:801)") >> ################## NAT ###################### >> >> >> # main routing logic >> route { >> >> # initial sanity checks >> if (!mf_process_maxfwd_header("10")) { >> sl_send_reply("483","Too Many Hops"); >> exit; >> }; >> >> if (msg:len >= 2048 ) { >> sl_send_reply("513", "Message too big"); >> exit; >> }; >> >> >> ################## NAT ###################### >> if (nat_uac_test("3")) { >> >> if (is_method("REGISTER") && !is_present_hf("Record-Route")) { >> >> # Rewrite contact with source IP of signalling >> fix_nated_contact(); >> >> force_rport(); >> setbflag(6); # Mark as NATed >> >> # if you want SIP NAT pinging >> setbflag(8); >> }; >> }; >> ################## NAT ###################### >> >> if (!method=="REGISTER") >> record_route(); >> >> # subsequent messages withing a dialog should take the >> # path determined by record-routing >> if (loose_route()) { >> # mark routing logic in request >> append_hf("P-hint: rr-enforced\r\n"); >> route(1); >> }; >> >> if (!uri==myself) { >> # mark routing logic in request >> append_hf("P-hint: outbound\r\n"); >> route(1); >> }; >> >> if (uri==myself) { >> if (method=="REGISTER") { >> save("location"); >> exit; >> }; >> } >> >> if (is_method("BYE")) >> unforce_rtp_proxy(); >> if (!lookup("location","m")) { >> switch ($retcode) { >> case -1: >> case -3: >> t_newtran(); >> t_on_failure("1"); >> t_reply("404", "Not Found"); >> exit; >> case -2: >> sl_send_reply("405", "Method Not Allowed"); >> exit; >> } >> }; >> >> route(1); >> } >> >> >> >> route[1] { >> >> ################## NAT ###################### >> if (uri=~"[@:](192\.168\.10\.172\.(1[6-9]2[0-9]3[0-1])\.)" && >> !search("^Route:")) { >> sl_send_reply("479", "We don't forward to private IP addresses"); >> exit; >> }; >> >> # if client or server know to be behind a NAT, enable relay >> if (isbflagset(6)) { >> if (has_body("application/sdp")) { >> rtpproxy_offer("o"); >> }; >> }; >> >> t_on_reply("1"); >> ################## NAT ###################### >> >> >> # send it out now; use stateful forwarding as it works >> # reliably even for UDP2TCP >> if (!t_relay()) { >> sl_reply_error(); >> }; >> >> exit; >> } >> >> >> >> onreply_route[1] { >> >> ################## NAT ###################### >> if (isbflagset(6) && status =~ "(183)|2[0-9][0-9]") { >> fix_nated_contact(); >> if (has_body("application/sdp")) { >> rtpproxy_answer("o"); >> }; >> >> # Is this a transaction behind a NAT and we did not >> # know at time of request processing? >> } else if (nat_uac_test("1")) { >> fix_nated_contact(); >> }; >> ################## NAT ###################### >> >> } >> >> failure_route[1] { >> unforce_rtp_proxy(); >> } >> >> -- >> >> >> I hope this saves someone some time. >> >> >> >> Damon >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> > > > -- > Bogdan-Andrei Iancu > OpenSIPS Event - expo, conf, social, bootcamp > 2 - 4 February 2011, ITExpo, Miami, USA > www.voice-system.ro > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
