James, never user openVZ so far..there are a log of VM technologies out
there :)....For the moment we release the opensips live distro on VMware
as that;s the main what we used...not sure what are the other main VM
tech used by other people...
Regards,
Bogdan
James Lamanna wrote:
Bogdan,
Wow, I didn't know about the live DVD.
Any chance someone could create this as an OpenVZ container in
addition to VMWare?
-- James
On Mon, Jan 10, 2011 at 2:25 AM, Bogdan-Andrei Iancu
<[email protected]> wrote:
Hi Damon,
Well, the answer is simple - download the opensips virtual machine
(http://www.voice-system.ro/shortcuts::opensips_livedvd) were you have a
ready to run opensips platform with NAT traversal support - you can see in
the script form the VM how the NAT traversal is done (for signalling and
media).
If you have questions on that, please come back here.
Regards,
Bogdan
Damon Miller wrote:
All,
I've seen many requests for an example working config that shows a working
RTPproxy configuration with NATed clients, but I haven't seen many
responses. I recently spent an absurd amount of time getting a working
configuration in place so I thought I would post it here in case it's
helpful to anyone.
Three quick points:
1. I have only tested this with clients behind a NAT firewall, i.e. I
haven't tested with clients that have a public IP.
2. My OpenSIPS server is behind a NAT firewall itself. To deal with
this, I added the two "advertised" options, as follows:
advertised_address="xx.xx.xx.xx"
alias="xx.xx.xx.xx:5060
(Replace the "xx.xx.xx.xx" with the NAT firewall's public IP.)
I also had to use a modified version of RTPproxy that presents the
firewall's public IP even though it binds to a private IP. Here's a post
which summarizes that version of RTPproxy:
http://opensips-open-sip-server.1449251.n2.nabble.com/Rtpproxy-behind-the-NAT-td5008041.html
I run RTPproxy like this:
rtpproxy -A xx.xx.xx.xx -l 192.168.20.154 -s udp:127.0.0.1:12221 -m 25000
-M 65000 -F -d DBUG:LOCAL1
3. I had to "tell" OpenSIPS that my firewall's public IP was one of its
local domains. I'm using MySQL as you'll see in the config file so all I
had to do was insert a value into the 'domain' table. That was pretty
obvious, i.e.:
mysql> insert into domain (domain) values ("xx.xx.xx.xx");
(Replace 'xx.xx.xx.xx' with your public IP.)
Here's my 'opensips.cfg' file:
--
# ----------- global configuration parameters ------------------------
debug=3
fork=yes
log_facility=LOG_LOCAL0
log_stderror=no
children=4
port=5060
dns=no
rev_dns=no
advertised_address="xx.xx.xx.xx"
alias="xx.xx.xx.xx:5060"
# ------------------ module loading ----------------------------------
mpath="/usr/local/lib64/opensips/modules/"
loadmodule "db_mysql.so"
loadmodule "signaling.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"
loadmodule "uri.so"
loadmodule "nathelper.so"
loadmodule "domain.so"
# ----------------- setting module-specific parameters ---------------
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
modparam("usrloc", "db_url",
"mysql://opensipsrw:opensip...@localhost/opensips")
modparam("usrloc", "db_mode", 2)
modparam("rr", "enable_full_lr", 1)
modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:12221")
modparam("nathelper", "nortpproxy_str", "")
modparam("domain", "db_url",
"mysql://opensipsrw:opensip...@localhost/opensips")
################## NAT ######################
modparam("usrloc", "nat_bflag", 6)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "sipping_bflag", 8)
modparam("nathelper", "received_avp", "$avp(i:801)")
################## NAT ######################
# main routing logic
route {
# initial sanity checks
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
################## NAT ######################
if (nat_uac_test("3")) {
if (is_method("REGISTER") && !is_present_hf("Record-Route")) {
# Rewrite contact with source IP of signalling
fix_nated_contact();
force_rport();
setbflag(6); # Mark as NATed
# if you want SIP NAT pinging
setbflag(8);
};
};
################## NAT ######################
if (!method=="REGISTER")
record_route();
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
};
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
};
if (uri==myself) {
if (method=="REGISTER") {
save("location");
exit;
};
}
if (is_method("BYE"))
unforce_rtp_proxy();
if (!lookup("location","m")) {
switch ($retcode) {
case -1:
case -3:
t_newtran();
t_on_failure("1");
t_reply("404", "Not Found");
exit;
case -2:
sl_send_reply("405", "Method Not Allowed");
exit;
}
};
route(1);
}
route[1] {
################## NAT ######################
if (uri=~"[@:](192\.168\.10\.172\.(1[6-9]2[0-9]3[0-1])\.)" &&
!search("^Route:")) {
sl_send_reply("479", "We don't forward to private IP addresses");
exit;
};
# if client or server know to be behind a NAT, enable relay
if (isbflagset(6)) {
if (has_body("application/sdp")) {
rtpproxy_offer("o");
};
};
t_on_reply("1");
################## NAT ######################
# send it out now; use stateful forwarding as it works
# reliably even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
exit;
}
onreply_route[1] {
################## NAT ######################
if (isbflagset(6) && status =~ "(183)|2[0-9][0-9]") {
fix_nated_contact();
if (has_body("application/sdp")) {
rtpproxy_answer("o");
};
# Is this a transaction behind a NAT and we did not
# know at time of request processing?
} else if (nat_uac_test("1")) {
fix_nated_contact();
};
################## NAT ######################
}
failure_route[1] {
unforce_rtp_proxy();
}
--
I hope this saves someone some time.
Damon
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
--
Bogdan-Andrei Iancu
OpenSIPS Event - expo, conf, social, bootcamp
2 - 4 February 2011, ITExpo, Miami, USA
www.voice-system.ro
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
--
Bogdan-Andrei Iancu
OpenSIPS Event - expo, conf, social, bootcamp
2 - 4 February 2011, ITExpo, Miami, USA
www.voice-system.ro
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
