Thank you very much. Looks like exactly what I need. I will give it a try.
On Fri, Jan 12, 2018 at 4:35 AM, Răzvan Crainea <[email protected]> wrote: > Hi, John! > > See the answers inline. > > Best regards, > > Răzvan Crainea > OpenSIPS Developer > www.opensips-solutions.com > > On 01/11/2018 07:16 PM, John Hablitzel wrote: > >> Relatively new to OpenSIPS but have been working with Asterisk and VoIP >> for several years. We want to use the load balancer or dispatcher modules >> to distribute inbound calls from a SIP provider among several Asterisk >> servers. This will be coming in from another private network that is out >> of our control, therefore security is definitely required. We won't be >> using OpenSIPS to control far-end clients that are behind NAT (far-end). >> >> I know that it is recommended in this situation that OpenSIPS be on a >> public IP (or IP on the "outside" network", but the requirement in this >> particular situation is that this must be behind a NAT firewall, as there >> are other IP communications from servers on the the internal network that >> must use this same outside IP for communications with other services. The >> outside network provider only allows us to have a single IP on their >> network for everything. >> >> I have the inbound calls mostly working now in my lab with the LB >> module, using RTPProxy to anchor the media and some of the nathelper >> stuff. However am seeing issues with the ACK on the 200OK being sent to >> the internal OpenSIPS IP and not the external IP on the NAT. I believe >> this is due to the Internal IP being in the record-route header on the >> 200OK. Pouring through the forums and other documentation I can find, I >> haven't been able to find any way to change this. >> >> So I have 2 questions: >> 1) Is OpenSIPS even capable of operating in this mode? In everything >> I've read, there is a bunch of documentation about handling NAT at the >> far-end, where UAC's are behind a NAT, but very little (and nothing with >> any concrete solution) about using OpenSIPS server behind a NAT. >> > Yes, OpenSIPS can operate in this mode, you can read more about this in > this blogpost: > https://blog.opensips.org/2017/10/25/running-opensips-in-the-cloud/ > >> 2) if it is possible, can anyone provide a sample .cfg where they are >> have accomplished it? I tried adding record_route_preset to the reply >> section, but OpenSIPS complains saying it can't be added in a reply section. >> > I think the answer to the second question is actually another article that > we are preparing: how to have OpenSIPS behind NAT, bridging between two > networks. Unfortunately it's not yet ready. > > IMO, the simplest way to achieve what you want is to use in OpenSIPS two > different listeners: one towards the trunk provider, with the proper > advertised IP address, and one towards the asterisk boxes: > > listen=udp:10.95.95.220:5080 as 192.168.85.252:5060 # replace last 5060 > with your public port > listen=udp:10.95.95.220:5060 # listener for communicating with Asterisk > > Now, all you have to do, is to change the interface used: after > lb_start(), force the usage of the private interface: > > force_send_socket(udp:10.95.95.220:5060); # forces the message to go out > throught he private interface > > Hope this helps you. > > PS: for large posts, and scripts, please use an external storage, such as > pastebin.com > > Best regards, > Răzvan > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
