We are trying to configure Kamailio (3.1.x) as a “boarder proxy” where it acts as the front for various carrier gateways so that internal UACs and UASs are unaware of the carrier gateways.
Let me try to present a clear picture of our setup.
1. Kamailio has several NICs (physical or vlan). Each on a different subnet. One subnet is internal/has routes for internal. Other subnets are private connections to carriers or a route to public Internet.
2. All of these subnets are non-routable from Internet. In addition , the carrier private connections are not routable internally.
3. Connection to public internet is via a FW/NAT (one-to-one NAT), which maps to one of the interfaces.
4. All internal UAC/UAS connect on the internal subnet.
5. We are using RTPProxy (at least one instance per carrier) to relay media between internal and carrier subnets
We are able to make this setup up work great except for one scenario. One of the carriers is only reachable via public Internet. Due to security requirements, our Kamailio cannot have a public IP address and must use FW/NAT. I guess this scenario is “Proxy behind NAT” and not really encouraged. But I would like to see if there is a way to make this work. We cannot use the “advertised_address” since it changes the IP for every “route”.
We were able to get this mostly working by doing the following
1. mhomed=1
2. Small patch in the rtpproxy module so that force_rtp_proxy actually uses the IP address passed (public IP).
3. Using request_route_preset(“publicIP”)
The above “mostly” works. By that I mean, the INVITE transaction is properly passed between internal UAS and carrier SBC and the call is setup. However, further transactions (BYE/re-INVITE) etc do not work properly. So, far-end hangups are not working etc.
I’ve searched various archives of this and other SER lists looking to see if anyone was able to get this scenario working, but couldn’t find a definitive answer. Most of them point to using “advertised_address”.
So, and ideas on how to make “Proxy behind NAT” work without using advertised_address? Am I wasting my time?
Thanks in advance for any help you can offer.
SV.