6 Dec
2005
6 Dec
'05
5:16 a.m.
The tricky part of such a modification to store pre-STUN addresses lies in
determining what's local.
For instance.... if I'm on a 192.168.1.X subnet behind a NAT at my home, and
my friend is on a 192.168.1.X subnet behind a NAT at HIS home, it becomes very
tricky to determine if we're both local to each other or not. Now, you could
do some fancy tricks where you check the NAT AND the rewritten IPs and try and
match... but then, when you toss in multiple NATs, it gets impossible to even
do that.
Imagine I'm behind a NAT at my home on a 192.168.1.X network, and my friend is
behind a NAT at his home on a 192.168.1.X network. Together, we both use the
same internet service provider who has us BOTH given 'external' IPs which are
really 10.1.1.X numbers behind a large NAT in their subnet.
Now, SER, off on some other network, sees the external IP from the ISP's NAT,
and maps it back to our 10.1.1.X numbers. But if it stores our original IPs,
it will still have 192.168.1.X numbers that APPEAR to be on the same subnet
but which in fact are not.
The problem is that SIP is inherently NAT unfriendly, and there are hacks and
kludges to get around these inherent inabilities, but they remain just that --
hacks and kludges.
Strangely, I noticed this evening that, using WinSTUN, my Linksys gateway is
reported as not supporting Hairpinning... and yet it clearly does. What are
the sort of tests done to check that in a test program like WinSTUN?
N.
On Mon, 05 Dec 2005 16:45:06 -0800, S G wrote
Hello,
I have SER setup to only use the rtpproxy if the client is behind a
symmetric NAT. This is accomplished by using STUN since STUN will
not modify the contact headers if it detects a symmetric NAT. So SER
see's the local address in the contact header and only forces
rtpproxy for those types of call. When users are behind the same NAT
then ser detects this using AVP's and force_rtpproxy is not used for
the call. This only works when STUN is not enabled. Since when STUN
succeeds the orignal local address of the phone is changed to the
public address in the sip message. So when two STUN enabled clients
try to call each other from behind the same nat the call fails. The
call fails because the NAT does not support harpin of media as most
don't. The only way this call would work is if the contacts could be
changed back to use their local addresses pre-STUN. How can SER be
instructed to use the local address for calls behind the same NAT
when STUN is enabled? One way I can think of doing this is to change
nathelper to extract the original IP from the VIA header and rewrite
the SDP. In the SIP trace i see only IP's in contact headers and SDP
are changed when STUN succeeds. Is there a simpler way to accomplish
this?
Thanks,
Sumeet
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's
FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers