Re: [Users] STUN still mandatory ?

Hi Christophe! There are 2 ways to traverse NAT. 1. The client does NAT traversal (via STUN) 2. The server does NAT traversal (e.g. nathelper+rtpproxy or mediaproxy+mediaproxy) If the server does NAT traversal always (for each user and request), the client do not need to use STUN. If the client's NAT can be traversed by STUN, there is no need for NAT traversal on the server. Unfortunatelly there are NATs which can be traversed by STUN (symmetrc NAT). So, if you want it the easy way, you can just use server based NAT traversal all the time and do not care about STUN. If you are having lots of users, server based NAT traversal is a bottleneck. Further it may add additional delay due to the additional hop in the RTP stream. I suggest: 1. Install a stun server (e.g. vovida stun, works fine) and set up SRV records which point to the stun server. Many clients perform SRV lookups to find the stun server automatically: _stun._udp.yourdomain. SRV 0 0 3478 stun.yourdomain. stun.yourdomain. A 1.2.3.4 This enables the client to detect the kind of NAT (symmetric, coned, ...) 2. use nat_uac_test(18) (from nathelper module) to detect if the client is behind NAT. If the client is behind NAT, user serverbased NAT traversal. If the client can use STUN to traverse the NAT, the nat_uac_test will fail and the client will be handled like it has a public IP. If the client can not use STUN to traverse the NAT (e.g. symmetric NAT), it should use the private IP addresses in the SIP messages. Thus, the nat_uac_test will trigger and the server can do the NAT traversal. server based NAT traversal means ... - force_rport for all requests - fix_nated_register for REGISTER messages - fix_nated_contact for INVITE requests and corresponding 1xx, 2xx; - force_rtpproxy or use_media_proxy to have an RTP proxy ... if the caller or the callee is behind NAT (nat_uac_test==TRUE) regards klaus Christophe Irles wrote: