It's pretty simple actually, to determine if your behind the same NAT. You just check if the request for both parties are coming from the same external public IP. Sure, this might not account for every case, multiple subnets, multiple NAT setups, but it takes care of a great deal of them. I would say most home users and offices have a simple single NAT setup. The problem is when using STUN how to set the SDP's to use the pre-STUN local ip's. Without STUN it works just fine, but you of course end up rtpproxying ever call.
-Sumeet
From: "sip" sip@arcdiv.com To: "S G" skg1010@hotmail.com, serusers@lists.iptel.org Subject: Re: [Serusers] How to Minimize rtp proxy usage for all cases including when behind the same NAT Date: Mon, 5 Dec 2005 22:16:02 -0500
The tricky part of such a modification to store pre-STUN addresses lies in determining what's local.
For instance.... if I'm on a 192.168.1.X subnet behind a NAT at my home, and my friend is on a 192.168.1.X subnet behind a NAT at HIS home, it becomes very tricky to determine if we're both local to each other or not. Now, you could do some fancy tricks where you check the NAT AND the rewritten IPs and try and match... but then, when you toss in multiple NATs, it gets impossible to even do that.
Imagine I'm behind a NAT at my home on a 192.168.1.X network, and my friend is behind a NAT at his home on a 192.168.1.X network. Together, we both use the same internet service provider who has us BOTH given 'external' IPs which are really 10.1.1.X numbers behind a large NAT in their subnet.
Now, SER, off on some other network, sees the external IP from the ISP's NAT, and maps it back to our 10.1.1.X numbers. But if it stores our original IPs, it will still have 192.168.1.X numbers that APPEAR to be on the same subnet but which in fact are not.
The problem is that SIP is inherently NAT unfriendly, and there are hacks and kludges to get around these inherent inabilities, but they remain just that -- hacks and kludges.
Strangely, I noticed this evening that, using WinSTUN, my Linksys gateway is reported as not supporting Hairpinning... and yet it clearly does. What are the sort of tests done to check that in a test program like WinSTUN?
N.
On Mon, 05 Dec 2005 16:45:06 -0800, S G wrote
Hello,
I have SER setup to only use the rtpproxy if the client is behind a symmetric NAT. This is accomplished by using STUN since STUN will not modify the contact headers if it detects a symmetric NAT. So SER see's the local address in the contact header and only forces rtpproxy for those types of call. When users are behind the same NAT then ser detects this using AVP's and force_rtpproxy is not used for the call. This only works when STUN is not enabled. Since when STUN succeeds the orignal local address of the phone is changed to the public address in the sip message. So when two STUN enabled clients try to call each other from behind the same nat the call fails. The call fails because the NAT does not support harpin of media as most don't. The only way this call would work is if the contacts could be changed back to use their local addresses pre-STUN. How can SER be instructed to use the local address for calls behind the same NAT when STUN is enabled? One way I can think of doing this is to change nathelper to extract the original IP from the VIA header and rewrite the SDP. In the SIP trace i see only IP's in contact headers and SDP are changed when STUN succeeds. Is there a simpler way to accomplish this?
Thanks, Sumeet
Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/