Dear all,
This is my first post after reading a lot in this mailing-list. I'm trying to use Kamailio 5.1 with the dispatcher module and rtpengine acting as SIP + RTP proxy. I have 6 asterisk servers in a private subnet that should talk with the peer via a single IP like this:
Asterisk 1..n|---> | GW.PRIVATE.IP -o- GW.PUBLIC.IP |----> PEER.SIP.TRUNK
I'm on Centos 7, with firewalld configured, iptables module is loaded and the rule is well defined. Packet forwarding is also enabled.
Chain rtpengine (1 references) target prot opt source destination RTPENGINE udp -- anywhere anywhere RTPENGINE id:40
My call flow seems to be fine, Kamailio/rtpengine private IP is the outboundproxy parameter of Asterisk instances.
My problem is that RTP packets are not present on the public interface, the rtpengine final log showing the 2 sessions, but I'm not sure this is what I want or simply the firewall does not let it out ? (To be more precise PEER.SIP.TRUNK is the trunk for SIP traffic, I have multiple IP addresses for media to connect to, reinvites are allowed)
Closing call due to timeout Final packet stats: --- Tag 'as6d12caea', created 1:00 ago for branch '', in dialogue with 'as541b1e61' ------ Media #1 (audio over RTP/AVP) using unknown codec --------- Port GW.PRIVATE.IP:10000 <> 192.168.30.13:11152, SSRC 0, 0 p, 0 b, 0 e, 60 ts --------- Port GW.PRIVATE.IP:10001 <> 192.168.30.13:11153 (RTCP), SSRC 0, 0 p, 0 b, 0 e, 60 ts
--- Tag 'as541b1e61', created 1:00 ago for branch '', in dialogue with 'as6d12caea' ------ Media #1 (audio over RTP/AVP) using unknown codec --------- Port GW.PUBLIC.IP:10000 <> PEER.SIP.TRUNK:28216, SSRC 0, 0 p, 0 b, 0 e, 60 ts --------- Port GW.PUBLIC.IP:10001 <> PEER.SIP.TRUNK:28217 (RTCP), SSRC 0, 0 p, 0 b, 0 e, 60 ts
Best regards,
Istvan
On 01/04/2019 09.14, Istvan Mogyorosi wrote:
Dear all,
This is my first post after reading a lot in this mailing-list. I'm trying to use Kamailio 5.1 with the dispatcher module and rtpengine acting as SIP + RTP proxy. I have 6 asterisk servers in a private subnet that should talk with the peer via a single IP like this:
Asterisk 1..n|---> | GW.PRIVATE.IP -o- GW.PUBLIC.IP |----> PEER.SIP.TRUNK
I'm on Centos 7, with firewalld configured, iptables module is loaded and the rule is well defined. Packet forwarding is also enabled.
Chain rtpengine (1 references) target prot opt source destination RTPENGINE udp -- anywhere anywhere RTPENGINE id:40
My call flow seems to be fine, Kamailio/rtpengine private IP is the outboundproxy parameter of Asterisk instances.
My problem is that RTP packets are not present on the public interface, the rtpengine final log showing the 2 sessions, but I'm not sure this is what I want or simply the firewall does not let it out ? (To be more precise PEER.SIP.TRUNK is the trunk for SIP traffic, I have multiple IP addresses for media to connect to, reinvites are allowed)
Closing call due to timeout Final packet stats: --- Tag 'as6d12caea', created 1:00 ago for branch '', in dialogue with 'as541b1e61' ------ Media #1 (audio over RTP/AVP) using unknown codec --------- Port GW.PRIVATE.IP:10000 <> 192.168.30.13:11152, SSRC 0, 0 p, 0 b, 0 e, 60 ts --------- Port GW.PRIVATE.IP:10001 <> 192.168.30.13:11153 (RTCP), SSRC 0, 0 p, 0 b, 0 e, 60 ts
--- Tag 'as541b1e61', created 1:00 ago for branch '', in dialogue with 'as6d12caea' ------ Media #1 (audio over RTP/AVP) using unknown codec --------- Port GW.PUBLIC.IP:10000 <> PEER.SIP.TRUNK:28216, SSRC 0, 0 p, 0 b, 0 e, 60 ts --------- Port GW.PUBLIC.IP:10001 <> PEER.SIP.TRUNK:28217 (RTCP), SSRC 0, 0 p, 0 b, 0 e, 60 ts
These are all reception counters, so this is a problem of packets not being received. Having the iptables RTPENGINE rule installed does not automatically allow the packets to pass through your firewall. You have to do that separately.
Cheers
Hello
Thanks Richard, You were right. Now the codec is recognized, and statistics show real data. Just a quick recap what needs to be done: - enable packet forwarding - firewalld add service SIP and UDP port range to enable incoming traffic - enable packet flow between external / internal interfaces using FORWARD and POSTROUTING direct rules - setup masquerading for the internal network
Cheers, Istvan
Richard Fuchs a écrit le 01/04/2019 à 20:02 :
On 01/04/2019 09.14, Istvan Mogyorosi wrote:
Dear all,
This is my first post after reading a lot in this mailing-list. I'm trying to use Kamailio 5.1 with the dispatcher module and rtpengine acting as SIP + RTP proxy. I have 6 asterisk servers in a private subnet that should talk with the peer via a single IP like this:
Asterisk 1..n|---> | GW.PRIVATE.IP -o- GW.PUBLIC.IP |----> PEER.SIP.TRUNK
I'm on Centos 7, with firewalld configured, iptables module is loaded and the rule is well defined. Packet forwarding is also enabled.
Chain rtpengine (1 references) target prot opt source destination RTPENGINE udp -- anywhere anywhere RTPENGINE id:40
My call flow seems to be fine, Kamailio/rtpengine private IP is the outboundproxy parameter of Asterisk instances.
My problem is that RTP packets are not present on the public interface, the rtpengine final log showing the 2 sessions, but I'm not sure this is what I want or simply the firewall does not let it out ? (To be more precise PEER.SIP.TRUNK is the trunk for SIP traffic, I have multiple IP addresses for media to connect to, reinvites are allowed)
Closing call due to timeout Final packet stats: --- Tag 'as6d12caea', created 1:00 ago for branch '', in dialogue with 'as541b1e61' ------ Media #1 (audio over RTP/AVP) using unknown codec --------- Port GW.PRIVATE.IP:10000 <> 192.168.30.13:11152, SSRC 0, 0 p, 0 b, 0 e, 60 ts --------- Port GW.PRIVATE.IP:10001 <> 192.168.30.13:11153 (RTCP), SSRC 0, 0 p, 0 b, 0 e, 60 ts
--- Tag 'as541b1e61', created 1:00 ago for branch '', in dialogue with 'as6d12caea' ------ Media #1 (audio over RTP/AVP) using unknown codec --------- Port GW.PUBLIC.IP:10000 <> PEER.SIP.TRUNK:28216, SSRC 0, 0 p, 0 b, 0 e, 60 ts --------- Port GW.PUBLIC.IP:10001 <> PEER.SIP.TRUNK:28217 (RTCP), SSRC 0, 0 p, 0 b, 0 e, 60 ts
These are all reception counters, so this is a problem of packets not being received. Having the iptables RTPENGINE rule installed does not automatically allow the packets to pass through your firewall. You have to do that separately.
Cheers
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-
Istvan Mogyorosi -
Richard Fuchs