Hi!
I'm experiencing problems using openser and rtpproxy on a multihomed box (IP addresses are 137.208.89.45 and 137.208.89.65).
The client (firewalled) contacts the server via the first IP address (137.208.89.45) but rtpproxy sometimes uses it's second IP (137.208.89.65) in the "c=" SDP-information. (See below.) However it _sends_ RTP packets from the _first_ IP address. Those packets will never pass through the firewall, of course, since the clients outgoing RTP traffic is sent to another IP address than the incoming traffic is hitting the firewall from.
Is there a way to tell rtpproxy to use the same IP-address both for the c= SDP header and as source address?
-------------------- 8< -------------------- ## T 2007/06/05 15:57:36.041537 137.208.89.45:5060 -> 137.208.90.164:3099 [AP] SIP/2.0 183 Session Progress. Via: SIP/2.0/TCP 137.208.90.164:56136;branch=z9hG4bK-d87543-a107a77a6311422d-1--d87543-;rport=3099. From: "Alexander Bergolth"sip:30001@wu-wien.ac.at;tag=5b6d7b31. To: "996050"sip:996050@wu-wien.ac.at;tag=as2e40807f. Call-ID: MTVjYzlhMDdjMjAwODExZDEyNzk5M2IwN2UxNjhlYTc.. CSeq: 2 INVITE. User-Agent: Asterisk PBX. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY. Supported: replaces. Contact: sip:996050@137.208.89.135. Content-Type: application/sdp. Content-Length: 283. . v=0. o=root 6978 6978 IN IP4 137.208.89.135. s=session. c=IN IP4 137.208.89.65. t=0 0. m=audio 35064 RTP/AVP 0 8 101. a=rtpmap:0 PCMU/8000. a=rtpmap:8 PCMA/8000. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-16. a=silenceSupp:off - - - -. a=ptime:20. a=sendrecv. a=nortpproxy:yes. -------------------- 8< --------------------
-------------------- 8< -------------------- 15:57:35.814136 IP 137.208.90.164.3099 > 137.208.89.45.5060: P 4236850032:4236851080(1048) ack 224540451 win 64256 15:57:35.814147 IP 137.208.89.45.5060 > 137.208.90.164.3099: . ack 1048 win 2003 15:57:35.814351 IP 137.208.89.45.5060 > 137.208.90.164.3099: P 1:550(549) ack 1048 win 2003 15:57:35.814430 IP 137.208.89.45.5060 > 137.208.90.164.3099: P 550:1264(714) ack 1048 win 2003 15:57:35.814850 IP 137.208.90.164.3099 > 137.208.89.45.5060: . ack 1264 win 64177 15:57:35.915829 IP 137.208.90.164.3099 > 137.208.89.45.5060: P 1048:1418(370) ack 1264 win 64177 15:57:35.955948 IP 137.208.89.45.5060 > 137.208.90.164.3099: . ack 1418 win 2003 15:57:36.017309 IP 137.208.90.164.3099 > 137.208.89.45.5060: P 1418:2672(1254) ack 1264 win 64177 15:57:36.017320 IP 137.208.89.45.5060 > 137.208.90.164.3099: . ack 2672 win 2003 15:57:36.017397 IP 137.208.89.45.5060 > 137.208.90.164.3099: P 1264:1813(549) ack 2672 win 2003 15:57:36.018604 IP 137.208.89.45.5060 > 137.208.90.164.3099: P 1813:2388(575) ack 2672 win 2003 15:57:36.019170 IP 137.208.90.164.3099 > 137.208.89.45.5060: . ack 2388 win 64256 15:57:36.041454 IP 137.208.89.45.35064 > 137.208.90.164.10676: UDP, length 172 15:57:36.041537 IP 137.208.89.45.5060 > 137.208.90.164.3099: P 2388:3200(812) ack 2672 win 2003 15:57:36.046899 IP 137.208.90.164.10677 > 137.208.89.65.35065: UDP, length 132 15:57:36.061155 IP 137.208.89.45.35064 > 137.208.90.164.10676: UDP, length 172 15:57:36.080128 IP 137.208.90.164.10676 > 137.208.89.65.35064: UDP, length 172 15:57:36.081157 IP 137.208.89.45.35064 > 137.208.90.164.10676: UDP, length 172 [...] -------------------- 8< --------------------
Thanks in advance, --leo
P.S.: I'm using openser-1.2 and rtpproxy-cvs20070222.
Alexander Bergolth wrote:
Hi!
I'm experiencing problems using openser and rtpproxy on a multihomed box (IP addresses are 137.208.89.45 and 137.208.89.65).
The client (firewalled) contacts the server via the first IP address (137.208.89.45) but rtpproxy sometimes uses it's second IP (137.208.89.65) in the "c=" SDP-information. (See below.) However it _sends_ RTP packets from the _first_ IP address. Those packets will never pass through the firewall, of course, since the clients outgoing RTP traffic is sent to another IP address than the incoming traffic is hitting the firewall from.
Is there a way to tell rtpproxy to use the same IP-address both for the c= SDP header and as source address?
I guess you need the bridge mode of rtp proxy. Take a look at the "flags":
http://openser.org/docs/modules/devel/nathelper#AEN296
klaus
On 06/06/2007 07:29 PM, Klaus Darilion wrote:
Alexander Bergolth wrote:
I'm experiencing problems using openser and rtpproxy on a multihomed box (IP addresses are 137.208.89.45 and 137.208.89.65).
The client (firewalled) contacts the server via the first IP address (137.208.89.45) but rtpproxy sometimes uses it's second IP (137.208.89.65) in the "c=" SDP-information. (See below.) However it _sends_ RTP packets from the _first_ IP address. Those packets will never pass through the firewall, of course, since the clients outgoing RTP traffic is sent to another IP address than the incoming traffic is hitting the firewall from.
Is there a way to tell rtpproxy to use the same IP-address both for the c= SDP header and as source address?
I guess you need the bridge mode of rtp proxy. Take a look at the "flags": http://openser.org/docs/modules/devel/nathelper#AEN296
Yes, I did already read it but I still didn't get the clue yet. :(
In my configuration, there is no internal and external net, both IP addresses are in the same subnet using public IP addresses.
What I'd like to achieve: The openser/rtpproxy server has some IP addresses and receives and sends SIP traffic on all of those interfaces. rtpproxy should simply use that local IP address for its RTP connection to the client from which the SIP traffic from the client came in.
I've tried to use force_rtp_proxy("", "$Ri") but that leads to the SDP-line "c=$Ri". Maybe the nathelper-module doesn't support pseudo-variables?
Cheers, --leo
Hi Alex,
It all depends on your routing table. The OS will choose the src IP for you unless you force it.
If you receive RTP traffic on one interface and want to send it from the other one, then you need to run rtpproxy in bridge mode, otherwise, you can run two rtpproxy in parallel (use -l to specify the interface) and use openser 1.3 (the trunk version) to choose between the two rtpproxy servers.
BTW, why do you want to run openSER/rtpproxy in this scenario?
Regards, Ovidiu Sas
On 6/6/07, Alexander 'Leo' Bergolth leo@strike.wu-wien.ac.at wrote:
On 06/06/2007 07:29 PM, Klaus Darilion wrote:
Alexander Bergolth wrote:
I'm experiencing problems using openser and rtpproxy on a multihomed box (IP addresses are 137.208.89.45 and 137.208.89.65).
The client (firewalled) contacts the server via the first IP address (137.208.89.45) but rtpproxy sometimes uses it's second IP (137.208.89.65) in the "c=" SDP-information. (See below.) However it _sends_ RTP packets from the _first_ IP address. Those packets will never pass through the firewall, of course, since the clients outgoing RTP traffic is sent to another IP address than the incoming traffic is hitting the firewall from.
Is there a way to tell rtpproxy to use the same IP-address both for the c= SDP header and as source address?
I guess you need the bridge mode of rtp proxy. Take a look at the "flags": http://openser.org/docs/modules/devel/nathelper#AEN296
Yes, I did already read it but I still didn't get the clue yet. :(
In my configuration, there is no internal and external net, both IP addresses are in the same subnet using public IP addresses.
What I'd like to achieve: The openser/rtpproxy server has some IP addresses and receives and sends SIP traffic on all of those interfaces. rtpproxy should simply use that local IP address for its RTP connection to the client from which the SIP traffic from the client came in.
I've tried to use force_rtp_proxy("", "$Ri") but that leads to the SDP-line "c=$Ri". Maybe the nathelper-module doesn't support pseudo-variables?
Cheers,
--leo
e-mail ::: Alexander.Bergolth (at) wu-wien.ac.at fax ::: +43-1-31336-906050 location ::: Computer Center | Vienna University of Economics | Austria
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
On 06/06/2007 09:43 PM, Ovidiu Sas wrote:
It all depends on your routing table. The OS will choose the src IP for you unless you force it.
Yes, I guess I should set the preferred source address via the "src" option to ip route. Right now, I don't specify the preferred source address and it did use the first IP for sending RTP traffic for some month now. But since yesterday (no reboot or routing table change involved) it used the second IP for sending which is bad because the incoming traffic is destined to the first address.
If you receive RTP traffic on one interface and want to send it from the other one, then you need to run rtpproxy in bridge mode, otherwise, you can run two rtpproxy in parallel (use -l to specify the interface) and use openser 1.3 (the trunk version) to choose between the two rtpproxy servers.
I don't think this will be necessary, thanks.
BTW, why do you want to run openSER/rtpproxy in this scenario?
It just happened by accident. ;) The server has two IP addresses in the same subnet for administrative reasons but the SRV records for SIP are only pointing to one address. So I can easily set the preferred source address for outgoing traffic with ip route change default via <gw> dev eth0 src <ip_a> ... to this address.
Thanks, --leo
On 6/6/07, Alexander 'Leo' Bergolth leo@strike.wu-wien.ac.at wrote:
On 06/06/2007 07:29 PM, Klaus Darilion wrote:
Alexander Bergolth wrote:
I'm experiencing problems using openser and rtpproxy on a
multihomed box
(IP addresses are 137.208.89.45 and 137.208.89.65).
The client (firewalled) contacts the server via the first IP address (137.208.89.45) but rtpproxy sometimes uses it's second IP (137.208.89.65) in the "c=" SDP-information. (See below.) However it _sends_ RTP packets from the _first_ IP address. Those packets will never pass through the firewall, of course, since the clients outgoing RTP traffic is sent to another IP address than the incoming traffic is hitting the firewall from.
Is there a way to tell rtpproxy to use the same IP-address both for
the
c= SDP header and as source address?
I guess you need the bridge mode of rtp proxy. Take a look at the
"flags":
Yes, I did already read it but I still didn't get the clue yet. :(
In my configuration, there is no internal and external net, both IP addresses are in the same subnet using public IP addresses.
What I'd like to achieve: The openser/rtpproxy server has some IP addresses and receives and sends SIP traffic on all of those interfaces. rtpproxy should simply use that local IP address for its RTP connection to the client from which the SIP traffic from the client came in.
I've tried to use force_rtp_proxy("", "$Ri") but that leads to the SDP-line "c=$Ri". Maybe the nathelper-module doesn't support pseudo-variables?
Cheers,
--leo
e-mail ::: Alexander.Bergolth (at) wu-wien.ac.at fax ::: +43-1-31336-906050 location ::: Computer Center | Vienna University of Economics | Austria
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Alexander 'Leo' Bergolth -
Alexander Bergolth
-
Klaus Darilion -
Ovidiu Sas