Hi, ALL:
I can't not make sure my view point between STUN and mediaproxy.
Please explain for me.
In my view, if NATed UACs want to make a call,
the solutions shall be nathelper, mediaproxy or building a STUN server.
If NATed UACs set their own STUN server's IP correctly,
and they want to talk with each other will be in a "direct"
(RTP will not pass through SER) mode, is it correct? And the STUN server
will tell our UACs what's their NAT gateway's IP(behind what kind
of network environment , and UACs will send these informations to SER?
In another word, it is not necessary to use media proxy to pass their
RTP channel?
If it is correctly, so we will not to set any mediaproxy daemon for
them, is it correct?
If it is not, can anyone tell me why it is not?
If ignore the STUN issue, I use the mediaproxy's ser.cfg as my template ser.cfg.
But I find all UACs's RTP packages will pass through my SER wether
behind NAT or not( read IPs ). How can I modify my ser.cfg and make a
call directly without pass through SER if two UACs are all real IPs?
----------------- subset of my ser.cfg -------------------------
# ----------- global configuration parameters ------------------------
(skip something........)
# -- mediaproxy params --
modparam("mediaproxy", "natping_interval", 30)
modparam("mediaproxy", "sip_asymmetrics",
"/usr/local/etc/ser/sip-asymmetric-clients")
modparam("mediaproxy", "rtp_asymmetrics",
"/usr/local/etc/ser/rtp-asymmetric-clients")
# -- usrloc params --
modparam("usrloc", "db_mode", 1)
modparam("usrloc", "timer_interval", 60)
modparam("usrloc", "desc_time_order", 1)
# -- registration params --
modparam("registrar", "nat_flag", 2)
modparam("registrar", "min_expires", 60)
modparam("registrar", "max_expires", 86400)
modparam("registrar", "default_expires", 3600)
modparam("registrar", "append_branches", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route {
(skip something........)
# ------------------------------------------------------------------------
# NAT Test Section #1
# ------------------------------------------------------------------------
if (method=="REGISTER" && client_nat_test("3")) {
fix_contact();
force_rport();
setflag(2);
};
# ------------------------------------------------------------------------
# Registration Section
# ------------------------------------------------------------------------
if (method=="REGISTER") {
# allow all requests from user 700 - the Click2Dial controller
if (!isflagset(14)) {
if (!is_from_local()) {
sl_send_reply("403", "Unknown Domain");
break;
};
if (!www_authorize("", "subscriber")) {
www_challenge("", "0");
break;
};
if (!check_to()) {
sl_send_reply("401", "Unauthorized");
break;
};
# To - Use To username and (optionally) domain to check
if (is_user_in("To", "demo-disabled")) {
sl_send_reply("403", "Your evaluation period has expired");
break;
};
# To - Use To username and (optionally) domain to check
if (is_user_in("To", "disabled")) {
sl_send_reply("403", "Your account has been disabled");
break;
};
};
# snom sip phones use this header to start their
# keep-alive mechanism for NAT bindings
append_to_reply("P-NAT-Refresh: 15\r\n");
if (!save("location")) {
sl_reply_error();
};
break;
};
(skip something........)
# ------------------------------------------------------------------------
# NAT Tear-Down Section
# ------------------------------------------------------------------------
if ((method == "BYE" || method == "CANCEL")) {
end_media_session();
};
# ------------------------------------------------------------------------
# Record Route Section
# ------------------------------------------------------------------------
if (!method=="REGISTER") {
record_route();
};
# ------------------------------------------------------------------------
# Loose Route Section
# ------------------------------------------------------------------------
if (loose_route()) {
route(2);
break;
};
# ------------------------------------------------------------------------
# NAT Test Section #1
# ------------------------------------------------------------------------
if (client_nat_test("3") && !search("^Record-Route:")) {
force_rport();
fix_contact();
};
# ------------------------------------------------------------------------
# Alias Routing Section
# ------------------------------------------------------------------------
lookup("aliases");
if (!uri==myself) {
route(2);
break;
};
(skip something........)
route[1] {
(skip something........)
}
route[2] {
log(1, "SER: SIP Call On-Net section route(2)\n");
if ((method=="INVITE") && !allow_trusted()) {
if (!proxy_authorize("", "subscriber")) {
proxy_challenge("", "0");
break;
} else if (!check_from()) {
log(1, "Spoofed SIP call attempt");
sl_send_reply("403", "Use From=ID");
break;
} else if (!(is_from_local() || is_uri_host_local())) {
sl_send_reply("403", "Please register to use our service");
break;
};
};
if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" &&
!search("^Route:")){
sl_send_reply("479", "We don't forward to private IP
addresses");
break;
};
if (method=="INVITE" || method=="ACK") {
use_media_proxy();
};
t_on_failure("1");
t_on_reply("1");
if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
end_media_session();
};
sl_reply_error();
};
}
onreply_route[1] {
# Not all 2xx messages have a content body so here we
# make sure our Content-Length > 0 to avoid a parse error
if (status=~"(180)|(183)|2[0-9][0-9]") {
if (!search("^Content-Length:\ 0")) {
use_media_proxy();
};
};
if (client_nat_test("1")) {
fix_contact();
};
}
---------------- END HERE ---------------------------------------
---------------- default mediaproxy's ser.cfg ----------------
# Example ser.cfg for mediaproxy functionality
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/domain.so"
loadmodule "/usr/lib/ser/modules/mediaproxy.so"
modparam("mediaproxy", "natping_interval", 60)
modparam("registrar", "nat_flag", 2)
route{
if (!mf_process_maxfwd_header("10")) {
if (method!="ACK") {
sl_send_reply("483", "Too many hops");
};
break;
};
if (msg:len >= max_len) {
if (method!="ACK") {
sl_send_reply("513", "Message too big");
};
break;
};
if (method=="REGISTER") {
if (is_from_local()) {
# Mark as NAT'ed
if (client_nat_test("3")) {
setflag(2);
force_rport();
fix_contact();
};
if (!www_authorize("", "subscriber")) {
www_challenge("", "0");
break;
} else if (!check_to()) {
sl_send_reply("403", "Username!=To not allowed");
break;
};
if (!save("location")) {
sl_reply_error();
};
} else {
sl_send_reply("403", "This domain is not served here");
};
break;
};
if (method=="INVITE") {
if (!(is_from_local() || is_uri_host_local())) {
sl_send_reply("403", "Relaying is forbidden");
break;
};
t_on_failure("1");
} else if (method == "BYE" || method == "CANCEL") {
end_media_session();
};
if (loose_route()) {
if (method=="INVITE" || method=="ACK") {
use_media_proxy();
};
# end media session for BYE and CANCEL is done above
# before entering the loose route. no need to call it here
t_relay();
break;
};
# Force subsequent messages to pass trough this proxy
if (method == "INVITE") {
record_route();
};
if (client_nat_test("3") && !search("^Record-Route:")) {
# Mark as NAT'ed
force_rport();
fix_contact();
};
if (method=="INVITE") {
t_on_reply("1");
};
if (is_uri_host_local()) { # join with next if?
if (!lookup("location")) {
sl_send_reply("404", "User not found");
break;
};
};
if (method=="INVITE" || method=="ACK") {
use_media_proxy();
};
if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
end_media_session();
};
sl_reply_error();
};
}
failure_route[1] {
end_media_session();
}
onreply_route[1] {
if (status=~"(183)|(2[0-9][0-9])") {
if (client_nat_test("1")) {
fix_contact();
};
use_media_proxy();
};
}
--
Best Regards
Charles