22 Mar
2005
22 Mar
'05
12:05 p.m.
Hi, ALL:
I can't not make sure my view point between STUN and mediaproxy.
Please explain for me.
In my view, if NATed UACs want to make a call,
the solutions shall be nathelper, mediaproxy or building a STUN server.
If NATed UACs set their own STUN server's IP correctly,
and they want to talk with each other will be in a "direct"
(RTP will not pass through SER) mode, is it correct? And the STUN server
will tell our UACs what's their NAT gateway's IP(behind what kind
of network environment , and UACs will send these informations to SER?
In another word, it is not necessary to use media proxy to pass their
RTP channel?
If it is correctly, so we will not to set any mediaproxy daemon for
them, is it correct?
If it is not, can anyone tell me why it is not?
If ignore the STUN issue, I use the mediaproxy's ser.cfg as my template ser.cfg.
But I find all UACs's RTP packages will pass through my SER wether
behind NAT or not( read IPs ). How can I modify my ser.cfg and make a
call directly without pass through SER if two UACs are all real IPs?
----------------- subset of my ser.cfg -------------------------
# ----------- global configuration parameters ------------------------
(skip something........)
# -- mediaproxy params --
modparam("mediaproxy", "natping_interval", 30)
modparam("mediaproxy", "sip_asymmetrics",
"/usr/local/etc/ser/sip-asymmetric-clients")
modparam("mediaproxy", "rtp_asymmetrics",
"/usr/local/etc/ser/rtp-asymmetric-clients")
# -- usrloc params --
modparam("usrloc", "db_mode", 1)
modparam("usrloc", "timer_interval", 60)
modparam("usrloc", "desc_time_order", 1)
# -- registration params --
modparam("registrar", "nat_flag", 2)
modparam("registrar", "min_expires", 60)
modparam("registrar", "max_expires", 86400)
modparam("registrar", "default_expires", 3600)
modparam("registrar", "append_branches", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route {
(skip something........)
# ------------------------------------------------------------------------
# NAT Test Section #1
# ------------------------------------------------------------------------
if (method=="REGISTER" && client_nat_test("3")) {
fix_contact();
force_rport();
setflag(2);
};
# ------------------------------------------------------------------------
# Registration Section
# ------------------------------------------------------------------------
if (method=="REGISTER") {
# allow all requests from user 700 - the Click2Dial controller
if (!isflagset(14)) {
if (!is_from_local()) {
sl_send_reply("403", "Unknown Domain");
break;
};
if (!www_authorize("", "subscriber")) {
www_challenge("", "0");
break;
};
if (!check_to()) {
sl_send_reply("401", "Unauthorized");
break;
};
# To - Use To username and (optionally) domain to check
if (is_user_in("To", "demo-disabled")) {
sl_send_reply("403", "Your evaluation period has expired");
break;
};
# To - Use To username and (optionally) domain to check
if (is_user_in("To", "disabled")) {
sl_send_reply("403", "Your account has been disabled");
break;
};
};
# snom sip phones use this header to start their
# keep-alive mechanism for NAT bindings
append_to_reply("P-NAT-Refresh: 15\r\n");
if (!save("location")) {
sl_reply_error();
};
break;
};
(skip something........)
# ------------------------------------------------------------------------
# NAT Tear-Down Section
# ------------------------------------------------------------------------
if ((method == "BYE" || method == "CANCEL")) {
end_media_session();
};
# ------------------------------------------------------------------------
# Record Route Section
# ------------------------------------------------------------------------
if (!method=="REGISTER") {
record_route();
};
# ------------------------------------------------------------------------
# Loose Route Section
# ------------------------------------------------------------------------
if (loose_route()) {
route(2);
break;
};
# ------------------------------------------------------------------------
# NAT Test Section #1
# ------------------------------------------------------------------------
if (client_nat_test("3") && !search("^Record-Route:")) {
force_rport();
fix_contact();
};
# ------------------------------------------------------------------------
# Alias Routing Section
# ------------------------------------------------------------------------
lookup("aliases");
if (!uri==myself) {
route(2);
break;
};
(skip something........)
route[1] {
(skip something........)
}
route[2] {
log(1, "SER: SIP Call On-Net section route(2)\n");
if ((method=="INVITE") && !allow_trusted()) {
if (!proxy_authorize("", "subscriber")) {
proxy_challenge("", "0");
break;
} else if (!check_from()) {
log(1, "Spoofed SIP call attempt");
sl_send_reply("403", "Use From=ID");
break;
} else if (!(is_from_local() || is_uri_host_local())) {
sl_send_reply("403", "Please register to use our service");
break;
};
};
if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" &&
!search("^Route:")){
sl_send_reply("479", "We don't forward to private IP
addresses");
break;
};
if (method=="INVITE" || method=="ACK") {
use_media_proxy();
};
t_on_failure("1");
t_on_reply("1");
if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
end_media_session();
};
sl_reply_error();
};
}
onreply_route[1] {
# Not all 2xx messages have a content body so here we
# make sure our Content-Length > 0 to avoid a parse error
if (status=~"(180)|(183)|2[0-9][0-9]") {
if (!search("^Content-Length:\ 0")) {
use_media_proxy();
};
};
if (client_nat_test("1")) {
fix_contact();
};
}
---------------- END HERE ---------------------------------------
---------------- default mediaproxy's ser.cfg ----------------
# Example ser.cfg for mediaproxy functionality
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/domain.so"
loadmodule "/usr/lib/ser/modules/mediaproxy.so"
modparam("mediaproxy", "natping_interval", 60)
modparam("registrar", "nat_flag", 2)
route{
if (!mf_process_maxfwd_header("10")) {
if (method!="ACK") {
sl_send_reply("483", "Too many hops");
};
break;
};
if (msg:len >= max_len) {
if (method!="ACK") {
sl_send_reply("513", "Message too big");
};
break;
};
if (method=="REGISTER") {
if (is_from_local()) {
# Mark as NAT'ed
if (client_nat_test("3")) {
setflag(2);
force_rport();
fix_contact();
};
if (!www_authorize("", "subscriber")) {
www_challenge("", "0");
break;
} else if (!check_to()) {
sl_send_reply("403", "Username!=To not allowed");
break;
};
if (!save("location")) {
sl_reply_error();
};
} else {
sl_send_reply("403", "This domain is not served here");
};
break;
};
if (method=="INVITE") {
if (!(is_from_local() || is_uri_host_local())) {
sl_send_reply("403", "Relaying is forbidden");
break;
};
t_on_failure("1");
} else if (method == "BYE" || method == "CANCEL") {
end_media_session();
};
if (loose_route()) {
if (method=="INVITE" || method=="ACK") {
use_media_proxy();
};
# end media session for BYE and CANCEL is done above
# before entering the loose route. no need to call it here
t_relay();
break;
};
# Force subsequent messages to pass trough this proxy
if (method == "INVITE") {
record_route();
};
if (client_nat_test("3") && !search("^Record-Route:")) {
# Mark as NAT'ed
force_rport();
fix_contact();
};
if (method=="INVITE") {
t_on_reply("1");
};
if (is_uri_host_local()) { # join with next if?
if (!lookup("location")) {
sl_send_reply("404", "User not found");
break;
};
};
if (method=="INVITE" || method=="ACK") {
use_media_proxy();
};
if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
end_media_session();
};
sl_reply_error();
};
}
failure_route[1] {
end_media_session();
}
onreply_route[1] {
if (status=~"(183)|(2[0-9][0-9])") {
if (client_nat_test("1")) {
fix_contact();
};
use_media_proxy();
};
}
--
Best Regards
Charles
22 Mar
22 Mar
2:50 p.m.
New subject: [Serusers] HELP me: Confuse between mediaproxy and STUN
Hi, ALL:
I can't not make sure my view point between STUN and mediaproxy.
Please explain for me.
In my view, if NATed UACs want to make a call,
the solutions shall be nathelper, mediaproxy or building a STUN server.
If NATed UACs set their own STUN server's IP correctly,
and they want to talk with each other will be in a "direct"
(RTP will not pass through SER) mode, is it correct? And the STUN server
will tell our UACs what's their NAT gateway's IP(behind what kind
of network environment , and UACs will send these informations to SER?
In another word, it is not necessary to use media proxy to pass their
RTP channel?
If it is correctly, so we will not to set any mediaproxy daemon for
them, is it correct?
If it is not, can anyone tell me why it is not?
If ignore the STUN issue, I use the mediaproxy's ser.cfg as my template ser.cfg.
But I find all UACs's RTP packages will pass through my SER wether
behind NAT or not( read IPs ). How can I modify my ser.cfg and make a
call directly without pass through SER if two UACs are all real IPs?
----------------- subset of my ser.cfg -------------------------
# ----------- global configuration parameters ------------------------
(skip something........)
# -- mediaproxy params --
modparam("mediaproxy", "natping_interval", 30)
modparam("mediaproxy", "sip_asymmetrics",
"/usr/local/etc/ser/sip-asymmetric-clients")
modparam("mediaproxy", "rtp_asymmetrics",
"/usr/local/etc/ser/rtp-asymmetric-clients")
# -- usrloc params --
modparam("usrloc", "db_mode", 1)
modparam("usrloc", "timer_interval", 60)
modparam("usrloc", "desc_time_order", 1)
# -- registration params --
modparam("registrar", "nat_flag", 2)
modparam("registrar", "min_expires", 60)
modparam("registrar", "max_expires", 86400)
modparam("registrar", "default_expires", 3600)
modparam("registrar", "append_branches", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route {
(skip something........)
# ------------------------------------------------------------------------
# NAT Test Section #1
# ------------------------------------------------------------------------
if (method=="REGISTER" && client_nat_test("3")) {
fix_contact();
force_rport();
setflag(2);
};
# ------------------------------------------------------------------------
# Registration Section
# ------------------------------------------------------------------------
if (method=="REGISTER") {
# allow all requests from user 700 - the Click2Dial controller
if (!isflagset(14)) {
if (!is_from_local()) {
sl_send_reply("403", "Unknown
Domain");
break;
};
if (!www_authorize("", "subscriber")) {
www_challenge("", "0");
break;
};
if (!check_to()) {
sl_send_reply("401", "Unauthorized");
break;
};
# To - Use To username and (optionally) domain to check
if (is_user_in("To", "demo-disabled")) {
sl_send_reply("403", "Your evaluation
period has expired");
break;
};
# To - Use To username and (optionally) domain to check
if (is_user_in("To", "disabled")) {
sl_send_reply("403", "Your account has
been disabled");
break;
};
};
# snom sip phones use this header to start their
# keep-alive mechanism for NAT bindings
append_to_reply("P-NAT-Refresh: 15\r\n");
if (!save("location")) {
sl_reply_error();
};
break;
};
(skip something........)
# ------------------------------------------------------------------------
# NAT Tear-Down Section
# ------------------------------------------------------------------------
if ((method == "BYE" || method == "CANCEL")) {
end_media_session();
};
# ------------------------------------------------------------------------
# Record Route Section
# ------------------------------------------------------------------------
if (!method=="REGISTER") {
record_route();
};
# ------------------------------------------------------------------------
# Loose Route Section
# ------------------------------------------------------------------------
if (loose_route()) {
route(2);
break;
};
# ------------------------------------------------------------------------
# NAT Test Section #1
# ------------------------------------------------------------------------
if (client_nat_test("3") && !search("^Record-Route:"))
{
force_rport();
fix_contact();
};
# ------------------------------------------------------------------------
# Alias Routing Section
# ------------------------------------------------------------------------
lookup("aliases");
if (!uri==myself) {
route(2);
break;
};
(skip something........)
route[1] {
(skip something........)
}
route[2] {
log(1, "SER: SIP Call On-Net section route(2)\n");
if ((method=="INVITE") && !allow_trusted()) {
if (!proxy_authorize("", "subscriber")) {
proxy_challenge("", "0");
break;
} else if (!check_from()) {
log(1, "Spoofed SIP call attempt");
sl_send_reply("403", "Use From=ID");
break;
} else if (!(is_from_local() || is_uri_host_local())) {
sl_send_reply("403", "Please register to use
our service");
break;
};
};
if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)"
&&
!search("^Route:")){
sl_send_reply("479", "We don't forward to private IP
addresses");
break;
};
if (method=="INVITE" || method=="ACK") {
use_media_proxy();
};
t_on_failure("1");
t_on_reply("1");
if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
end_media_session();
};
sl_reply_error();
};
}
onreply_route[1] {
# Not all 2xx messages have a content body so here we
# make sure our Content-Length > 0 to avoid a parse error
if (status=~"(180)|(183)|2[0-9][0-9]") {
if (!search("^Content-Length:\ 0")) {
use_media_proxy();
};
};
if (client_nat_test("1")) {
fix_contact();
};
}
---------------- END HERE ---------------------------------------
---------------- default mediaproxy's ser.cfg ----------------
# Example ser.cfg for mediaproxy functionality
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/domain.so"
loadmodule "/usr/lib/ser/modules/mediaproxy.so"
modparam("mediaproxy", "natping_interval", 60)
modparam("registrar", "nat_flag", 2)
route{
if (!mf_process_maxfwd_header("10")) {
if (method!="ACK") {
sl_send_reply("483", "Too many hops");
};
break;
};
if (msg:len >= max_len) {
if (method!="ACK") {
sl_send_reply("513", "Message too big");
};
break;
};
if (method=="REGISTER") {
if (is_from_local()) {
# Mark as NAT'ed
if (client_nat_test("3")) {
setflag(2);
force_rport();
fix_contact();
};
if (!www_authorize("", "subscriber")) {
www_challenge("", "0");
break;
} else if (!check_to()) {
sl_send_reply("403", "Username!=To not allowed");
break;
};
if (!save("location")) {
sl_reply_error();
};
} else {
sl_send_reply("403", "This domain is not served here");
};
break;
};
if (method=="INVITE") {
if (!(is_from_local() || is_uri_host_local())) {
sl_send_reply("403", "Relaying is forbidden");
break;
};
t_on_failure("1");
} else if (method == "BYE" || method == "CANCEL") {
end_media_session();
};
if (loose_route()) {
if (method=="INVITE" || method=="ACK") {
use_media_proxy();
};
# end media session for BYE and CANCEL is done above
# before entering the loose route. no need to call it here
t_relay();
break;
};
# Force subsequent messages to pass trough this proxy
if (method == "INVITE") {
record_route();
};
if (client_nat_test("3") && !search("^Record-Route:")) {
# Mark as NAT'ed
force_rport();
fix_contact();
};
if (method=="INVITE") {
t_on_reply("1");
};
if (is_uri_host_local()) { # join with next if?
if (!lookup("location")) {
sl_send_reply("404", "User not found");
break;
};
};
if (method=="INVITE" || method=="ACK") {
use_media_proxy();
};
if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
end_media_session();
};
sl_reply_error();
};
}
failure_route[1] {
end_media_session();
}
onreply_route[1] {
if (status=~"(183)|(2[0-9][0-9])") {
if (client_nat_test("1")) {
fix_contact();
};
use_media_proxy();
};
}
--
Best Regards
Charles
3:26 p.m.
New subject: [Serusers] HELP me: Confuse between mediaproxy and STUN
Hello Charles,
Just to give you the big picture about NAT traversal mechanisms:
STUN is used to perform the NAT traversal on the client side - the UAC
is NAT aware (via STUN) and sends SIP messages using the public IP. From
server side, the UAC will look like a public one, so there no logic
required on server for this case.
nathelper and mediaproxy are rather equivalent and implement NAT
traversal on server side - UAC has nothing to know about NAT and send
messages with private IP. The server takes care about detecting a
correcting messages coming from behind a NAT.
Best regards
Marian
Charles Wang wrote:
Hi, ALL:
I can't not make sure my view point between STUN and mediaproxy.
Please explain for me.
In my view, if NATed UACs want to make a call,
the solutions shall be nathelper, mediaproxy or building a STUN server.
If NATed UACs set their own STUN server's IP correctly,
and they want to talk with each other will be in a "direct"
(RTP will not pass through SER) mode, is it correct? And the STUN server
will tell our UACs what's their NAT gateway's IP(behind what kind
of network environment , and UACs will send these informations to SER?
In another word, it is not necessary to use media proxy to pass their
RTP channel?
If it is correctly, so we will not to set any mediaproxy daemon for
them, is it correct?
If it is not, can anyone tell me why it is not?
If ignore the STUN issue, I use the mediaproxy's ser.cfg as my template ser.cfg.
But I find all UACs's RTP packages will pass through my SER wether
behind NAT or not( read IPs ). How can I modify my ser.cfg and make a
call directly without pass through SER if two UACs are all real IPs?
--
Voice System
http://www.voice-system.ro
3:55 p.m.
New subject: [Serusers] HELP me: Confuse between mediaproxy and STUN
Marian,
Thank you very much for your explain.
So, if a client side with STUN support and setting it correctly, is it
not necessary
to use media proxy(outboumd proxy setting)? If yes, my clients with
STUN should
can talk to each other without setting outbound proxy.
But in fact, I test this with two X-Pro running on two NATed PCs. I
find out they are always send its RTP to my SER not send to each other
directly. So it will add my SER's loading. Can you tell me how to
change my ser.cfg to avoid such condiction? Please....
On Tue, 22 Mar 2005 19:26:35 +0100, Marian Dumitru
<marian.dumitru(a)voice-sistem.ro> wrote:
Hello Charles,
Just to give you the big picture about NAT traversal mechanisms:
STUN is used to perform the NAT traversal on the client side - the UAC
is NAT aware (via STUN) and sends SIP messages using the public IP. From
server side, the UAC will look like a public one, so there no logic
required on server for this case.
nathelper and mediaproxy are rather equivalent and implement NAT
traversal on server side - UAC has nothing to know about NAT and send
messages with private IP. The server takes care about detecting a
correcting messages coming from behind a NAT.
Best regards
Marian
Charles Wang wrote:
--
Best Regards
Charles
Hi, ALL:
I can't not make sure my view point between STUN and mediaproxy.
Please explain for me.
In my view, if NATed UACs want to make a call,
the solutions shall be nathelper, mediaproxy or building a STUN server.
If NATed UACs set their own STUN server's IP correctly,
and they want to talk with each other will be in a "direct"
(RTP will not pass through SER) mode, is it correct? And the STUN server
will tell our UACs what's their NAT gateway's IP(behind what kind
of network environment , and UACs will send these informations to SER?
In another word, it is not necessary to use media proxy to pass their
RTP channel?
If it is correctly, so we will not to set any mediaproxy daemon for
them, is it correct?
If it is not, can anyone tell me why it is not?
If ignore the STUN issue, I use the mediaproxy's ser.cfg as my template ser.cfg.
But I find all UACs's RTP packages will pass through my SER wether
behind NAT or not( read IPs ). How can I modify my ser.cfg and make a
call directly without pass through SER if two UACs are all real IPs?
--
Voice System
http://www.voice-system.ro
4:08 p.m.
New subject: [Serusers] HELP me: Confuse between mediaproxy and STUN
Hi Charles,
It's correct, if _all_ clients use STUN (and a correct implementation)
you don't need mediaproxy or nathelper.
Best regards,
Marian
Charles Wang wrote:
Marian,
Thank you very much for your explain.
So, if a client side with STUN support and setting it correctly, is it
not necessary
to use media proxy(outboumd proxy setting)? If yes, my clients with
STUN should
can talk to each other without setting outbound proxy.
But in fact, I test this with two X-Pro running on two NATed PCs. I
find out they are always send its RTP to my SER not send to each other
directly. So it will add my SER's loading. Can you tell me how to
change my ser.cfg to avoid such condiction? Please....
On Tue, 22 Mar 2005 19:26:35 +0100, Marian Dumitru
<marian.dumitru(a)voice-sistem.ro> wrote:
--
Voice System
http://www.voice-system.ro
Hello Charles,
Just to give you the big picture about NAT traversal mechanisms:
STUN is used to perform the NAT traversal on the client side - the UAC
is NAT aware (via STUN) and sends SIP messages using the public IP. From
server side, the UAC will look like a public one, so there no logic
required on server for this case.
nathelper and mediaproxy are rather equivalent and implement NAT
traversal on server side - UAC has nothing to know about NAT and send
messages with private IP. The server takes care about detecting a
correcting messages coming from behind a NAT.
Best regards
Marian
Charles Wang wrote:
Hi, ALL:
I can't not make sure my view point between STUN and mediaproxy.
Please explain for me.
In my view, if NATed UACs want to make a call,
the solutions shall be nathelper, mediaproxy or building a STUN server.
If NATed UACs set their own STUN server's IP correctly,
and they want to talk with each other will be in a "direct"
(RTP will not pass through SER) mode, is it correct? And the STUN server
will tell our UACs what's their NAT gateway's IP(behind what kind
of network environment , and UACs will send these informations to SER?
In another word, it is not necessary to use media proxy to pass their
RTP channel?
If it is correctly, so we will not to set any mediaproxy daemon for
them, is it correct?
If it is not, can anyone tell me why it is not?
If ignore the STUN issue, I use the mediaproxy's ser.cfg as my template ser.cfg.
But I find all UACs's RTP packages will pass through my SER wether
behind NAT or not( read IPs ). How can I modify my ser.cfg and make a
call directly without pass through SER if two UACs are all real IPs?
--
Voice System
http://www.voice-system.ro
23 Mar
23 Mar
6:23 a.m.
New subject: [Serusers] HELP me: Confuse between mediaproxy and STUN
That's actually not true -- STUN clients fail to traverse symmetric NAT
(see RFC3489) without a media proxy.
-jiri
At 08:08 PM 3/22/2005, Marian Dumitru wrote:
Hi Charles,
It's correct, if _all_ clients use STUN (and a correct implementation) you don't
need mediaproxy or nathelper.
Best regards,
Marian
Charles Wang wrote:
--
Jiri Kuthan http://iptel.org/~jiri/
Marian,
Thank you very much for your explain. So, if a client side with STUN support and setting
it correctly, is it
not necessary
to use media proxy(outboumd proxy setting)? If yes, my clients with
STUN should
can talk to each other without setting outbound proxy.
But in fact, I test this with two X-Pro running on two NATed PCs. I
find out they are always send its RTP to my SER not send to each other
directly. So it will add my SER's loading. Can you tell me how to
change my ser.cfg to avoid such condiction? Please....
On Tue, 22 Mar 2005 19:26:35 +0100, Marian Dumitru
<marian.dumitru(a)voice-sistem.ro> wrote:
--
Voice System
http://www.voice-system.ro
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers Hello Charles,
Just to give you the big picture about NAT traversal mechanisms:
STUN is used to perform the NAT traversal on the client side - the UAC
is NAT aware (via STUN) and sends SIP messages using the public IP. From
server side, the UAC will look like a public one, so there no logic
required on server for this case.
nathelper and mediaproxy are rather equivalent and implement NAT
traversal on server side - UAC has nothing to know about NAT and send
messages with private IP. The server takes care about detecting a
correcting messages coming from behind a NAT.
Best regards
Marian
Charles Wang wrote:
Hi, ALL:
I can't not make sure my view point between STUN and mediaproxy.
Please explain for me.
In my view, if NATed UACs want to make a call,
the solutions shall be nathelper, mediaproxy or building a STUN server.
If NATed UACs set their own STUN server's IP correctly,
and they want to talk with each other will be in a "direct"
(RTP will not pass through SER) mode, is it correct? And the STUN server
will tell our UACs what's their NAT gateway's IP(behind what kind
of network environment , and UACs will send these informations to SER?
In another word, it is not necessary to use media proxy to pass their
RTP channel?
If it is correctly, so we will not to set any mediaproxy daemon for
them, is it correct?
If it is not, can anyone tell me why it is not?
If ignore the STUN issue, I use the mediaproxy's ser.cfg as my template ser.cfg.
But I find all UACs's RTP packages will pass through my SER wether
behind NAT or not( read IPs ). How can I modify my ser.cfg and make a
call directly without pass through SER if two UACs are all real IPs?
--
Voice System
http://www.voice-system.ro
10:01 a.m.
New subject: [Serusers] HELP me: Confuse between mediaproxy and STUN
Hi Jiri,
Indeed, in real world scenarios, to be able to cop with all types of
NATs in the most efficient way, you need to use a combination of server
and client NAT traversal.
Best regards,
Marian
Jiri Kuthan wrote:
That's actually not true -- STUN clients fail to
traverse symmetric NAT
(see RFC3489) without a media proxy.
-jiri
At 08:08 PM 3/22/2005, Marian Dumitru wrote:
>Hi Charles,
>
>It's correct, if _all_ clients use STUN (and a correct implementation) you
don't need mediaproxy or nathelper.
>
>Best regards,
>Marian
>
>Charles Wang wrote:
>
>>Marian,
>>Thank you very much for your explain. So, if a client side with STUN support and
setting it correctly, is it
>>not necessary
>>to use media proxy(outboumd proxy setting)? If yes, my clients with
>>STUN should
>>can talk to each other without setting outbound proxy.
>>But in fact, I test this with two X-Pro running on two NATed PCs. I
>>find out they are always send its RTP to my SER not send to each other
>>directly. So it will add my SER's loading. Can you tell me how to
>>change my ser.cfg to avoid such condiction? Please....
>>
>>
>>On Tue, 22 Mar 2005 19:26:35 +0100, Marian Dumitru
>><marian.dumitru(a)voice-sistem.ro> wrote:
>>
>>
>>>Hello Charles,
>>>
>>>Just to give you the big picture about NAT traversal mechanisms:
>>>
>>>STUN is used to perform the NAT traversal on the client side - the UAC
>>>is NAT aware (via STUN) and sends SIP messages using the public IP. From
>>>server side, the UAC will look like a public one, so there no logic
>>>required on server for this case.
>>>
>>>nathelper and mediaproxy are rather equivalent and implement NAT
>>>traversal on server side - UAC has nothing to know about NAT and send
>>>messages with private IP. The server takes care about detecting a
>>>correcting messages coming from behind a NAT.
>>>
>>>Best regards
>>>Marian
>>>
>>>Charles Wang wrote:
>>>
>>>
>>>>Hi, ALL:
>>>>
>>>>I can't not make sure my view point between STUN and mediaproxy.
>>>>Please explain for me.
>>>>In my view, if NATed UACs want to make a call,
>>>>the solutions shall be nathelper, mediaproxy or building a STUN server.
>>>>
>>>>If NATed UACs set their own STUN server's IP correctly,
>>>>and they want to talk with each other will be in a "direct"
>>>>(RTP will not pass through SER) mode, is it correct? And the STUN server
>>>>will tell our UACs what's their NAT gateway's IP(behind what kind
>>>>of network environment , and UACs will send these informations to SER?
>>>>In another word, it is not necessary to use media proxy to pass their
>>>>RTP channel?
>>>>
>>>>If it is correctly, so we will not to set any mediaproxy daemon for
>>>>them, is it correct?
>>>>If it is not, can anyone tell me why it is not?
>>>>
>>>>If ignore the STUN issue, I use the mediaproxy's ser.cfg as my
template ser.cfg.
>>>>But I find all UACs's RTP packages will pass through my SER wether
>>>>behind NAT or not( read IPs ). How can I modify my ser.cfg and make a
>>>>call directly without pass through SER if two UACs are all real IPs?
>>>
>>>--
>>>Voice System
>>>http://www.voice-system.ro
>>
>--
>Voice System
>http://www.voice-system.ro
>
>_______________________________________________
--
Voice System
http://www.voice-system.ro
11:58 a.m.
New subject: [Serusers] HELP me: Confuse between mediaproxy and STUN
Yes, I use STUN client on my UACs and build a mediaproxy on my SER in
order to solve these conditions.
On Wed, 23 Mar 2005 14:01:48 +0100, Marian Dumitru
<marian.dumitru(a)voice-sistem.ro> wrote:
Hi Jiri,
Indeed, in real world scenarios, to be able to cop with all types of
NATs in the most efficient way, you need to use a combination of server
and client NAT traversal.
Best regards,
Marian
Jiri Kuthan wrote:
--
Best Regards
Charles
That's actually not true -- STUN clients fail
to traverse symmetric NAT
(see RFC3489) without a media proxy.
-jiri
At 08:08 PM 3/22/2005, Marian Dumitru wrote:
>Hi Charles,
>
>It's correct, if _all_ clients use STUN (and a correct implementation) you
don't need mediaproxy or nathelper.
>
>Best regards,
>Marian
>
>Charles Wang wrote:
>
>>Marian,
>>Thank you very much for your explain. So, if a client side with STUN support and
setting it correctly, is it
>>not necessary
>>to use media proxy(outboumd proxy setting)? If yes, my clients with
>>STUN should
>>can talk to each other without setting outbound proxy.
>>But in fact, I test this with two X-Pro running on two NATed PCs. I
>>find out they are always send its RTP to my SER not send to each other
>>directly. So it will add my SER's loading. Can you tell me how to
>>change my ser.cfg to avoid such condiction? Please....
>>
>>
>>On Tue, 22 Mar 2005 19:26:35 +0100, Marian Dumitru
>><marian.dumitru(a)voice-sistem.ro> wrote:
>>
>>
>>>Hello Charles,
>>>
>>>Just to give you the big picture about NAT traversal mechanisms:
>>>
>>>STUN is used to perform the NAT traversal on the client side - the UAC
>>>is NAT aware (via STUN) and sends SIP messages using the public IP. From
>>>server side, the UAC will look like a public one, so there no logic
>>>required on server for this case.
>>>
>>>nathelper and mediaproxy are rather equivalent and implement NAT
>>>traversal on server side - UAC has nothing to know about NAT and send
>>>messages with private IP. The server takes care about detecting a
>>>correcting messages coming from behind a NAT.
>>>
>>>Best regards
>>>Marian
>>>
>>>Charles Wang wrote:
>>>
>>>
>>>>Hi, ALL:
>>>>
>>>>I can't not make sure my view point between STUN and mediaproxy.
>>>>Please explain for me.
>>>>In my view, if NATed UACs want to make a call,
>>>>the solutions shall be nathelper, mediaproxy or building a STUN server.
>>>>
>>>>If NATed UACs set their own STUN server's IP correctly,
>>>>and they want to talk with each other will be in a "direct"
>>>>(RTP will not pass through SER) mode, is it correct? And the STUN server
>>>>will tell our UACs what's their NAT gateway's IP(behind what kind
>>>>of network environment , and UACs will send these informations to SER?
>>>>In another word, it is not necessary to use media proxy to pass their
>>>>RTP channel?
>>>>
>>>>If it is correctly, so we will not to set any mediaproxy daemon for
>>>>them, is it correct?
>>>>If it is not, can anyone tell me why it is not?
>>>>
>>>>If ignore the STUN issue, I use the mediaproxy's ser.cfg as my
template ser.cfg.
>>>>But I find all UACs's RTP packages will pass through my SER wether
>>>>behind NAT or not( read IPs ). How can I modify my ser.cfg and make a
>>>>call directly without pass through SER if two UACs are all real IPs?
>>>
>>>--
>>>Voice System
>>>http://www.voice-system.ro
>>
>--
>Voice System
>http://www.voice-system.ro
>
>_______________________________________________
--
Voice System
http://www.voice-system.ro
7118
days inactive
7119
days old
7 comments
3 participants
participants (3)
-
Charles Wang -
Jiri Kuthan -
Marian Dumitru