while i can certainly appreciate the view that it might seem dopey to
route RTP traffic to the external proxy with UAs that are behind the
same nat, i have a set of use cases that require that i do so.
on a separate note, i'm also trying to determine that i have the rtp
proxy configured correctly, using a setup where both clients are behind
the same lan. but perhaps i'm best served testing the proxy with
clients behind different lans and dealing with use cases differently?
thanks -
- eric
Nils Ohlmeier wrote:
If the UAs are sitting behind the same NAT then the
nathelper module may help
you (but that is not the intention of the module). But you should give up the
idea to use the external RTP proxy IMHO. It simply does not make much sence
to route the traffic of the two UAs through the internet when the can talk to
each other directly in the same LAN (i mean only the RTP part not the
signaling part).
Regards
Nils
On Monday 02 February 2004 02:44, Eric C. Snowdeal III wrote:
>i've been getting my sea legs with SER and am having trouble getting
>rtpproxy to nathelper to work correctly with my setup. since everything
>works fine if i test the scenario with a freeworld dialup account, i'm
>assuming that my problems are solely due to the vastness of my ignorance
>on how to configure SER correctly.
>
>i have three x-lite clients [ one is running on windows 2000 not sure of
>the build number, but it's the latest download from the website; the
>other two clients are both build 1101 on mac 10.2.3. SER running on a
>rh9 box on a public IP with rtpproxy. i installed ser-0.8.12-0.i386.rpm
>which i downloaded from the ftp server. the x-lite clients are sitting
>behind a linksys befw11s4 nat router.
>
>i can run SER without nathelper/rtpproxy and make and receive calls to
>clients outside the my network. however, things fall apart quickly when
>i try to run more than one client behind the nat [ lost audio, timeouts
>etc] which i presume is what nathelper is supposed to deal with. if try
>to run to use nathelper, i can't make a call from a one client to
>another client behind the lan. the calls won't go through - they simply
>timeout.
>
>i downloaded and compiled rtpproxy which i obtained from the portaone
>website and simply started it from the command line. i can't figure out
>how to get any debugging messages from rtpproxy, but i can see that the
>process exists and /var/run/rtpproxy.sock is created.
>
>i altered ser.cfg using the template i found in the ser-0.8.12_src
>tarball [ /modules/nathelper/nathelper.cfg ]. see my config below [1].
> i understand that things have changed quite a bit in the CVS head, but
>i tried to compile and install the latest CVS version, but i ran into a
>host of config errors using the nathelper.cfg supplied, so i decided to
>backtrack, gather my wits, and stick with the released version.
>
>the x-lite clients appear to register appropriately with the server [2 -
>public ip addresses have been changed to protect the innocent]. to my
>untrained eye, these messages look the same as what i see when i test
>things using freeworld dialup accounts and i can make a call to another
>client on the same lan segment - i.e. the internal IP addresses are
>being sent. the location database also shows that the internal IP
>addresses are being used [3], but i don't know if this is what i want or
>not. oh. i'm also using my.public.box - a FQDN - as in the x-lite
>fields where it asks for "Domain/Realm", "SIP Proxy" and "Out
Bound Proxy".
>
>so anyone care to grab me by the lapels and point out what i'm obviously
>doing wrong :-)
>
>
>[1]
>#
># $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
>#
># simple quick-start config script
>#
>
># ----------- global configuration parameters ------------------------
>
>#debug=3 # debug level (cmd line: -dddddddddd)
>#fork=yes
>#log_stderror=no # (cmd line: -E)
>
>/* Uncomment these lines to enter debugging mode
>debug=7
>fork=no
>log_stderror=yes
>*/
>
>check_via=no # (cmd. line: -v)
>dns=no # (cmd. line: -r)
>rev_dns=no # (cmd. line: -R)
>#port=5060
>#children=4
>fifo="/tmp/ser_fifo"
>
># ------------------ module loading ----------------------------------
>
># Uncomment this if you want to use SQL database
>#loadmodule "/usr/lib/ser/modules/mysql.so"
>
>loadmodule "/usr/lib/ser/modules/nathelper.so"
>
>loadmodule "/usr/lib/ser/modules/sl.so"
>loadmodule "/usr/lib/ser/modules/tm.so"
>loadmodule "/usr/lib/ser/modules/rr.so"
>loadmodule "/usr/lib/ser/modules/maxfwd.so"
>loadmodule "/usr/lib/ser/modules/usrloc.so"
>loadmodule "/usr/lib/ser/modules/registrar.so"
>
># Uncomment this if you want digest authentication
># mysql.so must be loaded !
>#loadmodule "/usr/lib/ser/modules/auth.so"
>#loadmodule "/usr/lib/ser/modules/auth_db.so"
>
># ----------------- setting module-specific parameters ---------------
>
># -- usrloc params --
>
>modparam("usrloc", "db_mode", 0)
>
># Uncomment this if you want to use SQL database
># for persistent storage and comment the previous line
>#modparam("usrloc", "db_mode", 2)
>
># -- auth params --
># Uncomment if you are using auth module
>#
>#modparam("auth_db", "calculate_ha1", yes)
>#
># If you set "calculate_ha1" parameter to yes (which true in this config),
># uncomment also the following parameter)
>#
>#modparam("auth_db", "password_column", "password")
>
># -- rr params --
># add value to ;lr param to make some broken UAs happy
>modparam("rr", "enable_full_lr", 1)
>
>alias="my.public.box"
>
># ------------------------- request routing logic -------------------
>
># main routing logic
>
>route{
>
> # initial sanity checks -- messages with
> # max_forwards==0, or excessively long requests
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> break;
> };
> if ( msg:len > max_len ) {
> sl_send_reply("513", "Message too big");
> break;
> };
>
>
> # compulsory processing of Route header fields and adding RR
> loose_route();
>
> /* registration (uses rewritten contacts) */
> if (method=="REGISTER") {
> save("location");
> break;
> };
>
> if (method=="INVITE") {
> record_route();
> if (isflagset(1)) { # ATA ?
> fix_nated_sdp("3");
> };
> /* set up reply processing */
> t_on_reply("1");
> };
>
> if (method == "INVITE" || method == "CANCEL") {
> if (!lookup("location")) {
> sl_send_reply("404", "Not Found");
> break;
> };
> };
>
> /* set up reply processing and forward statefuly */
> t_relay();
>}
>
># all incoming replies for t_onrepli-ed transactions enter here
>onreply_route[1] {
> if (status=~"2[0-9][0-9]")
> fix_nated_contact();
> fix_nated_sdp("3");
>}
>
>[2]
>
>Established SIP protocol listen on: 192.168.1.100:5060
>
>Discovered Restricted Cone NAT Firewall
>
>SIP: 192.168.1.100:5060
>RTP: 192.168.1.100:8000
>NAT: my.router.public.ip
>
>PROXY#0: ser.public.ip:5060
>
>OUTBOUND-PROXY#0: ser.public.ip:5060
>
>
>SEND >> ser.public.ip:5060
>REGISTER sip:my.public.box SIP/2.0
>Via: SIP/2.0/UDP
>192.168.1.100:5060;rport;branch=z9hG4bK9DF27D98551C11D882E3000393B930BA
>From: snowdeal <sip:123@my.public.box>
>To: snowdeal <sip:123@my.public.box>
>Contact: "snowdeal" <sip:123@192.168.1.100:5060>
>Call-ID: 9DA51D06551C11D882E3000393B930BA(a)my.public.box
>CSeq: 56648 REGISTER
>Expires: 1800
>Max-Forwards: 70
>User-Agent: X-Lite build 1101
>Content-Length: 0
>
>
>RECEIVE << ser.public.ip:5060
>SIP/2.0 200 OK
>Via: SIP/2.0/UDP
>192.168.1.100:5060;rport=5060;branch=z9hG4bK9DF27D98551C11D882E3000393B930B
>A;received=my.router.public.ip From: snowdeal <sip:123@my.public.box>
>To: snowdeal
><sip:123@my.public.box>;tag=b27e1a1d33761e85846fc98f5f3a7e58.3894
>Call-ID: 9DA51D06551C11D882E3000393B930BA(a)my.public.box
>CSeq: 56648 REGISTER
>Contact: <sip:123@192.168.1.100:5060>;q=0.00;expires=1800
>Server: Sip EXpress router (0.8.12 (i386/linux))
>Content-Length: 0
>Warning: 392 ser.public.ip:5060 "Noisy feedback tells: pid=21653
>req_src_ip=my.router.public.ip req_src_port=5060
>in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1"
>
>
>----------
>
>
>Established SIP protocol listen on: 192.168.1.101:5060
>
>Discovered Restricted Cone NAT Firewall
>
>SIP: 192.168.1.101:5060
>RTP: 192.168.1.101:8000
>NAT: my.router.public.ip
>
>PROXY#0: 69.55.224.151:5060
>
>OUTBOUND-PROXY#0: 69.55.224.151:5060
>
>
>SEND >> ser.public.ip:5060
>REGISTER sip:my.public.box SIP/2.0
>Via: SIP/2.0/UDP
>192.168.1.101:5060;rport;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC13A
>From: kristine <sip:456@my.public.box>
>To: kristine <sip:456@my.public.box>
>Contact: "kristine" <sip:456@192.168.1.101:5060>
>Call-ID: AC7B8E18551C11D8B317000A957BC13A(a)my.public.box
>CSeq: 55034 REGISTER
>Expires: 1800
>Max-Forwards: 70
>User-Agent: X-Lite build 1101
>Content-Length: 0
>
>
>RECEIVE << ser.public.ip:5060
>SIP/2.0 200 OK
>Via: SIP/2.0/UDP
>192.168.1.101:5060;rport=15060;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC1
>3A;received=my.router.public.ip From: kristine <sip:456@my.public.box>
>To: kristine
><sip:456@my.public.box>;tag=b27e1a1d33761e85846fc98f5f3a7e58.b0ef
>Call-ID: AC7B8E18551C11D8B317000A957BC13A(a)my.public.box
>CSeq: 55034 REGISTER
>Contact: <sip:456@192.168.1.101:5060>;q=0.00;expires=1800
>Server: Sip EXpress router (0.8.12 (i386/linux))
>Content-Length: 0
>Warning: 392 ser.public.ip:5060 "Noisy feedback tells: pid=21658
>req_src_ip=my.router.public.ip req_src_port=15060
>in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1
>
>[3]
>
>===Domain list===
>---Domain---
>name : 'location'
>size : 512
>table: 0x402d60d8
>d_ll {
> n : 2
> first: 0x402d80e0
> last : 0x402d81c8
>}
>
>...Record(0x402d80e0)...
>domain: 'location'
>aor : '123'
>~~~Contact(0x402d8120)~~~
>domain : 'location'
>aor : '123'
>Contact: 'sip:123@192.168.1.100:5060'
>Expires: 583
>q : 0.00
>Call-ID: '9DA51D06551C11D882E3000393B930BA(a)my.public.box'
>CSeq : 56648
>replic : 0
>State : CS_NEW
>Flags : 0
>next : (nil)
>prev : (nil)
>~~~/Contact~~~~
>.../Record...
>...Record(0x402d81c8)...
>domain: 'location'
>aor : '456'
>~~~Contact(0x402d8208)~~~
>domain : 'location'
>aor : '456'
>Contact: 'sip:456@192.168.1.101:5060'
>Expires: 614
>q : 0.00
>Call-ID: 'AC7B8E18551C11D8B317000A957BC13A(a)my.public.box'
>CSeq : 55034
>replic : 0
>State : CS_NEW
>Flags : 0
>next : (nil)
>prev : (nil)
>~~~/Contact~~~~
>.../Record...
>
>---/Domain---
>===/Domain list===
>
>_______________________________________________
>Serusers mailing list
>serusers(a)lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers