Hi,
I want to use Kamailio as SIP loadbalancer and NAT helper in front of freeswitch boxes. Main tasks here are: 1. load balancing SIP requests to freeswitch boxes 2. fixing contact information during registrations and invites for nat'ed clients (kamailio is not registrar) 3. fixing sdp (or proxying rtp via rtpproxy) for nat'ed clients 4. security (check SIP messages, pike, etc) 5. outbound proxy for freeswitch boxes
The main question here is about nat pinning. Acctording to module doc ( http://kamailio.org/docs/modules/4.4.x/modules/nathelper.html) I need nathelper module and usrloc module.
So I can proxy REGISTER requests to freeswitch boxes and in onreply_route check for REGISTER statuses: 1. if no success we use pike to limit bruteforce attacks 2. if success I need to save contact to usrloc db table
But there is one issue. Multiple registration are allowed on freeswitch boxes and in replies (freeswitch -> kamailio) I see more than one Contact header.
Is it an issue or kamailio will handle it without problems? Or I need to save Contact header from request to hash table and retreive it in onreply_route? But I do not know how to save it in usrloc db table then. I thin this is more sophisticated approach.
I appreciate your advice.
Thank you in advance.
On Tue, Jan 03, 2017 at 12:58:20PM +0200, Vladyslav Zakhozhai wrote:
The main question here is about nat pinning. Acctording to module doc ( http://kamailio.org/docs/modules/4.4.x/modules/nathelper.html) I need nathelper module and usrloc module.
So I can proxy REGISTER requests to freeswitch boxes and in onreply_route check for REGISTER statuses:
- if no success we use pike to limit bruteforce attacks
- if success I need to save contact to usrloc db table
I don't know the answer to your question, but why do you need to save the contact in usrloc? If it is not to store a fixed freeswitch backend for a client (for INVITEs to that client), don't do it.
Just block (successive) failures to authenticate.
Daniel, thank you for your answer.
You did not understand me completely. This is my fault.
Let me put it this way. I want kamailio to handle NAT (fixing nat only from client's side) not being registrar itself. This also includes nat pinning. usrloc module is a dependency for nat pinning in nathelper module.
Request: UAC behind NAT ===> kamailio == fixed contact ==> freeswitch Respnse: freeswitch == 200 OK ==> kamailio (store contact in usrloc, start pinning) == 200 OK ==> UAC behind NAT
Kamailio starts pinning UACs behind NAT only after successful authentication and registration on freeswitch box.
No nat fixes between kamailio and freeswitch (only from UAC).
2017-01-03 14:33 GMT+02:00 Daniel Tryba d.tryba@pocos.nl:
On Tue, Jan 03, 2017 at 12:58:20PM +0200, Vladyslav Zakhozhai wrote:
The main question here is about nat pinning. Acctording to module doc ( http://kamailio.org/docs/modules/4.4.x/modules/nathelper.html) I need nathelper module and usrloc module.
So I can proxy REGISTER requests to freeswitch boxes and in onreply_route check for REGISTER statuses:
- if no success we use pike to limit bruteforce attacks
- if success I need to save contact to usrloc db table
I don't know the answer to your question, but why do you need to save the contact in usrloc? If it is not to store a fixed freeswitch backend for a client (for INVITEs to that client), don't do it.
Just block (successive) failures to authenticate.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
On Tue, Jan 03, 2017 at 04:07:20PM +0200, Vladyslav Zakhozhai wrote:
Daniel, thank you for your answer.
You did not understand me completely. This is my fault.
Let me put it this way. I want kamailio to handle NAT (fixing nat only from client's side) not being registrar itself. This also includes nat pinning. usrloc module is a dependency for nat pinning in nathelper module.
Request: UAC behind NAT ===> kamailio == fixed contact ==> freeswitch Respnse: freeswitch == 200 OK ==> kamailio (store contact in usrloc, start pinning) == 200 OK ==> UAC behind NAT
Kamailio starts pinning UACs behind NAT only after successful authentication and registration on freeswitch box.
No nat fixes between kamailio and freeswitch (only from UAC).
You keep telling kamailio isn't the registrar, but you are implementing a registrar :) (but instead of authenticating locally you leave that to an other backend)
To my understanding (without testing), saving the REGISTERs to the kamailio locationdb isn't necessary. You need usrloc to mangle Contact headers, nothing more. So what is the purpose for storing the REGISTERs in kamailio? Unless you mean NAT pinging instead of NAT pinning (which I interpreted to somehow fixing a all traffic to the source of the REGISTERs (which is what normally is done)).
Looks like you are trying to implement something like Path https://tools.ietf.org/html/rfc3327
I'd take a look at Path support in Freeswitch and Kamailio. Use add_contact_alias to add the source ip/port to the Contact, then add a Path header to REGISTERs befoire sending it to Freeswitch. And let Freeswitch do the keepalive pinging based on it's own location database (you need to add some routing logic to forward (presumably) OPTIONS from Freeswitch to the alias portion of the RURI and back again). This way you are essentially creating a very lightweight stateless kamailio proxy.
Daniel, thank you.
You are right. NAT pinging from freeswitch side is more preferred in my use case. And it works pretty well. Thank you once more.
2017-01-03 16:59 GMT+02:00 Daniel Tryba d.tryba@pocos.nl:
On Tue, Jan 03, 2017 at 04:07:20PM +0200, Vladyslav Zakhozhai wrote:
Daniel, thank you for your answer.
You did not understand me completely. This is my fault.
Let me put it this way. I want kamailio to handle NAT (fixing nat only
from
client's side) not being registrar itself. This also includes nat
pinning.
usrloc module is a dependency for nat pinning in nathelper module.
Request: UAC behind NAT ===> kamailio == fixed contact ==> freeswitch Respnse: freeswitch == 200 OK ==> kamailio (store contact in usrloc,
start
pinning) == 200 OK ==> UAC behind NAT
Kamailio starts pinning UACs behind NAT only after successful authentication and registration on freeswitch box.
No nat fixes between kamailio and freeswitch (only from UAC).
You keep telling kamailio isn't the registrar, but you are implementing a registrar :) (but instead of authenticating locally you leave that to an other backend)
To my understanding (without testing), saving the REGISTERs to the kamailio locationdb isn't necessary. You need usrloc to mangle Contact headers, nothing more. So what is the purpose for storing the REGISTERs in kamailio? Unless you mean NAT pinging instead of NAT pinning (which I interpreted to somehow fixing a all traffic to the source of the REGISTERs (which is what normally is done)).
Looks like you are trying to implement something like Path https://tools.ietf.org/html/rfc3327
I'd take a look at Path support in Freeswitch and Kamailio. Use add_contact_alias to add the source ip/port to the Contact, then add a Path header to REGISTERs befoire sending it to Freeswitch. And let Freeswitch do the keepalive pinging based on it's own location database (you need to add some routing logic to forward (presumably) OPTIONS from Freeswitch to the alias portion of the RURI and back again). This way you are essentially creating a very lightweight stateless kamailio proxy.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Daniel Tryba -
Vladyslav Zakhozhai