Hi!
In our organization there are many subnets with public-ip-adresses that are behind stateful-firewalls that prevent incoming connections from outside. If the clients are in two different protected subnets, they won't be able to communicate without an rtpproxy.
Unfortunately since there is no NAT involved, the nat_uac_test() won't be useful. Is there any other way for the server to detect that an rtpproxy has to be used? Is there a way for the clients to detect it and report it to the server?
Thanks in advance, --leo
Alexander Bergolth wrote:
Hi!
In our organization there are many subnets with public-ip-adresses that are behind stateful-firewalls that prevent incoming connections from outside. If the clients are in two different protected subnets, they won't be able to communicate without an rtpproxy.
Unfortunately since there is no NAT involved, the nat_uac_test() won't be useful. Is there any other way for the server to detect that an rtpproxy has to be used?
No.
Is there a way for the clients to detect it and report it to the server?
A client is possible to detect a symmetric firewall by use of STUN. But AFAIK there is standard based way to inform the SIP proxy about the STUN result. There are some clients which report the result of the STUN process to the SIP proxy in a proprietary header (I think I have seen this with SNOM). These header could be evaluated by the proxy.
The easy way would be to force the RTP proxy for all calls.
You could also check if a call is from and to a suspect IP address range and acticvate the RTP proxy for these calls.
regards klaus
-
Alexander Bergolth -
Klaus Darilion