Hi Joao, No I was not able to solve the issue.
It seems (this is my guess tough) that the Portaone RTP proxy assumes that it has one public IP adress, so the valid configuration to use it is Public Nt-Private Nt. I was not able to make it work in other configurations (neiher I got feedback from Portaone to do so).
Nevertheless the code is available, so it could be modified...as long as you have the time and will to do so. I did not ;).
Best regards,
josé
-----Original Message----- From: Joao Pereira [mailto:joao.pereira@fccn.pt] Sent: 19. oktober 2005 20:17 To: Jose Soler; serusers@lists.iptel.org Subject: Re: [Serusers] RTP proxy between two subnetworks with private @s
Hello, did you made it to put the clients of networks A and B to call each other? I want to do the same, and tried a lot of SER/RTPproxy configurations, including the one in: /ser-0.9.0/modules/nathelper/examples/alg.cfg and also tried to run rtpproxy with the "-l 10.0.0.135/193.136.2.2" option. But I just was able to ring the phones (wen calling between networks), but the RTP doesnt pass... If you found the solution, please tell me. Thanks Joao Pereia www.fccn.pt
Jose Soler wrote:
Ok, from what I read, its not possible to make calls between two non routable networks using the SER / RTPproxy solution (if you know the way, please tell me). And using MediaProxy? Or other SIP proxy? Is there any way we can have SER proxying calls between two non routable networks? Thanks Joao Pereira www.fccn.pt
Jose Soler wrote:
Joao Pereira wrote:
Where have you read that it is not possible? Have you read my email from yesterday and the corresponding link?
I guess not. Because the author describes this feature and also provided a sample configuration script how to do it.
Thus, you should read http://lists.iptel.org/pipermail/serusers/2004-March/006514.html carefully, and also take a look at the attached config: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/nathelper/e...
klaus
Ok, After a while, I was able to put it to work in the bridging mode. Here is the ser.cfg for those with the same setup: SER + NAThelper + RTPproxy and with a PC with two IPs, in two non routable networks Joao Pereira
Klaus Darilion wrote:
# www.fccn.pt # 19-10-2005 # Jose Soler / Maxim Sobolev / Joao Pereira # # SER / NAThelper / RTPproxy in bridging mode # # SER with two IPs, in two non routable networks # 192.168.0.0 / 24 and 192.168.1.1 / 24 # # this machine has two IP addresses: # 192.168.0.1 and 192.168.1.1. # # SER com dois IPs em duas redes nao routeaveis # a maquina tem dois IPs: 192.168.0.1 e 192.168.1.1 # # it works runnig RTPproxy: # rtpproxy -l 192.168.0.1/192.168.1.1 # # Postgres version # # ----------- global configuration parameters ------------------------
fork=yes
log_stderror=yes
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
fifo="/tmp/ser_fifo" fifo_mode=0662
debug=3
children=3
mhomed=1
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/textops.so" loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters --------------- # -- usrloc params --
modparam("usrloc", "db_mode", 0)
# -- auth params --
# Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes)
# If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# For NAT # We will use flag 6 to mark NATed contacts modparam("registrar", "nat_flag", 6)
# Enable NAT pinging modparam("nathelper", "natping_interval", 60)
# Ping only contacts that are known to be # behind NAT modparam("nathelper", "ping_nated_only", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; };
if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; };
# maxim sobolev if (method == "REGISTER") { if (dst_ip == 192.168.0.1) { save("location-internal"); } else if (dst_ip == 192.168.1.1) { save("location-external"); } else { sl_send_reply("403", "Call cannot be served here"); }; break; };
# special handling for NATed clients; first, nat test is # executed: it looks for via!=received and RFC1918 addresses # in Contact (may fail if line-folding used); also, # the received test should, if complete, should check all # vias for presence of received if (nat_uac_test("3")) {
# allow RR-ed requests, as these may indicate that # a NAT-enabled proxy takes care of it; unless it is # a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:")) {
log("LOG: Someone trying to register from private IP, rewriting\n");
# This will work only for user agents that support symmetric # communication. We tested quite many of them and majority is # smart smart enough to be symmetric. In some phones, like # it takes a configuration option. With Cisco 7960, it is # called NAT_Enable=Yes, with kphone it is called # "symmetric media" and "symmetric signaling". (The latter # not part of public released yet.)
fix_nated_contact(); # Rewrite contact with source IP of signalling if (method == "INVITE") { fix_nated_sdp("1"); # Add direction=active to SDP };
force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed
}
}#nat_uac_test(3)
# maxim sobolev if (method == "INVITE") { if (lookup("location-internal")) { if (dst_ip == 192.168.0.1){ if (force_rtp_proxy("FAII")) t_on_reply("1"); } if (dst_ip == 192.168.1.1){ if (force_rtp_proxy("FAEI")) t_on_reply("1"); } } else if (lookup("location-external")) { if (dst_ip == 192.168.0.1){ if (force_rtp_proxy("FAIE")) t_on_reply("1"); } if (dst_ip == 192.168.1.1){ if (force_rtp_proxy("FAEE")) t_on_reply("1"); } } else { sl_send_reply("403", "Call cannot be served here3"); break; }; }
# loose-route processing
if (loose_route()) { t_relay(); break; };
lookup("aliases");
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") { # Uncomment this if you want to use digest authentication # if (!www_authorize("fccn.pt", "utilizador")) { # www_challenge("fccn.pt", "0"); # break; # };
save("location"); break; };
# native SIP destinations are handled using our USRLOC DB # if (!lookup("location")) { # sl_send_reply("404", "Not Found"); # break; # };
};
# forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP
#maxim sobolev if (method == "BYE" || method == "CANCEL") unforce_rtp_proxy();
# Do strict routing if pre-loaded route headers present if (loose_route()) { t_relay(); break; };
if (method == "INVITE") record_route();
if (!t_relay()) { sl_reply_error(); };
} #route
#
# Forcing media relay if necessary
#
route[1] {
#if (uri=~"[@:](192.168.|10.|172.16)" && !search("^Route:")){ # sl_send_reply("479", "We don't forward to private IP addresses"); # break; #};
#if (isflagset(6)) {
force_rtp_proxy(); # I force everything through the proxy
t_on_reply("1");
append_hf("P-Behind-NAT: Yes\r\n");
#};
if (!t_relay()) { sl_reply_error(); break; };
}
onreply_route[1] { if (!(status=~"183" || status=~"200")) break; force_rtp_proxy("FA"); }
Credits to Joao Pereira for this. g-) --------------------
Ok, After a while, I was able to put it to work in the bridging mode. Here is the ser.cfg for those with the same setup: SER + NAThelper + RTPproxy and with a PC with two IPs, in two non routable networks Joao Pereira
Klaus Darilion wrote:
# www.fccn.pt # 19-10-2005 # Jose Soler / Maxim Sobolev / Joao Pereira # # SER / NAThelper / RTPproxy in bridging mode # # SER with two IPs, in two non routable networks # 192.168.0.0 / 24 and 192.168.1.1 / 24 # # this machine has two IP addresses: # 192.168.0.1 and 192.168.1.1. # # SER com dois IPs em duas redes nao routeaveis # a maquina tem dois IPs: 192.168.0.1 e 192.168.1.1 # # it works runnig RTPproxy: # rtpproxy -l 192.168.0.1/192.168.1.1 # # Postgres version # # ----------- global configuration parameters ------------------------
fork=yes
log_stderror=yes
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
fifo="/tmp/ser_fifo" fifo_mode=0662
debug=3
children=3
mhomed=1
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/textops.so" loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters --------------- # -- usrloc params --
modparam("usrloc", "db_mode", 0)
# -- auth params --
# Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes)
# If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# For NAT # We will use flag 6 to mark NATed contacts modparam("registrar", "nat_flag", 6)
# Enable NAT pinging modparam("nathelper", "natping_interval", 60)
# Ping only contacts that are known to be # behind NAT modparam("nathelper", "ping_nated_only", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; };
if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; };
# maxim sobolev if (method == "REGISTER") { if (dst_ip == 192.168.0.1) { save("location-internal"); } else if (dst_ip == 192.168.1.1) { save("location-external"); } else { sl_send_reply("403", "Call cannot be served here"); }; break; };
# special handling for NATed clients; first, nat test is # executed: it looks for via!=received and RFC1918 addresses # in Contact (may fail if line-folding used); also, # the received test should, if complete, should check all # vias for presence of received if (nat_uac_test("3")) {
# allow RR-ed requests, as these may indicate that # a NAT-enabled proxy takes care of it; unless it is # a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:")) {
log("LOG: Someone trying to register from private IP, rewriting\n");
# This will work only for user agents that support symmetric # communication. We tested quite many of them and majority is # smart smart enough to be symmetric. In some phones, like # it takes a configuration option. With Cisco 7960, it is # called NAT_Enable=Yes, with kphone it is called # "symmetric media" and "symmetric signaling". (The latter # not part of public released yet.)
fix_nated_contact(); # Rewrite contact with source IP of signalling if (method == "INVITE") { fix_nated_sdp("1"); # Add direction=active to SDP };
force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed
}
}#nat_uac_test(3)
# maxim sobolev if (method == "INVITE") { if (lookup("location-internal")) { if (dst_ip == 192.168.0.1){ if (force_rtp_proxy("FAII")) t_on_reply("1"); } if (dst_ip == 192.168.1.1){ if (force_rtp_proxy("FAEI")) t_on_reply("1"); } } else if (lookup("location-external")) { if (dst_ip == 192.168.0.1){ if (force_rtp_proxy("FAIE")) t_on_reply("1"); } if (dst_ip == 192.168.1.1){ if (force_rtp_proxy("FAEE")) t_on_reply("1"); } } else { sl_send_reply("403", "Call cannot be served here3"); break; }; }
# loose-route processing
if (loose_route()) { t_relay(); break; };
lookup("aliases");
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") { # Uncomment this if you want to use digest authentication # if (!www_authorize("fccn.pt", "utilizador")) { # www_challenge("fccn.pt", "0"); # break; # };
save("location"); break; };
# native SIP destinations are handled using our USRLOC DB # if (!lookup("location")) { # sl_send_reply("404", "Not Found"); # break; # };
};
# forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP
#maxim sobolev if (method == "BYE" || method == "CANCEL") unforce_rtp_proxy();
# Do strict routing if pre-loaded route headers present if (loose_route()) { t_relay(); break; };
if (method == "INVITE") record_route();
if (!t_relay()) { sl_reply_error(); };
} #route
#
# Forcing media relay if necessary
#
route[1] {
#if (uri=~"[@:](192.168.|10.|172.16)" && !search("^Route:")){ # sl_send_reply("479", "We don't forward to private IP addresses"); # break; #};
#if (isflagset(6)) {
force_rtp_proxy(); # I force everything through the proxy
t_on_reply("1");
append_hf("P-Behind-NAT: Yes\r\n");
#};
if (!t_relay()) { sl_reply_error(); break; };
}
onreply_route[1] { if (!(status=~"183" || status=~"200")) break; force_rtp_proxy("FA"); }
-
Greger V. Teigre -
Joao Pereira -
Jose Soler -
Klaus Darilion