Hi,
I am trying to figure out how to solve the follwoing problem. I have two subnetworks, A and B, with different private ip adressing schemes (IP@A mailto:IP@A ) and (IP@B mailto:IP@B ).
SER is installed in a computer with network interfaces towards both subnetworks. SER's SIP signalling proxying operation works properly within the subnetworks and when trying to set up a communication between users in A and B. But in that last case, obviously there is no media at all circulating among the subnetworks.
Portaone's RTP proxy has been installed and configured in the computer with interfaces towards both subnetworks where SER is installed.
I am trying to configure SER so that, based on the nathelper module, when communication between both subnetworks occurs, the RTP proxy is involved and the communication (also media and not only signalling) is possible. BUT I am making something wrong, becouse it does not work ...
Can anyone give me a hand /hint? Thanks a lot in advance / in any case.
My SER config file is the following:
#
# ----------- global configuration parameters ------------------------
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
fifo="/tmp/ser_fifo"
fifo_mode=0662
alias=wirelessip.x.x.x
alias=sip..x.x.x
alias=x.x.x
log_stderror=no
debug=3
children=3
mhomed=1
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/lib/ser/modules/mysql.so"
loadmodule "/lib/ser/modules/sl.so"
loadmodule "/lib/ser/modules/tm.so"
loadmodule "/lib/ser/modules/rr.so"
loadmodule "/lib/ser/modules/maxfwd.so"
loadmodule "/lib/ser/modules/usrloc.so"
loadmodule "/lib/ser/modules/textops.so"
loadmodule "/lib/ser/modules/registrar.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/lib/ser/modules/auth.so"
loadmodule "/lib/ser/modules/auth_db.so"
# For NAT support / media proxying
loadmodule "/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
modparam("auth_db", "calculate_ha1", yes)
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# For NAT
# We will use flag 6 to mark NATed contacts
modparam("registrar", "nat_flag", 6)
# Enable NAT pinging
modparam("nathelper", "natping_interval", 60)
# Ping only contacts that are known to be
# behind NAT
modparam("nathelper", "ping_nated_only", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# special handling for NATed clients; first, nat test is
# executed: it looks for via!=received and RFC1918 addresses
# in Contact (may fail if line-folding used); also,
# the received test should, if complete, should check all
# vias for presence of received
if (nat_uac_test("3")) {
# allow RR-ed requests, as these may indicate that
# a NAT-enabled proxy takes care of it; unless it is
# a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:")) {
log("LOG: Someone trying to register from private IP, rewriting\n");
# This will work only for user agents that support symmetric
# communication. We tested quite many of them and majority is
# smart smart enough to be symmetric. In some phones, like
# it takes a configuration option. With Cisco 7960, it is
# called NAT_Enable=Yes, with kphone it is called
# "symmetric media" and "symmetric signaling". (The latter
# not part of public released yet.)
fix_nated_contact(); # Rewrite contact with source IP of signalling
if (method == "INVITE") {
fix_nated_sdp("1"); # Add direction=active to SDP
};
force_rport(); # Add rport parameter to topmost Via
setflag(6); # Mark as NATed
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
lookup("aliases");
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!www_authorize("com.dtu.dk", "subscriber")) {
www_challenge("com.dtu.dk", "0");
break;
};
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
#
# Forcing media relay if necessary
#
route[1] {
#if (uri=~"[@:](192.168.|10.|172.16)" && !search("^Route:")){
# sl_send_reply("479", "We don't forward to private IP addresses");
# break;
#};
#if (isflagset(6)) {
force_rtp_proxy(); # I force everything through the proxy
t_on_reply("1");
append_hf("P-Behind-NAT: Yes\r\n");
#};
if (!t_relay()) {
sl_reply_error();
break;
};
}
onreply_route[1] {
if (status =~ "(183)|2[0-9][0-9]") {
fix_nated_contact();
force_rtp_proxy();
};
}
MessageJose, I would say that the easiest (if under you control) would be to make the two networks routable across. If that's not possible, you need to look at the more advanced options of force_rtp_proxy. I suggest you try to look at one network as the private and one as the public. Detection of the two must be done by a check on IPs as nat_uac_test will just match against private addresses. g-)
---- Original Message ---- From: Jose Soler To: serusers@lists.iptel.org Sent: Tuesday, September 20, 2005 02:20 PM Subject: [Serusers] RTP proxy between two subnetworks with private @s
Hi,
I am trying to figure out how to solve the follwoing problem. I have two subnetworks, A and B, with different private ip adressing schemes (IP@A) and (IP@B).
SER is installed in a computer with network interfaces towards both subnetworks. SER's SIP signalling proxying operation works properly within the subnetworks and when trying to set up a communication between users in A and B. But in that last case, obviously there is no media at all circulating among the subnetworks.
Portaone's RTP proxy has been installed and configured in the computer with interfaces towards both subnetworks where SER is installed.
I am trying to configure SER so that, based on the nathelper module, when communication between both subnetworks occurs, the RTP proxy is involved and the communication (also media and not only signalling) is possible. BUT I am making something wrong, becouse it does not work ...
Can anyone give me a hand /hint? Thanks a lot in advance / in any case.
My SER config file is the following:
# # ----------- global configuration parameters ------------------------ /* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */ check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) fifo="/tmp/ser_fifo" fifo_mode=0662 alias=wirelessip.x.x.x alias=sip..x.x.x alias=x.x.x log_stderror=no debug=3 children=3 mhomed=1 # ------------------ module loading ---------------------------------- # Uncomment this if you want to use SQL database loadmodule "/lib/ser/modules/mysql.so" loadmodule "/lib/ser/modules/sl.so" loadmodule "/lib/ser/modules/tm.so" loadmodule "/lib/ser/modules/rr.so" loadmodule "/lib/ser/modules/maxfwd.so" loadmodule "/lib/ser/modules/usrloc.so" loadmodule "/lib/ser/modules/textops.so" loadmodule "/lib/ser/modules/registrar.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/lib/ser/modules/auth.so" loadmodule "/lib/ser/modules/auth_db.so" # For NAT support / media proxying loadmodule "/lib/ser/modules/nathelper.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- #modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2) # -- auth params -- # Uncomment if you are using auth module modparam("auth_db", "calculate_ha1", yes) # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) modparam("auth_db", "password_column", "password") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # For NAT # We will use flag 6 to mark NATed contacts modparam("registrar", "nat_flag", 6) # Enable NAT pinging modparam("nathelper", "natping_interval", 60) # Ping only contacts that are known to be # behind NAT modparam("nathelper", "ping_nated_only", 1) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; }; # special handling for NATed clients; first, nat test is # executed: it looks for via!=received and RFC1918 addresses # in Contact (may fail if line-folding used); also, # the received test should, if complete, should check all # vias for presence of received if (nat_uac_test("3")) { # allow RR-ed requests, as these may indicate that # a NAT-enabled proxy takes care of it; unless it is # a REGISTER if (method == "REGISTER" || ! search("^Record-Route:")) { log("LOG: Someone trying to register from private IP, rewriting\n"); # This will work only for user agents that support symmetric # communication. We tested quite many of them and majority is # smart smart enough to be symmetric. In some phones, like # it takes a configuration option. With Cisco 7960, it is # called NAT_Enable=Yes, with kphone it is called # "symmetric media" and "symmetric signaling". (The latter # not part of public released yet.) fix_nated_contact(); # Rewrite contact with source IP of signalling if (method == "INVITE") { fix_nated_sdp("1"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed }; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route(); # loose-route processing if (loose_route()) { t_relay(); break; }; lookup("aliases"); # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") { # Uncomment this if you want to use digest authentication if (!www_authorize("com.dtu.dk", "subscriber")) { www_challenge("com.dtu.dk", "0"); break; }; save("location"); break; }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); }; } # # Forcing media relay if necessary # route[1] { #if (uri=~"[@:](192.168.|10.|172.16)" && !search("^Route:")){ # sl_send_reply("479", "We don't forward to private IP addresses"); # break; #}; #if (isflagset(6)) { force_rtp_proxy(); # I force everything through the proxy t_on_reply("1"); append_hf("P-Behind-NAT: Yes\r\n"); #}; if (!t_relay()) { sl_reply_error(); break; }; } onreply_route[1] { if (status =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); force_rtp_proxy(); }; }
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hello, did you made it to put the clients of networks A and B to call each other? I want to do the same, and tried a lot of SER/RTPproxy configurations, including the one in: /ser-0.9.0/modules/nathelper/examples/alg.cfg and also tried to run rtpproxy with the "-l 10.0.0.135/193.136.2.2" option. But I just was able to ring the phones (wen calling between networks), but the RTP doesnt pass... If you found the solution, please tell me. Thanks Joao Pereia www.fccn.pt
Jose Soler wrote:
Hi,
I am trying to figure out how to solve the follwoing problem. I have two subnetworks, A and B, with different private ip adressing schemes (IP@A mailto:IP@A) and (IP@B mailto:IP@B).
SER is installed in a computer with network interfaces towards both subnetworks. SER's SIP signalling proxying operation works properly within the subnetworks and when trying to set up a communication between users in A and B. But in that last case, obviously there is no media at all circulating among the subnetworks.
Portaone's RTP proxy has been installed and configured in the computer with interfaces towards both subnetworks where SER is installed.
I am trying to configure SER so that, based on the nathelper module, when communication between both subnetworks occurs, the RTP proxy is involved and the communication (also media and not only signalling) is possible. BUT I am making something wrong, becouse it does not work ...
Can anyone give me a hand /hint? Thanks a lot in advance / in any case.
My SER config file is the following:
#
# ----------- global configuration parameters ------------------------
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
fifo="/tmp/ser_fifo"
fifo_mode=0662
alias=wirelessip.x.x.x
alias=sip..x.x.x
alias=x.x.x
log_stderror=no
debug=3
children=3
mhomed=1
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/lib/ser/modules/mysql.so"
loadmodule "/lib/ser/modules/sl.so"
loadmodule "/lib/ser/modules/tm.so"
loadmodule "/lib/ser/modules/rr.so"
loadmodule "/lib/ser/modules/maxfwd.so"
loadmodule "/lib/ser/modules/usrloc.so"
loadmodule "/lib/ser/modules/textops.so"
loadmodule "/lib/ser/modules/registrar.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/lib/ser/modules/auth.so"
loadmodule "/lib/ser/modules/auth_db.so"
# For NAT support / media proxying
loadmodule "/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
modparam("auth_db", "calculate_ha1", yes)
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# For NAT
# We will use flag 6 to mark NATed contacts
modparam("registrar", "nat_flag", 6)
# Enable NAT pinging
modparam("nathelper", "natping_interval", 60)
# Ping only contacts that are known to be
# behind NAT
modparam("nathelper", "ping_nated_only", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# special handling for NATed clients; first, nat test is
# executed: it looks for via!=received and RFC1918 addresses
# in Contact (may fail if line-folding used); also,
# the received test should, if complete, should check all
# vias for presence of received
if (nat_uac_test("3")) {
# allow RR-ed requests, as these may indicate that
# a NAT-enabled proxy takes care of it; unless it is
# a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:")) {
log("LOG: Someone trying to register from private IP, rewriting\n");
# This will work only for user agents that support symmetric
# communication. We tested quite many of them and majority is
# smart smart enough to be symmetric. In some phones, like
# it takes a configuration option. With Cisco 7960, it is
# called NAT_Enable=Yes, with kphone it is called
# "symmetric media" and "symmetric signaling". (The latter
# not part of public released yet.)
fix_nated_contact(); # Rewrite contact with source IP of signalling
if (method == "INVITE") {
fix_nated_sdp("1"); # Add direction=active to SDP
};
force_rport(); # Add rport parameter to topmost Via
setflag(6); # Mark as NATed
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
lookup("aliases");
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!www_authorize("com.dtu.dk", "subscriber")) {
www_challenge("com.dtu.dk", "0");
break;
};
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
#
# Forcing media relay if necessary
#
route[1] {
#if (uri=~"[@:](192.168.|10.|172.16)" && !search("^Route:")){
# sl_send_reply("479", "We don't forward to private IP addresses");
# break;
#};
#if (isflagset(6)) {
force_rtp_proxy(); # I force everything through the proxy
t_on_reply("1");
append_hf("P-Behind-NAT: Yes\r\n");
#};
if (!t_relay()) {
sl_reply_error();
break;
};
}
onreply_route[1] {
if (status =~ "(183)|2[0-9][0-9]") {
fix_nated_contact();
force_rtp_proxy();
};
}
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
AFAIK you have to use the bridging mode (I never used it myself) http://lists.iptel.org/pipermail/serusers/2004-March/006514.html
regards klaus
Joao Pereira wrote:
Hello, did you made it to put the clients of networks A and B to call each other? I want to do the same, and tried a lot of SER/RTPproxy configurations, including the one in: /ser-0.9.0/modules/nathelper/examples/alg.cfg and also tried to run rtpproxy with the "-l 10.0.0.135/193.136.2.2" option. But I just was able to ring the phones (wen calling between networks), but the RTP doesnt pass... If you found the solution, please tell me. Thanks Joao Pereia www.fccn.pt
Jose Soler wrote:
Hi,
I am trying to figure out how to solve the follwoing problem. I have two subnetworks, A and B, with different private ip adressing schemes (IP@A mailto:IP@A) and (IP@B mailto:IP@B).
SER is installed in a computer with network interfaces towards both subnetworks. SER's SIP signalling proxying operation works properly within the subnetworks and when trying to set up a communication between users in A and B. But in that last case, obviously there is no media at all circulating among the subnetworks.
Portaone's RTP proxy has been installed and configured in the computer with interfaces towards both subnetworks where SER is installed. I am trying to configure SER so that, based on the nathelper module, when communication between both subnetworks occurs, the RTP proxy is involved and the communication (also media and not only signalling) is possible. BUT I am making something wrong, becouse it does not work ...
Can anyone give me a hand /hint? Thanks a lot in advance / in any case. My SER config file is the following:
#
# ----------- global configuration parameters ------------------------
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
fifo="/tmp/ser_fifo"
fifo_mode=0662
alias=wirelessip.x.x.x
alias=sip..x.x.x
alias=x.x.x
log_stderror=no
debug=3
children=3
mhomed=1
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/lib/ser/modules/mysql.so"
loadmodule "/lib/ser/modules/sl.so"
loadmodule "/lib/ser/modules/tm.so"
loadmodule "/lib/ser/modules/rr.so"
loadmodule "/lib/ser/modules/maxfwd.so"
loadmodule "/lib/ser/modules/usrloc.so"
loadmodule "/lib/ser/modules/textops.so"
loadmodule "/lib/ser/modules/registrar.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/lib/ser/modules/auth.so"
loadmodule "/lib/ser/modules/auth_db.so"
# For NAT support / media proxying
loadmodule "/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
modparam("auth_db", "calculate_ha1", yes)
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# For NAT
# We will use flag 6 to mark NATed contacts
modparam("registrar", "nat_flag", 6)
# Enable NAT pinging
modparam("nathelper", "natping_interval", 60)
# Ping only contacts that are known to be
# behind NAT
modparam("nathelper", "ping_nated_only", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# special handling for NATed clients; first, nat test is
# executed: it looks for via!=received and RFC1918 addresses
# in Contact (may fail if line-folding used); also,
# the received test should, if complete, should check all
# vias for presence of received
if (nat_uac_test("3")) {
# allow RR-ed requests, as these may indicate that
# a NAT-enabled proxy takes care of it; unless it is
# a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:")) {
log("LOG: Someone trying to register from private IP, rewriting\n");
# This will work only for user agents that support symmetric
# communication. We tested quite many of them and majority is
# smart smart enough to be symmetric. In some phones, like
# it takes a configuration option. With Cisco 7960, it is
# called NAT_Enable=Yes, with kphone it is called
# "symmetric media" and "symmetric signaling". (The latter
# not part of public released yet.)
fix_nated_contact(); # Rewrite contact with source IP of signalling
if (method == "INVITE") {
fix_nated_sdp("1"); # Add direction=active to SDP
};
force_rport(); # Add rport parameter to topmost Via
setflag(6); # Mark as NATed
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
lookup("aliases");
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!www_authorize("com.dtu.dk", "subscriber")) {
www_challenge("com.dtu.dk", "0");
break;
};
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
#
# Forcing media relay if necessary
#
route[1] {
#if (uri=~"[@:](192.168.|10.|172.16)" && !search("^Route:")){
# sl_send_reply("479", "We don't forward to private IP addresses");
# break;
#};
#if (isflagset(6)) {
force_rtp_proxy(); # I force everything through the proxy
t_on_reply("1");
append_hf("P-Behind-NAT: Yes\r\n");
#};
if (!t_relay()) {
sl_reply_error();
break;
};
}
onreply_route[1] {
if (status =~ "(183)|2[0-9][0-9]") {
fix_nated_contact();
force_rtp_proxy();
};
}
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Then, do you mean that bridging is different than proxying? I thought that RTPproxy purpose was to force RTP to pass through SER. Joao
Klaus Darilion wrote:
AFAIK you have to use the bridging mode (I never used it myself) http://lists.iptel.org/pipermail/serusers/2004-March/006514.html
regards klaus
Joao Pereira wrote:
Hello, did you made it to put the clients of networks A and B to call each other? I want to do the same, and tried a lot of SER/RTPproxy configurations, including the one in: /ser-0.9.0/modules/nathelper/examples/alg.cfg and also tried to run rtpproxy with the "-l 10.0.0.135/193.136.2.2" option. But I just was able to ring the phones (wen calling between networks), but the RTP doesnt pass... If you found the solution, please tell me. Thanks Joao Pereia www.fccn.pt
Jose Soler wrote:
Hi,
I am trying to figure out how to solve the follwoing problem. I have two subnetworks, A and B, with different private ip adressing schemes (IP@A mailto:IP@A) and (IP@B mailto:IP@B).
SER is installed in a computer with network interfaces towards both subnetworks. SER's SIP signalling proxying operation works properly within the subnetworks and when trying to set up a communication between users in A and B. But in that last case, obviously there is no media at all circulating among the subnetworks.
Portaone's RTP proxy has been installed and configured in the computer with interfaces towards both subnetworks where SER is installed. I am trying to configure SER so that, based on the nathelper module, when communication between both subnetworks occurs, the RTP proxy is involved and the communication (also media and not only signalling) is possible. BUT I am making something wrong, becouse it does not work ...
Can anyone give me a hand /hint? Thanks a lot in advance / in any case. My SER config file is the following:
#
# ----------- global configuration parameters ------------------------
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
fifo="/tmp/ser_fifo"
fifo_mode=0662
alias=wirelessip.x.x.x
alias=sip..x.x.x
alias=x.x.x
log_stderror=no
debug=3
children=3
mhomed=1
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/lib/ser/modules/mysql.so"
loadmodule "/lib/ser/modules/sl.so"
loadmodule "/lib/ser/modules/tm.so"
loadmodule "/lib/ser/modules/rr.so"
loadmodule "/lib/ser/modules/maxfwd.so"
loadmodule "/lib/ser/modules/usrloc.so"
loadmodule "/lib/ser/modules/textops.so"
loadmodule "/lib/ser/modules/registrar.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/lib/ser/modules/auth.so"
loadmodule "/lib/ser/modules/auth_db.so"
# For NAT support / media proxying
loadmodule "/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
modparam("auth_db", "calculate_ha1", yes)
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# For NAT
# We will use flag 6 to mark NATed contacts
modparam("registrar", "nat_flag", 6)
# Enable NAT pinging
modparam("nathelper", "natping_interval", 60)
# Ping only contacts that are known to be
# behind NAT
modparam("nathelper", "ping_nated_only", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# special handling for NATed clients; first, nat test is
# executed: it looks for via!=received and RFC1918 addresses
# in Contact (may fail if line-folding used); also,
# the received test should, if complete, should check all
# vias for presence of received
if (nat_uac_test("3")) {
# allow RR-ed requests, as these may indicate that
# a NAT-enabled proxy takes care of it; unless it is
# a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:")) {
log("LOG: Someone trying to register from private IP, rewriting\n");
# This will work only for user agents that support symmetric
# communication. We tested quite many of them and majority is
# smart smart enough to be symmetric. In some phones, like
# it takes a configuration option. With Cisco 7960, it is
# called NAT_Enable=Yes, with kphone it is called
# "symmetric media" and "symmetric signaling". (The latter
# not part of public released yet.)
fix_nated_contact(); # Rewrite contact with source IP of signalling
if (method == "INVITE") {
fix_nated_sdp("1"); # Add direction=active to SDP
};
force_rport(); # Add rport parameter to topmost Via
setflag(6); # Mark as NATed
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
lookup("aliases");
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!www_authorize("com.dtu.dk", "subscriber")) {
www_challenge("com.dtu.dk", "0");
break;
};
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
#
# Forcing media relay if necessary
#
route[1] {
#if (uri=~"[@:](192.168.|10.|172.16)" && !search("^Route:")){
# sl_send_reply("479", "We don't forward to private IP addresses");
# break;
#};
#if (isflagset(6)) {
force_rtp_proxy(); # I force everything through the proxy
t_on_reply("1");
append_hf("P-Behind-NAT: Yes\r\n");
#};
if (!t_relay()) {
sl_reply_error();
break;
};
}
onreply_route[1] {
if (status =~ "(183)|2[0-9][0-9]") {
fix_nated_contact();
force_rtp_proxy();
};
}
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Usually rtpproxy listens on one interface using two ports per call (one for each call leg).
In bridging mode, it uses 2 interfaces and one port on each interface (per call).
regards klaus
Joao Pereira wrote:
Then, do you mean that bridging is different than proxying? I thought that RTPproxy purpose was to force RTP to pass through SER. Joao
Klaus Darilion wrote:
AFAIK you have to use the bridging mode (I never used it myself) http://lists.iptel.org/pipermail/serusers/2004-March/006514.html
regards klaus
Joao Pereira wrote:
Hello, did you made it to put the clients of networks A and B to call each other? I want to do the same, and tried a lot of SER/RTPproxy configurations, including the one in: /ser-0.9.0/modules/nathelper/examples/alg.cfg and also tried to run rtpproxy with the "-l 10.0.0.135/193.136.2.2" option. But I just was able to ring the phones (wen calling between networks), but the RTP doesnt pass... If you found the solution, please tell me. Thanks Joao Pereia www.fccn.pt
Jose Soler wrote:
Hi,
I am trying to figure out how to solve the follwoing problem. I have two subnetworks, A and B, with different private ip adressing schemes (IP@A mailto:IP@A) and (IP@B mailto:IP@B).
SER is installed in a computer with network interfaces towards both subnetworks. SER's SIP signalling proxying operation works properly within the subnetworks and when trying to set up a communication between users in A and B. But in that last case, obviously there is no media at all circulating among the subnetworks.
Portaone's RTP proxy has been installed and configured in the computer with interfaces towards both subnetworks where SER is installed. I am trying to configure SER so that, based on the nathelper module, when communication between both subnetworks occurs, the RTP proxy is involved and the communication (also media and not only signalling) is possible. BUT I am making something wrong, becouse it does not work ...
Can anyone give me a hand /hint? Thanks a lot in advance / in any case. My SER config file is the following:
#
# ----------- global configuration parameters ------------------------
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
fifo="/tmp/ser_fifo"
fifo_mode=0662
alias=wirelessip.x.x.x
alias=sip..x.x.x
alias=x.x.x
log_stderror=no
debug=3
children=3
mhomed=1
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/lib/ser/modules/mysql.so"
loadmodule "/lib/ser/modules/sl.so"
loadmodule "/lib/ser/modules/tm.so"
loadmodule "/lib/ser/modules/rr.so"
loadmodule "/lib/ser/modules/maxfwd.so"
loadmodule "/lib/ser/modules/usrloc.so"
loadmodule "/lib/ser/modules/textops.so"
loadmodule "/lib/ser/modules/registrar.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/lib/ser/modules/auth.so"
loadmodule "/lib/ser/modules/auth_db.so"
# For NAT support / media proxying
loadmodule "/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
modparam("auth_db", "calculate_ha1", yes)
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# For NAT
# We will use flag 6 to mark NATed contacts
modparam("registrar", "nat_flag", 6)
# Enable NAT pinging
modparam("nathelper", "natping_interval", 60)
# Ping only contacts that are known to be
# behind NAT
modparam("nathelper", "ping_nated_only", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# special handling for NATed clients; first, nat test is
# executed: it looks for via!=received and RFC1918 addresses
# in Contact (may fail if line-folding used); also,
# the received test should, if complete, should check all
# vias for presence of received
if (nat_uac_test("3")) {
# allow RR-ed requests, as these may indicate that
# a NAT-enabled proxy takes care of it; unless it is
# a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:")) {
log("LOG: Someone trying to register from private IP, rewriting\n");
# This will work only for user agents that support symmetric
# communication. We tested quite many of them and majority is
# smart smart enough to be symmetric. In some phones, like
# it takes a configuration option. With Cisco 7960, it is
# called NAT_Enable=Yes, with kphone it is called
# "symmetric media" and "symmetric signaling". (The latter
# not part of public released yet.)
fix_nated_contact(); # Rewrite contact with source IP of signalling
if (method == "INVITE") {
fix_nated_sdp("1"); # Add direction=active to SDP
};
force_rport(); # Add rport parameter to topmost Via
setflag(6); # Mark as NATed
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
lookup("aliases");
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!www_authorize("com.dtu.dk", "subscriber")) {
www_challenge("com.dtu.dk", "0");
break;
};
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
#
# Forcing media relay if necessary
#
route[1] {
#if (uri=~"[@:](192.168.|10.|172.16)" && !search("^Route:")){
# sl_send_reply("479", "We don't forward to private IP addresses");
# break;
#};
#if (isflagset(6)) {
force_rtp_proxy(); # I force everything through the proxy
t_on_reply("1");
append_hf("P-Behind-NAT: Yes\r\n");
#};
if (!t_relay()) {
sl_reply_error();
break;
};
}
onreply_route[1] {
if (status =~ "(183)|2[0-9][0-9]") {
fix_nated_contact();
force_rtp_proxy();
};
}
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Greger V. Teigre -
Joao Pereira -
Jose Soler -
Klaus Darilion