[OpenSIPS-Users] Mediaproxy ver 2.3.4 - Conntrack meets Music on Hold

[Dan Pascu]

On 2 Jul 2009, at 12:05, Stuart Marsden wrote:

> Hi,
>
> It can be made to work - trust me

I'm sure it can if enough effort is put into it. The problem you face  
is that Linksys made many false assumptions when they devised their  
MOH scheme and now you have to work around all of them. First of all,  
even putting aside the media relay I do not understand how they  
imagined this would work with NAT (which is pretty much a given these  
days). In order for their scheme to work all involved NAT boxes in the  
path (in the absence of a media relay) would need to have async full  
cone implementations, which are not the norm, on the contrary are  
pretty rare. With a media relay, you need a pretty specialized one and  
none of the ones I know can support what they do out of the box. So  
the only answer is that their devices currently only work with no NAT  
and no media relay involved.

Another false assumption is that the receiving endpoint would accept a  
media stream coming from a source that was not negotiated in the  
current session. Maybe the Linksys devices accept this and if you  
restrict yourself to only using Linksys devices it'll work, but as  
soon as you plan to use other devices as well, all bets are off.

> We have a well defined subnet were all our servers  live, so you can
> make this process secure by restricting this operation to that subnet


The security issue is not one that is fixed by creating a walled  
garden. Isolation won't prevent any of your users to attempt to steal  
a conversation for a purpose or simply wreak havoc in the active  
sessions

--
Dan