[OpenSIPS-Users] Example config for NATed UACs, RTPproxy, and NATed OpenSIPS (version 1.6.4)
James Lamanna
jlamanna at gmail.com
Wed Jan 12 17:10:17 CET 2011
Bogdan,
Wow, I didn't know about the live DVD.
Any chance someone could create this as an OpenVZ container in
addition to VMWare?
-- James
On Mon, Jan 10, 2011 at 2:25 AM, Bogdan-Andrei Iancu
<bogdan at voice-system.ro> wrote:
> Hi Damon,
>
> Well, the answer is simple - download the opensips virtual machine
> (http://www.voice-system.ro/shortcuts::opensips_livedvd) were you have a
> ready to run opensips platform with NAT traversal support - you can see in
> the script form the VM how the NAT traversal is done (for signalling and
> media).
>
> If you have questions on that, please come back here.
>
> Regards,
> Bogdan
>
> Damon Miller wrote:
>>
>> All,
>>
>>
>> I've seen many requests for an example working config that shows a working
>> RTPproxy configuration with NATed clients, but I haven't seen many
>> responses. I recently spent an absurd amount of time getting a working
>> configuration in place so I thought I would post it here in case it's
>> helpful to anyone.
>>
>> Three quick points:
>>
>> 1. I have only tested this with clients behind a NAT firewall, i.e. I
>> haven't tested with clients that have a public IP.
>>
>>
>> 2. My OpenSIPS server is behind a NAT firewall itself. To deal with
>> this, I added the two "advertised" options, as follows:
>>
>> advertised_address="xx.xx.xx.xx"
>> alias="xx.xx.xx.xx:5060
>>
>>
>> (Replace the "xx.xx.xx.xx" with the NAT firewall's public IP.)
>>
>> I also had to use a modified version of RTPproxy that presents the
>> firewall's public IP even though it binds to a private IP. Here's a post
>> which summarizes that version of RTPproxy:
>>
>>
>> http://opensips-open-sip-server.1449251.n2.nabble.com/Rtpproxy-behind-the-NAT-td5008041.html
>>
>>
>> I run RTPproxy like this:
>>
>> rtpproxy -A xx.xx.xx.xx -l 192.168.20.154 -s udp:127.0.0.1:12221 -m 25000
>> -M 65000 -F -d DBUG:LOCAL1
>>
>>
>> 3. I had to "tell" OpenSIPS that my firewall's public IP was one of its
>> local domains. I'm using MySQL as you'll see in the config file so all I
>> had to do was insert a value into the 'domain' table. That was pretty
>> obvious, i.e.:
>>
>> mysql> insert into domain (domain) values ("xx.xx.xx.xx");
>>
>> (Replace 'xx.xx.xx.xx' with your public IP.)
>>
>>
>>
>> Here's my 'opensips.cfg' file:
>>
>> --
>>
>> # ----------- global configuration parameters ------------------------
>> debug=3
>> fork=yes
>> log_facility=LOG_LOCAL0
>> log_stderror=no
>> children=4
>> port=5060
>> dns=no
>> rev_dns=no
>>
>> advertised_address="xx.xx.xx.xx"
>> alias="xx.xx.xx.xx:5060"
>>
>> # ------------------ module loading ----------------------------------
>> mpath="/usr/local/lib64/opensips/modules/"
>> loadmodule "db_mysql.so"
>> loadmodule "signaling.so"
>> loadmodule "sl.so"
>> loadmodule "tm.so"
>> loadmodule "rr.so"
>> loadmodule "maxfwd.so"
>> loadmodule "usrloc.so"
>> loadmodule "registrar.so"
>> loadmodule "textops.so"
>> loadmodule "mi_fifo.so"
>> loadmodule "uri.so"
>> loadmodule "nathelper.so"
>> loadmodule "domain.so"
>>
>> # ----------------- setting module-specific parameters ---------------
>> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
>> modparam("usrloc", "db_url",
>> "mysql://opensipsrw:opensipsrw@localhost/opensips")
>> modparam("usrloc", "db_mode", 2)
>> modparam("rr", "enable_full_lr", 1)
>> modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:12221")
>> modparam("nathelper", "nortpproxy_str", "")
>> modparam("domain", "db_url",
>> "mysql://opensipsrw:opensipsrw@localhost/opensips")
>>
>> ################## NAT ######################
>> modparam("usrloc", "nat_bflag", 6)
>> modparam("nathelper", "ping_nated_only", 1)
>> modparam("nathelper", "sipping_bflag", 8)
>> modparam("nathelper", "received_avp", "$avp(i:801)")
>> ################## NAT ######################
>>
>>
>> # main routing logic
>> route {
>>
>> # initial sanity checks
>> if (!mf_process_maxfwd_header("10")) {
>> sl_send_reply("483","Too Many Hops");
>> exit;
>> };
>>
>> if (msg:len >= 2048 ) {
>> sl_send_reply("513", "Message too big");
>> exit;
>> };
>>
>>
>> ################## NAT ######################
>> if (nat_uac_test("3")) {
>>
>> if (is_method("REGISTER") && !is_present_hf("Record-Route")) {
>>
>> # Rewrite contact with source IP of signalling
>> fix_nated_contact();
>>
>> force_rport();
>> setbflag(6); # Mark as NATed
>>
>> # if you want SIP NAT pinging
>> setbflag(8);
>> };
>> };
>> ################## NAT ######################
>>
>> if (!method=="REGISTER")
>> record_route();
>>
>> # subsequent messages withing a dialog should take the
>> # path determined by record-routing
>> if (loose_route()) {
>> # mark routing logic in request
>> append_hf("P-hint: rr-enforced\r\n");
>> route(1);
>> };
>>
>> if (!uri==myself) {
>> # mark routing logic in request
>> append_hf("P-hint: outbound\r\n");
>> route(1);
>> };
>>
>> if (uri==myself) {
>> if (method=="REGISTER") {
>> save("location");
>> exit;
>> };
>> }
>>
>> if (is_method("BYE"))
>> unforce_rtp_proxy();
>> if (!lookup("location","m")) {
>> switch ($retcode) {
>> case -1:
>> case -3:
>> t_newtran();
>> t_on_failure("1");
>> t_reply("404", "Not Found");
>> exit;
>> case -2:
>> sl_send_reply("405", "Method Not Allowed");
>> exit;
>> }
>> };
>>
>> route(1);
>> }
>>
>>
>>
>> route[1] {
>>
>> ################## NAT ######################
>> if (uri=~"[@:](192\.168\.10\.172\.(1[6-9]2[0-9]3[0-1])\.)" &&
>> !search("^Route:")) {
>> sl_send_reply("479", "We don't forward to private IP addresses");
>> exit;
>> };
>>
>> # if client or server know to be behind a NAT, enable relay
>> if (isbflagset(6)) {
>> if (has_body("application/sdp")) {
>> rtpproxy_offer("o");
>> };
>> };
>>
>> t_on_reply("1");
>> ################## NAT ######################
>>
>>
>> # send it out now; use stateful forwarding as it works
>> # reliably even for UDP2TCP
>> if (!t_relay()) {
>> sl_reply_error();
>> };
>>
>> exit;
>> }
>>
>>
>>
>> onreply_route[1] {
>>
>> ################## NAT ######################
>> if (isbflagset(6) && status =~ "(183)|2[0-9][0-9]") {
>> fix_nated_contact();
>> if (has_body("application/sdp")) {
>> rtpproxy_answer("o");
>> };
>>
>> # Is this a transaction behind a NAT and we did not
>> # know at time of request processing?
>> } else if (nat_uac_test("1")) {
>> fix_nated_contact();
>> };
>> ################## NAT ######################
>>
>> }
>>
>> failure_route[1] {
>> unforce_rtp_proxy();
>> }
>>
>> --
>>
>>
>> I hope this saves someone some time.
>>
>>
>>
>> Damon
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
>
> --
> Bogdan-Andrei Iancu
> OpenSIPS Event - expo, conf, social, bootcamp
> 2 - 4 February 2011, ITExpo, Miami, USA
> www.voice-system.ro
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
More information about the Users
mailing list