[OpenSIPS-Users] Opensips behind a NAT - change record-route
John Hablitzel
jjblitz071 at gmail.com
Fri Jan 12 04:49:41 EST 2018
Thank you very much. Looks like exactly what I need. I will give it a try.
On Fri, Jan 12, 2018 at 4:35 AM, Răzvan Crainea <razvan at opensips.org> wrote:
> Hi, John!
>
> See the answers inline.
>
> Best regards,
>
> Răzvan Crainea
> OpenSIPS Developer
> www.opensips-solutions.com
>
> On 01/11/2018 07:16 PM, John Hablitzel wrote:
>
>> Relatively new to OpenSIPS but have been working with Asterisk and VoIP
>> for several years. We want to use the load balancer or dispatcher modules
>> to distribute inbound calls from a SIP provider among several Asterisk
>> servers. This will be coming in from another private network that is out
>> of our control, therefore security is definitely required. We won't be
>> using OpenSIPS to control far-end clients that are behind NAT (far-end).
>>
>> I know that it is recommended in this situation that OpenSIPS be on a
>> public IP (or IP on the "outside" network", but the requirement in this
>> particular situation is that this must be behind a NAT firewall, as there
>> are other IP communications from servers on the the internal network that
>> must use this same outside IP for communications with other services. The
>> outside network provider only allows us to have a single IP on their
>> network for everything.
>>
>> I have the inbound calls mostly working now in my lab with the LB
>> module, using RTPProxy to anchor the media and some of the nathelper
>> stuff. However am seeing issues with the ACK on the 200OK being sent to
>> the internal OpenSIPS IP and not the external IP on the NAT. I believe
>> this is due to the Internal IP being in the record-route header on the
>> 200OK. Pouring through the forums and other documentation I can find, I
>> haven't been able to find any way to change this.
>>
>> So I have 2 questions:
>> 1) Is OpenSIPS even capable of operating in this mode? In everything
>> I've read, there is a bunch of documentation about handling NAT at the
>> far-end, where UAC's are behind a NAT, but very little (and nothing with
>> any concrete solution) about using OpenSIPS server behind a NAT.
>>
> Yes, OpenSIPS can operate in this mode, you can read more about this in
> this blogpost:
> https://blog.opensips.org/2017/10/25/running-opensips-in-the-cloud/
>
>> 2) if it is possible, can anyone provide a sample .cfg where they are
>> have accomplished it? I tried adding record_route_preset to the reply
>> section, but OpenSIPS complains saying it can't be added in a reply section.
>>
> I think the answer to the second question is actually another article that
> we are preparing: how to have OpenSIPS behind NAT, bridging between two
> networks. Unfortunately it's not yet ready.
>
> IMO, the simplest way to achieve what you want is to use in OpenSIPS two
> different listeners: one towards the trunk provider, with the proper
> advertised IP address, and one towards the asterisk boxes:
>
> listen=udp:10.95.95.220:5080 as 192.168.85.252:5060 # replace last 5060
> with your public port
> listen=udp:10.95.95.220:5060 # listener for communicating with Asterisk
>
> Now, all you have to do, is to change the interface used: after
> lb_start(), force the usage of the private interface:
>
> force_send_socket(udp:10.95.95.220:5060); # forces the message to go out
> throught he private interface
>
> Hope this helps you.
>
> PS: for large posts, and scripts, please use an external storage, such as
> pastebin.com
>
> Best regards,
> Răzvan
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20180112/16ba186f/attachment-0001.html>
More information about the Users
mailing list