<div dir="ltr">Thank you very much. Looks like exactly what I need. I will give it a try.<div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jan 12, 2018 at 4:35 AM, Răzvan Crainea <span dir="ltr"><<a href="mailto:razvan@opensips.org" target="_blank">razvan@opensips.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi, John!<br>
<br>
See the answers inline.<br>
<br>
Best regards,<br>
<br>
Răzvan Crainea<br>
OpenSIPS Developer<br>
<a href="http://www.opensips-solutions.com" rel="noreferrer" target="_blank">www.opensips-solutions.com</a><br>
<br>
On 01/11/2018 07:16 PM, John Hablitzel wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Relatively new to OpenSIPS but have been working with Asterisk and VoIP for several years. We want to use the load balancer or dispatcher modules to distribute inbound calls from a SIP provider among several Asterisk servers. This will be coming in from another private network that is out of our control, therefore security is definitely required. We won't be using OpenSIPS to control far-end clients that are behind NAT (far-end).<br>
<br>
I know that it is recommended in this situation that OpenSIPS be on a public IP (or IP on the "outside" network", but the requirement in this particular situation is that this must be behind a NAT firewall, as there are other IP communications from servers on the the internal network that must use this same outside IP for communications with other services. The outside network provider only allows us to have a single IP on their network for everything.<br>
<br>
I have the inbound calls mostly working now in my lab with the LB module, using RTPProxy to anchor the media and some of the nathelper stuff. However am seeing issues with the ACK on the 200OK being sent to the internal OpenSIPS IP and not the external IP on the NAT. I believe this is due to the Internal IP being in the record-route header on the 200OK. Pouring through the forums and other documentation I can find, I haven't been able to find any way to change this.<br>
<br>
So I have 2 questions:<br>
1) Is OpenSIPS even capable of operating in this mode? In everything I've read, there is a bunch of documentation about handling NAT at the far-end, where UAC's are behind a NAT, but very little (and nothing with any concrete solution) about using OpenSIPS server behind a NAT.<br>
</blockquote>
Yes, OpenSIPS can operate in this mode, you can read more about this in this blogpost:<br>
<a href="https://blog.opensips.org/2017/10/25/running-opensips-in-the-cloud/" rel="noreferrer" target="_blank">https://blog.opensips.org/2017<wbr>/10/25/running-opensips-in-<wbr>the-cloud/</a><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
2) if it is possible, can anyone provide a sample .cfg where they are have accomplished it? I tried adding record_route_preset to the reply section, but OpenSIPS complains saying it can't be added in a reply section.<br>
</blockquote>
I think the answer to the second question is actually another article that we are preparing: how to have OpenSIPS behind NAT, bridging between two networks. Unfortunately it's not yet ready.<br>
<br>
IMO, the simplest way to achieve what you want is to use in OpenSIPS two different listeners: one towards the trunk provider, with the proper advertised IP address, and one towards the asterisk boxes:<br>
<br>
listen=udp:<a href="http://10.95.95.220:5080" rel="noreferrer" target="_blank">10.95.95.220:5080</a> as <a href="http://192.168.85.252:5060" rel="noreferrer" target="_blank">192.168.85.252:5060</a> # replace last 5060 with your public port<br>
listen=udp:<a href="http://10.95.95.220:5060" rel="noreferrer" target="_blank">10.95.95.220:5060</a> # listener for communicating with Asterisk<br>
<br>
Now, all you have to do, is to change the interface used: after lb_start(), force the usage of the private interface:<br>
<br>
force_send_socket(udp:<a href="http://10.95.95.220:5060" rel="noreferrer" target="_blank">10.95.95<wbr>.220:5060</a>); # forces the message to go out throught he private interface<br>
<br>
Hope this helps you.<br>
<br>
PS: for large posts, and scripts, please use an external storage, such as <a href="http://pastebin.com" rel="noreferrer" target="_blank">pastebin.com</a><br>
<br>
Best regards,<br>
Răzvan<br>
<br>
______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a><br>
</blockquote></div><br></div></div>