<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    SamyGo,<br>
    <br>
    Thank you for the help.<br>
    <br>
    I configured rtpproxy as you said and used:<br>
    <br>
            if($rd=="cc.cc.cc.cc") {<br>
                    rtpproxy_engage("ies");<br>
            } else {<br>
                    rtpproxy_engage("eis");<br>
            }<br>
    <br>
    Is that a reasonable way to do it?<br>
    <br>
    Thanks,<br>
    schu<br>
    <br>
    <div class="moz-cite-prefix">On 1/7/20 9:02 PM, SamyGo wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAJUJwtiRbQKNkzQ-LRLq=Wggy4zDhSzNb3uapLGE9=04mW2+bg@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">Hi,
        <div>if <i>a.a.a.a</i> is PublicIP and <i>b.b.b.b</i> is
          Private IP ; where c.c.c.c is another Private IP address then
          you just need to enable multihome param "<b>mhomed=1" </b>in
          your opensips.cfg script and OpenSIPS should take care of
          relaying the packet our with proper SIP headers, the selection
          of the interface to "c.c.c.c" will be done automatically if
          the Operating System's IP routes are configured properly i.e
          b.b.b.b can reach c.c.c.c. </div>
        <div><br>
        </div>
        <div>Next up is the rpproxy engagement, you'll need to do couple
          of things for that.<br>
        </div>
        <div>1 - start RTPproxy in bridging mode i.e  -l a.a.a.a/b.b.b.b</div>
        <div>2 - in your opensips.cfg you've to explicitly tell the
          rtpproxy which direction this call is flowing by use of flags
          and other functions.</div>
        <div><br>
        </div>
        <div>i.e<br>
          if(call-from-WAN->LAN)</div>
        <div><b>     rtpproxy_engage("ei");</b><br>
          <br>
          if(call-from-LAN->WAN)</div>
        <div><b>     rtpproxy_engage("ie");</b></div>
        <div><br>
        </div>
        <div>You might need additional flags in there as this is just an
          example. Hope this helps.</div>
        <div><br>
        </div>
        <div>Regards,</div>
        <div>Sammy</div>
        <div><br>
        </div>
        <div><br>
        </div>
        <div><br>
        </div>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">On Tue, Jan 7, 2020 at 8:22 PM
          Matthew Schumacher <<a href="mailto:schu@schu.net"
            target="_blank" moz-do-not-send="true">schu@schu.net</a>>
          wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px
          0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello
          all,<br>
          <br>
          I'm trying to setup an SBC of sorts so that I can have users <br>
          authenticate to opensips using a public interface, then have
          opensips <br>
          relay and rtpproxy that request to a private sip host.<br>
          <br>
          Something like this:<br>
          <br>
          public sip client ---(proxy authetication)--> aa.aa.aa.aa <a
            href="http://bb.bb.bb.bb" rel="noreferrer" target="_blank"
            moz-do-not-send="true">bb.bb.bb.bb</a>  <br>
          ----(sip trunk auth by ip) --->  <a
            href="http://cc.cc.cc.cc" rel="noreferrer" target="_blank"
            moz-do-not-send="true">cc.cc.cc.cc</a> (inside sip gateway)<br>
          <br>
          Where aa.aa.aa.aa and <a href="http://bb.bb.bb.bb"
            rel="noreferrer" target="_blank" moz-do-not-send="true">bb.bb.bb.bb</a>
          live on the same host.<br>
          <br>
          I used osipsconfig with use_auth, use_dbacc, use_dbusrloc,
          use_dialog, <br>
          use_multidomain, use_dialplan, have_inbound_pstn,
          have_outbound_pstn<br>
          <br>
          I then took the config it created and added rtpproxy module
          and config <br>
          as well as force_send_socket() because when it sent sip to
          cc.cc.cc.c it <br>
          was sourcing from aa.aa.aa.aa instead of <a
            href="http://bb.bb.bb.bb" rel="noreferrer" target="_blank"
            moz-do-not-send="true">bb.bb.bb.bb</a>.<br>
          <br>
          It almost works, and actually works with one way audio from <a
            href="http://cc.cc.cc.cc" rel="noreferrer" target="_blank"
            moz-do-not-send="true">cc.cc.cc.cc</a> <br>
          through the proxy to the client, but opensips tells the client
          that the <br>
          audio is at <a href="http://cc.cc.cc.cc" rel="noreferrer"
            target="_blank" moz-do-not-send="true">cc.cc.cc.cc</a> which
          doesn't route.<br>
          <br>
          What's the best way to do multi homing?  opensips seems fairly
          straight <br>
          forward with a single IP address, but things got complicated
          fast when I <br>
          added a second IP.<br>
          <br>
          I would just use b2b_init_request("top hiding"); but I get
          lots of loops <br>
          when I do that.<br>
          <br>
          Thanks,<br>
          Matt<br>
          <br>
          <br>
          ####### Global Parameters #########<br>
          <br>
          log_level=4<br>
          log_stderror=yes<br>
          log_facility=LOG_LOCAL0<br>
          <br>
          children=4<br>
          <br>
          /* uncomment the following lines to enable debugging */<br>
          #debug_mode=yes<br>
          <br>
          /* uncomment the next line to enable the auto temporary
          blacklisting of<br>
              not available destinations (default disabled) */<br>
          #disable_dns_blacklist=no<br>
          <br>
          /* uncomment the next line to enable IPv6 lookup after IPv4
          dns<br>
              lookup failures (default disabled) */<br>
          #dns_try_ipv6=yes<br>
          <br>
          /* comment the next line to enable the auto discovery of local
          aliases<br>
              based on reverse DNS on IPs */<br>
          auto_aliases=no<br>
          <br>
          listen=udp:<a href="http://bb.bb.bb.bb:5060" rel="noreferrer"
            target="_blank" moz-do-not-send="true">bb.bb.bb.bb:5060</a>  
          # CUSTOMIZE ME<br>
          listen=<a class="moz-txt-link-freetext" href="udp:aa.aa.aa.aa:5060">udp:aa.aa.aa.aa:5060</a>   # CUSTOMIZE ME<br>
          <br>
          <br>
          ####### Modules Section ########<br>
          <br>
          #set module path<br>
          mpath="/usr/lib64/opensips/modules/"<br>
          <br>
          #### SIGNALING module<br>
          loadmodule "signaling.so"<br>
          <br>
          #### StateLess module<br>
          loadmodule "sl.so"<br>
          <br>
          #### Transaction Module<br>
          loadmodule "tm.so"<br>
          modparam("tm", "fr_timeout", 5)<br>
          modparam("tm", "fr_inv_timeout", 30)<br>
          modparam("tm", "restart_fr_on_each_reply", 0)<br>
          modparam("tm", "onreply_avp_mode", 1)<br>
          <br>
          #### Record Route Module<br>
          loadmodule "rr.so"<br>
          /* do not append from tag to the RR (no need for this script)
          */<br>
          modparam("rr", "append_fromtag", 0)<br>
          <br>
          #### MAX ForWarD module<br>
          loadmodule "maxfwd.so"<br>
          <br>
          #### SIP MSG OPerationS module<br>
          loadmodule "sipmsgops.so"<br>
          <br>
          #### FIFO Management Interface<br>
          loadmodule "mi_fifo.so"<br>
          modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")<br>
          modparam("mi_fifo", "fifo_mode", 0666)<br>
          <br>
          #### PGSQL module<br>
          loadmodule "db_postgres.so"<br>
          <br>
          #### HTTPD module<br>
          loadmodule "httpd.so"<br>
          modparam("httpd", "port", 8888)<br>
          <br>
          #### USeR LOCation module<br>
          loadmodule "usrloc.so"<br>
          modparam("usrloc", "nat_bflag", "NAT")<br>
          modparam("usrloc", "db_mode",   2)<br>
          modparam("usrloc", "db_url",<br>
               "postgres://opensips:longpassword@localhost/opensips") #
          CUSTOMIZE ME<br>
          <br>
          <br>
          #### REGISTRAR module<br>
          loadmodule "registrar.so"<br>
          modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")<br>
          /* uncomment the next line not to allow more than 10 contacts
          per AOR */<br>
          #modparam("registrar", "max_contacts", 10)<br>
          <br>
          #### ACCounting module<br>
          loadmodule "acc.so"<br>
          /* what special events should be accounted ? */<br>
          modparam("acc", "early_media", 0)<br>
          modparam("acc", "report_cancels", 0)<br>
          /* by default we do not adjust the direct of the sequential
          requests.<br>
              if you enable this parameter, be sure the enable
          "append_fromtag"<br>
              in "rr" module */<br>
          modparam("acc", "detect_direction", 0)<br>
          modparam("acc", "db_url",<br>
               "postgres://opensips:longpassword@localhost/opensips") #
          CUSTOMIZE ME<br>
          <br>
          #### AUTHentication modules<br>
          loadmodule "auth.so"<br>
          loadmodule "auth_db.so"<br>
          modparam("auth_db", "calculate_ha1", yes)<br>
          modparam("auth_db", "password_column", "password")<br>
          modparam("auth_db", "db_url",<br>
               "postgres://opensips:longpassword@localhost/opensips") #
          CUSTOMIZE ME<br>
          modparam("auth_db", "load_credentials", "")<br>
          <br>
          #### DOMAIN module<br>
          loadmodule "domain.so"<br>
          modparam("domain", "db_url",<br>
                  
          "postgres://opensips:longpassword@localhost/opensips") # <br>
          CUSTOMIZE ME<br>
          modparam("domain", "db_mode", 1)   # Use caching<br>
          modparam("auth_db|usrloc", "use_domain", 1)<br>
          <br>
          #### DIALOG module<br>
          loadmodule "dialog.so"<br>
          modparam("dialog", "dlg_match_mode", 1)<br>
          modparam("dialog", "default_timeout", 21600)  # 6 hours
          timeout<br>
          modparam("dialog", "db_mode", 2)<br>
          modparam("dialog", "db_url",<br>
               "postgres://opensips:longpassword@localhost/opensips") #
          CUSTOMIZE ME<br>
          <br>
          ####  DIALPLAN module<br>
          loadmodule "dialplan.so"<br>
          modparam("dialplan", "db_url",<br>
               "postgres://opensips:longpassword@localhost/opensips") #
          CUSTOMIZE ME<br>
          <br>
          ####  MI_HTTP module<br>
          loadmodule "mi_http.so"<br>
          modparam("mi_http", "root", "json")<br>
          <br>
          loadmodule "proto_udp.so"<br>
          loadmodule "proto_tcp.so"<br>
          <br>
          loadmodule "rtpproxy.so"<br>
          modparam("rtpproxy", "rtpproxy_sock",
          "unix:/var/run/rtpproxy.sock") # <br>
          CUSTOMIZE ME<br>
          <br>
          loadmodule "json.so"<br>
          loadmodule "jsonrpc.so"<br>
          loadmodule "event_jsonrpc.so"<br>
          <br>
          ####### Routing Logic ########<br>
          <br>
          # main request routing logic<br>
          <br>
          route{<br>
          <br>
               if (!mf_process_maxfwd_header(10)) {<br>
                   send_reply(483,"Too Many Hops");<br>
                   exit;<br>
               }<br>
          <br>
               if (has_totag()) {<br>
          <br>
                   # handle hop-by-hop ACK (no routing required)<br>
                   if ( is_method("ACK") && t_check_trans() ) {<br>
                       t_relay();<br>
                       exit;<br>
                   }<br>
          <br>
                   # sequential request within a dialog should<br>
                   # take the path determined by record-routing<br>
                   if ( !loose_route() ) {<br>
                       # we do record-routing for all our traffic, so we
          should not<br>
                       # receive any sequential requests without Route
          hdr.<br>
                       send_reply(404,"Not here");<br>
                       exit;<br>
                   }<br>
          <br>
                   # validate the sequential request against dialog<br>
                   if ( $DLG_status!=NULL && !validate_dialog()
          ) {<br>
                       xlog("In-Dialog $rm from $si (callid=$ci) is not
          valid <br>
          according to dialog\n");<br>
                       ## exit;<br>
                   }<br>
          <br>
                   if (is_method("BYE")) {<br>
                       # do accounting even if the transaction fails<br>
                       do_accounting("db","failed");<br>
          <br>
                   }<br>
          <br>
                   # route it out to whatever destination was set by
          loose_route()<br>
                   # in $du (destination URI).<br>
                   route(relay);<br>
                   exit;<br>
               }<br>
          <br>
               # CANCEL processing<br>
               if (is_method("CANCEL")) {<br>
                   if (t_check_trans())<br>
                       t_relay();<br>
                   exit;<br>
               }<br>
          <br>
               # absorb retransmissions, but do not create transaction<br>
               t_check_trans();<br>
          <br>
               if ( !(is_method("REGISTER")  || ($si==<a
            href="http://cc.cc.cc.cc" rel="noreferrer" target="_blank"
            moz-do-not-send="true">cc.cc.cc.cc</a> && $sp==5060
          /* <br>
          CUSTOMIZE ME */) ) ) {<br>
          <br>
                   if (is_myself("$fd")) {<br>
          <br>
                       # authenticate if from local subscriber<br>
                       # authenticate all initial non-REGISTER request
          that <br>
          pretend to be<br>
                       # generated by local subscriber (domain from FROM
          URI is local)<br>
                       if (!proxy_authorize("", "subscriber")) {<br>
                           proxy_challenge("", 0);<br>
                           exit;<br>
                       }<br>
                       if ($au!=$fU) {<br>
                           send_reply(403,"Forbidden auth ID");<br>
                           exit;<br>
                       }<br>
          <br>
                       consume_credentials();<br>
                       # caller authenticated<br>
          <br>
                   } else {<br>
                       # if caller is not local, then called number must
          be local<br>
          <br>
                       if (!is_myself("$rd")) {<br>
                           send_reply(403,"Relay Forbidden");<br>
                           exit;<br>
                       }<br>
                   }<br>
          <br>
               }<br>
          <br>
               # preloaded route checking<br>
               if (loose_route()) {<br>
                   xlog("L_ERR",<br>
                       "Attempt to route with preloaded Route's
          [$fu/$tu/$ru/$ci]");<br>
                   if (!is_method("ACK"))<br>
                       send_reply(403,"Preload Route denied");<br>
                   exit;<br>
               }<br>
          <br>
               # record routing<br>
               if (!is_method("REGISTER|MESSAGE"))<br>
                   record_route();<br>
          <br>
               # account only INVITEs<br>
               if (is_method("INVITE")) {<br>
          <br>
                   # create dialog with timeout<br>
                   if ( !create_dialog("B") ) {<br>
                       send_reply(500,"Internal Server Error");<br>
                       exit;<br>
                   }<br>
          <br>
                   do_accounting("db");<br>
          <br>
               }<br>
          <br>
          <br>
               if (!is_myself("$rd")) {<br>
                   append_hf("P-hint: outbound\r\n");<br>
          <br>
                   route(relay);<br>
               }<br>
          <br>
               # requests for my domain<br>
          <br>
               if (is_method("PUBLISH|SUBSCRIBE")) {<br>
                   send_reply(503, "Service Unavailable");<br>
                   exit;<br>
               }<br>
          <br>
               if (is_method("REGISTER")) {<br>
                   # authenticate the REGISTER requests<br>
                   if (!www_authorize("", "subscriber")) {<br>
                       www_challenge("", 0);<br>
                       exit;<br>
                   }<br>
          <br>
                   if ($au!=$tU) {<br>
                       send_reply(403,"Forbidden auth ID");<br>
                       exit;<br>
                   }<br>
                   if ($proto == "tcp")<br>
                       setflag(TCP_PERSISTENT);<br>
          <br>
                   if (!save("location"))<br>
                       sl_reply_error();<br>
          <br>
                   exit;<br>
               }<br>
          <br>
               if ($rU==NULL) {<br>
                   # request with no Username in RURI<br>
                   send_reply(484,"Address Incomplete");<br>
                   exit;<br>
               }<br>
          <br>
          <br>
          <br>
          <br>
               # apply transformations from dialplan table<br>
               dp_translate( 0, "$rU", $rU);<br>
          <br>
               if ($rU=~"^\+[1-9][0-9]+$") {<br>
          <br>
          <br>
                   $rd="<a href="http://cc.cc.cc.cc" rel="noreferrer"
            target="_blank" moz-do-not-send="true">cc.cc.cc.cc</a>"; #
          CUSTOMIZE ME<br>
                   $rp=5060;<br>
                   force_send_socket(udp:<a
            href="http://bb.bb.bb.bb:5060" rel="noreferrer"
            target="_blank" moz-do-not-send="true">bb.bb.bb.bb:5060</a>);<br>
                   rtpproxy_engage();<br>
          <br>
                   route(relay);<br>
                   exit;<br>
               }<br>
          <br>
               # do lookup with method filtering<br>
               if (!lookup("location","m")) {<br>
                   if (!db_does_uri_exist("$ru","subscriber")) {<br>
                       send_reply(420,"Bad Extension");<br>
                       exit;<br>
                   }<br>
          <br>
                   t_reply(404, "Not Found");<br>
                   exit;<br>
               }<br>
          <br>
          <br>
          <br>
               # when routing via usrloc, log the missed calls also<br>
               do_accounting("db","missed");<br>
          <br>
               route(relay);<br>
          }<br>
          <br>
          <br>
          route[relay] {<br>
               # for INVITEs enable some additional helper routes<br>
               if (is_method("INVITE")) {<br>
          <br>
          <br>
          <br>
                   t_on_branch("per_branch_ops");<br>
                   t_on_reply("handle_nat");<br>
                   t_on_failure("missed_call");<br>
               }<br>
          <br>
          <br>
          <br>
               if (!t_relay()) {<br>
                   send_reply(500,"Internal Error");<br>
               }<br>
               exit;<br>
          }<br>
          <br>
          <br>
          <br>
          <br>
          branch_route[per_branch_ops] {<br>
               xlog("new branch at $ru\n");<br>
          }<br>
          <br>
          <br>
          onreply_route[handle_nat] {<br>
          <br>
               xlog("incoming reply\n");<br>
          }<br>
          <br>
          <br>
          failure_route[missed_call] {<br>
               if (t_was_cancelled()) {<br>
                   exit;<br>
               }<br>
          <br>
               # uncomment the following lines if you want to block
          client<br>
               # redirect based on 3xx replies.<br>
               ##if (t_check_status("3[0-9][0-9]")) {<br>
               ##t_reply(404,"Not found");<br>
               ##    exit;<br>
               ##}<br>
          <br>
          <br>
          }<br>
          <br>
          <br>
          <br>
          local_route {<br>
               if (is_method("BYE") && $DLG_dir=="UPSTREAM") {<br>
          <br>
                   acc_db_request("200 Dialog Timeout", "acc");<br>
          <br>
               }<br>
          }<br>
          <br>
          _______________________________________________<br>
          Users mailing list<br>
          <a href="mailto:Users@lists.opensips.org" target="_blank"
            moz-do-not-send="true">Users@lists.opensips.org</a><br>
          <a
            href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
            rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
        </blockquote>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>