We are trying to configure Kamailio (3.1.x) as a "boarder proxy" where it acts
as the front for various carrier gateways so that internal UACs and UASs are
unaware of the carrier gateways.
Let me try to present a clear picture of our setup.
1. Kamailio has several NICs (physical or vlan). Each on a different
subnet. One subnet is internal/has routes for internal. Other subnets are
private connections to carriers or a route to public Internet.
2. All of these subnets are non-routable from Internet. In addition , the
carrier private connections are not routable internally.
3. Connection to public internet is via a FW/NAT (one-to-one NAT), which
maps to one of the interfaces.
4. All internal UAC/UAS connect on the internal subnet.
5. We are using RTPProxy (at least one instance per carrier) to relay
media between internal and carrier subnets
We are able to make this setup up work great except for one scenario. One of
the carriers is only reachable via public Internet. Due to security
requirements, our Kamailio cannot have a public IP address and must use FW/NAT.
I guess this scenario is "Proxy behind NAT" and not really encouraged. But I
would like to see if there is a way to make this work. We cannot use the
"advertised_address" since it changes the IP for every "route".
We were able to get this mostly working by doing the following
1. mhomed=1
2. Small patch in the rtpproxy module so that force_rtp_proxy actually
uses the IP address passed (public IP).
3. Using request_route_preset("publicIP")
The above "mostly" works. By that I mean, the INVITE transaction is properly
passed between internal UAS and carrier SBC and the call is setup. However,
further transactions (BYE/re-INVITE) etc do not work properly. So, far-end
hangups are not working etc.
I've searched various archives of this and other SER lists looking to see if
anyone was able to get this scenario working, but couldn't find a definitive
answer. Most of them point to using "advertised_address".
So, and ideas on how to make "Proxy behind NAT" work without using
advertised_address? Am I wasting my time?
Thanks in advance for any help you can offer.
SV.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
