Hi, John!
See the answers inline.
Best regards,
Răzvan Crainea
OpenSIPS Developer
www.opensips-solutions.com
On 01/11/2018 07:16 PM, John Hablitzel wrote:
Relatively new to OpenSIPS but have been working with Asterisk and
VoIP for several years. We want to use the load balancer or
dispatcher modules to distribute inbound calls from a SIP provider
among several Asterisk servers. This will be coming in from another
private network that is out of our control, therefore security is
definitely required. We won't be using OpenSIPS to control far-end
clients that are behind NAT (far-end).
I know that it is recommended in this situation that OpenSIPS be on a
public IP (or IP on the "outside" network", but the requirement in
this particular situation is that this must be behind a NAT firewall,
as there are other IP communications from servers on the the internal
network that must use this same outside IP for communications with
other services. The outside network provider only allows us to have a
single IP on their network for everything.
I have the inbound calls mostly working now in my lab with the LB
module, using RTPProxy to anchor the media and some of the nathelper
stuff. However am seeing issues with the ACK on the 200OK being sent
to the internal OpenSIPS IP and not the external IP on the NAT. I
believe this is due to the Internal IP being in the record-route
header on the 200OK. Pouring through the forums and other
documentation I can find, I haven't been able to find any way to
change this.
So I have 2 questions:
1) Is OpenSIPS even capable of operating in this mode? In everything
I've read, there is a bunch of documentation about handling NAT at the
far-end, where UAC's are behind a NAT, but very little (and nothing
with any concrete solution) about using OpenSIPS server behind a NAT.
Yes, OpenSIPS can operate in this mode, you can read more about this in
this blogpost:
https://blog.opensips.org/2017/10/25/running-opensips-in-the-cloud/
2) if it is possible, can anyone provide a sample .cfg where they are
have accomplished it? I tried adding record_route_preset to the reply
section, but OpenSIPS complains saying it can't be added in a reply
section.
I think the answer to the second question is actually another article
that we are preparing: how to have OpenSIPS behind NAT, bridging between
two networks. Unfortunately it's not yet ready.
IMO, the simplest way to achieve what you want is to use in OpenSIPS two
different listeners: one towards the trunk provider, with the proper
advertised IP address, and one towards the asterisk boxes:
listen=udp:10.95.95.220:5080 as 192.168.85.252:5060 # replace last 5060
with your public port
listen=udp:10.95.95.220:5060 # listener for communicating with Asterisk
Now, all you have to do, is to change the interface used: after
lb_start(), force the usage of the private interface:
force_send_socket(udp:10.95.95.220:5060); # forces the message to go out
throught he private interface
Hope this helps you.
PS: for large posts, and scripts, please use an external storage, such
as pastebin.com
Best regards,
Răzvan
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users