[Freeswitch-users] Problems with initial setup - basic nat

Daniel Hefti dhefti at metropark.com
Fri Apr 25 14:35:55 PDT 2008 

Should we post this on the wiki?  :)

-Dan

From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Brian West
Sent: Friday, April 25, 2008 11:59 AM
To: freeswitch-users at lists.freeswitch.org
Subject: Re: [Freeswitch-users] Problems with initial setup - basic nat

http://web.mac.com/brian.west/fs.jpg

That is my ugly graph on how I setup the default config.

/b

On Apr 25, 2008, at 11:40 AM, Jay Reeder wrote:


Aha... Thanks! :)

We're trying to do outbound calling from behind nat. So the proper configuration is to still call through the default.xml (port 5060) and it would call OUT on nat.xml (port 5070)?  In that case, what is outbound.xml (port 5080) used for?  Would it be for MWI and strictly freeswitch->out applications?
________________________________
From: freeswitch-users-bounces at lists.freeswitch.org<mailto:freeswitch-users-bounces at lists.freeswitch.org> [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Brian West
Sent: Friday, April 25, 2008 12:25 PM
To: freeswitch-users at lists.freeswitch.org<mailto:freeswitch-users at lists.freeswitch.org>
Subject: Re: [Freeswitch-users] Problems with initial setup - basic nat

Well first off you wouldn't use nat.xml for that.. you would clone default.xml and use it as a base. nat.xml is for OUTBOUND calling from behind nat only in the default config. its not designed to have inbound calls to it nor is it for registrations.

/b

On Apr 25, 2008, at 11:22 AM, Jay Reeder wrote:



Thanks!  :)

I did have auth-calls set to false in nat.xml but it wasnt working.  Is there some other place I should have set this?

Whats the difference/application/use of the sample public context versus the default one?  The sample nat.xml uses the public context.

Thanks,

Jay

________________________________
From: freeswitch-users-bounces at lists.freeswitch.org<mailto:freeswitch-users-bounces at lists.freeswitch.org> [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Brian West
Sent: Friday, April 25, 2008 12:01 PM
To: freeswitch-users at lists.freeswitch.org<mailto:freeswitch-users at lists.freeswitch.org>
Subject: Re: [Freeswitch-users] Problems with initial setup - basic nat

You could have just turned auth-calls to false and context to default and accomplished the same thing  ;)

/b

On Apr 25, 2008, at 10:55 AM, Jay Reeder wrote:




Sorry to bug you guys.  I figured it out.

In case anyone else is just learning to crawl with freeswitch.

I enabled the following in the sip_profiles to get around the authorization errors (for now):

    <!--  comment the next line and uncomment one or both of the other 2 lines for call authentication -->
    <param name="accept-blind-reg" value="true"/>

    <!-- accept any authentication without actually checking (not a good feature for most people) -->
    <param name="accept-blind-auth" value="true"/>

Then I started receiving a 404 route not found so I modified the public dialplan with the following:

    <extension name="public_call">
      <condition field="destination_number" expression="^(.*)$">
        <action application="bridge" data="sofia/gateway/gafachi/$1"/>
      </condition>
    </extension>

Then I wasnt getting 2-way audio so I changed the sip profile for nat (which Im using internally) and set the ext-sip-ip and the ext-rtp-ip to the same value as the rtp-ip and the sip-ip (since Im only using for internal nat through firewall to sip provider):

<!--    <param name="ext-rtp-ip" value="$${external_rtp_ip}"/> -->
<!--    <param name="ext-sip-ip" value="$${external_sip_ip}"/> -->
    <param name="ext-rtp-ip" value="$${local_ip_v4}"/>
    <param name="ext-sip-ip" value="$${local_ip_v4}"/>


And now I have calls routed by sipx to freeswitch and through the firewall to our internet sip provider.  Obviously the current configuration isnt secure but its enough to get things going.




________________________________
From: freeswitch-users-bounces at lists.freeswitch.org<mailto:freeswitch-users-bounces at lists.freeswitch.org> [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Jay Reeder
Sent: Thursday, April 24, 2008 4:40 PM
To: freeswitch-users at lists.freeswitch.org<mailto:freeswitch-users at lists.freeswitch.org>
Subject: [Freeswitch-users] Problems with initial setup - basic nat

Were setting up a SipXecs server in-house to manage about 20-30 polycom sip phones.  We have an Audiocodes Mediant 2000 to use as a gateway but for testing I was also trying to setup sip in/out dialing through the firewall.  Ive wanted a reason to start playing with freeswitch so I thought this would be an excellent opportunity to use freeswitch for the Nat traversal.

Ive been through the wiki and reviewed list archives but Im missing something.

I have RC3 on Centos (initially a trixswitch load but then upgraded to the new RC3) with the standard config files.  I did remove the older ones and re-installed the samples.

This is a pretty basic install with a gafachi gateway setup for the outbound sip profile, and the firewalls external ip setup for the external_rtp and external_sip values (in vars.xml), and the firewall port forwards all recommended ports(from wiki getting started page) into freeswitch.

This is where Im stuck.  I have sipx attempting to send calls to Freeswitch on port 5070 (for nat) but Freeswitch wont accept the call and is logging:

2008-04-24 16:20:26 [DEBUG] sofia.c:219 sofia_event_callback() event [nua_i_state] status [407][Proxy Authentication Required] session: n/a

The nat sip_profile is setup per default to answer port 5070 and authentication (per default) is disabled.

Im sure its something obvious but what am I missing?

Thanks,

Jay
_______________________________________________
Freeswitch-users mailing list
Freeswitch-users at lists.freeswitch.org<mailto:Freeswitch-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org




Brian West
sip:brian at freeswitch.org



_______________________________________________
Freeswitch-users mailing list
Freeswitch-users at lists.freeswitch.org<mailto:Freeswitch-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org



Brian West
sip:brian at freeswitch.org



_______________________________________________
Freeswitch-users mailing list
Freeswitch-users at lists.freeswitch.org<mailto:Freeswitch-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


Brian West
sip:brian at freeswitch.org



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20080425/e53726fb/attachment-0002.html

More information about the FreeSWITCH-users mailing list