[Freeswitch-users] RTP NAT problem in Freeswitch 1.2.3
Ken Rice
krice at freeswitch.org
Fri Jul 12 19:25:33 MSD 2013
I would recommend updating to a later version... There are many known
problems in 1.2.3 up to an including a remote unauthenticate triggerable
crash that¹s at least theoretically exploitable...
As far as NAT FS should handle that... You might need to use one of the NDLB
flags....
On 7/12/13 8:34 AM, "Nuno Reis" <nreis at wavecom.pt> wrote:
> Good day all.
>
> I'm experiencing the following sinptom when using some softphones behind nat
> on a private LAN, sometimes the same happen with hardphones.
>
> Here's the scenario:
>
> FS : <public IP> _______ <public IP>LAN ROUTER <private LAN> --- softphone
>
> Basically when softphone makes an INVITE to FS it always sends the private IP
> on the SDP and when the media flow starts it's being sent out by FS to the
> public lan address resulting on a audioless call. However if the phone sends
> the public IP on the SDP there's no issue at all.
> I know there's a variable available disable_rtp_auto_adjust that shoud make
> freeswitch ignore the SDP IP and use the INVITE IP instead, but it isn't
> working for me.
>
> Here's what i currently have on my internal SIP profile:
>
> <profile name="internal">
> <aliases>
> </aliases>
> <gateways>
> </gateways>
> <domains>
> <domain name="all" alias="true"
> parse="false"/>
> </domains>
> <settings>
> <param name="debug" value="0"/>
> <param name="sip-trace" value="no"/>
> <param name="sip-capture" value="no"/>
> <param name="watchdog-enabled" value="no"/>
> <param name="watchdog-step-timeout"
> value="30000"/>
> <param name="watchdog-event-timeout"
> value="30000"/>
> <param name="log-auth-failures" value="true"/>
> <param name="forward-unsolicited-mwi-notify"
> value="false"/>
> <param name="context" value="public"/>
> <param name="rfc2833-pt" value="101"/>
> <param name="sip-port" value="5060"/>
> <param name="dialplan" value="XML"/>
> <param name="dtmf-duration" value="2000"/>
> <param name="inbound-codec-prefs"
> value="H264,G722,PCMA,GSM"/>
> <param name="outbound-codec-prefs"
> value="H264,G722,PCMA,GSM"/>
> <param name="rtp-timer-name" value="soft"/>
> <param name="rtp-ip" value="<PUBLIC_IP>"/>
> <param name="sip-ip" value="<PUBLIC_IP>"/>
> <param name="hold-music"
> value="local_stream://moh"/>
> <param name="apply-inbound-acl"
> value="domains"/>
> <param name="apply-nat-acl" value="rfc1918"/>
> <param name="local-network-acl"
> value="localnet.auto"/>
> <param name="record-path"
> value="/opt/freeswitch/recordings"/>
> <param name="record-template"
> value="${caller_id_number}.${target_domain}.${strftime(%Y-%m-%d-%H-%M-%S)}.wav
> "/>
> <param name="manage-presence" value="true"/>
> <param name="presence-privacy" value=""/>
> <param name="inbound-codec-negotiation"
> value="generous"/>
> <param name="tls" value="true"/>
> <param name="tls-only" value="false"/>
> <param name="tls-bind-params"
> value="transport=tls"/>
> <param name="tls-sip-port" value="5061"/>
> <param name="tls-cert-dir"
> value="/opt/freeswitch/conf/ssl"/>
> <param name="tls-passphrase" value=""/>
> <param name="tls-verify-date" value="true"/>
> <param name="tls-verify-policy" value="none"/>
> <param name="tls-verify-depth" value="2"/>
> <param name="tls-verify-in-subjects"
> value=""/>
> <param name="tls-version" value="sslv23"/>
> <param name="odbc-dsn"
> value="freeswitch:user:password"/>
> <param name="nonce-ttl" value="60"/>
> <param name="auth-calls" value="true"/>
> <param
> name="inbound-reg-force-matching-username" value="true"/>
> <param name="auth-all-packets" value="false"/>
> <param name="rtp-timeout-sec" value="300"/>
> <param name="rtp-hold-timeout-sec"
> value="1800"/>
> <param name="challenge-realm"
> value="auto_from"/>
> <param name="ext-rtp-ip" value="<PUBLIC_IP>"/>
> <param name="ext-sip-ip" value="<PUBLIC_IP>"/>
> <param name="presence-hosts"
> value="_DISABLED_"/>
> <param name="NDLB-received-in-nat-reg-contact"
> value="true"/>
> <param name="NDLB-broken-auth-hash"
> value="true"/>
> <param name="dbname" value="share_presence"/>
> <param name="send-presence-on-register"
> value="true"/>
> <param name="manage-shared-appearance"
> value="true"/>
> <param name="registration-thread-frequency"
> value="30"/>
> <param name="enable-timer" value="false"/>
> <param name="aggressive-nat-detection"
> value="true"/>
> <param name="send-message-query-on-register"
> value="true"/>
> <param name="all-reg-options-ping"
> value="true"/>
> <param name="sip-force-expires" value="3600"/>
> <param name="sip-expires-max-deviation"
> value="300"/>
> <param name="multiple-registrations"
> value="contact"/>
> </settings>
> </profile>
>
> Any suggestions on how to make FS use the INVITE IP for RTP instead of using
> the IP on the SDP?
>
> Looking forward to hear from you.
>
> Best Regards,
>
>
> Nuno Miguel Reis | Unified Communication Systems
> M. +351 913907481 | nreis at wavecom.pt <mailto:nreis at wavecom.pt>
> WAVECOM-Soluções Rádio, S.A.
> Cacia Park | Rua do Progresso, Lote 15
> 3800-639 AVEIRO | Portugal
> T. +351 309 700 225 | F. +351 234 919 191
> GPS
> <http://maps.google.com/maps/ms?msa=0&msid=202333747613191340808.0004b4b227a61
> 44f0df88> | www.wavecom.pt <http://www.wavecom.pt/> <http://www.wavecom.pt/>
>
> <http://www.wavecom.pt/pt/wavecom/premios.php>
>
> <http://www.wavecom.pt/pt/mail_eventos.php>
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
--
Ken
http://www.FreeSWITCH.org
http://www.ClueCon.com
http://www.OSTAG.org
irc.freenode.net #freeswitch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130712/8988d5bb/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 16423 bytes
Desc: not available
Url : http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130712/8988d5bb/attachment-0001.png
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list