[Freeswitch-users] RTP NAT problem in Freeswitch 1.2.3

Ken Rice krice at freeswitch.org
Fri Jul 12 19:25:33 MSD 2013


 I would recommend updating to a later version... There are many known
problems in 1.2.3 up to an including a remote unauthenticate triggerable
crash that¹s at least theoretically exploitable...

As far as NAT FS should handle that... You might need to use one of the NDLB
flags....


On 7/12/13 8:34 AM, "Nuno Reis" <nreis at wavecom.pt> wrote:

> Good day all.
> 
> I'm experiencing the following sinptom when using some softphones behind nat
> on a private LAN, sometimes the same happen with hardphones.
> 
> Here's the scenario:
> 
>  FS : <public IP>  _______ <public IP>LAN ROUTER <private LAN> --- softphone
> 
> Basically when softphone makes an INVITE to FS it always sends the private IP
> on the SDP and when the media flow starts it's being sent out by FS to the
> public lan address resulting on a audioless call. However if the phone sends
> the public IP on the SDP there's no issue at all.
> I know there's a variable available  disable_rtp_auto_adjust that shoud make
> freeswitch ignore the SDP IP and use the INVITE IP instead, but it isn't
> working for me.
> 
> Here's what i currently have on my internal SIP profile:
> 
>                 <profile name="internal">
>                         <aliases>
>                         </aliases>
>                         <gateways>
>                         </gateways>
>                         <domains>
>                                 <domain name="all" alias="true"
> parse="false"/>
>                         </domains>
>                         <settings>
>                                 <param name="debug" value="0"/>
>                                 <param name="sip-trace" value="no"/>
>                                 <param name="sip-capture" value="no"/>
>                                 <param name="watchdog-enabled" value="no"/>
>                                 <param name="watchdog-step-timeout"
> value="30000"/>
>                                 <param name="watchdog-event-timeout"
> value="30000"/>
>                                 <param name="log-auth-failures" value="true"/>
>                                 <param name="forward-unsolicited-mwi-notify"
> value="false"/>
>                                 <param name="context" value="public"/>
>                                 <param name="rfc2833-pt" value="101"/>
>                                 <param name="sip-port" value="5060"/>
>                                 <param name="dialplan" value="XML"/>
>                                 <param name="dtmf-duration" value="2000"/>
>                                 <param name="inbound-codec-prefs"
> value="H264,G722,PCMA,GSM"/>
>                                 <param name="outbound-codec-prefs"
> value="H264,G722,PCMA,GSM"/>
>                                 <param name="rtp-timer-name" value="soft"/>
>                                 <param name="rtp-ip" value="<PUBLIC_IP>"/>
>                                 <param name="sip-ip" value="<PUBLIC_IP>"/>
>                                 <param name="hold-music"
> value="local_stream://moh"/>
>                                 <param name="apply-inbound-acl"
> value="domains"/>
>                                 <param name="apply-nat-acl" value="rfc1918"/>
>                                 <param name="local-network-acl"
> value="localnet.auto"/>
>                                 <param name="record-path"
> value="/opt/freeswitch/recordings"/>
>                                 <param name="record-template"
> value="${caller_id_number}.${target_domain}.${strftime(%Y-%m-%d-%H-%M-%S)}.wav
> "/>
>                                 <param name="manage-presence" value="true"/>
>                                 <param name="presence-privacy" value=""/>
>                                 <param name="inbound-codec-negotiation"
> value="generous"/>
>                                 <param name="tls" value="true"/>
>                                 <param name="tls-only" value="false"/>
>                                 <param name="tls-bind-params"
> value="transport=tls"/>
>                                 <param name="tls-sip-port" value="5061"/>
>                                 <param name="tls-cert-dir"
> value="/opt/freeswitch/conf/ssl"/>
>                                 <param name="tls-passphrase" value=""/>
>                                 <param name="tls-verify-date" value="true"/>
>                                 <param name="tls-verify-policy" value="none"/>
>                                 <param name="tls-verify-depth" value="2"/>
>                                 <param name="tls-verify-in-subjects"
> value=""/>
>                                 <param name="tls-version" value="sslv23"/>
>                                 <param name="odbc-dsn"
> value="freeswitch:user:password"/>
>                                 <param name="nonce-ttl" value="60"/>
>                                 <param name="auth-calls" value="true"/>
>                                 <param
> name="inbound-reg-force-matching-username" value="true"/>
>                                 <param name="auth-all-packets" value="false"/>
>                                 <param name="rtp-timeout-sec" value="300"/>
>                                 <param name="rtp-hold-timeout-sec"
> value="1800"/>
>                                 <param name="challenge-realm"
> value="auto_from"/>
>                                 <param name="ext-rtp-ip" value="<PUBLIC_IP>"/>
>                                 <param name="ext-sip-ip" value="<PUBLIC_IP>"/>
>                                 <param name="presence-hosts"
> value="_DISABLED_"/>
>                                 <param name="NDLB-received-in-nat-reg-contact"
> value="true"/>
>                                 <param name="NDLB-broken-auth-hash"
> value="true"/>
>                                 <param name="dbname" value="share_presence"/>
>                                 <param name="send-presence-on-register"
> value="true"/>
>                                 <param name="manage-shared-appearance"
> value="true"/>
>                                 <param name="registration-thread-frequency"
> value="30"/>
>                                 <param name="enable-timer" value="false"/>
>                                 <param name="aggressive-nat-detection"
> value="true"/>
>                                 <param name="send-message-query-on-register"
> value="true"/>
>                                 <param name="all-reg-options-ping"
> value="true"/>
>                                 <param name="sip-force-expires" value="3600"/>
>                                 <param name="sip-expires-max-deviation"
> value="300"/>
>                                 <param name="multiple-registrations"
> value="contact"/>
>                         </settings>
>                 </profile>
> 
> Any suggestions on how to make FS use the INVITE IP for RTP instead of using
> the IP on the SDP?
> 
> Looking forward to hear from you.
> 
> Best Regards,
> 
> 
> Nuno Miguel Reis | Unified Communication Systems
> M. +351 913907481 | nreis at wavecom.pt <mailto:nreis at wavecom.pt>
> WAVECOM-Soluções Rádio, S.A.
> Cacia Park | Rua do Progresso, Lote 15
> 3800-639 AVEIRO | Portugal
> T. +351 309 700 225 | F. +351 234 919 191
> GPS 
> <http://maps.google.com/maps/ms?msa=0&msid=202333747613191340808.0004b4b227a61
> 44f0df88>  | www.wavecom.pt <http://www.wavecom.pt/>  <http://www.wavecom.pt/>
> 
>  <http://www.wavecom.pt/pt/wavecom/premios.php>
> 
>  <http://www.wavecom.pt/pt/mail_eventos.php>
> 
> 
> 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> 
> 
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-- 
Ken
http://www.FreeSWITCH.org
http://www.ClueCon.com
http://www.OSTAG.org
irc.freenode.net #freeswitch

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130712/8988d5bb/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 16423 bytes
Desc: not available
Url : http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130712/8988d5bb/attachment-0001.png 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list