[Freeswitch-users] How to get the network address of registered Endpoint (NAT Problem)

Francis sms at icefire.qza.net.au
Tue Jan 7 18:26:16 MSK 2014 

Hello Mitja,

An automatic workaround might get some, but not necessarily all as one 
nat solution may break others. Hence, the questions I asked.

There is a parameter that is used by default in the vanilla config:

<param name="apply-nat-acl" value="nat.auto"/>

This will cause all devices trying to register on an RFC-1918 IP address 
(excluding the network freeswitch is on) to be classed as natted, 
enabling Freeswitch to substitute this for the actual public IP that it 
came from.  This alone doesn't guarantee that your RTP ports will be 
mapped correctly, but by default, Freeswitch tries to fix this also. 
This may be working to some extent already, since your phone can 
register and make calls. It isn't necessary to add anything special to 
<bridge>.

Even with all this, if the NAT table of the router has a short lifespan, 
calls to the phone will still fail because the mapping has disappeared 
since the phone registered. This is where NAT keepalive and short 
(<60sec) registrations help. If the phone doesn't support this, then you 
need to tell Freeswitch to ping the phone every n seconds after it 
registers and hope that the phone knows how to respond appropriately.

So basically, your solution will be getting Freeswitch to work hard at 
figuring out how crippled and inept the endpoint is, and how apathetic 
and hostile the router is, then try to outsmart it all, no matter what 
the combination. The default config works hard to make it all work 'out 
of the box', but I've no idea how much yours deviates from this.

Francis


On 7/01/2014 10:55 PM, Mitja wrote:
> Hello Francis,
>
> thank you for your time and your fast answer. Actually the communication
> with natted devices is possible in the current setup. Its just a
> shortcoming of that type of phone.
>
> To clarify: Im looking for a way to possibly work around those
> shortcomings server side. I could find a way to do just that by using
> the the IP of the natting device in my bridge command. Now I want to
> create an automatic workaround for those edge cases. What I need is a
> way to get the information from which IP the device is registered (as
> you can see when calling the API command sofia status profile <profile>
> reg).
>
> Thanks again
> Mitja
>
> Am 07.01.2014 12:06, schrieb Francis:
>> 1. Have you turned on STUN on the phone?
>> 2. Does the phone support any kind of NAT keepalive, say 20 seconds or
>> so?
>> 3. Does the phone support RPORT?
>> 4. Is there a firewall on the freeswitch server, and if so, are the
>> appropriate SIP and RTP ports open to new traffic?
>> 5. Does the router have SIP ALG disabled? (yes is a good answer :)
>>
>> One more question- is the freeswitch server behind a nat as well, or
>> does it have it's own public IP address?
>>
>>
>> On 7/01/2014 6:38 PM, Mitja wrote:
>>> Hello there,
>>>
>>> Im trying to solve NAT related Problem which is caused by missbehaving
>>> SIP phone.
>>> Up Front: I searched the wiki and the web for all the NAT related
>>> sites/mailling list. I think its a error of the invoxia IPhone docking
>>> station (the missbehaving SIP phone), thus I did not open a jira for it.
>>>
>>> We have a freeswitch server with internet accessibility and a Phone
>>> behind a natting router (Fritz!Box).
>>> FreeSWITCH (1.2.3.4) <-> (10.11.12.13) NAT (192.168.0.1) <->
>>> (192.168.0.2) SIP Phone
>>>
>>> The Phone is able to register and initiate calls. But when someone else
>>> to call that endpoint, its unreachable.
>>>
>>> I did some research and the problem seems to be that the phone registers
>>> with a Contact containing the private IP Adress (192.168.0.2).
>>>
>>> freeswitch at 1.2.3.4@internal> sofia status profile internal reg
>>>
>>> Registrations:
>>> =================================================================================================
>>>
>>>
>>> Call-ID:        aeac7f28-a6a0-4ba1-9d7c-30934924726d
>>> User:           270 at 1.2.3.4
>>> Contact:        "user" <sip:270 at 192.168.0.2:52767;ob>
>>> Agent:          invoxia-lemonvoice-v6.17.4
>>> Status:         Registered(UDP)(unknown) EXP(2014-01-06 13:06:35)
>>> EXPSECS(134)
>>> Host:           ippbx-border
>>> IP:             10.11.12.13
>>> Port:           52767
>>> Auth-User:      270
>>> Auth-Realm:     1.2.3.4
>>> MWI-Account:    270 at 1.2.3.4
>>>
>>> Other devices in the same Setup have their NAT IP [+Port]
>>> (10.11.12.13:52767) in their Contact Header which then works fine. In
>>> this setup however the FreeSWITCH tries to send the INVITE Message to
>>> 192.168.0.2 and even when a NAT Table on the firewall manages to map it
>>> to 10.11.12.13:52767 the answer from 10.11.12.13 is discarded.
>>>
>>> Normally I use bridge with user/270 at 1.2.3.4 with the dialstring
>>> "{presence_id=${dialed_user}@${dialed_domain}}${sofia_contact(internal/${dialed_user}@${dialed_domain})}".
>>>
>>> I tried to force freeswitch to use the NAT IP address by calling bridge
>>> with "sofia/internal/sip:270 at 10.11.12.13:52767;ob" which worked fine.
>>> The IP address is of course not static but if I would be able to extract
>>> the IP information which is stored in sofia registry (see above) I could
>>> arrange my dialplan in a way that would fix that phones missbehaviour.
>>>
>>> So after all that describing text (sorry for that), heres my question:
>>> Is there a way (an API or Dialplan command) to get the IP Information
>>> which is stored the sofia registry.
>>>
>>> Thanks in advance
>>>
>>> Regards,
>>> Mitja
>>>
>>>
>>>
>>>
>>> _________________________________________________________________________
>>>
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list