[Freeswitch-users] Bridging between two rfc1918 networks
Brian West
brian at freeswitch.org
Thu Oct 13 21:38:20 MSD 2016
There should be no special anything to configure if these two systems are
talking over the private network and its routed properly, there is no nat
settings, no ext-*-ip settings required, So what is the problem you're
having?
On Thu, Oct 13, 2016 at 11:11 AM, Serge S. Yuriev <me at nevian.org> wrote:
> Not sure that you asking about.
> This is interconnect between two large enterprises with a lot equally
> numbered networks. So only few hosts are visible via VPN both servers not
> aware of. Plain routing.
> No NAT involved at all.
>
> My server on inside interface talks to my devices. On external - to the
> real ip world and mentioned partner 172.17.2.3/32
> Partner server talks to theirs network and to my external ip via VPN
>
>
> 13.10.2016, 02:12, "Brian West" <brian at freeswitch.org>:
>
> Are these servers talking to anything outside their perspective NATs?
> What are their blocks?
>
> On Wed, Oct 12, 2016 at 3:51 PM, Serge Yuriev <me at nevian.org> wrote:
>
>
> From perspective of server it is normal route via desired interface.
> So VPN somewhere outside and server not aware of it.
>
> --
> Wbr, Serge via mobile
>
> 12.10.2016, 21:17, "Brian West" <brian at freeswitch.org>:
>
>
> How are the two networks connected? VPN?
>
> On Wed, Oct 12, 2016 at 12:01 PM, Serge S. Yuriev <me at nevian.org> wrote:
>
> Hi,
>
> How I can debug this issue to move it further?
> I feel much more comfortable with FS than Asterisk which works out-of-box
> :)
>
> Proxy mode doesn't work also because of 3pcc.
> --
> Wbr, Serge via mobile
>
> 11.10.2016, 14:25, "Serge S. Yuriev" <me at nevian.org>:
>
>
> Hi
>
> Is anyone have had chance to check the logs?
>
> I tried to include 172.17.2.3 as local-network on external while excluding
> it from internal - no joy :(
>
> <list name="lan" default="deny">
> <node type="deny" cidr="172.17.2.3/32"/>
> <node type="deny" cidr="172.17.2.4/32"/>
> <node type="allow" cidr="192.168.0.0/16"/>
> <node type="allow" cidr="10.0.0.0/8"/>
> <node type="allow" cidr="172.16.0.0/12"/>
> </list>
>
> <list name="wan" default="deny">
> <node type="allow" cidr="172.17.2.
> 3/32"/>
> <node type="allow" cidr="172.17.2.
> 4/32"/>
> <node type="allow" cidr="83.y.y.128/25"/>
> </list>
>
> --
> Wbr, Serge via mobile
>
> 09.10.2016, 13:03, "Serge Yuriev":
>
> Bad one
> https://pastebin.freeswitch.org/view/5a6b306c
>
> Good one
> https://pastebin.freeswitch.org/view/5b1ca4e3
>
> On 8 Oct 2016, at 04:23, Anthony Minessale <anthony.minessale at gmail.com>
> wrote:
>
>
> Too terse.
>
> You probably need to produce full traces on pastebin with the full debug
> to get any idea.
>
>
> On Fri, Oct 7, 2016 at 6:13 PM, Serge Yuriev <me at nevian.org> wrote:
>
> As mentioned before I tried to play with local-network-acl but no joy.
> Maybe it’s just not right? On which profile I should tune?
>
> <list name="lan" default="deny">
> <node type="deny" cidr="172.17.2.3/32"/>
> <node type="deny" cidr="172.17.2.4/32"/>
> <node type="allow" cidr="192.168.0.0/16"/>
> <node type="allow" cidr="10.0.0.0/8"/>
> <node type="allow" cidr="172.16.0.0/12"/>
> </list>
>
> On both profiles I have like this
> Int
> <param name="rtp-ip" value="$${inside_bind_ipv4}"/>
> <param name="sip-ip" value="$${inside_bind_ipv4}"/>
> <param name="ext-rtp-ip" value="$${inside_bind_ipv4}"/>
> <param name="ext-sip-ip" value="$${inside_bind_ipv4}"/>
>
> Ext
> <param name="rtp-ip" value="$${outside_bind_ipv4}"/>
> <param name="sip-ip" value="$${outside_bind_ipv4}"/>
> <param name="ext-rtp-ip" value="$${outside_bind_ipv4}"/>
> <param name="ext-sip-ip" value="$${outside_bind_ipv4}"/>
>
> On 8 Oct 2016, at 00:48, Brian West <brian at freeswitch.org> wrote:
>
>
> you have to fix your local-network-acl in each system probably to do the
> right thing, do you have the ext-rtp-ip set with the automat: prefix?
>
> On Fri, Oct 7, 2016 at 1:23 PM, Serge S. Yuriev <me at nevian.org> wrote:
>
> Hello,
>
> Two SIP profiles:
> External 83.хх
> Internal 10.23.154.0/24
>
> Via external we are receiving/send calls from/to 172.17.2.0/29
> For some reason if we call outside FS sends unmodified addresses in SDP.
> So we have unroutable address in SDP and one-way audio. If call flows
> ext to int all working correct.
> Tried local-network-acl on inside (10.хх) with excluded 172.хх,
> apply-nat-acl with included 172.xx on either int and ext. Nothing helps :(
>
> "Bad one" SDP - from internal to external
> send 960 bytes to udp/[10.23.154.63]:6060 at 18:16:22.226984:
> ------------------------------------------------------------
> ------------
> SIP/2.0 200 OK
> Via: SIP/2.0/UDP 10.23.154.63:6060;branch=z9hG4bKe433fa68b81
> From: "IT, Юрьев Сергей"
> <sip:12550 at 10.23.154.63>;tag=195594~27154efa-6325-45a2-9e47-67e5d9302ebc-
> 237816120
> To: <sip:62987%236546 at 10.23.154.100>;tag=66NUXXHvB6HBp
> Call-ID: 86c80-7f71bc46-c44e-3f40000a at 10.23.154.63
> CSeq: 101 INVITE
> Contact: <sip:mod_sofia at 10.23.154.100:6060>
> User-Agent:
> FreeSWITCH-mod_sofia/1.7.0+git~20160707T165535Z~be13536ac9~64bit
> Accept: application/sdp
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE,
> PRACK, NOTIFY
> Require: timer
> Supported: precondition, 100rel, timer, path, replaces
> Allow-Events: talk, hold, conference, refer
> Session-Expires: 1800;refresher=uac
> Content-Type: application/sdp
> Content-Disposition: session
> Content-Length: 180
>
> v=0
> o=- 1475853382 2 IN IP4 172.17.2.3
> s=-
> >> c=IN IP4 172.17.2.4
> b=AS:64
> t=0 0
> m=audio 3040 RTP/AVP 8 101
> a=rtpmap:8 PCMA/8000
> a=rtpmap:101 telephone-event/8000
> a=ptime:20
>
>
> And a good one - external to internal
> send 1162 bytes to udp/[10.23.154.65]:5060 at 12:34:15.132027:
> ------------------------------------------------------------
> ------------
> INVITE sip:12550 at 10.23.154.65 SIP/2.0
> Via: SIP/2.0/UDP 10.23.154.100:6060;rport;branch=z9hG4bKUXyFjDmg8rtmB
> Max-Forwards: 69
> From: "Абонент"
> <sip:$(caller_id_number)@10.23.154.100>;tag=1agg8aZ7FUUBK
> To: <sip:12550 at 10.23.154.65>
> Call-ID: d8367628-0fc1-4325-998f-3f32f9d3a05b
> CSeq: 97580363 INVITE
> Contact: <sip:gw+cucm-65 at 10.23.154.100:6060;transport=udp;gw=cucm-65>
> User-Agent:
> FreeSWITCH-mod_sofia/1.7.0+git~20160707T165535Z~be13536ac9~64bit
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE,
> PRACK, NOTIFY
> Supported: precondition, 100rel, timer, path, replaces
> Allow-Events: talk, hold, conference, refer
> Content-Type: application/sdp
> Content-Disposition: session
> Content-Length: 268
> X-FS-Support: update_display,send_info
> Remote-Party-ID: "Абонент"
> <sip:$(caller_id_number)@10.23.154.100>;party=calling;
> screen=yes;privacy=off
>
> v=0
> o=FreeSWITCH 1475804423 1475804424 IN IP4 10.23.154.100
> s=FreeSWITCH
> >> c=IN IP4 10.23.154.100
> t=0 0
> m=audio 28432 RTP/AVP 8 18 101 13
> a=rtpmap:8 PCMA/8000
> a=rtpmap:18 G729/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-16
> a=rtpmap:13 CN/8000
> a=ptime:20
>
>
> --
> wbr,
> Serge
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
--
*Brian West*
brian at freeswitch.org
*Twitter: @FreeSWITCH , @briankwest*
http://www.freeswitchbook.com (50% Discount using code FreeSwitch50)
http://www.freeswitchcookbook.com (50% Discount using code FreeSwitch50)
https://www.gofundme.com/freeswitch_ubuntu
Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
/r/freeswitch <https://www.reddit.com/r/freeswitch>
*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161013/deab0164/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list