[Freeswitch-users] Bridging between two rfc1918 networks

Anthony Minessale anthony.minessale at gmail.com
Thu Oct 13 22:24:26 MSD 2016


You have 3pcc = proxy

By design this is taking the sdp from the other leg 200 ok at line 262 of
your paste and using it in the 200ok it sends at line 341

Also, you are on a random dev version from mid July.  You should update to
HEAD on 1.6 branch or use one of the releases.




On Thu, Oct 13, 2016 at 12:58 PM, Serge Yuriev <me at nevian.org> wrote:

> The problem is:
> Call from ext to int - FS proxies rtp
> Call from int to ext - FS reveals external address to internal server in
> SDP resulting in one way audio
>
> SDP examples in first message
>
> --
> Wbr, Serge via mobile
>
> 13.10.2016, 20:40, "Brian West" <brian at freeswitch.org>:
>
> There should be no special anything to configure if these two systems are
> talking over the private network and its routed properly, there is no nat
> settings, no ext-*-ip settings required,  So what is the problem you're
> having?
>
> On Thu, Oct 13, 2016 at 11:11 AM, Serge S. Yuriev <me at nevian.org> wrote:
>
> Not sure that you asking about.
> This is interconnect between two large enterprises with a lot equally
> numbered networks. So only few hosts are visible via VPN both servers not
> aware of. Plain routing.
> No NAT involved at all.
>
> My server on inside interface talks to my devices. On external - to the
> real ip world and mentioned partner 172.17.2.3/32
> Partner server talks to theirs network and to my external ip via VPN
>
>
> 13.10.2016, 02:12, "Brian West" <brian at freeswitch.org>:
>
> Are these servers talking to anything outside their perspective NATs?
> What are their blocks?
>
> On Wed, Oct 12, 2016 at 3:51 PM, Serge Yuriev <me at nevian.org> wrote:
>
>
> From perspective of server it is normal route via desired interface.
> So VPN somewhere outside and server not aware of it.
>
> --
> Wbr, Serge via mobile
>
> 12.10.2016, 21:17, "Brian West" <brian at freeswitch.org>:
>
>
> How are the two networks connected?  VPN?
>
> On Wed, Oct 12, 2016 at 12:01 PM, Serge S. Yuriev <me at nevian.org> wrote:
>
> Hi,
>
> How I can debug this issue to move it further?
> I feel much more comfortable with FS than Asterisk which works out-of-box
> :)
>
> Proxy mode doesn't work also because of 3pcc.
> --
> Wbr, Serge via mobile
>
> 11.10.2016, 14:25, "Serge S. Yuriev" <me at nevian.org>:
>
>
> Hi
>
> Is anyone have had chance to check the logs?
>
> I tried to include 172.17.2.3 as local-network on external while excluding
> it from internal - no joy :(
>
>   <list name="lan" default="deny">
>       <node type="deny" cidr="172.17.2.3/32"/>
>       <node type="deny" cidr="172.17.2.4/32"/>
>       <node type="allow" cidr="192.168.0.0/16"/>
>       <node type="allow" cidr="10.0.0.0/8"/>
>       <node type="allow" cidr="172.16.0.0/12"/>
>     </list>
>
>    <list name="wan" default="deny">
>       <node type="allow" cidr="172.17.2.
> 3/32"/>
>       <node type="allow" cidr="172.17.2.
> 4/32"/>
>       <node type="allow" cidr="83.y.y.128/25"/>
>     </list>
>
> --
> Wbr, Serge via mobile
>
> 09.10.2016, 13:03, "Serge Yuriev":
>
> Bad one
> https://pastebin.freeswitch.org/view/5a6b306c
>
> Good one
> https://pastebin.freeswitch.org/view/5b1ca4e3
>
> On 8 Oct  2016, at 04:23, Anthony Minessale <anthony.minessale at gmail.com>
> wrote:
>
>
> Too terse.
>
> You probably need to produce full traces on pastebin with the full debug
> to get any idea.
>
>
> On Fri, Oct 7, 2016 at 6:13 PM, Serge Yuriev <me at nevian.org> wrote:
>
> As mentioned before I tried to play with local-network-acl but no joy.
> Maybe it’s just not right? On which profile I should tune?
>
>    <list name="lan" default="deny">
>       <node type="deny" cidr="172.17.2.3/32"/>
>       <node type="deny" cidr="172.17.2.4/32"/>
>       <node type="allow" cidr="192.168.0.0/16"/>
>       <node type="allow" cidr="10.0.0.0/8"/>
>       <node type="allow" cidr="172.16.0.0/12"/>
>     </list>
>
> On both profiles I have like this
> Int
>    <param name="rtp-ip" value="$${inside_bind_ipv4}"/>
>    <param name="sip-ip" value="$${inside_bind_ipv4}"/>
>    <param name="ext-rtp-ip" value="$${inside_bind_ipv4}"/>
>    <param name="ext-sip-ip" value="$${inside_bind_ipv4}"/>
>
> Ext
>     <param name="rtp-ip" value="$${outside_bind_ipv4}"/>
>     <param name="sip-ip" value="$${outside_bind_ipv4}"/>
>     <param name="ext-rtp-ip" value="$${outside_bind_ipv4}"/>
>     <param name="ext-sip-ip" value="$${outside_bind_ipv4}"/>
>
> On 8 Oct  2016, at 00:48, Brian West <brian at freeswitch.org> wrote:
>
>
> you have to fix your local-network-acl in each system probably to do the
> right thing, do you have the ext-rtp-ip set with the automat: prefix?
>
> On Fri, Oct 7, 2016 at 1:23 PM, Serge S. Yuriev <me at nevian.org> wrote:
>
> Hello,
>
> Two SIP profiles:
> External 83.хх
> Internal 10.23.154.0/24
>
> Via external we are receiving/send calls from/to 172.17.2.0/29
> For some reason if we call outside FS sends unmodified addresses in SDP.
> So we have unroutable address in SDP and one-way audio. If call flows
> ext to int all working correct.
> Tried local-network-acl on inside (10.хх) with excluded 172.хх,
> apply-nat-acl with included 172.xx on either int and ext. Nothing helps :(
>
> "Bad one" SDP - from internal to external
> send 960 bytes to udp/[10.23.154.63]:6060 at 18:16:22.226984:
>     ------------------------------------------------------------
> ------------
>     SIP/2.0 200 OK
>     Via: SIP/2.0/UDP 10.23.154.63:6060;branch=z9hG4bKe433fa68b81
>     From: "IT, Юрьев Сергей"
> <sip:12550 at 10.23.154.63>;tag=195594~27154efa-6325-45a2-9e47-67e5d9302ebc-
> 237816120
>     To: <sip:62987%236546 at 10.23.154.100>;tag=66NUXXHvB6HBp
>     Call-ID: 86c80-7f71bc46-c44e-3f40000a at 10.23.154.63
>     CSeq: 101 INVITE
>     Contact: <sip:mod_sofia at 10.23.154.100:6060>
>     User-Agent:
> FreeSWITCH-mod_sofia/1.7.0+git~20160707T165535Z~be13536ac9~64bit
>     Accept: application/sdp
>     Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE,
> PRACK, NOTIFY
>     Require: timer
>     Supported: precondition, 100rel, timer, path, replaces
>     Allow-Events: talk, hold, conference, refer
>     Session-Expires: 1800;refresher=uac
>     Content-Type: application/sdp
>     Content-Disposition: session
>     Content-Length: 180
>
>     v=0
>     o=- 1475853382 2 IN IP4 172.17.2.3
>     s=-
>  >>   c=IN IP4 172.17.2.4
>     b=AS:64
>     t=0 0
>     m=audio 3040 RTP/AVP 8 101
>     a=rtpmap:8 PCMA/8000
>     a=rtpmap:101 telephone-event/8000
>     a=ptime:20
>
>
> And a good one - external to internal
> send 1162 bytes to udp/[10.23.154.65]:5060 at 12:34:15.132027:
>     ------------------------------------------------------------
> ------------
>     INVITE sip:12550 at 10.23.154.65 SIP/2.0
>     Via: SIP/2.0/UDP 10.23.154.100:6060;rport;branch=z9hG4bKUXyFjDmg8rtmB
>     Max-Forwards: 69
>     From: "Абонент"
> <sip:$(caller_id_number)@10.23.154.100>;tag=1agg8aZ7FUUBK
>     To: <sip:12550 at 10.23.154.65>
>     Call-ID: d8367628-0fc1-4325-998f-3f32f9d3a05b
>     CSeq: 97580363 INVITE
>     Contact: <sip:gw+cucm-65 at 10.23.154.100:6060;transport=udp;gw=cucm-65>
>     User-Agent:
> FreeSWITCH-mod_sofia/1.7.0+git~20160707T165535Z~be13536ac9~64bit
>     Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE,
> PRACK, NOTIFY
>     Supported: precondition, 100rel, timer, path, replaces
>     Allow-Events: talk, hold, conference, refer
>     Content-Type: application/sdp
>     Content-Disposition: session
>     Content-Length: 268
>     X-FS-Support: update_display,send_info
>     Remote-Party-ID: "Абонент"
> <sip:$(caller_id_number)@10.23.154.100>;party=calling;screen
> =yes;privacy=off
>
>     v=0
>     o=FreeSWITCH 1475804423 1475804424 IN IP4 10.23.154.100
>     s=FreeSWITCH
>  >>   c=IN IP4 10.23.154.100
>     t=0 0
>     m=audio 28432 RTP/AVP 8 18 101 13
>     a=rtpmap:8 PCMA/8000
>     a=rtpmap:18 G729/8000
>     a=rtpmap:101 telephone-event/8000
>     a=fmtp:101 0-16
>     a=rtpmap:13 CN/8000
>     a=ptime:20
>
>
> --
> wbr,
> Serge
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> --
>
> *Brian West*
> brian at freeswitch.org
>
>
> *Twitter: @FreeSWITCH , @briankwest*
> http://www.freeswitchbook.com (50% Discount using code FreeSwitch50)
> http://www.freeswitchcookbook.com (50% Discount using code FreeSwitch50)
> https://www.gofundme.com/freeswitch_ubuntu
>
> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>
> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
> *iNUM:*+883 5100 1420 9001 <+883%205100%201420%209001> | *ISN:*410*543 |
> *Skype:*briankwest
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 
Anthony Minessale II       ♬ @anthmfs  ♬ @FreeSWITCH  ♬

☞ http://freeswitch.org/http://cluecon.com/http://twitter.com/FreeSWITCH
☞ irc.freenode.net #freeswitch ☞ *http://freeswitch.org/g+
<http://freeswitch.org/g+>*

ClueCon Weekly Development Call
☎ sip:888 at conference.freeswitch.org  ☎ +19193869900

https://www.youtube.com/watch?v=9XXgW34t40s
https://www.youtube.com/watch?v=NLaDpGQuZDA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161013/a8dd990e/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list