[Freeswitch-users] Bridging between two rfc1918 networks

Serge Yuriev me at nevian.org
Fri Oct 14 01:39:33 MSD 2016


I tried set it to true and it’s definitely not we want. This breaks billing and make users upset with fake answer.
What the reason behind not proxying in 3pcc=proxy mode? I can be wrong but doubt this worked this way about half year ago - we used FS extensively as border element.
I’’l try to reproduce our tests tomorrow and report

On 13 Oct  2016, at 21:36, Anthony Minessale <anthony.minessale at gmail.com> wrote:

> can you set it to true instead of proxy?
> 
> Then you have to negotiate the media with the endpoint first but you can set it to use the same codecs.
> 
> 
> On Thu, Oct 13, 2016 at 1:31 PM, Serge S. Yuriev <me at nevian.org> wrote:
> I have already updated to latest master to try.
> I suspected it. Can we overcome situation without disabling 3pcc?
> 
> -- 
> Wbr, Serge via mobile
> 
> 13.10.2016, 21:25, "Anthony Minessale" <anthony.minessale at gmail.com>:
> 
>> You have 3pcc = proxy 
>> 
>> By design this is taking the sdp from the other leg 200 ok at line 262 of your paste and using it in the 200ok it sends at line 341
>> 
>> Also, you are on a random dev version from mid July.  You should update to HEAD on 1.6 branch or use one of the releases.
>> 
>> 
>>  
>> 
>> On Thu, Oct 13, 2016 at 12:58 PM, Serge Yuriev <me at nevian.org> wrote:
>> The problem is:
>> Call from ext to int - FS proxies rtp
>> Call from int to ext - FS reveals external address to internal server in SDP resulting in one way audio
>> 
>> SDP examples in first message
>> 
>> -- 
>> Wbr, Serge via mobile
>> 
>> 13.10.2016, 20:40, "Brian West" <brian at freeswitch.org>:
>> 
>>> There should be no special anything to configure if these two systems are talking over the private network and its routed properly, there is no nat settings, no ext-*-ip settings required,  So what is the problem you're having?
>>> 
>>> On Thu, Oct 13, 2016 at 11:11 AM, Serge S. Yuriev <me at nevian.org> wrote:
>>> Not sure that you asking about.
>>> This is interconnect between two large enterprises with a lot equally numbered networks. So only few hosts are visible via VPN both servers not aware of. Plain routing.
>>> No NAT involved at all.
>>>  
>>> My server on inside interface talks to my devices. On external - to the real ip world and mentioned partner 172.17.2.3/32
>>> Partner server talks to theirs network and to my external ip via VPN
>>>  
>>>  
>>> 13.10.2016, 02:12, "Brian West" <brian at freeswitch.org>:
>>>> Are these servers talking to anything outside their perspective NATs?  What are their blocks?
>>>>  
>>>> On Wed, Oct 12, 2016 at 3:51 PM, Serge Yuriev <me at nevian.org> wrote:
>>>>  
>>>> From perspective of server it is normal route via desired interface.
>>>> So VPN somewhere outside and server not aware of it.
>>>> 
>>>> --
>>>> Wbr, Serge via mobile
>>>> 
>>>> 12.10.2016, 21:17, "Brian West" <brian at freeswitch.org>:
>>>>  
>>>>> 
>>>>> How are the two networks connected?  VPN?
>>>>>  
>>>>> On Wed, Oct 12, 2016 at 12:01 PM, Serge S. Yuriev <me at nevian.org> wrote:
>>>>> Hi,
>>>>>  
>>>>> How I can debug this issue to move it further?
>>>>> I feel much more comfortable with FS than Asterisk which works out-of-box :)
>>>>> 
>>>>> Proxy mode doesn't work also because of 3pcc.
>>>>> --
>>>>> Wbr, Serge via mobile
>>>>> 
>>>>> 11.10.2016, 14:25, "Serge S. Yuriev" <me at nevian.org>:
>>>>>  
>>>>>> 
>>>>>> Hi
>>>>>>  
>>>>>> Is anyone have had chance to check the logs?
>>>>>>  
>>>>>> I tried to include 172.17.2.3 as local-network on external while excluding it from internal - no joy :(
>>>>>>  
>>>>>>   <list name="lan" default="deny">
>>>>>>       <node type="deny" cidr="172.17.2.3/32"/>
>>>>>>       <node type="deny" cidr="172.17.2.4/32"/>
>>>>>>       <node type="allow" cidr="192.168.0.0/16"/>
>>>>>>       <node type="allow" cidr="10.0.0.0/8"/>
>>>>>>       <node type="allow" cidr="172.16.0.0/12"/>
>>>>>>     </list>
>>>>>>  
>>>>>>    <list name="wan" default="deny">
>>>>>>       <node type="allow" cidr="172.17.2.
>>>>>> 3/32"/>
>>>>>>       <node type="allow" cidr="172.17.2.
>>>>>> 4/32"/>
>>>>>>       <node type="allow" cidr="83.y.y.128/25"/>
>>>>>>     </list>
>>>>>> 
>>>>>> --
>>>>>> Wbr, Serge via mobile
>>>>>> 
>>>>>> 09.10.2016, 13:03, "Serge Yuriev":
>>>>>>> 
>>>>>>> Bad one
>>>>>>> https://pastebin.freeswitch.org/view/5a6b306c
>>>>>>>  
>>>>>>> Good one
>>>>>>> https://pastebin.freeswitch.org/view/5b1ca4e3
>>>>>>>  
>>>>>>> On 8 Oct  2016, at 04:23, Anthony Minessale <anthony.minessale at gmail.com> wrote:
>>>>>>>  
>>>>>>>> 
>>>>>>>> Too terse.
>>>>>>>>  
>>>>>>>> You probably need to produce full traces on pastebin with the full debug to get any idea.
>>>>>>>>  
>>>>>>>>  
>>>>>>>> On Fri, Oct 7, 2016 at 6:13 PM, Serge Yuriev <me at nevian.org> wrote:
>>>>>>>> As mentioned before I tried to play with local-network-acl but no joy. Maybe it’s just not right? On which profile I should tune?
>>>>>>>>  
>>>>>>>>    <list name="lan" default="deny">
>>>>>>>>       <node type="deny" cidr="172.17.2.3/32"/>
>>>>>>>>       <node type="deny" cidr="172.17.2.4/32"/>
>>>>>>>>       <node type="allow" cidr="192.168.0.0/16"/>
>>>>>>>>       <node type="allow" cidr="10.0.0.0/8"/>
>>>>>>>>       <node type="allow" cidr="172.16.0.0/12"/>
>>>>>>>>     </list>
>>>>>>>>  
>>>>>>>> On both profiles I have like this
>>>>>>>> Int
>>>>>>>>    <param name="rtp-ip" value="$${inside_bind_ipv4}"/>
>>>>>>>>    <param name="sip-ip" value="$${inside_bind_ipv4}"/>
>>>>>>>>    <param name="ext-rtp-ip" value="$${inside_bind_ipv4}"/>
>>>>>>>>    <param name="ext-sip-ip" value="$${inside_bind_ipv4}"/>
>>>>>>>>  
>>>>>>>> Ext
>>>>>>>>     <param name="rtp-ip" value="$${outside_bind_ipv4}"/>
>>>>>>>>     <param name="sip-ip" value="$${outside_bind_ipv4}"/>
>>>>>>>>     <param name="ext-rtp-ip" value="$${outside_bind_ipv4}"/>
>>>>>>>>     <param name="ext-sip-ip" value="$${outside_bind_ipv4}"/>
>>>>>>>>  
>>>>>>>> On 8 Oct  2016, at 00:48, Brian West <brian at freeswitch.org> wrote:
>>>>>>>>  
>>>>>>>>> 
>>>>>>>>> you have to fix your local-network-acl in each system probably to do the right thing, do you have the ext-rtp-ip set with the automat: prefix?
>>>>>>>>>  
>>>>>>>>> On Fri, Oct 7, 2016 at 1:23 PM, Serge S. Yuriev <me at nevian.org> wrote:
>>>>>>>>> Hello,
>>>>>>>>> 
>>>>>>>>> Two SIP profiles:
>>>>>>>>> External 83.хх
>>>>>>>>> Internal 10.23.154.0/24
>>>>>>>>> 
>>>>>>>>> Via external we are receiving/send calls from/to 172.17.2.0/29
>>>>>>>>> For some reason if we call outside FS sends unmodified addresses in SDP.
>>>>>>>>> So we have unroutable address in SDP and one-way audio. If call flows
>>>>>>>>> ext to int all working correct.
>>>>>>>>> Tried local-network-acl on inside (10.хх) with excluded 172.хх,
>>>>>>>>> apply-nat-acl with included 172.xx on either int and ext. Nothing helps :(
>>>>>>>>> 
>>>>>>>>> "Bad one" SDP - from internal to external
>>>>>>>>> send 960 bytes to udp/[10.23.154.63]:6060 at 18:16:22.226984:
>>>>>>>>>     ------------------------------------------------------------------------
>>>>>>>>>     SIP/2.0 200 OK
>>>>>>>>>     Via: SIP/2.0/UDP 10.23.154.63:6060;branch=z9hG4bKe433fa68b81
>>>>>>>>>     From: "IT, Юрьев Сергей"
>>>>>>>>> <sip:12550 at 10.23.154.63>;tag=195594~27154efa-6325-45a2-9e47-67e5d9302ebc-237816120
>>>>>>>>>     To: <sip:62987%236546 at 10.23.154.100>;tag=66NUXXHvB6HBp
>>>>>>>>>     Call-ID: 86c80-7f71bc46-c44e-3f40000a at 10.23.154.63
>>>>>>>>>     CSeq: 101 INVITE
>>>>>>>>>     Contact: <sip:mod_sofia at 10.23.154.100:6060>
>>>>>>>>>     User-Agent:
>>>>>>>>> FreeSWITCH-mod_sofia/1.7.0+git~20160707T165535Z~be13536ac9~64bit
>>>>>>>>>     Accept: application/sdp
>>>>>>>>>     Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE,
>>>>>>>>> PRACK, NOTIFY
>>>>>>>>>     Require: timer
>>>>>>>>>     Supported: precondition, 100rel, timer, path, replaces
>>>>>>>>>     Allow-Events: talk, hold, conference, refer
>>>>>>>>>     Session-Expires: 1800;refresher=uac
>>>>>>>>>     Content-Type: application/sdp
>>>>>>>>>     Content-Disposition: session
>>>>>>>>>     Content-Length: 180
>>>>>>>>> 
>>>>>>>>>     v=0
>>>>>>>>>     o=- 1475853382 2 IN IP4 172.17.2.3
>>>>>>>>>     s=-
>>>>>>>>>  >>   c=IN IP4 172.17.2.4
>>>>>>>>>     b=AS:64
>>>>>>>>>     t=0 0
>>>>>>>>>     m=audio 3040 RTP/AVP 8 101
>>>>>>>>>     a=rtpmap:8 PCMA/8000
>>>>>>>>>     a=rtpmap:101 telephone-event/8000
>>>>>>>>>     a=ptime:20
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> And a good one - external to internal
>>>>>>>>> send 1162 bytes to udp/[10.23.154.65]:5060 at 12:34:15.132027:
>>>>>>>>>     ------------------------------------------------------------------------
>>>>>>>>>     INVITE sip:12550 at 10.23.154.65 SIP/2.0
>>>>>>>>>     Via: SIP/2.0/UDP 10.23.154.100:6060;rport;branch=z9hG4bKUXyFjDmg8rtmB
>>>>>>>>>     Max-Forwards: 69
>>>>>>>>>     From: "Абонент"
>>>>>>>>> <sip:$(caller_id_number)@10.23.154.100>;tag=1agg8aZ7FUUBK
>>>>>>>>>     To: <sip:12550 at 10.23.154.65>
>>>>>>>>>     Call-ID: d8367628-0fc1-4325-998f-3f32f9d3a05b
>>>>>>>>>     CSeq: 97580363 INVITE
>>>>>>>>>     Contact: <sip:gw+cucm-65 at 10.23.154.100:6060;transport=udp;gw=cucm-65>
>>>>>>>>>     User-Agent:
>>>>>>>>> FreeSWITCH-mod_sofia/1.7.0+git~20160707T165535Z~be13536ac9~64bit
>>>>>>>>>     Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE,
>>>>>>>>> PRACK, NOTIFY
>>>>>>>>>     Supported: precondition, 100rel, timer, path, replaces
>>>>>>>>>     Allow-Events: talk, hold, conference, refer
>>>>>>>>>     Content-Type: application/sdp
>>>>>>>>>     Content-Disposition: session
>>>>>>>>>     Content-Length: 268
>>>>>>>>>     X-FS-Support: update_display,send_info
>>>>>>>>>     Remote-Party-ID: "Абонент"
>>>>>>>>> <sip:$(caller_id_number)@10.23.154.100>;party=calling;screen=yes;privacy=off
>>>>>>>>> 
>>>>>>>>>     v=0
>>>>>>>>>     o=FreeSWITCH 1475804423 1475804424 IN IP4 10.23.154.100
>>>>>>>>>     s=FreeSWITCH
>>>>>>>>>  >>   c=IN IP4 10.23.154.100
>>>>>>>>>     t=0 0
>>>>>>>>>     m=audio 28432 RTP/AVP 8 18 101 13
>>>>>>>>>     a=rtpmap:8 PCMA/8000
>>>>>>>>>     a=rtpmap:18 G729/8000
>>>>>>>>>     a=rtpmap:101 telephone-event/8000
>>>>>>>>>     a=fmtp:101 0-16
>>>>>>>>>     a=rtpmap:13 CN/8000
>>>>>>>>>     a=ptime:20
>>>  
>>> -- 
>>> wbr,
>>> Serge
>>>  
>>> 
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>> 
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>> 
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>> 
>>> 
>>> 
>>> -- 
>>> Brian West
>>> brian at freeswitch.org
>>> 
>>> 
>>> 
>>> Twitter: @FreeSWITCH , @briankwest
>>> http://www.freeswitchbook.com (50% Discount using code FreeSwitch50)
>>> http://www.freeswitchcookbook.com (50% Discount using code FreeSwitch50)
>>> https://www.gofundme.com/freeswitch_ubuntu
>>> 
>>> Got Bugs? Report them here! | Reddit: /r/freeswitch
>>> 
>>> T:+19184209001 | F:+19184209002 | M:+1918424WEST (9378)
>>> iNUM:+883 5100 1420 9001 | ISN:410*543 | Skype:briankwest
>>> 
>>> 
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services: 
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>> 
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>> 
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>> 
>> 
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>> 
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>> 
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>> 
>> 
>> 
>> -- 
>> Anthony Minessale II       ♬ @anthmfs  ♬ @FreeSWITCH  ♬
>> 
>>http://freeswitch.org/http://cluecon.com/http://twitter.com/FreeSWITCH
>> ☞ irc.freenode.net #freeswitch ☞ http://freeswitch.org/g+
>> 
>> ClueCon Weekly Development Call 
>> ☎ sip:888 at conference.freeswitch.org  ☎ +19193869900 
>> 
>> https://www.youtube.com/watch?v=9XXgW34t40s
>> https://www.youtube.com/watch?v=NLaDpGQuZDA
>> 
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services: 
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>> 
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>> 
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>> 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
> 
> 
> 
> -- 
> Anthony Minessale II       ♬ @anthmfs  ♬ @FreeSWITCH  ♬
> 
>http://freeswitch.org/http://cluecon.com/http://twitter.com/FreeSWITCH
> ☞ irc.freenode.net #freeswitch ☞ http://freeswitch.org/g+
> 
> ClueCon Weekly Development Call 
> ☎ sip:888 at conference.freeswitch.org  ☎ +19193869900 
> 
> https://www.youtube.com/watch?v=9XXgW34t40s
> https://www.youtube.com/watch?v=NLaDpGQuZDA
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services: 
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-- 
Serge S. Yuriev



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161014/8afd3bd6/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list