<HTML>
<HEAD>
<TITLE>Re: [Freeswitch-users] RTP NAT problem in Freeswitch 1.2.3</TITLE>
</HEAD>
<BODY>
<FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:11pt'> I would recommend updating to a later version... There are many known problems in 1.2.3 up to an including a remote unauthenticate triggerable crash that&#8217;s at least theoretically exploitable...<BR>
<BR>
As far as NAT FS should handle that... You might need to use one of the NDLB flags....<BR>
<BR>
<BR>
On 7/12/13 8:34 AM, &quot;Nuno Reis&quot; &lt;<a href="nreis@wavecom.pt">nreis@wavecom.pt</a>&gt; wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:11pt'>Good day all.<BR>
<BR>
I'm experiencing the following sinptom when using some softphones behind nat on a private LAN, sometimes the same happen with hardphones.<BR>
<BR>
Here's the scenario:<BR>
<BR>
 FS : &lt;public IP&gt;  _______ &lt;public IP&gt;LAN ROUTER &lt;private LAN&gt; --- softphone<BR>
<BR>
Basically when softphone makes an INVITE to FS it always sends the private IP on the SDP and when the media flow starts it's being sent out by FS to the public lan address resulting on a audioless call. However if the phone sends the public IP on the SDP there's no issue at all.<BR>
I know there's a variable available  </SPAN><FONT SIZE="2"><SPAN STYLE='font-size:10pt'>disable_rtp_auto_adjust</SPAN></FONT><SPAN STYLE='font-size:11pt'> that shoud make freeswitch ignore the SDP IP and use the INVITE IP instead, but it isn't working for me.<BR>
<BR>
Here's what i currently have on my internal SIP profile:<BR>
<BR>
                &lt;profile name=&quot;internal&quot;&gt;<BR>
                        &lt;aliases&gt;<BR>
                        &lt;/aliases&gt;<BR>
                        &lt;gateways&gt;<BR>
                        &lt;/gateways&gt;<BR>
                        &lt;domains&gt;<BR>
                                &lt;domain name=&quot;all&quot; alias=&quot;true&quot; parse=&quot;false&quot;/&gt;<BR>
                        &lt;/domains&gt;<BR>
                        &lt;settings&gt;<BR>
                                &lt;param name=&quot;debug&quot; value=&quot;0&quot;/&gt;<BR>
                                &lt;param name=&quot;sip-trace&quot; value=&quot;no&quot;/&gt;<BR>
                                &lt;param name=&quot;sip-capture&quot; value=&quot;no&quot;/&gt;<BR>
                                &lt;param name=&quot;watchdog-enabled&quot; value=&quot;no&quot;/&gt;<BR>
                                &lt;param name=&quot;watchdog-step-timeout&quot; value=&quot;30000&quot;/&gt;<BR>
                                &lt;param name=&quot;watchdog-event-timeout&quot; value=&quot;30000&quot;/&gt;<BR>
                                &lt;param name=&quot;log-auth-failures&quot; value=&quot;true&quot;/&gt;<BR>
                                &lt;param name=&quot;forward-unsolicited-mwi-notify&quot; value=&quot;false&quot;/&gt;<BR>
                                &lt;param name=&quot;context&quot; value=&quot;public&quot;/&gt;<BR>
                                &lt;param name=&quot;rfc2833-pt&quot; value=&quot;101&quot;/&gt;<BR>
                                &lt;param name=&quot;sip-port&quot; value=&quot;5060&quot;/&gt;<BR>
                                &lt;param name=&quot;dialplan&quot; value=&quot;XML&quot;/&gt;<BR>
                                &lt;param name=&quot;dtmf-duration&quot; value=&quot;2000&quot;/&gt;<BR>
                                &lt;param name=&quot;inbound-codec-prefs&quot; value=&quot;H264,G722,PCMA,GSM&quot;/&gt;<BR>
                                &lt;param name=&quot;outbound-codec-prefs&quot; value=&quot;H264,G722,PCMA,GSM&quot;/&gt;<BR>
                                &lt;param name=&quot;rtp-timer-name&quot; value=&quot;soft&quot;/&gt;<BR>
                                &lt;param name=&quot;rtp-ip&quot; value=&quot;&lt;PUBLIC_IP&gt;&quot;/&gt;<BR>
                                &lt;param name=&quot;sip-ip&quot; value=&quot;&lt;PUBLIC_IP&gt;&quot;/&gt;<BR>
                                &lt;param name=&quot;hold-music&quot; value=&quot;local_stream://moh&quot;/&gt;<BR>
                                &lt;param name=&quot;apply-inbound-acl&quot; value=&quot;domains&quot;/&gt;<BR>
                                &lt;param name=&quot;apply-nat-acl&quot; value=&quot;rfc1918&quot;/&gt;<BR>
                                &lt;param name=&quot;local-network-acl&quot; value=&quot;localnet.auto&quot;/&gt;<BR>
                                &lt;param name=&quot;record-path&quot; value=&quot;/opt/freeswitch/recordings&quot;/&gt;<BR>
                                &lt;param name=&quot;record-template&quot; value=&quot;${caller_id_number}.${target_domain}.${strftime(%Y-%m-%d-%H-%M-%S)}.wav&quot;/&gt;<BR>
                                &lt;param name=&quot;manage-presence&quot; value=&quot;true&quot;/&gt;<BR>
                                &lt;param name=&quot;presence-privacy&quot; value=&quot;&quot;/&gt;<BR>
                                &lt;param name=&quot;inbound-codec-negotiation&quot; value=&quot;generous&quot;/&gt;<BR>
                                &lt;param name=&quot;tls&quot; value=&quot;true&quot;/&gt;<BR>
                                &lt;param name=&quot;tls-only&quot; value=&quot;false&quot;/&gt;<BR>
                                &lt;param name=&quot;tls-bind-params&quot; value=&quot;transport=tls&quot;/&gt;<BR>
                                &lt;param name=&quot;tls-sip-port&quot; value=&quot;5061&quot;/&gt;<BR>
                                &lt;param name=&quot;tls-cert-dir&quot; value=&quot;/opt/freeswitch/conf/ssl&quot;/&gt;<BR>
                                &lt;param name=&quot;tls-passphrase&quot; value=&quot;&quot;/&gt;<BR>
                                &lt;param name=&quot;tls-verify-date&quot; value=&quot;true&quot;/&gt;<BR>
                                &lt;param name=&quot;tls-verify-policy&quot; value=&quot;none&quot;/&gt;<BR>
                                &lt;param name=&quot;tls-verify-depth&quot; value=&quot;2&quot;/&gt;<BR>
                                &lt;param name=&quot;tls-verify-in-subjects&quot; value=&quot;&quot;/&gt;<BR>
                                &lt;param name=&quot;tls-version&quot; value=&quot;sslv23&quot;/&gt;<BR>
                                &lt;param name=&quot;odbc-dsn&quot; value=&quot;freeswitch:user:password&quot;/&gt;<BR>
                                &lt;param name=&quot;nonce-ttl&quot; value=&quot;60&quot;/&gt;<BR>
                                &lt;param name=&quot;auth-calls&quot; value=&quot;true&quot;/&gt;<BR>
                                &lt;param name=&quot;inbound-reg-force-matching-username&quot; value=&quot;true&quot;/&gt;<BR>
                                &lt;param name=&quot;auth-all-packets&quot; value=&quot;false&quot;/&gt;<BR>
                                &lt;param name=&quot;rtp-timeout-sec&quot; value=&quot;300&quot;/&gt;<BR>
                                &lt;param name=&quot;rtp-hold-timeout-sec&quot; value=&quot;1800&quot;/&gt;<BR>
                                &lt;param name=&quot;challenge-realm&quot; value=&quot;auto_from&quot;/&gt;<BR>
                                &lt;param name=&quot;ext-rtp-ip&quot; value=&quot;&lt;PUBLIC_IP&gt;&quot;/&gt;<BR>
                                &lt;param name=&quot;ext-sip-ip&quot; value=&quot;&lt;PUBLIC_IP&gt;&quot;/&gt;<BR>
                                &lt;param name=&quot;presence-hosts&quot; value=&quot;_DISABLED_&quot;/&gt;<BR>
                                &lt;param name=&quot;NDLB-received-in-nat-reg-contact&quot; value=&quot;true&quot;/&gt;<BR>
                                &lt;param name=&quot;NDLB-broken-auth-hash&quot; value=&quot;true&quot;/&gt;<BR>
                                &lt;param name=&quot;dbname&quot; value=&quot;share_presence&quot;/&gt;<BR>
                                &lt;param name=&quot;send-presence-on-register&quot; value=&quot;true&quot;/&gt;<BR>
                                &lt;param name=&quot;manage-shared-appearance&quot; value=&quot;true&quot;/&gt;<BR>
                                &lt;param name=&quot;registration-thread-frequency&quot; value=&quot;30&quot;/&gt;<BR>
                                &lt;param name=&quot;enable-timer&quot; value=&quot;false&quot;/&gt;<BR>
                                &lt;param name=&quot;aggressive-nat-detection&quot; value=&quot;true&quot;/&gt;<BR>
                                &lt;param name=&quot;send-message-query-on-register&quot; value=&quot;true&quot;/&gt;<BR>
                                &lt;param name=&quot;all-reg-options-ping&quot; value=&quot;true&quot;/&gt;<BR>
                                &lt;param name=&quot;sip-force-expires&quot; value=&quot;3600&quot;/&gt;<BR>
                                &lt;param name=&quot;sip-expires-max-deviation&quot; value=&quot;300&quot;/&gt;<BR>
                                &lt;param name=&quot;multiple-registrations&quot; value=&quot;contact&quot;/&gt;<BR>
                        &lt;/settings&gt;<BR>
                &lt;/profile&gt;<BR>
<BR>
Any suggestions on how to make FS use the INVITE IP for RTP instead of using the IP on the SDP?<BR>
<BR>
Looking forward to hear from you.<BR>
<BR>
Best Regards,<BR>
</SPAN><FONT SIZE="1"><SPAN STYLE='font-size:8pt'><B><BR>
<BR>
Nuno Miguel Reis</B> | <B>Unified Communication Systems<BR>
</B>M. +351 913907481 | <FONT COLOR="#0000FF"><a href="nreis@wavecom.pt">nreis@wavecom.pt</a></FONT> &lt;<a href="mailto:nreis@wavecom.pt">mailto:nreis@wavecom.pt</a>&gt; <BR>
WAVECOM-Solu&ccedil;&otilde;es R&aacute;dio, S.A.<BR>
Cacia Park | Rua do Progresso, Lote 15<BR>
3800-639 AVEIRO | Portugal<BR>
T. +351 309 700 225 | F. +351 234 919 191<BR>
</SPAN><FONT COLOR="#1F497D"><SPAN STYLE='font-size:9pt'><B>GPS</B></SPAN></FONT><SPAN STYLE='font-size:9pt'><B> &lt;<a href="http://maps.google.com/maps/ms?msa=0&amp;msid=202333747613191340808.0004b4b227a6144f0df88">http://maps.google.com/maps/ms?msa=0&amp;msid=202333747613191340808.0004b4b227a6144f0df88</a>&gt; &nbsp;| <FONT COLOR="#1F497D">www.wavecom.pt</FONT> &lt;<a href="http://www.wavecom.pt/">http://www.wavecom.pt/</a>&gt; </B></SPAN></FONT><B><SPAN STYLE='font-size:11pt'> &lt;<a href="http://www.wavecom.pt/">http://www.wavecom.pt/</a>&gt; <BR>
</SPAN></B><SPAN STYLE='font-size:11pt'><BR>
<IMG src="cid:3456469533_181322549" > &lt;<a href="http://www.wavecom.pt/pt/wavecom/premios.php">http://www.wavecom.pt/pt/wavecom/premios.php</a>&gt; <BR>
<BR>
</SPAN><SPAN STYLE='font-size:12pt'> &lt;<a href="http://www.wavecom.pt/pt/mail_eventos.php">http://www.wavecom.pt/pt/mail_eventos.php</a>&gt; <BR>
</SPAN><SPAN STYLE='font-size:11pt'><BR>
<BR>
<BR>
<HR ALIGN=CENTER SIZE="3" WIDTH="95%"></SPAN></FONT><FONT SIZE="2"><FONT FACE="Consolas, Courier New, Courier"><SPAN STYLE='font-size:10pt'>_________________________________________________________________________<BR>
Professional FreeSWITCH Consulting Services:<BR>
<a href="consulting@freeswitch.org">consulting@freeswitch.org</a><BR>
<a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><BR>
<BR>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<BR>
<a href="http://www.cudatel.com">http://www.cudatel.com</a><BR>
<BR>
Official FreeSWITCH Sites<BR>
<a href="http://www.freeswitch.org">http://www.freeswitch.org</a><BR>
<a href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a><BR>
<a href="http://www.cluecon.com">http://www.cluecon.com</a><BR>
<BR>
FreeSWITCH-users mailing list<BR>
<a href="FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><BR>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><BR>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><BR>
<a href="http://www.freeswitch.org">http://www.freeswitch.org</a><BR>
</SPAN></FONT></FONT></BLOCKQUOTE><FONT SIZE="2"><FONT FACE="Consolas, Courier New, Courier"><SPAN STYLE='font-size:10pt'><BR>
</SPAN></FONT></FONT><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:11pt'>-- <BR>
Ken<BR>
<FONT COLOR="#0000FF"><U><a href="http://www.FreeSWITCH.org">http://www.FreeSWITCH.org</a><BR>
<a href="http://www.ClueCon.com">http://www.ClueCon.com</a><BR>
<a href="http://www.OSTAG.org">http://www.OSTAG.org</a><BR>
</U></FONT>irc.freenode.net #freeswitch<BR>
</SPAN></FONT>
</BODY>
</HTML>