<div dir="ltr"><div><div><div><div>Hi all,<br><br></div>No one has a clue about this use case?<br></div>Can anybody confirm what Steven wrote earlier (i.e. '<font face="arial, sans-serif">So before the INVITE is even sent the port is open')?<br><br></font></div><font face="arial, sans-serif">I just don't know how to behave here. I know it's a weird scenario and I understand why it doesn't work but it happens so many times with customers behind a NAT and I feel so close to a solution that I just can't stop trying to find a solution.<br><br></font></div><font face="arial, sans-serif">Thanks in advance!<br>Florent<br></font></div><div class="gmail_extra"><br><div class="gmail_quote">2014-09-26 10:26 GMT+02:00 Florent Krieg <span dir="ltr"><<a href="mailto:flokrrr@gmail.com" target="_blank">flokrrr@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hi Ken,<br><br></div>Thanks for pointing this out.<br></div>I guess the value you have mentioned are overwritten by the following settings in switch.conf.xml (which I have set)?<br> <!-- RTP port range --><br> <param name="rtp-start-port" value="20000"/><br> <param name="rtp-end-port" value="40000"/><span class="HOEnZb"><font color="#888888"><br><br></font></span></div><span class="HOEnZb"><font color="#888888">Florent<br></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">2014-09-25 19:38 GMT+02:00 Ken Rice <span dir="ltr"><<a href="mailto:krice@freeswitch.org" target="_blank">krice@freeswitch.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<font face="Monaco, Courier New"><span style="font-size:11pt">Keep in mind that FreeSWITCH does not use the 20K to 40K range for RTP by default. It used 16384:32768 so your iptables rules there will probably cause a problem when FS tries to do media in the lower part of the range<div><div><br>
<br>
<br>
On 9/25/14 10:54 AM, "Florent Krieg" <<a href="http://flokrrr@gmail.com" target="_blank">flokrrr@gmail.com</a>> wrote:<br>
<br>
</div></div></span></font><blockquote><div><div><font face="Monaco, Courier New"><span style="font-size:11pt">Hi Steven,<br>
<br>
Thanks for the reply!<br>
<br>
Here's the firewall policy (iptables, the FS service is hosted on a centos6 server):<br>
-A INPUT -p udp -m udp --dport 20000:40000 -j ACCEPT<br>
The port annonced by FS and actually used was in this range (34546). Hence, I doubt the port s blocked.<br>
<br>
There is still the possibility of the port not being listening.<br>
This is comforting that you say it should be listening on it right before the INVITE, but it is a bit weird I'm experiencing such a behaviour...<br>
<br>
Steven, there are a lot of public IPs in my capture (among them some of customers and I don't want to obfuscate it so I won't post it here), but if you'd like I can send it to you by email so that you can have a look as well?<br>
<br>
Thanks<br>
Florent<br>
<br>
<br>
2014-09-25 17:06 GMT+02:00 Steven Ayre <<a href="http://steveayre@gmail.com" target="_blank">steveayre@gmail.com</a>>:<br>
</span></font><blockquote><blockquote><font><font face="Arial"><span style="font-size:10pt">then FS seems to not be ready for it and reply ICMP unreachable.<br>
</span></font></font></blockquote><font><font face="Arial"><span style="font-size:10pt"><br>
</span></font></font><font face="Arial"><span style="font-size:11pt">This sounds odd. ICMP unreachable will be sent by the OS/firewall not FS. It means nothing is listening on that UDP port (or it's blocked). What's odd is the SDP FS sends in its INVITE packet will contain the IP and port it's using. It finds that port by creating a socket using a random port then checking what it's using. So before the INVITE is even sent the port is open, so you shouldn't see ICMP unreachable from the OS.<br>
<br>
Are they sending to the exact same IP and port you send in the SDP? Are you running any stateful firewalls that might not have opened the port for the RTP stream?<br>
</span></font><span style="font-size:11pt"><font face="Monaco, Courier New"><br>
<br>
<br>
On 25 September 2014 14:59, Florent Krieg <<a href="http://flokrrr@gmail.com" target="_blank">flokrrr@gmail.com</a>> wrote:<br>
</font></span><blockquote><span style="font-size:11pt"><font face="Monaco, Courier New">Hi mates,<br>
<br>
We are encountering a problem with some of our customers in the following situation:<br>
* we are running Freeswitch with a public IP address, detecting far-end nat traversal when needed (customers behind NAT)<br>
* our customers interconnects their IPBXes to our FS platform (we do only SIP trunking with FS)<br>
* if the customer has its IPBX behind a NAT and sets a local redirect, there's no sound (and I completely understand why, I'm just trying to find a solution, if any...)<br>
<br>
So there are two distinct calls:<br>
</font><font face="Courier New">PSTN_X <===> FS <===> customer1 IPBX<br>
customer1 IPBX <===> FS <===> PSTN_Y (redirection)<br>
</font><font face="Monaco, Courier New"><br>
When PSTN_Y answers the call, FS sends 200 OK w/ SDP to customer1 IPBX.<br>
The IPBX then sends an empty RTP packet, I reckon to allow the remote platform (FS in this case) to be able to detect the IP/port couple where to send RTP packets. <br>
The problem I have is that on the 'caller' side, this single empty RTP packet is sent by the IPBX before sending the 200 OK (like, a few ms before) and then FS seems to not be ready for it and reply ICMP unreachable.<br>
<br>
To make this whole stuff almost-work, I've set 'rtp_auto_adjust_threshold' to 1, otherwise FS will wait for far more than 1 RTP packet to detect NAT.<br>
<br>
My idea is that the IPBX should send the 200 OK first and right after this empty RTP packet.<br>
The problem is I'm encountering the issue with two different constructors (on one of them we ended using STUN, but the other one has a terrible STUN implementation, hence I'm really looking for a solution).<br>
<br>
I know it's tricky (SIP, NAT, redirection and so on) but what do you think about this use case?<br>
Would you know a way to solve this trouble? If you have any clue please share!<br>
<br>
Thanks in advance<br>
<font color="#888888">Florent<br>
</font><br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="http://consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="http://FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</font></span></blockquote><span style="font-size:11pt"><font face="Monaco, Courier New"><br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="http://consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="http://FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</font></span></blockquote></div></div><span style="font-size:11pt"><font face="Monaco, Courier New"><br>
<br>
<hr align="CENTER" size="3" width="95%"></font></span><span><font><font face="Consolas, Courier New, Courier"><span style="font-size:10pt">_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services: <br>
<a href="http://consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="http://FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</span></font></font></span></blockquote><span><font color="#888888"><font><font face="Consolas, Courier New, Courier"><span style="font-size:10pt"><br>
</span></font></font><font face="Monaco, Courier New"><span style="font-size:11pt">-- <br>
Ken<br>
<font color="#0000FF"><u><a href="http://www.FreeSWITCH.org" target="_blank">http://www.FreeSWITCH.org</a><br>
<a href="http://www.ClueCon.com" target="_blank">http://www.ClueCon.com</a><br>
<a href="http://www.OSTAG.org" target="_blank">http://www.OSTAG.org</a><br>
</u></font><a href="http://irc.freenode.net" target="_blank">irc.freenode.net</a> #freeswitch<br>
Twitter: @FreeSWITCH<br>
<br>
</span></font>
</font></span></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>