<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><span></span></div><div>The problem is:<div>Call from ext to int - FS proxies rtp</div><div>Call from int to ext - FS reveals external address to internal server in SDP resulting in one way audio<br><br>SDP examples in first message<br><br>-- <br>Wbr, Serge via mobile<br><br>13.10.2016, 20:40, "Brian West" <<a href="mailto:brian@freeswitch.org">brian@freeswitch.org</a>>:<br><blockquote type="cite"><div dir="ltr">There should be no special anything to configure if these two systems are talking over the private network and its routed properly, there is no nat settings, no ext-*-ip settings required, So what is the problem you're having?</div><div><br><div>On Thu, Oct 13, 2016 at 11:11 AM, Serge S. Yuriev <span dir="ltr"><<a href="mailto:me@nevian.org" target="_blank">me@nevian.org</a>></span> wrote:<br><blockquote style="margin:0 0 0 0.8ex;border-left:1px #ccc solid;padding-left:1ex;"><div>Not sure that you asking about.</div><div>This is interconnect between two large enterprises with a lot equally numbered networks. So only few hosts are visible via VPN both servers not aware of. Plain routing.</div><div>No NAT involved at all.</div><div> </div><div>My server on inside interface talks to my devices. On external - to the real ip world and mentioned partner <a href="http://172.17.2.3/32" target="_blank">172.17.2.3/32</a></div><div>Partner server talks to theirs network and to my external ip via VPN</div><div> </div><div> </div><div>13.10.2016, 02:12, "Brian West" <<a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a>>:</div><div><div><blockquote type="cite"><div>Are these servers talking to anything outside their perspective NATs? What are their blocks?</div><div> <div>On Wed, Oct 12, 2016 at 3:51 PM, Serge Yuriev <span><<a href="mailto:me@nevian.org" target="_blank">me@nevian.org</a>></span> wrote:<blockquote style="margin:0 0 0 0.8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div> </div><div>From perspective of server it is normal route via desired interface.<div>So VPN somewhere outside and server not aware of it.<br><br><span>--<br>Wbr, Serge via mobile</span><br><br>12.10.2016, 21:17, "Brian West" <<a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a>>:<div><div> <blockquote type="cite"><div>How are the two networks connected? VPN?</div><div> <div>On Wed, Oct 12, 2016 at 12:01 PM, Serge S. Yuriev <span><<a href="mailto:me@nevian.org" target="_blank">me@nevian.org</a>></span> wrote:<blockquote style="margin:0 0 0 0.8ex;border-left:1px #ccc solid;padding-left:1ex;">Hi,<div> </div><div>How I can debug this issue to move it further?</div><div>I feel much more comfortable with FS than Asterisk which works out-of-box :)<br><br>Proxy mode doesn't work also because of 3pcc.<br><span>--<br>Wbr, Serge via mobile</span><br><br>11.10.2016, 14:25, "Serge S. Yuriev" <<a href="mailto:me@nevian.org" target="_blank">me@nevian.org</a>>:<div><div> <blockquote type="cite">Hi<div> </div><div>Is anyone have had chance to check the logs?</div><div> </div><div>I tried to include 172.17.2.3 as local-network on external while excluding it from internal - no joy :(</div><div> </div><div><div> <list name="lan" default="deny"></div><div> <node type="deny" cidr="<a href="http://172.17.2.3/" target="_blank">172.17.2.3/</a><span>32"/></span></div><div> <node type="deny" cidr="172.17.2.4<span>/32"/></span></div><div> <node type="allow" cidr="192.168.0<span>.0/16"/></span></div><div> <node type="allow" cidr="<a href="http://10.0.0.0/" target="_blank">10.0.0.0/</a><span>8"/></span></div><div> <node type="allow" cidr="172.16.0.<span>0/12"/></span></div><div> </list></div><div> </div><div><div> <list name="wan" default="deny"></div><div> <node type="allow" cidr="172.17.2.</div><div>3/32"/></div><div> <node type="allow" cidr="172.17.2.</div><div>4/32"/></div><div> <node type="allow" cidr="83.y.y.<span>128/25"/></span></div><div> </list></div></div><br>--<br>Wbr, Serge via mobile<br><br>09.10.2016, 13:03, "Serge Yuriev":<blockquote type="cite"><div><div>Bad one</div><div><a href="https://pastebin.freeswitch.org/view/5a6b306c" target="_blank">https://pastebin.freeswitch.<wbr>org/view/5a6b306c</a></div><div> </div><div>Good one</div><div><a href="https://pastebin.freeswitch.org/view/5b1ca4e3" target="_blank">https://pastebin.freeswitch.<wbr>org/view/5b1ca4e3</a></div> <div><div>On 8 Oct 2016, at 04:23, Anthony Minessale <<a href="mailto:anthony.minessale@gmail.com" target="_blank">anthony.minessale@gmail.com</a>> wrote:</div> <blockquote type="cite"><div>Too terse.<div> </div><div>You probably need to produce full traces on pastebin with the full debug to get any idea.</div><div> </div></div><div> <div>On Fri, Oct 7, 2016 at 6:13 PM, Serge Yuriev <span><<a href="mailto:me@nevian.org" target="_blank">me@nevian.org</a>></span> wrote:<blockquote style="margin:0 0 0 0.8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div>As mentioned before I tried to play with local-network-acl but no joy. Maybe it’s just not right? On which profile I should tune?</div><div> </div><div><div> <list name="lan" default="deny"></div><div> <node type="deny" cidr="<a href="http://172.17.2.3/32" target="_blank">172.17.2.3/32</a>"/></div><div> <node type="deny" cidr="<a href="http://172.17.2.4/32" target="_blank">172.17.2.4/32</a>"/></div><div> <node type="allow" cidr="<a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a>"/></div><div> <node type="allow" cidr="<a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a>"/></div><div> <node type="allow" cidr="<a href="http://172.16.0.0/12" target="_blank">172.16.0.0/12</a>"/></div><div> </list></div></div><div> </div><div>On both profiles I have like this</div><div>Int</div><div><div> <param name="rtp-ip" value="$${inside_bind_ipv4}"/></div><div> <param name="sip-ip" value="$${inside_bind_ipv4}"/></div><div> <param name="ext-rtp-ip" value="$${inside_bind_ipv4}"/></div><div> <param name="ext-sip-ip" value="$${inside_bind_ipv4}"/></div></div><div> </div><div>Ext</div><div><div> <param name="rtp-ip" value="$${outside_bind_ipv4}"/<wbr>></div><div> <param name="sip-ip" value="$${outside_bind_ipv4}"/<wbr>></div><div> <param name="ext-rtp-ip" value="$${outside_bind_ipv4}"/<wbr>></div><div> <param name="ext-sip-ip" value="$${outside_bind_ipv4}"/<wbr>></div></div><div><div> <div><div>On 8 Oct 2016, at 00:48, Brian West <<a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a>> wrote:</div> <blockquote type="cite"><div>you have to fix your local-network-acl in each system probably to do the right thing, do you have the ext-rtp-ip set with the automat: prefix?</div><div> <div>On Fri, Oct 7, 2016 at 1:23 PM, Serge S. Yuriev <span><<a href="mailto:me@nevian.org" target="_blank">me@nevian.org</a>></span> wrote:<blockquote style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex;">Hello,<br><br>Two SIP profiles:<br>External 83.хх<br>Internal <a href="http://10.23.154.0/24" target="_blank">10.23.154.0/24</a><br><br>Via external we are receiving/send calls from/to <a href="http://172.17.2.0/29" target="_blank">172.17.2.0/29</a><br>For some reason if we call outside FS sends unmodified addresses in SDP.<br>So we have unroutable address in SDP and one-way audio. If call flows<br>ext to int all working correct.<br>Tried local-network-acl on inside (10.хх) with excluded 172.хх,<br>apply-nat-acl with included 172.xx on either int and ext. Nothing helps :(<br><br>"Bad one" SDP - from internal to external<br>send 960 bytes to udp/[10.23.154.63]:6060 at 18:16:22.226984:<br> ------------------------------<wbr>------------------------------<wbr>------------<br> SIP/2.0 200 OK<br> Via: SIP/2.0/UDP 10.23.154.63:6060;branch=<wbr>z9hG4bKe433fa68b81<br> From: "IT, Юрьев Сергей"<br><<a href="mailto:sip%3A12550@10.23.154.63" target="_blank">sip:12550@10.23.154.63</a>>;tag=<wbr>195594~27154efa-6325-45a2-<wbr>9e47-67e5d9302ebc-<span><span><span><span><span>237816120</span></span></span></span></span><br> To: <<a href="mailto:sip%3A62987%25236546@10.23.154.100" target="_blank">sip:62987%236546@10.23.154.<wbr>100</a>>;tag=66NUXXHvB6HBp<br> Call-ID: <a href="mailto:86c80-7f71bc46-c44e-3f40000a@10.23.154.63" target="_blank">86c80-7f71bc46-c44e-3f40000a@<wbr>10.23.154.63</a><br> CSeq: 101 INVITE<br> Contact: <<a href="http://sip:mod_sofia@10.23.154.100:6060/" target="_blank">sip:mod_sofia@10.23.154.100:<wbr>6060</a>><br> User-Agent:<br>FreeSWITCH-mod_sofia/1.7.0+<wbr>git~<span><span><span><span><span>20160707</span></span></span></span></span>T165535Z~<wbr>be13536ac9~64bit<br> Accept: application/sdp<br> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE,<br>PRACK, NOTIFY<br> Require: timer<br> Supported: precondition, 100rel, timer, path, replaces<br> Allow-Events: talk, hold, conference, refer<br> Session-Expires: 1800;refresher=uac<br> Content-Type: application/sdp<br> Content-Disposition: session<br> Content-Length: 180<br><br> v=0<br> o=- <span><a href="tel:1475853382" target="_blank">1475853382</a> 2</span> IN IP4 172.17.2.3<br> s=-<br> >> c=IN IP4 172.17.2.4<br> b=AS:64<br> t=0 0<br> m=audio 3040 RTP/AVP 8 101<br> a=rtpmap:8 PCMA/8000<br> a=rtpmap:101 telephone-event/8000<br> a=ptime:20<br><br><br>And a good one - external to internal<br>send 1162 bytes to udp/[10.23.154.65]:5060 at 12:34:15.132027:<br> ------------------------------<wbr>------------------------------<wbr>------------<br> INVITE <a href="mailto:sip%3A12550@10.23.154.65" target="_blank">sip:12550@10.23.154.65</a> SIP/2.0<br> Via: SIP/2.0/UDP 10.23.154.100:6060;rport;<wbr>branch=z9hG4bKUXyFjDmg8rtmB<br> Max-Forwards: 69<br> From: "Абонент"<br><<a>sip:$(caller_id_number)@</a><a href="http://10.23.154.100/" target="_blank">10.<wbr>23.154.100</a>>;tag=1agg8aZ7FUUBK<br> To: <<a href="mailto:sip%3A12550@10.23.154.65" target="_blank">sip:12550@10.23.154.65</a>><br> Call-ID: d<span><span><span><span><span>8367628-0</span></span></span></span></span>fc<span><span><span><span><span>1-4325-998</span></span></span></span></span>f-<wbr>3f32f9d3a05b<br> CSeq: <span><a href="tel:97580363" target="_blank">97580363</a></span> INVITE<br> Contact: <<a href="mailto:sip%3Agw%2Bcucm-65@10.23.154.100" target="_blank">sip:gw+cucm-65@10.23.154.100</a>:<wbr>6060;transport=udp;gw=cucm-65><br> User-Agent:<br>FreeSWITCH-mod_sofia/1.7.0+<wbr>git~<span><span><span><span><span>20160707</span></span></span></span></span>T165535Z~<wbr>be13536ac9~64bit<br> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE,<br>PRACK, NOTIFY<br> Supported: precondition, 100rel, timer, path, replaces<br> Allow-Events: talk, hold, conference, refer<br> Content-Type: application/sdp<br> Content-Disposition: session<br> Content-Length: 268<br> X-FS-Support: update_display,send_info<br> Remote-Party-ID: "Абонент"<br><<a>sip:$(caller_id_number)@</a><a href="http://10.23.154.100/" target="_blank">10.<wbr>23.154.100</a>>;party=calling;<wbr>screen=yes;privacy=off<br><br> v=0<br> o=FreeSWITCH <span><a href="tel:1475804423" target="_blank">1475804423</a> <a href="tel:1475804424" target="_blank">1475804424</a></span> IN IP4 10.23.154.100<br> s=FreeSWITCH<br> >> c=IN IP4 10.23.154.100<br> t=0 0<br> m=audio 28432 RTP/AVP <span><a href="tel:8%2018%20101%2013" target="_blank">8 18 101 13</a></span><br> a=rtpmap:8 PCMA/8000<br> a=rtpmap:18 G729/8000<br> a=rtpmap:101 telephone-event/8000<br> a=fmtp:101 0-16<br> a=rtpmap:13 CN/8000<br> a=ptime:20</blockquote></div></div></blockquote></div></div></div></div></blockquote></div></div></blockquote></div></div></blockquote></div></blockquote></div></div></div></blockquote></div></div></blockquote></div></div></div></div></div></blockquote></div></div></blockquote><div> </div><div>-- </div></div></div><div>wbr,</div><div>Serge</div><div> </div><br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">
<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small;"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font size="1" face="courier new, monospace"><img src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br></font></p><p><font size="2" face="monospace, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a> (50% Discount using code FreeSwitch50)<br><a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a> </font><span style="font-family:monospace,monospace;font-size:small;">(50% Discount using code FreeSwitch50)</span><font size="2" face="monospace, monospace"><br></font><a href="https://www.gofundme.com/freeswitch_ubuntu" style="font-size:12.8px;" target="_blank"><font face="monospace, monospace">https://www.gofundme.com/freeswitch_ubuntu</font></a></p><p><font face="monospace, monospace">Got Bugs? Report them <a href="https://freeswitch.org/jira" target="_blank">here</a>! | Reddit: <a href="https://www.reddit.com/r/freeswitch" target="_blank">/r/freeswitch</a></font></p>
<p><font size="2" face="monospace, monospace"><b>T:</b><span><a dir="ltr" href="tel:+19184209001" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="68">+19184209001</a></span> | <b>F:</b><span><a dir="ltr" href="tel:+19184209002" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="69">+19184209002</a></span> | <b>M:</b><span>+1918424</span>WEST (9378)<br><b>iNUM:</b><span><a dir="ltr" href="tel:+883%205100%201420%209001" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="70">+883 5100 1420 9001</a></span> | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
<br><p>_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services: <br><a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br><a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><br><br>Official FreeSWITCH Sites<br><a href="http://www.freeswitch.org">http://www.freeswitch.org</a><br><a href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a><br><a href="http://www.cluecon.com">http://www.cluecon.com</a><br><br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br><a href="http://www.freeswitch.org">http://www.freeswitch.org</a><br></p></blockquote></div></div></body></html>