<div dir="ltr">well, here is something you may find interesting: <a href="https://www.youtube.com/watch?v=_WSx-T6TriI">https://www.youtube.com/watch?v=_WSx-T6TriI</a><div><br></div><div>have fun :=)</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 30 January 2018 at 19:03, Mundkowsky, Robert <span dir="ltr"><<a href="mailto:rmundkowsky@ets.org" target="_blank">rmundkowsky@ets.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I am not an expert, you should get help from FS staff, but anyways, here is some info:<br>
<span class=""><br>
> 1. Do ports need to be opened on the firewall under all circumstances?<br>
> UDP ports for RTP, for instance.<br>
<br>
</span>Yes. If you block the ports then nothing can get thru.  For SIP/RTP, you need the SIP port open, and you need a range of ports open for RTP. See the configuration files for the port numbers.<br>
<br>
If you use WSS, then you need the WSS port open.<br>
<span class=""><br>
<br>
> 2. Is this always a good idea to enable in sip_profiles/internal.xml?<br>
> <param name="nat-options-ping" value="true"/><br>
<br>
</span>Maybe. Some software does not support OPTIONS messages. If it yours does then yeah use it.  See <a href="https://freeswitch.org/confluence/display/FREESWITCH/NAT+Traversal" rel="noreferrer" target="_blank">https://freeswitch.org/<wbr>confluence/display/FREESWITCH/<wbr>NAT+Traversal</a><br>
<span class=""><br>
> 3. Is it necessary/recommended to have STUN enabled in vars.xml AND<br>
> setup the nat-options-ping?<br>
<br>
</span>I guess here, if you or your client are behind an asymmetric NAT then you need a STUN server. If a symmetric NAT then you need TURN server.  Keep in mind your clients might have all kinds of different situations.<br>
<span class=""><br>
<br>
> 4. my sip_profile/internal.xml has this:<br>
> <param name="ext-rtp-ip" value="auto-nat"/> <param name="ext-sip-ip"<br>
> value="auto-nat"/><br>
><br>
> Is this an improvement over what's  in confluence of:<br>
> <param name="ext-rtp-ip" value="$${external_rtp_ip}"/><br>
<br>
</span>Not sure, read up on it <a href="https://freeswitch.org/confluence/display/FREESWITCH/Auto+Nat" rel="noreferrer" target="_blank">https://freeswitch.org/<wbr>confluence/display/FREESWITCH/<wbr>Auto+Nat</a><br>
<span class=""><br>
<br>
> 5. If the endpoints are configured to connect using TCP, does any of<br>
> this change what's above?<br>
<br>
</span>Not sure, but my guess is no<br>
<br>
Robert<br>
<span class=""><br>
-----Original Message-----<br>
From: FreeSWITCH-users [mailto:<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org">freeswitch-users-<wbr>bounces@lists.freeswitch.org</a>] On Behalf Of jungle boogie<br>
Sent: Tuesday, January 30, 2018 12:15 AM<br>
To: FreeSWITCH Users Help <<a href="mailto:freeswitch-users@lists.freeswitch.org">freeswitch-users@lists.<wbr>freeswitch.org</a>><br>
Subject: Re: [Freeswitch-users] FreeSWITCH behind NAT<br>
<br>
Hi All,<br>
<br>
Can anyone give me some advice? I'll update the docs, if it's needed.<br>
<br>
Thanks!<br>
<br>
Thus said Jungle Boogie on Sun, 28 Jan 2018 17:51:40 -0800<br>
> Hi All,<br>
><br>
> I have some questions about this page and what folks do when<br>
> freeswitch is behind NAT:<br>
</span>> <a href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffrees" rel="noreferrer" target="_blank">https://na01.safelinks.<wbr>protection.outlook.com/?url=<wbr>https%3A%2F%2Ffrees</a><br>
> <a href="http://witch.org" rel="noreferrer" target="_blank">witch.org</a>%2Fconfluence%<wbr>2Fdisplay%2FFREESWITCH%2FNAT%<wbr>2BTraversal&data=0<br>
> 2%7C01%7Crmundkowsky%<a href="http://40ets.org" rel="noreferrer" target="_blank">40ets.org</a><wbr>%<wbr>7C505306e6c453490da26708d567a0<wbr>f5d5%7C0b<br>
> a6e9b760b34fae92f37e6ddd9e9b65<wbr>%7C0%7C0%7C636528863387947052&<wbr>sdata=L91K<br>
> SrefIPmwVZLdFSPioL6zcM7Be5Mlgx<wbr>PoyUOU70w%3D&reserved=0<br>
<span class="">><br>
> 1. Do ports need to be opened on the firewall under all circumstances?<br>
> UDP ports for RTP, for instance.<br>
><br>
> 2. Is this always a good idea to enable in sip_profiles/internal.xml?<br>
> <param name="nat-options-ping" value="true"/><br>
><br>
><br>
> 3. Is it necessary/recommended to have STUN enabled in vars.xml AND<br>
> setup the nat-options-ping?<br>
><br>
><br>
> 4. my sip_profile/internal.xml has this:<br>
> <param name="ext-rtp-ip" value="auto-nat"/> <param name="ext-sip-ip"<br>
> value="auto-nat"/><br>
><br>
> Is this an improvement over what's  in confluence of:<br>
> <param name="ext-rtp-ip" value="$${external_rtp_ip}"/><br>
><br>
> 5. If the endpoints are configured to connect using TCP, does any of<br>
> this change what's above?<br>
><br>
> thanks!<br>
<br>
<br>
<br>
<br>
<br>
______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
</span><a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeswitchsolutions.com&data=02%7C01%7Crmundkowsky%40ets.org%7C505306e6c453490da26708d567a0f5d5%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636528863387947052&sdata=qvvmQaISaJ37%2FHkzp8eNafIKcIfvWtYI9WYlMUb3HTs%3D&reserved=0" rel="noreferrer" target="_blank">https://na01.safelinks.<wbr>protection.outlook.com/?url=<wbr>http%3A%2F%2Fwww.<wbr>freeswitchsolutions.com&data=<wbr>02%7C01%7Crmundkowsky%40ets.<wbr>org%<wbr>7C505306e6c453490da26708d567a0<wbr>f5d5%<wbr>7C0ba6e9b760b34fae92f37e6ddd9e<wbr>9b65%7C0%7C0%<wbr>7C636528863387947052&sdata=<wbr>qvvmQaISaJ37%<wbr>2FHkzp8eNafIKcIfvWtYI9WYlMUb3H<wbr>Ts%3D&reserved=0</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeswitch.org&data=02%7C01%7Crmundkowsky%40ets.org%7C505306e6c453490da26708d567a0f5d5%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636528863387947052&sdata=2YGYIAS02v0lG%2ByUtZZdCkzFJCgpYU4eUeGuWfcfnfY%3D&reserved=0" rel="noreferrer" target="_blank">https://na01.safelinks.<wbr>protection.outlook.com/?url=<wbr>http%3A%2F%2Fwww.freeswitch.<wbr>org&data=02%7C01%<wbr>7Crmundkowsky%40ets.org%<wbr>7C505306e6c453490da26708d567a0<wbr>f5d5%<wbr>7C0ba6e9b760b34fae92f37e6ddd9e<wbr>9b65%7C0%7C0%<wbr>7C636528863387947052&sdata=<wbr>2YGYIAS02v0lG%<wbr>2ByUtZZdCkzFJCgpYU4eUeGuWfcfnf<wbr>Y%3D&reserved=0</a><br>
<a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fconfluence.freeswitch.org&data=02%7C01%7Crmundkowsky%40ets.org%7C505306e6c453490da26708d567a0f5d5%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636528863387947052&sdata=sWhGrHsJoqBxx9p%2BQ32vxrbyrclq0QCb4llrrfs3QRo%3D&reserved=0" rel="noreferrer" target="_blank">https://na01.safelinks.<wbr>protection.outlook.com/?url=<wbr>http%3A%2F%2Fconfluence.<wbr>freeswitch.org&data=02%7C01%<wbr>7Crmundkowsky%40ets.org%<wbr>7C505306e6c453490da26708d567a0<wbr>f5d5%<wbr>7C0ba6e9b760b34fae92f37e6ddd9e<wbr>9b65%7C0%7C0%<wbr>7C636528863387947052&sdata=<wbr>sWhGrHsJoqBxx9p%<wbr>2BQ32vxrbyrclq0QCb4llrrfs3QRo%<wbr>3D&reserved=0</a><br>
<a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.cluecon.com&data=02%7C01%7Crmundkowsky%40ets.org%7C505306e6c453490da26708d567a0f5d5%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636528863387947052&sdata=wQP9XZziFFiMIkvWB5zr5DwDK5F5%2BDbNJ3gtJCHhYt8%3D&reserved=0" rel="noreferrer" target="_blank">https://na01.safelinks.<wbr>protection.outlook.com/?url=<wbr>http%3A%2F%2Fwww.cluecon.com&<wbr>data=02%7C01%7Crmundkowsky%<wbr>40ets.org%<wbr>7C505306e6c453490da26708d567a0<wbr>f5d5%<wbr>7C0ba6e9b760b34fae92f37e6ddd9e<wbr>9b65%7C0%7C0%<wbr>7C636528863387947052&sdata=<wbr>wQP9XZziFFiMIkvWB5zr5DwDK5F5%<wbr>2BDbNJ3gtJCHhYt8%3D&reserved=0</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.freeswitch.org%2Fmailman%2Flistinfo%2Ffreeswitch-users&data=02%7C01%7Crmundkowsky%40ets.org%7C505306e6c453490da26708d567a0f5d5%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636528863387947052&sdata=iKUQA2bDbZh4jgK4eN%2F4sJCiHrEqRXTPyPHedufrJws%3D&reserved=0" rel="noreferrer" target="_blank">https://na01.safelinks.<wbr>protection.outlook.com/?url=<wbr>http%3A%2F%2Flists.freeswitch.<wbr>org%2Fmailman%2Flistinfo%<wbr>2Ffreeswitch-users&data=02%<wbr>7C01%7Crmundkowsky%40ets.org%<wbr>7C505306e6c453490da26708d567a0<wbr>f5d5%<wbr>7C0ba6e9b760b34fae92f37e6ddd9e<wbr>9b65%7C0%7C0%<wbr>7C636528863387947052&sdata=<wbr>iKUQA2bDbZh4jgK4eN%<wbr>2F4sJCiHrEqRXTPyPHedufrJws%3D&<wbr>reserved=0</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeswitch.org&data=02%7C01%7Crmundkowsky%40ets.org%7C505306e6c453490da26708d567a0f5d5%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636528863387947052&sdata=2YGYIAS02v0lG%2ByUtZZdCkzFJCgpYU4eUeGuWfcfnfY%3D&reserved=0" rel="noreferrer" target="_blank">https://na01.safelinks.<wbr>protection.outlook.com/?url=<wbr>http%3A%2F%2Fwww.freeswitch.<wbr>org&data=02%7C01%<wbr>7Crmundkowsky%40ets.org%<wbr>7C505306e6c453490da26708d567a0<wbr>f5d5%<wbr>7C0ba6e9b760b34fae92f37e6ddd9e<wbr>9b65%7C0%7C0%<wbr>7C636528863387947052&sdata=<wbr>2YGYIAS02v0lG%<wbr>2ByUtZZdCkzFJCgpYU4eUeGuWfcfnf<wbr>Y%3D&reserved=0</a><br>
<br>
______________________________<wbr>__<br>
<br>
This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.<br>
<br>
<br>
Thank you for your compliance.<br>
<br>
______________________________<wbr>__<br>
<div class="HOEnZb"><div class="h5">______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a></div></div></blockquote></div><br></div>