[Freeswitch-users] NAT traversal - the final say..!
Cal Leeming [Simplicity Media Ltd]
cal.leeming at simplicitymedialtd.co.uk
Mon Dec 17 20:20:29 MSK 2012
Hi Mario,
If at all possible - feel free to just dump into the thread, and I can take
care of getting it into a nice format into the wiki (everyones credits will
be kept of course).
Same for everyone else!
Cal
On Mon, Dec 17, 2012 at 5:08 PM, Mario G <mario_fs at mgtech.com> wrote:
> I am planning on putting up an example of how I have 2 WAN lines both
> available to FreeSwitch, both used at the same time (load balanced), both
> are failover for each other. I have tested pulling plugs, etc. There is
> nothing in FreeSwitch defined for the lines and it runs with "-nonat", the
> router does SIP ALG fine. I thought the setup example might be useful to
> someone since it took so long to figure it out. The only hold up has been
> that I have other wiki updates to do and had FreeSwitch issues this year,
> each time one is fixed another comes up (memory leak right now) so that has
> eaten up all the time I could put into the wiki. I have already started it
> and promise to post on the ML once it's up, should be in the next 2 months.
> It may help someone in the same situation and requirements.
> Mario G
>
>
> On Dec 17, 2012, at 6:17 AM, Cal Leeming [Simplicity Media Ltd] wrote:
>
> Any other experiences/thoughts from others on this?
>
> Feedback so far has been great, lets keep it coming guys!
>
> Cal
>
> On Sun, Dec 16, 2012 at 9:52 PM, João Mesquita <jmesquita at freeswitch.org>wrote:
>
>> My take on the subject is that we are trying to tackle 2 different
>> problems at once.
>>
>> On one hand we have how NAT works and what problems it create on a VoIP
>> world. I really was not able to find any condensed documentation on the
>> internet that would describe with VoIP in mind what a admin need to know
>> about SIP packets and NAT handling. If there was one, we could just add a
>> link to the wiki page. Since NAT has no "one configuration" fix, user NEEDS
>> to know about it in order to fix his own scenario.
>>
>> On the other hand, we have how FS particularly deals with NAT (client and
>> server side). I think there is more documentation to be added/created on
>> that end as well. NAT is a complicated matter indeed and understanding
>> Sofia profiles alone is a challenge. Add NAT to the mix and the
>> configuration can look like black magic.
>>
>> So, question is, who can elaborate/contribute/find a definitive guide to
>> NAT so we can lecture users and who knows all about the NAT handling
>> internals so we can document each and every option available?
>>
>> João Mesquita
>>
>>
>>
>> On Sun, Dec 16, 2012 at 6:21 PM, Cal Leeming [Simplicity Media Ltd] <
>> cal.leeming at simplicitymedialtd.co.uk> wrote:
>>
>>> It seems that most of us agree there is no single answer to fix NAT
>>> problems - the double-NAT is something I hadn't thought about.
>>>
>>> Sean mentioned having a checklist of approaches, which would be good
>>> addition for the documentation fix.
>>>
>>> I agree that enabling NAT HACK by default could break clients that are
>>> functioning normally, but not if it is only enabled automatically under
>>> certain conditions (described in the original email).
>>>
>>> However - the upside is that it gives another layer of "this just
>>> works".. the downside is that it gives users a reason to not bother looking
>>> at why their NAT is broken in the first place.
>>>
>>> With that in mind, I'm thinking that just a documentation fix is the
>>> answer here, to avoid user lazyness.
>>>
>>> Cal
>>>
>>> On Sun, Dec 16, 2012 at 7:53 PM, Steven Ayre <steveayre at gmail.com>wrote:
>>>
>>>> "There seems to be a large number of discussions surrounding NAT
>>>> traversal, as well as lots of documentation, but with no concrete answers. "
>>>>
>>>> Part of the problem is that:
>>>>
>>>> - Not all NAT implementations function in the same way (eg some
>>>> rewrite ports others do not)
>>>> - Not all SIP ALG implementations work the same/work
>>>> - Not all clients handle NAT in the same way
>>>> - You can encounter other odd situations such as double NAT that
>>>> further complicate matters
>>>>
>>>> So what works in one case might not work in another, so it's hard to
>>>> give a concrete 'this is how to do it' that'll work in all cases. And often
>>>> that means you need to find a failing client first then put in a NDLB
>>>> workaround for that specific client. You could enable them by default, but
>>>> that then can cause problems in other cases where the clients handle NAT
>>>> correctly.
>>>>
>>>> Roll on NAT-less IPv6 for true end-to-end connectivity*. :o)
>>>>
>>>> -Steve
>>>>
>>>>
>>>>
>>>> On 16 December 2012 16:15, Cal Leeming [Simplicity Media Ltd] <
>>>> cal.leeming at simplicitymedialtd.co.uk> wrote:
>>>>
>>>>> *Any and all feedback on this thread would be much welcomed.*
>>>>>
>>>>> Hello,
>>>>> *
>>>>> *
>>>>> There seems to be a large number of discussions surrounding NAT
>>>>> traversal, as well as lots of documentation, but with no concrete answers.
>>>>>
>>>>> The NAT related wiki documentation is tedious, and depending on the
>>>>> outcome of this thread, I'd like to spend some time cleaning it up.
>>>>>
>>>>> The most common problem (the same as ours) was having a router with
>>>>> broken ALG and a softphone that does not seem to work with STUN.
>>>>>
>>>>> The following REGISTER is sent from a phone.
>>>>>
>>>>> REGISTER sip:1.2.3.4:5060 SIP/2.0
>>>>> Via: SIP/2.0/UDP 192.168.1.102:57787
>>>>> ;branch=z9hG4bK-d8754z-b31b18401713de75-1---d8754z-;rport
>>>>> Max-Forwards: 70
>>>>> Contact: <sip:2000 at 192.168.1.102:57787;rinstance=0c7190b115a36513>
>>>>> To: "foxx"<sip:2000 at 1.2.3.4:5060>
>>>>> From: "foxx"<sip:2000 at 1.2.3.4:5060>;tag=83311448
>>>>> Call-ID: NGQyMjJkODlhMzQ1ZWY4ZDk4ZjZmZWRhODU0NWE5YWI.
>>>>> CSeq: 7 REGISTER
>>>>> Expires: 120
>>>>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REGISTER, SUBSCRIBE, NOTIFY,
>>>>> REFER, INFO, MESSAGE
>>>>> Supported: replaces
>>>>> User-Agent: 3CXPhone 6.0.25732.0
>>>>> Content-Length: 0
>>>>>
>>>>> As you can see, the client's public IP is not specified
>>>>> anywhere. FreeSWITCH offers several ways around this, the main ones being;
>>>>>
>>>>> * NDLB-connectile-dysfunction
>>>>> * NDLB-force-rport
>>>>> * apply-nat-acl
>>>>> * sip-force-contact
>>>>>
>>>>> The one that has worked in our case was "NDLB-connectile-dysfunction"
>>>>> (otherwise known as NAT HACK), however there seems to be a lot of negative
>>>>> comments about using this.
>>>>>
>>>>> From what I can tell, the general argument is that NAT HACK is
>>>>> considered a non RFC compliant hack, and the SIP phones should be doing a
>>>>> better job of keeping to the RFCs.
>>>>>
>>>>> In principle, this is a fair argument - but in practise, it's not a
>>>>> reasonable assumption that all phones are RFC compliant, and (imho) not a
>>>>> reasonable argument to have this functionality disabled by default.
>>>>>
>>>>> So, I'd like to present the following arguments;
>>>>>
>>>>> * Are there any other negative aspects about
>>>>> using NDLB-connectile-dysfunction, other than it is a non compliant RFC
>>>>> hack?
>>>>>
>>>>> * Why is NDLB-connectile-dysfunction not enabled by default when
>>>>> certain conditions are met? In the event that FreeSWITCH receives a
>>>>> REGISTER from a phone specifying a Contact/Via as 192.168.0.0/16, but
>>>>> received on a public IP, then it should be obvious that NAT is broken and
>>>>> automatically try to circumvent it.
>>>>>
>>>>> * People seem to get confused between server side and client side NAT
>>>>> problems, and that they both need to be resolved in a different way. The
>>>>> documentation doesn't seem to reflect this clearly.
>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://wiki.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>>
>>>>
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://wiki.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>>
>>>
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>>
>>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20121217/b25d69de/attachment-0001.html
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list