[Freeswitch-users] MultiNAT
Pasha
pasha at prosperity4ever.com
Fri Jul 25 04:21:33 MSD 2014
I fail to see what the problem you're having is? This sounds somewhat
similar to the setup I have which works just fine.
My FS box is on a 10.0.0.0 network each one of my offsite locations
connect to this network via VPN (so they usually come from a 192.168.X.X
network) so FS registers the phones and connects all the required RTP
ports for the phones to work.
FS also links all the gateways (incoming and outgoing) via my public IP
from the data centre, so essentially each call (unless internal)
traverses 2 NATs at all times.
Call comes in via public IP of FS gets NATted to FS 10.0.0.X address,
then FS rings the appropriate phones on either 10.9.0.X or 10.8.0.X
(depending which vpn server they connected via) and VPN server NATs one
more time to the 192.168.X.X networks where the actual phones are.
I hope that made sense :) I have been using this setup in production for
over 3 years now and it's working fine, so I would ask what your actual
challenge is? Are calls getting dropped? Are phones not able to reach
FS? Are the calls going out the wrong gateway?
Paul
On 14-07-23 12:40 PM, Kurtis Heimerl wrote:
> Hrm, this is more complicated to explain than I anticipated.
>
> Basically, this is the fault of VPNs. We have one machine in our data
> center that is running a VPN connecting (X.Y.*.*) to carrier 1. That
> box is one-to-one NATing all communciations to our (FS) VoIP server on
> the local subnet (192,168.*.*). So that's NAT 1.
>
> The second NAT is for the actual public access from our VoIP box. This
> has a public IP outside the firewall (A.B.*.*) and NATs again to the
> VoIP server on the local subnet (192.168.*.*)
>
> So, this one machine (192.168.*.*) is actually behind two separate
> NATs at the moment. It has some rules in the IP tables to route X.Y
> traffic to the VPN box, and otherwise route to the broader internet.
> The existing way to deal with a NAT in FS is the ext-rtp/sip-ip field
> in the profile, but that no longer works when we have to dynamically
> set these fields depending on which NAT they are going through.
>
> Does that make sense? Even if not, here's the problem: I want to set
> ext-rtp/sip-ip dynamically in the dialplan. Is that possible?
>
>
> On Wed, Jul 23, 2014 at 5:40 AM, Brian West <brian at freeswitch.org
> <mailto:brian at freeswitch.org>> wrote:
>
> I'm guessing both networks are behind the same nat and routed? Or
> is it two different nat'ed networks behind the same public IP? If
> its just two standard networks thats fully routed and no nat
> between the 192.x and the 10.x space then just set your
> local-network-acl to rfc1918.auto.
>
>
> On Wed, Jul 23, 2014 at 12:52 AM, Kurtis Heimerl
> <kheimerl at cs.berkeley.edu <mailto:kheimerl at cs.berkeley.edu>> wrote:
>
> Comments in line:
>
>
> On Tue, Jul 22, 2014 at 9:22 PM, Pasha
> <pasha at prosperity4ever.com <mailto:pasha at prosperity4ever.com>>
> wrote:
>
> The problem with that though (if I understand your
> scenario correctly) is that even if there was a way to set
> external IP in freeswitch in the dial plan you say that
> you only have 1 external IP to deal with anyway, so what
> would you set your second IP to for routing to work properly?
>
> There's only one actual IP on the box, but it's behind *two*
> different NATs. Setting the ext-rtp/sip-ip to the appropriate
> NAT IP works for both connections, but I need to make that
> dynamic.
>
> In my mind what might work for you is if you create an
> alias to your single network controller with the second IP
> that you need, then if you have access to the firewall
> perform NAT so that if connection comes in from external
> IP of vendor #1 on 5060 you forward that to 5060 on
> internal IP 1 of your fresswitch box. If call comes in on
> external IP of vendor #2 on 5060 you forward to port 5060
> of your internal IP #2 (alias on freeswitch box)... that's
> for incoming...
>
>
> I'm not sure I understand this. Does a FS alias allow me to
> have multiple IPs on the same box somehow?
>
> I apologize if I didn't fully understand your scenario.
> I'm not even sure why you're having a conflict in this
> case because your providers are different, the only time
> you have an issue with single external IP is if you're
> trying to setup a second trunk to the same provider (most
> of them won't allow more than on trunk on a single IP).
>
>
> It's a relatively simple, but apparently uncommon, case, I
> agree. My issue sounds very similar to having multiple trunks
> to the same provider in a way, but I have different external
> IPs for RTP and such instead.
>
> Paul
>
>
> On 14-07-22 05:28 PM, Kurtis Heimerl wrote:
>> I can't do that unfortunately. Our providers are hitting
>> the generic SIP Port: 5060 so that's not available. Our
>> system behind the two NATs has only one network
>> interface, and as such only one available public IP. So
>> we can't just set up a new profile. I can probably hack
>> around this in another way (port forwarding through one
>> of the NATs to allow a second profile on the same IP) but
>> that's pretty ugly and unsustainable going forward. I'd
>> much prefer to simply set the expected external IP in the
>> outbound dialplan for each provider.
>>
>>
>> On Tue, Jul 22, 2014 at 5:07 PM, Russell Treleaven
>> <rtreleaven at bunnykick.ca
>> <mailto:rtreleaven at bunnykick.ca>> wrote:
>>
>> Either give them separate ip addresses or separate
>> ports.
>>
>>
>> Sent from my BlackBerry® PlayBook^(TM)
>> www.blackberry.com <http://www.blackberry.com>
>>
>> ------------------------------------------------------------------------
>> *From:* "Kurtis Heimerl" <kheimerl at cs.berkeley.edu
>> <mailto:kheimerl at cs.berkeley.edu>>
>> *To:* "FreeSWITCH Users Help"
>> <freeswitch-users at lists.freeswitch.org
>> <mailto:freeswitch-users at lists.freeswitch.org>>
>> *Sent:* 22 July, 2014 8:04 PM
>> *Subject:* Re: [Freeswitch-users] MultiNAT
>>
>> They all have to sit on the same internal IP and
>> Port, so I don't think I can.
>>
>>
>> On Tue, Jul 22, 2014 at 4:57 PM, Russell Treleaven
>> <rtreleaven at bunnykick.ca
>> <mailto:rtreleaven at bunnykick.ca>> wrote:
>>
>> Hi Kurtis,
>>
>> Why not make a separate profile for each provider?
>>
>> Sent from my BlackBerry® PlayBook^(TM)
>> www.blackberry.com <http://www.blackberry.com>
>>
>> ------------------------------------------------------------------------
>> *From:* "Kurtis Heimerl"
>> <kheimerl at cs.berkeley.edu
>> <mailto:kheimerl at cs.berkeley.edu>>
>> *To:* "FreeSWITCH Users Help"
>> <freeswitch-users at lists.freeswitch.org
>> <mailto:freeswitch-users at lists.freeswitch.org>>
>> *Sent:* 22 July, 2014 7:14 PM
>> *Subject:* [Freeswitch-users] MultiNAT
>>
>> Hey Users,
>>
>> I have an interesting NAT setup. I'm running FS
>> on the inside of our network as a router/proxy
>> between some SIP phones and DID providers.
>> However, each DID provider is behind a
>> *different* NAT (a property of our VPN setups for
>> them).
>>
>> For instance: DID1 is at IP 192.168.1.1 and DID2
>> is at 10.0.0.1.
>>
>> I have calls working for each of them when I set
>> the following in my external profile:
>>
>> <param name="ext-rtp-ip" value="10.0.0.2"/>
>> <param name="ext-sip-ip" value="10.0.0.2"/>
>>
>> However, I need to dynamically route between
>> *both* of them. I need a mechanism for setting
>> ext-rtp-ip and ext-sip-ip in the dialplan itself!
>>
>> Is there a set way to do this?
>>
>> Thanks!
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>>
>> FreeSWITCH-powered IP PBX: The CudaTel
>> Communication Server
>>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>>
>> FreeSWITCH-powered IP PBX: The CudaTel Communication
>> Server
>>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>>
>>
>>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> --
>
> */Brian West/*
> brian at freeswitch.org <mailto:brian at freeswitch.org>
>
>
> */Twitter: @FreeSWITCH , @briankwest/*
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
>
> *T:*+19184209001 <tel:%2B19184209001> | *F:*+19184209002
> <tel:%2B19184209002> | *M:*+1918424WEST (9378)
> *iNUM:*+883 5100 1420 9001 <tel:%2B883%205100%201420%209001> |
> *ISN:*410*543 | *Skype:*briankwest
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140724/b6e8147d/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list