[Freeswitch-users] Bridging between two rfc1918 networks
Brian West
brian at freeswitch.org
Thu Oct 13 22:31:23 MSD 2016
You should only need to set your local-network-acl to be rfc1918.auto, then
make sure you set the ext-rtp-ip and ext-sip-ip correctly and there
shouldn't be a problem.
Watch this https://www.youtube.com/watch?v=_WSx-T6TriI
Thanks,
/b
On Thu, Oct 13, 2016 at 12:58 PM, Serge Yuriev <me at nevian.org> wrote:
> The problem is:
> Call from ext to int - FS proxies rtp
> Call from int to ext - FS reveals external address to internal server in
> SDP resulting in one way audio
>
> SDP examples in first message
>
> --
> Wbr, Serge via mobile
>
> 13.10.2016, 20:40, "Brian West" <brian at freeswitch.org>:
>
> There should be no special anything to configure if these two systems are
> talking over the private network and its routed properly, there is no nat
> settings, no ext-*-ip settings required, So what is the problem you're
> having?
>
> On Thu, Oct 13, 2016 at 11:11 AM, Serge S. Yuriev <me at nevian.org> wrote:
>
> Not sure that you asking about.
> This is interconnect between two large enterprises with a lot equally
> numbered networks. So only few hosts are visible via VPN both servers not
> aware of. Plain routing.
> No NAT involved at all.
>
> My server on inside interface talks to my devices. On external - to the
> real ip world and mentioned partner 172.17.2.3/32
> Partner server talks to theirs network and to my external ip via VPN
>
>
> 13.10.2016, 02:12, "Brian West" <brian at freeswitch.org>:
>
> Are these servers talking to anything outside their perspective NATs?
> What are their blocks?
>
> On Wed, Oct 12, 2016 at 3:51 PM, Serge Yuriev <me at nevian.org> wrote:
>
>
> From perspective of server it is normal route via desired interface.
> So VPN somewhere outside and server not aware of it.
>
> --
> Wbr, Serge via mobile
>
> 12.10.2016, 21:17, "Brian West" <brian at freeswitch.org>:
>
>
> How are the two networks connected? VPN?
>
> On Wed, Oct 12, 2016 at 12:01 PM, Serge S. Yuriev <me at nevian.org> wrote:
>
> Hi,
>
> How I can debug this issue to move it further?
> I feel much more comfortable with FS than Asterisk which works out-of-box
> :)
>
> Proxy mode doesn't work also because of 3pcc.
> --
> Wbr, Serge via mobile
>
> 11.10.2016, 14:25, "Serge S. Yuriev" <me at nevian.org>:
>
>
> Hi
>
> Is anyone have had chance to check the logs?
>
> I tried to include 172.17.2.3 as local-network on external while excluding
> it from internal - no joy :(
>
> <list name="lan" default="deny">
> <node type="deny" cidr="172.17.2.3/32"/>
> <node type="deny" cidr="172.17.2.4/32"/>
> <node type="allow" cidr="192.168.0.0/16"/>
> <node type="allow" cidr="10.0.0.0/8"/>
> <node type="allow" cidr="172.16.0.0/12"/>
> </list>
>
> <list name="wan" default="deny">
> <node type="allow" cidr="172.17.2.
> 3/32"/>
> <node type="allow" cidr="172.17.2.
> 4/32"/>
> <node type="allow" cidr="83.y.y.128/25"/>
> </list>
>
> --
> Wbr, Serge via mobile
>
> 09.10.2016, 13:03, "Serge Yuriev":
>
> Bad one
> https://pastebin.freeswitch.org/view/5a6b306c
>
> Good one
> https://pastebin.freeswitch.org/view/5b1ca4e3
>
> On 8 Oct 2016, at 04:23, Anthony Minessale <anthony.minessale at gmail.com>
> wrote:
>
>
> Too terse.
>
> You probably need to produce full traces on pastebin with the full debug
> to get any idea.
>
>
> On Fri, Oct 7, 2016 at 6:13 PM, Serge Yuriev <me at nevian.org> wrote:
>
> As mentioned before I tried to play with local-network-acl but no joy.
> Maybe it’s just not right? On which profile I should tune?
>
> <list name="lan" default="deny">
> <node type="deny" cidr="172.17.2.3/32"/>
> <node type="deny" cidr="172.17.2.4/32"/>
> <node type="allow" cidr="192.168.0.0/16"/>
> <node type="allow" cidr="10.0.0.0/8"/>
> <node type="allow" cidr="172.16.0.0/12"/>
> </list>
>
> On both profiles I have like this
> Int
> <param name="rtp-ip" value="$${inside_bind_ipv4}"/>
> <param name="sip-ip" value="$${inside_bind_ipv4}"/>
> <param name="ext-rtp-ip" value="$${inside_bind_ipv4}"/>
> <param name="ext-sip-ip" value="$${inside_bind_ipv4}"/>
>
> Ext
> <param name="rtp-ip" value="$${outside_bind_ipv4}"/>
> <param name="sip-ip" value="$${outside_bind_ipv4}"/>
> <param name="ext-rtp-ip" value="$${outside_bind_ipv4}"/>
> <param name="ext-sip-ip" value="$${outside_bind_ipv4}"/>
>
> On 8 Oct 2016, at 00:48, Brian West <brian at freeswitch.org> wrote:
>
>
> you have to fix your local-network-acl in each system probably to do the
> right thing, do you have the ext-rtp-ip set with the automat: prefix?
>
> On Fri, Oct 7, 2016 at 1:23 PM, Serge S. Yuriev <me at nevian.org> wrote:
>
> Hello,
>
> Two SIP profiles:
> External 83.хх
> Internal 10.23.154.0/24
>
> Via external we are receiving/send calls from/to 172.17.2.0/29
> For some reason if we call outside FS sends unmodified addresses in SDP.
> So we have unroutable address in SDP and one-way audio. If call flows
> ext to int all working correct.
> Tried local-network-acl on inside (10.хх) with excluded 172.хх,
> apply-nat-acl with included 172.xx on either int and ext. Nothing helps :(
>
> "Bad one" SDP - from internal to external
> send 960 bytes to udp/[10.23.154.63]:6060 at 18:16:22.226984:
> ------------------------------------------------------------
> ------------
> SIP/2.0 200 OK
> Via: SIP/2.0/UDP 10.23.154.63:6060;branch=z9hG4bKe433fa68b81
> From: "IT, Юрьев Сергей"
> <sip:12550 at 10.23.154.63>;tag=195594~27154efa-6325-45a2-9e47-67e5d9302ebc-
> 237816120
> To: <sip:62987%236546 at 10.23.154.100>;tag=66NUXXHvB6HBp
> Call-ID: 86c80-7f71bc46-c44e-3f40000a at 10.23.154.63
> CSeq: 101 INVITE
> Contact: <sip:mod_sofia at 10.23.154.100:6060>
> User-Agent:
> FreeSWITCH-mod_sofia/1.7.0+git~20160707T165535Z~be13536ac9~64bit
> Accept: application/sdp
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE,
> PRACK, NOTIFY
> Require: timer
> Supported: precondition, 100rel, timer, path, replaces
> Allow-Events: talk, hold, conference, refer
> Session-Expires: 1800;refresher=uac
> Content-Type: application/sdp
> Content-Disposition: session
> Content-Length: 180
>
> v=0
> o=- 1475853382 2 IN IP4 172.17.2.3
> s=-
> >> c=IN IP4 172.17.2.4
> b=AS:64
> t=0 0
> m=audio 3040 RTP/AVP 8 101
> a=rtpmap:8 PCMA/8000
> a=rtpmap:101 telephone-event/8000
> a=ptime:20
>
>
> And a good one - external to internal
> send 1162 bytes to udp/[10.23.154.65]:5060 at 12:34:15.132027:
> ------------------------------------------------------------
> ------------
> INVITE sip:12550 at 10.23.154.65 SIP/2.0
> Via: SIP/2.0/UDP 10.23.154.100:6060;rport;branch=z9hG4bKUXyFjDmg8rtmB
> Max-Forwards: 69
> From: "Абонент"
> <sip:$(caller_id_number)@10.23.154.100>;tag=1agg8aZ7FUUBK
> To: <sip:12550 at 10.23.154.65>
> Call-ID: d8367628-0fc1-4325-998f-3f32f9d3a05b
> CSeq: 97580363 INVITE
> Contact: <sip:gw+cucm-65 at 10.23.154.100:6060;transport=udp;gw=cucm-65>
> User-Agent:
> FreeSWITCH-mod_sofia/1.7.0+git~20160707T165535Z~be13536ac9~64bit
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE,
> PRACK, NOTIFY
> Supported: precondition, 100rel, timer, path, replaces
> Allow-Events: talk, hold, conference, refer
> Content-Type: application/sdp
> Content-Disposition: session
> Content-Length: 268
> X-FS-Support: update_display,send_info
> Remote-Party-ID: "Абонент"
> <sip:$(caller_id_number)@10.23.154.100>;party=calling;screen
> =yes;privacy=off
>
> v=0
> o=FreeSWITCH 1475804423 1475804424 IN IP4 10.23.154.100
> s=FreeSWITCH
> >> c=IN IP4 10.23.154.100
> t=0 0
> m=audio 28432 RTP/AVP 8 18 101 13
> a=rtpmap:8 PCMA/8000
> a=rtpmap:18 G729/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-16
> a=rtpmap:13 CN/8000
> a=ptime:20
>
>
> --
> wbr,
> Serge
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> --
>
> *Brian West*
> brian at freeswitch.org
>
>
> *Twitter: @FreeSWITCH , @briankwest*
> http://www.freeswitchbook.com (50% Discount using code FreeSwitch50)
> http://www.freeswitchcookbook.com (50% Discount using code FreeSwitch50)
> https://www.gofundme.com/freeswitch_ubuntu
>
> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>
> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
> *iNUM:*+883 5100 1420 9001 <+883%205100%201420%209001> | *ISN:*410*543 |
> *Skype:*briankwest
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
--
*Brian West*
brian at freeswitch.org
*Twitter: @FreeSWITCH , @briankwest*
http://www.freeswitchbook.com (50% Discount using code FreeSwitch50)
http://www.freeswitchcookbook.com (50% Discount using code FreeSwitch50)
https://www.gofundme.com/freeswitch_ubuntu
Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
/r/freeswitch <https://www.reddit.com/r/freeswitch>
*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161013/0ede095f/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list