[asterisk-dev] SIP/NAT handling again (with patch)
Luigi Rizzo
rizzo at icir.org
Wed Jul 25 10:03:25 CDT 2007
On Wed, Jul 25, 2007 at 04:44:17PM +0200, Klaus Darilion wrote:
>
>
> Luigi Rizzo wrote:
> > In my struggling with SIP-behind-NAT issues, i found out that asterisk
> > is not making use of useful information coming from the remote party,
> > namely the 'received=' and 'rport=' fields in the Via: header,
> > which are used by the remote party to report the address and port
> > where they see us.
> > Note that this information is exceedingly useful in evironments
> > where you have symmetric NAT, and STUN and other nat traversal
> > techniques are useless because the external mapping depends on the
> > 4-tuple src-ip,src-port,dst-ip,dst-port and not just on the src-ip,src-port.
>
> Extracting the rport and received parameter from the received response
> indeed enables you to signal the proper public socket in the SIP
> requests. But how do you handle RTP NAT traversal when behind a
> symmetric NAT?
one thing at a time :)
There is no solution if both endpoints are behind a symmetric nat
and you don't have a publicly-reachable box in the middle.
Otherwise, you can only hope in same help from the remote party,
At the moment asterisk (in the receive path) does it in two ways:
1. it can use the value returned by recvfrom() instead of the address
specified in the SDP message. This however requires that at least
a packet comes in;
2. it can respond to STUN requests on the RTP socket, so the client can
try and send a request to that socket before building its own sdp
message.
cheers
luigi
More information about the asterisk-dev
mailing list