[asterisk-dev] SIP, NAT, security concerns, oh my!
Yaroslav Panych
panych.y at gmail.com
Sat Oct 22 09:31:00 CDT 2011
Hi, sorry for inserting my, probably incompetent, 2 cents.
For me as for potential implementer of SIP UAC, option #3 is more
preferred. But in variant when force_rport is disabled by default.
Personally I dislike very much rport option. As said, it was
introduced because of no NAT-aware clients will be unreachable for
responses. And I asked myself "who's its fault? server or client?" My
answer was "client". Why program/developer which uses connection less
transport protocol(UDP) does not care about reverse route? Because
developer was so lazy that he decide not to implement NAT traverse
technologies.
Then, when appeared rport option, this lazy developers have real
reason to be lazy in future(reason to do something if it already works
somehow?)
If force_rport will be defaulted or hardcoded, this means admirations
of UACs developers laziness. Its UAC's problem to be reachable from
server, UAC should care to redirect answers to right port on all
potential NATs. I personally will never use SIP-client which is unable
to do that.
regards, Yaroslav.
More information about the asterisk-dev
mailing list