[asterisk-users] How to use stun server?

Victor Toofic toofics at gmail.com
Fri Aug 3 12:21:49 CDT 2007 

El Fri, Aug 03 de 2007 a las 20:24 +0500, Rizwan Hisham comentaba:
> I'm sure there was a perfectly good reason for encoding the devices IP
> address inside the SIP data when they invented it, but right now, I can't
> think why
> one thing i still dont understnd. if the device we are using is a computer,
> and we r running a softphone on it. and side by side we are also surfing the
> net. then why is it so that web content is coming into the computer without
> any problem but rtp data is not. i think both the web application and
> softphone are using computer's local ip address in their requests. So whats
> the reason for this?

Simple, web content uses TCP while RTP uses UDP to carry the data. In TCP
your computer needs to establish a connection with the remote side before
each one can send any data, the device which is doing the NAT realizes that
and creates a bridge between your computer's IP/Port and the remote site
IP/Port.

In the case of SIP/RTP over UDP is different. Your softphone sends the
signaling over a UDP port, the remote site receives the data and responses
back to the IP/Port it recived it from (the IP/Port of the NATing device),
the device which is doing the NAT knows that you have recently send data
over that IP/Port and routes it back to you. Thats why SIP signaling can work
fine even behind a NAT (nat=yes).

RTP flow is also different. Your softphone specify it wants to receive RTP
in a IP/Port (private IP/Port), when the remote site wants to send you RTP
data it cannot be routed because that address is private, it cannot send
the data to the address of the NATing device because the port this device
is using for your outgoing RTP is different than the port you specified.
So the RTP that is destinated to you gets lost.

> 
> I understand how stun works but thanx for explaining it in so simple and
> concise way.
> 
> One other question which has been bothering me is:
> If the client phone is behind nat, that means there is NATTING going on
> between public internet and local net. Then why do we need stun? NATTING
> should handle the problem itself as it does for other applications running
> on the same computer where softphone is also running.

NATting can, in someway, handle the problem when you originate the call, but
it cannot do it when someone wants to reach you later. The SIP header
"Contact" is used for this, when someone wants to reach you it uses the
address you specified in that header, so it must be a public IP address
which you obtained from the STUN server or another mean.

More information about the asterisk-users mailing list