network-programminginterfacekamailio

Use kamailio sip server with more than one network, is not working


I need to configure kamailio to work within different networks and over internet. I tried lot of configurations but none works.

I configured kamailio as shown in this link! but doesn't work, I looked at tcp dump:

>>14:49:20.328121 IP 192.168.10.8.sip > 187.95.131.xxx.sip: SIP: REGISTER sip:187.95.131.166 SIP/2.0
>>14:49:24.331926 IP 192.168.10.8.sip > 187.95.131.xxx.sip: SIP: REGISTER sip:187.95.131.xxx SIP/2.0

The kamailio do not respond to client.

The configuration of kamailio is:

>> WITH_MYSQL

>> WITH_AUTH

>> WITH_USRLOCDB

>> WITH_NAT
>>...

>>alias=187.95.131.xxx:5060

>>...

everything like the link says.

and rtpproxy is running when called by kamailio:

>>13:39:35 firewall /usr/sbin/kamailio[15886]: INFO: rtpproxy [rtpproxy.c:1598]: rtpp_test(): rtp proxy <unix:/var/run/rtpproxy/rtpproxy.sock> found, support for it enabled

My network setup is:

internet <----> (firewall with kamailio) <---->(LAN0, LAN1, LAN2)

LAN0 = 192.168.2.0/24

LAN1 = 192.168.3.0/24

LAN3 = 192.168.10.0/24

The LANs don't talk with other. (except by firewall rules)

If setup kamailio to bind on all lan interfaces, the voip works only if the caller is on the same lan that receiver, but within different lans or over internet the sip registers but have no voice.

For tests, all incoming/outcoming udp connection on the internet interface and all udp forward between lans and internet interface are accepted.


Solution

  • Solved!

    The forwarding (with masquerade) rules doesn't work very well with kamailio, I was forced to configure kamailio to bind on all interfaces and not to redirect inside packets to outside interface. But just for ensure, after sussesfull tests without rtpproxy I replaced kamailio by opensips, this one is more well documented than kamailio.

    The rtpproxy was configured to listen on localhost instead of the socket file.

    basically the opensips.cfg was setted up as shown below:

    auto_aliases=no
    listen=udp:EXTERNAL_IP:5060 
    
    ...
    
    modparam("nathelper", "sipping_from", "sip:pinger@EXTERNAL_IP")
    
    ...
    
    loadmodule "rtpproxy.so"
    modparam("rtpproxy", "rtpproxy_sock", "udp:localhost:12221")
    

    *It was noted that even with opensips configured to listen only on external IP, its listen on other interfaces too.

    Than the rtpproxy was started with follow arguments:

    rtpproxy -l EXTERNAL_IP -s udp:127.0.0.1:12221 -u rtpproxy rtpproxy
    

    After rtpproxy opensips was started.

    And at last, some tests was made and with help of tcpdump that shown a port range from 30000 - 65000 was used by rtpproxy to force voice packets through opensips server, and then the follow firewall rules was implemented:

    iptables -A INPUT -p udp -m udp --dport 5060:5070 -j ACCEPT
    iptables -A OUTPUT -p udp -m udp --sport 5060:5070 -j ACCEPT
    iptables -A INPUT -p udp -m udp --dport 30000:65000 -j ACCEPT
    iptables -A OUTPUT -p udp -m udp --sport 30000:65000 -j ACCEPT