80tech Posted April 7, 2021 Report Posted April 7, 2021 Hi everyone! I have set a KAZOO server behind NAT. The problem is that Kamailio fills the private IP address in SIP messages. By modifying some parameters of Kamailio, SIP signaling transmission works well, but RTP forwarding still has problems. Does anyone know how to configure SDP to use a public IP address? Any guidance would be appreciated. Tommy
Alexander Mustafin Posted April 7, 2021 Report Posted April 7, 2021 Hello. You can edit the local.cfg of the Kamailio config, and add an advertisement rule, so your listen rule looks something like listen=udp:10.2.0.10:5060 advertise 52.53.54.55:5060 More here: https://www.kamailio.org/wiki/cookbooks/devel/core
Meat Posted April 7, 2021 Report Posted April 7, 2021 Hey Tommy, I would highly suggest you look at this post for help getting Kazoo working behind a NAT. This discusses using Azure and AWS, all of which use NAT'ng. Should get you all squared away... And to directly add some guidance to your question there, if your signaling is working correctly then you've most likely got Kamailio setup correctly (still double check with link above). Freeswitch is what handles your media in the Kazoo setup and it needs to be told as well that it's behind a NAT.
naveed6865 Posted April 7, 2021 Report Posted April 7, 2021 if Media is not working, then go to freeswitch configs and change ext-sip-ip and ext-rtp-ip to your public ip since SDP is running through freeswitch, Kamailio is only handling sip signaling.
80tech Posted April 8, 2021 Author Report Posted April 8, 2021 Hi all, Thanks for all the answers, much appreciated. It finally worked by referring to Meat's detailed information. Here is my configuration. On Freeswitch vi /etc/kazoo/freeswitch/sip_profiles/sipinterface_1.xml <param name="ext-rtp-ip" value="x.x.x.x"/> ##x.x.x.x is the external IP address you have assigned to this instance <param name="local-network-acl" value="NOPE"/> ##this is the setting I hadn't configured before, so the RTP routing had problems. systemctl restart kazoo-freeswitch On Kamailio vi /etc/kazoo/kamailio/local.cfg listen=udp:a.a.a.a:5060 advertise x.x.x.x:5060 ##a.a.a.a is your private IP address x.x.x.x is the external IP address systemctl restart kazoo-kamailio Thanks Tommy
Rhys Posted June 21, 2021 Report Posted June 21, 2021 Hi, I have Kazoo set up in aws providing the public IP address for NAT and kamailio bound to the private IP - as per https://forums.2600hz.com/forums/topic/11827-kazoo-in-azure-is-it-supporteddoes-it-work/?tab=comments#comment-61838 The issue I am having is that for any SIP Request (e.g INVITE).... KAMAILIO is inserting a record route of the public IP, regardless of whether the message is routing to a freeswitch box within AWS (bound on private IP) or externally to a sip device. Is there anyway to set up Kamailio to NOT advertise the public IP (in RR header) if connecting to a freeswitch box bound on a private IP and ONLY advertise a public IP (in RR) if routing outside of the private IP subnet. Many Thanks, Rhys
naveed6865 Posted June 21, 2021 Report Posted June 21, 2021 you can enable double record route in kamailio, so kamailio will put both public and private ips, but actual communication will be on private ips between freeswitch and kamailio,
Meat Posted June 21, 2021 Report Posted June 21, 2021 What's the symptoms you're seeing from this? Are you having connection or audio issues?
Rhys Posted June 21, 2021 Report Posted June 21, 2021 (edited) A connection issue - The problem I have is that freeswitch is generating a bye in a play scenario but the bye can't be routed to kamailio because freeswitch cannot reach the public IP (honouring record-route using a route header to direct bye). Edited June 21, 2021 by Rhys (see edit history)
Rhys Posted June 22, 2021 Report Posted June 22, 2021 23 hours ago, naveed6865 said: you can enable double record route in kamailio, so kamailio will put both public and private ips, but actual communication will be on private ips between freeswitch and kamailio, Hi Naveed, When enabling dourble record routing (setting 'modparam("rr", "enable_double_rr", 2)') in kamailio config.... kamalio will insert the advertised sip address in both headers - which in my case is the AWS Elastic IP/NAT IP. Is it possible to tell kamailio to advertise both the Public/NAT IP and Private IP in the two RR headers? Cheers
naveed6865 Posted June 23, 2021 Report Posted June 23, 2021 is your NAT ip of kamailio and private ip are different in your kamailio? Normally, in AWS, kamailio has one private IP and advertised ip will be the elastic public ip of aws node. So when double RR enabled in the kamailio, it will put both private and public ips in the record route, you have use Alias of both private ip and public ip then it will insert both.
Rhys Posted June 23, 2021 Report Posted June 23, 2021 (edited) @naveed6865 Yeh I have set up an elastic IP for Kamailio and Kamailio is bound to private IP but advertising the elastic IP ie: listen=udp:a.a.a.a:5060 advertise x.x.x.x:5060 ##a.a.a.a is your private IP address x.x.x.x is the external IP address I then configure the modparam to enable the double RR setting, but at this point I get two RR both containing the elastic IP. For aliasing are you suggesting I set up a vip of the elastic IP on an alias interface ie eth0:0?? OR Alias in kamailio config ie alias=xxx.xxx.xxx.xxx?? Its worth noting I only have a single nic. Edited June 23, 2021 by Rhys (see edit history)
80tech Posted November 26, 2021 Author Report Posted November 26, 2021 @rhys Hi Rhys, Did you find any solution to your problem? Tommy
airsay Posted March 13 Report Posted March 13 (edited) Follow up on this. So I have Kazoo v4.3 installed on a Proxmox Home lab. Port forwarded necessary ports. Updated Freeswitch and Kamailio to advertise public IP. Successfully registered two extensions outside my network and established call between both. I'm however having issues registering from within my LAN. If I set outbound proxy to the Kazoo's internal IP address, phone registers successfully. Calls to that extension get sent to Voicemail immediately without ringing even though the phone is online. If I provide my public IP address (I've got a static public IP), the phone never registers. I don't see any register attempts from the phone. So my question is, is it possible to have a server where phones can register internally and externally and have both phones communicate? EDIT: So I may have spoken too early. Just did a test with one phone external to my LAN (A) calling a phone internal to my LAN (B). Calling B from A rings B. When I answer B, there's only one way audio from A to B. No Audio from B to A. A has outbound proxy set as my public IP, B has outbound proxy set as Kazoo's local internal IP. What should I be tweaking if any? I understand that in most production use case this isn't going to ever arise, but I've previously self-hosted 3CX where this did arise and was handled "flawlessly" by 3CX. Edit 2: Calling A from B and the call is getting hung up as soon as A answers. I see a BYE coming from Kaz.oo.Lan.IP:11000 to Phone A immediately A answers the call (+0.00503 seconds) Edited March 13 by airsay Update to actual scenario (see edit history)
Recommended Posts