Jump to content

KAZOO server behind NAT


80tech

Recommended Posts

Hi everyone!

I have set a KAZOO server behind NAT. The problem is that Kamailio fills the private IP address in SIP messages.
By modifying some parameters of Kamailio, SIP signaling transmission works well, but RTP forwarding still has problems.
Does anyone know how to configure SDP to use a public IP address?

Any guidance would be appreciated.

Tommy

Link to comment
Share on other sites

Hey Tommy,

I would highly suggest you look at this post for help getting Kazoo working behind a NAT.  This discusses using Azure and AWS, all of which use NAT'ng.  Should get you all squared away... 

 

And to directly add some guidance to your question there, if your signaling is working correctly then you've most likely got Kamailio setup correctly (still double check with link above).  Freeswitch is what handles your media in the Kazoo setup and it needs to be told as well that it's behind a NAT.  

Link to comment
Share on other sites

Hi all,

Thanks for all the answers, much appreciated. It finally worked by referring to Meat's detailed information.
 
Here is my configuration.


On Freeswitch  

vi /etc/kazoo/freeswitch/sip_profiles/sipinterface_1.xml

<param name="ext-rtp-ip" value="x.x.x.x"/>     ##x.x.x.x is the external IP address you have assigned to this instance

<param name="local-network-acl" value="NOPE"/>  ##this is the setting I hadn't configured before, so the RTP routing had problems.

systemctl restart kazoo-freeswitch

 


On Kamailio

vi /etc/kazoo/kamailio/local.cfg  

listen=udp:a.a.a.a:5060 advertise x.x.x.x:5060     ##a.a.a.a is your private IP address    x.x.x.x is the external IP address

systemctl restart kazoo-kamailio


 

Thanks
Tommy

 
Link to comment
Share on other sites

  • 2 months later...

Hi,

I have Kazoo set up in aws providing the public IP address for NAT and kamailio bound to the private IP - as per https://forums.2600hz.com/forums/topic/11827-kazoo-in-azure-is-it-supporteddoes-it-work/?tab=comments#comment-61838

The issue I am having is that for any SIP Request (e.g INVITE).... KAMAILIO is inserting a record route of the public IP, regardless of whether the message is routing to a freeswitch box within AWS (bound on private IP) or externally to a sip device.

Is there anyway to set up Kamailio to NOT advertise the public IP (in RR header) if connecting to a freeswitch box bound on a private IP and ONLY advertise a public IP (in RR) if routing outside of the private IP subnet.

Many Thanks,
Rhys

Link to comment
Share on other sites

A connection issue - The problem I have is that freeswitch is generating a bye in a play scenario but the bye can't be routed to kamailio because freeswitch cannot reach the public IP (honouring record-route using a route header to direct bye).

Edited by Rhys (see edit history)
Link to comment
Share on other sites

23 hours ago, naveed6865 said:

you can enable double record route in kamailio, so kamailio will put both public and private ips, but actual communication will be on private ips between freeswitch and kamailio, 

Hi Naveed,

When enabling dourble record routing (setting 'modparam("rr", "enable_double_rr", 2)') in kamailio config.... kamalio will insert the advertised sip address in both headers - which in my case is the AWS Elastic IP/NAT IP.

Is it possible to tell kamailio to advertise both the Public/NAT IP and Private IP in the two RR headers? 

Cheers

Link to comment
Share on other sites

is your NAT ip of kamailio and private ip are different in your kamailio? Normally, in AWS, kamailio has one private IP and advertised ip will be the elastic public ip of aws node. So when double RR enabled in the kamailio, it will put both private and public ips in the record route,  you have  use Alias of both private ip and public ip then it will insert both.

Link to comment
Share on other sites

@naveed6865 Yeh I have set up an elastic IP for Kamailio and Kamailio is bound to private IP but advertising the elastic IP ie:

listen=udp:a.a.a.a:5060 advertise x.x.x.x:5060     ##a.a.a.a is your private IP address    x.x.x.x is the external IP address

I then configure the modparam to enable the double RR setting, but at this point I get two RR both containing the elastic IP.  

For aliasing are you suggesting I set up a vip of the elastic IP on an alias interface ie eth0:0?? OR Alias in kamailio config ie alias=xxx.xxx.xxx.xxx??

Its worth noting I only have a single nic.

 

Edited by Rhys (see edit history)
Link to comment
Share on other sites

  • 5 months later...
  • 2 years later...

Follow up on this. So I have Kazoo v4.3 installed on a Proxmox Home lab. Port forwarded necessary ports. Updated Freeswitch and Kamailio to advertise public IP. Successfully registered two extensions outside my network and established call between both.  I'm however having issues registering from within my LAN. If I set outbound proxy to the Kazoo's internal IP address, phone registers successfully. Calls to that extension get sent to Voicemail immediately without ringing even though the phone is online. If I provide my public IP address (I've got a static public IP), the phone never registers. I don't see any register attempts from the phone. So my question is, is it possible to have a server where phones can register internally and externally and have both phones communicate?

 

EDIT: So I may have spoken too early. Just did a test with one phone external to my LAN (A) calling a phone internal to my LAN (B). Calling B from A rings B. When I answer B, there's only one way audio from A to B. No Audio from B to A. A has outbound proxy set as my public IP, B has outbound proxy set as Kazoo's local internal IP. What should I be tweaking if any? I understand that in most production use case this isn't going to ever arise, but I've previously self-hosted 3CX where this did arise and was handled "flawlessly" by 3CX. 

 

Edit 2: Calling A from B and the call is getting hung up as soon as A answers. I see a BYE coming from Kaz.oo.Lan.IP:11000 to Phone A immediately A answers the call (+0.00503 seconds)

Edited by airsay
Update to actual scenario (see edit history)
Link to comment
Share on other sites

×
×
  • Create New...