1
2
3Still under construction...
4
5
6---------------------------------------------------------------------------
7Q: What softphone work with siproxd?
8
9A: The goal is that every softphone (that is SIP compliant) should be
10   able to work via siproxd. Tested and/or reported to work so far:
11   - linphone (http://www.linphone.org)
12   - kphone   (http://http://www.wirlab.net/kphone/)
13   - MSN Messenger
14   - Grandstream BudgeTone series
15   - X-Lite   (http://www.xten.com)
16---------------------------------------------------------------------------
17Q: Is it possible from a remote computer to call the inbound computer?
18
19A: Yes, see also next question.
20---------------------------------------------------------------------------
21Q: What SIP address must the remote computer use to make a call?
22
23A: Scenario
24   --------
25
26   private IP address range             :          Internet
27   10.0.0.x                             :          (public IP address range)
28                                        :
29                                        :  foo.bar.org          xxx.org
30   +-------------+             +--------------+              +-------------+
31   !             !.10       .1 ! masquerading ! publicIP     !             !
32   ! IntHost     !-------------! Firewall     !------------>>! externalHost!
33   !             !         eth0!              !ppp0          !             !
34   +-------------+             +--------------+              +-------------+
35   user: johndoe                                               user: test
36
37  - IntHost is running an SIP softphone (like linphone, kphone)
38
39   - The SIP address used by IntHost is sip:johndoe@foo.bar.org
40
41   - The softphone on IntHost is configured to register at siproxd
42     running on the firewall host (10.0.0.1) as sip:johndoe@foo.bar.org
43
44   - foo.bar.org is the domain name corresponding to the public IP address
45     of the firewall (eg use some dynamic DNS service [1])
46
47   - externalHost does *not* register at siproxd running on the firewall host.
48
49
50  The relevant part of the configuration (linphone) of IntHost
51  then looks like ($HOME/gnome/linphone):
52
53  [sip]
54  sip_port=5060
55  use_registrar=1
56  username=johndoe
57  hostname=foo.bar.org
58  registrar=sip:10.0.0.1
59  reg_passwd=
60  addr_of_rec=sip:johndoe@foo.bar.org
61  reg_expires=900
62  as_proxy=1
63  as_redirect=0
64  as_outbound=1
65
66  To make an outgoing call from IntHost simply use the SIP address of the
67  target ( -> sip:test@xxx.org).
68
69  test@xxx.org can make a incoming calls - it simply has to use the registered
70  SIP address of the softphone running on IntHost (sip:johndoe@foo.bar.org).
71  Siproxd will then rewrite and forward the incoming request to Inthost.
72
73  The externalHost does not need to know anything about the proxy. For the
74  user sip:test@xxx.org it looks as he directly sends the traffic to
75  foo.bar.org, siproxd then takes care about where to send it from there.
76
77---------------------------------------------------------------------------
78Q: How does the registration and mapping of inbound clients work?
79
80A: The mapping mechanism of SIP addresses works basically like:
81
82   Inthost sends a registration to siproxd with:
83   - a 'To:' address of the address to be registered (sip:johndoe@foo.bar.org)
84     (lets call this address the 'masqueraded' or 'public'  address)
85
86   - a 'Contact:' address of the *true* address (sip:johndoe@10.0.0.10)
87
88   Siproxd then will basically 'just' substitute the true address by the
89   masqueraded address and vice versa. That means you can have multiple
90   IntHosts (each of them using a different user name) running at the
91   same time.
92
93   For an incoming call, siproxd will search its registration table for
94   the requested SIP address and so finds the internal host that belong to it.
95
96   This of course *requires* that the username part of the SIP address is
97   unique for each softphone that registers a the proxy (So this is more or
98   less the mechanism that you mentioned in your mail).
99---------------------------------------------------------------------------
100Q: How does the RTP Proxy work?
101
102A: The RTP proxy actually is quite simple. It does not use any RTP
103   protocol stack.  All relevant code is located within rtpproxy.c.
104   The RTP proxy is running as a separate thread. It maintains a
105   list of active RTP transfers (rtp_proxytable).
106   Controlling (registering a new RTP data stream / removing a RTP stream)
107   is done via 2 service routines rtp_start_fwd() and rtp_stop_fwd() from
108   withing the SIP related part of siproxd.
109
110   When a session is established (INVITE, ACK), siproxd will fetch the
111   relevant information (UDP ports) from the SIP messages and
112   does a rtp_start_fwd().
113   This will create an UDP socket and binds it to the outbound interface
114   address (port number dynamically chosen withing the RTP port range).
115   In addition a entry into the rtp_proxytable will be made.
116
117   The RTP Proxy then *simply* does wait withing a select() to receive
118   a UDP datagrams on the specified ports and then sends them to the
119   local client. The RTP proxy does absolutely not care about WHAT data
120   is proxied, so it is not aware of RTP or any other high level stuff.
121   It is simply a binary forwarding of datagrams.
122   If the session is closed (BYE) the RTP stream will be stopped via
123   rtp_stop_fwd(). In addition, there exists a timeout supervision
124   (configurable) that will stop RTP streams that have been inactive
125   (no data received) for a specified time.
126
127   For each RTP data stream, also an RTCP stream will be handled (port
128   number of RTP strem +1).
129
130---------------------------------------------------------------------------
131Q: Does siproxd need to be installed on the same host as the
132   firewall / NAT is running?
133
134A: Not necesarily. Siproxd needs to know the public IP address, as this
135   address is included in the SIP signalling to establish a session. Also,
136   siproxd needs control on the allocation of UDP ports for sending/receiving
137   RTP data (some User Agents get into trouble/silence if the sending and
138   receiving UDP port is not the same)
139
140   However, siproxd does *not* interact with ipchains/iptables. The
141   requirement for the firewall rules is to allow port 5060 for incomming
142   UDP datagrams (SIP) as well as the UDP port range for RTP data as
143   specified in the config file (default 7070 - 7079).
144
145   One mode of operation is to run siproxd on the NAT host, using
146   different if_inboude and if_outbound interfaces.
147   The other method is to ruin siproxd "in front of" the NAT firewall.
148   For configuration details see the documentation (host_outbound).
149
150---------------------------------------------------------------------------
151Q: How do I configure siproxd to use ICPHAINS based UDP masquerading
152   tunnels for proxying the incomming RTP traffic?
153
154A: Since version 0.5.2, IPCHAINS and IPTABLES are no longer supported.
155   Use the RTP relay instead.
156
157---------------------------------------------------------------------------
158Q: What types of operation does siproxd support?
159
160A: Siproxd can be used in two ways:
161
162   1) Siproxd as outbound proxy:
163      - Configure your local client to register with some 3rd party service
164        like Sipphone, FWD, Sipgate or any other.
165      - Configure your local client to use siproxd as OUTBOUND PROXY
166
167      Note: In this case, the local client does NOT register with siproxd
168      but only with the external SIP restration service. The only condition
169      is that siproxd needs to stay in the path of communication, therefore
170      the local client must be configured as to use an OUTBOUND PROXY.
171
172   2) Siproxd as registrar:
173      If you don't want to use any 3rd party service, you can have your
174      local clients directly with siproxd. Only in this case you should
175      set-up accounts and passwords in siproxd.
176      - Configure you local client to register with siproxd. As AOR (address
177        of record) choose a user part as you want and a host part that
178        resolves to the public addess of the host running siproxd.
179      - DO use siproxd as outbound proxy
180
181      Note that siproxd has very limited capabilities when used as
182      registrar. So my recommendation is to use method 1) and go with
183      a real registrar.
184
185---------------------------------------------------------------------------
186Q: How do I use siproxd as a pure outbound proxy, so I can register with my
187   SIP phone at a third party registrar?
188
189A: Also Simple. Just configure your SIP phone to use siproxd as outbound
190   proxy and your 3rd party registrar as registrar. Siproxd will then
191   transparently handle (and if needed rewrite) the SIP traffic.
192
193---------------------------------------------------------------------------
194Q: I have a Grandstream Budgetone-100 SIP phone. The SIP communication
195   seems to work properly (I can register, make and receive calls) but
196   I do not hear any audio. However, transmitting audio works.
197
198A: Since version 0.5.2, IPCHAINS and IPTABLES are no longer supported.
199   Use the RTP relay instead. Grandstream SIP phones are now working
200   properly with the RTP relay.
201
202---------------------------------------------------------------------------
203Q: I use Linux (kernel 2.4.x) with ipchains. However, siproxd
204   always complains "ERROR:IPCHAINS support not built in", why?
205
206A: Since version 0.5.2, IPCHAINS and IPTABLES are no longer supported.
207   Use the RTP relay instead.
208
209---------------------------------------------------------------------------
210Q: I  have two local UA (SIP phones) connected to siproxd. I can
211   make outgoing calls and receive incoming calls to some other
212   SIP phones in the internet. However, making a call between the
213   two locally connected does not succeed, why?
214
215A: Since Version 0.5.3 this is supported.
216
217---------------------------------------------------------------------------
218Q: When I'm experimenting with siproxd, sometimes it is not enough to
219   restart siproxd to get rid of old junk.
220
221A: Siproxd remenbers the registrations made by UAs in a seperate file.
222   Therefore, just restarting siproxd is not enough to get rid of them.
223   Of course eventually they will time out and be removed from the cache.
224   You also can delete the cache file manually.by default it is in
225   /tmp/siproxd_registrations.
226   - stop siproxd
227   - rm siproxd_registrations
228   - start siproxd
229
230   Also, with newer Linux Kernels (2.6.x with conntrack kernel module
231   loaded) there may be some state information stored within conntrack.
232   Stopp all SIP traffic (UAs, including siproxd) and wait about 5
233   minutes, then try again.
234
235---------------------------------------------------------------------------
236Q: I have problems getting MSN Messenger 5.0 to work (using FWD
237   as 3rd party registrar).
238
239A: First make sure that you have an SIP enabled MSN messenger, which
240   is a separate download from the non-SIP-enabled Messenger 5 at
241   http://www.microsoft.com/windows/messenger.
242
243   For the configuration, enter the local IP address of siproxd as the server
244   and 266xxx@fwd.pulver.com as your address. When the authentication
245   dialog comes up you must use your FWD_NUMBER (266xxx) and your password.
246   Messenger misleads you into typing FWD_NUMBER@fwd.pulver.com which
247   will fail...
248
249---------------------------------------------------------------------------
250Q: Can you give an example configuration for kphone and FWD?
251
252A:
253   (FWD_NUMBER is your FWD account number)
254
255   File->Identity
256   --------------
257   Full Name: My Name
258   User part of SIP URL: FWD_NUMBER
259   Host Part of SIP URL: fwd.pulver.com
260   Outbound Proxy: 192.168.1.1          <<-- local IP of siproxd
261   Authentication Username: FWD_NUMBER
262   q-value:                             <<-- empty
263
264   Preferences->SIP->Socket
265   ------------------------
266   Socket Protocol: UDP
267   Use STUN Server: No
268   Symmetric Signalling: No             (may also be 'Yes')
269   Symmetric Media: No                  (may also be 'Yes')
270   STUN Server:                         << n/a
271   Request Period for STUN Server       << n/a
272   Media Min Port: 7070                 << depend of siproxd config
273   Media Max Port: 7080                    (RTP ports)
274
275---------------------------------------------------------------------------
276Q: If I update both inbound and outbound to
277   if_inbound  = ppp0
278   if_outbound = ppp0
279   will this work ?
280
281A: Very likely this will not work properly. Siproxd does masquerade User
282   Agents hidden behind a NAT firewall (inbound network) so they can access
283   other User Agents located in the public internet (outbound network).
284   Therefore there MUST be 2 networks connected to the host running
285   siproxd:
286   - Inbound network
287   - Outbound network
288
289   If you just want a proxy located in the public IP range you should not
290   use siproxd, but get a real SIP proxy server instead.
291
292---------------------------------------------------------------------------
293Q: I can build siproxd, but when I try to start it, it fails with
294   something like:
295   $ siproxd -h
296   siproxd: error while loading shared libraries: libosipparser2.so.3:
297   cannot open shared object file: No such file ordirectory
298
299A: Make sure you have correctly installed libosip2. If libosip2 is
300   installed somewhere else than the standard library paths, the
301   path MUST be included in the /etc/ld.so.conf file to tell the
302   dynamic linker where to search for libraries.
303   Try the following command:
304   $ /sbin/ldconfig -p|grep libosip
305   The output MUST be something like:
306
307   libosip2.so.3 (libc6) => /usr/lib/libosip2.so.3
308   libosip2.so (libc6) => /usr/lib/libosip2.so
309   libosipparser2.so.3 (libc6) => /usr/lib/libosipparser2.so.3
310   libosipparser2.so (libc6) => /usr/lib/libosipparser2.so
311
312   If not, libosip2 is not correctly installed.
313
314---------------------------------------------------------------------------
315Q: I have two Internet connections, one is my main connection and the
316   second is my backup connection. Can I configure siproxd in a way
317   to handle both Internet connections (switch to the backup connection
318   if the other one fails)?
319
320A: Siproxd itself does not include support for such a thing. However what
321   you can do is, use 2 different siproxd configuration files (with the
322   two different outbound interfaces configured). Then, if the main
323   interface goes down and you activate the backup connection, just
324   copy the second siproxd config file in place and restart siproxd.
325   Active registrations are not lost, as siproxd does save them at exit.
326
327---------------------------------------------------------------------------
328Q: Scalability of siproxd?
329
330A: In practice, stable operation of siproxd installations with more than
331   600 VoIP Accounts and more than 60 concurrent calls are being reported.
332   Multiple instances of siproxd may be run on the same server.
333
334
335