1 2 3Still under construction... 4 5 6--------------------------------------------------------------------------- 7Q: What softphone work with siproxd? 8 9A: The goal is that every softphone (that is SIP compliant) should be 10 able to work via siproxd. Tested and/or reported to work so far: 11 - linphone (http://www.linphone.org) 12 - kphone (http://http://www.wirlab.net/kphone/) 13 - MSN Messenger 14 - Grandstream BudgeTone series 15 - X-Lite (http://www.xten.com) 16--------------------------------------------------------------------------- 17Q: Is it possible from a remote computer to call the inbound computer? 18 19A: Yes, see also next question. 20--------------------------------------------------------------------------- 21Q: What SIP address must the remote computer use to make a call? 22 23A: Scenario 24 -------- 25 26 private IP address range : Internet 27 10.0.0.x : (public IP address range) 28 : 29 : foo.bar.org xxx.org 30 +-------------+ +--------------+ +-------------+ 31 ! !.10 .1 ! masquerading ! publicIP ! ! 32 ! IntHost !-------------! Firewall !------------>>! externalHost! 33 ! ! eth0! !ppp0 ! ! 34 +-------------+ +--------------+ +-------------+ 35 user: johndoe user: test 36 37 - IntHost is running an SIP softphone (like linphone, kphone) 38 39 - The SIP address used by IntHost is sip:johndoe@foo.bar.org 40 41 - The softphone on IntHost is configured to register at siproxd 42 running on the firewall host (10.0.0.1) as sip:johndoe@foo.bar.org 43 44 - foo.bar.org is the domain name corresponding to the public IP address 45 of the firewall (eg use some dynamic DNS service [1]) 46 47 - externalHost does *not* register at siproxd running on the firewall host. 48 49 50 The relevant part of the configuration (linphone) of IntHost 51 then looks like ($HOME/gnome/linphone): 52 53 [sip] 54 sip_port=5060 55 use_registrar=1 56 username=johndoe 57 hostname=foo.bar.org 58 registrar=sip:10.0.0.1 59 reg_passwd= 60 addr_of_rec=sip:johndoe@foo.bar.org 61 reg_expires=900 62 as_proxy=1 63 as_redirect=0 64 as_outbound=1 65 66 To make an outgoing call from IntHost simply use the SIP address of the 67 target ( -> sip:test@xxx.org). 68 69 test@xxx.org can make a incoming calls - it simply has to use the registered 70 SIP address of the softphone running on IntHost (sip:johndoe@foo.bar.org). 71 Siproxd will then rewrite and forward the incoming request to Inthost. 72 73 The externalHost does not need to know anything about the proxy. For the 74 user sip:test@xxx.org it looks as he directly sends the traffic to 75 foo.bar.org, siproxd then takes care about where to send it from there. 76 77--------------------------------------------------------------------------- 78Q: How does the registration and mapping of inbound clients work? 79 80A: The mapping mechanism of SIP addresses works basically like: 81 82 Inthost sends a registration to siproxd with: 83 - a 'To:' address of the address to be registered (sip:johndoe@foo.bar.org) 84 (lets call this address the 'masqueraded' or 'public' address) 85 86 - a 'Contact:' address of the *true* address (sip:johndoe@10.0.0.10) 87 88 Siproxd then will basically 'just' substitute the true address by the 89 masqueraded address and vice versa. That means you can have multiple 90 IntHosts (each of them using a different user name) running at the 91 same time. 92 93 For an incoming call, siproxd will search its registration table for 94 the requested SIP address and so finds the internal host that belong to it. 95 96 This of course *requires* that the username part of the SIP address is 97 unique for each softphone that registers a the proxy (So this is more or 98 less the mechanism that you mentioned in your mail). 99--------------------------------------------------------------------------- 100Q: How does the RTP Proxy work? 101 102A: The RTP proxy actually is quite simple. It does not use any RTP 103 protocol stack. All relevant code is located within rtpproxy.c. 104 The RTP proxy is running as a separate thread. It maintains a 105 list of active RTP transfers (rtp_proxytable). 106 Controlling (registering a new RTP data stream / removing a RTP stream) 107 is done via 2 service routines rtp_start_fwd() and rtp_stop_fwd() from 108 withing the SIP related part of siproxd. 109 110 When a session is established (INVITE, ACK), siproxd will fetch the 111 relevant information (UDP ports) from the SIP messages and 112 does a rtp_start_fwd(). 113 This will create an UDP socket and binds it to the outbound interface 114 address (port number dynamically chosen withing the RTP port range). 115 In addition a entry into the rtp_proxytable will be made. 116 117 The RTP Proxy then *simply* does wait withing a select() to receive 118 a UDP datagrams on the specified ports and then sends them to the 119 local client. The RTP proxy does absolutely not care about WHAT data 120 is proxied, so it is not aware of RTP or any other high level stuff. 121 It is simply a binary forwarding of datagrams. 122 If the session is closed (BYE) the RTP stream will be stopped via 123 rtp_stop_fwd(). In addition, there exists a timeout supervision 124 (configurable) that will stop RTP streams that have been inactive 125 (no data received) for a specified time. 126 127 For each RTP data stream, also an RTCP stream will be handled (port 128 number of RTP strem +1). 129 130--------------------------------------------------------------------------- 131Q: Does siproxd need to be installed on the same host as the 132 firewall / NAT is running? 133 134A: Not necesarily. Siproxd needs to know the public IP address, as this 135 address is included in the SIP signalling to establish a session. Also, 136 siproxd needs control on the allocation of UDP ports for sending/receiving 137 RTP data (some User Agents get into trouble/silence if the sending and 138 receiving UDP port is not the same) 139 140 However, siproxd does *not* interact with ipchains/iptables. The 141 requirement for the firewall rules is to allow port 5060 for incomming 142 UDP datagrams (SIP) as well as the UDP port range for RTP data as 143 specified in the config file (default 7070 - 7079). 144 145 One mode of operation is to run siproxd on the NAT host, using 146 different if_inboude and if_outbound interfaces. 147 The other method is to ruin siproxd "in front of" the NAT firewall. 148 For configuration details see the documentation (host_outbound). 149 150--------------------------------------------------------------------------- 151Q: How do I configure siproxd to use ICPHAINS based UDP masquerading 152 tunnels for proxying the incomming RTP traffic? 153 154A: Since version 0.5.2, IPCHAINS and IPTABLES are no longer supported. 155 Use the RTP relay instead. 156 157--------------------------------------------------------------------------- 158Q: What types of operation does siproxd support? 159 160A: Siproxd can be used in two ways: 161 162 1) Siproxd as outbound proxy: 163 - Configure your local client to register with some 3rd party service 164 like Sipphone, FWD, Sipgate or any other. 165 - Configure your local client to use siproxd as OUTBOUND PROXY 166 167 Note: In this case, the local client does NOT register with siproxd 168 but only with the external SIP restration service. The only condition 169 is that siproxd needs to stay in the path of communication, therefore 170 the local client must be configured as to use an OUTBOUND PROXY. 171 172 2) Siproxd as registrar: 173 If you don't want to use any 3rd party service, you can have your 174 local clients directly with siproxd. Only in this case you should 175 set-up accounts and passwords in siproxd. 176 - Configure you local client to register with siproxd. As AOR (address 177 of record) choose a user part as you want and a host part that 178 resolves to the public addess of the host running siproxd. 179 - DO use siproxd as outbound proxy 180 181 Note that siproxd has very limited capabilities when used as 182 registrar. So my recommendation is to use method 1) and go with 183 a real registrar. 184 185--------------------------------------------------------------------------- 186Q: How do I use siproxd as a pure outbound proxy, so I can register with my 187 SIP phone at a third party registrar? 188 189A: Also Simple. Just configure your SIP phone to use siproxd as outbound 190 proxy and your 3rd party registrar as registrar. Siproxd will then 191 transparently handle (and if needed rewrite) the SIP traffic. 192 193--------------------------------------------------------------------------- 194Q: I have a Grandstream Budgetone-100 SIP phone. The SIP communication 195 seems to work properly (I can register, make and receive calls) but 196 I do not hear any audio. However, transmitting audio works. 197 198A: Since version 0.5.2, IPCHAINS and IPTABLES are no longer supported. 199 Use the RTP relay instead. Grandstream SIP phones are now working 200 properly with the RTP relay. 201 202--------------------------------------------------------------------------- 203Q: I use Linux (kernel 2.4.x) with ipchains. However, siproxd 204 always complains "ERROR:IPCHAINS support not built in", why? 205 206A: Since version 0.5.2, IPCHAINS and IPTABLES are no longer supported. 207 Use the RTP relay instead. 208 209--------------------------------------------------------------------------- 210Q: I have two local UA (SIP phones) connected to siproxd. I can 211 make outgoing calls and receive incoming calls to some other 212 SIP phones in the internet. However, making a call between the 213 two locally connected does not succeed, why? 214 215A: Since Version 0.5.3 this is supported. 216 217--------------------------------------------------------------------------- 218Q: When I'm experimenting with siproxd, sometimes it is not enough to 219 restart siproxd to get rid of old junk. 220 221A: Siproxd remenbers the registrations made by UAs in a seperate file. 222 Therefore, just restarting siproxd is not enough to get rid of them. 223 Of course eventually they will time out and be removed from the cache. 224 You also can delete the cache file manually.by default it is in 225 /tmp/siproxd_registrations. 226 - stop siproxd 227 - rm siproxd_registrations 228 - start siproxd 229 230 Also, with newer Linux Kernels (2.6.x with conntrack kernel module 231 loaded) there may be some state information stored within conntrack. 232 Stopp all SIP traffic (UAs, including siproxd) and wait about 5 233 minutes, then try again. 234 235--------------------------------------------------------------------------- 236Q: I have problems getting MSN Messenger 5.0 to work (using FWD 237 as 3rd party registrar). 238 239A: First make sure that you have an SIP enabled MSN messenger, which 240 is a separate download from the non-SIP-enabled Messenger 5 at 241 http://www.microsoft.com/windows/messenger. 242 243 For the configuration, enter the local IP address of siproxd as the server 244 and 266xxx@fwd.pulver.com as your address. When the authentication 245 dialog comes up you must use your FWD_NUMBER (266xxx) and your password. 246 Messenger misleads you into typing FWD_NUMBER@fwd.pulver.com which 247 will fail... 248 249--------------------------------------------------------------------------- 250Q: Can you give an example configuration for kphone and FWD? 251 252A: 253 (FWD_NUMBER is your FWD account number) 254 255 File->Identity 256 -------------- 257 Full Name: My Name 258 User part of SIP URL: FWD_NUMBER 259 Host Part of SIP URL: fwd.pulver.com 260 Outbound Proxy: 192.168.1.1 <<-- local IP of siproxd 261 Authentication Username: FWD_NUMBER 262 q-value: <<-- empty 263 264 Preferences->SIP->Socket 265 ------------------------ 266 Socket Protocol: UDP 267 Use STUN Server: No 268 Symmetric Signalling: No (may also be 'Yes') 269 Symmetric Media: No (may also be 'Yes') 270 STUN Server: << n/a 271 Request Period for STUN Server << n/a 272 Media Min Port: 7070 << depend of siproxd config 273 Media Max Port: 7080 (RTP ports) 274 275--------------------------------------------------------------------------- 276Q: If I update both inbound and outbound to 277 if_inbound = ppp0 278 if_outbound = ppp0 279 will this work ? 280 281A: Very likely this will not work properly. Siproxd does masquerade User 282 Agents hidden behind a NAT firewall (inbound network) so they can access 283 other User Agents located in the public internet (outbound network). 284 Therefore there MUST be 2 networks connected to the host running 285 siproxd: 286 - Inbound network 287 - Outbound network 288 289 If you just want a proxy located in the public IP range you should not 290 use siproxd, but get a real SIP proxy server instead. 291 292--------------------------------------------------------------------------- 293Q: I can build siproxd, but when I try to start it, it fails with 294 something like: 295 $ siproxd -h 296 siproxd: error while loading shared libraries: libosipparser2.so.3: 297 cannot open shared object file: No such file ordirectory 298 299A: Make sure you have correctly installed libosip2. If libosip2 is 300 installed somewhere else than the standard library paths, the 301 path MUST be included in the /etc/ld.so.conf file to tell the 302 dynamic linker where to search for libraries. 303 Try the following command: 304 $ /sbin/ldconfig -p|grep libosip 305 The output MUST be something like: 306 307 libosip2.so.3 (libc6) => /usr/lib/libosip2.so.3 308 libosip2.so (libc6) => /usr/lib/libosip2.so 309 libosipparser2.so.3 (libc6) => /usr/lib/libosipparser2.so.3 310 libosipparser2.so (libc6) => /usr/lib/libosipparser2.so 311 312 If not, libosip2 is not correctly installed. 313 314--------------------------------------------------------------------------- 315Q: I have two Internet connections, one is my main connection and the 316 second is my backup connection. Can I configure siproxd in a way 317 to handle both Internet connections (switch to the backup connection 318 if the other one fails)? 319 320A: Siproxd itself does not include support for such a thing. However what 321 you can do is, use 2 different siproxd configuration files (with the 322 two different outbound interfaces configured). Then, if the main 323 interface goes down and you activate the backup connection, just 324 copy the second siproxd config file in place and restart siproxd. 325 Active registrations are not lost, as siproxd does save them at exit. 326 327--------------------------------------------------------------------------- 328Q: Scalability of siproxd? 329 330A: In practice, stable operation of siproxd installations with more than 331 600 VoIP Accounts and more than 60 concurrent calls are being reported. 332 Multiple instances of siproxd may be run on the same server. 333 334 335