Natted Softphone ATA

From FreeSWITCH Wiki
Jump to: navigation, search


Warning

(Note 2009-04-05) This page might be obsolete NAT and NAT Traversal.

 


Contents

Problem

ATA (10.1.0.5) <-> (10.1.0.1) NAT (1.2.3.4) <-> Internet <-> (4.3.2.1) FreeSWITCH

Analysis

This is a fairly common scenario in the real world, where the FreeSWITCH server is out on the public Internet, while your ATA is behind a home or corporate NAT system. Now, a call comes in to your FreeSWITCH server, and it somehow has to get in touch with your ATA, but the address your ATA gave the VoIP server (10.1.0.5) is all wrong, since it's not aware of the public IP address of the NAT system (1.2.3.4), which the VoIP server would have to contact in order to (potentially) get through to the ATA (assuming the NAT lets the connection through).

Loophole

All three solutions proposed below capitalize on the knowledge that when you send a packet out (from an ATA, in our case) through a NAT system and out to the public Internet, the packet exits the NAT on a particular IP and port, and the NAT will generally remember that combination (let's call it "Combo A"), and forward packets that come "back" to "Combo A" on to whatever system in the local network the original packet came from (in our case, the ATA). Needless to say, all three of our solutions will attempt to alert the FreeSWITCH server that contacting our ATA should be done by contacting the NAT system at "Combo A," and the NAT will take it from there.

Solutions

STUN

One way of dealing with this problem is to configure the ATA to use STUN, which allows it to figure out how to bypass the NAT system in a rather user-transparent way. If your phone supports this, it's almost certainly the simplest solution. If you have a sipura, check Sipura STUN.

Port Forward

If the public side of your NAT has a static IP address and you can get a port forwarded from it to your ATA, then you can tell FreeSWITCH to automatically override the contact info advertised by the ATA with static contact info.

Here's an example configuration section (goes in directory.xml):

<domain name="$${sip_profile}">
 <user id="myuser">
   <params>
     <param name="password" value="mypass"/>
   </params>
   <variables>
     <variable name="sip-force-contact" value="sip:myuser@<public-ip-address>:<forwarded-port>"/>
   </variables>
 </user>
</domain>

Note that this trick will only work if you define said user in directory.xml.

NDLB-connectile-dysfunction

If you'd like to take the easy way out and just emulate Asterisk (which simply looks at the TCP/IP address info, which in many cases will have been stamped on its way out of the NAT with "Combo A"), set the sip-force-contact variable to "NDLB-connectile-dysfunction" to tell FreeSWITCH to emulate Asterisk. [2]

Here's an example configuration section (goes in directory.xml):

<domain name="$${sip_profile}">
 <user id="myuser">
   <params>
     <param name="password" value="mypass"/>
   </params>
   <variables>
     <variable name="sip-force-contact" value="NDLB-connectile-dysfunction"/>
   </variables>
 </user>
</domain>

Note that like solution 2, this trick will only work if you define said user in directory.xml. In particular, it won't work with blind registration.