OpenSIPS in the Cloud with NAT Support

nat.md

0. Install and start rtpproxy, configure firewall to allow UDP ports used.
1. make menuconfig.
2. Generate OpenSIPS Script -> Residential Script -> Configure.
3. Select ENABLE_TLS, USE_AUTH, USE_DIALOG and USE_NAT.
4. Go back, Generate & Save Residential Script.
5. Copy etc/opensips_residential_*.cfg to /etc/opensips/opensips.cfg.
6. Customize opensips.cfg and SIP_DOMAIN, DBENGINE, etc. in opensipsctlrc.
7. opensipsdbctl create.
8. systemctl enable opensips.service && systemctl start opensips.service.
9. opensipsctl add <USER> <PASSWORD>.
10. Enjoy and profit!

P.S. Check out https://blog.opensips.org/2016/11/11/how-to-avoid-plaintext-passwords/.

--- /etc/opensips_residential_2020.cfg
+++ /etc/opensips/opensips.cfg
@@ -37,14 +37,16 @@
 auto_aliases=no
 
 
+advertised_address="PUBLIC_DOMAIN"
+
 listen=udp:127.0.0.1:5060   # CUSTOMIZE ME
 
-listen=tls:127.0.0.1:5061   # CUSTOMIZE ME
+listen=tls:PRIVATE_IP:5061   # CUSTOMIZE ME
 
 ####### Modules Section ########
 
 #set module path
-mpath="/usr/local/lib/opensips/modules/"
+mpath="/usr/lib64/opensips/modules"
 
 #### SIGNALING module
 loadmodule "signaling.so"
@@ -125,21 +127,21 @@
 modparam("nathelper", "natping_interval", 10)
 modparam("nathelper", "ping_nated_only", 1)
 modparam("nathelper", "sipping_bflag", "SIP_PING_FLAG")
-modparam("nathelper", "sipping_from", "sip:[email protected]") #CUSTOMIZE ME
+modparam("nathelper", "sipping_from", "sip:pinger@PUBLIC_DOMAIN") #CUSTOMIZE ME
 modparam("nathelper", "received_avp", "$avp(received_nh)")
 
 loadmodule "rtpproxy.so"
-modparam("rtpproxy", "rtpproxy_sock", "udp:localhost:12221") # CUSTOMIZE ME
+modparam("rtpproxy", "rtpproxy_sock", "udp:localhost:9000") # CUSTOMIZE ME
 
 loadmodule "proto_udp.so"
 loadmodule "proto_tls.so"
 loadmodule "tls_mgm.so"
-modparam("tls_mgm","verify_cert", "1")
+modparam("tls_mgm","verify_cert", "0")
 modparam("tls_mgm","require_cert", "0")
-modparam("tls_mgm","tls_method", "TLSv1")
-modparam("tls_mgm","certificate", "/usr/local/etc/opensips/tls/user/user-cert.pem")
-modparam("tls_mgm","private_key", "/usr/local/etc/opensips/tls/user/user-privkey.pem")
-modparam("tls_mgm","ca_list", "/usr/local/etc/opensips/tls/user/user-calist.pem")
+modparam("tls_mgm","tls_method", "TLSv1_2")
+modparam("tls_mgm","certificate", "/etc/opensips/tls/user/user-cert.pem")
+modparam("tls_mgm","private_key", "/etc/opensips/tls/user/user-privkey.pem")
+modparam("tls_mgm","ca_list", "/etc/pki/tls/certs/ca-bundle.crt")
 
  
 ####### Routing Logic ########
@@ -348,7 +350,7 @@
 	if (is_method("INVITE")) {
 		
 		if (isflagset(NAT)) {
-			rtpproxy_offer("ro");
+			rtpproxy_offer("ro", "PUBLIC_IP");
 		}
 
 		t_on_branch("per_branch_ops");
@@ -378,7 +380,7 @@
 	if (nat_uac_test("1"))
 		fix_nated_contact();
 	if ( isflagset(NAT) )
-		rtpproxy_answer("ro");
+		rtpproxy_answer("ro", "PUBLIC_IP");
 	xlog("incoming reply\n");
 }
 

@hasanr68 Assuming you are using TLS:

First, check if you can establish a TLS connection from your cellular network to the OpenSIPS server. You can use CLI tools, e.g. openssl s_client or gnutls-cli.

Second, you should use a domain (with DNS resolution set up) as PUBLIC_DOMAIN and enter that instead of the IP address in the UA.

To clarify, I used the following to install RTPProxy (changed Kamailio to Opensips):
https://blog.voipxswitch.com/2015/06/18/rtpproxy-compiling-installing-on-debian-8/

No problem with that, just make sure that your RTPProxy is reachable from the Internet as PUBLIC_IP (proxy ports not firewalled) and that the control socket matches.

Cool :) Thx a lot - inaccessible from the Internet was the issue. Just curious, when calling from the cell network, I get the following error:
ERROR:rtpproxy:force_rtp_proxy: Unable to parse body

Is that normal?

I've seen that error before, but everything was fine so I ignored it. If you found out why, please let me know.

Alright, will do! Thanks a lot for all your time and help.