Skip to content

Instantly share code, notes, and snippets.

@l2dy

l2dy/nat.md

Last active May 26, 2021 12:47
Show Gist options
  • Save l2dy/f085643cf920c32b97d55abe531d2d09 to your computer and use it in GitHub Desktop.
Save l2dy/f085643cf920c32b97d55abe531d2d09 to your computer and use it in GitHub Desktop.
Download ZIP
OpenSIPS in the Cloud with NAT Support
Raw
nat.md
  1. Install and start rtpproxy, configure firewall to allow UDP ports used.
  2. make menuconfig.
  3. Generate OpenSIPS Script -> Residential Script -> Configure.
  4. Select ENABLE_TLS, USE_AUTH, USE_DIALOG and USE_NAT.
  5. Go back, Generate & Save Residential Script.
  6. Copy etc/opensips_residential_*.cfg to /etc/opensips/opensips.cfg.
  7. Customize opensips.cfg and SIP_DOMAIN, DBENGINE, etc. in opensipsctlrc.
  8. opensipsdbctl create.
  9. systemctl enable opensips.service && systemctl start opensips.service.
  10. opensipsctl add <USER> <PASSWORD>.
  11. Enjoy and profit!

P.S. Check out https://blog.opensips.org/2016/11/11/how-to-avoid-plaintext-passwords/.

--- /etc/opensips_residential_2020.cfg
+++ /etc/opensips/opensips.cfg
@@ -37,14 +37,16 @@
 auto_aliases=no
 
 
+advertised_address="PUBLIC_DOMAIN"
+
 listen=udp:127.0.0.1:5060   # CUSTOMIZE ME
 
-listen=tls:127.0.0.1:5061   # CUSTOMIZE ME
+listen=tls:PRIVATE_IP:5061   # CUSTOMIZE ME
 
 ####### Modules Section ########
 
 #set module path
-mpath="/usr/local/lib/opensips/modules/"
+mpath="/usr/lib64/opensips/modules"
 
 #### SIGNALING module
 loadmodule "signaling.so"
@@ -125,21 +127,21 @@
 modparam("nathelper", "natping_interval", 10)
 modparam("nathelper", "ping_nated_only", 1)
 modparam("nathelper", "sipping_bflag", "SIP_PING_FLAG")
-modparam("nathelper", "sipping_from", "sip:[email protected]") #CUSTOMIZE ME
+modparam("nathelper", "sipping_from", "sip:pinger@PUBLIC_DOMAIN") #CUSTOMIZE ME
 modparam("nathelper", "received_avp", "$avp(received_nh)")
 
 loadmodule "rtpproxy.so"
-modparam("rtpproxy", "rtpproxy_sock", "udp:localhost:12221") # CUSTOMIZE ME
+modparam("rtpproxy", "rtpproxy_sock", "udp:localhost:9000") # CUSTOMIZE ME
 
 loadmodule "proto_udp.so"
 loadmodule "proto_tls.so"
 loadmodule "tls_mgm.so"
-modparam("tls_mgm","verify_cert", "1")
+modparam("tls_mgm","verify_cert", "0")
 modparam("tls_mgm","require_cert", "0")
-modparam("tls_mgm","tls_method", "TLSv1")
-modparam("tls_mgm","certificate", "/usr/local/etc/opensips/tls/user/user-cert.pem")
-modparam("tls_mgm","private_key", "/usr/local/etc/opensips/tls/user/user-privkey.pem")
-modparam("tls_mgm","ca_list", "/usr/local/etc/opensips/tls/user/user-calist.pem")
+modparam("tls_mgm","tls_method", "TLSv1_2")
+modparam("tls_mgm","certificate", "/etc/opensips/tls/user/user-cert.pem")
+modparam("tls_mgm","private_key", "/etc/opensips/tls/user/user-privkey.pem")
+modparam("tls_mgm","ca_list", "/etc/pki/tls/certs/ca-bundle.crt")
 
  
 ####### Routing Logic ########
@@ -348,7 +350,7 @@
 	if (is_method("INVITE")) {
 		
 		if (isflagset(NAT)) {
-			rtpproxy_offer("ro");
+			rtpproxy_offer("ro", "PUBLIC_IP");
 		}
 
 		t_on_branch("per_branch_ops");
@@ -378,7 +380,7 @@
 	if (nat_uac_test("1"))
 		fix_nated_contact();
 	if ( isflagset(NAT) )
-		rtpproxy_answer("ro");
+		rtpproxy_answer("ro", "PUBLIC_IP");
 	xlog("incoming reply\n");
 }
@hasanr68
Copy link

Alright, will do! Thanks a lot for all your time and help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment