Author Topic: Yate as a client behind a firewall  (Read 12080 times)

andr04

  • Newbie
  • *
  • Posts: 18
    • View Profile
Yate as a client behind a firewall
« on: September 20, 2016, 08:03:00 AM »
Hello.

I try to use Yate as a client to process incoming calls from DID number. Yate connects to provider as a client by SIP.

The problem is that Yate installed on VPS which is behind a firewall. The firewall is out of my control and drops all incoming connections for all ports except 80 and 443. Outgoing connections are allowed. VPS has real IP, i.e. without NAT.

As a result I have working Yate which can process calls, but in one direction: Yate doesn't get the voice from caller but it can play anything to the line. Is it possible to solve it?

I didn't check Asterisk but have found some option:
Quote
Nat=route:
Asterisk will send the audio to the port and ip where its receiving the audio from. Instead of relying on the addresses in the SIP and SDP messages.
I'm not sure is it what I need. Does it help me and what something that is available on Yate?

Thanks.
« Last Edit: September 20, 2016, 08:06:22 AM by andr04 »

andr04

  • Newbie
  • *
  • Posts: 18
    • View Profile
Re: Yate as a client behind a firewall
« Reply #1 on: September 21, 2016, 02:45:51 AM »
The problem (partially) has been solved and aims to other issue.

On one hand I suppose that g729 used by default doesn't work due to license limitations, so
Quote
${formats}^\([^,]*\)=;formats=\1
in regexroute.conf partially solved the problem.

Partially is because I try to check echo test. If I before echo play anything (random) to the line echo works, otherwise no. Try to understand why.

andr04

  • Newbie
  • *
  • Posts: 18
    • View Profile
Re: Yate as a client behind a firewall
« Reply #2 on: September 21, 2016, 02:28:21 PM »
I suppose the problem with RTP (RTCP). Let me know am I right.

As I understand an incoming voice from A to B transfers to the IP and port which was previous one be delivered from B to A. But first voice frame transfers to the IP and port which was specified in SIP header.

So in my situation Yate listens a port the data which is delivered to is blocked by the outer firewall. If Yate first transfers the voice to other side (i.e. opens new outgoing connection) all next incoming voice frames will not be blocked by the firewall due to using outgoing connection.

In other words, do not be silent!

marian

  • Hero Member
  • *****
  • Posts: 513
    • View Profile
Re: Yate as a client behind a firewall
« Reply #3 on: September 23, 2016, 12:35:52 AM »
Can you describe your setup and what do you want to do with it?
Yate is registering to another server? What transport (udp, tcp)?
The other server is sending calls to yate?
The issue is that you don't have audio from yate to server?
Can you post a wireshark capture (sip + rtp)?
Or, at, least, a yate log?

andr04

  • Newbie
  • *
  • Posts: 18
    • View Profile
Re: Yate as a client behind a firewall
« Reply #4 on: September 23, 2016, 03:20:07 PM »
Sure.

Yes, Yate registers as a client on other server to receive calls -- it works. I use UDP (as a default option), but as I remember TCP gives the same result.

The issue is that Yate doesn't receive any audio before it sends any audio chunk to the server.

I collected Yate logs in 2 scenario, see it. First one (silent) with echo.py as is, another one (noise) with uncommented line
Code: [Select]
os.write(4, os.urandom(1024)) in echo.py .

marian

  • Hero Member
  • *****
  • Posts: 513
    • View Profile
Re: Yate as a client behind a firewall
« Reply #5 on: September 26, 2016, 12:52:37 AM »
See the option 'drillhole' in yrtpchan.conf
See http://docs.yate.ro/wiki/RTP_support_channels
When RTP is started (call answered or early media) the RTP module should send a packet to open a hole in firewall/NAT.
If not, please post a log with message sniffer enabled (see http://docs.yate.ro/wiki/Debugging_and,_or_Investigation_of_messages)

For testing pusposes you should use yate modules:
Play a tone: see tonegen module: http://docs.yate.ro/wiki/Tonegen
Echo received audio: http://docs.yate.ro/wiki/Conference_room_module


2016-09-23_21:08:06.850239 <INFO> DataTranslator::attachChain [0x7f8d2800e270] '(null)' -> [0x7f8d28003fa0] 'slin' not possible
2016-09-23_21:08:06.850247 <INFO> DataTranslator::attachChain [0x7f8d2800c930] 'slin' -> [0x7f8d2800e450] '(null)' not possible
2016-09-23_21:08:06.850271 <sip/48:INFO> Not sending chan.rtp for empty media video [0x7f8d34004780]

andr04

  • Newbie
  • *
  • Posts: 18
    • View Profile
Re: Yate as a client behind a firewall
« Reply #6 on: September 26, 2016, 03:33:59 AM »
Super! drillhole is really work!

I saw around it, but as I use Yate in client mode I think it's enabled by default:
Quote
drillhole: bool: Attempt to drill a hole through a firewall or NAT
drillhole=disable in server mode, enable in client mode

Thank you!

marian

  • Hero Member
  • *****
  • Posts: 513
    • View Profile
Re: Yate as a client behind a firewall
« Reply #7 on: September 26, 2016, 03:47:41 AM »
Keep in mind: client mode means YateClient is running, it has nothing to do with running yate and registering an account to another server: the account is a client of another server BUT YATE IS RUNNING IN SERVER MODE.