李思銳 voip_taiwan@yahoo.com.tw VoIP系統與SIP協定 李思銳 voip_taiwan@yahoo.com.tw

大綱 穿越 NAT 編譯Open Source的STUN Server and Client Outbound Proxy

NAT 通常使用192.168.xxx.xxx, 172.16.xxx.xxx ~ 172.29.xxx.xxx, 10.xxx.xxx.xxx; 但是沒有強制規定一定要以上的IP range NAT可分為四類: Full Cone Restricted Port Restricted Symmetric

Full Cone NAT 來自同一internal ip:port的所有要求都將mapping到相同的external ip:port internal可以透過internal ip:port  external ip:port, 往external傳輸的網路封包 external可以透過external ip:port  internal ip:port , 往internal傳輸的網路封包

Restricted NAT 來自同一internal ip:port的所有要求都將mapping到相同的external ip:port external”只能”循原路往internal傳輸網路封包, 也就是, internal曾將某一網路封包傳送到external時, external”才能”把網路封包傳送到internal

Port Restricted NAT 與Restricted Cone NAT一樣, 但是限制範圍包括port

Symmetric NAT 來自同一內部ip:port的所有要求, 在傳送到某一特定目標ip:port時, 都將mapping到相同的外部ip:port, 如果同一目標傳送的網路封包具有相同的來源ip:port, 但目的地不同, 則使用不同的mapping port 只有收到資料封包的external可以向internal回送UDP封包

關於穿越NAT 如果由client來做, 通常是去問外部的server(如STUN server), 目前NAT IP位址為何, 以及偵測NAT的type 如果是server來做, 最有效的做法就是outbound proxy, 這樣的做法就如同H.323裡的proxy mode. 但是, 由於所有的封包都經過outbound server, 網路流量是必需考量的重點

編譯與執行STUN Server # tar xvfz stund_0.96_Aug13.tgz # make # ifconfig eth0:0 linux_host_ip_2 # ./server -v # ./client -v linux_host_ip

設定SJPhone – 使用我們的STUN server

設定SJPhone – 使用預設的STUN server

利用STUN穿越NAT的作法 在REGISTER和INVITE時, 注意Contact這個SIP header欄位的變化 在INVITE時, 注意o, c和m這幾個SDP欄位的變化

REGISTER封包 U 192.168.11.175:5060 -> 192.168.11.200:5060 REGISTER sip:192.168.11.200 SIP/2.0. Via: SIP/2.0/UDP 192.168.11.175;rport;branch=z9hG4bKc0a80baf0000000b451e2ebc000040ba00000009. Content-Length: 0. Contact: <sip:1000@公網ip:公網port>. Call-ID: A3D4497E-E6C9-42FC-B00D-E0F3D6B3550D@192.168.11.175. CSeq: 5 REGISTER. From: <sip:1000@192.168.11.200>;tag=2792242113900. Max-Forwards: 70. To: <sip:1000@192.168.11.200>. User-Agent: SJphone/1.60.289a (SJ Labs).

INVITE封包 U 192.168.11.175:5060 -> 192.168.11.200:5060 INVITE sip:1002@192.168.11.200 SIP/2.0. Via: SIP/2.0/UDP 192.168.11.175;rport;branch=z9hG4bKc0a80baf00000021451e2f73000067fa00000013. Content-Length: 223. Contact: <sip:1000@公網ip:公網port>. Call-ID: 62228ED9-F77A-41EE-B2EC-D090C987280C@192.168.11.175. Content-Type: application/sdp. CSeq: 1 INVITE. From: "unknown"<sip:1000@192.168.11.200>;tag=2810534316052. Max-Forwards: 70. To: <sip:1002@192.168.11.200>. User-Agent: SJphone/1.60.289a (SJ Labs).

v=0. o=- 3368594931 3368594931 IN IP4 公網ip. s=SJphone. c=IN IP4公網ip. t=0 0. a=direction:active. m=audio公網port RTP/AVP 0 101. a=rtpmap:0 PCMU/8000. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-11,16.

Quiz If two Uac behind the same NAT, and they enable STUN. What problem will happen?

大綱 H.323介紹 Open Source的H.323 terminal 在Linux平台的Gatekeeper 封包擷取與觀察

編譯的順序 因為library相依性的問題, 請照下面順序編譯: pwlib openh323 gnugk

編譯pwlib # tar xvfz pwlib_1_5_3.tgz # cd pwlib # ./configure # make opt # make install # cd ..

編譯openh323 # tar xvfz openh323_1_12_3.tgz # cd openh323 # ./configure # make opt # make install # cd ..

編譯gnugk # tar xvfz gnugk-2.0.8.tgz # cd openh323gk 編輯Makefile, disable ACCT, RADIUS, MYSQL, PGSQL, WAITARQ # make opt # make install # cd ..

啟動gnugk # cp -a /usr/local/lib/libp* /usr/lib/. # cp -a /usr/local/lib/libh* /usr/lib/. # gnugk -c ./openh323gk/etc/gnugk.ini

設定SJPhone 新增一個Profile 使用Call through H.323 Gatekeeper 輸入正確的Gatekeeper Address

設定OpenPhone 設定Username和Aliases 更改Local interfaces

輸入正確的Gatekeeper Address 關掉OpenPhone後, 再啟動一次

擷取封包

大綱 SIP IP-PBX: Asterisk Asterisk的編譯與SIP service的啟動 Asterisk的設計概念 TransCoding的問題研究

Asterisk的編譯 # tar xvfz asterisk-1.0.11.tar.gz # cd asterisk-1.0.11 # make # make install # make samples

Asterisk預設的安裝路徑 執行檔: /usr/sbin/asterisk Modules: /usr/lib/asterisk/modules Config: /etc/asterisk

sip.conf 請見/etc/asterisk/sip.conf, 或是光碟片裡copy出來的default sip config of asterisk 請注意以下一些設定, 我們通常/也許可能會去更改: context=default port=5060 bindaddr=0.0.0.0

增加SIP client帳號 [1000] type=friend secret=1000 host=dynamic [1001]

Problem 註冊OK 1000< -- >1001對打不對勁 增加底下兩項到sip.conf的1000和1001帳號裡 nat=yes context=internal

增加internal context到extensions 增加internal context到extensions.conf [internal] exten => 100,1,Dial(SIP/1000) exten => 200,1,Dial(SIP/1001) X-Lite(1001)呼叫SJPhone(1000): call 100 SJPhone(1000)呼叫X-Lite(1001): call 200

Asterisk的設計概念 Asterisk is so-called IP-PBX 他主要是針對他們的類比或數位的板卡所設計的程式 基本上, 可以將Asterisk視作是一個加強型的Trunk Gateway

TransCoding的問題研究 基於上述原因, 預設所有RTP封包都會經過Asterisk 另外Asterisk為解決某些device沒有提供的codec, 他將進到自己本身的封包作codec的轉換 Asterisk的核心codec為PCM16和GSM

大綱 SIP互通性研究 研究X-Lite的各種設定 各種Open Source SIP Protocol Stack之比較與探討 SIP RFC 2543和RFC 3261比較與問題 SIP與H.323比較與差異 SIP優缺點與未來之挑戰

The setting with X-Lite Auto Detect IP Listen on IP Listen SIP Port Listen RTP Port NAT Firewall IP Out Bound SIP Proxy Stun Server DNS Server

Display Name Username Authorization User Password Domain/Realm SIP Proxy Outbound Proxy Send Internal IP Forward SIP URL Dial Prefix

Reregister Proxy Send Compact SIP Messages Send Basic SDP Messages Use SIP rport Timeout

SIP rport allows a client to request that the server send the response back to the source IP address and port from which the request originated

Open source SIP stack VOCAL: vovida, huge and full functions, support RFC2543 but RFC3261 unknown OPAL: openh323, support H.323 and SIP miniSIP: support TLS oSIP: GNU, very small, C language

Hold in RFC2543 RFC3261 hold: a=sendonly, a=recvonly, a=sendrecv RFC2543 hold: c=0.0.0.0 Quiz: Is the address “0.0.0.0” a legal internet address?

RFC3261 vs. RFC2543 Please refer chapter 28 of RFC3261 Refer the book “Understanding the Session Initiation Protocol” (second edition), searching the keyword “RFC 2543” Installing the vocal server and client and then testing with your program or device

SIP vs. H.323 IETF vs. ITU-T(CCITT) Text vs. ASN.1 SIP URL vs. E164ID/H323ID NAT friendly Gateway mode and prefix number Trunk gateway and connecting to telecommunication SIP servers vs. H.323 gatekeeper

The problem with SIP SIP 3261和2543不相容 由於是Text編碼傳輸, 無法保證call setup time 沒有gateway prefix觀念, 需自行實作, 也因此造成某些程度的不相容 在RFC規範裡, MUST字眼很少出現, 各廠商的產品相容性需驗證 SIP某些功能仍然是draft, 也就是還沒定稿 SIP的規範散見各RFC或draft