-1

I am just experimenting with my phone system and I'm wondering how both endpoints know they are on the same LAN, I have both endpoints breaking out to the cloud phone system with two separate public IP addresses, I've segmented them off from each other with a firewall so they can't see each other however every time I attempt a call between the two end points the call is setup as a peer to peer call and attempts to traverse the local LAN via RTP through the firewall, the firewall blocks the RTP communication and the call has no audio.

I am just wondering how both endpoints are realizing they are behind the same firewall/router since they are both registering with the cloud system from different public IP addresses, I wanted the call to be bridged in the cloud and not traverse the local LAN but somehow both endpoints only attempt the call over the LAN every single time and no idea how they're realising they're on the same LAN.

Anyone else encountered this before?

Adam
  • 1
  • 1

2 Answers2

0

SIP endpoints don't have to know they are on the same LAN. They just make best use of the IP addresses you provide.

Your INVITE request will provide more insight, but from what you write my guess is that you use public IP addresses for your contact/request URI and local IP addresses in your SDP offer. The local IP addresses are probably routable through the firewall.

Bucq
  • 931
  • 6
  • 17
  • Thanks, the local IP addresses are routable through the firewall but we have firewall rules blocking the communication which results in no audio and we can see all the traffic getting blocked, what I don't understand is how does the endpoint know the local IP address is routable through the firewall and what makes it choose the local IP address over the public IP? – Adam Jun 24 '22 at 09:33
  • The endpoint doesn't know the IP address is routable. It just sends audio packets to the given target (local) IP address. The endpoint's network layer will take care of the routing. If you start a tracert command you can see the route the network layer wants to use. This depends on settings like default gateway, (permanent) routes and such. If you want the audio to be sent/received using the public IP address you should use public IP address in the SDP offer and answer. On top of that you can use ICE to have the endpoint find out the best route for audio/control packets. – Bucq Jun 25 '22 at 13:51
0

With ICE and STUN endpoints may select the best IPs for media traffic - but for that to work the RTP/STUN packets should be able to traverse the firewall in your LAN. Attempts to communicate directly may mean that LAN uses IPs from public ranges or endpoints a SIP proxy were not smart enough to detect NAT in front of your LAN.

Outtruder
  • 227
  • 1
  • 4