[SIP Beyond VoIP] Getting started with sylkserver and NAT

Wed Dec 30 12:15:00 CET 2015

Hi,

I am trying to setup a private conference system for a small workgroup.

I have installed:
- Blink clients in a NATted private network
- a server with a public IP running Debian 8. This server runs
* reSIProcate (package repro 1.10 from debian-backports, as recommended
by http://rtcquickstart.org)
* sylkserver (package sylkserver 3.1.0jessie from ag-projects.com)

The SIP proxy and sylkserver run on the same machine, but the
sylkserver's DNS records are defined in a subdomain, allowing me to
define different ports:
- The clients talk SIPS to the proxy (reSIProcate) using port 5061.
- The proxy talks SIPS to the sylkserver using port 5062.

The proxy redirects sip uris for an echo and a conference application to
the subdomain assigned to sylkserver. This seems to work so far, but
when a client calls the echo application, then I can see (using
tcpdump), that sylkserver sends the voice data to the client's private
IP instead of using the public IP of the client's internet connection.
Big question: Why?
Is there something generally wrong with this type of setup (running both
proxy and sylkserver on the same machine; is it OK to use reSIProcate or
do I have to install OpenSIPS and/or MediaProxy)?

I don't have a TURN service because my server has only one public IP,
but I have setup a _stun._udp SRV record to point to a public STUN
service. I can see (using wireshark) that the clients are actually using
this STUN service. I have enabled sylkserver tracing of core,
notificatation, and sip.

The sip trace contains:

2015-12-29 19:24:37.924528 [sylk-server 19841]: RECEIVED: Packet 1, +0:00:00
serverpublicip:53500 -(SIP over TLS)-> serverpublicip:5062
INVITE sip:echo at conference.mydomain SIP/2.0
Via: SIP/2.0/TLS
serverpublicip:5061;branch=z9hG4bK-524287-2---5ccaf95d1f0d5275;rport
Via: SIP/2.0/TLS
192.168.19.117:20071;rport=20071;branch=z9hG4bKPj22be3b75abc741fcb7181b7143aeb620;received=87.149.40.49;alias
Max-Forwards: 69
Record-Route: <sip:AAAAAAEAAAAAAcYT[...]@mydomain;transport=tls;lr;drr>
Record-Route:
<sip:KwAAAAEAAAAAAWdOV5UoMWQxNmY1Y2VjODUxZDU1YmFlZDdmYzFlN2JiZjEwYmNj at mydomain;transport=tls;lr;drr>
[...]
a=candidate:Sc0a81375 1 UDP 1862270975 87.149.40.49 49791 typ srflx
raddr 192.168.19.117 rport 49791
a=candidate:Hc0a81375 1 UDP 1694498815 192.168.19.117 49791 typ host
a=candidate:Sc0a81375 2 UDP 1862270974 87.149.40.49 49798 typ srflx
raddr 192.168.19.117 rport 49798
a=candidate:Hc0a81375 2 UDP 1694498814 192.168.19.117 49798 typ host

[I have replaced the real domain name with the string "mydomain" and the
server's public IP with "serverpublicip"]

So sylkserver seems to know both the public and the private addresses of
the client, but sends UDP data to the private address. Why?

Any help would be appreciated.
Best regards,
Adrian Weiler

P.S.: One more question: sylkserver runs a HTTPS service on port 10888.
What ist the purpose of this service? I could not find any description.
Calling it just delivers the response "Welcome to SylkServer!". Passing
a random path results in "No such child resource".