- ✅
BEHIND_NATenvironment variable support - ✅ External IP auto-detection via multiple services (ipify.org, ifconfig.me, icanhazip.com)
- ✅ Internal IP auto-detection via network interfaces
- ✅ STUN server configuration (defaults to Google STUN servers)
- ✅ Fallback mechanisms for IP detection failures
- ✅ NAT-aware SDP generation in
generateSDPAdvanced() - ✅ External IP used in SDP connection information when
BehindNAT=true - ✅ ICE attributes added for NAT traversal (
rtcp-mux) - ✅ Proper SDP response generation for both initial INVITE and re-INVITEs
- ✅ NAT configuration passed through handler options
- ✅ NAT-aware UDP binding in
StartRTPForwarding() - ✅ Internal IP binding when behind NAT
- ✅ External IP advertisement in SDP responses
- ✅ SDPOptions structure includes NAT configuration
- ✅ GCP metadata service integration for IP detection
- ✅ Automatic NAT detection based on IP comparison
- ✅ STUN server configuration in deployment
- ✅ Active STUN client implementation (
pkg/media/stun.go) - ✅ Basic STUN binding requests used for auto-detection of
ExternalIP - ✅ NAT type detection enabled (Full Cone vs Symmetric)
⚠️ STUN servers must be configured for this to be active
- ✅ Basic (Srflx) ICE Candidates supported (
pkg/sip/sdp.go) - ✅ Generates Host and Srflx candidates based on NAT config
- ✅ Supports
rtcp-muxoptimization ⚠️ Full connectivity checks still rely on client-side triggering (Lite ICE)
- ❌ No TURN relay support
- ❌ No fallback for symmetric NAT scenarios
- ❌ No media relay capabilities
⚠️ Static configuration only- ❌ No per-session NAT detection
- ❌ No dynamic IP address changes handling
- ❌ No NAT keep-alive mechanisms
- Full Cone NAT - Works well with external IP in SDP
- Restricted Cone NAT - Works with proper firewall configuration
- Port-Restricted Cone NAT - Works with RTP port range configuration
- Cloud Provider NAT (GCP, AWS, Azure) - Well supported with metadata detection
- Symmetric NAT - May work but no TURN fallback
- Multiple NAT layers - Limited support
- Dynamic IP changes - No handling
- Complex enterprise NAT scenarios
- NAT traversal failure recovery
- Symmetric NAT without TURN
1. Config Detection:
BEHIND_NAT=true → Use external IP in SDP
2. SDP Generation:
IF BehindNAT:
- connectionAddr = ExternalIP
- Add ICE attributes (rtcp-mux)
3. RTP Binding:
IF BehindNAT:
- Bind to InternalIP:Port
- Advertise ExternalIP:Port in SDP
| Feature | Status | Production Ready |
|---|---|---|
| Basic NAT Support | ✅ Implemented | ✅ Yes |
| Cloud Provider NAT | ✅ Implemented | ✅ Yes |
| STUN Discovery | ❌ No | |
| ICE Negotiation | ||
| TURN Relay | ❌ Missing | ❌ No |
| Symmetric NAT | ||
| Enterprise NAT | ❌ Missing | ❌ No |
-
Implement STUN Client
// Add to pkg/media/stun.go func DiscoverNATMapping(stunServers []string) (*NATMapping, error)
-
Enhanced ICE Support
// Add to pkg/media/ice.go func GatherICECandidates(config *Config) ([]ICECandidate, error)
- TURN Relay Support
- Dynamic NAT detection per session
- NAT keep-alive mechanisms
- Full ICE implementation
- Complex NAT scenario handling
- NAT traversal analytics
-
Basic NAT Testing
# Test with simple NAT (works) BEHIND_NAT=true EXTERNAL_IP=1.2.3.4 INTERNAL_IP=10.0.0.1 -
Cloud Provider Testing
# GCP testing (works well) ./test_nat_config.sh -
Complex NAT Testing
# Symmetric NAT testing (limited support) # Requires external SIP client testing
The SIPREC server has good basic NAT support that works well for:
- ✅ Cloud deployments (GCP, AWS, Azure)
- ✅ Simple NAT scenarios
- ✅ Most common enterprise setups
However, it has limitations for:
- ❌ Complex NAT scenarios
- ❌ Symmetric NAT without manual configuration
- ❌ Enterprise environments requiring TURN
For GCP deployment: NAT support is adequate and production-ready. For complex enterprise: Additional STUN/TURN implementation recommended.