SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src:...
Transcript of SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src:...
![Page 1: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/1.jpg)
1
![Page 2: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/2.jpg)
• Васильев Кирилл
• Санкт-Петербург
• Курсы MikroTik
• Поддержка
2
![Page 3: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/3.jpg)
SIP Helper в RouterOS
![Page 4: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/4.jpg)
SIP Helper в RouterOS
• Сложные протоколы и RouterOS
• Основные принципы работы SIP
• Прохождение SIP протокола через NAT
• Asterisk и SIP
• RouterOS и SIP Service / Helper / ALG
![Page 5: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/5.jpg)
Сложные протоколы
• Требуют создания дополнительного соединения
• Принимающая сторона указывает порты и ip адреса, на которые ожидается соединение
• Популярные сложные протоколы:
• pptp
• ftp
• sip
• tftp
![Page 6: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/6.jpg)
Сложные протоколы
• Маршрутизатор анализирует пакеты сложных протоколов
• Изменяет содержимое на «правильные» значения
• Создаёт новое соединение с параметрами из информации, полученной из пакета
![Page 7: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/7.jpg)
Сложные протоколы
• Application-level gateway (ALG)
• HAT Helper
• /ip firewall service-port
![Page 8: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/8.jpg)
SIP• Session Initiation Protocol
• Похож на HTTP
• Актуальная версия 2.0
• Коды ответа
• Как транспорт для SDP (Session Description Protocol)
• TCP/UDP
• TLS
![Page 9: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/9.jpg)
SIP
200 300
Register Register
Invite Invite
180,183,200180,183,200
No NAT
![Page 10: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/10.jpg)
SIP Helper Disabled
200192.168.2.100
2.2.2.21.1.1.2
![Page 11: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/11.jpg)
SIP Helper Disabled[[email protected]] >
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1add chain=dstnat src-address=1.1.1.2 protocol=udp \
dst-port=5060,10000-20000 in-interface=ether1 \
action=dst-nat to-addresses=192.168.2.100
/ip firewall service-portset sip disabled=yes
![Page 12: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/12.jpg)
SIP Disabled / PreroutingInternet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5060, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 192.168.2.100:5060;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5060> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 192.168.2.100 Session Name (s): A conversation Connection Information (c): IN IP4 192.168.2.100 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 13: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/13.jpg)
SIP Disabled / PreroutingInternet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5060, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 192.168.2.100:5060;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5060> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 192.168.2.100 Session Name (s): A conversation Connection Information (c): IN IP4 192.168.2.100 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 14: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/14.jpg)
SIP Disabled / PreroutingInternet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5060, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 192.168.2.100:5060;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5060> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 192.168.2.100 Session Name (s): A conversation Connection Information (c): IN IP4 192.168.2.100 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 15: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/15.jpg)
SIP Disabled / PreroutingInternet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5060, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 192.168.2.100:5060;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5060> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 192.168.2.100 Session Name (s): A conversation Connection Information (c): IN IP4 192.168.2.100 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 16: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/16.jpg)
SIP Disabled / PreroutingInternet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5060, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 192.168.2.100:5060;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5060> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 192.168.2.100 Session Name (s): A conversation Connection Information (c): IN IP4 192.168.2.100 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 17: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/17.jpg)
SIP Disabled / PreroutingInternet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5060, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 192.168.2.100:5060;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5060> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 192.168.2.100 Session Name (s): A conversation Connection Information (c): IN IP4 192.168.2.100 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 18: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/18.jpg)
SIP Disabled / PreroutingInternet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5060, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 192.168.2.100:5060;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5060> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 192.168.2.100 Session Name (s): A conversation Connection Information (c): IN IP4 192.168.2.100 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 19: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/19.jpg)
SIP Disabled / SRCNATInternet Protocol Version 4, Src: 2.2.2.2, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5061, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 192.168.2.100:5060;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5060> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 192.168.2.100 Session Name (s): A conversation Connection Information (c): IN IP4 192.168.2.100 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 20: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/20.jpg)
SIP Disabled / SRCNATInternet Protocol Version 4, Src: 2.2.2.2, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5061, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 192.168.2.100:5060;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5060> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 192.168.2.100 Session Name (s): A conversation Connection Information (c): IN IP4 192.168.2.100 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 21: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/21.jpg)
SIP Disabled / SRCNATInternet Protocol Version 4, Src: 2.2.2.2, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5061, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 192.168.2.100:5060;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5060> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 192.168.2.100 Session Name (s): A conversation Connection Information (c): IN IP4 192.168.2.100 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 22: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/22.jpg)
SIP Disabled / Server• Включить поддержку на телефоне RFC3581 (rport)
• На сервере установить значение nat=comedia
• Если телефон не поддерживает rport
• На сервере установить значение nat=force_rport,comedia
•
![Page 23: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/23.jpg)
Server force_rportInternet Protocol Version 4, Src: 2.2.2.2, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5061, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 192.168.2.100:5060;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5060> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 192.168.2.100 Session Name (s): A conversation Connection Information (c): IN IP4 192.168.2.100 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 24: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/24.jpg)
SIP + NAT = комедияInternet Protocol Version 4, Src: 2.2.2.2, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5061, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 192.168.2.100:5060;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5060> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 192.168.2.100 Session Name (s): A conversation Connection Information (c): IN IP4 192.168.2.100 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 25: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/25.jpg)
SIP + NAT = комедияInternet Protocol Version 4, Src: 2.2.2.2, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5061, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 192.168.2.100:5060;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5060> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 192.168.2.100 Session Name (s): A conversation Connection Information (c): IN IP4 192.168.2.100 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 26: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/26.jpg)
SIP + NAT = комедияInternet Protocol Version 4, Src: 2.2.2.2, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5061, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 192.168.2.100:5060;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5060> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 192.168.2.100 Session Name (s): A conversation Connection Information (c): IN IP4 192.168.2.100 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 27: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/27.jpg)
SIP Helper Disabled
• Простая конфигурация для одного клиента
• «Пробрасываем» порты dst-nat на маршрутизаторе
• Все остальные настройки можно сделать со стороны сервера
•
![Page 28: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/28.jpg)
Что будем делать?
2.2.2.21.1.1.2
![Page 29: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/29.jpg)
SIP Helper
![Page 30: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/30.jpg)
SIP Helper
200192.168.2.100
2.2.2.21.1.1.2
![Page 31: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/31.jpg)
SIP Helper[[email protected]] >
/ip firewall nat
addaction=masquerade chain=srcnat out-interface=ether1
/ip firewall service-port
setsip disabled=no
![Page 32: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/32.jpg)
SIP Helper Регистрация
• Сообщение REGISTER
• Если в сообщении есть поле Expires со значением больше чем 0, то RouterOS создаст соединение с timeout из sip-timeout значения service-port (Только для UDP)
• Если Expires отсутствует или равно 0, то существующее соединение удаляется из трекера
•
![Page 33: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/33.jpg)
SIP Helper PreroutingInternet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5060, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 192.168.2.100:5060;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5060> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 192.168.2.100 Session Name (s): A conversation Connection Information (c): IN IP4 192.168.2.100 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 34: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/34.jpg)
SIP Helper ActionInternet Protocol Version 4, Src: 2.2.2.2, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5061, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 2.2.2.2:5061;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5061> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 2.2.2.2 Session Name (s): A conversation Connection Information (c): IN IP4 2.2.2.2 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 35: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/35.jpg)
SIP Helper ActionInternet Protocol Version 4, Src: 2.2.2.2, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5061, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 2.2.2.2:5061;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5061> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 2.2.2.2 Session Name (s): A conversation Connection Information (c): IN IP4 2.2.2.2 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 36: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/36.jpg)
SIP Helper ActionInternet Protocol Version 4, Src: 2.2.2.2, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5061, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 2.2.2.2:5061;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5061> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 2.2.2.2 Session Name (s): A conversation Connection Information (c): IN IP4 2.2.2.2 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 37: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/37.jpg)
SIP Helper ActionInternet Protocol Version 4, Src: 2.2.2.2, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5061, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 2.2.2.2:5061;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5061> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 2.2.2.2 Session Name (s): A conversation Connection Information (c): IN IP4 2.2.2.2 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 38: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/38.jpg)
SIP Helper ActionInternet Protocol Version 4, Src: 2.2.2.2, Dst: 1.1.1.2User Datagram Protocol, Src Port: 5061, Dst Port: 5060Session Initiation Protocol (INVITE) Request-Line: INVITE sip:[email protected];user=phone SIP/2.0 Message Header Via: SIP/2.0/UDP 2.2.2.2:5061;branch=z9hG4bK88046350326731848 From: 200 <sip:[email protected]:5060>;tag=311910759 To: "89052073578" <sip:[email protected];user=phone> Call-ID: [email protected] CSeq: 1 INVITE Contact: <sip:[email protected]:5061> Content-Type: application/sdp Content-Length: 283 Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 2.2.2.2 Session Name (s): A conversation Connection Information (c): IN IP4 2.2.2.2 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
![Page 39: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/39.jpg)
SIP Helper ActionMessage Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 200 837919671 312189059 IN IP4 2.2.2.2 Session Name (s): A conversation Connection Information (c): IN IP4 2.2.2.2 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 10036 RTP/AVP 8 0 9 18 101
Когда SIP Helper получит ответ от сервера с портом и адресом для RTP трафика.
!!!Создаст соединение в conntrack с правильными адресами и портами для трансляции nat!!!
DST-NAT не нужен!
![Page 40: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/40.jpg)
SIP Direct Media
• Позволяет пересылать медиа напрямую между клиентами
![Page 41: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/41.jpg)
192.168.2.100192.168.2.200
2.2.2.2
1.1.1.2
192.168.2.1
sdp/
192.
168.
2.10
0:1
0000
sdp/
2.2.
2.2
:100
00
sdp/
2.2.
2.2
:100
00sd
p/19
2.16
8.2.
100
:100
00
sdp/
192.
168.
2.20
0:2
0000
sdp/
2.2.
2.2
:200
00
sdp/
2.2.
2.2
:200
00sd
p/19
2.16
8.2.
200
:200
00
:20000 :10000
![Page 42: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/42.jpg)
SIP Helper VPN
![Page 43: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/43.jpg)
SIP Helper VPN
«Был freebpx, хотим voip в филиале, но слышимость только в одну сторону, на форумах пишут, что надо отключить sip helper»
«Я не помню, что точно делал, но «тыкал» всё подряд, отключал sip helper, в пользователях менял параметры nat»
«Неделю пытаюсь настроить, на форуме предложили поменять маршрутизатор»
«Меня уволят!»
«Шо делать?»
![Page 44: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/44.jpg)
SIP Helper VPN
300192.168.3.100
192.168.1.2
1.1.1.2 2.2.2.2VPNInvite/sdp 192.168.3.100
/sdp 1.1.1.2
RTP
RTP
![Page 45: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/45.jpg)
SIP Helper VPN
А причем тут MikroTiK и SIP Helper?
Куда телефону указали отправлять медиа, туда он и отправляет!
![Page 46: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/46.jpg)
SIP Helper VPN
• Asterisk – смотрит, если сеть не объявлена в переменной localnet, определяет, что клиент находится за NAT и использует свой внешний адрес (externalip), как адрес для в SIP/SDP
• Клиент отправляет на хост указанный в SIP/SDP
![Page 47: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/47.jpg)
SIP Helper VPN
• localnet = 192.168.2.0/255.255.255.0
![Page 48: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/48.jpg)
SIP Helper
OFFON
Отключайте NATНа клиентах и транках
Включайте NATforce_rport и comedia
Выбирайте что-то одно!
![Page 49: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/49.jpg)
SIP via VPN
300192.168.3.100
192.168.1.2
1.1.1.2 2.2.2.2VPN
0.0.0.0/0
![Page 50: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/50.jpg)
SIP via VPN
• Исключите из NAT-a
• Запретите трафик до SIP сервера, через ISP
50
![Page 51: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/51.jpg)
NO NAT
51
![Page 52: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/52.jpg)
NO NAT
52
/ip firewall raw
addchain=prerouting in-interface=Brdige-local \dst-address=192.168.1.0/24 action=notrack
![Page 53: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/53.jpg)
No Forward
53
![Page 54: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/54.jpg)
No Forward
54
/ip routeadddst-address=192.168.0.0/16 type=unreachable distance=250
adddst-address=10.0.0.0/8 type=unreachable distance=250
adddst-address=172.16.0.0/12 type=unreachable distance=250
………
![Page 55: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/55.jpg)
Хочу всё знать
• https://git.kernel.org
• v3.3.5
• net/netfilter/nf_conntrack_sip.c•
![Page 56: SIP Helper в RouterOS - MikroTik · SIP Disabled / Prerouting Internet Protocol Version 4, Src: 192.168.2.100, Dst: 1.1.1.2 User Datagram Protocol, Src Port: 5060, Dst Port: 5060](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f54c9fd9bf5d32ecc5d481a/html5/thumbnails/56.jpg)
Вопросы?
• MikroTik.Me
• Vasilevkirill.com
• https://t.me/mikrotikme
• https://vk.com/mikrotikrus