[OpenSIPS-Users] NAT problem
Juan Backson
juanbackson at gmail.com
Tue Nov 25 13:15:31 CET 2008
Hi,
I am having problem with configuring opensips to work with NATed clients.
In my configuration, I am using a B2BUA and Opensips as the sip proxy.
The problem I am having is that when the B2BUA(233.32.345.5:5800) sends out
200 OK, Opensips (192.168.1.101:5060)is able to proxy it to the NATed client
( 116.24.163.21:2751), but the NATed client is not sending back any ACK, so
the B2BUA hangs up after 30 second.
Could someone give me any suggestion on what may be wrong in my config?
Thanks in advance for all the help.
U 233.32.345.5:5800 -> 192.168.1.101:5060
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 192.168.1.101
;branch=z9hG4bK3ab5.9b17c4a1.0;received=233.32.345.5.
Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21
;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.
Record-Route: <sip:192.168.1.101;lr=on;ftag=b81a6b5e;nat=yes>.
From: "1000" <sip:1000 at 233.32.345.5:5060>;tag=b81a6b5e.
To: "0" <sip:0 at 233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
CSeq: 2 INVITE.
Contact: <sip:mod_sofia at 233.32.345.5:5800;transport=udp>.
User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY,
REFER, UPDATE, REGISTER, INFO.
Supported: timer, precondition, path, replaces.
Allow-Events: talk.
Session-Expires: 120;refresher=uas.
Min-SE: 120.
Content-Type: application/sdp.
Content-Disposition: session.
Content-Length: 269.
.
v=0.
o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.
s=FreeSWITCH.
c=IN IP4 233.32.345.5.
t=0 0.
m=audio 10272 RTP/AVP 0 101.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=silenceSupp:off - - - -.
a=ptime:20.
U 192.168.1.101:5060 -> 116.24.163.21:2751
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21
;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.
Record-Route: <sip:192.168.1.101;lr=on;ftag=b81a6b5e;nat=yes>.
From: "1000" <sip:1000 at 233.32.345.5:5060>;tag=b81a6b5e.
To: "0" <sip:0 at 233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
CSeq: 2 INVITE.
Contact: <sip:mod_sofia at 233.32.345.5:5800;transport=udp>.
User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY,
REFER, UPDATE, REGISTER, INFO.
Supported: timer, precondition, path, replaces.
Allow-Events: talk.
Session-Expires: 120;refresher=uas.
Min-SE: 120.
Content-Type: application/sdp.
Content-Disposition: session.
Content-Length: 269.
.
v=0.
o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.
s=FreeSWITCH.
c=IN IP4 233.32.345.5.
t=0 0.
m=audio 10272 RTP/AVP 0 101.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=silenceSupp:off - - - -.
a=ptime:20.
U 192.168.1.101:5800 -> 233.32.345.5:5060
BYE sip:1000 at 116.24.163.21:2751 SIP/2.0.
Via: SIP/2.0/UDP 233.32.345.5:5800;rport;branch=z9hG4bK01H0jSevQ2Nmc.
Route: <sip:192.168.1.101;lr=on;ftag=b81a6b5e;nat=yes>.
Max-Forwards: 70.
From: "0" <sip:0 at 233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
To: "1000" <sip:1000 at 233.32.345.5:5060>;tag=b81a6b5e.
Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
CSeq: 107702524 BYE.
Contact: <sip:mod_sofia at 233.32.345.5:5800;transport=udp>.
User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY,
REFER, UPDATE, REGISTER, INFO.
Supported: timer, precondition, path, replaces.
Reason: SIP;cause=408;text="ACK Timeout".
Content-Length: 0.
.
#
# $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
#
#simple quick-start config script
#Please refer to the Core CookBook at
http://www.openser.org/dokuwiki/doku.php
#for a explanation of possible statements, functions and parameters.
#
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=no
log_stderror=yes # (cmd line: -E)
children=4
port=5060
mpath="/usr/local/lib64/opensips/modules/"
loadmodule "db_mysql.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"
loadmodule "uri.so"
loadmodule "uri_db.so"
loadmodule "domain.so"
loadmodule "xlog.so"
loadmodule "permissions.so"
loadmodule "auth.so"
loadmodule "auth_db.so"
loadmodule "dispatcher.so"
loadmodule "nathelper.so"
loadmodule "mediaproxy.so"
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
modparam("usrloc", "db_mode", 2)
modparam("rr", "enable_full_lr", 1)
modparam("auth_db|usrloc|domain|uri_db|permissions|dispatcher","db_url","mysql://
root:sqlpass at 192.168.1.105/app")
modparam("auth_db","calculate_ha1",yes)
modparam("auth_db","password_column","password")
modparam("auth_db","user_column","sip_user")
modparam("auth_db","load_credentials","agent_id")
modparam("uri_db","db_table","agent")
modparam("uri_db","user_column","sip_user")
modparam("uri_db","use_uri_table",0)
modparam("auth_db","use_domain",0)
modparam("permissions", "db_mode", 1)
modparam("permissions", "trusted_table", "server")
modparam("permissions","source_col","server_ip")
modparam("permissions","proto_col","transport")
modparam("permissions","from_col","from_pattern")
modparam("permissions","tag_col","peer_tag")
modparam("dispatcher","table_name","dispatcher")
modparam("dispatcher","setid_col","setid")
modparam("dispatcher","destination_col","destination")
modparam("dispatcher","flags_col","flags")
modparam("dispatcher","flags",3)
modparam("auth_db","load_credentials","enable")
modparam("nathelper","received_avp", "$avp(i:42)")
modparam("nathelper","received_avp", "$avp(i:42)")
modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7890")
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 0)
modparam("nathelper", "sipping_bflag", 7)
modparam("nathelper", "sipping_from",
"sip:pinger at 8.8.1.20<sip%3Apinger at 8.8.1.20>
")
listen=udp:192.168.1.101:5060
listen=tcp:192.168.1.101:5060
listen=udp:233.32.345.5:5060
listen=tcp:233.32.345.5:5060
# ------------------------- request routing logic -------------------
# main routing logic
route{
xlog("method <$rm> from-header <$fu>\n");
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
## NAT Detection
#
force_rport();
if (nat_uac_test("19")) {
if (method=="REGISTER") {
fix_nated_register();
} else {
fix_nated_contact();
};
setflag(5);
};
if(!is_method("REGISTER")){
if(nat_uac_test("19")){
record_route(";nat=yes");
} else {
record_route();
};
};
if (has_totag()) {
if (loose_route()) {
if(method=="INVITE" && (!allow_trusted())) {
if (!proxy_authorize("","auth")) {
proxy_challenge("","0");
exit;
} else if (!check_from()) {
sl_send_reply("403", "Forbidden, use From=ID");
exit;
};
if ($avp(s:enable)=="0") {
sl_send_reply("403", "Forbidden, use From=ID");
exit;
}
};
route(1);
} else {
sl_send_reply("404","Not here");
}
route(1);
exit;
}
if (is_method("CANCEL")) {
if (t_check_trans())
t_relay();
exit;
}
if (method=="REGISTER") {
route(2);
} else {
route(3);
};
}
route[1] {
# send it out now; use stateful forwarding as it works
# reliably even for UDP2TCP
t_on_reply("1");
t_on_failure("1");
if (!t_relay()) {
sl_reply_error();
};
exit;
}
route[2] {
#
# -- Register request handler --
#
if (is_uri_host_local()) {
if (!www_authorize("", "auth")) {
www_challenge("", "0");
exit;
};
if (!check_to()) {
sl_send_reply("403", "Forbidden");
exit;
};
if ($avp(s:enable)=="0") {
sl_send_reply("403", "Forbidden, use
From=ID");
exit;
}
save("location");
exit;
} else if {
sl_send_reply("403", "Forbidden");
};
}
route[3] {
if (is_from_local()){
# From an internal domain -> check the credentials and the FROM
if (!proxy_authorize("","auth")) {
proxy_challenge("","0");
exit;
} else if (!check_from()) {
sl_send_reply("403", "Forbidden, use From=ID");
exit;
};
consume_credentials();
# Verify aliases
if (is_uri_host_local()) {
# -- Inbound to Inbound
route(10);
} else {
# -- Inbound to outbound
route(11);
};
} else {
if (is_uri_host_local()) {
#-- Outbound to inbound
route(12);
} else {
# -- Outbound to outbound
route(13);
};
};
}
route[4] {
revert_uri();
rewritehostport("233.32.345.5:5800");
route(1);
}
route[6] {
if (is_method("BYE")) {
} else if ((is_method("INVITE"))){
append_hf("P-hint: Route[6]: Rtpproxy \r\n");
t_on_failure("3");
};
}
route[10] {
append_hf("P-hint: inbound->inbound \r\n");
route(4);
}
route[11] {
append_hf("P-hint: inbound->outbound \r\n");
route(1);
}
route[12] {
lookup("aliases");
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
exit;
};
route(1);
}
route[13] {
append_hf("P-hint: outbound->inbound \r\n");
sl_send_reply("403", "Forbidden");
exit;
}
onreply_route[1] {
xlog("L_INFO", "Reply - S=$rs D=$rr F=$fu T=$tu IP=$si ID=$ci\n");
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
fix_nated_contact();
exit;
}
failure_route[1] {
append_hf("P-hint: (4)passed thru failure_route[1]\r\n");
if (t_was_cancelled()) {
exit;
};
if (t_check_status("486")) {
revert_uri();
prefix("b");
xlog("L_ERR","Stepped into the 486 ruri=<$ru>");
#ds_select_dst("2", "4");
rewritehostport("233.32.345.5:5800");
append_branch();
route(1);
exit;
};
if (t_check_status("408") || t_check_status("480")) {
revert_uri();
prefix("u");
xlog("L_ERR","Stepped into the 480 ruri=<$ru>");
#ds_select_dst("2", "4");
rewritehostport("233.32.345.5:5800");
append_branch();
route(1);
exit;
};
}
failure_route[3] {
if (isbflagset(6) || isflagset(5)) {
}
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20081125/c5b5020c/attachment-0001.htm
More information about the Users
mailing list