[OpenSIPS-Users] NAT problem
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Wed Nov 26 18:53:59 CET 2008
Hi Juan,
I need to see the request part also to figure out if the flow through
the NAT is ok or not.
As a side note - could you check if the device behind the nat is
actually receiving the 200 OK?. Because a typical reason for a missing
ACK is a missing 200 OK.
Another question - the device placing the call (from behind the nat) is
registered or not? what is the estimated setup time in this case (time
between invite and 200 OK) ?
Regards,
Bogdan
Juan Backson wrote:
> Hi,
>
> I am having problem with configuring opensips to work with NATed
> clients. In my configuration, I am using a B2BUA and Opensips as the
> sip proxy.
>
> The problem I am having is that when the B2BUA(233.32.345.5:5800)
> sends out 200 OK, Opensips (192.168.1.101:5060)is able to proxy it to
> the NATed client ( 116.24.163.21:2751 <http://116.24.163.21:2751>),
> but the NATed client is not sending back any ACK, so the B2BUA hangs
> up after 30 second.
>
> Could someone give me any suggestion on what may be wrong in my config?
>
> Thanks in advance for all the help.
>
>
> U 233.32.345.5:5800 -> 192.168.1.101:5060 <http://192.168.1.101:5060>
> SIP/2.0 200 OK.
> Via: SIP/2.0/UDP 192.168.1.101
> <http://192.168.1.101>;branch=z9hG4bK3ab5.9b17c4a1.0;received=233.32.345.5.
> Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21
> <http://116.24.163.21>;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.
> Record-Route: <sip:192.168.1.101
> <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.
> From: "1000" <sip:1000 at 233.32.345.5:5060>;tag=b81a6b5e.
> To: "0" <sip:0 at 233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
> Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
> CSeq: 2 INVITE.
> Contact: <sip:mod_sofia at 233.32.345.5:5800;transport=udp>.
> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE,
> NOTIFY, REFER, UPDATE, REGISTER, INFO.
> Supported: timer, precondition, path, replaces.
> Allow-Events: talk.
> Session-Expires: 120;refresher=uas.
> Min-SE: 120.
> Content-Type: application/sdp.
> Content-Disposition: session.
> Content-Length: 269.
> .
> v=0.
> o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.
> s=FreeSWITCH.
> c=IN IP4 233.32.345.5.
> t=0 0.
> m=audio 10272 RTP/AVP 0 101.
> a=rtpmap:0 PCMU/8000.
> a=rtpmap:101 telephone-event/8000.
> a=fmtp:101 0-16.
> a=silenceSupp:off - - - -.
> a=ptime:20.
>
>
> U 192.168.1.101:5060 <http://192.168.1.101:5060> -> 116.24.163.21:2751
> <http://116.24.163.21:2751>
> SIP/2.0 200 OK.
> Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21
> <http://116.24.163.21>;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.
> Record-Route: <sip:192.168.1.101
> <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.
> From: "1000" <sip:1000 at 233.32.345.5:5060>;tag=b81a6b5e.
> To: "0" <sip:0 at 233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
> Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
> CSeq: 2 INVITE.
> Contact: <sip:mod_sofia at 233.32.345.5:5800;transport=udp>.
> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE,
> NOTIFY, REFER, UPDATE, REGISTER, INFO.
> Supported: timer, precondition, path, replaces.
> Allow-Events: talk.
> Session-Expires: 120;refresher=uas.
> Min-SE: 120.
> Content-Type: application/sdp.
> Content-Disposition: session.
> Content-Length: 269.
> .
> v=0.
> o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.
> s=FreeSWITCH.
> c=IN IP4 233.32.345.5.
> t=0 0.
> m=audio 10272 RTP/AVP 0 101.
> a=rtpmap:0 PCMU/8000.
> a=rtpmap:101 telephone-event/8000.
> a=fmtp:101 0-16.
> a=silenceSupp:off - - - -.
> a=ptime:20.
>
>
> U 192.168.1.101:5800 <http://192.168.1.101:5800> -> 233.32.345.5:5060
> BYE sip:1000 at 116.24.163.21:2751 <http://sip:1000@116.24.163.21:2751>
> SIP/2.0.
> Via: SIP/2.0/UDP 233.32.345.5:5800;rport;branch=z9hG4bK01H0jSevQ2Nmc.
> Route: <sip:192.168.1.101
> <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.
> Max-Forwards: 70.
> From: "0" <sip:0 at 233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
> To: "1000" <sip:1000 at 233.32.345.5:5060>;tag=b81a6b5e.
> Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
> CSeq: 107702524 BYE.
> Contact: <sip:mod_sofia at 233.32.345.5:5800;transport=udp>.
> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE,
> NOTIFY, REFER, UPDATE, REGISTER, INFO.
> Supported: timer, precondition, path, replaces.
> Reason: SIP;cause=408;text="ACK Timeout".
> Content-Length: 0.
> .
>
>
>
>
> #
> # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
> #
> #simple quick-start config script
> #Please refer to the Core CookBook at
> http://www.openser.org/dokuwiki/doku.php
> #for a explanation of possible statements, functions and parameters.
> #
> # ----------- global configuration parameters ------------------------
> debug=3 # debug level (cmd line: -dddddddddd)
> fork=no
> log_stderror=yes # (cmd line: -E)
> children=4
> port=5060
> mpath="/usr/local/lib64/opensips/modules/"
> loadmodule "db_mysql.so"
> loadmodule "sl.so"
> loadmodule "tm.so"
> loadmodule "rr.so"
> loadmodule "maxfwd.so"
> loadmodule "usrloc.so"
> loadmodule "registrar.so"
> loadmodule "textops.so"
> loadmodule "mi_fifo.so"
> loadmodule "uri.so"
> loadmodule "uri_db.so"
> loadmodule "domain.so"
> loadmodule "xlog.so"
> loadmodule "permissions.so"
> loadmodule "auth.so"
> loadmodule "auth_db.so"
> loadmodule "dispatcher.so"
> loadmodule "nathelper.so"
> loadmodule "mediaproxy.so"
>
>
>
>
>
>
>
>
>
> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
> modparam("usrloc", "db_mode", 2)
>
>
>
> modparam("rr", "enable_full_lr", 1)
>
> modparam("auth_db|usrloc|domain|uri_db|permissions|dispatcher","db_url","mysql://root:sqlpass@192.168.1.105/app
> <http://root:sqlpass@192.168.1.105/app>")
> modparam("auth_db","calculate_ha1",yes)
> modparam("auth_db","password_column","password")
> modparam("auth_db","user_column","sip_user")
> modparam("auth_db","load_credentials","agent_id")
>
> modparam("uri_db","db_table","agent")
> modparam("uri_db","user_column","sip_user")
> modparam("uri_db","use_uri_table",0)
> modparam("auth_db","use_domain",0)
>
> modparam("permissions", "db_mode", 1)
> modparam("permissions", "trusted_table", "server")
> modparam("permissions","source_col","server_ip")
> modparam("permissions","proto_col","transport")
> modparam("permissions","from_col","from_pattern")
> modparam("permissions","tag_col","peer_tag")
>
> modparam("dispatcher","table_name","dispatcher")
> modparam("dispatcher","setid_col","setid")
> modparam("dispatcher","destination_col","destination")
> modparam("dispatcher","flags_col","flags")
> modparam("dispatcher","flags",3)
>
> modparam("auth_db","load_credentials","enable")
>
>
> modparam("nathelper","received_avp", "$avp(i:42)")
>
> modparam("nathelper","received_avp", "$avp(i:42)")
> modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7890
> <http://127.0.0.1:7890>")
> modparam("nathelper", "natping_interval", 30)
> modparam("nathelper", "ping_nated_only", 0)
> modparam("nathelper", "sipping_bflag", 7)
> modparam("nathelper", "sipping_from", "sip:pinger at 8.8.1.20
> <mailto:sip%3Apinger at 8.8.1.20>")
>
>
>
> listen=udp:192.168.1.101:5060 <http://192.168.1.101:5060>
> listen=tcp:192.168.1.101:5060 <http://192.168.1.101:5060>
> listen=udp:233.32.345.5:5060
> listen=tcp:233.32.345.5:5060
>
>
> # ------------------------- request routing logic -------------------
> # main routing logic
> route{
>
> xlog("method <$rm> from-header <$fu>\n");
> # initial sanity checks -- messages with
> # max_forwards==0, or excessively long requests
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> exit;
> };
> if (msg:len >= 2048 ) {
> sl_send_reply("513", "Message too big");
> exit;
> };
> # we record-route all messages -- to make sure that
> # subsequent messages will go through our proxy; that's
> # particularly good if upstream and downstream entities
> # use different transport protocol
>
>
> ## NAT Detection
> #
> force_rport();
> if (nat_uac_test("19")) {
> if (method=="REGISTER") {
> fix_nated_register();
> } else {
> fix_nated_contact();
> };
> setflag(5);
> };
>
>
> if(!is_method("REGISTER")){
> if(nat_uac_test("19")){
> record_route(";nat=yes");
> } else {
> record_route();
> };
> };
>
>
>
> if (has_totag()) {
> if (loose_route()) {
>
> if(method=="INVITE" && (!allow_trusted())) {
> if (!proxy_authorize("","auth")) {
>
> proxy_challenge("","0");
> exit;
> } else if (!check_from()) {
>
> sl_send_reply("403", "Forbidden, use
> From=ID");
> exit;
> };
>
> if ($avp(s:enable)=="0") {
> sl_send_reply("403", "Forbidden, use From=ID");
>
> exit;
>
>
> }
> };
>
> route(1);
> } else {
> sl_send_reply("404","Not here");
> }
> route(1);
> exit;
> }
>
>
>
>
> if (is_method("CANCEL")) {
> if (t_check_trans())
> t_relay();
> exit;
> }
> if (method=="REGISTER") {
> route(2);
> } else {
> route(3);
> };
>
> }
> route[1] {
>
>
> # send it out now; use stateful forwarding as it works
> # reliably even for UDP2TCP
>
> t_on_reply("1");
> t_on_failure("1");
>
> if (!t_relay()) {
> sl_reply_error();
> };
> exit;
> }
>
> route[2] {
> #
> # -- Register request handler --
> #
> if (is_uri_host_local()) {
>
> if (!www_authorize("", "auth")) {
>
>
> www_challenge("", "0");
>
> exit;
>
> };
>
> if (!check_to()) {
>
> sl_send_reply("403", "Forbidden");
> exit;
> };
>
> if ($avp(s:enable)=="0") {
> sl_send_reply("403",
> "Forbidden, use From=ID");
>
> exit;
> }
>
> save("location");
> exit;
> } else if {
>
> sl_send_reply("403", "Forbidden");
> };
> }
>
> route[3] {
>
>
> if (is_from_local()){
> # From an internal domain -> check the credentials and the
> FROM
>
> if (!proxy_authorize("","auth")) {
> proxy_challenge("","0");
>
> exit;
> } else if (!check_from()) {
>
> sl_send_reply("403", "Forbidden, use From=ID");
> exit;
> };
>
> consume_credentials();
> # Verify aliases
>
> if (is_uri_host_local()) {
> # -- Inbound to Inbound
> route(10);
> } else {
> # -- Inbound to outbound
> route(11);
> };
> } else {
>
> if (is_uri_host_local()) {
> #-- Outbound to inbound
> route(12);
> } else {
> # -- Outbound to outbound
> route(13);
> };
> };
> }
>
>
> route[4] {
> revert_uri();
> rewritehostport("233.32.345.5:5800");
> route(1);
>
>
>
>
> }
>
>
>
> route[6] {
> if (is_method("BYE")) {
>
> } else if ((is_method("INVITE"))){
>
> append_hf("P-hint: Route[6]: Rtpproxy \r\n");
> t_on_failure("3");
> };
> }
>
>
> route[10] {
> append_hf("P-hint: inbound->inbound \r\n");
> route(4);
>
> }
> route[11] {
> append_hf("P-hint: inbound->outbound \r\n");
> route(1);
> }
> route[12] {
> lookup("aliases");
> if (!lookup("location")) {
> sl_send_reply("404", "Not Found");
> exit;
> };
> route(1);
> }
> route[13] {
> append_hf("P-hint: outbound->inbound \r\n");
> sl_send_reply("403", "Forbidden");
> exit;
> }
>
>
> onreply_route[1] {
> xlog("L_INFO", "Reply - S=$rs D=$rr F=$fu T=$tu IP=$si ID=$ci\n");
> search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
> fix_nated_contact();
> exit;
>
>
> }
> failure_route[1] {
> append_hf("P-hint: (4)passed thru failure_route[1]\r\n");
>
>
>
>
>
>
> if (t_was_cancelled()) {
> exit;
> };
> if (t_check_status("486")) {
> revert_uri();
> prefix("b");
> xlog("L_ERR","Stepped into the 486 ruri=<$ru>");
> #ds_select_dst("2", "4");
> rewritehostport("233.32.345.5:5800");
> append_branch();
> route(1);
> exit;
> };
> if (t_check_status("408") || t_check_status("480")) {
> revert_uri();
> prefix("u");
> xlog("L_ERR","Stepped into the 480 ruri=<$ru>");
> #ds_select_dst("2", "4");
> rewritehostport("233.32.345.5:5800");
> append_branch();
> route(1);
> exit;
> };
>
>
>
> }
>
>
> failure_route[3] {
> if (isbflagset(6) || isflagset(5)) {
>
> }
>
> }
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
More information about the Users
mailing list