[OpenSIPS-Users] NAT problem
Juan Backson
juanbackson at gmail.com
Thu Nov 27 13:26:01 CET 2008
Hi Bogdan
Thank you for your help.
The nated client does register to opensips. It is set to register every
3600 sec, min time is 20 s and max time is 1800 s. It is default xLite
setting.
Here is the 200OK I captured from my nated client box:
!'DVVEGTeEd=3SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.1.101
;branch=z9hG4bKbf91.9b9bad57.0;received=233.32.345.5
Via: SIP/2.0/UDP
233.32.345.5:5800;received=233.32.345.5;rport=5800;branch=z9hG4bKNj4y6pUrS49FF
Record-Route: <sip:192.168.1.101;lr;ftag=UD1K6e2FpUgNj>
Contact: <sip:1000 at 192.168.1.100:33756>
To: "1000"<sip:1000 at 233.32.345.5:5060>;tag=194ddb10
From: "0"<sip:0 at 233.32.345.5:5060>;tag=UD1K6e2FpUgNj
Call-ID: MGUzMzZjNGNhNGM3MzY4ZDVjMjg3M2I2OGI2OTc0OWE.
CSeq: 107790129 BYE
User-Agent: X-Lite release 1011s stamp 41150
Content-Length: 0
Here is the INVITE request:
!'DVVEMKd=*INVITE sip:0 at 233.32.345.5:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.100:33756
;branch=z9hG4bK-d87543-8e2c20026843651b-1--d87543-;rport
Max-Forwards: 70
Contact: <sip:1000 at 192.168.1.100:33756>
To: "0"<sip:0 at 233.32.345.5:5060>
From: "1000"<sip:1000 at 233.32.345.5:5060>;tag=194ddb10
Call-ID: MGUzMzZjNGNhNGM3MzY4ZDVjMjg3M2I2OGI2OTc0OWE.
CSeq: 1 INVITE
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE,
INFO
Content-Type: application/sdp
User-Agent: X-Lite release 1011s stamp 41150
Content-Length: 423
v=0
o=- 9 2 IN IP4 192.168.1.100
s=CounterPath X-Lite 3.0
c=IN IP4 192.168.1.100
t=0 0
m=audio 26258 RTP/AVP 107 119 100 106 0 105 98 8 101
a=alt:1 1 : LGfU4oal SL5N8UZJ 192.168.1.100 26258
a=fmtp:101 0-15
a=rtpmap:107 BV32/16000
a=rtpmap:119 BV32-FEC/16000
a=rtpmap:100 SPEEX/16000
a=rtpmap:106 SPEEX-FEC/16000
a=rtpmap:105 SPEEX-FEC/8000
a=rtpmap:98 iLBC/8000
a=rtpmap:101 telephone-event/8000
a=sendrecv
On Thu, Nov 27, 2008 at 1:53 AM, Bogdan-Andrei Iancu <bogdan at voice-system.ro
> wrote:
> Hi Juan,
>
> I need to see the request part also to figure out if the flow through the
> NAT is ok or not.
>
> As a side note - could you check if the device behind the nat is actually
> receiving the 200 OK?. Because a typical reason for a missing ACK is a
> missing 200 OK.
>
> Another question - the device placing the call (from behind the nat) is
> registered or not? what is the estimated setup time in this case (time
> between invite and 200 OK) ?
>
> Regards,
> Bogdan
>
> Juan Backson wrote:
>
>> Hi,
>>
>> I am having problem with configuring opensips to work with NATed clients.
>> In my configuration, I am using a B2BUA and Opensips as the sip proxy.
>> The problem I am having is that when the B2BUA(233.32.345.5:5800) sends
>> out 200 OK, Opensips (192.168.1.101:5060)is able to proxy it to the NATed
>> client ( 116.24.163.21:2751 <http://116.24.163.21:2751>), but the NATed
>> client is not sending back any ACK, so the B2BUA hangs up after 30 second.
>> Could someone give me any suggestion on what may be wrong in my config?
>>
>> Thanks in advance for all the help.
>>
>>
>> U 233.32.345.5:5800 -> 192.168.1.101:5060 <http://192.168.1.101:5060>
>> SIP/2.0 200 OK.
>> Via: SIP/2.0/UDP 192.168.1.101 <http://192.168.1.101
>> >;branch=z9hG4bK3ab5.9b17c4a1.0;received=233.32.345.5.
>> Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21 <
>> http://116.24.163.21
>> >;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.
>> Record-Route: <sip:192.168.1.101 <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.
>>
>>
>> From: "1000" <sip:1000 at 233.32.345.5:5060>;tag=b81a6b5e.
>> To: "0" <sip:0 at 233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
>> Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
>> CSeq: 2 INVITE.
>> Contact: <sip:mod_sofia at 233.32.345.5:5800;transport=udp>.
>> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
>> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE,
>> NOTIFY, REFER, UPDATE, REGISTER, INFO.
>> Supported: timer, precondition, path, replaces.
>> Allow-Events: talk.
>> Session-Expires: 120;refresher=uas.
>> Min-SE: 120.
>> Content-Type: application/sdp.
>> Content-Disposition: session.
>> Content-Length: 269.
>> .
>> v=0.
>> o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.
>> s=FreeSWITCH.
>> c=IN IP4 233.32.345.5.
>> t=0 0.
>> m=audio 10272 RTP/AVP 0 101.
>> a=rtpmap:0 PCMU/8000.
>> a=rtpmap:101 telephone-event/8000.
>> a=fmtp:101 0-16.
>> a=silenceSupp:off - - - -.
>> a=ptime:20.
>>
>>
>> U 192.168.1.101:5060 <http://192.168.1.101:5060> -> 116.24.163.21:2751 <
>> http://116.24.163.21:2751>
>> SIP/2.0 200 OK.
>> Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21 <
>> http://116.24.163.21
>> >;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.
>> Record-Route: <sip:192.168.1.101 <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.
>>
>>
>> From: "1000" <sip:1000 at 233.32.345.5:5060>;tag=b81a6b5e.
>> To: "0" <sip:0 at 233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
>> Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
>> CSeq: 2 INVITE.
>> Contact: <sip:mod_sofia at 233.32.345.5:5800;transport=udp>.
>> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
>> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE,
>> NOTIFY, REFER, UPDATE, REGISTER, INFO.
>> Supported: timer, precondition, path, replaces.
>> Allow-Events: talk.
>> Session-Expires: 120;refresher=uas.
>> Min-SE: 120.
>> Content-Type: application/sdp.
>> Content-Disposition: session.
>> Content-Length: 269.
>> .
>> v=0.
>> o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.
>> s=FreeSWITCH.
>> c=IN IP4 233.32.345.5.
>> t=0 0.
>> m=audio 10272 RTP/AVP 0 101.
>> a=rtpmap:0 PCMU/8000.
>> a=rtpmap:101 telephone-event/8000.
>> a=fmtp:101 0-16.
>> a=silenceSupp:off - - - -.
>> a=ptime:20.
>>
>>
>> U 192.168.1.101:5800 <http://192.168.1.101:5800> -> 233.32.345.5:5060
>> BYE sip:1000 at 116.24.163.21:2751 <http://sip:1000@116.24.163.21:2751>
>> SIP/2.0.
>> Via: SIP/2.0/UDP 233.32.345.5:5800;rport;branch=z9hG4bK01H0jSevQ2Nmc.
>> Route: <sip:192.168.1.101 <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.
>>
>>
>> Max-Forwards: 70.
>> From: "0" <sip:0 at 233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
>> To: "1000" <sip:1000 at 233.32.345.5:5060>;tag=b81a6b5e.
>> Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
>> CSeq: 107702524 BYE.
>> Contact: <sip:mod_sofia at 233.32.345.5:5800;transport=udp>.
>> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
>> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE,
>> NOTIFY, REFER, UPDATE, REGISTER, INFO.
>> Supported: timer, precondition, path, replaces.
>> Reason: SIP;cause=408;text="ACK Timeout".
>> Content-Length: 0.
>> .
>>
>>
>>
>>
>> #
>> # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
>> #
>> #simple quick-start config script
>> #Please refer to the Core CookBook at
>> http://www.openser.org/dokuwiki/doku.php
>> #for a explanation of possible statements, functions and parameters.
>> #
>> # ----------- global configuration parameters ------------------------
>> debug=3 # debug level (cmd line: -dddddddddd)
>> fork=no
>> log_stderror=yes # (cmd line: -E)
>> children=4
>> port=5060
>> mpath="/usr/local/lib64/opensips/modules/"
>> loadmodule "db_mysql.so"
>> loadmodule "sl.so"
>> loadmodule "tm.so"
>> loadmodule "rr.so"
>> loadmodule "maxfwd.so"
>> loadmodule "usrloc.so"
>> loadmodule "registrar.so"
>> loadmodule "textops.so"
>> loadmodule "mi_fifo.so"
>> loadmodule "uri.so"
>> loadmodule "uri_db.so"
>> loadmodule "domain.so"
>> loadmodule "xlog.so"
>> loadmodule "permissions.so"
>> loadmodule "auth.so"
>> loadmodule "auth_db.so"
>> loadmodule "dispatcher.so"
>> loadmodule "nathelper.so"
>> loadmodule "mediaproxy.so"
>>
>>
>>
>>
>>
>>
>>
>>
>> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
>> modparam("usrloc", "db_mode", 2)
>>
>> modparam("rr", "enable_full_lr", 1)
>>
>> modparam("auth_db|usrloc|domain|uri_db|permissions|dispatcher","db_url","mysql://
>> root:sqlpass at 192.168.1.105/app <http://root:sqlpass@192.168.1.105/app>")
>> modparam("auth_db","calculate_ha1",yes)
>> modparam("auth_db","password_column","password")
>> modparam("auth_db","user_column","sip_user")
>> modparam("auth_db","load_credentials","agent_id")
>> modparam("uri_db","db_table","agent")
>> modparam("uri_db","user_column","sip_user")
>> modparam("uri_db","use_uri_table",0)
>> modparam("auth_db","use_domain",0)
>> modparam("permissions", "db_mode", 1)
>> modparam("permissions", "trusted_table", "server")
>> modparam("permissions","source_col","server_ip")
>> modparam("permissions","proto_col","transport")
>> modparam("permissions","from_col","from_pattern")
>> modparam("permissions","tag_col","peer_tag")
>> modparam("dispatcher","table_name","dispatcher")
>> modparam("dispatcher","setid_col","setid")
>> modparam("dispatcher","destination_col","destination")
>> modparam("dispatcher","flags_col","flags")
>> modparam("dispatcher","flags",3)
>> modparam("auth_db","load_credentials","enable")
>>
>>
>> modparam("nathelper","received_avp", "$avp(i:42)")
>>
>> modparam("nathelper","received_avp", "$avp(i:42)")
>> modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7890 <
>> http://127.0.0.1:7890>")
>> modparam("nathelper", "natping_interval", 30)
>> modparam("nathelper", "ping_nated_only", 0)
>> modparam("nathelper", "sipping_bflag", 7)
>> modparam("nathelper", "sipping_from", "sip:pinger at 8.8.1.20<sip%3Apinger at 8.8.1.20><mailto:
>> sip%3Apinger at 8.8.1.20 <sip%253Apinger at 8.8.1.20>>")
>>
>>
>> listen=udp:192.168.1.101:5060 <http://192.168.1.101:5060>
>> listen=tcp:192.168.1.101:5060 <http://192.168.1.101:5060>
>>
>> listen=udp:233.32.345.5:5060
>> listen=tcp:233.32.345.5:5060
>> # ------------------------- request routing logic -------------------
>> # main routing logic
>> route{
>> xlog("method <$rm> from-header <$fu>\n");
>> # initial sanity checks -- messages with
>> # max_forwards==0, or excessively long requests
>> if (!mf_process_maxfwd_header("10")) {
>> sl_send_reply("483","Too Many Hops");
>> exit;
>> };
>> if (msg:len >= 2048 ) {
>> sl_send_reply("513", "Message too big");
>> exit;
>> };
>> # we record-route all messages -- to make sure that
>> # subsequent messages will go through our proxy; that's
>> # particularly good if upstream and downstream entities
>> # use different transport protocol
>>
>> ## NAT Detection #
>> force_rport();
>> if (nat_uac_test("19")) {
>> if (method=="REGISTER") {
>> fix_nated_register();
>> } else {
>> fix_nated_contact();
>> };
>> setflag(5);
>> };
>>
>> if(!is_method("REGISTER")){
>> if(nat_uac_test("19")){
>> record_route(";nat=yes");
>> } else {
>> record_route();
>> };
>> };
>>
>> if (has_totag()) {
>> if (loose_route()) {
>>
>> if(method=="INVITE" && (!allow_trusted())) {
>> if (!proxy_authorize("","auth")) {
>> proxy_challenge("","0");
>> exit;
>> } else if (!check_from()) {
>> sl_send_reply("403", "Forbidden, use
>> From=ID");
>> exit;
>> };
>> if ($avp(s:enable)=="0") {
>> sl_send_reply("403", "Forbidden, use From=ID");
>> exit;
>> }
>> };
>> route(1);
>> } else {
>> sl_send_reply("404","Not here");
>> }
>> route(1);
>> exit;
>> }
>> if (is_method("CANCEL")) {
>> if (t_check_trans()) t_relay();
>> exit;
>> }
>> if (method=="REGISTER") {
>> route(2);
>> } else {
>> route(3);
>> };
>> }
>> route[1] {
>>
>>
>> # send it out now; use stateful forwarding as it works
>> # reliably even for UDP2TCP
>> t_on_reply("1");
>> t_on_failure("1");
>> if (!t_relay()) {
>> sl_reply_error();
>> };
>> exit;
>> }
>> route[2] {
>> #
>> # -- Register request handler --
>> #
>> if (is_uri_host_local()) {
>> if (!www_authorize("", "auth")) {
>> www_challenge("", "0");
>> exit;
>>
>> };
>> if (!check_to()) {
>> sl_send_reply("403", "Forbidden");
>> exit;
>> };
>>
>> if ($avp(s:enable)=="0") {
>> sl_send_reply("403", "Forbidden,
>> use From=ID");
>> exit;
>> }
>> save("location");
>> exit;
>> } else if {
>> sl_send_reply("403", "Forbidden");
>> };
>> }
>> route[3] {
>>
>> if (is_from_local()){
>> # From an internal domain -> check the credentials and the FROM
>> if (!proxy_authorize("","auth")) {
>> proxy_challenge("","0");
>> exit;
>> } else if (!check_from()) {
>> sl_send_reply("403", "Forbidden, use
>> From=ID");
>> exit;
>> };
>> consume_credentials();
>> # Verify aliases
>> if (is_uri_host_local()) {
>> # -- Inbound to Inbound
>> route(10);
>> } else {
>> # -- Inbound to outbound
>> route(11);
>> };
>> } else {
>> if (is_uri_host_local()) {
>> #-- Outbound to inbound
>> route(12);
>> } else {
>> # -- Outbound to outbound
>> route(13);
>> };
>> };
>> }
>> route[4] {
>> revert_uri();
>> rewritehostport("233.32.345.5:5800");
>> route(1);
>>
>>
>>
>>
>> }
>>
>>
>> route[6] {
>> if (is_method("BYE")) {
>> } else if ((is_method("INVITE"))){
>> append_hf("P-hint: Route[6]: Rtpproxy \r\n");
>> t_on_failure("3");
>> };
>> }
>> route[10] {
>> append_hf("P-hint: inbound->inbound \r\n");
>> route(4);
>> }
>> route[11] {
>> append_hf("P-hint: inbound->outbound \r\n");
>> route(1);
>> }
>> route[12] {
>> lookup("aliases");
>> if (!lookup("location")) {
>> sl_send_reply("404", "Not Found");
>> exit;
>> };
>> route(1);
>> }
>> route[13] {
>> append_hf("P-hint: outbound->inbound \r\n");
>> sl_send_reply("403", "Forbidden");
>> exit;
>> }
>> onreply_route[1] {
>> xlog("L_INFO", "Reply - S=$rs D=$rr F=$fu T=$tu IP=$si ID=$ci\n");
>> search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
>> fix_nated_contact();
>> exit;
>>
>> }
>> failure_route[1] {
>> append_hf("P-hint: (4)passed thru failure_route[1]\r\n");
>>
>>
>>
>>
>>
>>
>> if (t_was_cancelled()) {
>> exit;
>> };
>> if (t_check_status("486")) {
>> revert_uri();
>> prefix("b");
>> xlog("L_ERR","Stepped into the 486 ruri=<$ru>");
>> #ds_select_dst("2", "4");
>> rewritehostport("233.32.345.5:5800");
>> append_branch();
>> route(1);
>> exit;
>> };
>> if (t_check_status("408") || t_check_status("480")) {
>> revert_uri();
>> prefix("u");
>> xlog("L_ERR","Stepped into the 480 ruri=<$ru>");
>> #ds_select_dst("2", "4");
>> rewritehostport("233.32.345.5:5800"); append_branch();
>> route(1);
>> exit;
>> };
>> }
>>
>>
>> failure_route[3] {
>> if (isbflagset(6) || isflagset(5)) {
>> }
>> }
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20081127/426bf5b8/attachment-0001.htm
More information about the Users
mailing list