[OpenSIPS-Users] Weird NAT traversal problem
John Buswell
buswellj at gmail.com
Mon Sep 22 15:27:26 CEST 2008
Hi,
I have a weird NAT traversal problem, I think is just a configuration issue
with OpenSIPS. Outbound dialing works ok, inbound dialing works ok, but
station to station calling does not work.
Phone (behind NAT) <-----> OpenSIPS [nat traversal] <------> SIP-PBX
When the REGISTER comes into OpenSIPS, its doing NAT traversal and then
passing it on to the SIP-PBX. Calls outbound and inbound work ok to a
remote destination. The SIP-PBX is a production from Interactive
Intelligence (i3). The problem appears to be when a new call originates from
the SIP-PBX, it tries to send it directly to the Phone's public IP but does
not have the NAT traversal information.
I think I may have configured OpenSIPS incorrectly, would appreciate someone
with more of a clue about OpenSIPs than me to take a quick sanity check of
the configuration. I swapped out the real IPs with private IPs for security
reasons (10.13.140.245 => SIP-PBX, 10.13.140.240 => SIP-PBX, 10.14.210.97 =>
upstream sip trunk, 10.14.210.99 => SIP-PBX).
route{
#
# -- 1 -- Request Validation
#
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# nat detection
route(5);
#
# -- 2 -- Routing Preprocessing
#
## Record-route all except Register
if (!method=="REGISTER") record_route();
if (uri==myself) {
if (method=="REGISTER") {
if (isflagset(5)) {
setflag(6);
}
save("location");
# exit;
}
}
##Loose_route packets
if (has_totag()) {
#sequential request withing a dialog should
# take the path determined by record-routing
if (loose_route()) {
if(method=="BYE") {
#Account BYE transactions
setflag(2);
};
#Check authentication of re-invites
route(1);
} else {
sl_send_reply("404","Not here");
}
exit;
}
#CANCEL processing
if (is_method("CANCEL")) {
if (t_check_trans()) t_relay();
exit;
};
t_check_trans();
#
# -- 3 -- Determine Request Target
#
if (method=="REGISTER") {
route(2);
} else {
route(3);
};
}
route[1] {
#
# -- 4 -- Forward request to target
#
## Forward statefully
if (subst_uri('/(sip:.*);nat=yes/\1/')){
setflag(6);
};
if (isflagset(5)||isflagset(6)) {
route(6);
}
if (!t_relay()) {
sl_reply_error();
};
exit;
}
route[2] {
rewritehostport("10.13.140.245");
if (subst_uri('/(sip:.*);nat=yes/\1/')){
setflag(6);
};
if (isflagset(5)||isflagset(6)) {
route(6);
}
if (!t_relay()) {
sl_reply_error();
};
exit;
# sl_send_reply("401", "Forbidden");
}
route[3] {
## Non-Register request handler
if (method=="INVITE") {
# Account INVITE packets
setflag(2);
# Account Missed calls
setflag(3);
};
if (src_ip == 10.13.140.240) {
#Verify aliases, if found replace R-URI.
#Verify aliases, if found replace R-URI.
lookup("aliases");
append_hf("P-hint: route3-1 \r\n");
# -- Inbound to outbound
route(11);
} else if (src_ip == 10.13.140.99) {
lookup("aliases");
append_hf("P-hint: route3-2 \r\n");
# -- Inbound to outbound
route(11);
} else if (src_ip == 10.13.140.245) {
lookup("aliases");
append_hf("P-hint: route3-3 \r\n");
# -- Inbound to outbound
route(11);
} else if (src_ip == 10.14.210.97) {
#From an external domain ->do not check credentials
append_hf("P-hint: route3-4 \r\n");
#Verify aliases, if found replace R-URI.
lookup("aliases");
route(12);
} else {
append_hf("P-hint: route3-5 \r\n");
lookup("aliases");
route(12);
};
}
route[4] {
# routing to the public network
record_route();
rewritehostport("10.14.210.97");
route(1);
}
route[5]{
force_rport();
if (nat_uac_test("19")) {
if (method=="REGISTER") {
fix_nated_register();
} else {
fix_nated_contact();
};
setflag(5);
};
}
route[6] {
if (is_method("BYE|CANCEL")) {
unforce_rtp_proxy();
} else if (is_method("INVITE")){
force_rtp_proxy();
t_on_failure("1");
};
if (isflagset(5))
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
t_on_reply("1");
}
route[10] {
#from an internal domain -> inbound
#Native SIP destinations are handled using the location table
#Gateway destinations are handled by regular expressions
append_hf("P-hint: inbound->inbound \r\n");
if (uri=~"^sip:[2-9][0-9]{6}@") {
route(4);
exit;
};
if (uri=~"^sip:[2-9][1-9]{9}@") {
route(4);
exit;
};
if (uri=~"^sip:1[2-9][1-9]{10}@") {
route(4);
exit;
};
if (uri=~"^sip:011[0-9]*@") {
route(4);
exit;
};
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
exit;
};
route(1);
}
route[11] {
# from an internal domain -> outbound
# Simply route the call outbound using DNS search
append_hf("P-hint: inbound->outbound \r\n");
route(4);
}
route[12] {
# From an external domain -> inbound
# Verify aliases, if found replace R-URI.
# lookup("aliases");
# if (!lookup("location")) {
# sl_send_reply("404", "Not Found");
# exit;
# };
record_route();
rewritehostport("10.13.140.245");
route(1);
}
route[13] {
#From an external domain outbound
#we are not accepting these calls
append_hf("P-hint: outbound->inbound \r\n");
sl_send_reply("403", "Forbidden");
exit;
}
failure_route[1] {
if (isflagset(6) || isflagset(5)) {
unforce_rtp_proxy();
}
}
onreply_route[1] {
if ((isflagset(5) || isflagset(6)) && status=~"(183)|(2[0-9][0-9])")
{
force_rtp_proxy();
}
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
if (isflagset(6)) {
fix_nated_contact();
}
exit;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20080922/0543b974/attachment-0001.htm
More information about the Users
mailing list