[OpenSIPS-Users] NAT problem, no-audio when calling outside network... Please help

[Khan]

Hey everyone,

I have been trying to work this for a long time, this mailing list is
my last resort. I have applied NAT traversal using RTP proxy. My
scenario is as follows:
UAC1 (behind NAT) ---> UAC2 (behind NAT)

The UAC's get authenticated fine, call establishes but there is no
voice, neither i hear them nor they hear me. I can't pin point exactly
where did i go wrong. My script is as follows:

route{
## unrelated script has been stripped!!!
	if (nat_uac_test("3")) {
		if (is_method("REGISTER") || !is_present_hf("Record-Route")) {
			log("LOG:Someone trying to register from private IP, rewriting\n");
			# Rewrite contact with source IP of signalling
			fix_nated_contact();
			if ( is_method("INVITE") ) {
				fix_nated_sdp("1"); # Add direction=active to SDP
			};

			force_rport(); # Add rport parameter to topmost Via
			setbflag(6);    # Mark as NATed

			# if you want sip nat pinging
			setbflag(8);

		xlog("L_INFO", "fixNATed and setbflag 6, 8 - M=$rm RURI=$ru F=$fu
T=$tu IP=$si ID=$ci\n");
		};
	};

	# sequential requests...
	if (has_totag()) {
		# sequential request withing a dialog should
		# take the path determined by record-routing
		if (loose_route()) {
			xlog("L_INFO", "Initial loose-routing - M=$rm RURI=$ru F=$fu T=$tu
IP=$si \n");

		# mark routing logic in request
		append_hf("P-hint: rr-enforced\r\n");
			if (is_method("BYE")) {
				setflag(1); # do accounting ...
				setflag(3); # ... even if the transaction fails
			xlog("L_INFO", "BYE ... unforce RTP - M=$rm RURI=$ru F=$fu T=$tu
IP=$si ID=$ci\n");
			unforce_rtp_proxy();
			} else if (is_method("INVITE")) {
				# even if in most of the cases is useless, do RR for
				# re-INVITEs alos, as some buggy clients do change route set
				# during the dialog.
				record_route();
			}
			# route it out to whatever destination was set by loose_route()
			# in $du (destination URI).
			route(1);
		} else {
			if ( is_method("ACK") ) {
				if ( t_check_trans() ) {
					# non loose-route, but stateful ACK; must be an ACK after
					# a 487 or e.g. 404 from upstream server
					t_relay();
					exit;
				} else {
					# ACK without matching transaction ->
					# ignore and discard
					exit;
				}
			}
			sl_send_reply("404","Not here");
		}
		exit;
	}

	#initial requests
	# CANCEL processing
	if (is_method("CANCEL"))
	{
		if (t_check_trans())
			t_relay();
		xlog("L_INFO", "CANCEL ... unforce RTP - M=$rm RURI=$ru F=$fu T=$tu
IP=$si ID=$ci\n");
		unforce_rtp_proxy();
		exit;
	}

	#--> Preventing the UAC problem which sends Option
        ##if(is_method("OPTIONS"))        {
        ##        sl_send_reply("200", "OK");
        ##        exit;
        ##}

        #--> uncommented followings
        if ((method=="OPTIONS|SUBSCRIBE") && from_uri==myself) /*no
multidomain version*/
        ##if (!(method=="OPTIONS") && is_from_local())  /*multidomain version*/
        {
                if (!proxy_authorize("", "subscriber")) {
                        proxy_challenge("", "0");
                        exit;
                }
                if (!check_from()) {
                        sl_send_reply("403","Forbidden auth ID");
                        exit;
                }

                consume_credentials();
                # caller authenticated
        }

	t_check_trans();
	if (!(method=="REGISTER") && from_uri==myself) /*no multidomain version*/
	##if (!(method=="REGISTER") && is_from_local())  /*multidomain version*/
	{
		if (!proxy_authorize("", "subscriber")) {
			proxy_challenge("", "0");
			exit;
		}
		if (!check_from()) {
			sl_send_reply("403","Forbidden auth ID");
			exit;
		}
	
		consume_credentials();
		# caller authenticated
	}

	# preloaded route checking
	if (loose_route()) {
		xlog("L_ERR",
		"Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
		if (!is_method("ACK"))
			sl_send_reply("403","Preload Route denied");
		exit;
	}

	# record routing
	if (!is_method("REGISTER|MESSAGE"))
		record_route();

	# account only INVITEs
	if (is_method("INVITE")) {
		setflag(1); # do accounting
	}
	if (!uri==myself)
	## replace with following line if multi-domain support is used
	##if (!is_uri_host_local())
	{
		append_hf("P-hint: outbound\r\n");
		# if you have some interdomain connections via TLS
		##if($rd=="tls_domain1.net") {
		##	t_relay("tls:domain1.net");
		##	exit;
		##} else if($rd=="tls_domain2.net") {
		##	t_relay("tls:domain2.net");
		##	exit;
		##}
		route(1);
	}

	# requests for my domain
	if (is_method("PUBLISH")) {
		sl_send_reply("503", "Service Unavailable");
		exit;
	}

	if (is_method("REGISTER"))	{
		# authenticate the REGISTER requests (uncomment to enable auth)
		if (!www_authorize("", "subscriber"))	{
		xlog("L_INFO", "1st Pass - Register authentication - M=$rm RURI=$ru
F=$fu T=$tu IP=$si ID=$ci\n");
			www_challenge("", "0");
			exit;
		}
		
		if (!check_to()) {
		xlog("L_INFO", "Spoofed To-URI detected - M=$rm RURI=$ru F=$fu T=$tu
IP=$si ID=$ci\n");
			sl_send_reply("403","Forbidden auth ID");
			exit;
		}

		if (!save("location"))
			sl_reply_error();

		xlog("L_INFO", "2nd Pass - Registration successful - M=$rm RURI=$ru
F=$fu T=$tu IP=$si ID=$ci\n");
		exit;
	}

	if ($rU==NULL) {
		# request with no Username in RURI
		sl_send_reply("484","Address Incomplete");
		exit;
	}


	if (!lookup("location")) {
		switch ($retcode) {
			case -1:
			case -3:
				t_newtran();
				t_reply("404", "Not Found");
				exit;
			case -2:
				sl_send_reply("405", "Method Not Allowed");
				exit;
		}
	}

	# when routing via usrloc, log the missed calls also
	setflag(2);

	route(1);
}



#------>
route[1] {
	if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" &&
!search("^Route:")){
		sl_send_reply("479", "We don't forward to private IP addresses");
		exit;
	};

	if (isbflagset(6)) {
		force_rtp_proxy();
	};

	t_on_reply("1");

#! ***	<<

	# for INVITEs enable some additional helper routes
	if (is_method("INVITE")) {
		t_on_branch("2");
		t_on_reply("2");
		t_on_failure("1");
	}

	# send it out now; use stateful forwarding as it works reliably
	# even for UDP2TCP
	if (!t_relay()) {
		sl_reply_error();
	};
	exit;
}



# !! Nathelper
onreply_route[1] {
	# NATed transaction ?
	if (isbflagset(6) && status =~ "(183)|2[0-9][0-9]") {
		fix_nated_contact();
		force_rtp_proxy();
	# otherwise, is it a transaction behind a NAT and we did not
	# know at time of request processing ? (RFC1918 contacts)
	} else if (nat_uac_test("1")) {
		fix_nated_contact();
	};
}

onreply_route[2] {
	xlog("incoming reply\n");
}



failure_route[1] {
	if (t_was_cancelled()) {
		exit;
	}

}

*************************************************************************

The output capture from WireShark is at the following link.
http://pastebin.com/m1c17484d

Please help me figure out this problem, I appreciate your time.
Thank you,


Khan
VoIP Rookie
Every beginning has an end regardless we believe it or not...