[OpenSIPS-Users] OpenSIPS behind Static NAT (Amazon EC2)
Brendan Sterne
brendan at callvine.com
Tue Apr 27 22:39:38 CEST 2010
Greetings,
I am experimenting with using OpenSIPS in Amazon EC2 to distribute
calls to Asterisk instances (also running in Amazon EC2). The
challenge is that servers on Amazon EC2 have private IPs to
communicate with each other, but different public IPs when accessed
from without EC2. Basically Amazon has a Static NAT setup that does
IP translation (but not port translation). Amazon provides a public
DNS name that resolves to the public host IP outside of Amazon EC2,
and to the private host IP inside of Amazon EC2.
I know that it is not recommended to use OpenSIPS behind a NAT, but
I'm curious if I can make this work. Right now I'm focusing on
inbound calls, SIP call control only (I will use nathelper / rtpproxy
as necessary to help with media later).
Here's the scenario for the invite:
Soft Phone -------> EC2 Firewall -----> OpenSIPS -----> Asterisk
The INVITE,100,200 works fine - I have opensips redirect to the
Asterisk using
rewritehostport(<asterisk_dns_name>);
And I use record_route_preset() to record the Public DNS in the
route. This will create a Route Set that will work both ways (from
the Soft Phone, and from the Asterisk).
record_route_preset(<opensips_dns_name>)
The problem I'm having is with the ACK. It is being routed from the
Soft Phone to the OpenSIPS via it's Amazon DNS name (ec2-204-236-245-16.compute-1.amazonaws.com
), but the OpenSIPS isn't recognizing the name as a local alias. I
have alias set: alias="ec2-204-236-245-16.compute-1.amazonaws.com:
5060", but the opensips log shows "Topmost URI is NOT myself" (you can
see more below). I have attached my config, logs, and a sip trace.
Any suggestions are appreciated.
My setup
=======
SJPhone, behind NAT, private IP: 192.168.1.103, public IP: 66.90.153.244
Opensips, Amazon EC2, DNS ec2-204-236-245-16.compute-1.amazonaws.com,
private IP 10.241.38.192, public IP 204.236.245.16
Asterisk, Amazon EC2, DNS ec2-204-236-221-166.compute-1.amazonaws.com,
private IP 10.192.162.85, public IP 204.236.221.166
My opensips.cfg
=============
debug=9
log_stderror=no
log_facility=LOG_LOCAL0
fork=yes
children=4
port=5060
advertised_address="ec2-204-236-245-16.compute-1.amazonaws.com"
alias="ec2-204-236-245-16.compute-1.amazonaws.com:5060"
mpath="/usr/local/lib/opensips/modules/"
loadmodule "db_mysql.so"
loadmodule "signaling.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"
loadmodule "uri.so"
loadmodule "xlog.so"
loadmodule "mi_xmlrpc.so"
loadmodule "dialplan.so"
loadmodule "nathelper.so"
modparam("mi_xmlrpc", "port", 8000)
modparam("mi_xmlrpc", "log_file", "/var/log/abyss.log")
modparam("dialplan", "db_url", "mysql://<user>:<pass>@localhost/
opensips")
modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock")
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
modparam("rr", "enable_full_lr", 1)
modparam("rr", "append_fromtag", 0)
modparam("uri", "use_uri_table", 0)
route{
xlog("L_INFO","CVAPP: route($rm/$du/$fu/$tu)");
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
}
if (!has_totag()) {
xlog("L_INFO","CVAPP: initial request");
# CANCEL processing
if (is_method("CANCEL"))
{
if (t_check_trans())
t_relay();
exit;
}
t_check_trans();
# record routing
if (!is_method("REGISTER|MESSAGE")) {
xlog("L_INFO","CVAPP: recording route");
record_route_preset("ec2-204-236-245-16.compute-1.amazonaws.com
");
}
# requests for my domain
if (uri==myself)
{
sl_send_reply("503", "Service Unavailable");
exit;
}
route(1);
} else {
xlog("L_INFO","CVAPP: sequential request");
# sequential request withing a dialog should
# take the path determined by record-routing
if (loose_route()) {
xlog("L_INFO","CVAPP: loose_route was true");
# route it out to whatever destination was
set by loose_route()
# in $du (destination URI).
route(1);
} else {
xlog("L_INFO","CVAPP: loose_route was
false");
if ( is_method("ACK") ) {
xlog("L_INFO","CVAPP: is ACK");
if ( t_check_trans() ) {
xlog("L_INFO","CVAPP: found
matching transaction");
# non loose-route, but
stateful ACK; must be an ACK after
# a 487 or e.g. 404 from
upstream server
t_relay();
exit;
} else {
xlog("L_INFO","CVAPP: no
matching transaction");
# ACK without matching
transaction ->
# ignore and discard
exit;
}
}
xlog("L_INFO","CVAPP: sending 404 Not here");
sl_send_reply("404","Not here");
}
exit;
}
}
route[1] {
xlog("L_INFO","CVAPP: in route[1]");
xlog("L_INFO","CVAPP: rewritinghostport()");
rewritehostport("ec2-204-236-221-166.compute-1.amazonaws.com:
5060");
xlog("L_INFO","CVAPP: t_relay()");
if (!t_relay()) {
sl_reply_error();
};
exit;
}
The opensips log is:
----------------------
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: CVAPP: route(ACK/<null>/sip:192.168.1.103/sip:7005551212 at ec2-204-236-245-16.compute-1.amazonaws.com
)
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:maxfwd:is_maxfwd_present: value = 1
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:uri:has_totag: totag found
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: CVAPP: sequential request
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:parse_headers: flags=200
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:rr:is_preloaded: is_preloaded: No
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:grep_sock_info: checking if host==us: 43==9 && [ec2-204-236-221-166.compute-1.amazonaws.com
] == [127.0.0.1]
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:grep_sock_info: checking if port 5060 matches port
5060
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:grep_sock_info: checking if host==us: 43==13 && [ec2-204-236-221-166.compute-1.amazonaws.com
] == [10.241.38.192]
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:grep_sock_info: checking if port 5060 matches port
5060
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:grep_sock_info: checking if host==us: 43==9 && [ec2-204-236-221-166.compute-1.amazonaws.com
] == [127.0.0.1]
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:grep_sock_info: checking if port 5060 matches port
5060
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:grep_sock_info: checking if host==us: 43==13 && [ec2-204-236-221-166.compute-1.amazonaws.com
] == [10.241.38.192]
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:grep_sock_info: checking if port 5060 matches port
5060
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:check_self: host != me
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:grep_sock_info: checking if host==us: 42==9 && [ec2-204-236-245-16.compute-1.amazonaws.com
] == [127.0.0.1]
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:grep_sock_info: checking if port 5060 matches port
5060
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:grep_sock_info: checking if host==us: 42==13 && [ec2-204-236-245-16.compute-1.amazonaws.com
] == [10.241.38.192]
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:grep_sock_info: checking if port 5060 matches port
5060
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:grep_sock_info: checking if host==us: 42==9 && [ec2-204-236-245-16.compute-1.amazonaws.com
] == [127.0.0.1]
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:grep_sock_info: checking if port 5060 matches port
5060
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:grep_sock_info: checking if host==us: 42==13 && [ec2-204-236-245-16.compute-1.amazonaws.com
] == [10.241.38.192]
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:grep_sock_info: checking if port 5060 matches port
5060
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:check_self: host != me
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:rr:after_loose: Topmost URI is NOT myself
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:rr:after_loose: URI to be processed:
'sip:ec2-204-236-245-16.compute-1.amazonaws.com;lr=on'
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:rr:after_loose: Next URI is a loose router
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: CVAPP: loose_route was true
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: CVAPP: in route[1]
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: CVAPP: rewritinghostport()
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: CVAPP: t_relay()
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:tm:t_newtran: transaction on entrance=0xffffffff
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:parse_headers: flags=ffffffffffffffff
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:get_hdr_field: found end of header
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:parse_headers: flags=78
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:tm:t_lookup_request: start searching: hash=47354, isACK=1
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:tm:matching_3261: RFC3261 transaction matching failed
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:tm:t_lookup_request: no transaction found
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:tm:t_relay_to: forwarding ACK
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:mk_proxy: doing DNS lookup...
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:sip_resolvehost: no port, no proto -> do NAPTR lookup!
Apr 27 15:39:37 domU-12-31-39-05-25-32 /usr/local/sbin/opensips
[12630]: DBG:core:get_record: lookup(ec2-204-236-245-16.compute-1.amazonaws.com
, 35) failed
SIP Trace
========
#
U 66.90.153.244:5060 -> 10.241.38.192:5060
INVITE sip:7005551212 at ec2-204-236-245-16.compute-1.amazonaws.com SIP/
2.0.
Via: SIP/2.0/UDP
192.168.1.103
;rport;branch=z9hG4bKc0a80167000001764bd73d72080b9d5c00000303.
Content-Length: 368.
Contact: <sip:192.168.1.103:5060>.
Call-ID: 993AE890-1DD1-11B2-9E7A-A4EF9DB84584 at 192.168.1.103.
Content-Type: application/sdp.
CSeq: 1 INVITE.
From: "unknown"<sip:192.168.1.103>;tag=10868511971184976398.
Max-Forwards: 70.
To: <sip:7005551212 at ec2-204-236-245-16.compute-1.amazonaws.com>.
User-Agent: SJphone/1.60.299a/L (SJ Labs).
.
v=0.
o=- 3481385970 3481385970 IN IP4 192.168.1.103.
s=SJphone.
c=IN IP4 192.168.1.103.
t=0 0.
a=direction:active.
m=audio 49274 RTP/AVP 3 97 98 110 8 0 101.
a=rtpmap:3 GSM/8000.
a=rtpmap:97 iLBC/8000.
a=rtpmap:98 iLBC/8000.
a=fmtp:98 mode=20.
a=rtpmap:110 speex/8000.
a=rtpmap:8 PCMA/8000.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-11,16.
#
U 10.241.38.192:5060 -> 66.90.153.244:5060
SIP/2.0 100 Giving a try.
Via: SIP/2.0/UDP
192.168.1.103
;rport
=
5060
;branch
=z9hG4bKc0a80167000001764bd73d72080b9d5c00000303;received=66.90.153.244.
Call-ID: 993AE890-1DD1-11B2-9E7A-A4EF9DB84584 at 192.168.1.103.
CSeq: 1 INVITE.
From: "unknown"<sip:192.168.1.103>;tag=10868511971184976398.
To: <sip:7005551212 at ec2-204-236-245-16.compute-1.amazonaws.com>.
Server: OpenSIPS (1.6.2-notls (i386/linux)).
Content-Length: 0.
.
#
INVITE sip:7005551212 at ec2-204-236-221-166.compute-1.amazonaws.com:5060
SIP/2.0.
Record-Route: <sip:ec2-204-236-245-16.compute-1.amazonaws.com;lr=on>.
Via: SIP/2.0/UDP
ec2
-204-236-245-16.compute-1.amazonaws.com;branch=z9hG4bKaf8b.b9ae5ba4.0.
Via: SIP/2.0/UDP
192.168.1.103
;received
=
66.90.153.244
;rport=5060;branch=z9hG4bKc0a80167000001764bd73d72080b9d5c00000303.
Content-Length: 368.
Contact: <sip:192.168.1.103:5060>.
Call-ID: 993AE890-1DD1-11B2-9E7A-A4EF9DB84584 at 192.168.1.103.
Content-Type: application/sdp.
CSeq: 1 INVITE.
From: "unknown"<sip:192.168.1.103>;tag=10868511971184976398.
Max-Forwards: 69.
To: <sip:7005551212 at ec2-204-236-245-16.compute-1.amazonaws.com>.
User-Agent: SJphone/1.60.299a/L (SJ Labs).
.
v=0.
o=- 3481385970 3481385970 IN IP4 192.168.1.103.
s=SJphone.
c=IN IP4 192.168.1.103.
t=0 0.
a=direction:active.
m=audio 49274 RTP/AVP 3 97 98 110 8 0 101.
a=rtpmap:3 GSM/8000.
a=rtpmap:97 iLBC/8000.
a=rtpmap:98 iLBC/8000.
a=fmtp:98 mode=20.
a=rtpmap:110 speex/8000.
a=rtpmap:8 PCMA/8000.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-11,16.
#
U 10.192.162.85:5060 -> 10.241.38.192:5060
SIP/2.0 100 Trying.
Via: SIP/2.0/UDP
ec2
-204
-236
-245
-16
.compute
-1.amazonaws.com;branch=z9hG4bKaf8b.b9ae5ba4.0;received=10.241.38.192.
Via: SIP/2.0/UDP
192.168.1.103
;received
=
66.90.153.244
;rport=5060;branch=z9hG4bKc0a80167000001764bd73d72080b9d5c00000303.
Record-Route: <sip:ec2-204-236-245-16.compute-1.amazonaws.com;lr=on>.
From: "unknown"<sip:192.168.1.103>;tag=10868511971184976398.
To: <sip:7005551212 at ec2-204-236-245-16.compute-1.amazonaws.com>.
Call-ID: 993AE890-1DD1-11B2-9E7A-A4EF9DB84584 at 192.168.1.103.
CSeq: 1 INVITE.
User-Agent: Asterisk PBX 1.6.0.5.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
Supported: replaces, timer.
Contact: <sip:7005551212 at 10.192.162.85>.
Content-Length: 0.
.
#
U 10.192.162.85:5060 -> 10.241.38.192:5060
SIP/2.0 200 OK.
Via: SIP/2.0/UDP
ec2
-204
-236
-245
-16
.compute
-1.amazonaws.com;branch=z9hG4bKaf8b.b9ae5ba4.0;received=10.241.38.192.
Via: SIP/2.0/UDP
192.168.1.103
;received
=
66.90.153.244
;rport=5060;branch=z9hG4bKc0a80167000001764bd73d72080b9d5c00000303.
Record-Route: <sip:ec2-204-236-245-16.compute-1.amazonaws.com;lr=on>.
From: "unknown"<sip:192.168.1.103>;tag=10868511971184976398.
To: <sip:
7005551212 at ec2-204-236-245-16.compute-1.amazonaws.com>;tag=as47bd2a02.
Call-ID: 993AE890-1DD1-11B2-9E7A-A4EF9DB84584 at 192.168.1.103.
CSeq: 1 INVITE.
User-Agent: Asterisk PBX 1.6.0.5.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
Supported: replaces, timer.
Contact: <sip:7005551212 at 10.192.162.85>.
Content-Type: application/sdp.
Content-Length: 263.
.
v=0.
o=root 998421423 998421423 IN IP4 10.192.162.85.
s=Asterisk PBX 1.6.0.5.
c=IN IP4 10.192.162.85.
t=0 0.
m=audio 14208 RTP/AVP 0 101.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=silenceSupp:off - - - -.
a=ptime:20.
a=sendrecv.
#
U 10.241.38.192:5060 -> 66.90.153.244:5060
SIP/2.0 200 OK.
Via: SIP/2.0/UDP
192.168.1.103
;received
=
66.90.153.244
;rport=5060;branch=z9hG4bKc0a80167000001764bd73d72080b9d5c00000303.
Record-Route: <sip:ec2-204-236-245-16.compute-1.amazonaws.com;lr=on>.
From: "unknown"<sip:192.168.1.103>;tag=10868511971184976398.
To: <sip:
7005551212 at ec2-204-236-245-16.compute-1.amazonaws.com>;tag=as47bd2a02.
Call-ID: 993AE890-1DD1-11B2-9E7A-A4EF9DB84584 at 192.168.1.103.
CSeq: 1 INVITE.
User-Agent: Asterisk PBX 1.6.0.5.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
Supported: replaces, timer.
Contact: <sip:7005551212 at 10.192.162.85>.
Content-Type: application/sdp.
Content-Length: 263.
.
v=0.
o=root 998421423 998421423 IN IP4 10.192.162.85.
s=Asterisk PBX 1.6.0.5.
c=IN IP4 10.192.162.85.
t=0 0.
m=audio 14208 RTP/AVP 0 101.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=silenceSupp:off - - - -.
a=ptime:20.
a=sendrecv.
#
U 66.90.153.244:5060 -> 10.241.38.192:5060
ACK sip:7005551212 at 10.192.162.85 SIP/2.0.
Via: SIP/2.0/UDP
192.168.1.103
;rport;branch=z9hG4bKc0a80167000001764bd73d743288072400000306.
Content-Length: 0.
Call-ID: 993AE890-1DD1-11B2-9E7A-A4EF9DB84584 at 192.168.1.103.
CSeq: 1 ACK.
From: "unknown"<sip:192.168.1.103>;tag=10868511971184976398.
Max-Forwards: 70.
Route: <sip:ec2-204-236-245-16.compute-1.amazonaws.com;lr=on>.
To: <sip:
7005551212 at ec2-204-236-245-16.compute-1.amazonaws.com>;tag=as47bd2a02.
User-Agent: SJphone/1.60.299a/L (SJ Labs).
.
This gets sent to self in a loop.
Cheers,
- Brendan
Brendan Sterne
QA Lead, Callvine
More information about the Users
mailing list