[OpenSIPS-Users] NAT Problem using Nat helper

Ahmed Munir ahmedmunir007 at gmail.com
Thu Apr 29 16:47:10 CEST 2010


Hi,

I've configured OpenSIPs with FreeRadius, the version for OpenSIPs I'm using
is 1.6.1 and FreeRadius verison is update 2 date. When I register 2
sofphone, they got authenticated and authorized by radius and got
registered sucessfully. Even I made calls between two softphone
sucessfully(Can hear one another). The UAS configured on different network
means hosted with public IP and my softphones are registered other and NATed
network. I mapped a DID on UAS and mapped it on my one of my softphone. The
problem I'm facing is when call coming from DID and ring my phone the caller
can hear me but I can't hear the caller(one way calling issue). But not
facing the problem on when calling between to sip clients and also calling
from OpenSIPs to Asterisk. The configuration and cases for OpenSIPs is
listed down below;


UAC--------------> UAS(OpenSIPs) --------------------->
UAC                                        two way voice is establised
 UAC--------------> UAS(OpenSIPs) ---------------------> Asterisk
--------------------> UAC    two way voice is establised
PSTN--------------> UAS(OpenSIPs)
---------------------> UAC                                      one way
voice is establised
(hears the dest voice)                                (can't hear caller
voice)


#loadmodule "auth_diameter.so"
loadmodule "aaa_radius.so"
loadmodule "auth_aaa.so"
loadmodule "permissions.so"
loadmodule "nathelper.so"
#--------------------------------Settings For
Radius-------------------------------------
#modparam("auth_diameter", "diameter_client_host", "localhost")
modparam("aaa_radius",
"radius_config","/usr/etc/radiusclient-ng/radiusclient.conf")
modparam("acc", "aaa_url",
"radius:/usr/etc/radiusclient-ng/radiusclient.conf")
modparam("acc", "aaa_flag", 2)
modparam("acc", "aaa_missed_flag", 3)
modparam("acc", "aaa_extra", "User-Name=$Au; \
    Calling-Station-Id=$from; \
    Called-Station-Id=$to; \
    Sip-Translated-Request-URI=$ruri; \
    Sip-RPid=$avp(s:rpid); \
    Source-IP=$si; \
    Source-Port=$sp; \
    Canonical-URI=$avp(s:can_uri); \
    Billing-Party=$avp(s:billing_party); \
    Divert-Reason=$avp(s:divert_reason); \
    X-RTP-Stat=$hdr(X-RTP-Stat); \
    Contact=$hdr(contact); \
    Event=$hdr(event); \
    SIP-Proxy-IP=$avp(s:sip_proxy_ip); \
    ENUM-TLD=$avp(s:enum_tld)")
modparam("auth_aaa","aaa_url","radius:/usr/etc/radiusclient-ng/radiusclient.conf")
modparam("auth", "rpid_prefix", "<sip:")
modparam("auth", "rpid_suffix", "@11.22.33.44>;screen=yes;privacy=off")
modparam("auth", "rpid_avp", "$avp(s:rpid)")
#modparam("uri","service_type",10)
# ----------------- setting module-specific parameters ---------------
modparam("dispatcher", "db_url", "mysql://opensips:opensipsrw@localhost
/opensips")
modparam("permissions", "db_url", "mysql://opensips:opensipsrw@localhost
/opensips")
#----------------- setting NAT module parameters ---------------------
modparam("nathelper","ping_nated_only",1)
modparam("nathelper", "natping_interval", 30)
modparam("nathelper","natping_processes",1)
#modparam("nathelper","rtpproxy_sock","udp:127.0.0.1:7890")
modparam("nathelper","rtpproxy_sock"," ")
modparam("nathelper","received_avp","$avp(i:42)")
#modparam("nathelper", "sipping_bflag", 7)
modparam("usrloc", "nat_bflag", 6)
####### Routing Logic ########
# main request routing logic
route{
 if (!mf_process_maxfwd_header("10")) {
  sl_send_reply("483","Too Many Hops");
  exit;
 }

 #NAT detection
 log("######################################### Go to Route 3 for NAT
Detection #####################################");
 route(3);
 if (has_totag()) {
  # sequential request withing a dialog should
  # take the path determined by record-routing
  if (loose_route()) {
   if (is_method("BYE")) {
    setflag(1); # do accounting ...
    setflag(3); # ... even if the transaction fails
   } else if (is_method("INVITE")) {
    # even if in most of the cases is useless, do RR for
    # re-INVITEs alos, as some buggy clients do change route set
    # during the dialog.
    record_route();
   }
   # route it out to whatever destination was set by loose_route()
   # in $du (destination URI).
   route(1);
  } else {
   if ( is_method("ACK") ) {
    if ( t_check_trans() ) {
     # non loose-route, but stateful ACK; must be an ACK after
     # a 487 or e.g. 404 from upstream server
     t_relay();
     exit;
    } else {
     # ACK without matching transaction ->
     # ignore and discard
     exit;
    }
   }
   sl_send_reply("404","Not here");
  }
  exit;
 }
 #initial requests
 # CANCEL processing
 if (is_method("CANCEL"))
 {
  if (t_check_trans())
   t_relay();
  exit;
 }
 t_check_trans();
 if (loose_route()) {
  xlog("L_ERR",
  "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
  if (!is_method("ACK"))
   sl_send_reply("403","Preload Route denied");
  exit;
 }
 # record routing
 if (!is_method("REGISTER|MESSAGE"))
  record_route();

 #$avp(i:27)=check_source_address("0");
 #xlog("Check Source Address from Address TABLE : $(avp(i:27))\n");
 $avp(s:checksrc) = check_source_address("0");
 log("###########################################################################################\n");
 xlog("Check Source Address from Address TABLE Where Value 1 is Equal to
True: $(avp(s:checksrc))\n");
 log("###########################################################################################\n");
        # account only INVITEs
        #if (is_method("INVITE")){
 # log("############################### INVITE FUNCTION 1
###################################");
 # setflag(1); # do accounting
 #}

 xlog("incoming from $si : $sp \n");
 if (check_source_address("0")) {
         if (is_method("INVITE")){
             if(uri=~"^sip:1234567@"){

                  rewriteuser("4004"); # my phone DN
                 log("#################### INVITE FUNCTION 1
####################");
                 setflag(1); # do accounting
           }
         }
 }


 if (!uri==myself)
 ## replace with following line if multi-domain support is used
 ##if (!is_uri_host_local())
 {
  append_hf("P-hint: outbound\r\n");
  # if you have some interdomain connections via TLS
  ##if($rd=="tls_domain1.net") {
  ## t_relay("tls:domain1.net");
  ## exit;
  ##} else if($rd=="tls_domain2.net") {
  ## t_relay("tls:domain2.net");
  ## exit;
  ##}
  route(1);
 }
 if(uri==myself)
 {
  log("########################################### URI == MYSELF
########################################");
  if(method=="REGISTER")
  {
   route(2);
  }

  append_hf("P-hint: usrloc applied\r\n");
 }
 # requests for my domain
 ## uncomment this if you want to enable presence server
 ##   and comment the next 'if' block
 ##   NOTE: uncomment also the definition of route[2] from  below
 ##if( is_method("PUBLISH|SUBSCRIBE"))
 ##  route(2);
 if (is_method("PUBLISH"))
 {
  sl_send_reply("503", "Service Unavailable");
  exit;
 }

 if (is_method("REGISTER"))
 {
  route(2);
 }
 if ($rU==NULL) {
  # request with no Username in RURI
  sl_send_reply("484","Address Incomplete");
  exit;
 }
 # apply DB based aliases (uncomment to enable)
 ##alias_db_lookup("dbaliases");
 # do lookup with method filtering
 if (!lookup("location","m")) {
  switch ($retcode) {
   case -1:
    log("############################# LOOKUP LOCATION FLAG -1 PASS
#################################");
    #ds_select_dst("1","4");
    log("############################# DO ACCOUNTING ON RADIUS
######################################");
    setflag(2);
    log("############################# SEND CALL TO ASTERISK
#######################################");
    rewritehostport("11.22.33.45:5060");
    #forward();
    log("############################# CALL IS GOING IN STATEFULL MANNER
############################");
    t_relay();
    log("############################# CALL ROUTING TO ROUTE 1
######################################");
    route(1);
    exit;
   case -3:
    log("############################ LOOKUP LOCATION FLAG -3 PASS
#################################");
    t_newtran();
    t_reply("404", "Not Found");
    exit;
   case -2:
    log("############################ LOOKUP LOCATION FLAG -2 PASS
#################################");
    sl_send_reply("405", "Method Not Allowed");
    exit;
  }
 }
 # when routing via usrloc, log the missed calls also
 setflag(2);

 log("############################# LOOKUP LOCATION FLAG 1 PASS
########################################");
 route(1);
}
route[1] {
 # for INVITEs enable some additional helper routes
 #if (is_method("INVITE") && check_source_address("0")) {
 if (is_method("INVITE")) {
  log("################################ INVITE ROUTE 1 Function
##################################");
  t_on_branch("2");
  t_on_reply("2");
  t_on_failure("1");
  #ds_select_dst("1","4");
  #forward();
 }
 if (subst_uri('/(sip:.*);nat=yes/\1/')){
  log("################################  IF SUBSTR CONTAINS NAT=YES
################################");
  setbflag(6);
 };
 if (isflagset(5)||isbflagset(6)) {
                log("################################  CHECK FLAGSET AND
ROUTE TO 4 ###############################");
  route(4);
 }
 if (!t_relay()) {
  sl_reply_error();
 };
 exit;
}

route[2]
{
 log("######################################## AAA-REGISTRATION
#######################################");
 if (!aaa_www_authorize("11.22.33.44"))
        {
  www_challenge("11.22.33.44", "1");
                 return;
                #    #exit;
        }
 #else
 #{
 # t_reply("405","UnAuhorized");
 # exit();
  #}
        if(isflagset(5))
        {
                log("###################################  IF FLAG SET IS 5
##################################");
                # set branch flag -- when someone will call this user
                # the INVITE will have branch flag 6 set after
lookup("location")
                setbflag(6);
                # if you want OPTIONS natpings uncomment next
                # setbflag(7);
        }
 if (!save("location"))
  sl_reply_error();

        exit;
}
route[3]
{
        log("################################ FUNCTION ROUTE 3 NAT
DETECTION  ################################");
 force_rport();
 if (nat_uac_test("19")) {
  if (method=="REGISTER") {
   fix_nated_register();
  } else {
   fix_nated_contact();
  };
 setflag(5);
 };
}
route[4]
{
        log("################################ FUNCTION ROUTE 4 RTP PROXY
################################");
 if (is_method("BYE")) {
  unforce_rtp_proxy();
 } else if (is_method("INVITE")){
  force_rtp_proxy();
  #t_on_failure("2");
  t_on_failure("3");
 };
 if (isflagset(5))
  search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
 #t_on_reply("1");
 t_on_reply("3");
}

branch_route[2] {
 xlog("new branch at $ru\n");
}
onreply_route[2] {
 xlog("incoming reply\n");
}
failure_route[1] {
 if (t_was_cancelled()) {
  exit;
 }
 # uncomment the following lines if you want to block client
 # redirect based on 3xx replies.
 ##if (t_check_status("3[0-9][0-9]")) {
 ##t_reply("404","Not found");
 ## exit;
 ##}
 # uncomment the following lines if you want to redirect the failed
 # calls to a different new destination
 ##if (t_check_status("486|408")) {
 ## sethostport("192.168.2.100:5060");
 ## # do not set the missed call flag again
 ## t_relay();
 ##}
}
failure_route[3] {
        log("################################ FAILURE ROUTE 3 FUNCTION
################################");
 if (isbflagset(6) || isflagset(5)) {
  unforce_rtp_proxy();
 }
}
onreply_route[3] {
        log("################################ ONREPLY ROUTE 3 FUNCTION
################################");

 if ((isflagset(5) || isbflagset(6)) && status=~"(183)|(2[0-9][0-9])") {
  force_rtp_proxy();
 }
 search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
 if (isbflagset(6)) {
  fix_nated_contact();
 }
 exit;
}


Kindly help me out with this problem, in which other section Natting is
required?(or am I missing something in the configuration?)  Please assist me
on it.
-- 
Regards,

Ahmed Munir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20100429/b4b7d6a6/attachment-0001.htm 


More information about the Users mailing list