[OpenSIPS-Users] Nat Problem
Ahmed Munir
ahmedmunir007 at gmail.com
Thu May 6 13:59:29 CEST 2010
Hi,
I've configured OpenSIPs using Nathelper module and rtpproxy. the problem
I'm facing is when I try to register my softphone, it got registered but as
I issue the command opensipsctl ul show, in contact header the IP is private
not public. The configuration of OpenSIPs is listed down below;
loadmodule "dispatcher.so"
loadmodule "avpops.so"
loadmodule "permissions.so"
loadmodule "aaa_radius.so"
loadmodule "auth_aaa.so"
#loadmodule "auth_diameter.so"
loadmodule "nathelper.so"
#--------------------------------Settings For
Radius-------------------------------------
#modparam("auth_diameter", "diameter_client_host", "localhost")
modparam("aaa_radius",
"radius_config","/usr/local/etc/radiusclient-ng/radiusclient.conf")
modparam("acc", "aaa_url",
"radius:/usr/local/etc/radiusclient-ng/radiusclient.conf")
modparam("acc", "aaa_flag", 2)
modparam("acc", "aaa_missed_flag", 3)
modparam("acc", "aaa_extra", "User-Name=$Au; \
Calling-Station-Id=$from; \
Called-Station-Id=$to; \
Sip-Translated-Request-URI=$ruri; \
Sip-RPid=$avp(s:rpid); \
Source-IP=$si; \
Source-Port=$sp; \
Canonical-URI=$avp(s:can_uri); \
Billing-Party=$avp(s:billing_party); \
Divert-Reason=$avp(s:divert_reason); \
X-RTP-Stat=$hdr(X-RTP-Stat); \
Contact=$hdr(contact); \
Event=$hdr(event); \
SIP-Proxy-IP=$avp(s:sip_proxy_ip); \
ENUM-TLD=$avp(s:enum_tld)")
modparam("auth_aaa","aaa_url","radius:/usr/local/etc/radiusclient-ng/radiusclient.conf")
modparam("auth", "rpid_prefix", "<sip:")
modparam("auth", "rpid_suffix", "@77.66.2.137>;screen=yes;privacy=off")
#modparam("auth", "rpid_suffix", "@203.215.179.54>;screen=yes;privacy=off")
modparam("auth", "rpid_avp", "$avp(s:rpid)")
#modparam("uri","service_type",10)
# ----------------- setting module-specific parameters ---------------
modparam("dispatcher", "db_url", "mysql://opensips:opensipsrw@localhost
/opensips")
modparam("permissions", "db_url", "mysql://opensips:opensipsrw@localhost
/opensips")
#----------------- setting NAT module parameters ---------------------
modparam("nathelper","ping_nated_only",1)
modparam("nathelper", "natping_interval", 30)
modparam("nathelper","natping_processes",1)
modparam("nathelper","rtpproxy_sock","udp:127.0.0.1:7890")
#modparam("nathelper","rtpproxy_sock"," ")
modparam("nathelper","received_avp","$avp(i:42)")
#modparam("nathelper", "sipping_bflag", 7)
modparam("usrloc", "nat_bflag", 6)
route{
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
}
#NAT detection
log("######################################### Go to Route 3 for NAT
Detection #####################################");
route(3);
if (has_totag()) {
if (loose_route()) {
if (is_method("BYE")) {
setflag(1); # do accounting ...
setflag(3); # ... even if the transaction
fails
} else if (is_method("INVITE")) {
record_route();
}
route(1);
} else {
if ( is_method("ACK") ) {
if ( t_check_trans() ) {
# non loose-route, but stateful ACK;
must be an ACK after
# a 487 or e.g. 404 from upstream
server
t_relay();
exit;
} else {
# ACK without matching transaction
->
# ignore and discard
exit;
}
}
sl_send_reply("404","Not here");
}
exit;
}
#initial requests
# CANCEL processing
if (is_method("CANCEL"))
{
if (t_check_trans())
t_relay();
exit;
}
t_check_trans();
# preloaded route checking
if (loose_route()) {
xlog("L_ERR",
"Attempt to route with preloaded Route's
[$fu/$tu/$ru/$ci]");
if (!is_method("ACK"))
sl_send_reply("403","Preload Route denied");
exit;
}
# record routing
if (!is_method("REGISTER|MESSAGE"))
record_route();
$avp(s:checksrc) = check_source_address("0");
log("###########################################################################################\n");
xlog("Check Source Address from Address TABLE Where Value 1 is Equal
to True: $(avp(s:checksrc))\n");
log("###########################################################################################\n");
# account only INVITEs
if (check_source_address("0")) {
if (is_method("INVITE")){
log("#################### INVITE FUNCTION 1
####################");
if(uri=~"^sip:4569918004@*"){
log("###################### CALL From DID
And Reroute to Asterisk ######################");
rewritehostport("11.22.33.45:5060");
force_rtp_proxy("l");
setflag(2); # do accounting
}
}
}
else
{
log("################CALL REJECTED##################");
#t_reply("405","Forbidden");
}
if (!uri==myself)
{
append_hf("P-hint: outbound\r\n");
route(1);
}
if(uri==myself)
{
log("########################################### URI ==
MYSELF ########################################");
if(method=="REGISTER")
{
#fix_nated_register();
#force_rport();
route(2);
}
append_hf("P-hint: usrloc applied\r\n");
}
if (is_method("PUBLISH"))
{
sl_send_reply("503", "Service Unavailable");
exit;
}
if (is_method("REGISTER"))
{
route(2);
}
if ($rU==NULL) {
# request with no Username in RURI
sl_send_reply("484","Address Incomplete");
exit;
}
# apply DB based aliases (uncomment to enable)
##alias_db_lookup("dbaliases");
# do lookup with method filtering
if (!lookup("location","m")) {
switch ($retcode) {
case -1:
log("############################# LOOKUP
LOCATION FLAG -1 PASS #################################");
#ds_select_dst("1","4");
log("############################# DO
ACCOUNTING ON RADIUS ######################################");
setflag(2);
force_rtp_proxy();
log("############################# SEND CALL
TO ASTERISK #######################################");
rewritehostport("11.22.33.45:5060");
#forward();
log("############################# CALL IS
GOING IN STATEFULL MANNER ############################");
t_relay();
log("############################# CALL
ROUTING TO ROUTE 1 ######################################");
route(1);
exit;
case -3:
log("############################ LOOKUP
LOCATION FLAG -3 PASS #################################");
t_newtran();
t_reply("404", "Not Found");
exit;
case -2:
log("############################ LOOKUP
LOCATION FLAG -2 PASS #################################");
sl_send_reply("405", "Method Not Allowed");
exit;
}
}
# when routing via usrloc, log the missed calls also
force_rtp_proxy();
setflag(2);
route(1);
}
route[1] {
# for INVITEs enable some additional helper routes
if (is_method("INVITE")) {
log("################################ INVITE ROUTE 1
Function ##################################");
#force_rtp_proxy("l");
t_on_branch("2");
t_on_reply("2");
t_on_failure("1");
}
if (subst_uri('/(sip:.*);nat=yes/\1/')){
log("################################ IF SUBSTR CONTAINS
NAT=YES ################################");
setbflag(6);
};
if (isflagset(5)||isbflagset(6)) {
log("################################ CHECK FLAGSET AND
ROUTE TO 4 ###############################");
route(4);
}
if (!t_relay()) {
sl_reply_error();
};
exit;
}
route[2]
{
log("######################################## AAA-REGISTRATION
#######################################");
if (!aaa_www_authorize("11.22.33.44"))
{
www_challenge("11.22.33.44", "1");
return;
# #exit;
}
#else
#{
# t_reply("405","UnAuhorized");
# exit();
#}
if(isflagset(5))
{
log("################################### IF FLAG SET IS 5
##################################");
# set branch flag -- when someone will call this user
# the INVITE will have branch flag 6 set after
lookup("location")
setbflag(6);
# if you want OPTIONS natpings uncomment next
# setbflag(7);
}
if (!save("location"))
sl_reply_error();
exit;
}
route[3]
{
log("################################ FUNCTION ROUTE 3 NAT
DETECTION ################################");
force_rport();
if (nat_uac_test("19")) {
if (method=="REGISTER") {
fix_nated_register();
} else {
fix_nated_contact();
};
setflag(5);
};
}
route[4]
{
log("################################ FUNCTION ROUTE 4 RTP PROXY
################################");
if (is_method("BYE")) {
unforce_rtp_proxy();
} else if (is_method("INVITE")){
force_rtp_proxy();
#t_on_failure("2");
t_on_failure("3");
};
if (isflagset(5))
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
#t_on_reply("1");
t_on_reply("3");
}
branch_route[2] {
xlog("new branch at $ru\n");
}
onreply_route[2] {
xlog("incoming reply\n");
}
failure_route[1] {
if (t_was_cancelled()) {
exit;
}
}
failure_route[3] {
log("################################ FAILURE ROUTE 3 FUNCTION
################################");
if (isbflagset(6) || isflagset(5)) {
unforce_rtp_proxy();
}
}
onreply_route[3] {
log("################################ ONREPLY ROUTE 3 FUNCTION
################################");
if ((isflagset(5) || isbflagset(6)) &&
status=~"(183)|(2[0-9][0-9])") {
force_rtp_proxy();
}
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
if (isbflagset(6)) {
fix_nated_contact();
}
exit;
}
Kindly assist me in my script to sort out this problem, (please point out
what other changes or addition function do I required for it). Note My
OpenSIPs is hosted on public IP and on different network and my UAC is at
private IP. Please advise.
--
Regards,
Ahmed Munir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20100506/2fc1f0b0/attachment-0001.htm
More information about the Users
mailing list