[OpenSIPS-Users] 2 UAs behind same NAT Device

Kennard White kennard_white at logitech.com
Wed Nov 3 04:26:07 CET 2010


Hi Deon,

For better or worse there are many ways to configure opensips depending upon
exactly what you are doing. Re your route6, it should be invoked from some
branch route. One way branch routes are established is using t_on_branch().
Your route(3) (or somewhere) must be doing a lookup() and establish a branch
route.

As someone else said, a key question with what you're trying to do is: is
your network an open or closed environment? If open environment (where you
cannot control/know the networks where your users are) then non-ICE
short-circuiting media relay will fail for people behind non-hairpinning
firewalls or double firewalls. ICE (and yes, full ICE, not just STUN) is
more robust way of avoiding media-relay when not needed. Of course, it has
its own issues :-).

Kennard

On Tue, Nov 2, 2010 at 11:11 AM, Deon Vermeulen <vermeulen.deon at gmail.com>wrote:

> Hi Kennard
>
> Thanks for the ideas.
> I really appreciate it.
>
> I got the config as an example from the Building Telephony systems
> with OpenSER.
> I choose the OpenSER implementation as it describes the implenetation
> of MediaProxy.
> Reason for choosing MediaProxy is because I am very, very interested
> in getting the ICE feature.
>
> I thought best to first get this config working before playing around
> with the ICE configuration.
>
> Could you be so kind and perhaps show me where I should call up
> route(6)?
>
> I use fully qualified domain names (i.e domaina.com) for the domain.
> At the moment I specify the proxy with the IP of my Server as I
> haven't setup the DNS records yet.
>
> I really appreciate your feedback and assistance.
>
> Regards
> Deon
>
>
> On 02 Nov 2010, at 5:08 PM, Kennard White wrote:
>
> > Hi Deon,
> >
> > Some ideas:
> > 1. Capture the SIP traffic and see if media proxy is being invoked
> > in the request and/or response (look for your P-hint messages), and
> > the IP addresses.
> > 2. Add xlog messages when you invoke mediarelay to confirm that they
> > are getting called.
> > 3. You're comparing $dd (which is a domain) to $si (which is an IP
> > address). I don't think this will work in the general case, but
> > maybe you're using IP addresses as your domains?
> > 4. I don't see the code that invokes route(6) -- I assume that is in
> > a branch_route not the request route?
> >
> > Good luck,
> > Kennard
> >
> > On Tue, Nov 2, 2010 at 5:25 AM, Deon Vermeulen <vermeulen.deon at gmail.com
> > > wrote:
> > Hi List
> >
> > I'm trying to setup NAT to NOT use MediaProxy when it detects that 2
> > devices are behind the same NAT Device, but rather have coms go
> > directly between them.
> > At the moment I can dial between the 2 phones and answer the call.
> > The callee phone says "Call Established" upon answer, but the caller
> > phone still says "trying/connecting".
> > I am sure this has something to do with my configuration, but I have
> > "NO IDEA" where to start looking.
> > The phones are setup to use their local IPs with no other STUN, ICE,
> > or "proxy like" configurations.
> > Below is a snipped from my opensips.cfg with the NAT configs and would
> > really appreciate any help to get this working.
> >
> > modparam("rr", "enable_full_lr", 1)
> > modparam("registrar", "received_avp", "$avp(i:42)")
> > modparam("usrloc", "db_mode",   2)
> > modparam("usrloc", "nat_bflag", 6)
> > modparam("domain", "db_mode", 1) # Use caching
> > modparam("auth_db|usrloc|uri|avpops", "use_domain", 1)
> > modparam("auth_db|alias_db|domain|uri|uri_db|usrloc|permissions|
> > siptrace|group|avpops|presence", "db_url", "mysql://
> > opensips:opensipsrw at localhost/opensips")
> > modparam("nathelper", "natping_interval", 10)
> > modparam("nathelper", "received_avp", "$avp(i:42)")
> > modparam("mediaproxy", "mediaproxy_socket", "/var/run/mediaproxy-
> > dispatcher.sock")
> > modparam("mediaproxy", "mediaproxy_timeout", 500)
> > modparam("mi_datagram", "socket_name", "/var/run/opensips/
> > opensips.sock")
> > modparam("mi_datagram", "children_count", 4)
> >
> >
> > # -------------------------  request routing logic
> > ------------------- #
> >
> > route{
> >
> >     #
> >     # -- 1 -- Request Validation
> >     #
> >     if (!mf_process_maxfwd_header("10")) {
> >         sl_send_reply("483","Too Many Hops");
> >         exit;
> >     }
> >
> >     if (msg:len >=  2048 ) {
> >         sl_send_reply("513", "Message too big");
> >         exit;
> >     }
> >
> >     #
> >     # -- 2 -- Routing Preprocessing
> >     #
> >     ## Record-route all except Register
> >     ## Mark packets with nat=yes
> >     ## This mark will be used to identify the request in the loose
> >     ## route section
> >     if(!is_method("REGISTER")){
> >         if(nat_uac_test("19")){
> >             record_route(";nat=yes");
> >         } else {
> >             record_route();
> >         }
> >     }
> >
> >     ##Loose_route packets
> >     if (has_totag()) {
> >         #sequential request withing a dialog should
> >         # take the path determined by record-routing
> >         if (loose_route()) {
> >             #Check authentication of re-invites
> >             if(method=="INVITE") {
> >                 if (!proxy_authorize("","subscriber")) {
> >                 proxy_challenge("","1");
> >                 exit;
> >             } else if (!db_check_from()) {
> >                 sl_send_reply("403", "Forbidden, use From=ID");
> >                 exit;
> >             }
> >         }
> >                 ## BYE and CANCEL message handling
> >         if(method=="BYE" || method=="CANCEL") {
> >             end_media_session();
> >         }
> >         ##Detect requests in the dialog behind NAT and flag with 6
> >             if(nat_uac_test("19") || search("^Route:.*;nat=yes")){
> >                 append_hf("P-hint: LR|fixcontact,setflag6, mediaproxy
> > \r\n");
> >                 fix_contact();
> >                 setbflag(6);
> >                 use_media_proxy();
> >             }
> >             route(1);
> >         } else {
> >             sl_send_reply("404","Not here");
> >         }
> >         exit;
> >     }
> >
> >     #CANCEL processing
> >     if (is_method("CANCEL")) {
> >         if (t_check_trans()) {
> >             end_media_session();
> >             t_relay();
> >         }
> >         exit;
> >     }
> >
> >     t_check_trans();
> >
> >     #
> >     # -- 3 -- Determine Request Target
> >     #
> >     if (method=="REGISTER") {
> >         route(2);
> >     } else {
> >         route(3);
> >     }
> > }
> >
> >
> > route[1] {
> >     #
> >     # -- 4 -- Forward request to target
> >     #
> >     # Forward statefully
> >     t_on_reply("1");
> >     t_on_failure("1");
> >     if (!t_relay()) {
> >         sl_reply_error();
> >     }
> >     exit;
> > }
> >
> > route[2] {
> >     ## Register request handler
> >     if (is_uri_host_local()) {
> >         if (!www_authorize("", "subscriber")) {
> >             www_challenge("", "1");
> >             exit;
> >         }
> >
> >         if (!db_check_to()) {
> >             sl_send_reply("403", "Forbidden");
> >             exit;
> >         }
> >
> >            # Test to see if Caller is behind NAT
> >         if(!search("^Contact:[ ]*\*") && client_nat_test("7")) {
> >             setbflag(6);
> >             fix_nated_register();
> >             force_rport();
> >         }
> >         save("location");
> >         exit;
> >
> >     } else {
> >         sl_send_reply("403", "Forbidden");
> >     }
> > }
> >
> >
> > route[3] {
> >     ## Requests handler
> >     if (is_from_local()){
> >         # From an internal domain -> check the credentials and the
> > FROM
> >         #if(!allow_trusted()){
> >             if (!proxy_authorize("","subscriber")) {
> >                 proxy_challenge("","0");
> >                 exit;
> >             } else if(!db_check_from()) {
> >             sl_send_reply("403", "Forbidden, use From=ID");
> >             exit;
> >         }
> >
> >         if (client_nat_test("3")) {
> >             append_hf("P-hint: route(3)|
> > setflag7,forcerport,fix_contact\r\n");
> >             setbflag(7);
> >             force_rport();
> >             fix_contact();
> >         }
> >
> > ..............
> >
> > route[6] {
> >     #
> >     # -- NAT Traversal handling --
> >     #
> >     # Route[6] is the routing block responsible for activating the
> > MediaProxy, whenever
> >     # the caller or callee is behind NAT (flags 6 or 7 respectively).
> >     if (isbflagset(6) || isbflagset(7)) {
> >            if ( $dd == $si ) {
> >                    xlog("L_INFO", "Both users behind same NAT, so we
> > dont use MediaProxy\n");
> >                    resetbflag(6);  # Unset NAT flag general.
> >                    resetbflag(7);  # Unset NAT flag general.
> >         } else
> >         append_hf("P-hint: Route[6]: mediaproxy \r\n");
> >         use_media_proxy();
> >     }
> > }
> >
> > .............
> >
> > onreply_route[1] {
> > #
> > #-- On-replay block routing --
> > #
> >     if (client_nat_test("1")) {
> >         append_hf("P-hint: Onreply-route - fixcontact \r\n");
> >         fix_contact();
> >     }
> >
> >     if ((isbflagset(6) || isbflagset(7)) && (status=~"(180)|(183)|
> > 2[0-9][0-9]")) {
> >         if (search("^Content-Type:[ ]*application/sdp")) {
> >             append_hf("P-hint: onreply_route|usemediaproxy \r\n");
> >         use_media_proxy();
> >         }
> >     }
> >     exit;
> > }
> >
> >
> > Thanks again for helping. Really appreciate it.
> >
> > Regards
> > Deon
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20101102/c507d5bc/attachment-0001.htm 


More information about the Users mailing list