[OpenSIPS-Users] OpenSIPS Server behind a NAT firewall

Damon Miller dmiller at cloudswitch.com
Sun Jan 2 20:51:29 CET 2011 

Bogdan,


Thanks very much for your response.  I took some time to educate myself a bit more on OpenSIPS and tried again.  I now have UACs registering successfully.  Unfortunately, while the clients register properly, they attempt to communicate with one-another directly (rather than via the RTPproxy setup I've configured in OpenSIPS).  RTPproxy is running and I've configured it in OpenSIPS.  I'm also calling rtpproxy_offer() and rtpproxy_answer() in my reply(1) and onreply_route(1) routes, respectively.  


Ultimately I want to use Freeswitch in a B2BUA configuration but I haven't found any complete working examples for that so I thought I would first try to send everything through OpenSIPS.


The only information I have on what might be wrong is the following output from the OpenSIPS log:

DBG:core:parse_content_type_hdr: missing Content-Type header
DBG:core:get_hdr_field: cseq <CSeq>: <1> <SUBSCRIBE>
ERROR:nathelper:force_rtp_proxy: Unable to parse body

The "ERROR" happens immediately after I call rtpproxy_offer().  I checked the source and get_all_bodies() indeed exits if parse_content_type_hdr() fails to locate a Content-Type header.  I don't actually know what this means in the context of the SIP messages I'm generating but it does at least explain why the nathelper module's rtpproxy_offer() isn't completing.


Any guidance would be much-appreciated.


My complete opensips.cfg is as follows:

--

####### Global Parameters #########

debug=3
log_stderror=no
log_facility=LOG_LOCAL0

fork=yes
children=4

advertised_address="50.16.215.136"
alias="50.16.215.136:5060"
port=5060

####### Modules Section ########

#set module path
mpath="/usr/local/lib64/opensips/modules/"

loadmodule "db_mysql.so"
loadmodule "signaling.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"
loadmodule "uri.so"
loadmodule "acc.so"
loadmodule "domain.so"
loadmodule "nathelper.so"


modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
modparam("rr", "enable_full_lr", 1)
modparam("rr", "append_fromtag", 0)
modparam("usrloc", "db_mode",   0)
modparam("uri", "use_uri_table", 0)

modparam("acc", "early_media", 1)
modparam("acc", "report_ack", 1)
modparam("acc", "report_cancels", 1)
modparam("acc", "detect_direction", 0)
modparam("acc", "failed_transaction_flag", 3)
modparam("acc", "log_flag", 1)
modparam("acc", "log_missed_flag", 2)
modparam("acc", "db_flag", 1)
modparam("acc", "db_missed_flag", 2)

modparam("domain", "db_url", "mysql://opensipsrw:opensipsrw@localhost/opensips")

modparam("usrloc","nat_bflag",6)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper","sipping_bflag",8)
modparam("nathelper","received_avp", "$avp(i:801)")
modparam("nathelper", "force_socket", "udp:127.0.0.1:12221")
modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:12221")


####### Routing Logic ########


# main request routing logic

route{
    xlog("L_INFO", "New request - Request/failure/branch routes: M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");

    if (!mf_process_maxfwd_header("10")) {
        sl_send_reply("483","Too Many Hops...");
        exit;
    };

    if (msg:len >= 2048 ) {
        sl_send_reply("513", "Message too big...");
        exit;
    };

    xlog("L_INFO", "MsgFlag:[$mf] \n");

    if (method == "OPTIONS") {
        sl_send_reply("200", "OK");
        return;
    };


    if (nat_uac_test("3")) {

        if (is_method("REGISTER") && !is_present_hf("Record-Route")) {

            # Rewrite contact with source IP of signalling
            fix_nated_contact();

            if ( is_method("INVITE") ) {
                xlog("L_ERR","DTM:  Calling fix_nated_sdp(1)\n");
                fix_nated_sdp("1"); # Add direction=active to SDP
            };

            force_rport();

            setbflag(6); # Mark as NATed
            setbflag(8); # SIP NAT pinging

        };
    };

    if (loose_route()) {
        append_hf("P-hint: rr-enforced\r\n");
        route(1);
        exit;
    };

    if (!is_method("REGISTER")) {
        record_route();
    }

    if (!uri==myself) {
        append_hf("P-hint: outbound\r\n");
        route(1);
        exit;
    };

    if (uri==myself) {
        if (is_method("REGISTER")) {
            save("location");
            exit;
        };

        lookup("aliases");

        if (!uri==myself) {
            append_hf("P-hint: outbound alias\r\n");
            route(1);
            exit;
        };

        if (!lookup("location")) {
            sl_send_reply("404", "Not Found");
            exit;
        };
    };

    append_hf("P-hint: usrloc applied\r\n");
    route(1);
}

route[1] {
    if (uri=~"[@:](192\.168\.10\.172\.(1[6-9]2[0-9]3[0-1])\.)" && !search("^Route:")){
        sl_send_reply("479", "We don't forward to private IP addresses");
        exit;
    };

    # if client or server is behind a NAT, enable relay
    if (isbflagset(6)) {
        rtpproxy_offer();
    };

    t_on_reply("1");

    if (!t_relay()) {
        sl_reply_error();
    };
}

onreply_route[1] {

    if (isbflagset(6) && status =~ "(183)2[0-9][0-9]") {
        fix_nated_contact();

        rtpproxy_answer();
    } else {
        if (nat_uac_test("1")) {
            fix_nated_contact();
        };
    };
}

--



Thanks,

Damon


> -----Original Message-----
> From: users-bounces at lists.opensips.org [mailto:users-
> bounces at lists.opensips.org] On Behalf Of Bogdan-Andrei Iancu
> Sent: Wednesday, December 22, 2010 4:53 AM
> To: OpenSIPS users mailling list
> Subject: Re: [OpenSIPS-Users] OpenSIPS Server behind a NAT firewall
> 
> Hi Damon,
> 
> Looking at:
> 
>     if (is_method("REGISTER")) {
>         #-- Request is behind NAT(flag5) save with bflag 6 -#
>         #---- Use bflag 7 to start SIP pinging (Options) ---#
>         if (isflagset(5)) {
>             setbflag(6);
>             setbflag(7);
>         };
> 
>         if (!save("location")) {
>             sl_reply_error();
>             exit;
>         };
> 
>         if($rU=~"^\*") {
>             # Route to media servers
>             route(5);
>             route(1);
>         };
> 
>         send_reply("420", "Invalid Extension");
>         exit;
>     };
> 
> 
> 
> There is a bogus test:
> 
> 	if($rU=~"^\*") {
> 
> As REGISTER requests do not have username in RURI (RURI simply points
> to
> registrar address), that test will always fail, so you end up with the
> 420.
> 
> I'm not sure what you want to do there - you want to forward certain
> REGISTERs to other parties ? the "*" test should be on registered user?
> 
> Regards,
> Bogdan
> --
> Bogdan-Andrei Iancu
> OpenSIPS Event - expo, conf, social, bootcamp
> 2 - 4 February 2011, ITExpo, Miami,  USA
> www.voice-system.ro
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

More information about the Users mailing list