[OpenSIPS-Users] udp or tcp for nat traversal?
Bogdan-Andrei Iancu
bogdan at opensips.org
Wed Oct 15 14:46:02 CEST 2014
Hi George,
Not sure if a media relay process has anything to do with the ability to
send traffic to an UAC - do you actually see with ngrep/tcpdump the
request (on the network level) sent by opensips to the UAC ?
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 15.10.2014 15:06, george wu wrote:
> Hi, Bogdan:
>
> I think I have found the problem.
> I am using mediaproxy. If I kill that proxy.
> suddenly the uac can get the message.
> So it is quite obvious that my mediaproxy setting is not correct.
> Just I don't know how to fix it. I modify it from my old rtpproxy setting.
>
>
> George
>
> /////////////////////
>
>
> #### NAT modules
> loadmodule "nathelper.so"
> modparam("nathelper", "natping_interval", 10)
> modparam("nathelper", "ping_nated_only", 1)
> modparam("nathelper", "received_avp", "$avp(received_nh)")
>
> #loadmodule "rtpproxy.so"
> #modparam("rtpproxy", "rtpproxy_sock", "udp:localhost:12221") #
> CUSTOMIZE ME
>
> loadmodule "mediaproxy.so"
> modparam("mediaproxy", "mediaproxy_socket",
> "/var/run/mediaproxy/dispatcher.sock")
> modparam("mediaproxy", "ice_candidate", "low-priority")
>
>
>
>
> ####### Routing Logic ########
>
> # main request routing logic
>
> route{
> force_rport();
> if (nat_uac_test("23")) {
> if (is_method("REGISTER")) {
> fix_nated_register();
> setbflag(NAT);
> } else {
> fix_nated_contact();
> setflag(NAT);
> }
> }
>
>
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> exit;
> }
>
> if (has_totag()) {
> # sequential request withing a dialog should
> # take the path determined by record-routing
> if (loose_route()) {
>
> if (is_method("BYE")) {
> setflag(ACC_DO); # do accounting ...
> setflag(ACC_FAILED); # ... even if the transaction fails
> } else if (is_method("INVITE")) {
> # even if in most of the cases is useless, do RR for
> # re-INVITEs alos, as some buggy clients do change
> route set
> # during the dialog.
> record_route();
> }
>
> if (check_route_param("nat=yes"))
> setflag(NAT);
>
> # route it out to whatever destination was set by
> loose_route()
> # in $du (destination URI).
> route(relay);
> } else {
>
> if ( is_method("ACK") ) {
> if ( t_check_trans() ) {
> # non loose-route, but stateful ACK; must be an
> ACK after
> # a 487 or e.g. 404 from upstream server
> t_relay();
> exit;
> } else {
> # ACK without matching transaction ->
> # ignore and discard
> exit;
> }
> }
> sl_send_reply("404","Not here");
> }
> exit;
> }
>
> # CANCEL processing
> if (is_method("CANCEL"))
> {
> if (t_check_trans())
> t_relay();
> exit;
> }
>
> t_check_trans();
>
> if ( !(is_method("REGISTER") ) ) {
>
> if (from_uri==myself)
>
> {
>
> } else {
> # if caller is not local, then called number must be local
>
> if (!uri==myself) {
> send_reply("403","Rely forbidden");
> exit;
> }
> }
>
> }
>
> # preloaded route checking
> if (loose_route()) {
> xlog("L_ERR",
> "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
> if (!is_method("ACK"))
> sl_send_reply("403","Preload Route denied");
> exit;
> }
>
> # record routing
> if (!is_method("REGISTER|MESSAGE"))
> record_route();
>
> # account only INVITEs
> if (is_method("INVITE")) {
>
> setflag(ACC_DO); # do accounting
> }
>
>
> if (!uri==myself) {
> append_hf("P-hint: outbound\r\n");
>
> # if you have some interdomain connections via TLS
> ## CUSTOMIZE IF NEEDED
> ##if ($rd=="tls_domain1.net"
> ## || $rd=="tls_domain2.net"
> ##) {
> ## force_send_socket(tls:127.0.0.1:5061); # CUSTOMIZE
> ##}
>
> route(relay);
> }
>
> # requests for my domain
>
> if (is_method("PUBLISH|SUBSCRIBE"))
> {
> sl_send_reply("503", "Service Unavailable");
> exit;
> }
>
> if (is_method("REGISTER"))
> {
>
>
> if ( proto==TCP || proto==TLS || 0 ) setflag(TCP_PERSISTENT);
>
> if (!save("location"))
> sl_reply_error();
>
> exit;
> }
>
> if ($rU==NULL) {
> # request with no Username in RURI
> sl_send_reply("484","Address Incomplete");
> exit;
> }
>
>
>
>
>
>
>
> # do lookup with method filtering
> if (!lookup("location","m")) {
>
>
> t_newtran();
> t_reply("404", "Not Found");
> exit;
> }
>
> if (isbflagset(NAT)) setflag(NAT);
>
> # when routing via usrloc, log the missed calls also
> setflag(ACC_MISSED);
> route(relay);
> }
>
>
> route[relay] {
> # for INVITEs enable some additional helper routes
> if (is_method("INVITE")) {
>
> if (isflagset(NAT)) {
> # rtpproxy_offer("ro");
> use_media_proxy();
>
> }
>
> t_on_branch("per_branch_ops");
> t_on_reply("handle_nat");
> t_on_failure("missed_call");
> }
> if (is_method("BYE")) {
> if (isflagset(NAT)) {
> end_media_session();
> }
> }
>
>
> if (isflagset(NAT)) {
> add_rr_param(";nat=yes");
> }
>
> if (!t_relay()) {
> send_reply("500","Internal Error");
> };
> exit;
> }
>
>
>
>
> branch_route[per_branch_ops] {
> xlog("new branch at $ru\n");
> }
>
>
> onreply_route[handle_nat] {
> if (nat_uac_test("1"))
> fix_nated_contact();
> # if ( isflagset(NAT) )
> # rtpproxy_answer("ro");
> if (is_method("INVITE")) {
> if (isflagset(NAT)) {
> use_media_proxy();
> }
> }
> if (is_method("BYE")) {
> if (isflagset(NAT)) {
> end_media_session();
> }
> }
>
> xlog("incoming reply\n");
> }
>
>
> failure_route[missed_call] {
> if (t_was_cancelled()) {
> exit;
> }
>
> # uncomment the following lines if you want to block client
> # redirect based on 3xx replies.
> ##if (t_check_status("3[0-9][0-9]")) {
> ##t_reply("404","Not found");
> ## exit;
> ##}
>
>
> }
>
>
>
>
>
> 在 2014-10-15 15:13:00,"Bogdan-Andrei Iancu" <bogdan at opensips.org> 写道:
>
> Hi George,
>
> If your OpenSIPS fails to reach the UAC is because of two reasons:
> - NAT pinhole is closed - but if pinging is done, it shouldn't be
> - opensips is trying to contact UAC via wrong IP:port - can
> you confirm that when calling the UAC, OpenSIPS sends the INVITE
> to same IP and port as where the pingings are coming from ?
>
> TCP works as this part is "automatically" resolved because of the
> connection (where the other pipe is known).
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
> On 15.10.2014 03:24, george wu wrote:
>>
>> Hi, Bogdan-Andrei:
>>
>> For udp, it fails when reaching the UAC even though the UAC keeps
>> pinging the server all the time.
>>
>> For tcp, although it works. I find something interesting.
>> Only when the client pings the server, the invite message is sent
>> to the UAC.
>> In my understanding, the server should be able to send message to
>> the UAC since the
>> tcp connection is open. Actually the sip server is unable to send
>> message to the UAC.
>>
>> About the firewall type, I use opensipsctl ul show/rm to check.
>> I find every time when it register, i get the same ip/portmost of
>> time.
>> But occasionally it might get different ip/port.
>> I believe it is nat within a cone.
>>
>> I am using ice, the ice only work after the first invite message
>> is delivered to the peer.
>> My ice with mediaproxy works perfectly.
>>
>>
>> George Wu
>>
>> At 2014-10-15 00:22:46, "Bogdan-Andrei Iancu"
>> <bogdan at opensips.org> wrote:
>>
>> Hi George,
>>
>> NAT traversal is not only about pinging, but also about
>> mangling/correcting the SIP traffic (from private IPs
>> perspective) and ensuring the RTP flow.
>>
>> So you need to be sure that all 3 points are addressed.
>>
>> TCP versus UDP - there is only a difference at IP transport
>> level...like datagram versus connection, and their
>> implications at NAT level (being able to reach the device
>> behind the nat). Otherwise it;s the same.
>>
>> For UDP, can you see what fails ? the registration? reaching
>> the UAC ?
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developer
>> http://www.opensips-solutions.com
>>
>> On 14.10.2014 18:37, george wu wrote:
>>> My experience is for two uac (linphone) behind a firewall,
>>> tcp/tls will always work.
>>> udp will never work.
>>>
>>> for both tcp/udp, my uac will send keep alive every 10 seconds.
>>> I don't understand what makes those difference.
>>> Can any one share your experience?
>>>
>>> George Wu
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20141015/e6e87313/attachment-0001.htm>
More information about the Users
mailing list