[OpenSIPS-Users] Nathelper keepalive issue with received column in usrloc

Julian Santer julian.santer at rolmail.net
Mon Nov 19 12:41:15 EST 2018 

Hi guys,

we need to switch from nat_traversal to nathelper.
The reason is the keepalive mechanism.

The nat_traversal module sends OPTIONS with the following to header: sip:UAC_IP:UAC_PORT
Most of the UAC's answers with a 404 Not found.
On AVM Fritzbox with firmware >= 6.04, this OPTIONS may activate a security feature.
So after a certain time, the Fritzbox blocks all packages send from our proxy.
As we have ca. 80% AVM Fritzbox as UAC, we got a big problem.
So we deactivated the nat_keepalive vor this UAC's and we have to enable the keepalive Feature on the Fritzbox.

The better solution would be, if we could send OPTIONS with a to header like: sip:username at UAC_IP:UAC_PORT.
As I understood the nathelper module could send OPTIONS like this. Because it is looking into the userloc table. Right?

The nathelper module is on our edge server, the registrar on our core server.
For the "normal" UAC's (no received entry in usrloc) the keepalive's are now sent as expected.
But for the "nated" UAC's (received entry in usrloc) the keepalive's are like before: sip:UAC_IP:UAC_PORT (values in the received column from usrloc).
The REGISTER send to the core got the path header looking like:
Path: <sip:IP_EDGE;lr;received=sip:IP_UAC:40885>

Is there a possibility to add the $fU on the received part of the path header (the user in the path module adds a string to the path part, but not to 
the received part)?
Or is there a possiblity on the registrar to store the $fU in the received column?
On the nathelper keepalive mechanism I don't see any possibility to add the $fU.

We are using the version 2.2.6 from the official debian source list.

The config on the edge server's looks like:
#### nat helper module
loadmodule "nathelper.so"
modparam("nathelper", "natping_interval", 0)
modparam("nathelper", "ping_nated_only", 0)
modparam("nathelper", "natping_partitions", 1)
modparam("nathelper", "natping_tcp", 0)

### REGISTER

$var(nat) = null;

if (nat_uac_test("127"))
{
     $var(nat) = TRUE;
}
else
{
     $var(nat) = FALSE;
}

consume_credentials();

if ($var(nat) == TRUE)
{
     if (! add_path_received())
     {
         xlog("L_ERR", "Adding PATH (with received) failed - LF_BASE");
         send_reply("500", "Internal path error, registration not stored");
         exit;
     }
}
else
{
     if (! add_path())
     {
         send_reply("500", "Internal path error, registration not stored");
         xlog("L_ERR", "Adding PATH (with received) failed - LF_BASE");
         exit;
     }
}

route("R_RELAY_TO_REGISTRAR");
exit;

### OPTIONS

if (method=="OPTIONS")
{
     if ($si == "CORE")
     {
         topology_hiding("U");
         if (! t_relay("0x05"))
         {
             send_reply("500", "Internal server error - failed to relay");
             xlog("L_ERR", "Unable to relay OPTIONS - LF_BASE");
         }
     }
}


The config on the core server looks like:
loadmodule "usrloc.so"
modparam("usrloc", "user_column",           "username")
modparam("usrloc", "domain_column",         "domain")
modparam("usrloc", "contact_column",        "contact")
modparam("usrloc", "expires_column",        "expires")
modparam("usrloc", "q_column",              "q")
modparam("usrloc", "callid_column",         "callid")
modparam("usrloc", "cseq_column",           "cseq")
modparam("usrloc", "methods_column",        "methods")
modparam("usrloc", "flags_column",          "flags")
modparam("usrloc", "user_agent_column",     "user_agent")
modparam("usrloc", "received_column",       "received")
modparam("usrloc", "path_column",           "path")
modparam("usrloc", "socket_column",         "socket")
modparam("usrloc", "use_domain",            0)
modparam("usrloc", "desc_time_order",       0)
modparam("usrloc", "timer_interval",        60)
modparam("usrloc", "db_url",                "DBURL")
modparam("usrloc", "db_mode",               2)
modparam("usrloc", "matching_mode",         0)
modparam("usrloc", "cseq_delay",            20)
modparam("usrloc", "nat_bflag",             6)

#### nat helper module
loadmodule "nathelper.so"
modparam("nathelper", "natping_interval", 56)
modparam("nathelper", "ping_nated_only", 0)
modparam("nathelper", "natping_partitions", 1)
modparam("nathelper", "sipping_bflag", 8)
modparam("nathelper", "sipping_from", "sip:keepalive at DEFAULT_REALM")
modparam("nathelper", "sipping_method", "OPTIONS")

# We want to send a keepalive on each registered UAC
if (proto == UDP)
{
     setbflag(8);
     xlog("L_INFO", "Nat keepalive sip_ping_flag - LF_BASE");
}

if (! save("location", "vp1"))
{
     xlog("L_ERR", "Saving contact from EDGE failed - LF_BASE");
     exit;
}

Thank you for any hint.

Kind regards,
Julian Santer
Raiffeisen OnLine

ps: @Bogdan: this is why we have ca. 550 entry's in the address table (permission module). If we solve the keepalives, only ca. 50 entry's are remaining.

More information about the Users mailing list