[OpenSIPS-Users] Nathelper keepalive issue with received column in usrloc
Julian Santer
julian.santer at rolmail.net
Tue Nov 20 09:51:44 EST 2018
Hi guys,
if I don't use the received column on the edge server, but I call fix_nated_contact instead, it seems to work.
if (nat_uac_test("127"))
{
fix_nated_contact();
}
consume_credentials();
if (! add_path())
{
send_reply("500", "Internal path error, registration not stored");
xlog("L_ERR", "Adding PATH (with received) failed - LF_BASE");
exit;
}
Is this the right way or could I break something else with this change?
Kind regards,
Julian Santer
Am 19.11.18 um 18:41 schrieb Julian Santer:
> Hi guys,
>
> we need to switch from nat_traversal to nathelper.
> The reason is the keepalive mechanism.
>
> The nat_traversal module sends OPTIONS with the following to header: sip:UAC_IP:UAC_PORT
> Most of the UAC's answers with a 404 Not found.
> On AVM Fritzbox with firmware >= 6.04, this OPTIONS may activate a security feature.
> So after a certain time, the Fritzbox blocks all packages send from our proxy.
> As we have ca. 80% AVM Fritzbox as UAC, we got a big problem.
> So we deactivated the nat_keepalive vor this UAC's and we have to enable the keepalive Feature on the Fritzbox.
>
> The better solution would be, if we could send OPTIONS with a to header like: sip:username at UAC_IP:UAC_PORT.
> As I understood the nathelper module could send OPTIONS like this. Because it is looking into the userloc table. Right?
>
> The nathelper module is on our edge server, the registrar on our core server.
> For the "normal" UAC's (no received entry in usrloc) the keepalive's are now sent as expected.
> But for the "nated" UAC's (received entry in usrloc) the keepalive's are like before: sip:UAC_IP:UAC_PORT (values in the received column from usrloc).
> The REGISTER send to the core got the path header looking like:
> Path: <sip:IP_EDGE;lr;received=sip:IP_UAC:40885>
>
> Is there a possibility to add the $fU on the received part of the path header (the user in the path module adds a string to the path part, but not
> to the received part)?
> Or is there a possiblity on the registrar to store the $fU in the received column?
> On the nathelper keepalive mechanism I don't see any possibility to add the $fU.
>
> We are using the version 2.2.6 from the official debian source list.
>
> The config on the edge server's looks like:
> #### nat helper module
> loadmodule "nathelper.so"
> modparam("nathelper", "natping_interval", 0)
> modparam("nathelper", "ping_nated_only", 0)
> modparam("nathelper", "natping_partitions", 1)
> modparam("nathelper", "natping_tcp", 0)
>
> ### REGISTER
>
> $var(nat) = null;
>
> if (nat_uac_test("127"))
> {
> $var(nat) = TRUE;
> }
> else
> {
> $var(nat) = FALSE;
> }
>
> consume_credentials();
>
> if ($var(nat) == TRUE)
> {
> if (! add_path_received())
> {
> xlog("L_ERR", "Adding PATH (with received) failed - LF_BASE");
> send_reply("500", "Internal path error, registration not stored");
> exit;
> }
> }
> else
> {
> if (! add_path())
> {
> send_reply("500", "Internal path error, registration not stored");
> xlog("L_ERR", "Adding PATH (with received) failed - LF_BASE");
> exit;
> }
> }
>
> route("R_RELAY_TO_REGISTRAR");
> exit;
>
> ### OPTIONS
>
> if (method=="OPTIONS")
> {
> if ($si == "CORE")
> {
> topology_hiding("U");
> if (! t_relay("0x05"))
> {
> send_reply("500", "Internal server error - failed to relay");
> xlog("L_ERR", "Unable to relay OPTIONS - LF_BASE");
> }
> }
> }
>
>
> The config on the core server looks like:
> loadmodule "usrloc.so"
> modparam("usrloc", "user_column", "username")
> modparam("usrloc", "domain_column", "domain")
> modparam("usrloc", "contact_column", "contact")
> modparam("usrloc", "expires_column", "expires")
> modparam("usrloc", "q_column", "q")
> modparam("usrloc", "callid_column", "callid")
> modparam("usrloc", "cseq_column", "cseq")
> modparam("usrloc", "methods_column", "methods")
> modparam("usrloc", "flags_column", "flags")
> modparam("usrloc", "user_agent_column", "user_agent")
> modparam("usrloc", "received_column", "received")
> modparam("usrloc", "path_column", "path")
> modparam("usrloc", "socket_column", "socket")
> modparam("usrloc", "use_domain", 0)
> modparam("usrloc", "desc_time_order", 0)
> modparam("usrloc", "timer_interval", 60)
> modparam("usrloc", "db_url", "DBURL")
> modparam("usrloc", "db_mode", 2)
> modparam("usrloc", "matching_mode", 0)
> modparam("usrloc", "cseq_delay", 20)
> modparam("usrloc", "nat_bflag", 6)
>
> #### nat helper module
> loadmodule "nathelper.so"
> modparam("nathelper", "natping_interval", 56)
> modparam("nathelper", "ping_nated_only", 0)
> modparam("nathelper", "natping_partitions", 1)
> modparam("nathelper", "sipping_bflag", 8)
> modparam("nathelper", "sipping_from", "sip:keepalive at DEFAULT_REALM")
> modparam("nathelper", "sipping_method", "OPTIONS")
>
> # We want to send a keepalive on each registered UAC
> if (proto == UDP)
> {
> setbflag(8);
> xlog("L_INFO", "Nat keepalive sip_ping_flag - LF_BASE");
> }
>
> if (! save("location", "vp1"))
> {
> xlog("L_ERR", "Saving contact from EDGE failed - LF_BASE");
> exit;
> }
>
> Thank you for any hint.
>
> Kind regards,
> Julian Santer
> Raiffeisen OnLine
>
> ps: @Bogdan: this is why we have ca. 550 entry's in the address table (permission module). If we solve the keepalives, only ca. 50 entry's are
> remaining.
More information about the Users
mailing list