[OpenSIPS-Users] Nathelper keepalive issue with received column in usrloc

Julian Santer julian.santer at rolmail.net
Tue Nov 20 09:51:44 EST 2018


Hi guys,

if I don't use the received column on the edge server, but I call fix_nated_contact instead, it seems to work.

if (nat_uac_test("127"))
{
     fix_nated_contact();
}

consume_credentials();

if (! add_path())
{
     send_reply("500", "Internal path error, registration not stored");
     xlog("L_ERR", "Adding PATH (with received) failed - LF_BASE");
     exit;
}

Is this the right way or could I break something else with this change?


Kind regards,

Julian Santer

Am 19.11.18 um 18:41 schrieb Julian Santer:
> Hi guys,
>
> we need to switch from nat_traversal to nathelper.
> The reason is the keepalive mechanism.
>
> The nat_traversal module sends OPTIONS with the following to header: sip:UAC_IP:UAC_PORT
> Most of the UAC's answers with a 404 Not found.
> On AVM Fritzbox with firmware >= 6.04, this OPTIONS may activate a security feature.
> So after a certain time, the Fritzbox blocks all packages send from our proxy.
> As we have ca. 80% AVM Fritzbox as UAC, we got a big problem.
> So we deactivated the nat_keepalive vor this UAC's and we have to enable the keepalive Feature on the Fritzbox.
>
> The better solution would be, if we could send OPTIONS with a to header like: sip:username at UAC_IP:UAC_PORT.
> As I understood the nathelper module could send OPTIONS like this. Because it is looking into the userloc table. Right?
>
> The nathelper module is on our edge server, the registrar on our core server.
> For the "normal" UAC's (no received entry in usrloc) the keepalive's are now sent as expected.
> But for the "nated" UAC's (received entry in usrloc) the keepalive's are like before: sip:UAC_IP:UAC_PORT (values in the received column from usrloc).
> The REGISTER send to the core got the path header looking like:
> Path: <sip:IP_EDGE;lr;received=sip:IP_UAC:40885>
>
> Is there a possibility to add the $fU on the received part of the path header (the user in the path module adds a string to the path part, but not 
> to the received part)?
> Or is there a possiblity on the registrar to store the $fU in the received column?
> On the nathelper keepalive mechanism I don't see any possibility to add the $fU.
>
> We are using the version 2.2.6 from the official debian source list.
>
> The config on the edge server's looks like:
> #### nat helper module
> loadmodule "nathelper.so"
> modparam("nathelper", "natping_interval", 0)
> modparam("nathelper", "ping_nated_only", 0)
> modparam("nathelper", "natping_partitions", 1)
> modparam("nathelper", "natping_tcp", 0)
>
> ### REGISTER
>
> $var(nat) = null;
>
> if (nat_uac_test("127"))
> {
>     $var(nat) = TRUE;
> }
> else
> {
>     $var(nat) = FALSE;
> }
>
> consume_credentials();
>
> if ($var(nat) == TRUE)
> {
>     if (! add_path_received())
>     {
>         xlog("L_ERR", "Adding PATH (with received) failed - LF_BASE");
>         send_reply("500", "Internal path error, registration not stored");
>         exit;
>     }
> }
> else
> {
>     if (! add_path())
>     {
>         send_reply("500", "Internal path error, registration not stored");
>         xlog("L_ERR", "Adding PATH (with received) failed - LF_BASE");
>         exit;
>     }
> }
>
> route("R_RELAY_TO_REGISTRAR");
> exit;
>
> ### OPTIONS
>
> if (method=="OPTIONS")
> {
>     if ($si == "CORE")
>     {
>         topology_hiding("U");
>         if (! t_relay("0x05"))
>         {
>             send_reply("500", "Internal server error - failed to relay");
>             xlog("L_ERR", "Unable to relay OPTIONS - LF_BASE");
>         }
>     }
> }
>
>
> The config on the core server looks like:
> loadmodule "usrloc.so"
> modparam("usrloc", "user_column",           "username")
> modparam("usrloc", "domain_column",         "domain")
> modparam("usrloc", "contact_column",        "contact")
> modparam("usrloc", "expires_column",        "expires")
> modparam("usrloc", "q_column",              "q")
> modparam("usrloc", "callid_column",         "callid")
> modparam("usrloc", "cseq_column",           "cseq")
> modparam("usrloc", "methods_column",        "methods")
> modparam("usrloc", "flags_column",          "flags")
> modparam("usrloc", "user_agent_column",     "user_agent")
> modparam("usrloc", "received_column",       "received")
> modparam("usrloc", "path_column",           "path")
> modparam("usrloc", "socket_column",         "socket")
> modparam("usrloc", "use_domain",            0)
> modparam("usrloc", "desc_time_order",       0)
> modparam("usrloc", "timer_interval",        60)
> modparam("usrloc", "db_url",                "DBURL")
> modparam("usrloc", "db_mode",               2)
> modparam("usrloc", "matching_mode",         0)
> modparam("usrloc", "cseq_delay",            20)
> modparam("usrloc", "nat_bflag",             6)
>
> #### nat helper module
> loadmodule "nathelper.so"
> modparam("nathelper", "natping_interval", 56)
> modparam("nathelper", "ping_nated_only", 0)
> modparam("nathelper", "natping_partitions", 1)
> modparam("nathelper", "sipping_bflag", 8)
> modparam("nathelper", "sipping_from", "sip:keepalive at DEFAULT_REALM")
> modparam("nathelper", "sipping_method", "OPTIONS")
>
> # We want to send a keepalive on each registered UAC
> if (proto == UDP)
> {
>     setbflag(8);
>     xlog("L_INFO", "Nat keepalive sip_ping_flag - LF_BASE");
> }
>
> if (! save("location", "vp1"))
> {
>     xlog("L_ERR", "Saving contact from EDGE failed - LF_BASE");
>     exit;
> }
>
> Thank you for any hint.
>
> Kind regards,
> Julian Santer
> Raiffeisen OnLine
>
> ps: @Bogdan: this is why we have ca. 550 entry's in the address table (permission module). If we solve the keepalives, only ca. 50 entry's are 
> remaining.



More information about the Users mailing list