Hi,<br><br>I am having problem with configuring opensips to work with NATed clients. In my configuration, I am using a B2BUA and Opensips as the sip proxy. <br><br>The problem I am having is that when the B2BUA(233.32.345.5:5800) sends out 200 OK, Opensips (192.168.1.101:5060)is able to proxy it to the NATed client ( <a href="http://116.24.163.21:2751">116.24.163.21:2751</a>), but the NATed client is not sending back any ACK, so the B2BUA hangs up after 30 second. <br>
<br>Could someone give me any suggestion on what may be wrong in my config?<br><br>Thanks in advance for all the help.<br><br><br>U 233.32.345.5:5800 -> <a href="http://192.168.1.101:5060">192.168.1.101:5060</a><br>SIP/2.0 200 OK.<br>
Via: SIP/2.0/UDP <a href="http://192.168.1.101">192.168.1.101</a>;branch=z9hG4bK3ab5.9b17c4a1.0;received=233.32.345.5.<br>Via: SIP/2.0/UDP 192.168.1.100:26682;received=<a href="http://116.24.163.21">116.24.163.21</a>;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.<br>
Record-Route: <sip:<a href="http://192.168.1.101">192.168.1.101</a>;lr=on;ftag=b81a6b5e;nat=yes>.<br>From: "1000" <sip:1000@233.32.345.5:5060>;tag=b81a6b5e.<br>To: "0" <sip:0@233.32.345.5:5060>;tag=Sy7K9eUFg61tB.<br>
Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..<br>CSeq: 2 INVITE.<br>Contact: <sip:mod_sofia@233.32.345.5:5800;transport=udp>.<br>User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.<br>Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY, REFER, UPDATE, REGISTER, INFO.<br>
Supported: timer, precondition, path, replaces.<br>Allow-Events: talk.<br>Session-Expires: 120;refresher=uas.<br>Min-SE: 120.<br>Content-Type: application/sdp.<br>Content-Disposition: session.<br>Content-Length: 269.<br>.<br>
v=0.<br>o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.<br>s=FreeSWITCH.<br>c=IN IP4 233.32.345.5.<br>t=0 0.<br>m=audio 10272 RTP/AVP 0 101.<br>a=rtpmap:0 PCMU/8000.<br>a=rtpmap:101 telephone-event/8000.<br>
a=fmtp:101 0-16.<br>a=silenceSupp:off - - - -.<br>a=ptime:20.<br><br><br>U <a href="http://192.168.1.101:5060">192.168.1.101:5060</a> -> <a href="http://116.24.163.21:2751">116.24.163.21:2751</a><br>SIP/2.0 200 OK.<br>
Via: SIP/2.0/UDP 192.168.1.100:26682;received=<a href="http://116.24.163.21">116.24.163.21</a>;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.<br>Record-Route: <sip:<a href="http://192.168.1.101">192.168.1.101</a>;lr=on;ftag=b81a6b5e;nat=yes>.<br>
From: "1000" <sip:1000@233.32.345.5:5060>;tag=b81a6b5e.<br>To: "0" <sip:0@233.32.345.5:5060>;tag=Sy7K9eUFg61tB.<br>Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..<br>CSeq: 2 INVITE.<br>
Contact: <sip:mod_sofia@233.32.345.5:5800;transport=udp>.<br>User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.<br>Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY, REFER, UPDATE, REGISTER, INFO.<br>
Supported: timer, precondition, path, replaces.<br>Allow-Events: talk.<br>Session-Expires: 120;refresher=uas.<br>Min-SE: 120.<br>Content-Type: application/sdp.<br>Content-Disposition: session.<br>Content-Length: 269.<br>.<br>
v=0.<br>o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.<br>s=FreeSWITCH.<br>c=IN IP4 233.32.345.5.<br>t=0 0.<br>m=audio 10272 RTP/AVP 0 101.<br>a=rtpmap:0 PCMU/8000.<br>a=rtpmap:101 telephone-event/8000.<br>
a=fmtp:101 0-16.<br>a=silenceSupp:off - - - -.<br>a=ptime:20.<br><br><br>U <a href="http://192.168.1.101:5800">192.168.1.101:5800</a> -> 233.32.345.5:5060<br>BYE <a href="http://sip:1000@116.24.163.21:2751">sip:1000@116.24.163.21:2751</a> SIP/2.0.<br>
Via: SIP/2.0/UDP 233.32.345.5:5800;rport;branch=z9hG4bK01H0jSevQ2Nmc.<br>Route: <sip:<a href="http://192.168.1.101">192.168.1.101</a>;lr=on;ftag=b81a6b5e;nat=yes>.<br>Max-Forwards: 70.<br>From: "0" <sip:0@233.32.345.5:5060>;tag=Sy7K9eUFg61tB.<br>
To: "1000" <sip:1000@233.32.345.5:5060>;tag=b81a6b5e.<br>Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..<br>CSeq: 107702524 BYE.<br>Contact: <sip:mod_sofia@233.32.345.5:5800;transport=udp>.<br>
User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.<br>Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY, REFER, UPDATE, REGISTER, INFO.<br>Supported: timer, precondition, path, replaces.<br>Reason: SIP;cause=408;text="ACK Timeout".<br>
Content-Length: 0.<br>.<br><br><br><br><br># <br># $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $ <br># <br>#simple quick-start config script <br>#Please refer to the Core CookBook at <a href="http://www.openser.org/dokuwiki/doku.php">http://www.openser.org/dokuwiki/doku.php</a> <br>
#for a explanation of possible statements, functions and parameters. <br># <br># ----------- global configuration parameters ------------------------ <br>debug=3 # debug level (cmd line: -dddddddddd) <br>fork=no <br>
log_stderror=yes # (cmd line: -E) <br>children=4 <br>port=5060 <br>mpath="/usr/local/lib64/opensips/modules/" <br>loadmodule "db_mysql.so" <br>loadmodule "sl.so" <br>loadmodule "tm.so" <br>
loadmodule "rr.so" <br>loadmodule "maxfwd.so" <br>loadmodule "usrloc.so" <br>loadmodule "registrar.so" <br>loadmodule "textops.so" <br>loadmodule "mi_fifo.so" <br>
loadmodule "uri.so" <br>loadmodule "uri_db.so" <br>loadmodule "domain.so" <br>loadmodule "xlog.so" <br>loadmodule "permissions.so" <br>loadmodule "auth.so" <br>loadmodule "auth_db.so" <br>
loadmodule "dispatcher.so" <br>loadmodule "nathelper.so"<br>loadmodule "mediaproxy.so"<br><br><br><br> <br><br><br><br><br><br>modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo") <br>
modparam("usrloc", "db_mode", 2) <br> <br> <br> <br>modparam("rr", "enable_full_lr", 1) <br> <br>modparam("auth_db|usrloc|domain|uri_db|permissions|dispatcher","db_url","mysql://<a href="http://root:sqlpass@192.168.1.105/app">root:sqlpass@192.168.1.105/app</a>") <br>
modparam("auth_db","calculate_ha1",yes) <br>modparam("auth_db","password_column","password") <br>modparam("auth_db","user_column","sip_user") <br>
modparam("auth_db","load_credentials","agent_id") <br> <br>modparam("uri_db","db_table","agent") <br>modparam("uri_db","user_column","sip_user") <br>
modparam("uri_db","use_uri_table",0) <br>modparam("auth_db","use_domain",0) <br> <br>modparam("permissions", "db_mode", 1) <br>modparam("permissions", "trusted_table", "server") <br>
modparam("permissions","source_col","server_ip") <br>modparam("permissions","proto_col","transport") <br>modparam("permissions","from_col","from_pattern") <br>
modparam("permissions","tag_col","peer_tag") <br> <br>modparam("dispatcher","table_name","dispatcher") <br>modparam("dispatcher","setid_col","setid") <br>
modparam("dispatcher","destination_col","destination") <br>modparam("dispatcher","flags_col","flags") <br>modparam("dispatcher","flags",3) <br>
<br>modparam("auth_db","load_credentials","enable") <br><br><br>modparam("nathelper","received_avp", "$avp(i:42)")<br><br>modparam("nathelper","received_avp", "$avp(i:42)") <br>
modparam("nathelper", "rtpproxy_sock", "udp:<a href="http://127.0.0.1:7890">127.0.0.1:7890</a>") <br>modparam("nathelper", "natping_interval", 30) <br>modparam("nathelper", "ping_nated_only", 0) <br>
modparam("nathelper", "sipping_bflag", 7) <br>modparam("nathelper", "sipping_from", "<a href="mailto:sip%3Apinger@8.8.1.20">sip:pinger@8.8.1.20</a>")<br><br><br> <br>listen=udp:<a href="http://192.168.1.101:5060">192.168.1.101:5060</a> <br>
listen=tcp:<a href="http://192.168.1.101:5060">192.168.1.101:5060</a> <br>listen=udp:233.32.345.5:5060 <br>listen=tcp:233.32.345.5:5060 <br> <br> <br># ------------------------- request routing logic ------------------- <br>
# main routing logic <br>route{ <br> <br>xlog("method <$rm> from-header <$fu>\n"); <br> # initial sanity checks -- messages with <br> # max_forwards==0, or excessively long requests <br>
if (!mf_process_maxfwd_header("10")) { <br> sl_send_reply("483","Too Many Hops"); <br> exit; <br> }; <br> if (msg:len >= 2048 ) { <br>
sl_send_reply("513", "Message too big"); <br> exit; <br> }; <br> # we record-route all messages -- to make sure that <br> # subsequent messages will go through our proxy; that's <br>
# particularly good if upstream and downstream entities <br> # use different transport protocol <br> <br><br> ## NAT Detection <br> # <br> force_rport(); <br> if (nat_uac_test("19")) { <br>
if (method=="REGISTER") { <br> fix_nated_register(); <br> } else { <br> fix_nated_contact(); <br> }; <br> setflag(5); <br> };<br>
<br><br> if(!is_method("REGISTER")){<br> if(nat_uac_test("19")){<br> record_route(";nat=yes");<br> } else {<br> record_route();<br> };<br>
};<br> <br><br> <br> if (has_totag()) { <br> if (loose_route()) { <br> <br> if(method=="INVITE" && (!allow_trusted())) { <br> if (!proxy_authorize("","auth")) { <br>
<br> proxy_challenge("","0"); <br> exit; <br> } else if (!check_from()) { <br> <br> sl_send_reply("403", "Forbidden, use From=ID"); <br>
exit; <br> }; <br> <br> if ($avp(s:enable)=="0") { <br> sl_send_reply("403", "Forbidden, use From=ID"); <br>
<br> exit; <br> <br> <br> } <br> }; <br> <br> route(1); <br> } else { <br> sl_send_reply("404","Not here"); <br>
} <br> route(1); <br> exit; <br> } <br> <br> <br> <br> <br> if (is_method("CANCEL")) { <br> if (t_check_trans()) <br> t_relay(); <br> exit; <br>
} <br> if (method=="REGISTER") { <br> route(2); <br> } else { <br> route(3); <br> }; <br> <br>} <br>route[1] {<br><br><br> # send it out now; use stateful forwarding as it works <br>
# reliably even for UDP2TCP <br> <br> t_on_reply("1"); <br> t_on_failure("1"); <br> <br> if (!t_relay()) { <br> sl_reply_error(); <br> }; <br> exit; <br>
} <br> <br>route[2] { <br> # <br> # -- Register request handler -- <br> #<br> if (is_uri_host_local()) { <br> <br> if (!www_authorize("", "auth")) { <br> <br>
<br> www_challenge("", "0");<br> <br> exit; <br><br> }; <br> <br> if (!check_to()) {<br> <br> sl_send_reply("403", "Forbidden"); <br>
exit; <br> }; <br><br> if ($avp(s:enable)=="0") { <br> sl_send_reply("403", "Forbidden, use From=ID"); <br>
<br> exit; <br> } <br> <br> save("location");<br> exit; <br> } else if { <br> <br>
sl_send_reply("403", "Forbidden"); <br> }; <br>} <br> <br>route[3] { <br> <br> <br> if (is_from_local()){ <br> # From an internal domain -> check the credentials and the FROM <br>
<br> if (!proxy_authorize("","auth")) { <br> proxy_challenge("","0"); <br> <br> exit; <br> } else if (!check_from()) { <br>
<br> sl_send_reply("403", "Forbidden, use From=ID"); <br> exit; <br> }; <br> <br> consume_credentials(); <br> # Verify aliases <br>
<br> if (is_uri_host_local()) { <br> # -- Inbound to Inbound <br> route(10); <br> } else { <br> # -- Inbound to outbound <br> route(11); <br>
}; <br> } else { <br> <br> if (is_uri_host_local()) { <br> #-- Outbound to inbound <br> route(12); <br> } else { <br> # -- Outbound to outbound <br>
route(13); <br> }; <br> }; <br>} <br> <br> <br>route[4] { <br> revert_uri(); <br> rewritehostport("233.32.345.5:5800"); <br> route(1);<br><br><br><br><br>} <br> <br><br>
<br>route[6] { <br> if (is_method("BYE")) { <br> <br> } else if ((is_method("INVITE"))){ <br> <br> append_hf("P-hint: Route[6]: Rtpproxy \r\n"); <br> t_on_failure("3"); <br>
}; <br> }<br> <br> <br>route[10] { <br> append_hf("P-hint: inbound->inbound \r\n"); <br> route(4); <br> <br>} <br>route[11] { <br> append_hf("P-hint: inbound->outbound \r\n"); <br>
route(1); <br>} <br>route[12] { <br> lookup("aliases"); <br> if (!lookup("location")) { <br> sl_send_reply("404", "Not Found"); <br> exit; <br> }; <br>
route(1); <br>} <br>route[13] { <br> append_hf("P-hint: outbound->inbound \r\n"); <br> sl_send_reply("403", "Forbidden"); <br> exit; <br>} <br> <br> <br>onreply_route[1] {<br>
xlog("L_INFO", "Reply - S=$rs D=$rr F=$fu T=$tu IP=$si ID=$ci\n");<br> search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');<br> fix_nated_contact();<br> exit; <br>
<br> <br>} <br>failure_route[1] { <br> append_hf("P-hint: (4)passed thru failure_route[1]\r\n"); <br><br><br><br><br><br><br> if (t_was_cancelled()) { <br> exit; <br> }; <br> if (t_check_status("486")) { <br>
revert_uri(); <br> prefix("b"); <br> xlog("L_ERR","Stepped into the 486 ruri=<$ru>"); <br> #ds_select_dst("2", "4"); <br>
rewritehostport("233.32.345.5:5800"); <br> append_branch(); <br> route(1); <br> exit; <br> }; <br> if (t_check_status("408") || t_check_status("480")) { <br>
revert_uri(); <br> prefix("u"); <br> xlog("L_ERR","Stepped into the 480 ruri=<$ru>"); <br> #ds_select_dst("2", "4"); <br> rewritehostport("233.32.345.5:5800"); <br>
append_branch(); <br> route(1); <br> exit; <br> }; <br> <br> <br> <br> } <br><br><br>failure_route[3] { <br> if (isbflagset(6) || isflagset(5)) { <br> <br> }<br> <br>} <br><br>