I'm using Opensips 1.5.2 + RTPproxy 1.2. <br> Two Real IP with an ATA (ATA A) and another behind NAT (ATA B). <br>
Connecting the ATA B behind the NAT to the real IP, the connection is
complentada, traffic and the audio of ATA B to A but to ATA ATA ATA A
to B no traffic. <br> If you connect to the ATA IP connection is a real change and not flame. <br><br> Here my configuration:<br><br>####### Global Parameters #########<br><br>debug=4<br>log_stderror=no<br>log_facility=LOG_LOCAL0<br>
<br>fork=yes<br>children=4<br><br>/* uncomment the following lines to enable debugging */<br>#debug=6<br>#fork=no<br>#log_stderror=yes<br><br>/* uncomment the next line to disable TCP (default on) */<br>#disable_tcp=yes<br>
<br>/* uncomment the next line to enable the auto temporary blacklisting of <br> not available destinations (default disabled) */<br>#disable_dns_blacklist=no<br><br>/* uncomment the next line to enable IPv6 lookup after IPv4 dns <br>
lookup failures (default disabled) */<br>#dns_try_ipv6=yes<br><br>/* uncomment the next line to disable the auto discovery of local aliases<br> based on revers DNS on IPs (default on) */<br>#auto_aliases=no<br><br>/* uncomment the following lines to enable TLS support (default off) */<br>
#disable_tls = no<br>#listen = tls:your_IP:5061<br>#tls_verify_server = 1<br>#tls_verify_client = 1<br>#tls_require_client_certificate = 0<br>#tls_method = TLSv1<br>#tls_certificate = "/usr/local/etc/opensips/tls/user/user-cert.pem"<br>
#tls_private_key = "/usr/local/etc/opensips/tls/user/user-privkey.pem"<br>#tls_ca_list = "/usr/local/etc/opensips/tls/user/user-calist.pem"<br><br><br>port=5060<br><br>/* uncomment and configure the following line if you want opensips to <br>
bind on a specific interface/port/proto (default bind on all available) */<br>#listen=udp:<a href="http://192.168.1.2:5060">192.168.1.2:5060</a><br><br><br>####### Modules Section ########<br><br>#set module path<br>mpath="/usr/local/lib/opensips/modules/"<br>
<br>/* uncomment next line for MySQL DB support */<br><br>loadmodule "db_mysql.so"<br>loadmodule "signaling.so"<br>loadmodule "sl.so"<br>loadmodule "tm.so"<br>loadmodule "rr.so"<br>
loadmodule "maxfwd.so"<br>loadmodule "usrloc.so"<br>loadmodule "registrar.so"<br>loadmodule "textops.so"<br>loadmodule "mi_fifo.so"<br>loadmodule "uri_db.so"<br>
loadmodule "uri.so"<br>loadmodule "xlog.so"<br>loadmodule "acc.so"<br>/* uncomment next lines for MySQL based authentication support <br> NOTE: a DB (like db_mysql) module must be also loaded */<br>
loadmodule "auth.so"<br>loadmodule "auth_db.so"<br>/* uncomment next line for aliases support<br> NOTE: a DB (like db_mysql) module must be also loaded */<br>#loadmodule "alias_db.so"<br>/* uncomment next line for multi-domain support<br>
NOTE: a DB (like db_mysql) module must be also loaded<br> NOTE: be sure and enable multi-domain support in all used modules<br> (see "multi-module params" section ) */<br>#loadmodule "domain.so"<br>
/* uncomment the next two lines for presence server support<br> NOTE: a DB (like db_mysql) module must be also loaded */<br>#loadmodule "presence.so"<br>#loadmodule "presence_xml.so"<br>loadmodule "nathelper.so"<br>
<br># ----------------- setting module-specific parameters ---------------<br><br><br># ----- mi_fifo params -----<br>modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")<br><br><br># ----- rr params -----<br>
# add value to ;lr param to cope with most of the UAs<br>modparam("rr", "enable_full_lr", 1)<br># do not append from tag to the RR (no need for this script)<br>modparam("rr", "append_fromtag", 0)<br>
<br><br># ----- registrar params -----<br>modparam("registrar", "method_filtering", 1)<br>/* uncomment the next line to disable parallel forking via location */<br># modparam("registrar", "append_branches", 0)<br>
/* uncomment the next line not to allow more than 10 contacts per AOR */<br>#modparam("registrar", "max_contacts", 10)<br><br><br># ----- usrloc params -----<br>#modparam("usrloc", "db_mode", 0)<br>
/* uncomment the following lines if you want to enable DB persistency<br> for location entries */<br>modparam("usrloc", "db_mode", 2)<br>modparam("usrloc", "db_url","mysql://opensips:opensipsrw@localhost/opensips")<br>
<br><br># ----- uri_db params -----<br>/* by default we disable the DB support in the module as we do not need it<br> in this configuration */<br>modparam("uri_db", "use_uri_table", 0)<br>modparam("uri_db", "db_url", "")<br>
<br><br># ----- acc params -----<br>/* what sepcial events should be accounted ? */<br>modparam("acc", "early_media", 1)<br>modparam("acc", "report_ack", 1)<br>modparam("acc", "report_cancels", 1)<br>
/* by default ww do not adjust the direct of the sequential requests.<br> if you enable this parameter, be sure the enable "append_fromtag"<br> in "rr" module */<br>modparam("acc", "detect_direction", 0)<br>
/* account triggers (flags) */<br>modparam("acc", "failed_transaction_flag", 3)<br>modparam("acc", "log_flag", 1)<br>modparam("acc", "log_missed_flag", 2)<br>/* uncomment the following lines to enable DB accounting also */<br>
modparam("acc", "db_flag", 1)<br>modparam("acc", "db_missed_flag", 2)<br><br><br># ----- auth_db params -----<br>/* uncomment the following lines if you want to enable the DB based<br>
authentication */<br>modparam("auth_db", "calculate_ha1", yes)<br>modparam("auth_db", "password_column", "password")<br>#modparam("auth_db", "db_url",<br>
# "mysql://opensips:opensipsrw@localhost/opensips")<br>#modparam("auth_db", "load_credentials", "")<br><br><br># ----- alias_db params -----<br>/* uncomment the following lines if you want to enable the DB based<br>
aliases */<br>#modparam("alias_db", "db_url",<br># "mysql://opensips:opensipsrw@localhost/opensips")<br><br><br># ----- domain params -----<br>/* uncomment the following lines to enable multi-domain detection<br>
support */<br>#modparam("domain", "db_url",<br># "mysql://opensips:opensipsrw@localhost/opensips")<br>#modparam("domain", "db_mode", 1) # Use caching<br><br><br># ----- multi-module params -----<br>
/* uncomment the following line if you want to enable multi-domain support<br> in the modules (dafault off) */<br>#modparam("alias_db|auth_db|usrloc|uri_db", "use_domain", 1)<br><br><br># ----- presence params -----<br>
/* uncomment the following lines if you want to enable presence */<br>#modparam("presence|presence_xml", "db_url",<br># "mysql://opensips:opensipsrw@localhost/opensips")<br>#modparam("presence_xml", "force_active", 1)<br>
#modparam("presence", "server_address", "sip:<a href="http://192.168.1.2:5060">192.168.1.2:5060</a>")<br><br># -- nathelper<br>modparam("nathelper", "rtpproxy_sock", "udp:<a href="http://127.0.0.1:12345">127.0.0.1:12345</a>")<br>
modparam("nathelper", "natping_interval", 30)<br>modparam("nathelper", "ping_nated_only", 1)<br>modparam("nathelper", "sipping_from", "<a href="mailto:sip%3Apinger@kamailio.engeplus.com.br">sip:pinger@kamailio.engeplus.com.br</a>")<br>
modparam("registrar|nathelper", "received_avp", "$avp(i:80)")<br>modparam("usrloc", "nat_bflag", 6)<br><br>####### Routing Logic ########<br><br><br># main request routing logic<br>
<br>route{<br><br> if (!mf_process_maxfwd_header("10")) {<br> sl_send_reply("483","Too Many Hops");<br> exit;<br> }<br><br> if (has_totag()) {<br> # sequential request withing a dialog should<br>
# take the path determined by record-routing<br> if (loose_route()) {<br> if (is_method("BYE")) {<br> setflag(1); # do accounting ...<br> setflag(3); # ... even if the transaction fails<br>
} else if (is_method("INVITE")) {<br> # even if in most of the cases is useless, do RR for<br> # re-INVITEs alos, as some buggy clients do change route set<br> # during the dialog.<br>
record_route();<br> }<br> # route it out to whatever destination was set by loose_route()<br> # in $du (destination URI).<br> route(1);<br> } else {<br> /* uncomment the following lines if you want to enable presence */<br>
##if (is_method("SUBSCRIBE") && $rd == "your.server.ip.address") {<br> ## # in-dialog subscribe requests<br> ## route(2);<br> ## exit;<br> ##}<br>
if ( is_method("ACK") ) {<br> if ( t_check_trans() ) {<br> # non loose-route, but stateful ACK; must be an ACK after <br> # a 487 or e.g. 404 from upstream server<br>
t_relay();<br> exit;<br> } else {<br> # ACK without matching transaction -><br> # ignore and discard<br> exit;<br>
}<br> }<br> sl_send_reply("404","Not here");<br> }<br> exit;<br> }<br><br> #initial requests<br><br> # CANCEL processing<br> if (is_method("CANCEL"))<br>
{<br> if (t_check_trans())<br> t_relay();<br> exit;<br> }<br><br> t_check_trans();<br><br> # authenticate if from local subscriber (uncomment to enable auth)<br> # authenticate all initial non-REGISTER request that pretend to be<br>
# generated by local subscriber (domain from FROM URI is local)<br> ##if (!(method=="REGISTER") && from_uri==myself) /*no multidomain version*/<br> ##if (!(method=="REGISTER") && is_from_local()) /*multidomain version*/<br>
##{<br> ## if (!proxy_authorize("", "subscriber")) {<br> ## proxy_challenge("", "0");<br> ## exit;<br> ## }<br> ## if (!check_from()) {<br>
## sl_send_reply("403","Forbidden auth ID");<br> ## exit;<br> ## }<br> ##<br> ## consume_credentials();<br> ## # caller authenticated<br> ##}<br><br> # preloaded route checking<br>
if (loose_route()) {<br> xlog("L_ERR",<br> "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");<br> if (!is_method("ACK"))<br> sl_send_reply("403","Preload Route denied");<br>
exit;<br> }<br><br> # record routing<br> if (!is_method("REGISTER|MESSAGE"))<br> record_route();<br><br> # account only INVITEs<br> if (is_method("INVITE")) {<br> setflag(1); # do accounting<br>
}<br> if (!uri==myself)<br> ## replace with following line if multi-domain support is used<br> ##if (!is_uri_host_local())<br> {<br> append_hf("P-hint: outbound\r\n"); <br> # if you have some interdomain connections via TLS<br>
##if($rd=="<a href="http://tls_domain1.net">tls_domain1.net</a>") {<br> ## t_relay("tls:<a href="http://domain1.net">domain1.net</a>");<br> ## exit;<br> ##} else if($rd=="<a href="http://tls_domain2.net">tls_domain2.net</a>") {<br>
## t_relay("tls:<a href="http://domain2.net">domain2.net</a>");<br> ## exit;<br> ##}<br> route(1);<br> }<br><br> # requests for my domain<br><br> ## uncomment this if you want to enable presence server <br>
## and comment the next 'if' block<br> ## NOTE: uncomment also the definition of route[2] from below<br> ##if( is_method("PUBLISH|SUBSCRIBE"))<br> ## route(2);<br><br> if (is_method("PUBLISH"))<br>
{<br> sl_send_reply("503", "Service Unavailable");<br> exit;<br> }<br> <br><br> if (is_method("REGISTER"))<br> {<br> # authenticate the REGISTER requests (uncomment to enable auth)<br>
if (!www_authorize("189.28.176.69", "subscriber"))<br> {<br> www_challenge("189.28.176.69", "0");<br> exit;<br> }<br> ##<br> ##if (!check_to()) <br>
##{<br> ## sl_send_reply("403","Forbidden auth ID");<br> ## exit;<br> ##}<br><br> if (!save("location"))<br> sl_reply_error();<br><br> exit;<br>
}<br><br> if ($rU==NULL) {<br> # request with no Username in RURI<br> sl_send_reply("484","Address Incomplete");<br> exit;<br> }<br><br> # apply DB based aliases (uncomment to enable)<br>
##alias_db_lookup("dbaliases");<br><br> if (!lookup("location")) {<br> switch ($retcode) {<br> case -1:<br> case -3:<br> t_newtran();<br> t_reply("404", "Not Found");<br>
exit;<br> case -2:<br> sl_send_reply("405", "Method Not Allowed");<br> exit;<br> }<br> }<br><br> # when routing via usrloc, log the missed calls also<br>
setflag(2);<br><br> route(1);<br>}<br><br><br>route[1] {<br> if (check_route_param("nat=yes")) {<br> setbflag(6);<br> }<br> if (isflagset(5) || isbflagset(6)) {<br> route(5);<br> }<br>
# for INVITEs enable some additional helper routes<br> if (is_method("INVITE")) {<br> t_on_branch("2");<br> t_on_reply("2");<br> t_on_failure("1");<br> }<br>
<br> if (!t_relay()) {<br> sl_reply_error();<br> };<br> exit;<br>}<br><br><br># Presence route<br>/* uncomment the whole following route for enabling presence<br> NOTE: do not forget to enable the call of this route from the main<br>
route */<br>##route[2]<br>##{<br>## if (!t_newtran())<br>## {<br>## sl_reply_error();<br>## exit;<br>## };<br>##<br>## if(is_method("PUBLISH"))<br>## {<br>## handle_publish();<br>
## t_release();<br>## }<br>## else<br>## if( is_method("SUBSCRIBE"))<br>## {<br>## handle_subscribe();<br>## t_release();<br>## }<br>##<br>## exit;<br>##}<br><br>route[4]{<br>
force_rport();<br> if (nat_uac_test("19")) {<br> if (method=="REGISTER") {<br> fix_nated_register();<br> } else {<br> fix_nated_contact();<br> }<br> setflag(5);<br>
}<br> return;<br>}<br><br># RTPProxy control<br>/* uncomment the whole following route for enabling RTPProxy Control */<br>route[5] {<br> if (is_method("BYE")) {<br> unforce_rtp_proxy();<br> } else if (is_method("INVITE")){<br>
force_rtp_proxy();<br> }<br> if (!has_totag()) add_rr_param(";nat=yes");<br> return;<br>}<br><br>branch_route[2] {<br> xlog("new branch at $ru\n");<br>}<br><br><br>onreply_route[2] {<br>
xlog("incoming reply\n");<br><br> if ((isflagset(5) || isbflagset(6)) && status=~"(183)|(2[0-9][0-9])") {<br> force_rtp_proxy();<br> }<br> if (isbflagset(6)) {<br> fix_nated_contact();<br>
}<br>}<br><br><br>failure_route[1] {<br> if (is_method("INVITE") && (isbflagset(6) || isflagset(5))) {<br> unforce_rtp_proxy();<br> }<br><br> if (t_was_cancelled()) {<br> exit;<br>
}<br><br> # uncomment the following lines if you want to block client <br> # redirect based on 3xx replies.<br> ##if (t_check_status("3[0-9][0-9]")) {<br> ##t_reply("404","Not found");<br>
## exit;<br> ##}<br><br> # uncomment the following lines if you want to redirect the failed <br> # calls to a different new destination<br> ##if (t_check_status("486|408")) {<br> ## sethostport("<a href="http://192.168.2.100:5060">192.168.2.100:5060</a>");<br>
## # do not set the missed call flag again<br> ## t_relay();<br> ##}<br>}<br><br clear="all"><br>-- <br>Atenciosamente<br>Daviramos Roussenq Fortunato<br>