Hi Bogdan,<div><br></div><div>You're right, after stopping iptables packets are sent from private IP! Thank you very much, I must have missed one of my own iptables rules! Thanks again!</div><div><div><br></div><br><div class="gmail_quote">
2010/12/8 Bogdan-Andrei Iancu <span dir="ltr"><<a href="mailto:bogdan@voice-system.ro">bogdan@voice-system.ro</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi Yuri,<br>
<br>
as I see, opensips really thinks and uses the 10.22.10.254 IP as outbound IP - you see the RR with 10.22.10.254 IP and the VIA with this IP.<br>
<br>
The message looks correctly formatted: the only issue in your case is the outbound IP of the request - are you sure you do not have some iptables rules to change the src IP of some packages??<br>
<br>
Regards,<br>
Bogdan<br>
<br>
Yuri Kirsanov wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
Hi Bogdan,<br>
Thank you for reply, I tried to do as you recommended, I moved rewritehostport & force_send_socket into main routing block just before route(1); I do understand that I'm doing two RRs, but here's TCPdump of the softphone trying to Invite, notice that these are packets from OpenSIPS to Asterisk, and they use Public IP to send SIP packets to internal Private IP:<br>
<br>
00:10:05.942128 IP *<PUBLIC IP>*.5068 > 10.22.10.1.6000: UDP, length 961<br>
.PV.k..PV.s...E.....@.@...w...<br>
.<br></div>
INVITE <a href="http://sip:555@10.22.10.1:6000" target="_blank">sip:555@10.22.10.1:6000</a> <<a href="http://sip:555@10.22.10.1:6000" target="_blank">http://sip:555@10.22.10.1:6000</a>> SIP/2.0<div><div></div><div class="h5">
<br>
Record-Route: <sip:10.22.10.254:5068;r2=on;lr=on;ftag=79557f47><br>
Record-Route: <sip:*<PUBLIC IP>*:5066;r2=on;lr=on;ftag=79557f47><br>
Via: SIP/2.0/UDP 10.22.10.254:5068;branch=z9hG4bK8b37.90541a01.0<br>
Via: SIP/2.0/UDP <PHONE IP>:6036;received=<PHONE IP>;branch=z9hG4bK-d87543-fe60ef3b8e5cdd4d-1--d87543-;rport=6036<br>
Max-Forwards: 69<br>
Contact: <sip:6000@<PHONE IP>:6036><br>
To: <sip:555@*<PUBLIC IP>*:5066><br>
From: "User"<sip:6000@*<PUBLIC IP>*:5066>;tag=79557f47<br>
Call-ID: 927d4958c229b528@Zmxhc2g.<br>
CSeq: 1 INVITE<br>
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO<br>
Content-Type: application/sdp<br>
Supported: eventlist<br>
User-Agent: eyeBeam release 3015c stamp 27107<br>
Content-Length: 190<br>
<br>
v=0<br>
o=- 3069147771 3069148115 IN IP4 <PHONE IP><br>
s=eyeBeam<br>
c=IN IP4 <PHONE IP><br>
t=0 0<br>
m=audio 8306 RTP/AVP 8 18 101<br>
a=fmtp:101 0-15<br>
a=rtpmap:101 telephone-event/8000<br>
a=sendrecv<br>
<br>
<br>
Then, Asterisk replies using private IPs:<br>
<br>
00:10:05.942717 IP 10.22.10.1.6000 > 10.22.10.254.5068: UDP, length 637<br>
.PV.s..PV.k...E...E...@.<br>
.<br>
.<br>
.<br>
.<br>
..p....k7SIP/2.0 407 Proxy Authentication Required<br>
Via: SIP/2.0/UDP 10.22.10.254:5068;branch=z9hG4bK8b37.90541a01.0;received=*<PUBLIC IP>*<br>
Via: SIP/2.0/UDP <PHONE IP>:6036;received=<PHONE IP>;branch=z9hG4bK-d87543-fe60ef3b8e5cdd4d-1--d87543-;rport=6036<br>
From: "User"<sip:6000@*<PUBLIC IP>*:5066>;tag=79557f47<br>
To: <sip:555@*<PUBLIC IP>*:5066>;tag=as0b8e2c25<br>
Call-ID: 927d4958c229b528@Zmxhc2g.<br>
CSeq: 1 INVITE<br>
User-Agent: Asterisk PBX<br>
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO<br>
Supported: replaces<br>
Proxy-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="1e41babb"<br>
Content-Length: 0<br>
<br>
<br>
And then OpenSIPS responds from Public IP again:<br>
<br>
00:10:05.944903 IP *<PUBLIC IP>*.5068 > 10.22.10.1.6000: UDP, length 353<br>
<br>
<br></div></div>
2010/12/7 Bogdan-Andrei Iancu <<a href="mailto:bogdan@voice-system.ro" target="_blank">bogdan@voice-system.ro</a> <mailto:<a href="mailto:bogdan@voice-system.ro" target="_blank">bogdan@voice-system.ro</a>>><div>
<div></div><div class="h5"><br>
<br>
Hi Yuri,<br>
<br>
<br>
Yuri Kirsanov wrote:<br>
<br>
Hi community,<br>
<br>
I have following setup:<br>
<br>
Public IP (eth0) < OpenSIPS > Private IP (eth1) <------><br>
Private IP (eth0) Asterisk.<br>
<br>
I'm trying to relay all the initial packets received by<br>
OpenSIPS to Asterisk, so I record-route initial packets and<br>
process all responses using loose routing. OpenSIPS is<br>
restricted to use only two UDP IP addresses - private & public<br>
ones. It all works fine on SIP layer, I do understand that I<br>
also need RTP proxy, but at this stage I've got strange<br>
problem - with mhomed=1 in configuration file OpenSIPS still<br>
sends packets using public IP address, while Contact, To and<br>
Via fields are set correctly, to private IP address of OpenSIPS.<br>
<br>
OpenSIPS does not changes Contact and To IPs when forwarding a<br>
request.....are you sure you see such changes???<br>
<br>
The only IPs that reflects the used interface are the VIA and<br>
Record-Route...Actually in your case (if interface changing is<br>
done), you should have 2 RR headers...<br>
<br>
Also, using mhomed and force_send_socket() in the same time is a<br>
bit redundant - they do the same : setting the outgoing interface<br>
for the request:<br>
- mhomed is doing autodetection based on destination IP<br>
- force_send_socket() is setting the inteface from script.<br>
<br>
BTW, it is bogus to do:<br>
rewritehostport("<a href="http://10.22.10.1:6000" target="_blank">10.22.10.1:6000</a> <<a href="http://10.22.10.1:6000" target="_blank">http://10.22.10.1:6000</a>><br>
<<a href="http://10.22.10.1:6000/" target="_blank">http://10.22.10.1:6000/</a>>");<br>
<br>
force_send_socket(10.22.10.254);<br>
<br>
in route[1] as this route is a generic relay route used also for<br>
sending sequential requests.....put that lines in main route just<br>
where you do record_route().<br>
<br>
Regards,<br>
Bogdan<br>
<br>
I have tried to use force_send_socket but without any luck.<br>
Could you please help me with this configuration? At least -<br>
why does OpenSIPS uses public IP? Thanks!<br>
<br>
Here's my configuration:<br>
<br>
####### Global Parameters #########<br>
log_facility=LOG_LOCAL4<br>
fork=yes<br>
children=4<br>
debug=9<br>
disable_tcp=yes<br>
auto_aliases=no<br>
mhomed=1<br>
port=5066<br>
listen=udp:XXX.XXX.XXX.XXX:5066<br>
listen=udp:<a href="http://10.22.10.254:5068" target="_blank">10.22.10.254:5068</a> <<a href="http://10.22.10.254:5068" target="_blank">http://10.22.10.254:5068</a>><br>
<<a href="http://10.22.10.254:5068/" target="_blank">http://10.22.10.254:5068/</a>><br>
<br>
<br>
####### Modules Section ########<br>
<br>
#set module path<br>
mpath="/opt/opensips/lib64/opensips/modules/"<br>
<br>
loadmodule "signaling.so"<br>
loadmodule "sl.so"<br>
loadmodule "tm.so"<br>
loadmodule "rr.so"<br>
loadmodule "maxfwd.so"<br>
loadmodule "textops.so"<br>
loadmodule "mi_fifo.so"<br>
loadmodule "uri.so"<br>
<br>
# ----------------- setting module-specific parameters<br>
---------------<br>
<br>
# ----- mi_fifo params -----<br>
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")<br>
<br>
# ----- rr params -----<br>
# add value to ;lr param to cope with most of the UAs<br>
modparam("rr", "enable_full_lr", 1)<br>
modparam("rr", "append_fromtag", 1)<br>
<br>
# ----- uri params -----<br>
modparam("uri", "use_uri_table", 0)<br>
<br>
####### Routing Logic ########<br>
<br>
# main request routing logic<br>
<br>
route{<br>
<br>
if (!mf_process_maxfwd_header("10")) {<br>
sl_send_reply("483","Too Many Hops");<br>
exit;<br>
}<br>
<br>
if (has_totag()) {<br>
# sequential request withing a dialog should<br>
# take the path determined by record-routing<br>
if (loose_route()) {<br>
if (is_method("BYE")) {<br>
setflag(1); # do accounting ...<br>
setflag(3); # ... even if the<br>
transaction fails<br>
} else if (is_method("INVITE")) {<br>
# even if in most of the cases<br>
is useless, do RR for<br>
# re-INVITEs alos, as some<br>
buggy clients do change route set<br>
# during the dialog.<br>
record_route();<br>
}<br>
# route it out to whatever destination<br>
was set by loose_route()<br>
# in $du (destination URI).<br>
route(1);<br>
} else {<br>
if ( is_method("ACK") ) {<br>
if ( t_check_trans() ) {<br>
# non loose-route, but<br>
stateful ACK; must be an ACK after<br>
# a 487 or e.g. 404<br>
from upstream server<br>
t_relay();<br>
exit;<br>
} else {<br>
# ACK without matching<br>
transaction -><br>
# ignore and discard<br>
exit;<br>
}<br>
}<br>
sl_send_reply("404","Not here");<br>
}<br>
exit;<br>
}<br>
<br>
#initial requests<br>
<br>
# CANCEL processing<br>
if (is_method("CANCEL"))<br>
{<br>
if (t_check_trans())<br>
t_relay();<br>
exit;<br>
}<br>
<br>
t_check_trans();<br>
<br>
# preloaded route checking<br>
if (loose_route()) {<br>
xlog("L_ERR",<br>
"Attempt to route with preloaded Route's<br>
[$fu/$tu/$ru/$ci]");<br>
if (!is_method("ACK"))<br>
sl_send_reply("403","Preload Route<br>
denied");<br>
exit;<br>
}<br>
<br>
record_route();<br>
route(1);<br>
}<br>
<br>
<br>
route[1] {<br>
rewritehostport("<a href="http://10.22.10.1:6000" target="_blank">10.22.10.1:6000</a><br></div></div>
<<a href="http://10.22.10.1:6000" target="_blank">http://10.22.10.1:6000</a>> <<a href="http://10.22.10.1:6000/" target="_blank">http://10.22.10.1:6000/</a>>");<div class="im"><br>
<br>
force_send_socket(10.22.10.254);<br>
if (!t_relay()) {<br>
sl_reply_error();<br>
};<br>
exit;<br>
}<br>
------------------------------------------------------------------------<br>
<br>
</div></blockquote><div><div></div><div class="h5">
<br>
<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</div></div></blockquote></div><br></div>