Good.<div><br></div><div>Have you been able to capture the call using tcpdump or ngrep?</div><div><br></div><div>If so, do you see the Ack to 200 OK reaching the caller from callee?</div><div><br></div><div>Meanwhile, try to use record_route_preset instead of record_route. That probably will fix it.</div>
<div><br></div><div>Regards,</div><div>Ali Pey<br><br><div class="gmail_quote">On Tue, Aug 7, 2012 at 5:53 PM, Ignacio Gonzalez <span dir="ltr"><<a href="mailto:mylaneza@gmail.com" target="_blank">mylaneza@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">1. Yes my proxy is behind a NAT, and my public ip address is <a href="http://mydomain.com" target="_blank">mydomain.com</a>, i created a rule in my router to bind 5060 ports of my nat ip address.<br>
2. Yes i'm using rtp proxy. I do not understand the rest of the question. RTP proxy is in the same machine of opensips. And I created the rule of a set of ports to bind the public ip and the nat ip.<div class="HOEnZb">
<div class="h5"><br>
<br><div class="gmail_quote">2012/8/7 Ali Pey <span dir="ltr"><<a href="mailto:alipey@gmail.com" target="_blank">alipey@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Ignacio,<div><br></div><div>Your configuration script heavily depends on your network setup:</div><div><br></div><div>1- Is your proxy server behind a nat? If so, do you know your public IP address?</div><div>2- Are you using rtp proxy? What's the path for your rtp - through what devices with what IPs?</div>
<div><div>
<div><br></div><div><br></div><div><div class="gmail_quote">On Tue, Aug 7, 2012 at 2:53 PM, Ignacio Gonzalez <span dir="ltr"><<a href="mailto:mylaneza@gmail.com" target="_blank">mylaneza@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Ali, I use this configuration script to start my opensips proxy and it start, I only want to know, Do you see something wrong?<br>
I put in bold the modifications a made to add the nat_traversal module and the advertised_address parameter.<br>
<br>In the documentation it says that nat_traversal is straight forward when using a single proxy, ( that is my case ).<br><br>"In this case the usage is straight forward. The nat_keepalive() function
needs to be called before save_location() for REGISTER requests, before
handle_subscribe() for SUBSCRIBE requests and before t_relay() for the
first INVITE of a dialog.
"<br><br>I do not configure any subscription, and I did not find the save_location function, I assumed that save("location") is a newer version of this function.<br><br>#CONFIG FILE<br><br>debug=3<br>log_stderror=no<br>
log_facility=LOG_LOCAL1<br><br>fork=yes<br>children=4<br><br>#debug=6<br>#fork=no<br>#log_stderror=yes<br><br>#disable_dns_blacklist=no<br><br>#dns_try_ipv6=yes<br><br>auto_aliases=no<br><br><b>advertised_address="<a href="http://mydomain.com" target="_blank">mydomain.com</a>"</b><br>
<br>listen=udp:<a href="http://192.168.1.220:5060" target="_blank">192.168.1.220:5060</a> # CUSTOMIZE ME<br><br>disable_tcp=no<br>listen=tcp:<a href="http://192.168.1.220:5060" target="_blank">192.168.1.220:5060</a> # CUSTOMIZE ME <br>
<br>disable_tls=yes<br>
<br>mpath="/home/syrium/opensips_proxy/lib/opensips/modules/"<br><br>loadmodule "signaling.so"<br><br>loadmodule "sl.so"<br><br>loadmodule "tm.so"<br>modparam("tm", "fr_timer", 5)<br>
modparam("tm", "fr_inv_timer", 30)<br>modparam("tm", "restart_fr_on_each_reply", 0)<br>modparam("tm", "onreply_avp_mode", 1)<br><br>loadmodule "rr.so"<br>
modparam("rr", "append_fromtag", 0)<br><br>loadmodule "maxfwd.so"<br><br>loadmodule "sipmsgops.so"<br><br>loadmodule "mi_fifo.so"<br>modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")<br>
modparam("mi_fifo", "fifo_mode", 0666)<br><br>loadmodule "uri.so"<br>modparam("uri", "use_uri_table", 0)<br>modparam("uri", "db_url", "mysql://opensips:opensipsrw@localhost/opensips") # CUSTOMIZE ME<br>
<br>loadmodule "db_mysql.so"<br><br>loadmodule "usrloc.so"<br>modparam("usrloc", "nat_bflag", 10)<br>modparam("usrloc", "db_mode", 2)<br>modparam("usrloc", "db_url", "mysql://opensips:opensipsrw@localhost/opensips") # CUSTOMIZE ME<br>
<br>loadmodule "registrar.so"<br>modparam("registrar", "tcp_persistent_flag", 7)<br>modparam("registrar", "received_avp", "$avp(received_nh)")<br>#modparam("registrar", "max_contacts", 10)<br>
<br>loadmodule "acc.so"<br>modparam("acc", "early_media", 0)<br>modparam("acc", "report_cancels", 0)<br>modparam("acc", "detect_direction", 0)<br>modparam("acc", "failed_transaction_flag", 3)<br>
modparam("acc", "db_flag", 1)<br>modparam("acc", "db_missed_flag", 2)<br>modparam("acc", "db_url", "mysql://opensips:opensipsrw@localhost/opensips") # CUSTOMIZE ME<br>
<br>loadmodule "auth.so"<br>loadmodule "auth_db.so"<br>modparam("auth_db", "calculate_ha1", yes)<br>modparam("auth_db", "password_column", "password")<br>
modparam("auth_db", "db_url", "mysql://opensips:opensipsrw@localhost/opensips") # CUSTOMIZE ME<br>modparam("auth_db", "load_credentials", "")<br><br>loadmodule "domain.so"<br>
modparam("domain", "db_url", "mysql://opensips:opensipsrw@localhost/opensips") # CUSTOMIZE ME<br>modparam("domain", "db_mode", 1) # Use caching<br>modparam("auth_db|usrloc|uri", "use_domain", 1)<br>
<br>loadmodule "dialog.so"<br>modparam("dialog", "dlg_match_mode", 1)<br>modparam("dialog", "default_timeout", 21600) # 6 hours timeout<br>modparam("dialog", "db_mode", 2)<br>
modparam("dialog", "db_url", "mysql://opensips:opensipsrw@localhost/opensips") # CUSTOMIZE ME<br><br><b>loadmodule "nat_traversal.so"</b><br><br>loadmodule "nathelper.so"<br>
modparam("nathelper", "natping_interval", 10)<br>modparam("nathelper", "ping_nated_only", 1)<br>modparam("nathelper", "received_avp", "$avp(received_nh)")<br>
<br>loadmodule "rtpproxy.so"<br>modparam("rtpproxy", "rtpproxy_sock", "udp:localhost:12221") # CUSTOMIZE ME<br><br>####### Routing Logic ########<br><br>route{<br> force_rport();<br>
if (nat_uac_test("23")) {<br> if (is_method("REGISTER")) {<br> fix_nated_register();<br> setbflag(10);<br> } else {<br> fix_nated_contact();<br> setflag(10);<br>
}<br> }<br> <br><br> if (!mf_process_maxfwd_header("10")) {<br> sl_send_reply("483","Too Many Hops");<br> exit;<br> }<br><br> if (has_totag()) {<br> # sequential request withing a dialog should<br>
# take the path determined by record-routing<br> if (loose_route()) {<br> <br> # validate the sequential request against dialog<br> if ( $DLG_status!=NULL && !validate_dialog() ) {<br>
xlog("In-Dialog $rm from $si (callid=$ci) is not valid according to dialog\n");<br> ## exit;<br> }<br> <br> if (is_method("BYE")) {<br> setflag(1); # do accounting ...<br>
setflag(3); # ... even if the transaction fails<br> } else if (is_method("INVITE")) {<br> # even if in most of the cases is useless, do RR for<br> # re-INVITEs alos, as some buggy clients do change route set<br>
# during the dialog.<br> record_route();<br> }<br><br> if (check_route_param("nat=yes")) <br> setflag(10);<br><br> # route it out to whatever destination was set by loose_route()<br>
# in $du (destination URI).<br> route(1);<br> } else {<br> <br> if ( is_method("ACK") ) {<br> if ( t_check_trans() ) {<br> # non loose-route, but stateful ACK; must be an ACK after <br>
# a 487 or e.g. 404 from upstream server<br> t_relay();<br> exit;<br> } else {<br> # ACK without matching transaction -><br> # ignore and discard<br>
exit;<br> }<br> }<br> sl_send_reply("404","Not here");<br> }<br> exit;<br> }<br><br> # CANCEL processing<br> if (is_method("CANCEL"))<br>
{<br> if (t_check_trans())<br> t_relay();<br> exit;<br> }<br><br> t_check_trans();<br><br> if ( !(is_method("REGISTER") ) ) {<br> <br> if (is_from_local())<br>
{<br> <br> # authenticate if from local subscriber<br> # authenticate all initial non-REGISTER request that pretend to be<br> # generated by local subscriber (domain from FROM URI is local)<br>
if (!proxy_authorize("", "subscriber")) {<br> proxy_challenge("", "0");<br> exit;<br> }<br> if (!db_check_from()) {<br>
sl_send_reply("403","Forbidden auth ID");<br> exit;<br> }<br> <br> consume_credentials();<br> # caller authenticated<br> <br>
} else {<br> # if caller is not local, then called number must be local<br> <br> if (!is_uri_host_local()) {<br> send_reply("403","Rely forbidden");<br>
exit;<br> }<br> }<br><br> }<br><br> # preloaded route checking<br> if (loose_route()) {<br> xlog("L_ERR", "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");<br>
if (!is_method("ACK"))<br> sl_send_reply("403","Preload Route denied");<br> exit;<br> }<br><br> # record routing<br> if (!is_method("REGISTER|MESSAGE"))<br>
record_route();<br><br> # account only INVITEs<br> if (is_method("INVITE")) {<br> <br> # create dialog with timeout<br> if ( !create_dialog("B") ) {<br> send_reply("500","Internal Server Error");<br>
exit;<br> }<br> <br> setflag(1); # do accounting<br> }<br><br> <br> if (!is_uri_host_local()) {<br> append_hf("P-hint: outbound\r\n"); <br> <br> route(1);<br>
}<br><br> # requests for my domain<br> <br> if (is_method("PUBLISH|SUBSCRIBE"))<br> {<br> sl_send_reply("503", "Service Unavailable");<br> exit;<br> }<br><br>
if (is_method("REGISTER"))<br> {<br> <br> # authenticate the REGISTER requests<br> if (!www_authorize("", "subscriber"))<br> {<br> www_challenge("", "0");<br>
exit;<br> }<br> <br> if (!db_check_to()) <br> {<br> sl_send_reply("403","Forbidden auth ID");<br> exit;<br> }<br><br> if ( proto==TCP || 0 ) <br>
setflag(7);<br><br> <b>if ( client_nat_test("3") ) {<br> nat_keepalive();<br> }</b><br> <br> if (!save("location"))<br> sl_reply_error();<br>
<br> exit;<br> }<br><br> if ($rU==NULL) {<br> # request with no Username in RURI<br> sl_send_reply("484","Address Incomplete");<br> exit;<br> }<br><br> # do lookup with method filtering<br>
if (!lookup("location","m")) {<br> if (!db_does_uri_exist()) {<br> send_reply("420","Bad Extension");<br> exit;<br> }<br> <br> t_newtran();<br>
t_reply("404", "Not Found");<br> exit;<br> } <br><br> if ( isbflagset(10) ) <br> setflag(10);<br><br> # when routing via usrloc, log the missed calls also<br> setflag(2);<br>
route(1);<br>}<br><br><br>route[1] {<br> # for INVITEs enable some additional helper routes<br> if (is_method("INVITE")) {<br> <br> if (isflagset(10)) {<br> rtpproxy_offer("ro");<br>
}<br><br> t_on_branch("2");<br> t_on_reply("2");<br> t_on_failure("1");<br> <br> <b>if ( client_nat_test("3") ) {<br> nat_keepalive();<br>
}</b><br> <br> }<br><br> if (isflagset(10)) {<br> add_rr_param(";nat=yes");<br> }<br><br> <br><br> if (!t_relay()) {<br> send_reply("500","Internal Error");<br>
};<br> exit;<br>}<br><br>branch_route[2] {<br> xlog("new branch at $ru\n");<br>}<br><br>onreply_route[2] {<br> if ( nat_uac_test("1") )<br> fix_nated_contact();<br> if ( isflagset(10) )<br>
rtpproxy_answer("ro");<br> xlog("incoming reply\n");<br>}<br><br>failure_route[1] {<br> if ( t_was_cancelled() ) {<br> exit;<br> } <br>}<br><br>local_route {<br> if (is_method("BYE") && $DLG_dir=="UPSTREAM") {<br>
<br> acc_db_request("200 Dialog Timeout", "acc");<br> <br> }<br>}<br><br>Thanks for your time Ali.<div><div><br><br><div class="gmail_quote">2012/8/7 Ignacio Gonzalez <span dir="ltr"><<a href="mailto:mylaneza@gmail.com" target="_blank">mylaneza@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Ok aly, I will read more, i have created the configuration script already with opensips-cp, I created a residential script and I selected the NAT option but that option just install nathelper module, and this why I asked you if nathelper and nat traversal module were mutually exclusive. I will add nat traversal to my configuration script. <div>
<br></div><div>Another question, where can I read about the differences between residential and trunking scripts?<div><div><br><br><div class="gmail_quote">2012/8/7 Ali Pey <span dir="ltr"><<a href="mailto:alipey@gmail.com" target="_blank">alipey@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Ignacio,<div><br></div><div>You need to implement nat traversal in your routing script - opensips.cfg. IMO, forget about the opensips-cp until you get it to work. Once you know how it works, then you know how you can do with the config tool. Sounds like you need lots more reading/testing :)</div>
<div><br></div><div>Regards,</div><div>Ali Pey<div><div><br><br><div class="gmail_quote">On Mon, Aug 6, 2012 at 1:38 PM, Ignacio Gonzalez <span dir="ltr"><<a href="mailto:mylaneza@gmail.com" target="_blank">mylaneza@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Ok, i red the NAT_TRAVERSAL module, i don't know how to configure using the configuration tool, do I have to configure it manual? The NAT_TRAVERSAL module and the NATHELPER module are mutually exclusive?<div>
<div><br><br><div class="gmail_quote">
2012/8/5 Ali Pey <span dir="ltr"><<a href="mailto:alipey@gmail.com" target="_blank">alipey@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello Ignacio,<div><br></div><div>Yes, you can handle nat and you don't need stun, turn or ICE. In fact, it's always better to turn off any nat traversal feature on the phone when you are using a proxy server such as OpenSIPS.</div>
<div><br></div><div>Check out the nat traveral module and advertized_ip. How you implement it depends on your network setup:</div><div><a href="http://www.opensips.org/html/docs/modules/1.8.x/nat_traversal.html" target="_blank">http://www.opensips.org/html/docs/modules/1.8.x/nat_traversal.html</a></div>
<div><br></div><div>Regards,</div><div>Ali Pey </div><div><br><div class="gmail_quote"><div><div>On Sat, Aug 4, 2012 at 5:31 PM, Ignacio Gonzalez <span dir="ltr"><<a href="mailto:mylaneza@gmail.com" target="_blank">mylaneza@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>Hello everybody, I have configured my opensips proxy with NAT_TRAVERSAL support using the new tool for configuration. I developed a softphone using JAIN-SIP, I think JAIN-SIP does not implements STUN, TURN and ICE for NAT Traversal ( RFC 6314), is any way to do nat traversal without making a new softphone with another library? <br>
<br>I also have tested this softphone with Inphonex, and this company use openSER in its proxy and the softphone works fine, but i don't know how they do that, so I thought to ask if is something I can do in the configuration file of my proxy or they use something else to solve this problem. <br>
<br>Thanks for all.<br>
<br></div></div>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></blockquote></div><br>
</div></div><br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></blockquote></div><br></div></div></div>
</blockquote></div><br>
</div></div><br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></blockquote></div><br>
</div></div><br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></blockquote></div><br></div>