<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";
        color:black;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";
        color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";
        color:black;}
span.EmailStyle17
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;
        color:black;}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma","sans-serif";
        color:black;}
span.EmailStyle22
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-ZA link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hi Stefano,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thanks for your interest.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>There is no private network such as a VPN being used. I am testing using a virtual cloud server in a CaaS environment which puts it behind a NAT firewall (although later the server may have a fixed IP address). The clients are currently simple console apps (based on Baresip) operating on PC’s behind a NAT/firewall on a LAN. Later these clients may operate on a mobile phone, in which case the cellular network will be NAT’ed.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Currently, the only mods I have made to the default OpenSIPS (Vers. 1.6.4.2) config file is “alias=<server IP address>” and fix_nat_register() related mods. However I actually get quite far with these mods as you can see from my dialog below.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Network architecture:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Server = Ubuntu 10.04 LTS server with OpenSIPS 1.6.4.2<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>LAN clients--NAT------Internet------NAT--OpenSIPS<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>From my testing and wireshark traces I have constructed an example dialog shown below.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>In the example dialog below at step 7 when the server sends the “200 – Answering” back to voip2 it includes its local IP address in the "Record-Route" field. This results in voip2 trying to sending its ACK to the server’s local IP address (step 8) which of course cannot be reached. Voip2 now starts sending RTP’s to voip1 (which actually do reach voip1). However, voip1 does not start sending RTP’s to voip2. Instead voip1 just keeps sending "200 Answering" messages, which I assume is because it has not received the ACK for its “200 –Answering” message (step 6). I am also assuming that voip1 does not get the final ACK from the server because the server never gets the final ACK from voip2 at step 8.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Example dialog:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>1. server <-INVITE-- voip2<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>2. server -100 Trying-> voip2<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>3. voip1 <-INVITE-- server<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>4. voip1 -180 Ringing-> server<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>5. server -200 Ringing-> voip2<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>6. voip1 -200 Answering-> server<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>7. server -200 Answering-> voip2<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>8. nowhere <-ACK-- voip2<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>9. voip1 <-----RTP------------------------RTP--- voip2<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>10.voip1 <-----RTP------------------------RTP--- voip2<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>11.voip1 <-----RTP------------------------RTP--- voip2<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>12.voip1 -200 Answering-> server<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>13.voip1 <-----RTP------------------------RTP--- voip2<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>14.voip1 <-----RTP------------------------RTP--- voip2<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>15.voip1 <-----RTP------------------------RTP--- voip2<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>...<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hope you can help.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Regards<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Mark Currie</span><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> users-bounces@lists.opensips.org [mailto:users-bounces@lists.opensips.org] <b>On Behalf Of </b>Stefano Pisani<br><b>Sent:</b> 04 January 2013 09:10<br><b>To:</b> users@lists.opensips.org<br><b>Subject:</b> Re: [OpenSIPS-Users] NAT issues on client and server<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'>Could you explaint your scenario better?<br>The server is in a private network?<br>The cliets are in different private networks?<br><br>s<o:p></o:p></p><div><p class=MsoNormal>Il 04/01/2013 05:23, Mark Currie ha scritto:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thanks for the advice Flavio.</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Currently I am actually pretty close with my NAT’ed OpenSIPS and NAT’ed clients. I am assuming this is because I have a simple NAT scenario with full-cone NATs.</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I get as far as making a call, but when I pick-up the call only one side gets RTP through. I traced the problem to the fact that a local address is being put in the “Record Route” section of an ACK response.</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I would like to try to get this more controllable scenario working first before I launch into new complexity with RTP proxies etc. I think that I just need to know how to get the fix_nat_sip() and fix_nat_contact() to work. Any pointers with that?</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Regards</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Mark</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> <a href="mailto:users-bounces@lists.opensips.org">users-bounces@lists.opensips.org</a> [<a href="mailto:users-bounces@lists.opensips.org">mailto:users-bounces@lists.opensips.org</a>] <b>On Behalf Of </b>Flavio Goncalves<br><b>Sent:</b> 03 January 2013 12:27<br><b>To:</b> OpenSIPS users mailling list<br><b>Subject:</b> Re: [OpenSIPS-Users] NAT issues on client and server</span><o:p></o:p></p></div></div><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Hi Mark, <o:p></o:p></p><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>There is no simple way to traverse NAT. Unless all your routers use a non symmetric NAT, you will have to use rtpproxy or mediaproxy (you can check this with a stun client). OpenSIPS behind NAT make things even more complicated. So I suggest that you follow an example with rtpproxy or media proxy and also use the OpenSIPS in a valid IP address. The setup you are trying to do with OpenSIPS behind NAT is possible, but it is even more complex. <o:p></o:p></p></div><div><p class=MsoNormal><br clear=all><o:p></o:p></p><div><div><p class=MsoNormal>Flavio E. Goncalves<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div></div><p class=MsoNormal style='margin-bottom:12.0pt'> <o:p></o:p></p><div><p class=MsoNormal>2013/1/3 Mark Currie <<a href="mailto:mark@ziliant.com" target="_blank">mark@ziliant.com</a>><o:p></o:p></p><p class=MsoNormal>Hi,<br><br>I have a very simple setup for a closed network of users (all NAT'ed) with<br>one OpenSIPS server (also NAT'ed).<br><br>I have managed to solve my first problem with registration by following<br>previous posts and using fix_nat_register(), but I am still having problems<br>with NAT issues during a call. I know that I probably need to use<br>fix_nat_contact() and fix_nat_sip() but I can't figure out how to use these<br>properly through the documentation.<br><br>I have tried to search for examples of opensips.cfg that suit my scenario<br>but all the ones I found are complicated with proxies etc. Can someone point<br>me to simple example of opensips.cfg that takes care of NAT?<br><br>Regards<br>Mark Currie<br><br><br>_______________________________________________<br>Users mailing list<br><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><o:p></o:p></p></div><p class=MsoNormal> <o:p></o:p></p></div></div><p class=MsoNormal><br><br><br><o:p></o:p></p><pre>_______________________________________________<o:p></o:p></pre><pre>Users mailing list<o:p></o:p></pre><pre><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><o:p></o:p></pre><pre><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><o:p></o:p></pre></blockquote><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>