<div dir="ltr"><div><div>Hello,<br><br></div>I am using OpenSIPs as a SIP server solution.I just finished a server configuration which permits NAT traversal (I used RTP proxy)(on Debian).<br></div><div>As a SIP client application I am using CSipSimple(Android) (which uses PJSUA as backend solution).<br>
</div><div>The setup works fine and the NAT traversal problem is solved. (I am able to call from a 3G network provider to my wireless LAN-it uses NAT on both sides and it works great).<br></div><div>However sometimes I am getting the 488 Not acceptable here error. Sometimes this error appears even when both of the phones are in the same LAN.<br>
<br></div><div>Also this error appeared when I called from the 3G network operator to my wireless LAN.(when I called from my wireless LAN to the 3G operator it worked fine).<br><br></div><div>The conclusion is that I cannot replicate this error every time.<br>
<br>I know that is a SDP issue.<br><br></div><div>Here is my opensips.cfg</div><div><br>#<br># $Id: nathelper.cfg 9345 2012-10-18 20:24:22Z osas $<br>#<br># simple quick-start config script including nathelper support<br>
<br># This default script includes nathelper support. To make it work<br># you will also have to install Maxim's RTP proxy. The proxy is enforced<br># if one of the parties is behind a NAT.<br>#<br># If you have an endpoing in the public internet which is known to<br>
# support symmetric RTP (Cisco PSTN gateway or voicemail, for example),<br># then you don't have to force RTP proxy. If you don't want to enforce<br># RTP proxy for some destinations than simply use t_relay() instead of<br>
# route(1)<br>#<br># Sections marked with !! Nathelper contain modifications for nathelper<br>#<br># NOTE !! This config is EXPERIMENTAL !<br>#<br># ----------- global configuration parameters ------------------------<br>
<br>debug=5<br>log_stderror=no<br>log_facility=LOG_LOCAL0<br>#log_name=opensips.log<br><br>fork=yes<br>children=4<br><br>/* uncomment the following lines to enable debugging */<br>#debug=6<br>#fork=no<br>#log_stderror=yes<br>
<br><br>check_via=no # (cmd. line: -v)<br>dns=no # (cmd. line: -r)<br>rev_dns=no # (cmd. line: -R)<br><br>#port=5060<br>listen=udp:<a href="http://195.95.167.214:8899">195.95.167.214:8899</a><br>#advertised_address="195.95.167.194"<br>
#advertised_port=5060<br>port=8899<br><br><br>children=4<br><br>disable_tcp=yes<br><br>alias=<a href="http://voip.certsign.ro">voip.certsign.ro</a><br>alias=195.95.167.214<br>#alias=192.168.185.26<br># ------------------ module loading ----------------------------------<br>
<br>#set module path<br>mpath="/usr/lib/opensips/modules/"<br><br># Uncomment this if you want to use SQL database<br>loadmodule "db_mysql.so"<br><br>loadmodule "sl.so"<br>loadmodule "tm.so"<br>
loadmodule "signaling.so"<br>loadmodule "rr.so"<br>loadmodule "maxfwd.so"<br>loadmodule "usrloc.so"<br>loadmodule "registrar.so"<br>loadmodule "textops.so"<br>loadmodule "mi_fifo.so"<br>
loadmodule "sipmsgops.so"<br>loadmodule "dialog.so"<br>loadmodule "avpops.so"<br>loadmodule "domain.so"<br>#loadmodule "xlog.so"<br>loadmodule "acc.so"<br><br># Uncomment this if you want digest authentication<br>
# db_mysql.so must be loaded !<br>loadmodule "auth.so"<br>loadmodule "auth_db.so"<br><br># !! Nathelper<br>loadmodule "nathelper.so"<br>loadmodule "rtpproxy.so"<br><br># ----------------- setting module-specific parameters ---------------<br>
<br># -- mi_fifo params --<br>modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")<br><br># -- usrloc params --<br>modparam("usrloc", "db_mode", 2)<br>modparam("usrloc", "db_url", "mysql://opensips:qwe123@localhost/opensips")<br>
<br><br># -- auth params --<br># Uncomment if you are using auth module<br>modparam("auth_db", "calculate_ha1", yes)<br>#<br># If you set "calculate_ha1" parameter to yes (which true in this config),<br>
# uncomment also the following parameter)<br>modparam("auth_db", "password_column", "password")<br>modparam("auth_db", "db_url", "mysql://opensips:qwe123@localhost/opensips")<br>
modparam("auth_db", "load_credentials", "")<br><br>db_default_url="mysql://opensips:qwe123@localhost/opensips"<br><br><br>#<br># !! Nathelper<br>#<br>modparam("usrloc", "nat_bflag", 6)<br>
modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT<br>modparam("nathelper", "sipping_bflag", 8)<br>modparam("nathelper", "received_avp", "$avp(i:801)")<br>
<br># RTPProxy setup<br>#modparam("nathelper", "rtpproxy_sock", "udp:<a href="http://127.0.0.1:7789">127.0.0.1:7789</a>")<br>modparam("nathelper", "force_socket", "udp:<a href="http://127.0.0.1:7789">127.0.0.1:7789</a>")<br>
<br>modparam("rtpproxy", "rtpproxy_sock", "udp:<a href="http://127.0.0.1:7789">127.0.0.1:7789</a>")<br>modparam("rtpproxy", "rtpproxy_autobridge", 1)<br>modparam("rtpproxy", "rtpproxy_timeout", "0.5")<br>
modparam("rtpproxy", "rtpproxy_retr", 3)<br><br><br>#<br># ------- dialog --------<br>#**<br>modparam("dialog", "db_mode", 1)<br>modparam("dialog", "db_update_period", 30)<br>
#modparam("dialog", "dlg_flag", 4)<br>modparam("dialog", "dlg_match_mode", 1)<br><br>#<br># --> avpops params -----<br>#**<br>modparam("avpops", "avp_table", "usr_preferences")<br>
modparam("avpops", "use_domain", 1)<br><br><br><br># ************<br># ----- presence params -----<br>/* uncomment the following lines if you want to enable presence */<br>#modparam("presencepresence_xml", "db_url",<br>
# "mysql://opensips:opensipsrw@localhost/opensips")<br>#modparam("presence_xml", "force_active", 1)<br>#modparam("presence", "server_address", "sip:localhost:5060")<br>
<br><br># ------------------------- request routing logic -------------------<br><br># main routing logic<br><br>route{<br> # initial sanity checks -- messages with<br> # max_forwards==0, or excessively long requests<br>
if (!mf_process_maxfwd_header("10")) {<br> sl_send_reply("483","Too Many Hops");<br> exit;<br> };<br> if (msg:len >= 2048 ) {<br> sl_send_reply("513", "Message too big");<br>
exit;<br> };<br><br> # !! Nathelper<br> # Special handling for NATed clients; first, NAT test is<br> # executed: it looks for via!=received and RFC1918 addresses<br> # in Contact (may fail if line-folding is used); also,<br>
# the received test should, if completed, should check all<br> # vias for rpesence of received<br> #if (nat_uac_test("3")) {<br> # Allow RR-ed requests, as these may indicate that<br>
# a NAT-enabled proxy takes care of it; unless it is<br> # a REGISTER<br><br> if (is_method("REGISTER") || !is_present_hf("Record-Route")) {<br> log("LOG:Someone trying to register from private IP, rewriting\n");<br>
# This will work only for user agents that support symmetric<br> # communication. We tested quite many of them and majority is<br> # smart enough to be symmetric. In some phones it takes a<br>
# configuration option. With Cisco 7960, it is called<br> # NAT_Enable=Yes, with kphone it is called "symmetric media" and<br> # "symmetric signalling".<br>
<br> # Rewrite contact with source IP of signalling<br> fix_nated_contact();<br> if ( is_method("INVITE") ) {<br> log("@DEBUG:FIX SDP");<br>
fix_nated_sdp("2"); # Add direction=active to SDP<br> };<br> force_rport(); # Add rport parameter to topmost Via<br> setbflag(6); # Mark as NATed<br>
<br> # if you want sip nat pinging<br> # setbflag(8);<br> };<br> #};<br><br> # subsequent messages withing a dialog should take the<br> # path determined by record-routing<br>
if (loose_route()) {<br> # mark routing logic in request<br> append_hf("P-hint: rr-enforced\r\n");<br> route(1);<br> exit;<br> };<br> # we record-route all messages -- to make sure that<br>
# subsequent messages will go through our proxy; that's<br> # particularly good if upstream and downstream entities<br> # use different transport protocol<br> if (!is_method("REGISTER"))<br>
record_route();<br><br> if (!uri==myself) {<br> # mark routing logic in request<br> append_hf("P-hint: outbound\r\n");<br> route(1);<br> exit;<br>
};<br><br> # if the request is for other domain use UsrLoc<br> # (in case, it does not work, use the following command<br> # with proper names and addresses in it)<br> if (uri==myself) {<br>
<br> if (is_method("REGISTER")) {<br><br> # Uncomment this if you want to use digest authentication<br> #if (!www_authorize("<a href="http://siphub.org">siphub.org</a>", "subscriber")) {<br>
# www_challenge("<a href="http://siphub.org">siphub.org</a>", "0");<br> # return;<br> #};<br><br> save("location");<br>
exit;<br> };<br><br> lookup("aliases");<br> if (!uri==myself) {<br> append_hf("P-hint: outbound alias\r\n");<br>
route(1);<br> exit;<br> };<br><br> # native SIP destinations are handled using our USRLOC DB<br> if (!lookup("location")) {<br>
sl_send_reply("404", "Not Found");<br> exit;<br> };<br> };<br> append_hf("P-hint: usrloc applied\r\n");<br> log("@DEBUG:LINE BEFORE ROUTE[1]");<br>
route(1);<br>}<br><br>route[1]<br>{<br> # !! Nathelper<br> if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && !search("^Route:")){<br> sl_send_reply("479", "We don't forward to private IP addresses");<br>
exit;<br> };<br><br> # if client or server know to be behind a NAT, enable relay<br> if (isbflagset(6)){<br><br> if (is_method("INVITE")) {<br> log("@DEBUG:INVITE METHOD");<br>
if (has_body("application/sdp")) {<br> log("@DEBUG:application/sdp");<br> if (rtpproxy_offer("195.95.167.214")) {<br>
t_on_reply("2");<br> log("@DEBUG:RTP PROXY OFFER");<br> }<br> } else {<br>
t_on_reply("3");<br> }<br> }<br> if (is_method("ACK") && has_body("application/sdp"))<br> rtpproxy_answer();<br> };<br><br> # NAT processing of replies; apply to all transactions (for example,<br>
# re-INVITEs from public to private UA are hard to identify as<br> # NATed at the moment of request processing); look at replies<br> t_on_reply("1");<br><br> # send it out now; use stateful forwarding as it works reliably<br>
# even for UDP2TCP<br> if (!t_relay()) {<br> sl_reply_error();<br> };<br>}<br><br># !! Nathelper<br>onreply_route[1] {<br> # NATed transaction ?<br> if (isbflagset(6) && status =~ "(183)|2[0-9][0-9]") {<br>
fix_nated_contact();<br> rtpproxy_answer();<br> # otherwise, is it a transaction behind a NAT and we did not<br> # know at time of request processing ? (RFC1918 contacts)<br> } else if (nat_uac_test("1")) {<br>
fix_nated_contact();<br> };<br>}<br>onreply_route[2]<br>{<br><br> if (has_body("application/sdp"))<br> rtpproxy_answer("195.95.167.214");<br>}<br><br>onreply_route[3]<br>
{<br><br> if (has_body("application/sdp"))<br> rtpproxy_offer("195.95.167.214");<br>}<br><br><br><br>
<div>Please help me.<br>
<br>
</div>Thank you very much,<br><br></div><div>Chifor Bogdan<br></div></div>