<div dir="ltr">Hi,<div><br></div><div>Recently the maintainer of the SIPs proxy in our company quit, and well I'm the new in charge of this project, the bad new is I had 0 experience with SIP. After some week I got my first case related to our "SIP proxy".</div><div><br></div><div>We are using OpenSIP 1.8 within our Firewall to handle the protocol and the NAT that it will imply within a Firewall. The script my ex coworker did is working in 99% of cases but this specific case. </div><div><br></div><div>The customer has one setup like this</div><div><br></div><div><br></div><div>PhoneA</div><div>PhoneB</div><div>PhoneC --- Call Manager --- Firewall --- SBC --- Farm of RTP Media servers</div><div>....</div><div>PhoneN</div><div><br></div><div>The opensips instance is running within the firewall. The next IPs are fake but follow the "rules" of internal/external it is just to avoid problems</div><div><br></div><div>Call Manager: 172.17.1.1</div><div>Firewall: Internal Network 192.168.0.10</div><div>Firewall: Extenal Network 62.1.1.10</div><div>SBC: 210.200.100.100</div><div>Farm of Media Servers: <a href="http://210.200.100.128/25">210.200.100.128/25</a></div><div><br></div><div>So the invite works as Expected but on the 180 Ringing either 200 OK the moment the messages traverse the SIP proxy, doesn't contain the "farm" IP but the SBC IP.</div><div><br></div><div>This are the 180 Ringing:</div><div><br></div><div>From SBC to the Firewall</div><div><br></div><div><div>SIP/2.0 180 Ringing</div><div>Via: SIP/2.0/UDP 62.1.1.10:5060;branch=z9hG4bKd091.937a047.0</div><div>Via: SIP/2.0/UDP 172.17.1.1:5060;rport=5060;received=172.17.1.1;branch=z9hG4bKac393424402</div><div>From: <<a href="mailto:sip%3A5000@210.200.100.100">sip:5000@210.200.100.100</a>>;tag=1c393411873</div><div>To: <<a href="mailto:sip%3A5001@210.200.100.100">sip:5001@210.200.100.100</a>;user=phone>;tag=gK08c71cc5</div><div>Call-ID: <a href="mailto:39341083229920151062@172.17.1.1">39341083229920151062@172.17.1.1</a></div><div>CSeq: 1 INVITE</div><div>Record-Route: <sip:62.1.1.10:5060;r2=on;lr;did=6d8.933abaa6></div><div>Record-Route: <sip:192.168.0.10:5060;r2=on;lr;did=6d8.933abaa6></div><div>Contact: <<a href="http://sip:5001@210.200.100.100:5060">sip:5001@210.200.100.100:5060</a>></div><div>Allow: INVITE,ACK,CANCEL,BYE,REGISTER,REFER,INFO,SUBSCRIBE,NOTIFY,PRACK,UPDATE,OPTIONS,MESSAGE,PUBLISH</div><div>Require: 100rel</div><div>RSeq: 433990</div><div>Content-Length: 266</div><div>Content-Disposition: session; handling=required</div><div>Content-Type: application/sdp</div><div><br></div><div>v=0</div><div>o=Sonus_UAC 176482 50736 IN IP4 210.200.100.100</div><div>s=SIP Media Capabilities</div><div>c=IN IP4 210.200.100.243</div><div>t=0 0</div><div>m=audio 61348 RTP/AVP 8 101</div><div>a=rtpmap:8 PCMA/8000</div><div>a=rtpmap:101 telephone-event/8000</div><div>a=fmtp:101 0-15</div><div>a=sendrecv</div><div>a=ptime:20</div><div>a=silenceSupp:off - - - -</div></div><div><br></div><div>After the firewall + Opensips have processed this message to the call center</div><div><br></div><div><div>SIP/2.0 180 Ringing</div><div>Via: SIP/2.0/UDP 172.17.1.1:5060;branch=z9hG4bKac393424402</div><div>From: <<a href="mailto:sip%3A5000@210.200.100.100">sip:5000@210.200.100.100</a>>;tag=1c393411873</div><div>To: <<a href="mailto:sip%3A5001@210.200.100.100">sip:5001@210.200.100.100</a>;user=phone>;tag=gK08c71cc5</div><div>Call-ID: <a href="mailto:39341083229920151062@172.17.1.1">39341083229920151062@172.17.1.1</a></div><div>CSeq: 1 INVITE</div><div>Record-Route: <sip::62.1.1.10:5060;r2=on;lr;did=6d8.933abaa6></div><div>Record-Route: <sip:192.168.0.10:5060;r2=on;lr;did=6d8.933abaa6></div><div>Contact: <<a href="mailto:sip%3A5001@210.200.100.100">sip:5001@210.200.100.100</a>></div><div>Allow: INVITE,ACK,CANCEL,BYE,REGISTER,REFER,INFO,SUBSCRIBE,NOTIFY,PRACK,UPDATE,OPTIONS,MESSAGE,PUBLISH</div><div>Require: 100rel</div><div>RSeq: 433990</div><div>Content-Length: 295</div><div>Content-Disposition: session; handling=required</div><div>Content-Type: application/sdp</div><div><br></div><div>v=0</div><div>o=Sonus_UAC 176482 50736 IN IP4 210.200.100.100</div><div>s=SIP Media Capabilities</div><div>t=0 0</div><div>m=audio 4845 RTP/AVP 8 101</div><div>a=rtpmap:8 PCMA/8000</div><div>a=rtpmap:101 telephone-event/8000</div><div>a=fmtp:101 0-15</div><div>a=sendrecv</div><div>a=ptime:20</div><div>a=silenceSupp:off - - - -</div><div>a=nortpproxy:yes</div><div>c=IN IP4 210.200.100.100</div><div>a=rtcp:4848</div></div><div><br></div><div>----</div><div><br></div><div>The RTP "acceptor" is created under the IP 210.200.100.100 instead of the IP 210.200.243 as the SIPproxy is changing the SDP connection information.</div><div><br></div><div><br></div><div>This is the logic we are using in our script for the INVITE and for the onreply_route</div><div><br></div><div><div><span style="white-space:pre"> </span>if (is_method("INVITE")){</div><div><span class="" style="white-space:pre"> </span>if (has_body("application/sdp")) {</div><div><span class="" style="white-space:pre"> </span>$var(trustconnectionip) = "%TRUSTCONNECTIONIP%";</div><div><span class="" style="white-space:pre"> </span>$var(ciptrusted) = "no";</div><div><span class="" style="white-space:pre"> </span>if ($var(trustconnectionip)=="yes") {</div><div><span class="" style="white-space:pre"> </span>$var(ciptrusted) = "yes";</div><div><span class="" style="white-space:pre"> </span>} else if ($var(trustconnectionip)=="auto") {</div><div><span class="" style="white-space:pre"> </span>$var(sdpc) = $(rb{sdp.line,c}{s.substr,9,0});</div><div><span class="" style="white-space:pre"> </span>if($td == $fd && $td != $var(sdpc)) {</div><div><span class="" style="white-space:pre"> </span>$var(ciptrusted) = "yes";</div><div><span class="" style="white-space:pre"> </span>}</div><div><span class="" style="white-space:pre"> </span>}</div><div><span class="" style="white-space:pre"> </span>if ($var(ciptrusted)=="yes") {</div><div><span class="" style="white-space:pre"> </span>rtpproxy_offer("focnr");</div><div><span class="" style="white-space:pre"> </span>} else {</div><div><span class="" style="white-space:pre"> </span>rtpproxy_offer("focn");</div><div><span class="" style="white-space:pre"> </span>}</div><div><span class="" style="white-space:pre"> </span>}</div></div><div><span style="white-space:pre"> }</span><br></div><div><span style="white-space:pre"><br></span></div><div><span style="white-space:pre"><br></span></div><div><span style="white-space:pre"><br></span></div><div><span style="white-space:pre">And on the onreply</span></div><div><span style="white-space:pre"><br></span></div><div><span style="white-space:pre"> </span><span style="white-space:pre">if (has_body("application/sdp")) {
$var(trustconnectionip) = "%TRUSTCONNECTIONIP%";
$var(ciptrusted) = "no";
if ($var(trustconnectionip)=="yes") {
$var(ciptrusted) = "yes";
} else if ($var(trustconnectionip)=="auto") {
$var(sdpc) = $(rb{sdp.line,c}{s.substr,9,0});
if($td == $fd && $td != $var(sdpc)) {
$var(ciptrusted) = "yes";
}
}
if ($var(ciptrusted)=="yes") {
rtpproxy_answer("fr");
} else {
rtpproxy_answer("f");
}
}</span><br></div><div><br></div><div><br></div><div>Where TRUSTONNECTIONIP = "no" so basically we are doing</div><div><br></div><div>rptproxy_offer("focn") and rtpproxy_answer("f").</div><div><br></div><div>Kind regards:</div><div><br></div><div>Jose Palma</div><div><br></div><div><br></div></div>