<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;">Hello,<br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;">I'm trying to set up a mid_registrar proxy but I'm having a problem with client devices behind nat.<br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;">When calling a device behind nat, with the device registered with opensips, the answering ACK from the upstream provider is sent to OpenSips which in turn sends it to the <private> ip address of the natted device.<br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;">Funny thing is I can hear the two-way audio at the natted device but the call is never established.<br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;">I'm pasting my opensips.cfg file here and a trace from a failed invite (is there a better way to post this info on the list, rather than pasting ?)<br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;">I'm sure there's a lot of issues with my routing script. Feel free to bash me ;)<br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;">In the attached trace:<br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;">- The upstream provider is at 188.10.10.10<br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;">- The opensips mid_proxy is at 5.20.20.20<br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;">- The public ip address of the natted device is 5.10.10.10<br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;">- The private ip address of the natted device is 192.168.100.125<br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;"><br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;">I am missing something obvious here, but can't nail it.<br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;"><br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;">Thank you for all and any help in advance.<br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;"><br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;">The SIP trace (being long) is here: <a href="https://pastebin.com/zrs0er8Y">pastebin.com/zrs0er8Y</a><br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;">My opensips.cfg is here: <br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;">=====<br></div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;">####### Global Parameters ######### <br></div><div><br></div><div>log_level=4<br></div><div>log_stderror=yes<br></div><div>log_facility=LOG_LOCAL0<br></div><div><br></div><div>#children=4<br></div><div><br></div><div>/* uncomment the following line to enable debugging */<br></div><div>#debug_mode=yes<br></div><div><br></div><div>/* uncomment the next line to enable the auto temporary blacklisting of<br></div><div> not available destinations (default disabled) */<br></div><div>#disable_dns_blacklist=no<br></div><div><br></div><div>/* uncomment the next line to enable IPv6 lookup after IPv4 dns<br></div><div> lookup failures (default disabled) */<br></div><div>#dns_try_ipv6=yes<br></div><div><br></div><div>/* comment the next line to enable the auto discovery of local aliases<br></div><div> based on revers DNS on IPs */<br></div><div>auto_aliases=no<br></div><div><br></div><div><br></div><div>listen=udp:0.0.0.0:5060<br></div><div><br></div><div>####### Modules Section ########<br></div><div><br></div><div>#set module path<br></div><div>mpath="/usr/local/lib64/opensips/modules/"<br></div><div><br></div><div>loadmodule "mid_registrar.so"<br></div><div>modparam("mid_registrar", "mode", 2) /* 0 = mirror / 1 = ct / 2 = AoR */<br></div><div>modparam("mid_registrar", "outgoing_expires", 7200)<br></div><div>modparam("mid_registrar", "received_avp", "$avp(received)")<br></div><div>modparam("mid_registrar", "received_param", "received")<br></div><div>#### Removed ??? modparam("mid_registrar", "insertion_mode", 0) /* 0 = contact; 1 = path */<br></div><div><br></div><div>#### SIGNALING module<br></div><div>loadmodule "signaling.so"<br></div><div><br></div><div>#### StateLess module<br></div><div>loadmodule "sl.so"<br></div><div><br></div><div>#### Transaction Module<br></div><div>loadmodule "tm.so"<br></div><div>modparam("tm", "fr_timeout", 5)<br></div><div>modparam("tm", "fr_inv_timeout", 30)<br></div><div>modparam("tm", "restart_fr_on_each_reply", 0)<br></div><div>modparam("tm", "onreply_avp_mode", 1)<br></div><div><br></div><div>#### Record Route Module<br></div><div>loadmodule "rr.so"<br></div><div>/* do not append from tag to the RR (no need for this script) */<br></div><div>modparam("rr", "append_fromtag", 1)<br></div><div><br></div><div>#### MAX ForWarD module<br></div><div>loadmodule "maxfwd.so"<br></div><div><br></div><div>#### SIP MSG OPerationS module<br></div><div>loadmodule "sipmsgops.so"<br></div><div><br></div><div>#### FIFO Management Interface<br></div><div>loadmodule "mi_fifo.so"<br></div><div>modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")<br></div><div>modparam("mi_fifo", "fifo_mode", 0666)<br></div><div><br></div><div>#### URI module<br></div><div>loadmodule "uri.so"<br></div><div>modparam("uri", "use_uri_table", 0)<br></div><div><br></div><div>#### USeR LOCation module<br></div><div>loadmodule "usrloc.so"<br></div><div>modparam("usrloc", "nat_bflag", "NAT")<br></div><div>modparam("usrloc", "db_mode", 0)<br></div><div><br></div><div>#### REGISTRAR module<br></div><div>loadmodule "registrar.so"<br></div><div><br></div><div>/* uncomment the next line not to allow more than 10 contacts per AOR */<br></div><div>#modparam("registrar", "max_contacts", 10)<br></div><div><br></div><div>#### ACCounting module<br></div><div>loadmodule "acc.so"<br></div><div>/* what special events should be accounted ? */<br></div><div>modparam("acc", "early_media", 0)<br></div><div>modparam("acc", "report_cancels", 0)<br></div><div>/* by default we do not adjust the direct of the sequential requests.<br></div><div> if you enable this parameter, be sure the enable "append_fromtag"<br></div><div> in "rr" module */<br></div><div>modparam("acc", "detect_direction", 0)<br></div><div><br></div><div>### UAC Module ####<br></div><div>loadmodule "uac.so"<br></div><div>modparam("uac","restore_mode","auto")<br></div><div>modparam("rr", "append_fromtag", 1)<br></div><div><br></div><div>#### NAT modules<br></div><div>loadmodule "nathelper.so"<br></div><div>modparam("nathelper", "natping_interval", 60)<br></div><div>modparam("nathelper", "ping_nated_only", 1)<br></div><div>modparam("nathelper", "received_avp", "$avp(received)")<br></div><div>modparam("nathelper", "sipping_from", "sip:nat-alive@mid_registrar")<br></div><div><br></div><div>### Mediaproxy<br></div><div>loadmodule "mediaproxy.so"<br></div><div>modparam("mediaproxy", "media_relay_avp", "$avp(media_relay)")<br></div><div><br></div><div>#### UDP protocol<br></div><div>loadmodule "proto_udp.so"<br></div><div><br></div><div>####### Routing Logic ########<br></div><div><br></div><div># main request routing logic<br></div><div><br></div><div>route{<br></div><div> if (!mf_process_maxfwd_header("10")) {<br></div><div> sl_send_reply("483","Too Many Hops");<br></div><div> exit;<br></div><div> }<br></div><div><br></div><div> if ( nat_uac_test("31")) {<br></div><div> if ( is_method("REGISTER")) {<br></div><div> fix_nated_register() ;<br></div><div> } else {<br></div><div> fix_nated_contact() ;<br></div><div> }<br></div><div> force_rport() ;<br></div><div> setbflag(NAT);<br></div><div> xlog("L_INFO", "[LOG] NATed. [rm:$rm] [fu:$fu] [ou:$ou] [ru:$ru] [si:$si]");<br></div><div> }<br></div><div><br></div><div> if (has_totag()) {<br></div><div> # sequential requests within a dialog should<br></div><div> # take the path determined by record-routing<br></div><div> if (loose_route()) {<br></div><div> if (is_method("BYE")) {<br></div><div> # do accunting, even if the transaction fails<br></div><div> if (isbflagset(NAT)) {<br></div><div> end_media_session();<br></div><div> }<br></div><div><br></div><div> do_accounting("log","failed");<br></div><div> xlog("L_INFO", "[LOG] BYE. [rm:$rm] [fu:$fu] [ou:$ou] [ru:$ru] [si:$si]");<br></div><div> } else if (is_method("INVITE")) {<br></div><div> # even if in most of the cases is useless, do RR for<br></div><div> # re-INVITEs alos, as some buggy clients do change route set<br></div><div> # during the dialog.<br></div><div> xlog("L_INFO", "[LOG] INVITE. [rm:$rm] [fu:$fu] [ou:$ou] [ru:$ru] [si:$si]");<br></div><div> record_route();<br></div><div> }<br></div><div><br></div><div> # route it out to whatever destination was set by loose_route()<br></div><div> # in $du (destination URI).<br></div><div> route(relay);<br></div><div> } else {<br></div><div> if ( is_method("ACK") ) {<br></div><div> if ( t_check_trans() ) {<br></div><div> # non loose-route, but stateful ACK; must be an ACK after<br></div><div> # a 487 or e.g. 404 from upstream server<br></div><div> xlog("L_INFO", "[LOG] ACK. [rm:$rm] [fu:$fu] [ou:$ou] [ru:$ru] [si:$si]");<br></div><div> t_relay();<br></div><div> exit;<br></div><div> } else {<br></div><div> # ACK without matching transaction -><br></div><div> # ignore and discard<br></div><div> xlog("L_INFO", "[LOG] ACK. not match [rm:$rm] [fu:$fu] [ou:$ou] [ru:$ru] [si:$si]");<br></div><div> exit;<br></div><div> }<br></div><div> }<br></div><div> xlog("L_INFO", "[LOG] BAD REQUEST. [rm:$rm] [fu:$fu] [ou:$ou] [ru:$ru] [si:$si]");<br></div><div> sl_send_reply("404","Not here");<br></div><div> }<br></div><div> exit;<br></div><div> }<br></div><div><br></div><div> # CANCEL processing<br></div><div> if (is_method("CANCEL"))<br></div><div> {<br></div><div> if (t_check_trans())<br></div><div> t_relay();<br></div><div> exit;<br></div><div> }<br></div><div><br></div><div> t_check_trans();<br></div><div><br></div><div> if (is_method("REGISTER")) {<br></div><div> xlog("L_INFO", "[LOG] REGISTER [rm:$rm] [fu:$fu] [ou:$ou] [ru:$ru] [si:$si]");<br></div><div> mid_registrar_save("location","v"); #,"$avp(received)");<br></div><div> switch ($retcode) {<br></div><div> case 1:<br></div><div> $ru = "sip:fusion.pbx:5060";<br></div><div><br></div><div> t_relay();<br></div><div> break;<br></div><div> case 2:<br></div><div> xlog("L_INFO", "[LOG] absorbing REGISTER! ($$ci=$ci)\n");<br></div><div> break;<br></div><div> default:<br></div><div> xlog("L_INFO", "[LOG] failed to save registration! ($$ci=$ci)\n");<br></div><div> }<br></div><div><br></div><div> exit;<br></div><div> }<br></div><div><br></div><div> if ( is_method("INVITE|MESSAGE|CANCEL|BYE|NOTIFY") && ($si != "fusion.ip.add.ress" || $sp != 5060) ) {<br></div><div> $ru = "sip:fusion.pbx:5060";<br></div><div> xlog("L_INFO", "[LOG] relay to $avp(new_to_user) from $avp(new_from_user)\n");<br></div><div> }<br></div><div><br></div><div> # preloaded route checking<br></div><div> if (loose_route()) {<br></div><div> xlog("L_ERR", "[LOG] Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");<br></div><div> if (!is_method("ACK"))<br></div><div> sl_send_reply("403","Preload Route denied");<br></div><div> exit;<br></div><div> }<br></div><div><br></div><div> # record routing<br></div><div> if (!is_method("REGISTER|MESSAGE|NOTIFY"))<br></div><div> record_route();<br></div><div><br></div><div> # account only INVITEs<br></div><div> if (is_method("INVITE")) {<br></div><div> do_accounting("log");<br></div><div> }<br></div><div><br></div><div> if (!is_myself("$rd")) {<br></div><div> append_hf("P-hint: outbound\r\n");<br></div><div> route(relay);<br></div><div> }<br></div><div><br></div><div> # requests for my domain<br></div><div> if (is_method("PUBLISH|SUBSCRIBE"))<br></div><div> {<br></div><div> sl_send_reply("503", "Service Unavailable");<br></div><div> exit;<br></div><div> }<br></div><div><br></div><div> if ($rU==NULL) {<br></div><div> # request with no Username in RURI<br></div><div> sl_send_reply("484","Address Incomplete");<br></div><div> exit;<br></div><div> }<br></div><div><br></div><div> # initial requests from main registrar, need to look them up!<br></div><div> # $si = ip.<br></div><div> if (is_method("INVITE|MESSAGE") && $si == "fusion.ip.add.ress" && $sp == 5060) {<br></div><div> xlog("L_INFO", "[LOG] INVITE|MESSAGE Received. looking up $ru!\n");<br></div><div> if (!mid_registrar_lookup("location")) {<br></div><div> xlog("L_ERR", "[LOG] Cannot find $ru!\n");<br></div><div> t_reply("404", "Not Found");<br></div><div> exit;<br></div><div> }<br></div><div><br></div><div> t_relay();<br></div><div> exit;<br></div><div> }<br></div><div><br></div><div> # when routing via usrloc, log the missed calls also<br></div><div> do_accounting("log","missed");<br></div><div> route(relay);<br></div><div>}<br></div><div><br></div><div><br></div><div>route[relay] {<br></div><div> # for INVITEs enable some additional helper routes<br></div><div> if (is_method("INVITE")) {<br></div><div> if ( isbflagset(NAT)) {<br></div><div> if ( has_body("application/sdp")) {<br></div><div> xlog("L_INFO", "[LOG] using media proxy");<br></div><div> use_media_proxy();<br></div><div> }<br></div><div> }<br></div><div> t_on_branch("per_branch_ops");<br></div><div> t_on_reply("handle_nat");<br></div><div> t_on_failure("missed_call");<br></div><div> }<br></div><div><br></div><div> if (isbflagset(NAT)) {<br></div><div> add_rr_param(";nat=yes");<br></div><div> }<br></div><div><br></div><div> if (!t_relay()) {<br></div><div> send_reply("500","Internal Error");<br></div><div> };<br></div><div> exit;<br></div><div>}<br></div><div><br></div><div>branch_route[per_branch_ops] {<br></div><div><br></div><div> xlog("L_INFO", "[LOG] new branch at $ru\n");<br></div><div>}<br></div><div><br></div><div><br></div><div>onreply_route[handle_nat] {<br></div><div> xlog("L_INFO", "[LOG] (handle_nat) incoming reply\n");<br></div><div> if ( nat_uac_test("1")) {<br></div><div> fix_nated_contact() ;<br></div><div> }<br></div><div> if ( isbflagset(NAT)) {<br></div><div> if ( has_body("application/sdp")) {<br></div><div> use_media_proxy();<br></div><div> }<br></div><div> }<br></div><div> if ( is_method("INVITE")) {<br></div><div> xlog("L_INFO", "[LOG] re-INVITE. [rm:$rm] [fu:$fu] [ou:$ou] [ru:$ru] [si:$si]\n");<br></div><div> }<br></div><div>}<br></div><div><br></div><div><br></div><div>failure_route[missed_call] {<br></div><div> if (t_was_cancelled()) {<br></div><div> exit;<br></div><div> }<br></div><div><br></div><div> # uncomment the following lines if you want to block client<br></div><div> # redirect based on 3xx replies.<br></div><div> ##if (t_check_status("3[0-9][0-9]")) {<br></div><div> ##t_reply("404","Not found");<br></div><div> ## exit;<br></div><div> ##}<br></div><div><br></div><div>}<br></div><div>====</div><div style="outline: none; box-sizing: border-box; user-select: text !important; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); -webkit-user-drag: none;"><br></div> </body>
</html>