NAT problem

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

NAT problem

Juan Backson
Hi,

I am having problem with configuring opensips to work with NATed clients.  In my configuration, I am using a B2BUA and Opensips as the sip proxy. 

The problem I am having is that when the B2BUA(233.32.345.5:5800) sends out 200 OK, Opensips (192.168.1.101:5060)is able to proxy it to the NATed client ( 116.24.163.21:2751), but the NATed client is not sending back any ACK, so the B2BUA hangs up after 30 second. 

Could someone give me any suggestion on what may be wrong in my config?

Thanks in advance for all the help.


U 233.32.345.5:5800 -> 192.168.1.101:5060
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 192.168.1.101;branch=z9hG4bK3ab5.9b17c4a1.0;received=233.32.345.5.
Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.
Record-Route: <sip:192.168.1.101;lr=on;ftag=b81a6b5e;nat=yes>.
From: "1000" <sip:1000@233.32.345.5:5060>;tag=b81a6b5e.
To: "0" <sip:0@233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
CSeq: 2 INVITE.
Contact: <sip:mod_sofia@233.32.345.5:5800;transport=udp>.
User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY, REFER, UPDATE, REGISTER, INFO.
Supported: timer, precondition, path, replaces.
Allow-Events: talk.
Session-Expires: 120;refresher=uas.
Min-SE: 120.
Content-Type: application/sdp.
Content-Disposition: session.
Content-Length: 269.
.
v=0.
o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.
s=FreeSWITCH.
c=IN IP4 233.32.345.5.
t=0 0.
m=audio 10272 RTP/AVP 0 101.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=silenceSupp:off - - - -.
a=ptime:20.


U 192.168.1.101:5060 -> 116.24.163.21:2751
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.
Record-Route: <sip:192.168.1.101;lr=on;ftag=b81a6b5e;nat=yes>.
From: "1000" <sip:1000@233.32.345.5:5060>;tag=b81a6b5e.
To: "0" <sip:0@233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
CSeq: 2 INVITE.
Contact: <sip:mod_sofia@233.32.345.5:5800;transport=udp>.
User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY, REFER, UPDATE, REGISTER, INFO.
Supported: timer, precondition, path, replaces.
Allow-Events: talk.
Session-Expires: 120;refresher=uas.
Min-SE: 120.
Content-Type: application/sdp.
Content-Disposition: session.
Content-Length: 269.
.
v=0.
o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.
s=FreeSWITCH.
c=IN IP4 233.32.345.5.
t=0 0.
m=audio 10272 RTP/AVP 0 101.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=silenceSupp:off - - - -.
a=ptime:20.


U 192.168.1.101:5800 -> 233.32.345.5:5060
BYE sip:1000@116.24.163.21:2751 SIP/2.0.
Via: SIP/2.0/UDP 233.32.345.5:5800;rport;branch=z9hG4bK01H0jSevQ2Nmc.
Route: <sip:192.168.1.101;lr=on;ftag=b81a6b5e;nat=yes>.
Max-Forwards: 70.
From: "0" <sip:0@233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
To: "1000" <sip:1000@233.32.345.5:5060>;tag=b81a6b5e.
Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
CSeq: 107702524 BYE.
Contact: <sip:mod_sofia@233.32.345.5:5800;transport=udp>.
User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY, REFER, UPDATE, REGISTER, INFO.
Supported: timer, precondition, path, replaces.
Reason: SIP;cause=408;text="ACK Timeout".
Content-Length: 0.
.




#
# $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
#
#simple quick-start config script
#Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php
#for a explanation of possible statements, functions and parameters.
#
# ----------- global configuration parameters ------------------------
debug=3            # debug level (cmd line: -dddddddddd)
fork=no
log_stderror=yes    # (cmd line: -E)
children=4
port=5060
mpath="/usr/local/lib64/opensips/modules/"
loadmodule "db_mysql.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"
loadmodule "uri.so"
loadmodule "uri_db.so"
loadmodule "domain.so"
loadmodule "xlog.so"
loadmodule "permissions.so"
loadmodule "auth.so"
loadmodule "auth_db.so"
loadmodule "dispatcher.so"
loadmodule "nathelper.so"
loadmodule "mediaproxy.so"



 





modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
modparam("usrloc", "db_mode", 2)

 
 
modparam("rr", "enable_full_lr", 1)
 
modparam("auth_db|usrloc|domain|uri_db|permissions|dispatcher","db_url","mysql://root:sqlpass@192.168.1.105/app")
modparam("auth_db","calculate_ha1",yes)
modparam("auth_db","password_column","password")
modparam("auth_db","user_column","sip_user")
modparam("auth_db","load_credentials","agent_id")
 
modparam("uri_db","db_table","agent")
modparam("uri_db","user_column","sip_user")
modparam("uri_db","use_uri_table",0)
modparam("auth_db","use_domain",0)
 
modparam("permissions", "db_mode", 1)
modparam("permissions", "trusted_table", "server")
modparam("permissions","source_col","server_ip")
modparam("permissions","proto_col","transport")
modparam("permissions","from_col","from_pattern")
modparam("permissions","tag_col","peer_tag")
 
modparam("dispatcher","table_name","dispatcher")
modparam("dispatcher","setid_col","setid")
modparam("dispatcher","destination_col","destination")
modparam("dispatcher","flags_col","flags")
modparam("dispatcher","flags",3)
 
modparam("auth_db","load_credentials","enable")


modparam("nathelper","received_avp", "$avp(i:42)")

modparam("nathelper","received_avp", "$avp(i:42)")
modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7890")
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 0)
modparam("nathelper", "sipping_bflag", 7)
modparam("nathelper", "sipping_from", "[hidden email]")


 
listen=udp:192.168.1.101:5060
listen=tcp:192.168.1.101:5060
listen=udp:233.32.345.5:5060
listen=tcp:233.32.345.5:5060
 
 
# -------------------------    request routing logic -------------------
# main routing logic
route{
 
xlog("method <$rm> from-header <$fu>\n");
         # initial sanity checks -- messages with
         # max_forwards==0, or excessively long requests
         if (!mf_process_maxfwd_header("10")) {
                 sl_send_reply("483","Too Many Hops");
                 exit;
         };
         if (msg:len >= 2048 ) {
                 sl_send_reply("513", "Message too big");
                 exit;
         };
         # we record-route all messages -- to make sure that
         # subsequent messages will go through our proxy; that's
         # particularly good if upstream and downstream entities
         # use different transport protocol
 

    ## NAT Detection  
        #
        force_rport();
        if (nat_uac_test("19")) {
            if (method=="REGISTER") {
                    fix_nated_register();
            } else {
                fix_nated_contact();
            };
            setflag(5);
        };
    

    if(!is_method("REGISTER")){
           if(nat_uac_test("19")){
              record_route(";nat=yes");
           } else {
              record_route();
           };
    };
 

 
         if (has_totag()) {
              if (loose_route()) {

                      if(method=="INVITE" && (!allow_trusted())) {
                               if (!proxy_authorize("","auth")) {
 
                                   proxy_challenge("","0");
                                   exit;
                           } else if (!check_from()) {
 
                           sl_send_reply("403", "Forbidden, use From=ID");
                               exit;
                          };
                
                if ($avp(s:enable)=="0") {
                    sl_send_reply("403", "Forbidden, use From=ID");
 
                                        exit;
 
 
                }
                      };
 
                      route(1);
          } else {
                 sl_send_reply("404","Not here");
          }
        route(1);
          exit;
    }
 
 
 
 
         if (is_method("CANCEL")) {
            if (t_check_trans())  
            t_relay();
            exit;
    }
    if (method=="REGISTER") {
             route(2);
    } else {
             route(3);
    };
 
}
route[1] {


        # send it out now; use stateful forwarding as it works
        # reliably even for UDP2TCP
 
    t_on_reply("1");
    t_on_failure("1");
 
        if (!t_relay()) {
                sl_reply_error();
        };
        exit;
}
 
route[2] {
        #
        # -- Register request handler --
        #
        if (is_uri_host_local()) {
 
                if (!www_authorize("", "auth")) {
            
 
                      www_challenge("", "0");
 
                        exit;

                };
                
                if (!check_to()) {
 
                        sl_send_reply("403", "Forbidden");
                        exit;
                };

         if ($avp(s:enable)=="0") {
                                        sl_send_reply("403", "Forbidden, use From=ID");
 
                                        exit;
                  }
    
                save("location");
                exit;
        } else if {
                                
        sl_send_reply("403", "Forbidden");
        };
}
 
route[3] {

 
        if (is_from_local()){
            # From an internal domain -> check the credentials and the FROM
 
                if (!proxy_authorize("","auth")) {
                        proxy_challenge("","0");
 
                        exit;
                } else if (!check_from()) {
            
                    sl_send_reply("403", "Forbidden, use From=ID");
                        exit;
                };
 
                consume_credentials();
                # Verify aliases
 
                if (is_uri_host_local()) {
                        # -- Inbound to Inbound
                    route(10);
               } else {
                    # -- Inbound to outbound
                    route(11);
               };
      } else {
           
           if (is_uri_host_local()) {
              #-- Outbound to inbound
              route(12);
           } else {
              # -- Outbound to outbound
              route(13);
           };
      };
}
 
 
route[4] {
    revert_uri();
          rewritehostport("233.32.345.5:5800");
    route(1);




}
 


route[6] {
    if (is_method("BYE")) {
        
    } else if ((is_method("INVITE"))){
        
    append_hf("P-hint: Route[6]: Rtpproxy \r\n");
     t_on_failure("3");
    };
 }
 
 
route[10] {
     append_hf("P-hint: inbound->inbound \r\n");
     route(4);
 
}
route[11] {
     append_hf("P-hint: inbound->outbound \r\n");
     route(1);
}
route[12] {
     lookup("aliases");
     if (!lookup("location")) {
          sl_send_reply("404", "Not Found");
          exit;
     };
     route(1);
}
route[13] {
     append_hf("P-hint: outbound->inbound \r\n");
     sl_send_reply("403", "Forbidden");
     exit;
}
 
 
onreply_route[1] {
    xlog("L_INFO", "Reply - S=$rs D=$rr F=$fu T=$tu IP=$si ID=$ci\n");
        search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
    fix_nated_contact();
    exit;

 
}
failure_route[1] {
   append_hf("P-hint: (4)passed thru failure_route[1]\r\n");






       if (t_was_cancelled()) {
            exit;
    };
    if (t_check_status("486")) {
           revert_uri();
              prefix("b");
              xlog("L_ERR","Stepped into the 486 ruri=<$ru>");
             #ds_select_dst("2", "4");
        rewritehostport("233.32.345.5:5800");
        append_branch();
             route(1);
               exit;
    };
    if (t_check_status("408") || t_check_status("480")) {
           revert_uri();
           prefix("u");
           xlog("L_ERR","Stepped into the 480 ruri=<$ru>");
           #ds_select_dst("2", "4");
        rewritehostport("233.32.345.5:5800");    
        append_branch();
           route(1);
           exit;
    };
 
 
 
    }


failure_route[3] {
    if (isbflagset(6) || isflagset(5)) {
 
    }
 
}


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: NAT problem

Bogdan-Andrei Iancu
Hi Juan,

I need to see the request part also to figure out if the flow through
the NAT is ok or not.

As a side note - could you check if the device behind the nat is
actually receiving the 200 OK?. Because a typical reason for a missing
ACK is  a missing 200 OK.

Another question - the device placing the call (from behind the nat) is
registered or not? what is the estimated setup time in this case (time
between invite and 200 OK) ?

Regards,
Bogdan

Juan Backson wrote:

> Hi,
>
> I am having problem with configuring opensips to work with NATed
> clients.  In my configuration, I am using a B2BUA and Opensips as the
> sip proxy.
>
> The problem I am having is that when the B2BUA(233.32.345.5:5800)
> sends out 200 OK, Opensips (192.168.1.101:5060)is able to proxy it to
> the NATed client ( 116.24.163.21:2751 <http://116.24.163.21:2751>),
> but the NATed client is not sending back any ACK, so the B2BUA hangs
> up after 30 second.
>
> Could someone give me any suggestion on what may be wrong in my config?
>
> Thanks in advance for all the help.
>
>
> U 233.32.345.5:5800 -> 192.168.1.101:5060 <http://192.168.1.101:5060>
> SIP/2.0 200 OK.
> Via: SIP/2.0/UDP 192.168.1.101
> <http://192.168.1.101>;branch=z9hG4bK3ab5.9b17c4a1.0;received=233.32.345.5.
> Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21
> <http://116.24.163.21>;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.
> Record-Route: <sip:192.168.1.101
> <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.
> From: "1000" <sip:1000@233.32.345.5:5060>;tag=b81a6b5e.
> To: "0" <sip:0@233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
> Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
> CSeq: 2 INVITE.
> Contact: <sip:mod_sofia@233.32.345.5:5800;transport=udp>.
> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE,
> NOTIFY, REFER, UPDATE, REGISTER, INFO.
> Supported: timer, precondition, path, replaces.
> Allow-Events: talk.
> Session-Expires: 120;refresher=uas.
> Min-SE: 120.
> Content-Type: application/sdp.
> Content-Disposition: session.
> Content-Length: 269.
> .
> v=0.
> o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.
> s=FreeSWITCH.
> c=IN IP4 233.32.345.5.
> t=0 0.
> m=audio 10272 RTP/AVP 0 101.
> a=rtpmap:0 PCMU/8000.
> a=rtpmap:101 telephone-event/8000.
> a=fmtp:101 0-16.
> a=silenceSupp:off - - - -.
> a=ptime:20.
>
>
> U 192.168.1.101:5060 <http://192.168.1.101:5060> -> 116.24.163.21:2751
> <http://116.24.163.21:2751>
> SIP/2.0 200 OK.
> Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21
> <http://116.24.163.21>;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.
> Record-Route: <sip:192.168.1.101
> <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.
> From: "1000" <sip:1000@233.32.345.5:5060>;tag=b81a6b5e.
> To: "0" <sip:0@233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
> Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
> CSeq: 2 INVITE.
> Contact: <sip:mod_sofia@233.32.345.5:5800;transport=udp>.
> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE,
> NOTIFY, REFER, UPDATE, REGISTER, INFO.
> Supported: timer, precondition, path, replaces.
> Allow-Events: talk.
> Session-Expires: 120;refresher=uas.
> Min-SE: 120.
> Content-Type: application/sdp.
> Content-Disposition: session.
> Content-Length: 269.
> .
> v=0.
> o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.
> s=FreeSWITCH.
> c=IN IP4 233.32.345.5.
> t=0 0.
> m=audio 10272 RTP/AVP 0 101.
> a=rtpmap:0 PCMU/8000.
> a=rtpmap:101 telephone-event/8000.
> a=fmtp:101 0-16.
> a=silenceSupp:off - - - -.
> a=ptime:20.
>
>
> U 192.168.1.101:5800 <http://192.168.1.101:5800> -> 233.32.345.5:5060
> BYE sip:1000@116.24.163.21:2751 <http://sip:1000@116.24.163.21:2751>
> SIP/2.0.
> Via: SIP/2.0/UDP 233.32.345.5:5800;rport;branch=z9hG4bK01H0jSevQ2Nmc.
> Route: <sip:192.168.1.101
> <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.
> Max-Forwards: 70.
> From: "0" <sip:0@233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
> To: "1000" <sip:1000@233.32.345.5:5060>;tag=b81a6b5e.
> Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
> CSeq: 107702524 BYE.
> Contact: <sip:mod_sofia@233.32.345.5:5800;transport=udp>.
> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE,
> NOTIFY, REFER, UPDATE, REGISTER, INFO.
> Supported: timer, precondition, path, replaces.
> Reason: SIP;cause=408;text="ACK Timeout".
> Content-Length: 0.
> .
>
>
>
>
> #
> # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
> #
> #simple quick-start config script
> #Please refer to the Core CookBook at
> http://www.openser.org/dokuwiki/doku.php
> #for a explanation of possible statements, functions and parameters.
> #
> # ----------- global configuration parameters ------------------------
> debug=3            # debug level (cmd line: -dddddddddd)
> fork=no
> log_stderror=yes    # (cmd line: -E)
> children=4
> port=5060
> mpath="/usr/local/lib64/opensips/modules/"
> loadmodule "db_mysql.so"
> loadmodule "sl.so"
> loadmodule "tm.so"
> loadmodule "rr.so"
> loadmodule "maxfwd.so"
> loadmodule "usrloc.so"
> loadmodule "registrar.so"
> loadmodule "textops.so"
> loadmodule "mi_fifo.so"
> loadmodule "uri.so"
> loadmodule "uri_db.so"
> loadmodule "domain.so"
> loadmodule "xlog.so"
> loadmodule "permissions.so"
> loadmodule "auth.so"
> loadmodule "auth_db.so"
> loadmodule "dispatcher.so"
> loadmodule "nathelper.so"
> loadmodule "mediaproxy.so"
>
>
>
>  
>
>
>
>
>
> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
> modparam("usrloc", "db_mode", 2)
>
>  
>  
> modparam("rr", "enable_full_lr", 1)
>  
> modparam("auth_db|usrloc|domain|uri_db|permissions|dispatcher","db_url","mysql://root:sqlpass@192.168.1.105/app
> <http://root:sqlpass@192.168.1.105/app>")
> modparam("auth_db","calculate_ha1",yes)
> modparam("auth_db","password_column","password")
> modparam("auth_db","user_column","sip_user")
> modparam("auth_db","load_credentials","agent_id")
>  
> modparam("uri_db","db_table","agent")
> modparam("uri_db","user_column","sip_user")
> modparam("uri_db","use_uri_table",0)
> modparam("auth_db","use_domain",0)
>  
> modparam("permissions", "db_mode", 1)
> modparam("permissions", "trusted_table", "server")
> modparam("permissions","source_col","server_ip")
> modparam("permissions","proto_col","transport")
> modparam("permissions","from_col","from_pattern")
> modparam("permissions","tag_col","peer_tag")
>  
> modparam("dispatcher","table_name","dispatcher")
> modparam("dispatcher","setid_col","setid")
> modparam("dispatcher","destination_col","destination")
> modparam("dispatcher","flags_col","flags")
> modparam("dispatcher","flags",3)
>  
> modparam("auth_db","load_credentials","enable")
>
>
> modparam("nathelper","received_avp", "$avp(i:42)")
>
> modparam("nathelper","received_avp", "$avp(i:42)")
> modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7890
> <http://127.0.0.1:7890>")
> modparam("nathelper", "natping_interval", 30)
> modparam("nathelper", "ping_nated_only", 0)
> modparam("nathelper", "sipping_bflag", 7)
> modparam("nathelper", "sipping_from", "sip:pinger@8.8.1.20
> <mailto:sip%3Apinger@8.8.1.20>")
>
>
>  
> listen=udp:192.168.1.101:5060 <http://192.168.1.101:5060>
> listen=tcp:192.168.1.101:5060 <http://192.168.1.101:5060>
> listen=udp:233.32.345.5:5060
> listen=tcp:233.32.345.5:5060
>  
>  
> # -------------------------    request routing logic -------------------
> # main routing logic
> route{
>  
> xlog("method <$rm> from-header <$fu>\n");
>          # initial sanity checks -- messages with
>          # max_forwards==0, or excessively long requests
>          if (!mf_process_maxfwd_header("10")) {
>                  sl_send_reply("483","Too Many Hops");
>                  exit;
>          };
>          if (msg:len >= 2048 ) {
>                  sl_send_reply("513", "Message too big");
>                  exit;
>          };
>          # we record-route all messages -- to make sure that
>          # subsequent messages will go through our proxy; that's
>          # particularly good if upstream and downstream entities
>          # use different transport protocol
>  
>
>     ## NAT Detection  
>         #
>         force_rport();
>         if (nat_uac_test("19")) {
>             if (method=="REGISTER") {
>                     fix_nated_register();
>             } else {
>                 fix_nated_contact();
>             };
>             setflag(5);
>         };
>    
>
>     if(!is_method("REGISTER")){
>            if(nat_uac_test("19")){
>               record_route(";nat=yes");
>            } else {
>               record_route();
>            };
>     };
>  
>
>  
>          if (has_totag()) {
>               if (loose_route()) {
>
>                       if(method=="INVITE" && (!allow_trusted())) {
>                                if (!proxy_authorize("","auth")) {
>  
>                                    proxy_challenge("","0");
>                                    exit;
>                            } else if (!check_from()) {
>  
>                            sl_send_reply("403", "Forbidden, use
> From=ID");
>                                exit;
>                           };
>                
>                 if ($avp(s:enable)=="0") {
>                     sl_send_reply("403", "Forbidden, use From=ID");
>  
>                                         exit;
>  
>  
>                 }
>                       };
>  
>                       route(1);
>           } else {
>                  sl_send_reply("404","Not here");
>           }
>         route(1);
>           exit;
>     }
>  
>  
>  
>  
>          if (is_method("CANCEL")) {
>             if (t_check_trans())  
>             t_relay();
>             exit;
>     }
>     if (method=="REGISTER") {
>              route(2);
>     } else {
>              route(3);
>     };
>  
> }
> route[1] {
>
>
>         # send it out now; use stateful forwarding as it works
>         # reliably even for UDP2TCP
>  
>     t_on_reply("1");
>     t_on_failure("1");
>  
>         if (!t_relay()) {
>                 sl_reply_error();
>         };
>         exit;
> }
>  
> route[2] {
>         #
>         # -- Register request handler --
>         #
>         if (is_uri_host_local()) {
>  
>                 if (!www_authorize("", "auth")) {
>            
>  
>                       www_challenge("", "0");
>  
>                         exit;
>
>                 };
>                
>                 if (!check_to()) {
>  
>                         sl_send_reply("403", "Forbidden");
>                         exit;
>                 };
>
>          if ($avp(s:enable)=="0") {
>                                         sl_send_reply("403",
> "Forbidden, use From=ID");
>  
>                                         exit;
>                   }
>    
>                 save("location");
>                 exit;
>         } else if {
>                                
>         sl_send_reply("403", "Forbidden");
>         };
> }
>  
> route[3] {
>
>  
>         if (is_from_local()){
>             # From an internal domain -> check the credentials and the
> FROM
>  
>                 if (!proxy_authorize("","auth")) {
>                         proxy_challenge("","0");
>  
>                         exit;
>                 } else if (!check_from()) {
>            
>                     sl_send_reply("403", "Forbidden, use From=ID");
>                         exit;
>                 };
>  
>                 consume_credentials();
>                 # Verify aliases
>  
>                 if (is_uri_host_local()) {
>                         # -- Inbound to Inbound
>                     route(10);
>                } else {
>                     # -- Inbound to outbound
>                     route(11);
>                };
>       } else {
>            
>            if (is_uri_host_local()) {
>               #-- Outbound to inbound
>               route(12);
>            } else {
>               # -- Outbound to outbound
>               route(13);
>            };
>       };
> }
>  
>  
> route[4] {
>     revert_uri();
>           rewritehostport("233.32.345.5:5800");
>     route(1);
>
>
>
>
> }
>  
>
>
> route[6] {
>     if (is_method("BYE")) {
>        
>     } else if ((is_method("INVITE"))){
>        
>     append_hf("P-hint: Route[6]: Rtpproxy \r\n");
>      t_on_failure("3");
>     };
>  }
>  
>  
> route[10] {
>      append_hf("P-hint: inbound->inbound \r\n");
>      route(4);
>  
> }
> route[11] {
>      append_hf("P-hint: inbound->outbound \r\n");
>      route(1);
> }
> route[12] {
>      lookup("aliases");
>      if (!lookup("location")) {
>           sl_send_reply("404", "Not Found");
>           exit;
>      };
>      route(1);
> }
> route[13] {
>      append_hf("P-hint: outbound->inbound \r\n");
>      sl_send_reply("403", "Forbidden");
>      exit;
> }
>  
>  
> onreply_route[1] {
>     xlog("L_INFO", "Reply - S=$rs D=$rr F=$fu T=$tu IP=$si ID=$ci\n");
>         search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
>     fix_nated_contact();
>     exit;
>
>  
> }
> failure_route[1] {
>    append_hf("P-hint: (4)passed thru failure_route[1]\r\n");
>
>
>
>
>
>
>        if (t_was_cancelled()) {
>             exit;
>     };
>     if (t_check_status("486")) {
>            revert_uri();
>               prefix("b");
>               xlog("L_ERR","Stepped into the 486 ruri=<$ru>");
>              #ds_select_dst("2", "4");
>         rewritehostport("233.32.345.5:5800");
>         append_branch();
>              route(1);
>                exit;
>     };
>     if (t_check_status("408") || t_check_status("480")) {
>            revert_uri();
>            prefix("u");
>            xlog("L_ERR","Stepped into the 480 ruri=<$ru>");
>            #ds_select_dst("2", "4");
>         rewritehostport("233.32.345.5:5800");    
>         append_branch();
>            route(1);
>            exit;
>     };
>  
>  
>  
>     }
>
>
> failure_route[3] {
>     if (isbflagset(6) || isflagset(5)) {
>  
>     }
>  
> }
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>  


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: NAT problem

Juan Backson
Hi Bogdan
 
Thank you for your help.
 
The nated client does register to opensips.  It is set to register every 3600 sec, min time  is 20 s and max time is 1800 s.  It is default xLite setting.
 
Here is the 200OK I captured from my nated client box:
 
!'DVVEGTeEd=3SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.1.101;branch=z9hG4bKbf91.9b9bad57.0;received=233.32.345.5
Via: SIP/2.0/UDP 233.32.345.5:5800;received=233.32.345.5;rport=5800;branch=z9hG4bKNj4y6pUrS49FF
Record-Route: <sip:192.168.1.101;lr;ftag=UD1K6e2FpUgNj>
Contact: <sip:1000@192.168.1.100:33756>
To: "1000"<sip:1000@233.32.345.5:5060>;tag=194ddb10
From: "0"<sip:0@233.32.345.5:5060>;tag=UD1K6e2FpUgNj
Call-ID: MGUzMzZjNGNhNGM3MzY4ZDVjMjg3M2I2OGI2OTc0OWE.
CSeq: 107790129 BYE
User-Agent: X-Lite release 1011s stamp 41150
Content-Length: 0
 
Here is the INVITE request:
 
!'DVVEMKd=*INVITE sip:0@233.32.345.5:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.100:33756;branch=z9hG4bK-d87543-8e2c20026843651b-1--d87543-;rport
Max-Forwards: 70
Contact: <sip:1000@192.168.1.100:33756>
To: "0"<sip:0@233.32.345.5:5060>
From: "1000"<sip:1000@233.32.345.5:5060>;tag=194ddb10
Call-ID: MGUzMzZjNGNhNGM3MzY4ZDVjMjg3M2I2OGI2OTc0OWE.
CSeq: 1 INVITE
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
Content-Type: application/sdp
User-Agent: X-Lite release 1011s stamp 41150
Content-Length: 423
v=0
o=- 9 2 IN IP4 192.168.1.100
s=CounterPath X-Lite 3.0
c=IN IP4 192.168.1.100
t=0 0
m=audio 26258 RTP/AVP 107 119 100 106 0 105 98 8 101
a=alt:1 1 : LGfU4oal SL5N8UZJ 192.168.1.100 26258
a=fmtp:101 0-15
a=rtpmap:107 BV32/16000
a=rtpmap:119 BV32-FEC/16000
a=rtpmap:100 SPEEX/16000
a=rtpmap:106 SPEEX-FEC/16000
a=rtpmap:105 SPEEX-FEC/8000
a=rtpmap:98 iLBC/8000
a=rtpmap:101 telephone-event/8000
a=sendrecv
 
 


 
On Thu, Nov 27, 2008 at 1:53 AM, Bogdan-Andrei Iancu <[hidden email]> wrote:
Hi Juan,

I need to see the request part also to figure out if the flow through the NAT is ok or not.

As a side note - could you check if the device behind the nat is actually receiving the 200 OK?. Because a typical reason for a missing ACK is  a missing 200 OK.

Another question - the device placing the call (from behind the nat) is registered or not? what is the estimated setup time in this case (time between invite and 200 OK) ?

Regards,
Bogdan

Juan Backson wrote:
Hi,

I am having problem with configuring opensips to work with NATed clients.  In my configuration, I am using a B2BUA and Opensips as the sip proxy.
The problem I am having is that when the B2BUA(233.32.345.5:5800) sends out 200 OK, Opensips (192.168.1.101:5060)is able to proxy it to the NATed client ( 116.24.163.21:2751 <http://116.24.163.21:2751>), but the NATed client is not sending back any ACK, so the B2BUA hangs up after 30 second.
Could someone give me any suggestion on what may be wrong in my config?

Thanks in advance for all the help.


U 233.32.345.5:5800 -> 192.168.1.101:5060 <http://192.168.1.101:5060>

SIP/2.0 200 OK.
Via: SIP/2.0/UDP 192.168.1.101 <http://192.168.1.101>;branch=z9hG4bK3ab5.9b17c4a1.0;received=233.32.345.5.
Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21 <http://116.24.163.21>;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.
Record-Route: <sip:192.168.1.101 <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.

From: "1000" <sip:1000@233.32.345.5:5060>;tag=b81a6b5e.
To: "0" <sip:0@233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
CSeq: 2 INVITE.
Contact: <sip:mod_sofia@233.32.345.5:5800;transport=udp>.
User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY, REFER, UPDATE, REGISTER, INFO.
Supported: timer, precondition, path, replaces.
Allow-Events: talk.
Session-Expires: 120;refresher=uas.
Min-SE: 120.
Content-Type: application/sdp.
Content-Disposition: session.
Content-Length: 269.
.
v=0.
o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.
s=FreeSWITCH.
c=IN IP4 233.32.345.5.
t=0 0.
m=audio 10272 RTP/AVP 0 101.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=silenceSupp:off - - - -.
a=ptime:20.


U 192.168.1.101:5060 <http://192.168.1.101:5060> -> 116.24.163.21:2751 <http://116.24.163.21:2751>

SIP/2.0 200 OK.
Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21 <http://116.24.163.21>;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.
Record-Route: <sip:192.168.1.101 <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.

From: "1000" <sip:1000@233.32.345.5:5060>;tag=b81a6b5e.
To: "0" <sip:0@233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
CSeq: 2 INVITE.
Contact: <sip:mod_sofia@233.32.345.5:5800;transport=udp>.
User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY, REFER, UPDATE, REGISTER, INFO.
Supported: timer, precondition, path, replaces.
Allow-Events: talk.
Session-Expires: 120;refresher=uas.
Min-SE: 120.
Content-Type: application/sdp.
Content-Disposition: session.
Content-Length: 269.
.
v=0.
o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.
s=FreeSWITCH.
c=IN IP4 233.32.345.5.
t=0 0.
m=audio 10272 RTP/AVP 0 101.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=silenceSupp:off - - - -.
a=ptime:20.


U 192.168.1.101:5800 <http://192.168.1.101:5800> -> 233.32.345.5:5060
BYE sip:1000@116.24.163.21:2751 <http://sip:1000@116.24.163.21:2751> SIP/2.0.

Via: SIP/2.0/UDP 233.32.345.5:5800;rport;branch=z9hG4bK01H0jSevQ2Nmc.
Route: <sip:192.168.1.101 <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.

Max-Forwards: 70.
From: "0" <sip:0@233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
To: "1000" <sip:1000@233.32.345.5:5060>;tag=b81a6b5e.
Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
CSeq: 107702524 BYE.
Contact: <sip:mod_sofia@233.32.345.5:5800;transport=udp>.
User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY, REFER, UPDATE, REGISTER, INFO.
Supported: timer, precondition, path, replaces.
Reason: SIP;cause=408;text="ACK Timeout".
Content-Length: 0.
.




#
# $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
#
#simple quick-start config script
#Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php
#for a explanation of possible statements, functions and parameters.
#
# ----------- global configuration parameters ------------------------
debug=3            # debug level (cmd line: -dddddddddd)
fork=no
log_stderror=yes    # (cmd line: -E)
children=4
port=5060
mpath="/usr/local/lib64/opensips/modules/"
loadmodule "db_mysql.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"
loadmodule "uri.so"
loadmodule "uri_db.so"
loadmodule "domain.so"
loadmodule "xlog.so"
loadmodule "permissions.so"
loadmodule "auth.so"
loadmodule "auth_db.so"
loadmodule "dispatcher.so"
loadmodule "nathelper.so"
loadmodule "mediaproxy.so"



 




modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
modparam("usrloc", "db_mode", 2)

  modparam("rr", "enable_full_lr", 1)
 modparam("auth_db|usrloc|domain|uri_db|permissions|dispatcher","db_url","mysql://root:sqlpass@192.168.1.105/app <http://root:sqlpass@192.168.1.105/app>")

modparam("auth_db","calculate_ha1",yes)
modparam("auth_db","password_column","password")
modparam("auth_db","user_column","sip_user")
modparam("auth_db","load_credentials","agent_id")
 modparam("uri_db","db_table","agent")
modparam("uri_db","user_column","sip_user")
modparam("uri_db","use_uri_table",0)
modparam("auth_db","use_domain",0)
 modparam("permissions", "db_mode", 1)
modparam("permissions", "trusted_table", "server")
modparam("permissions","source_col","server_ip")
modparam("permissions","proto_col","transport")
modparam("permissions","from_col","from_pattern")
modparam("permissions","tag_col","peer_tag")
 modparam("dispatcher","table_name","dispatcher")
modparam("dispatcher","setid_col","setid")
modparam("dispatcher","destination_col","destination")
modparam("dispatcher","flags_col","flags")
modparam("dispatcher","flags",3)
 modparam("auth_db","load_credentials","enable")


modparam("nathelper","received_avp", "$avp(i:42)")

modparam("nathelper","received_avp", "$avp(i:42)")
modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7890 <http://127.0.0.1:7890>")

modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 0)
modparam("nathelper", "sipping_bflag", 7)
modparam("nathelper", "sipping_from", "[hidden email] <mailto:[hidden email]>")


 listen=udp:192.168.1.101:5060 <http://192.168.1.101:5060>
listen=tcp:192.168.1.101:5060 <http://192.168.1.101:5060>

listen=udp:233.32.345.5:5060
listen=tcp:233.32.345.5:5060
  # -------------------------    request routing logic -------------------
# main routing logic
route{
 xlog("method <$rm> from-header <$fu>\n");
        # initial sanity checks -- messages with
        # max_forwards==0, or excessively long requests
        if (!mf_process_maxfwd_header("10")) {
                sl_send_reply("483","Too Many Hops");
                exit;
        };
        if (msg:len >= 2048 ) {
                sl_send_reply("513", "Message too big");
                exit;
        };
        # we record-route all messages -- to make sure that
        # subsequent messages will go through our proxy; that's
        # particularly good if upstream and downstream entities
        # use different transport protocol
 
   ## NAT Detection          #
       force_rport();
       if (nat_uac_test("19")) {
           if (method=="REGISTER") {
                   fix_nated_register();
           } else {
               fix_nated_contact();
           };
           setflag(5);
       };
   
   if(!is_method("REGISTER")){
          if(nat_uac_test("19")){
             record_route(";nat=yes");
          } else {
             record_route();
          };
   };
 
          if (has_totag()) {
             if (loose_route()) {

                     if(method=="INVITE" && (!allow_trusted())) {
                              if (!proxy_authorize("","auth")) {
                                    proxy_challenge("","0");
                                  exit;
                          } else if (!check_from()) {
                            sl_send_reply("403", "Forbidden, use From=ID");
                              exit;
                         };
                               if ($avp(s:enable)=="0") {
                   sl_send_reply("403", "Forbidden, use From=ID");
                                         exit;
                  }
                     };
                       route(1);
         } else {
                sl_send_reply("404","Not here");
         }
       route(1);
         exit;
   }
             if (is_method("CANCEL")) {
           if (t_check_trans())              t_relay();
           exit;
   }
   if (method=="REGISTER") {
            route(2);
   } else {
            route(3);
   };
 }
route[1] {


       # send it out now; use stateful forwarding as it works
       # reliably even for UDP2TCP
     t_on_reply("1");
   t_on_failure("1");
         if (!t_relay()) {
               sl_reply_error();
       };
       exit;
}
 route[2] {
       #
       # -- Register request handler --
       #
       if (is_uri_host_local()) {
                 if (!www_authorize("", "auth")) {
                                  www_challenge("", "0");
                         exit;

               };
                               if (!check_to()) {
                         sl_send_reply("403", "Forbidden");
                       exit;
               };

        if ($avp(s:enable)=="0") {
                                       sl_send_reply("403", "Forbidden, use From=ID");
                                         exit;
                 }
                   save("location");
               exit;
       } else if {
                                       sl_send_reply("403", "Forbidden");
       };
}
 route[3] {

         if (is_from_local()){
           # From an internal domain -> check the credentials and the FROM
                 if (!proxy_authorize("","auth")) {
                       proxy_challenge("","0");
                         exit;
               } else if (!check_from()) {
                               sl_send_reply("403", "Forbidden, use From=ID");
                       exit;
               };
                 consume_credentials();
               # Verify aliases
                 if (is_uri_host_local()) {
                       # -- Inbound to Inbound
                   route(10);
              } else {
                   # -- Inbound to outbound
                   route(11);
              };
     } else {
                    if (is_uri_host_local()) {
             #-- Outbound to inbound
             route(12);
          } else {
             # -- Outbound to outbound
             route(13);
          };
     };
}
  route[4] {
   revert_uri();
         rewritehostport("233.32.345.5:5800");
   route(1);




}
 

route[6] {
   if (is_method("BYE")) {
           } else if ((is_method("INVITE"))){
           append_hf("P-hint: Route[6]: Rtpproxy \r\n");
    t_on_failure("3");
   };
 }
  route[10] {
    append_hf("P-hint: inbound->inbound \r\n");
    route(4);
 }
route[11] {
    append_hf("P-hint: inbound->outbound \r\n");
    route(1);
}
route[12] {
    lookup("aliases");
    if (!lookup("location")) {
         sl_send_reply("404", "Not Found");
         exit;
    };
    route(1);
}
route[13] {
    append_hf("P-hint: outbound->inbound \r\n");
    sl_send_reply("403", "Forbidden");
    exit;
}
  onreply_route[1] {
   xlog("L_INFO", "Reply - S=$rs D=$rr F=$fu T=$tu IP=$si ID=$ci\n");
       search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
   fix_nated_contact();
   exit;

 }
failure_route[1] {
  append_hf("P-hint: (4)passed thru failure_route[1]\r\n");






      if (t_was_cancelled()) {
           exit;
   };
   if (t_check_status("486")) {
          revert_uri();
             prefix("b");
             xlog("L_ERR","Stepped into the 486 ruri=<$ru>");
            #ds_select_dst("2", "4");
       rewritehostport("233.32.345.5:5800");
       append_branch();
            route(1);
              exit;
   };
   if (t_check_status("408") || t_check_status("480")) {
          revert_uri();
          prefix("u");
          xlog("L_ERR","Stepped into the 480 ruri=<$ru>");
          #ds_select_dst("2", "4");
       rewritehostport("233.32.345.5:5800");            append_branch();
          route(1);
          exit;
   };
       }


failure_route[3] {
   if (isbflagset(6) || isflagset(5)) {
     }
 }

------------------------------------------------------------------------

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
 



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users