Nating Issue - Using OPENSIPS - BYE port changed

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Nating Issue - Using OPENSIPS - BYE port changed

jmishra
Hi, I have below mentioned setup : UAC1 ---- (NAT) -------- (NAT) ---- (OPENSIPS + RTPProxy + SylkServer acting as UAC2) I am facing problem which is not consistent 1. UAC1 sends invite to UAC2 (Which reaches successfully every time) 2.Media streaming done successfully 3. UAC2 sends disconnect 'BYE' to UAC1 BYE is not reaching to UAC1 every time , Some time it reaches to UAC1 and some time it does not. From the observation of wireshark I could figure out that in fail scenario destination port gets changed. In all success scenario destination port in BYE message remains same. Please suggest what peace of configuration I have missed or incorrect. Your help in this regard would be of great help to me. Regards, Jagendra
Reply | Threaded
Open this post in threaded view
|

Re: Nating Issue - Using OPENSIPS - BYE port changed

jmishra
Here is the opensips.cfg

Public IP of server where opensips is running - 23.253.128.240
Private IP of server where opensips is running - 192.168.100.240

----------------------------------------------------------
#
# $Id: opensips.cfg 8758 2012-02-29 11:59:26Z vladut-paiu $
#
# OpenSIPS residential configuration script
#     by OpenSIPS Solutions <team@opensips-solutions.com>
#
# This script was generated via "make menuconfig", from
#   the "Residential" scenario.
# You can enable / disable more features / functionalities by
#   re-generating the scenario with different options.#
#
# Please refer to the Core CookBook at:
#      http://www.opensips.org/Resources/DocsCookbooks
# for a explanation of possible statements, functions and parameters.
#


####### Global Parameters #########

#debug=3
log_stderror=no
log_facility=LOG_LOCAL0

fork=yes
children=4

/* uncomment the following lines to enable debugging */
debug=6
#fork=no
#log_stderror=yes

/* uncomment the next line to enable the auto temporary blacklisting of
   not available destinations (default disabled) */
#disable_dns_blacklist=no

/* uncomment the next line to enable IPv6 lookup after IPv4 dns
   lookup failures (default disabled) */
#dns_try_ipv6=yes

/* comment the next line to enable the auto discovery of local aliases
   based on revers DNS on IPs */
#auto_aliases=no

#port=8060
#listen=udp:0.0.0.0:4060   # CUSTOMIZE ME
#listen=udp:192.168.1.1:4060   # CUSTOMIZE ME
#listen=udp:122.160.62.233:4060   # CUSTOMIZE ME
listen=udp:192.168.100.240:5062   # CUSTOMIZE ME
#listen=tcp:192.168.100.240:5062   # CUSTOMIZE ME
#listen=eth1:4060   # CUSTOMIZE ME
#listen=udp:127.0.0.1:5060   # CUSTOMIZE ME
#port=4060
alias=192.168.100.240
alias=23.253.128.240
alias=open-ims.test
alias=pcscf.open-ims.test

#alias=122.160.62.233
#alias=125.19.57.117

#advertised_address="125.19.57.12"
advertised_address="23.253.128.240"
#advertised_address="10.0.0.29"
#advertised_port=4060
advertised_port=5062


#disable_tcp=yes

#disable_tls=yes


####### Modules Section ########

#set module path
mpath="/usr/lib/opensips/modules/"

#### SIGNALING module
loadmodule "signaling.so"

#### StateLess module
loadmodule "sl.so"

#### Transaction Module
loadmodule "tm.so"
modparam("tm", "fr_timer", 5)
modparam("tm", "fr_inv_timer", 30)
modparam("tm", "restart_fr_on_each_reply", 0)
modparam("tm", "onreply_avp_mode", 1)

#### Record Route Module
loadmodule "rr.so"
/* do not append from tag to the RR (no need for this script) */
modparam("rr", "append_fromtag", 0)

#### MAX ForWarD module
loadmodule "maxfwd.so"

#### SIP MSG OPerationS module
loadmodule "sipmsgops.so"

#### FIFO Management Interface
loadmodule "mi_fifo.so"
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")

#### URI module
loadmodule "uri.so"
modparam("uri", "use_uri_table", 0)



#### USeR LOCation module
loadmodule "usrloc.so"
modparam("usrloc", "nat_bflag", 10)
modparam("usrloc", "db_mode",   0)

#### REGISTRAR module
loadmodule "registrar.so"
modparam("registrar", "tcp_persistent_flag", 7)
modparam("registrar", "max_expires", 70)
modparam("registrar", "min_expires", 30)

/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)

#### ACCounting module
loadmodule "acc.so"
/* what special events should be accounted ? */
modparam("acc", "early_media", 0)
modparam("acc", "report_cancels", 0)
/* by default we do not adjust the direct of the sequential requests.
   if you enable this parameter, be sure the enable "append_fromtag"
   in "rr" module */
modparam("acc", "detect_direction", 0)
modparam("acc", "failed_transaction_flag", 3)
/* account triggers (flags) */
modparam("acc", "log_flag", 1)
modparam("acc", "log_missed_flag", 2)


# !! Nathelper
loadmodule "nathelper.so"

#
# !! Nathelper
#
modparam("usrloc", "nat_bflag", 3)
#modparam("usrloc", "nat_bflag", 6)
modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT
modparam("nathelper", "sipping_bflag", 7)
#modparam("nathelper", "sipping_bflag", 8)
modparam("nathelper", "received_avp", "$avp(i:801)")
modparam("nathelper", "natping_processes", 3)
modparam("nathelper", "natping_interval", 10)
modparam("nathelper", "sipping_from", "sip:open-ims@23.253.128.240")
modparam("nathelper", "sipping_method", "OPTIONS")
modparam("nathelper", "natping_socket", "23.253.128.240:5062")


# RTPProxy setup

loadmodule "dialog.so"
loadmodule "rtpproxy.so"
modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:34999")
modparam("rtpproxy", "rtpproxy_disable_tout", 20)
modparam("rtpproxy", "rtpproxy_timeout", "5.2")
modparam("rtpproxy", "rtpproxy_retr", 5)
modparam("rtpproxy", "nortpproxy_str", "a=sdpmangled:yes\r\n")


####### Routing Logic ########

# main request routing logic

route{


        if (!mf_process_maxfwd_header("10")) {
                sl_send_reply("483","Too Many Hops");
                exit;
        }

        # !! Nathelper
        # Special handling for NATed clients; first, NAT test is
        # executed: it looks for via!=received and RFC1918 addresses
        # in Contact (may fail if line-folding is used); also,
        # the received test should, if completed, should check all
        # vias for rpesence of received
        if (nat_uac_test("63")) {
        # Allow RR-ed requests, as these may indicate that
        # a NAT-enabled proxy takes care of it; unless it is
        # a REGISTER

                #if (is_method("REGISTER") && !is_present_hf("Record-Route")) {
                #       log("LOG:Someone trying to register from private IP, rewriting\n");
        # This will work only for user agents that support symmetric
        # communication. We tested quite many of them and majority is
        # smart enough to be symmetric. In some phones it takes a
        # configuration option. With Cisco 7960, it is called
        # NAT_Enable=Yes, with kphone it is called "symmetric media" and
        # "symmetric signalling".

        # Rewrite contact with source IP of signalling
                        fix_nated_contact();
                        force_rport(); # Add rport parameter to topmost Via
                        setbflag(6); # Mark as NATed

        # if you want sip nat pinging
                        #setbflag(8);
                #}
        }


        if (has_totag()) {
                # sequential request withing a dialog should
                # take the path determined by record-routing
                if (loose_route()) {

                        if (is_method("BYE")) {
                                setflag(1); # do accounting ...
                                setflag(3); # ... even if the transaction fails
                        } else if (is_method("INVITE")) {
                                # even if in most of the cases is useless, do RR for
                                # re-INVITEs alos, as some buggy clients do change route set
                                # during the dialog.
                                record_route();
                                #record_route_preset("122.160.62.233:4060");
                        }



                        # route it out to whatever destination was set by loose_route()
                        # in $du (destination URI).
                        route(1);
                } else {

                        if ( is_method("ACK") ) {
                                if ( t_check_trans() ) {
                                        # non loose-route, but stateful ACK; must be an ACK after
                                        # a 487 or e.g. 404 from upstream server
                                        t_relay();
                                        exit;
                                } else {
                                        # ACK without matching transaction ->
                                        # ignore and discard
                                        exit;
                                }
                        }
                        sl_send_reply("404","Not here");
                }
                if (is_method("INVITE"))
                {
                        engage_rtp_proxy();
                };

                exit;
        }

        if (is_method("INVITE"))
        {
                if(is_present_hf("P-Preferred-Identity"))
                {
                        append_hf("P-Asserted-Identity: $pu \r\n");

                        remove_hf("P-Preferred-Identity");
                }
                if (has_body())
                {
                        if (rtpproxy_offer())
                        {
                                t_on_reply("1");
                        }
                        else
                        {
                                t_on_reply("2");
                        }
                }
        }


        if (is_method("ACK") && has_body())
                rtpproxy_answer();

        # CANCEL processing
        if (is_method("CANCEL"))
        {
                if (t_check_trans())
                        t_relay();
                exit;
        }

        t_check_trans();

        if ( !(is_method("REGISTER")  ) ) {

                if (from_uri==myself)

                {

                } else {
                        # if caller is not local, then called number must be local

                        if (!uri==myself) {
                                send_reply("403","Rely forbidden");
                                exit;
                        }
                }

        }

        # preloaded route checking
        if (loose_route()) {
                xlog("L_ERR",
                "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
                if (!is_method("ACK"))
                        sl_send_reply("403","Preload Route denied");
                exit;
        }

        # record routing
        if (!is_method("REGISTER|MESSAGE")){
                record_route();
                #record_route_preset("122.160.62.233:4060");
        }


        # account only INVITEs
        if (is_method("INVITE")) {

                setflag(1); # do accounting
        }


        if (!uri==myself) {
                append_hf("P-hint: outbound\r\n");

                route(1);
        }

        # requests for my domain

        if (is_method("PUBLISH|SUBSCRIBE"))
        {
                sl_send_reply("503", "Service Unavailable");
                exit;
        }

        if (is_method("REGISTER"))
        {


                if (   0 ) setflag(7);

                if (!save("location"))
                        sl_reply_error();

                exit;
        }

        if ($rU==NULL) {
                # request with no Username in RURI
                sl_send_reply("484","Address Incomplete");
                exit;
        }







        # do lookup with method filtering
        if (!lookup("location","m")) {


                t_newtran();
                t_reply("404", "Not Found");
                exit;
        }



        # when routing via usrloc, log the missed calls also
        setflag(2);
        route(1);
}


route[1] {
        # for INVITEs enable some additional helper routes
        if (is_method("INVITE")) {



                t_on_branch("2");
                t_on_reply("2");
                t_on_failure("1");
        }



        if (!t_relay()) {
                send_reply("500","Internal Error");
        };
        exit;
}




branch_route[2] {
        xlog("new branch at $ru\n");
}


onreply_route[1] {

        xlog("incoming reply\n");
        if (has_body()){
                rtpproxy_answer();
                fix_nated_contact();
         }
        # NATed transaction ?
        if (isbflagset(6) && status =~ "(183)2[0-9][0-9]") {
                fix_nated_contact();
                # otherwise, is it a transaction behind a NAT and we did not
                # know at time of request processing ? (RFC1918 contacts)
        } else if (nat_uac_test("63")) {
          fix_nated_contact();
        }

}

onreply_route[2] {

        xlog("incoming reply\n");
        if (has_body()){
                rtpproxy_offer();
               fix_nated_contact();
        }
}


failure_route[1] {
        if (t_was_cancelled()) {
                exit;
        }

        # uncomment the following lines if you want to block client
        # redirect based on 3xx replies.
        ##if (t_check_status("3[0-9][0-9]")) {
        ##t_reply("404","Not found");
        ##      exit;
        ##}


}


--------------------------------------------------------
Reply | Threaded
Open this post in threaded view
|

Re: Nating Issue - Using OPENSIPS - BYE port changed

kamika
I think you should put force_rport before testing nat.
Reply | Threaded
Open this post in threaded view
|

Re: Nating Issue - Using OPENSIPS - BYE port changed

jmishra
Hi Kamika,
         If you see in opensips.cfg (provided in previous post) I have added "force_rport".
Please guide me if this needs to be added in some different place in configuration files.

Thanks and Regards,
Jagendra
Reply | Threaded
Open this post in threaded view
|

Re: Nating Issue - Using OPENSIPS - BYE port changed

jmishra
Hi,
 Could anyone help on underline issue.


Regards,
Jagendra
Reply | Threaded
Open this post in threaded view
|

Re: Nating Issue - Using OPENSIPS - BYE port changed

kamika
I meant put force_rport() before  if (nat_uac_test("63")) { ..., not under it.

Also make sure that your nat_uac_test("63") is correct? I think 31 is maximum. Why 63?  

If it does't help could you make dump pcap with tcpdump so I could see the actual flow?
Reply | Threaded
Open this post in threaded view
|

Re: Nating Issue - Using OPENSIPS - BYE port changed

jmishra
Hi Kamika,


Please find attached tcpdump and syslog for failure and success scenarios.

Request your help.

dumpdataFailScenarionsyslogFailed

dumpdataSucess
syslogSucess


Regards,
Jagendra
Reply | Threaded
Open this post in threaded view
|

Re: Nating Issue - Using OPENSIPS - BYE port changed

kamilka
Hi Jagendra,

You really have a mess. Your trace file is strange.. It doesn't have B leg. According to your .cfg file your server shoud listen on 5062. Who plays RTP? There is no opensips user agent in 100 response. Since you have no auth in your file I made some tests by my own. It works correctly.
Reply | Threaded
Open this post in threaded view
|

Re: Nating Issue - Using OPENSIPS - BYE port changed

jmishra
Hi Kamika,
     I accept that my trace file can have mess ( I am new to SIP terminology and trying to understand with short deadlines).
As I understand about B leg , you are asking about the SIP client sitting on other side , it is SylkServer application which is acting role of B leg (please correct me if I misunderstood your comment).

Who play RTP media - Here it is SylkServer which is playing RTP media.

My problem is after completion of media file SylkServer sends BYE to other client (UAC1) , some time this BYE does not reaches to UAC1. Strange is some time it works with same configuration.
Auth - Yes I do not have auth enabled as of now. I have made unsuccessful try to enable auth but I could not made it success and definitely would take it as next item after resolution of underline problem (some time BYE does not reaches to UAC1).

Could you please help me by suggesting few points where I should look for mistakes and perform correction.

Regards,
Jagendra
Reply | Threaded
Open this post in threaded view
|

Re: Nating Issue - Using OPENSIPS - BYE port changed

kamika
What I am talking about.. That your SilkServer is listening on port 5060. And, according to your trace there is a problem not with opensips because it doesn't involved in the process at all. It is  SilkServer doesn't work with clinet's nat correctly. Try to connect to opensips at port 5062 and, as far as I see, it works, at least for me. Opensips should be in between your client and mediaserver. And Opensips should do auth. You probably want to protect you silk server with ACLs allowing only opensips's IP to make INVITES.

And while you don't have authorization don't connect your server to PSTN