[OpenSIPS-Users] NAT problem

Bogdan-Andrei Iancu bogdan at voice-system.ro
Wed Nov 26 18:53:59 CET 2008


Hi Juan,

I need to see the request part also to figure out if the flow through 
the NAT is ok or not.

As a side note - could you check if the device behind the nat is 
actually receiving the 200 OK?. Because a typical reason for a missing 
ACK is  a missing 200 OK.

Another question - the device placing the call (from behind the nat) is 
registered or not? what is the estimated setup time in this case (time 
between invite and 200 OK) ?

Regards,
Bogdan

Juan Backson wrote:
> Hi,
>
> I am having problem with configuring opensips to work with NATed 
> clients.  In my configuration, I am using a B2BUA and Opensips as the 
> sip proxy. 
>
> The problem I am having is that when the B2BUA(233.32.345.5:5800) 
> sends out 200 OK, Opensips (192.168.1.101:5060)is able to proxy it to 
> the NATed client ( 116.24.163.21:2751 <http://116.24.163.21:2751>), 
> but the NATed client is not sending back any ACK, so the B2BUA hangs 
> up after 30 second. 
>
> Could someone give me any suggestion on what may be wrong in my config?
>
> Thanks in advance for all the help.
>
>
> U 233.32.345.5:5800 -> 192.168.1.101:5060 <http://192.168.1.101:5060>
> SIP/2.0 200 OK.
> Via: SIP/2.0/UDP 192.168.1.101 
> <http://192.168.1.101>;branch=z9hG4bK3ab5.9b17c4a1.0;received=233.32.345.5.
> Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21 
> <http://116.24.163.21>;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.
> Record-Route: <sip:192.168.1.101 
> <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.
> From: "1000" <sip:1000 at 233.32.345.5:5060>;tag=b81a6b5e.
> To: "0" <sip:0 at 233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
> Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
> CSeq: 2 INVITE.
> Contact: <sip:mod_sofia at 233.32.345.5:5800;transport=udp>.
> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, 
> NOTIFY, REFER, UPDATE, REGISTER, INFO.
> Supported: timer, precondition, path, replaces.
> Allow-Events: talk.
> Session-Expires: 120;refresher=uas.
> Min-SE: 120.
> Content-Type: application/sdp.
> Content-Disposition: session.
> Content-Length: 269.
> .
> v=0.
> o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.
> s=FreeSWITCH.
> c=IN IP4 233.32.345.5.
> t=0 0.
> m=audio 10272 RTP/AVP 0 101.
> a=rtpmap:0 PCMU/8000.
> a=rtpmap:101 telephone-event/8000.
> a=fmtp:101 0-16.
> a=silenceSupp:off - - - -.
> a=ptime:20.
>
>
> U 192.168.1.101:5060 <http://192.168.1.101:5060> -> 116.24.163.21:2751 
> <http://116.24.163.21:2751>
> SIP/2.0 200 OK.
> Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21 
> <http://116.24.163.21>;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.
> Record-Route: <sip:192.168.1.101 
> <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.
> From: "1000" <sip:1000 at 233.32.345.5:5060>;tag=b81a6b5e.
> To: "0" <sip:0 at 233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
> Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
> CSeq: 2 INVITE.
> Contact: <sip:mod_sofia at 233.32.345.5:5800;transport=udp>.
> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, 
> NOTIFY, REFER, UPDATE, REGISTER, INFO.
> Supported: timer, precondition, path, replaces.
> Allow-Events: talk.
> Session-Expires: 120;refresher=uas.
> Min-SE: 120.
> Content-Type: application/sdp.
> Content-Disposition: session.
> Content-Length: 269.
> .
> v=0.
> o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.
> s=FreeSWITCH.
> c=IN IP4 233.32.345.5.
> t=0 0.
> m=audio 10272 RTP/AVP 0 101.
> a=rtpmap:0 PCMU/8000.
> a=rtpmap:101 telephone-event/8000.
> a=fmtp:101 0-16.
> a=silenceSupp:off - - - -.
> a=ptime:20.
>
>
> U 192.168.1.101:5800 <http://192.168.1.101:5800> -> 233.32.345.5:5060
> BYE sip:1000 at 116.24.163.21:2751 <http://sip:1000@116.24.163.21:2751> 
> SIP/2.0.
> Via: SIP/2.0/UDP 233.32.345.5:5800;rport;branch=z9hG4bK01H0jSevQ2Nmc.
> Route: <sip:192.168.1.101 
> <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.
> Max-Forwards: 70.
> From: "0" <sip:0 at 233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
> To: "1000" <sip:1000 at 233.32.345.5:5060>;tag=b81a6b5e.
> Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
> CSeq: 107702524 BYE.
> Contact: <sip:mod_sofia at 233.32.345.5:5800;transport=udp>.
> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, 
> NOTIFY, REFER, UPDATE, REGISTER, INFO.
> Supported: timer, precondition, path, replaces.
> Reason: SIP;cause=408;text="ACK Timeout".
> Content-Length: 0.
> .
>
>
>
>
> #
> # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
> #
> #simple quick-start config script
> #Please refer to the Core CookBook at 
> http://www.openser.org/dokuwiki/doku.php
> #for a explanation of possible statements, functions and parameters.
> #
> # ----------- global configuration parameters ------------------------
> debug=3            # debug level (cmd line: -dddddddddd)
> fork=no
> log_stderror=yes    # (cmd line: -E)
> children=4
> port=5060
> mpath="/usr/local/lib64/opensips/modules/"
> loadmodule "db_mysql.so"
> loadmodule "sl.so"
> loadmodule "tm.so"
> loadmodule "rr.so"
> loadmodule "maxfwd.so"
> loadmodule "usrloc.so"
> loadmodule "registrar.so"
> loadmodule "textops.so"
> loadmodule "mi_fifo.so"
> loadmodule "uri.so"
> loadmodule "uri_db.so"
> loadmodule "domain.so"
> loadmodule "xlog.so"
> loadmodule "permissions.so"
> loadmodule "auth.so"
> loadmodule "auth_db.so"
> loadmodule "dispatcher.so"
> loadmodule "nathelper.so"
> loadmodule "mediaproxy.so"
>
>
>
>  
>
>
>
>
>
> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
> modparam("usrloc", "db_mode", 2)
>
>  
>  
> modparam("rr", "enable_full_lr", 1)
>  
> modparam("auth_db|usrloc|domain|uri_db|permissions|dispatcher","db_url","mysql://root:sqlpass@192.168.1.105/app 
> <http://root:sqlpass@192.168.1.105/app>")
> modparam("auth_db","calculate_ha1",yes)
> modparam("auth_db","password_column","password")
> modparam("auth_db","user_column","sip_user")
> modparam("auth_db","load_credentials","agent_id")
>  
> modparam("uri_db","db_table","agent")
> modparam("uri_db","user_column","sip_user")
> modparam("uri_db","use_uri_table",0)
> modparam("auth_db","use_domain",0)
>  
> modparam("permissions", "db_mode", 1)
> modparam("permissions", "trusted_table", "server")
> modparam("permissions","source_col","server_ip")
> modparam("permissions","proto_col","transport")
> modparam("permissions","from_col","from_pattern")
> modparam("permissions","tag_col","peer_tag")
>  
> modparam("dispatcher","table_name","dispatcher")
> modparam("dispatcher","setid_col","setid")
> modparam("dispatcher","destination_col","destination")
> modparam("dispatcher","flags_col","flags")
> modparam("dispatcher","flags",3)
>  
> modparam("auth_db","load_credentials","enable")
>
>
> modparam("nathelper","received_avp", "$avp(i:42)")
>
> modparam("nathelper","received_avp", "$avp(i:42)")
> modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7890 
> <http://127.0.0.1:7890>")
> modparam("nathelper", "natping_interval", 30)
> modparam("nathelper", "ping_nated_only", 0)
> modparam("nathelper", "sipping_bflag", 7)
> modparam("nathelper", "sipping_from", "sip:pinger at 8.8.1.20 
> <mailto:sip%3Apinger at 8.8.1.20>")
>
>
>  
> listen=udp:192.168.1.101:5060 <http://192.168.1.101:5060>
> listen=tcp:192.168.1.101:5060 <http://192.168.1.101:5060>
> listen=udp:233.32.345.5:5060
> listen=tcp:233.32.345.5:5060
>  
>  
> # -------------------------    request routing logic -------------------
> # main routing logic
> route{
>  
> xlog("method <$rm> from-header <$fu>\n");
>          # initial sanity checks -- messages with
>          # max_forwards==0, or excessively long requests
>          if (!mf_process_maxfwd_header("10")) {
>                  sl_send_reply("483","Too Many Hops");
>                  exit;
>          };
>          if (msg:len >= 2048 ) {
>                  sl_send_reply("513", "Message too big");
>                  exit;
>          };
>          # we record-route all messages -- to make sure that
>          # subsequent messages will go through our proxy; that's
>          # particularly good if upstream and downstream entities
>          # use different transport protocol
>  
>
>     ## NAT Detection  
>         #
>         force_rport();
>         if (nat_uac_test("19")) {
>             if (method=="REGISTER") {
>                     fix_nated_register();
>             } else {
>                 fix_nated_contact();
>             };
>             setflag(5);
>         };
>     
>
>     if(!is_method("REGISTER")){
>            if(nat_uac_test("19")){
>               record_route(";nat=yes");
>            } else {
>               record_route();
>            };
>     };
>  
>
>  
>          if (has_totag()) {
>               if (loose_route()) {
>
>                       if(method=="INVITE" && (!allow_trusted())) {
>                                if (!proxy_authorize("","auth")) {
>  
>                                    proxy_challenge("","0");
>                                    exit;
>                            } else if (!check_from()) {
>  
>                            sl_send_reply("403", "Forbidden, use 
> From=ID");
>                                exit;
>                           };
>                 
>                 if ($avp(s:enable)=="0") {
>                     sl_send_reply("403", "Forbidden, use From=ID");
>  
>                                         exit;
>  
>  
>                 }
>                       };
>  
>                       route(1);
>           } else {
>                  sl_send_reply("404","Not here");
>           }
>         route(1);
>           exit;
>     }
>  
>  
>  
>  
>          if (is_method("CANCEL")) {
>             if (t_check_trans())  
>             t_relay();
>             exit;
>     }
>     if (method=="REGISTER") {
>              route(2);
>     } else {
>              route(3);
>     };
>  
> }
> route[1] {
>
>
>         # send it out now; use stateful forwarding as it works
>         # reliably even for UDP2TCP
>  
>     t_on_reply("1");
>     t_on_failure("1");
>  
>         if (!t_relay()) {
>                 sl_reply_error();
>         };
>         exit;
> }
>  
> route[2] {
>         #
>         # -- Register request handler --
>         #
>         if (is_uri_host_local()) {
>  
>                 if (!www_authorize("", "auth")) {
>             
>  
>                       www_challenge("", "0");
>  
>                         exit;
>
>                 };
>                 
>                 if (!check_to()) {
>  
>                         sl_send_reply("403", "Forbidden");
>                         exit;
>                 };
>
>          if ($avp(s:enable)=="0") {
>                                         sl_send_reply("403", 
> "Forbidden, use From=ID");
>  
>                                         exit;
>                   }
>     
>                 save("location");
>                 exit;
>         } else if {
>                                 
>         sl_send_reply("403", "Forbidden");
>         };
> }
>  
> route[3] {
>
>  
>         if (is_from_local()){
>             # From an internal domain -> check the credentials and the 
> FROM
>  
>                 if (!proxy_authorize("","auth")) {
>                         proxy_challenge("","0");
>  
>                         exit;
>                 } else if (!check_from()) {
>             
>                     sl_send_reply("403", "Forbidden, use From=ID");
>                         exit;
>                 };
>  
>                 consume_credentials();
>                 # Verify aliases
>  
>                 if (is_uri_host_local()) {
>                         # -- Inbound to Inbound
>                     route(10);
>                } else {
>                     # -- Inbound to outbound
>                     route(11);
>                };
>       } else {
>            
>            if (is_uri_host_local()) {
>               #-- Outbound to inbound
>               route(12);
>            } else {
>               # -- Outbound to outbound
>               route(13);
>            };
>       };
> }
>  
>  
> route[4] {
>     revert_uri();
>           rewritehostport("233.32.345.5:5800");
>     route(1);
>
>
>
>
> }
>  
>
>
> route[6] {
>     if (is_method("BYE")) {
>         
>     } else if ((is_method("INVITE"))){
>         
>     append_hf("P-hint: Route[6]: Rtpproxy \r\n");
>      t_on_failure("3");
>     };
>  }
>  
>  
> route[10] {
>      append_hf("P-hint: inbound->inbound \r\n");
>      route(4);
>  
> }
> route[11] {
>      append_hf("P-hint: inbound->outbound \r\n");
>      route(1);
> }
> route[12] {
>      lookup("aliases");
>      if (!lookup("location")) {
>           sl_send_reply("404", "Not Found");
>           exit;
>      };
>      route(1);
> }
> route[13] {
>      append_hf("P-hint: outbound->inbound \r\n");
>      sl_send_reply("403", "Forbidden");
>      exit;
> }
>  
>  
> onreply_route[1] {
>     xlog("L_INFO", "Reply - S=$rs D=$rr F=$fu T=$tu IP=$si ID=$ci\n");
>         search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
>     fix_nated_contact();
>     exit;
>
>  
> }
> failure_route[1] {
>    append_hf("P-hint: (4)passed thru failure_route[1]\r\n");
>
>
>
>
>
>
>        if (t_was_cancelled()) {
>             exit;
>     };
>     if (t_check_status("486")) {
>            revert_uri();
>               prefix("b");
>               xlog("L_ERR","Stepped into the 486 ruri=<$ru>");
>              #ds_select_dst("2", "4");
>         rewritehostport("233.32.345.5:5800");
>         append_branch();
>              route(1);
>                exit;
>     };
>     if (t_check_status("408") || t_check_status("480")) {
>            revert_uri();
>            prefix("u");
>            xlog("L_ERR","Stepped into the 480 ruri=<$ru>");
>            #ds_select_dst("2", "4");
>         rewritehostport("233.32.345.5:5800");    
>         append_branch();
>            route(1);
>            exit;
>     };
>  
>  
>  
>     }
>
>
> failure_route[3] {
>     if (isbflagset(6) || isflagset(5)) {
>  
>     }
>  
> }
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>   




More information about the Users mailing list