[OpenSIPS-Users] Fixed nated contact problem when using TLS

[Bogdan-Andrei Iancu]

Hi Nauman,


Nauman Sulaiman wrote:
> Hi, we have a setup where we are using OpenSIPS as an out/inbound proxy. Te connection to the UAC is a TLS (port 5061) one and the connection fron OpenSIPS to third party voip provider is UDP (5060).  We have the TLS connection working and the UAC can successfully register with the provider. OpenSIPS is record routing twice once for the TLS route and another for the UDP. It seems to be bridging too. 
>
> The problem we have is when we have an incoming invite (from voip provider) the contact header returned in the 200 OK from the UAC to OpensIPS has a private address say 192.168.1.20:5061, when opensips bridges this and the fixed nated contact is applied the correct external ip is sent 172.175.130.156:51056 but the port has changed. So the ACK when sent from provider back to OpenSIPS has the above address as req URI and then opensips can't route it back to the UAC because of the incorrect port. So main issue is OpenSIPS can't get the ACK back to UAC to establish the dialog. 
>   
This is correct (the IP and port in Contact) - they need to point to the 
TCP connection where the INVITE came from. Probably OpenSIPs fails to 
correctly route the ACK because the TPC aliasing was not correctly done 
(bogus client not filling in the alias param in via hdr).

Try adding in your cfg the global param:
    tcp_accept_aliases=yes
   
and put in main route:
    if (proto==TCP)  force_tcp_alias();


Regards,
Bogdan

> When there was no bridging (ie no TLS) the port was 5060 and fixed nated contact mapped it like this 172.175.130.156:5060 ie didn't change the port
>
> How to get round this?
>
> Thanks
>
>
>       
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>   


-- 
Bogdan-Andrei Iancu
OpenSIPS Bootcamp
20 - 24 September 2010, Frankfurt, Germany
www.voice-system.ro