[OpenSIPS-Users] NAT Traversal for audio stream (call)
archiveacephale
archiveacephale at yahoo.co.jp
Thu Oct 20 13:19:03 CEST 2011
hello everyone,
my name is Lyu from Japan, working on a iOS app integration of OpenSIPS for
synchronized rich contents communication between clients.
What I want to achieve is letting 2 clients communicate touch drawing + voice + eventually video streaming in realtime to each other.
Synching touch drawing is going well, but I have problem with audio calls.
For NAT Traversal I've tried STUN server, which work fine for 3G-3G, 3G-WiFi and WiFi-WiFi w/ 2 different LANs,
but does not work for WiFi-WiFi on same LAN which is not tolerable for our project.
STUN server seems to work fine (which I'm not sure) as there's no difference in the log
for WiFi-WiFi (2 LANs) and WiFi-WiFi (same LAN).
As I'm a total newb in this field and not quite sure if my configuration is right,
I'd greatly appreciate if someone can tell me if my config set up isn't doing anything wrong.
My OpenSIPS server is running on a EC2 CentOS6 instance with OpenSIPS 1.7.0. and
using iDoubs v2 clients on iOS4 machines (iPhone and iPad).
Please let me know if I should share other logs than below.
Here's my STUN log (2 clients on same LAN):
received on A1:P1
Got a request (len=64) from LAN_GLOBAL_IP:64958
Received stun message: 64 bytes
ServerName = IM-client/OMA1.0 doubango/v0.0.0
Unknown attribute: 32808
Request parsed ok
BindRequest does not contain MessageIntegrity
Request is valid:
flags=0
changeIp=0
changePort=0
from = LAN_GLOBAL_IP:64958
respond to = LAN_GLOBAL_IP:64958
mapped = LAN_GLOBAL_IP:64958
Encoding stun message:
Encoding MappedAddress: LAN_GLOBAL_IP:64958
Encoding SourceAddress: SERVER_INTERNAL_IP_1:3478
Encoding ChangedAddress: SERVER_INTERNAL_IP_2:3479
Encoding XorMappedAddress: 250.174.7.15:56492
Encoding ServerName: Vovida.org 0.96
received on A1:P1
Got a request (len=64) from LAN_GLOBAL_IP:55792
Received stun message: 64 bytes
ServerName = IM-client/OMA1.0 doubango/v0.0.0
Unknown attribute: 32808
Request parsed ok
BindRequest does not contain MessageIntegrity
Request is valid:
flags=0
changeIp=0
changePort=0
from = LAN_GLOBAL_IP:55792
respond to = LAN_GLOBAL_IP:55792
mapped = LAN_GLOBAL_IP:55792
Encoding stun message:
Encoding MappedAddress: LAN_GLOBAL_IP:55792
Encoding SourceAddress: SERVER_INTERNAL_IP_1:3478
Encoding ChangedAddress: SERVER_INTERNAL_IP_2:3479
Encoding XorMappedAddress: 250.174.7.15:63714
Encoding ServerName: Vovida.org 0.96
Here is my opensips.cfg:
#
# $Id: opensips.cfg 8141 2011-07-08 12:17:13Z vladut-paiu $
#
# OpenSIPS basic configuration script
# by Anca Vamanu <anca at voice-system.ro>
#
# Please refer to the Core CookBook at:
# http://www.opensips.org/Resources/DocsCookbooks
# for a explanation of possible statements, functions and parameters.
#
####### Global Parameters #########
#debug=3
#log_stderror=no
#log_facility=LOG_LOCAL0
fork=yes
children=4
/* uncomment the following lines to enable debugging */
debug=6
#fork=no
log_stderror=no
/* uncomment the next line to disable TCP (default on) */
#disable_tcp=yes
/* uncomment the next line to enable the auto temporary blacklisting of
not available destinations (default disabled) */
#disable_dns_blacklist=no
/* uncomment the next line to enable IPv6 lookup after IPv4 dns
lookup failures (default disabled) */
#dns_try_ipv6=yes
/* uncomment the next line to disable the auto discovery of local aliases
based on revers DNS on IPs (default on) */
#auto_aliases=no
/* uncomment the following lines to enable TLS support (default off) */
#disable_tls = no
#listen = tls:your_IP:5061
#tls_verify_server = 1
#tls_verify_client = 1
#tls_require_client_certificate = 0
#tls_method = TLSv1
#tls_certificate = "/usr/local/etc/opensips/tls/user/user-cert.pem"
#tls_private_key = "/usr/local/etc/opensips/tls/user/user-privkey.pem"
#tls_ca_list = "/usr/local/etc/opensips/tls/user/user-calist.pem"
# default db_url to be used by modules requiring DB connection
db_default_url="mysql://opensips:opensips@localhost/opensips"
port=5060
/* uncomment and configure the following line if you want opensips to
bind on a specific interface/port/proto (default bind on all available) */
#listen=udp:192.168.1.2:5060
####### Modules Section ########
#set module path
mpath="/usr/local/lib64/opensips/modules/"
/* uncomment next line for MySQL DB support */
loadmodule "db_mysql.so"
loadmodule "signaling.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"
loadmodule "uri.so"
loadmodule "acc.so"
/* uncomment next lines for MySQL based authentication support
NOTE: a DB (like db_mysql) module must be also loaded */
loadmodule "auth.so"
loadmodule "auth_db.so"
/* uncomment next line for aliases support
NOTE: a DB (like db_mysql) module must be also loaded */
loadmodule "alias_db.so"
/* uncomment next line for multi-domain support
NOTE: a DB (like db_mysql) module must be also loaded
NOTE: be sure and enable multi-domain support in all used modules
(see "multi-module params" section ) */
#loadmodule "domain.so"
/* uncomment the next two lines for presence server support
NOTE: a DB (like db_mysql) module must be also loaded */
loadmodule "presence.so"
loadmodule "presence_xml.so"
# ----------------- setting module-specific parameters ---------------
# ----- mi_fifo params -----
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
# ----- rr params -----
# do not append from tag to the RR (no need for this script)
modparam("rr", "append_fromtag", 0)
# ----- registrar params -----
/* uncomment the next line not to allow more than 10 contacts per AOR */
modparam("registrar", "max_contacts", 10)
# ----- usrloc params -----
# modparam("usrloc", "db_mode", 0)
/* uncomment the following lines if you want to enable DB persistency
for location entries */
modparam("usrloc", "db_mode", 2)
modparam("usrloc", "db_url",
"mysql://opensips:opensips@localhost/opensips")
# ----- uri params -----
modparam("uri", "use_uri_table", 0)
# ----- acc params -----
/* what sepcial events should be accounted ? */
modparam("acc", "early_media", 1)
modparam("acc", "report_cancels", 1)
/* by default ww do not adjust the direct of the sequential requests.
if you enable this parameter, be sure the enable "append_fromtag"
in "rr" module */
modparam("acc", "detect_direction", 0)
/* account triggers (flags) */
modparam("acc", "failed_transaction_flag", 3)
modparam("acc", "log_flag", 1)
modparam("acc", "log_missed_flag", 2)
/* uncomment the following lines to enable DB accounting also */
modparam("acc", "db_flag", 1)
modparam("acc", "db_missed_flag", 2)
# ----- auth_db params -----
/* uncomment the following lines if you want to enable the DB based
authentication */
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("auth_db", "db_url",
"mysql://opensips:opensips@localhost/opensips")
modparam("auth_db", "load_credentials", "")
# ----- alias_db params -----
/* uncomment the following lines if you want to enable the DB based
aliases */
modparam("alias_db", "db_url",
"mysql://opensips:opensips@localhost/opensips")
# ----- domain params -----
/* uncomment the following lines to enable multi-domain detection
support */
#modparam("domain", "db_url",
# "mysql://opensips:opensips@localhost/opensips")
#modparam("domain", "db_mode", 1) # Use caching
# ----- multi-module params -----
/* uncomment the following line if you want to enable multi-domain support
in the modules (dafault off) */
#modparam("auth_db|usrloc|uri", "use_domain", 1)
# ----- presence params -----
/* uncomment the following lines if you want to enable presence */
modparam("presence|presence_xml", "db_url",
"mysql://opensips:opensips@localhost/opensips")
modparam("presence_xml", "force_active", 1)
modparam("presence", "server_address", "sip:127.0.0.1:5060")
####### Routing Logic ########
# main request routing logic
route{
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
}
if (has_totag()) {
# sequential request withing a dialog should
# take the path determined by record-routing
if (loose_route()) {
if (is_method("BYE")) {
setflag(1); # do accounting ...
setflag(3); # ... even if the transaction fails
} else if (is_method("INVITE")) {
# even if in most of the cases is useless, do RR for
# re-INVITEs alos, as some buggy clients do change route set
# during the dialog.
record_route();
}
# route it out to whatever destination was set by loose_route()
# in $du (destination URI).
route(1);
} else {
/* uncomment the following lines if you want to enable presence */
if (is_method("SUBSCRIBE") && $rd == "your.server.ip.address") {
# in-dialog subscribe requests
route(2);
exit;
}
if ( is_method("ACK") ) {
if ( t_check_trans() ) {
# non loose-route, but stateful ACK; must be an ACK after
# a 487 or e.g. 404 from upstream server
t_relay();
exit;
} else {
# ACK without matching transaction ->
# ignore and discard
exit;
}
}
sl_send_reply("404","Not here");
}
exit;
}
#initial requests
# CANCEL processing
if (is_method("CANCEL"))
{
if (t_check_trans())
t_relay();
exit;
}
t_check_trans();
# authenticate if from local subscriber (uncomment to enable auth)
# authenticate all initial non-REGISTER request that pretend to be
# generated by local subscriber (domain from FROM URI is local)
if (!(method=="REGISTER") && from_uri==myself) /*no multidomain version*/
##if (!(method=="REGISTER") && is_from_local()) /*multidomain version*/
{
if (!proxy_authorize("", "subscriber")) {
proxy_challenge("", "0");
exit;
}
if (!db_check_from()) {
sl_send_reply("403","Forbidden auth ID");
exit;
}
consume_credentials();
## # caller authenticated
}
# preloaded route checking
if (loose_route()) {
xlog("L_ERR",
"Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
if (!is_method("ACK"))
sl_send_reply("403","Preload Route denied");
exit;
}
# record routing
if (!is_method("REGISTER|MESSAGE"))
record_route();
# account only INVITEs
if (is_method("INVITE")) {
setflag(1); # do accounting
}
if (!uri==myself)
## replace with following line if multi-domain support is used
##if (!is_uri_host_local())
{
append_hf("P-hint: outbound¥r¥n");
# if you have some interdomain connections via TLS
##if($rd=="tls_domain1.net") {
## t_relay("tls:domain1.net");
## exit;
##} else if($rd=="tls_domain2.net") {
## t_relay("tls:domain2.net");
## exit;
##}
route(1);
}
# requests for my domain
## uncomment this if you want to enable presence server
## and comment the next 'if' block
## NOTE: uncomment also the definition of route[2] from below
if( is_method("PUBLISH|SUBSCRIBE"))
route(2);
#if (is_method("PUBLISH"))
#{
# sl_send_reply("503", "Service Unavailable");
# exit;
#}
if (is_method("REGISTER"))
{
# authenticate the REGISTER requests (uncomment to enable auth)
if (!www_authorize("", "subscriber"))
{
www_challenge("", "0");
exit;
}
if (!db_check_to())
{
sl_send_reply("403","Forbidden auth ID");
exit;
}
if (!save("location"))
sl_reply_error();
exit;
}
if ($rU==NULL) {
# request with no Username in RURI
sl_send_reply("484","Address Incomplete");
exit;
}
# apply DB based aliases (uncomment to enable)
alias_db_lookup("dbaliases");
# do lookup with method filtering
if (!lookup("location","m")) {
switch ($retcode) {
case -1:
case -3:
t_newtran();
t_reply("404", "Not Found");
exit;
case -2:
sl_send_reply("405", "Method Not Allowed");
exit;
}
}
# when routing via usrloc, log the missed calls also
setflag(2);
route(1);
}
route[1] {
# for INVITEs enable some additional helper routes
if (is_method("INVITE")) {
t_on_branch("2");
t_on_reply("2");
t_on_failure("1");
}
if (!t_relay()) {
sl_reply_error();
};
exit;
}
# Presence route
/* uncomment the whole following route for enabling presence
NOTE: do not forget to enable the call of this route from the main
route */
route[2]
{
if (!t_newtran())
{
sl_reply_error();
exit;
};
if(is_method("PUBLISH"))
{
handle_publish();
}
else
if( is_method("SUBSCRIBE"))
{
handle_subscribe();
}
exit;
}
branch_route[2] {
xlog("new branch at $ru¥n");
}
onreply_route[2] {
xlog("incoming reply¥n");
}
failure_route[1] {
if (t_was_cancelled()) {
exit;
}
# uncomment the following lines if you want to block client
# redirect based on 3xx replies.
##if (t_check_status("3[0-9][0-9]")) {
##t_reply("404","Not found");
## exit;
##}
# uncomment the following lines if you want to redirect the failed
# calls to a different new destination
##if (t_check_status("486|408")) {
## sethostport("192.168.2.100:5060");
## # do not set the missed call flag again
## t_relay();
##}
}
More information about the Users
mailing list