[OpenSIPS-Users] nat_traversal: register keepalive not, engaging

Gremaud Odin odin.gremaud at nexcom.fr
Wed Sep 7 12:13:34 CEST 2011


Hi,

> Date: Wed, 7 Sep 2011 09:44:34 +0200
> From: Sa?l Ibarra Corretg?<saul at ag-projects.com>
> Subject: Re: [OpenSIPS-Users] nat_traversal: register keepalive not
> 	engaging
> To: OpenSIPS users mailling list<users at lists.opensips.org>
> Message-ID:<69286CAC-B20E-4880-B4CC-5D89631A05B4 at ag-projects.com>
> Content-Type: text/plain; charset=iso-8859-1
>
> Hi,
>
> On Sep 6, 2011, at 3:29 PM, Gremaud Odin wrote:
>
>> Hello everyone,
>>
>> I began using the nat_traversal module to create a NAT traversal dedicated box, but I'm now stuck on something probably pretty stupid. Here is the design I'm working with:
>>
>> Public network  ||  Private network
>>                 ||
>>     U1 ------->  P1 ------->  P2
>>                 ||
>>                 ||
>>
>> U1 being the NATed UAC, P1 the NAT box and P2 an OpenSIPS Proxy/Registrar.
>>
>> The registration process is OK, and I can even call another UA using U1. When checking the proper functioning of my script, I noticed that I could not call U1 from any other UA: indeed, the register keepalive did not trigger properly (no keepalive engaged for REGISTER, even if it pass on the function). The keepalive mechanism is working fine with INVITE (did not try with SUBSCRIBE), I traced OPTION messages going to U1 (which replies with a "404 Not Found", is this normal?). I double-checked using the module statistics, and there was no register keepalive, but during an dialog, it effectively shows that U1 is keepalived. I traced the registration process for a possible error, but the request is correctly transfered to P2, which responds with a 200 OK that P1 receives correctly. I have no more ideas about what I'm missing here...
>>
>> If it can help, here is the NAT and registrar process I use:
>>
>> ### NAT DETECTION ###
>> force_rport();
>>
>> # Avoid NAT detection if source IP is local
>> if ( client_nat_test("8")&&  $si!~"^10\.0\.0\.[0-9]{1,3}$") {
>>     fix_contact();
>>     append_hf("NAT-Scope: nat-relay\r\n");
>>
>>     # For initial invites and all subscribe
>>     if ((is_method("INVITE")&&  !has_totag()) || is_method("SUBSCRIBE")) {
>>         nat_keepalive();
>>
>>     # For registers
>>     } else if (is_method("REGISTER")) {
>>         nat_keepalive();
>>         append_hf("NAT-Received: $source_uri\r\n");
>>     }
>>
>>     setflag(5);
>> }
>>
>> ### REGISTRAR ###
>> if (is_domain_local("$fd")&&  is_method("REGISTER")) {
>>     append_hf("Supported: Path\r\n");
>>     add_path_received();
>>     force_send_socket(10.0.0.1:5060);
>>     t_relay("10.0.0.2:5060");
>>     exit;
>> }
>>
>> ### RELAYING ###
>> # The request was processed by the proxy/registrar
>> if ($hdr(NAT-Scope)=="nat-relay"&&  !isflagset(5)) {
>>     #$du = $hdr(NAT-Received);
>>     $fs = $keepalive.socket($du);
>> # Not a subsequent message (REGISTER, SUBSCRIBE or initial INVITE), avoid looping on P2
>> } else if (!has_totag()&&  $si != "10.0.0.2") {
>>     $du = "sip:10.0.0.2:5060";
>>     $fs = "10.0.0.1:5060";
>> }
>>
>> if (!t_relay("0x03")) {
>>     sl_reply_error();
>> }
>>
>> Any advice or idea is welcome :)
>>
> I see you call fix_contact for any type of request. Don't do this for REGISTER requests or you'll save the wrong received information. For a REGISTER just do force_rport() and nat_keepalive().
>
> Also, the NAT test you are doing seems wrong. If an endpoint puts his own public IP address in the Contact header it will pass your test and no keepalive will be done. I usually use 3, and in the case I mentioned before the endpoint would fail test 2, because it would have a private address in the topmost Via.
>
>
> Regards,
>
> --
> Sa?l Ibarra Corretg?
> AG Projects
>

Thanks for the reply. I'm tired to be that dumb ;) I was looking 
everywhere, but I didn't even notice that. It solved my issue concerning 
the keepalive on register.

I know that my NAT test is not right, but this was for an 
experimentation purpose: the lab I'm using is completely local and I do 
not have any public address anywhere. So this did the trick with a NATed 
virtual machine connecting to a non NATed network. I was planning on 
using 3 also with a classic implementation.

Thanks a lot again for your reply, I can now proceed further on :)

Regards,

Odin



More information about the Users mailing list