[OpenSIPS-Users] Opensips 1.10 NAT
troxlinux
xserverlinux at gmail.com
Wed Oct 23 23:39:14 CEST 2013
Hi, I have the same problem, did you solve?
2013/10/4 Rodrigo Ferreira <rsferreira08 at gmail.com>
> I think I found the problem ..
>
> Looking at my SIP Messages, the VIA and the Contact headers doesnt have my
> INVALID IP, it shows me my VALID IP.
>
> But I dont know how to set that, im doing the fixes for nated contacts.
>
>
>
>
>
> Atenciosamente.
> Eng.° Rodrigo Ferreira
> ITIL v3 Certified
>
> <http://br.linkedin.com/pub/rodrigo-ferreira/31/757/901>
>
>
> 2013/10/4 Rodrigo Ferreira <rsferreira08 at gmail.com>
>
>> I'm running out of ideas ..
>>
>> My rtpproxy is fine
>>
>> Oct 4 09:10:02 opensips /sbin/opensips[5019]: INFO:rtpproxy:rtpp_test:
>> rtp proxy <udp:127.0.0.1:7890> found, support for it enabled
>> Oct 4 09:10:02 opensips /sbin/opensips[5020]: INFO:rtpproxy:rtpp_test:
>> rtp proxy <udp:127.0.0.1:7890> found, support for it enabled
>> Oct 4 09:10:02 opensips /sbin/opensips[5018]: INFO:rtpproxy:rtpp_test:
>> rtp proxy <udp:127.0.0.1:7890> found, support for it enabled
>> Oct 4 09:10:02 opensips /sbin/opensips[5022]: INFO:rtpproxy:rtpp_test:
>> rtp proxy <udp:127.0.0.1:7890> found, support for it enabled
>> Oct 4 09:10:02 opensips /sbin/opensips[5023]: INFO:rtpproxy:rtpp_test:
>> rtp proxy <udp:127.0.0.1:7890> found, support for it enabled
>> Oct 4 09:10:02 opensips /sbin/opensips[5017]: INFO:rtpproxy:rtpp_test:
>> rtp proxy <udp:127.0.0.1:7890> found, support for it enabled
>> Oct 4 09:10:02 opensips /sbin/opensips[5016]: INFO:rtpproxy:rtpp_test:
>> rtp proxy <udp:127.0.0.1:7890> found, support for it enabled
>>
>>
>> and here is my opensips.cfg,
>>
>> ####### Global Parameters #########
>>
>> debug=3
>> log_stderror=no
>> log_facility=LOG_LOCAL0
>>
>> fork=yes
>> children=4
>>
>> /* uncomment the following lines to enable debugging */
>> #debug=6
>> #fork=no
>> #log_stderror=yes
>>
>> /* uncomment the next line to enable the auto temporary blacklisting of
>> not available destinations (default disabled) */
>> #disable_dns_blacklist=no
>>
>> /* uncomment the next line to enable IPv6 lookup after IPv4 dns
>> lookup failures (default disabled) */
>> #dns_try_ipv6=yes
>>
>> /* comment the next line to enable the auto discovery of local aliases
>> based on revers DNS on IPs */
>> auto_aliases=no
>>
>>
>> listen=udp:###.###.###.###:5060
>>
>>
>> disable_tcp=yes
>>
>> db_default_url="mysql://opensips:opensipsrw@localhost
>> /opensipsmysql://###:###@###/opensips"
>>
>> ####### Modules Section ########
>>
>> #set module path
>> mpath="/lib64/opensips/modules/"
>>
>> #### SIGNALING module
>> loadmodule "signaling.so"
>>
>> #### StateLess module
>> loadmodule "sl.so"
>>
>> #### Transaction Module
>> loadmodule "tm.so"
>> modparam("tm", "fr_timer", 5)
>> modparam("tm", "fr_inv_timer", 30)
>> modparam("tm", "restart_fr_on_each_reply", 0)
>> modparam("tm", "onreply_avp_mode", 1)
>>
>> #### Record Route Module
>> loadmodule "rr.so"
>> /* do not append from tag to the RR (no need for this script) */
>> modparam("rr", "append_fromtag", 0)
>>
>> #### MAX ForWarD module
>> loadmodule "maxfwd.so"
>>
>> #### SIP MSG OPerationS module
>> loadmodule "sipmsgops.so"
>>
>> #### FIFO Management Interface
>> loadmodule "mi_fifo.so"
>> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
>> modparam("mi_fifo", "fifo_mode", 0666)
>>
>>
>> #### URI module
>> loadmodule "uri.so"
>> modparam("uri", "use_uri_table", 0)
>>
>> #### MYSQL module
>> loadmodule "db_mysql.so"
>>
>> #### USeR LOCation module
>> loadmodule "usrloc.so"
>> modparam("usrloc", "nat_bflag", "NAT")
>> modparam("usrloc", "db_mode", 2)
>> modparam("usrloc", "db_url",
>> "mysql://####:####@######/opensips")
>>
>> #### REGISTRAR module
>> loadmodule "registrar.so"
>> modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")
>> modparam("registrar", "received_avp", "$avp(received_nh)")
>> /* uncomment the next line not to allow more than 10 contacts per AOR */
>> #modparam("registrar", "max_contacts", 10)
>>
>> #### ACCounting module
>> loadmodule "acc.so"
>> /* what special events should be accounted ? */
>> modparam("acc", "early_media", 0)
>> modparam("acc", "report_cancels", 0)
>> /* by default we do not adjust the direct of the sequential requests.
>> if you enable this parameter, be sure the enable "append_fromtag"
>> in "rr" module */
>> modparam("acc", "detect_direction", 0)
>> modparam("acc", "failed_transaction_flag", "ACC_FAILED")
>> /* account triggers (flags) */
>> modparam("acc", "db_flag", "ACC_DO")
>> modparam("acc", "db_missed_flag", "ACC_MISSED")
>> modparam("acc", "db_url",
>> "mysql://opensips:opensipsrw@localhost
>> /opensipsmysql://###:###@###/opensips")
>>
>> #### AUTHentication modules
>> loadmodule "auth.so"
>> loadmodule "auth_db.so"
>> modparam("auth_db", "calculate_ha1", yes)
>> modparam("auth_db", "password_column", "password")
>> modparam("auth_db", "db_url",
>> "mysql://opensips:opensipsrw@localhost
>> /opensipsmysql://###:###@###/opensips")
>> modparam("auth_db", "load_credentials", "")
>>
>> #### ALIAS module
>> loadmodule "alias_db.so"
>> modparam("alias_db", "db_url",
>> "mysql://opensips:opensipsrw@localhost
>> /opensipsmysql://###:###@###/opensips")
>>
>> #### DOMAIN module
>> loadmodule "domain.so"
>> modparam("domain", "db_url",
>> "mysql://opensips:opensipsrw@localhost
>> /opensipsmysql://###:###@###/opensips")
>> modparam("domain", "db_mode", 1) # Use caching
>> modparam("auth_db|usrloc|uri", "use_domain", 1)
>>
>> #### DIALOG module
>> loadmodule "dialog.so"
>> modparam("dialog", "dlg_match_mode", 1)
>> modparam("dialog", "default_timeout", 21600) # 6 hours timeout
>> modparam("dialog", "db_mode", 2)
>> modparam("dialog", "db_url",
>> "mysql://opensips:opensipsrw@localhost
>> /opensipsmysql://###:###@###/opensips")
>>
>> #### NAT modules
>> loadmodule "nathelper.so"
>> modparam("nathelper", "natping_interval", 10)
>> modparam("nathelper", "ping_nated_only", 1)
>> modparam("nathelper", "received_avp", "$avp(received_nh)")
>> modparam("nathelper", "natping_socket", "###.###.###.###:5060")
>> modparam("nathelper", "sipping_from", "sip:pinger@###.###.###.###")
>> modparam("nathelper", "sipping_method", "OPTIONS")
>>
>> loadmodule "rtpproxy.so"
>> modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7890")
>>
>> #### DIALPLAN module
>> loadmodule "dialplan.so"
>> modparam("dialplan", "db_url",
>> "mysql://opensips:opensipsrw@localhost
>> /opensipsmysql://###:###@###/opensips")
>>
>> #### DYNAMMIC ROUTING module
>> loadmodule "drouting.so"
>> modparam("drouting", "db_url",
>> "mysql://opensips:opensipsrw@localhost
>> /opensipsmysql://###:###@###/opensips")
>>
>>
>> ####### Routing Logic ########
>>
>> # main request routing logic
>>
>> route{
>> force_rport();
>> if (nat_uac_test("23")) {
>> if (is_method("REGISTER")) {
>> fix_nated_register();
>> setbflag(NAT);
>> } else {
>> fix_nated_contact();
>> setflag(NAT);
>> }
>> }
>>
>>
>> if (!mf_process_maxfwd_header("10")) {
>> sl_send_reply("483","Too Many Hops");
>> exit;
>> }
>>
>> if (has_totag()) {
>> # sequential request withing a dialog should
>> # take the path determined by record-routing
>> if (loose_route()) {
>>
>> # validate the sequential request against dialog
>> if ( $DLG_status!=NULL && !validate_dialog() ) {
>> xlog("In-Dialog $rm from $si (callid=$ci)
>> is not valid according to dialog\n");
>> ## exit;
>> }
>>
>> if (is_method("BYE")) {
>> setflag(ACC_DO); # do accounting ...
>> setflag(ACC_FAILED); # ... even if the
>> transaction fails
>> } else if (is_method("INVITE")) {
>> # even if in most of the cases is
>> useless, do RR for
>> # re-INVITEs alos, as some buggy clients
>> do change route set
>> # during the dialog.
>> record_route();
>> }
>>
>> if (check_route_param("nat=yes"))
>> setflag(NAT);
>>
>> # route it out to whatever destination was set by
>> loose_route()
>> # in $du (destination URI).
>> route(relay);
>> } else {
>>
>> if ( is_method("ACK") ) {
>> if ( t_check_trans() ) {
>> # non loose-route, but stateful
>> ACK; must be an ACK after
>> # a 487 or e.g. 404 from upstream
>> server
>> t_relay();
>> exit;
>> } else {
>> # ACK without matching
>> transaction ->
>> # ignore and discard
>> exit;
>> }
>> }
>> sl_send_reply("404","Not here");
>> }
>> exit;
>> }
>>
>> # CANCEL processing
>> if (is_method("CANCEL"))
>> {
>> if (t_check_trans())
>> t_relay();
>> exit;
>> }
>>
>> t_check_trans();
>>
>> if ( !(is_method("REGISTER") || is_from_gw() ) ) {
>>
>> if (is_from_local())
>> {
>>
>> # authenticate if from local subscriber
>> # authenticate all initial non-REGISTER request
>> that pretend to be
>> # generated by local subscriber (domain from FROM
>> URI is local)
>> if (!proxy_authorize("", "subscriber")) {
>> proxy_challenge("", "0");
>> exit;
>> }
>> if (!db_check_from()) {
>> sl_send_reply("403","Forbidden auth ID");
>> exit;
>> }
>>
>> consume_credentials();
>> # caller authenticated
>>
>> } else {
>> # if caller is not local, then called number must
>> be local
>>
>> if (!is_uri_host_local()) {
>> send_reply("403","Rely forbidden");
>> exit;
>> }
>> }
>>
>> }
>>
>> # preloaded route checking
>> if (loose_route()) {
>> xlog("L_ERR",
>> "Attempt to route with preloaded Route's
>> [$fu/$tu/$ru/$ci]");
>> if (!is_method("ACK"))
>> sl_send_reply("403","Preload Route denied");
>> exit;
>> }
>>
>> # record routing
>> if (!is_method("REGISTER|MESSAGE"))
>> record_route();
>>
>> # account only INVITEs
>> if (is_method("INVITE")) {
>>
>> # create dialog with timeout
>> if ( !create_dialog("B") ) {
>> send_reply("500","Internal Server Error");
>> exit;
>> }
>>
>> setflag(ACC_DO); # do accounting
>> }
>>
>>
>> if (!is_uri_host_local()) {
>> append_hf("P-hint: outbound\r\n");
>>
>> route(relay);
>> }
>>
>> # requests for my domain
>>
>> if (is_method("PUBLISH|SUBSCRIBE"))
>> {
>> sl_send_reply("503", "Service Unavailable");
>> exit;
>> }
>>
>> if (is_method("REGISTER"))
>> {
>> fix_nated_register();
>> fix_nated_contact();
>> # authenticate the REGISTER requests
>> if (!www_authorize("", "subscriber"))
>> {
>> www_challenge("", "0");
>> exit;
>> }
>>
>> if (!db_check_to())
>> {
>> sl_send_reply("403","Forbidden auth ID");
>> exit;
>> }
>>
>> if ( 0 ) setflag(TCP_PERSISTENT);
>>
>> if (!save("location"))
>> sl_reply_error();
>>
>> exit;
>> }
>>
>> if ($rU==NULL) {
>> # request with no Username in RURI
>> sl_send_reply("484","Address Incomplete");
>> exit;
>> }
>>
>>
>> # apply DB based aliases
>> alias_db_lookup("dbaliases");
>>
>>
>> # apply transformations from dialplan table
>> dp_translate("0","$rU/$rU");
>>
>>
>> if ($rU=~"^\+[1-9][0-9]+$") {
>>
>> if (!do_routing("0")) {
>> send_reply("500","No PSTN Route found");
>> exit;
>> }
>>
>> route(relay);
>> exit;
>> }
>>
>>
>> # do lookup with method filtering
>> if (!lookup("location","m")) {
>> if (!db_does_uri_exist()) {
>> send_reply("420","Bad Extension");
>> exit;
>> }
>>
>> t_newtran();
>> t_reply("404", "Not Found");
>> exit;
>> }
>>
>> if (isbflagset(NAT)) setflag(NAT);
>>
>> # when routing via usrloc, log the missed calls also
>> setflag(ACC_MISSED);
>> route(relay);
>> }
>>
>>
>> route[relay] {
>> # for INVITEs enable some additional helper routes
>> if (is_method("INVITE")) {
>> if(nat_uac_test("127")){
>> # Usuario identificado como atras de nat
>> xlog("Usuario atras de nat em handle nat");
>> fix_nated_contact();
>> }
>> if (isflagset(NAT)) {
>> rtpproxy_offer("ro");
>> }
>>
>> t_on_branch("per_branch_ops");
>> t_on_reply("handle_nat");
>> t_on_failure("missed_call");
>> }
>>
>> if (isflagset(NAT)) {
>> add_rr_param(";nat=yes");
>> }
>>
>> if (!t_relay()) {
>> send_reply("500","Internal Error");
>> };
>> exit;
>> }
>>
>>
>>
>>
>> branch_route[per_branch_ops] {
>> xlog("new branch at $ru\n");
>> }
>>
>>
>> onreply_route[handle_nat] {
>> # if (nat_uac_test("1"))
>> # fix_nated_contact();
>> # if ( isflagset(NAT) )
>> # rtpproxy_answer("ro");
>> # xlog("incoming reply\n");
>>
>> # Recebemos resposta do pacote
>> xlog("incoming reply\n");
>>
>> # Verificamos aqui se esta requisicao possui SDP
>> if(is_method("ACK") && has_body("application/sdp")){
>> # Atendemos no rtpproxy
>> rtpproxy_answer();
>>
>> }else if(has_body("application/sdp")){
>> # possuindo sdp vamos re-escrever a informacao
>> #fix_nated_sdp("2");
>> rtpproxy_offer();
>> }
>>
>>
>> # Vamos tentar identificar se o usuario esta atras de nat
>> # executamos neste nivel pois aqui sera executado
>> # no momento que recebemos resposta, assim garantimos
>> # que em todos os casos manipularemos o nat
>> if(nat_uac_test("127")){
>> # Usuario identificado como atras de nat
>> xlog("Usuario atras de nat em handle nat");
>> fix_nated_contact();
>> }
>>
>> }
>>
>>
>> failure_route[missed_call] {
>> if (t_was_cancelled()) {
>> exit;
>> }
>>
>> # uncomment the following lines if you want to block client
>> # redirect based on 3xx replies.
>> ##if (t_check_status("3[0-9][0-9]")) {
>> ##t_reply("404","Not found");
>> ## exit;
>> ##}
>>
>>
>> }
>>
>>
>>
>> local_route {
>> if (is_method("BYE") && $DLG_dir=="UPSTREAM") {
>>
>> acc_db_request("200 Dialog Timeout", "acc");
>>
>> }
>> }
>>
>>
>>
>>
>> Atenciosamente.
>> Eng.° Rodrigo Ferreira
>> ITIL v3 Certified
>>
>>
>>
>>
>> 2013/10/4 Rodrigo Ferreira <rsferreira08 at gmail.com>
>> Yes I did Mike,
>>
>> and my SIP messages are ok.
>>
>> I will take a look at your tutorial.
>>
>> tks
>>
>>
>>
>> Atenciosamente.
>> Eng.° Rodrigo Ferreira
>> ITIL v3 Certified
>>
>>
>>
>>
>> 2013/10/3 Mike Tesliuk <mike at ultra.net.br>
>> Did you try to made some debug rodrigo ? maybe some rule is missing on
>> your route script
>>
>> i made a tutorial over version 1.9 that you can check
>>
>> [portugues]
>> http://opensips.com.br/wiki/index.php?title=Opensips_NAT_Script_com_RTPproxy
>> [english]
>> http://opensips.com.br/wiki/index.php?title=Oopensips_Nat_script_with_RTPPROXY_-_English
>>
>>
>>
>>
>> 2013/10/3 Rodrigo Ferreira <rsferreira08 at gmail.com>
>> Hi guys,
>>
>> After a long time without using Opensips (almost a year) I tried to
>> install the opensips 1.10 and everything went well BUT when I make a call,
>> there's no audio, I know that is something because of NAT, but I have the
>> nathelper and rtpproxy configuration on my opensips.cfg.
>>
>> There's anything else that I could take a look at?
>>
>> Thanks
>>
>>
>> Atenciosamente.
>> Eng.° Rodrigo Ferreira
>> ITIL v3 Certified
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
--
rickygm
http://gnuforever.homelinux.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20131023/4c6212a3/attachment-0001.htm>
More information about the Users
mailing list