[Users] OpenSER as load balancer for several Asterisk servers
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Dec 21 11:30:01 CET 2006
inline ....
Edoardo Serra wrote:
> At 17.21 20/12/2006, Klaus Darilion wrote:
>> Then we have to go back to the beginning:
>> Please send a complete ngrep Trace (not ethereal or tcpdump - they are
>> horrible to read) of the call:
>> ngrep -t -W byline port 5060
>> (make sure not to mix IP addresses when replacing them)
>> And also send openser.cfg (remove passwords)
>
> Here I am,
> dump with ngrep and openser.cfg follow.
>
> The most strange thing, as you wuold notice, is that the 2 packets with
> 183 Session Progress contain the right IP addresses for the media path
> in SDP
> Those IPs are changed in the 200 OK packets so subsequents packet go to
> the wrong server (the result is monodirectional audio)
>
> IP and called number substitutions:
> AAA.AAA.AAA.AAA stands for IP of Asterisk
> OOO.OOO.OOO.OOO stands for IP of OpenSER
> CCC.CCC.CCC.CCC stands for IP of client
> 3333333333 is the called number
>
> Tnx in advance for help
>
> Regards
> Edoardo
>
> ---- Dump ----
>
> interface: eth0
> filter: ip and ( port 5060 )
>
> #
> U 2006/12/20 19:15:34.678287 CCC.CCC.CCC.CCC:21722 -> OOO.OOO.OOO.OOO:5060
> INVITE sip:3333333333 at OOO.OOO.OOO.OOO SIP/2.0.
> Via: SIP/2.0/UDP
> 192.168.1.207:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport.
>
> Max-Forwards: 70.
> Contact: <sip:webrainstorm at OOO.OOO.OOO.OOO:21722>.
> To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>.
> From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
> Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
> CSeq: 2 INVITE.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
> SUBSCRIBE, INFO.
> Content-Type: application/sdp.
> Proxy-Authorization: Digest
> username="webrainstorm",realm="exorsa",nonce="45897ef2b587b98fc67ea19dd5b09d828729da7a",uri="sip:3333333333 at OOO.OOO.OOO.OOO",response="eab1c8c11786217fa91a1cccd5ab12ee",algorithm=MD5.
>
> User-Agent: X-Lite release 1002tx stamp 29712.
> Content-Length: 531.
> .
> v=0.
> o=- 8 2 IN IP4 192.168.1.207.
> s=<CounterPath eyeBeam 1.5>.
> c=IN IP4 192.168.1.207.
> t=0 0.
> m=audio 51126 RTP/AVP 107 119 0 98 8 3 101.
> a=alt:1 4 : j8K0NvX0 kXY4R7xZ 10.20.0.18 51126.
> a=alt:2 3 : fLWQkZY+ MYtnqw0q 192.168.1.207 51126.
> a=alt:3 2 : yXdwE+mU 41ew0wrw 192.168.33.1 51126.
> a=alt:4 1 : 4uQ0NB/Z F+dp79Pq 192.168.8.1 51126.
> a=fmtp:101 0-15.
> a=rtpmap:107 BV32/16000.
> a=rtpmap:119 BV32-FEC/16000.
> a=rtpmap:98 iLBC/8000.
> a=rtpmap:101 telephone-event/8000.
> a=sendrecv.
> a=x-rtp-session-id:6754D37B91D842568EE88680F168B966.
>
> #
> U 2006/12/20 19:15:34.679538 CCC.CCC.CCC.CCC:21722 -> OOO.OOO.OOO.OOO:5060
> .
> .
>
> #
> U 2006/12/20 19:15:34.680057 OOO.OOO.OOO.OOO:5060 -> CCC.CCC.CCC.CCC:21722
> SIP/2.0 100 trying -- your call is important to us.
> Via: SIP/2.0/UDP
> OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
>
> To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>.
> From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
> Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
> CSeq: 2 INVITE.
> Server: OpenSer (1.1.0-notls (i386/linux)).
> Content-Length: 0.
> Warning: 392 OOO.OOO.OOO.OOO:5060 "Noisy feedback tells: pid=31932
> req_src_ip=CCC.CCC.CCC.CCC req_src_port=21722
> in_uri=sip:3333333333 at OOO.OOO.OOO.OOO
> out_uri=sip:3333333333 at OOO.OOO.OOO.OOO via_cnt==1".
> .
>
> #
> U 2006/12/20 19:15:34.680156 OOO.OOO.OOO.OOO:5060 ->
> AAA.AAA.AAA.AAA:5060 5766 at 0:1480
> ........INVITE sip:3333333333 at OOO.OOO.OOO.OOO SIP/2.0.
> Record-Route: <sip:OOO.OOO.OOO.OOO;lr=on;ftag=1d106710>.
> Via: SIP/2.0/UDP OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0.
> Via: SIP/2.0/UDP
> CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
>
> Max-Forwards: 69.
> Contact: <sip:webrainstorm at CCC.CCC.CCC.CCC:21722>.
> To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>.
> From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
> Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
> CSeq: 2 INVITE.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
> SUBSCRIBE, INFO.
> Content-Type: application/sdp.
> Proxy-Authorization: Digest
> username="webrainstorm",realm="exorsa",nonce="45897ef2b587b98fc67ea19dd5b09d828729da7a",uri="sip:3333333333 at OOO.OOO.OOO.OOO",response="eab1c8c11786217fa91a1cccd5ab12ee",algorithm=MD5.
>
> User-Agent: X-Lite release 1002tx stamp 29712.
> Content-Length: 529.
> P-hint: usrloc applied.
> .
> v=0.
> o=- 8 2 IN IP4 CCC.CCC.CCC.CCC.
> s=<CounterPath eyeBeam 1.5>.
> c=IN IP4 CCC.CCC.CCC.CCC.
> t=0 0.
> m=audio 51126 RTP/AVP 107 119 0 98 8 3 101.
> a=alt:1 4 : j8K0NvX0 kXY4R7xZ 10.20.0.18 51126.
> a=alt:2 3 : fLWQkZY+ MYtnqw0q 192.168.1.207 51126.
> a=alt:3 2 : yXdwE+mU 41ew0wrw 192.168.33.1 51126.
> a=alt:4 1 : 4uQ0NB/Z F+dp79Pq 192.168.8.1 51126.
> a=fmtp:101 0-15.
> a=rtpmap:107 BV32/16000.
> a=rtpmap:119 BV32-FEC/16000.
> a=rtpmap:98 iLBC/8000.
> a=rtpmap:101 telephone-event/8000.
> a=sendrecv.
> a=x-rtp-session-id:6754D37B91D842568EE88680F168B
> #
> U 2006/12/20 19:15:34.681110 AAA.AAA.AAA.AAA:5060 -> OOO.OOO.OOO.OOO:5060
> SIP/2.0 100 Trying.
> Via: SIP/2.0/UDP
> OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0;received=OOO.OOO.OOO.OOO.
> Via: SIP/2.0/UDP
> CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
>
> From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
> To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>.
> Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
> CSeq: 2 INVITE.
> User-Agent: Asterisk.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
> Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>.
> Content-Length: 0.
> .
>
> #
> U 2006/12/20 19:15:35.025207 AAA.AAA.AAA.AAA:5060 -> OOO.OOO.OOO.OOO:5060
> SIP/2.0 183 Session Progress.
> Via: SIP/2.0/UDP
> OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0;received=OOO.OOO.OOO.OOO.
> Via: SIP/2.0/UDP
> CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
>
> From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
> To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as1f398d64.
> Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
> CSeq: 2 INVITE.
> User-Agent: Asterisk.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
> Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>.
> Content-Type: application/sdp.
> Content-Length: 291.
> .
> v=0.
> o=root 20137 20137 IN IP4 AAA.AAA.AAA.AAA.
> s=session.
> c=IN IP4 AAA.AAA.AAA.AAA.
> t=0 0.
> m=audio 30502 RTP/AVP 98 3 8 0 101.
> a=rtpmap:98 iLBC/8000.
> a=rtpmap:3 GSM/8000.
> a=rtpmap:8 PCMA/8000.
> a=rtpmap:0 PCMU/8000.
> a=rtpmap:101 telephone-event/8000.
> a=fmtp:101 0-16.
> a=silenceSupp:off - - - -.
>
> #
> U 2006/12/20 19:15:35.025446 OOO.OOO.OOO.OOO:5060 -> CCC.CCC.CCC.CCC:21722
> SIP/2.0 183 Session Progress.
> Via: SIP/2.0/UDP
> OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
^^^^^^^^^^^^^^
strange bug again - there must be CCC.CCC.CCC.CCC
>
> From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
> To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as1f398d64.
> Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
> CSeq: 2 INVITE.
> User-Agent: Asterisk.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
> Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>.
> Content-Type: application/sdp.
> Content-Length: 291.
> .
> v=0.
> o=root 20137 20137 IN IP4 AAA.AAA.AAA.AAA.
> s=session.
> c=IN IP4 AAA.AAA.AAA.AAA.
> t=0 0.
> m=audio 30502 RTP/AVP 98 3 8 0 101.
> a=rtpmap:98 iLBC/8000.
> a=rtpmap:3 GSM/8000.
> a=rtpmap:8 PCMA/8000.
> a=rtpmap:0 PCMU/8000.
> a=rtpmap:101 telephone-event/8000.
> a=fmtp:101 0-16.
> a=silenceSupp:off - - - -.
>
> #
> U 2006/12/20 19:15:39.290612 AAA.AAA.AAA.AAA:5060 -> OOO.OOO.OOO.OOO:5060
> SIP/2.0 180 Ringing.
> Via: SIP/2.0/UDP
> OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0;received=OOO.OOO.OOO.OOO.
> Via: SIP/2.0/UDP
> CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
>
> From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
> To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as1f398d64.
> Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
> CSeq: 2 INVITE.
> User-Agent: Asterisk.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
> Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>.
> Content-Length: 0.
> .
>
> #
> U 2006/12/20 19:15:39.290784 OOO.OOO.OOO.OOO:5060 -> CCC.CCC.CCC.CCC:21722
> SIP/2.0 180 Ringing.
> Via: SIP/2.0/UDP
> OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
>
> From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
> To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as1f398d64.
> Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
> CSeq: 2 INVITE.
> User-Agent: Asterisk.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
> Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>.
> Content-Length: 0.
> .
>
> #
> U 2006/12/20 19:15:45.284233 AAA.AAA.AAA.AAA:5060 -> OOO.OOO.OOO.OOO:5060
> SIP/2.0 200 OK.
> Via: SIP/2.0/UDP
> OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0;received=OOO.OOO.OOO.OOO.
> Via: SIP/2.0/UDP
> CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
>
> Record-Route: <sip:OOO.OOO.OOO.OOO;lr=on;ftag=1d106710>.
> From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
> To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as1f398d64.
> Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
> CSeq: 2 INVITE.
> User-Agent: Asterisk.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
> Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>.
> Content-Type: application/sdp.
> Content-Length: 291.
> .
> v=0.
> o=root 20137 20138 IN IP4 AAA.AAA.AAA.AAA.
> s=session.
> c=IN IP4 AAA.AAA.AAA.AAA.
> t=0 0.
> m=audio 30502 RTP/AVP 98 3 8 0 101.
> a=rtpmap:98 iLBC/8000.
> a=rtpmap:3 GSM/8000.
> a=rtpmap:8 PCMA/8000.
> a=rtpmap:0 PCMU/8000.
> a=rtpmap:101 telephone-event/8000.
> a=fmtp:101 0-16.
> a=silenceSupp:off - - - -.
>
> #
> U 2006/12/20 19:15:45.284766 OOO.OOO.OOO.OOO:5060 -> CCC.CCC.CCC.CCC:21722
> SIP/2.0 200 OK.
> Via: SIP/2.0/UDP
> OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.
>
> Record-Route: <sip:OOO.OOO.OOO.OOO;lr=on;ftag=1d106710>.
> From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
> To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as1f398d64.
> Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
> CSeq: 2 INVITE.
> User-Agent: Asterisk.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
> Contact: <sip:3333333333 at AAA.AAA.AAA.AAA:5060>.
> Content-Type: application/sdp.
> Content-Length: 291.
> .
> v=0.
> o=root 20137 20138 IN IP4 OOO.OOO.OOO.OOO.
> s=session.
> c=IN IP4 OOO.OOO.OOO.OOO.
> t=0 0.
> m=audio 30502 RTP/AVP 98 3 8 0 101.
> a=rtpmap:98 iLBC/8000.
> a=rtpmap:3 GSM/8000.
> a=rtpmap:8 PCMA/8000.
> a=rtpmap:0 PCMU/8000.
> a=rtpmap:101 telephone-event/8000.
> a=fmtp:101 0-16.
> a=silenceSupp:off - - - -.
>
> #
> U 2006/12/20 19:15:45.523120 CCC.CCC.CCC.CCC:21722 -> OOO.OOO.OOO.OOO:5060
> ACK sip:3333333333 at AAA.AAA.AAA.AAA:5060 SIP/2.0.
> Via: SIP/2.0/UDP
> 192.168.1.207:21722;branch=z9hG4bK-d87543-1276651d53700b28-1--d87543-;rport.
>
> Max-Forwards: 70.
> Route: <sip:OOO.OOO.OOO.OOO;lr;ftag=1d106710>.
> Contact: <sip:webrainstorm at OOO.OOO.OOO.OOO:21722>.
> To: "3333333333"<sip:3333333333 at OOO.OOO.OOO.OOO>;tag=as1f398d64.
> From: "Edoardo Serra"<sip:webrainstorm at OOO.OOO.OOO.OOO>;tag=1d106710.
> Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc..
> CSeq: 2 ACK.
> Proxy-Authorization: Digest
> username="webrainstorm",realm="exorsa",nonce="45897ef2b587b98fc67ea19dd5b09d828729da7a",uri="sip:3333333333 at OOO.OOO.OOO.OOO",response="eab1c8c11786217fa91a1cccd5ab12ee",algorithm=MD5.
>
> User-Agent: X-Lite release 1002tx stamp 29712.
> Content-Length: 0.
> .
>
> #
>
> ---- openser.cfg ----
>
> AAA.AAA.AAA.111 and AAA.AAA.AAA.222 are the 2 asterisks used for load
> balance
> In the capure before only one of the 2 Asterisk boxes was in
> dispatcher.list
>
>
> # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
> # simple quick-start config script
> #
>
> # ----------- global configuration parameters ------------------------
>
> #debug=3 # debug level (cmd line: -dddddddddd)
> fork=yes
> #log_stderror=no # (cmd line: -E)
>
> check_via=no # (cmd. line: -v)
> dns=no # (cmd. line: -r)
> rev_dns=no # (cmd. line: -R)
> #children=4
> #port=5060
> fifo="/tmp/ser_fifo"
>
> #uid=nobody
> #gid=nobody
>
> # ------------------ module loading ----------------------------------
>
> loadmodule "/usr/lib/openser/modules/sl.so"
> loadmodule "/usr/lib/openser/modules/tm.so"
> loadmodule "/usr/lib/openser/modules/rr.so"
> loadmodule "/usr/lib/openser/modules/maxfwd.so"
> loadmodule "/usr/lib/openser/modules/usrloc.so"
> loadmodule "/usr/lib/openser/modules/registrar.so"
> loadmodule "/usr/lib/openser/modules/nathelper.so"
> loadmodule "/usr/lib/openser/modules/textops.so"
> loadmodule "/usr/lib/openser/modules/exec.so"
> loadmodule "/usr/lib/openser/modules/uri.so"
> loadmodule "/usr/lib/openser/modules/uri_db.so"
> loadmodule "/usr/lib/openser/modules/dispatcher.so"
>
> # Uncomment this if you want digest authentication
> # mysql.so must be loaded !
> loadmodule "/usr/lib/openser/modules/mysql.so"
> loadmodule "/usr/lib/openser/modules/auth.so"
> loadmodule "/usr/lib/openser/modules/auth_db.so"
>
> modparam("usrloc", "db_mode", 2)
> modparam("usrloc", "db_url", "mysql://xxx:xxx@192.168.252.5/openser")
>
> # abbassare il timer
> modparam("usrloc", "timer_interval", 120)
>
> modparam("auth_db", "calculate_ha1", 0)
> modparam("auth_db", "db_url", "mysql://xxx:xxx@192.168.252.5/voismartdb")
>
> modparam("uri_db", "db_url", "mysql://xxx:xxx@192.168.252.5/openser")
>
> modparam("rr", "enable_full_lr", 1)
>
> modparam("registrar", "nat_flag", 6)
> #modparam("registrar", "default_expires", 300)
> modparam("registrar", "max_expires", 3600)
> modparam("registrar", "min_expires", 60)
> modparam("registrar", "append_branches", 0)
> modparam("registrar", "desc_time_order", 1)
>
> modparam("nathelper", "natping_interval", 20) # Ping interval 20 s
> modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind
> NAT
>
> modparam("dispatcher", "force_dst", 1)
>
> # ------------------------- request routing logic -------------------
>
> # main routing logic
>
> route{
> # initial sanity checks -- messages with
> # max_forwards==0, or excessively long requests
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> exit;
> };
> if ( msg:len > max_len ) {
> sl_send_reply("513", "Message too big");
> exit;
> };
>
> if ( (method=="OPTIONS") || (method=="SUBSCRIBE") ||
> (method=="NOTIFY") ) {
> sl_send_reply("405", "Method Not Allowed");
> exit;
> }
do loose_route here
>
> if (!method=="REGISTER") {
> record_route();
> };
>
> if ((src_ip==AAA.AAA.AAA.111) || (src_ip==AAA.AAA.AAA.222)) {
> if (!lookup("location")) {
> sl_send_reply("404", "Not Found");
> exit;
> };
here you need to apply NAT traversal for the client too:
if (isflagset(6)) {
force_rtp_proxy();
t_on_reply("1");
}
> # forward to current uri now; use stateful forwarding; that
> # works reliably even if we forward from TCP to UDP
> if (!t_relay()) {
> sl_reply_error();
> };
> exit;
> };
>
> if (nat_uac_test("3")) {
> if ((method=="REGISTER") || (method=="INVITE") ||
> (method=="OPTIONS")) {
> fix_nated_contact();
for REGISTER you should use fix_nated_register()
> force_rport();
> setflag(6); # Mark as NATed
use reply route here:
t_on_reply("1");
> }
> }
> # if the request is for other domain use UsrLoc
> # (in case, it does not work, use the following command
> # with proper names and addresses in it)
> if (method=="REGISTER") {
> if (!proxy_authorize("exorsa", "openser_view")) {
> proxy_challenge("exorsa", "0");
> exit;
> }
> if (!check_to()) {
> sl_send_reply("403", "Digest username and URI
> username do NOT match! Stay away!");
> exit;
> }
>
> save("location");
>
> exit;
> };
>
> if (method=="INVITE") {
> if (!proxy_authorize("exorsa", "openser_view")) {
> proxy_challenge("exorsa", "0");
> exit;
> }
>
> if (!check_from()) {
> sl_send_reply("403", "Digest username and URI
> username do NOT match! Stay away!");
> exit;
> }
> }
>
> # loose-route processing
> if (loose_route()) {
> # mark routing logic in request
> append_hf("P-hint: rr-enforced\r\n");
> route(1);
> exit;
> };
move loose_route up
>
> if (!uri==myself) {
> # mark routing logic in request
> append_hf("P-hint: outbound\r\n");
> route(1);
> exit;
> };
>
> append_hf("P-hint: usrloc applied\r\n");
> route(1);
> }
>
> route[1]
> {
> # !! Nathelper
> if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)"
> && !search("^Route:")){
> sl_send_reply("479", "We don't forward to private IP
> addresses");
> exit;
> };
>
> # NAT processing of replies; apply to all transactions (for
> example,
> # re-INVITEs from public to private UA are hard to identify as
> # NATed at the moment of request processing); look at replies
> t_on_reply("1");
you active the reply route for all calls. You should do this only for
call which need it. Thus, move it up.
>
> # send it out now; use stateful forwarding as it works reliably
> # even for UDP2TCP
> if ((src_ip!=AAA.AAA.AAA.111) && (src_ip!=AAA.AAA.AAA.222)) {
> ds_select_dst("2", "0");
> }
>
> if (!t_relay()) {
> sl_reply_error();
> };
> }
>
> # !! Nathelper
> onreply_route[1] {
> # NATed transaction ?
> if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
> fix_nated_contact();
> #force_rtp_proxy();
^
Are you sure it is commented? I do not believe it because the ngrep
shows that the SDP of 200 Ok is rewritten.
btw: enable it for NAT traversal
> # otherwise, is it a transaction behind a NAT and we did not
> # know at time of request processing ? (RFC1918 contacts)
> } else if (nat_uac_test("1")) {
> fix_nated_contact();
> };
I think you do not need this test.
Please read the Getting Started Turial from onsip.org carefully. It
describes how you handle NAT correctly and also describes how to do NAT
traversal for in-dialog messages, which is missing in your config.
regards
klaus
> }
>
> Hope it helps.
>
> Tnx again for your help
>
> Regards
>
> Edoardo
>
--
Klaus Darilion
nic.at
More information about the Users
mailing list