[Users] UA behind NAT puts public IP in Contact, Via - help

Arek Bekiersz arek at perceval.net
Thu Mar 16 15:49:53 CET 2006 

Hello Bogdan,



Bogdan-Andrei Iancu wrote:
> they may happen because the phone is using STUN or because of a 
> SIP-aware router (on NAT border)

There is no STUN and the NAT is really simple one (not SIP-aware).




> take a look at:
> http://openser.org/docs/modules/1.0.x/nathelper.html#AEN349
> you have 5 tests to detect NATed clients

None of those tests works:
1) "Contact" has public IP
2) Via contains the same address as it was received from
4) Topmost Via has public IP
8) SDP contains public IPs (UA puts them)
16) Source port is the same as in Via




This UA is a popular one. This effect is observed in firmwares that are 
officially on the market for more than 3 months. I would like to force 
vendor to correct this problem as soon as possible, because other of us 
can experience similar problem. But first I want to be sure this is 
vendor problem, not SER problem.





Here is sample debug of REGISTER sequence:
UA has IP 192.168.1.200 in private LAN behind NAT.
NAT maps UAs port 5060 in LAN to port 61003 in WAN:

192.168.1.200:5060 -> proxy_wan_ip:5060
REGISTER sip:proxy_realm SIP/2.0
Via: SIP/2.0/UDP 
192.168.1.200:5060;branch=z9hG4bKD87C4E6B9057BD25A6EC854BAEB4F
From: <sip:1234 at proxy_realm>;tag=2789838218
To: <sip:1234 at proxy_realm>
Call-ID: foo
CSeq: 1 REGISTER
Max-Forwards: 70
User-Agent: stupid-user-agent
Supported: 100rel, replaces
Allow-Events: telephone-event, refer
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, UPDATE, PRACK, INFO, 
SUBSCRIBE, NOTIFY, REFER, MESSAGE
Accept: application/sdp, multipart/mixed
Accept-Encoding: identity
Content-Length: 0


proxy_wan_ip:5060 -> 192.168.1.200:5060
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 
192.168.1.200:5060;branch=z9hG4bKD87C4E6B9057BD25A6EC854BAEB4F;rport=61003;received=nat_wan_ip
From: <sip:1234 at proxy_realm>;tag=2789838218
To: <sip:1234 at proxy_realm>;tag=935ab969d5b642f019e17a3a52b4e4b2.8ec3
Call-ID: 31888733A35E0EFE3FC22B073B50C at 192.168.1.200
CSeq: 1 REGISTER
WWW-Authenticate: Digest realm="proxy_realm", 
nonce="4405aadab124f8b271a6d6282a0fd9abc4b09b8e"
Server: Sip EXpress router
Content-Length: 0


192.168.1.200:5060 -> proxy_wan_ip:5060
REGISTER sip:proxy_realm SIP/2.0
Via: SIP/2.0/UDP 
nat_wan_ip:61003;branch=z9hG4bK7BB67339C326394708852DEC41F3C
From: <sip:1234 at proxy_realm>;tag=2789838218
To: <sip:1234 at proxy_realm>
Call-ID: foo
CSeq: 2 REGISTER
Authorization: Digest username="1234", realm="proxy_realm", 
nonce="4405aadab124f8b271a6d6282a0fd9abc4b09b8e", uri="sip:proxy_realm", 
response="5a5c8fd5e58aa3cdcaff214c5ae4d2aa"
Max-Forwards: 70
User-Agent: stupid-user-agent
Supported: 100rel, replaces
Allow-Events: telephone-event, refer
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, UPDATE, PRACK, INFO, 
SUBSCRIBE, NOTIFY, REFER, MESSAGE
Accept: application/sdp, multipart/mixed
Accept-Encoding: identity
Content-Length: 0


proxy_wan_ip:5060 -> 192.168.1.200:5060
SIP/2.0 200 OK
Via: SIP/2.0/UDP 
nat_wan_ip:61003;branch=z9hG4bK7BB67339C326394708852DEC41F3C
From: <sip:1234 at proxy_realm>;tag=2789838218
To: <sip:1234 at proxy_realm>;tag=935ab969d5b642f019e17a3a52b4e4b2.1a9c
Call-ID: foo
CSeq: 2 REGISTER
Server: Sip EXpress router
Content-Length: 0


192.168.1.200:5060 -> proxy_wan_ip:5060
REGISTER sip:proxy_realm SIP/2.0
[WRONG!!] Via: SIP/2.0/udp 
nat_wan_ip:61003;branch=z9hG4bK82B006EB79CB30C39996A78C9962D
From: <sip:1234 at proxy_realm>;tag=2789838218
To: <sip:1234 at proxy_realm>
Call-ID: foo
CSeq: 3 REGISTER
[WRONG!!] Contact: 
<sip:1234 at nat_wan_ip:61003;uniq=0FC6DA2B97704905AA040333C2B03>
Authorization: Digest username="1234", realm="proxy_realm", 
nonce="4405aadab124f8b271a6d6282a0fd9abc4b09b8e", uri="sip:proxy_realm", 
response="5a5c8fd5e58aa3cdcaff214c5ae4d2aa"
Expires: 1800
Max-Forwards: 70
User-Agent: stupid-user-agent
Supported: 100rel, replaces
Allow-Events: telephone-event, refer
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, UPDATE, PRACK, INFO, 
SUBSCRIBE, NOTIFY, REFER, MESSAGE
Accept: application/sdp, multipart/mixed
Accept-Encoding: identity
Content-Length: 0


proxy_wan_ip:5060 -> 192.168.1.200:5060
SIP/2.0 200 OK
Via: SIP/2.0/udp 
nat_wan_ip:61003;branch=z9hG4bK82B006EB79CB30C39996A78C9962D
From: <sip:1234 at proxy_realm>;tag=2789838218
To: <sip:1234 at proxy_realm>;tag=935ab969d5b642f019e17a3a52b4e4b2.3770
Call-ID: 31888733A35E0EFE3FC22B073B50C at 192.168.1.200
CSeq: 3 REGISTER
Server: Sip EXpress router
Content-Length: 0







-- 
Regards,
Arek Bekiersz

More information about the Users mailing list