[OpenSER-Users] NAT + STUN
Marc LEURENT
lftsy at free.fr
Thu Aug 2 18:19:07 CEST 2007
There is already an exit; function at the end of the route1
And I have disabled the acc functions in the route
Do you have a working configuration using STUN and version 1.2.1 of openser?
Thanks
debug=7 # debug level (cmd line: -dddddddddd)
fork=no
log_stderror=yes # (cmd line: -E)
children=4
listen=88.191.45.91
#alias=sd-7501.dedibox.fr
port=5060
avp_aliases="day=i:101;time=i:102;can_uri=i:800;s_ip=i:801;billing_party=i:802;from_header=i:803;sip_proxy_ip=i:804"
#;pstnuser=i:805;pstnpassword=i:806:pstnrealm=i:807"
# ------------------ module loading ----------------------------------
#set module path
mpath="/usr/lib/openser/modules/"
# Uncomment this if you want to use SQL database
loadmodule "mysql.so"
loadmodule "sl.so" # Stateless Module
loadmodule "tm.so" # Transaction Module
loadmodule "rr.so" # Record-Route and Route Module
loadmodule "maxfwd.so" # Max-Forward processor Module
loadmodule "usrloc.so" # User Location Implementation Module
loadmodule "registrar.so" # SIP Registrat Implementation Module (need usrloc)
loadmodule "textops.so" # Text Operation Module
loadmodule "mi_fifo.so" # FIFO transport layer implementation for Management Interface
loadmodule "acc.so" # Accounting Module
loadmodule "avpops.so" # AVP Operation Module (user preference)
loadmodule "uri.so" # Generic URI operation Module
loadmodule "auth.so" # Authentification Module
#loadmodule "auth_db.so" # Database-backend Authentication mMdule
loadmodule "auth_radius.so" # RADIUS-backend Authentication Module
loadmodule "group_radius.so" # User-groups Module with RADIUS-backend
#loadmodule "avp_radius.so" # RADIUS-backend for AVP loading Module
#loadmodule "presence.so" # Presence server Module
#loadmodule "pua.so" # Common API for presence user agent client
loadmodule "options.so" # OPTIONS server replier Module
loadmodule "xlog.so" # Advanced Logger Module
loadmodule "nathelper.so" # NAT Traversal Helper Module
#loadmodule "dispatcher.so" # Dispatcher (load-balancer) Module
loadmodule "uac.so" # User Agent Client
loadmodule "siptrace.so" # SipTrace module (storage of SIP requests)
#loadmodule "exec.so" # Allows to start an external command from a OpenSER script
# ----------------- setting module-specific parameters ---------------
# -- exec params --
#modparam("exec", "setvars", 1) # Turn off to disable setting environment variables for executed commands
#modparam("exec", "time_to_kill", 20) # longest time a program is allowed to execute
# -- maxfwd params --
modparam("maxfwd", "max_limit", 10) # Default is 256 | 10 in the functions
# -- sl params --
modparam("sl", "enable_stats", 1)
# -- mi_fifo params --
modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
# -- usrloc params --
# Uncomment this if you want to use SQL database
modparam("usrloc", "db_mode", 1) # Write instantaneously in the DB
modparam("usrloc", "db_url", "mysql://openser:razovski@127.0.0.1/openser")
modparam("usrloc", "timer_interval", 10)
#modparam("usrloc", "use_domain", 1) # Not working for now...
#modparam("usrloc", "cseq_delay", 5) # Delay before authorizing others retransmissions
#modparam("usrloc", "matching_mode", 1) # 1 - CONTACT and CALLID based matching algorithm
modparam("usrloc", "nat_bflag" , 3)
# -- rr params --
modparam("rr", "enable_full_lr", 1) # add value to ;lr param to make some broken UAs happy
#modparam("rr", "add_username", 1) # username is added to the record-route
# -- siptrace params --
modparam("siptrace", "db_url", "mysql://openser:razovski@127.0.0.1/openser")
modparam("siptrace", "table", "sip_trace") # Default value "sip_trace"
modparam("siptrace", "trace_on", 1)
# -- registrar params --
modparam("registrar", "default_expires", 1800)
modparam("registrar", "max_expires", 60)
modparam("registrar", "received_avp", "$avp(i:42)")
modparam("registrar", "max_contacts", 100) # TO INCREASE LATER
# -- nathelper params --
#modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:22222")
modparam("nathelper", "rtpproxy_disable", 1)
modparam("nathelper", "sipping_bflag", 5)
modparam("nathelper", "natping_interval", 20)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "sipping_method", "OPTIONS")
modparam("nathelper", "received_avp", "$avp(i:42)") # Same Value as the registrar module
modparam("nathelper", "sipping_from", "sip:pinger at sd-7501.dedibox.fr")
#modparam("auth", "nonce_expire", 300) # Time before nounce expiration
modparam("auth_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
# -- group_radius params --
modparam("group_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
modparam("group_radius", "use_domain", 1) # username at domain will be used for lookup
# -- avp_radius parameter --
#modparam("avp_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
# -- acc params (with radius )--
modparam("acc", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
modparam("acc", "radius_flag", 1)
modparam("acc", "radius_missed_flag", 2)
modparam("acc", "early_media", 1)
modparam("acc", "report_cancels", 1)
#modparam("acc", "report_ack", 0)
modparam("acc", "detect_direction", 1)
#modparam("acc", "log_flag", 1) # number of the flag which will be used to mark messages for accounting
#modparam("acc", "log_level", 1) # Set the reporting log level
#modparam("acc", "log_missed_flag", 2) #
#modparam("acc", "failed_transaction_flag", 2)
modparam("acc", "service_type", 15) # Radius service type used for accounting : 15 = (SIP)
#modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp")
# ATTENTION: DO NOT PUT ; at the end of the radius_extra attribute
modparam("acc", "radius_extra", "Sip-Src-IP=$si;
Sip-Src-Port=$sp;
Canonical-URI=$avp(can_uri);
Billing-Party=$avp(billing_party);
SIP-Proxy-IP=$avp(sip_proxy_ip);
User-Agent=$ua
")
#Billing-Party=$avp(billing_party)
#From-Header=$hdr(from);
#User-Name=$fU;
#From-Header=$avp(from_header);
#Digest-Realm=$fd
#Sip-From-Tag=$avp(from_header);
#SIP-Method=$rm;
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# NAT detection
route(2);
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER") {
record_route();
};
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) { # mark routing logic in request
xlog("IN LOOSE ROUTE SECTION \r\n");
append_hf("P-hint: rr-enforced\r\n");
if(is_method("BYE")) { # log it all the time
acc_rad_request("200 ok");
acc_log_request("200 ok");
}
route(1);
exit;
};
# Functions when calling other domains
xlog("CHECKING IF URI <> myself \r\n");
if (!uri==myself) {
append_hf("P-hint: outbound\r\n");
xlog("URI <> myself TO ROUTE 1 \r\n");
route(1);
};
if (uri==myself) {
if (method=="REGISTER") {
sip_trace();
xlog("L_INFO", "$fu IS TRYING TO REGISTER \r\n");
if (!radius_www_authorize("sd-7501.dedibox.fr")) {
www_challenge("sd-7501.dedibox.fr", "0"); # qop set to 1
xlog("L_INFO", "WWW_CHALLENGE of $si FAILED \r\n");
exit;
};
#if (isflagset(5)) {
if (isbflagset(3)) {
#setflag(6);
# if you want OPTIONS natpings uncomment next
# setflag(7); # Deprecated
setbflag(5); # Set Flag for SIP PINGING
};
save("location");
xlog("L_INFO", "SAVE LOCATION OF $si \r\n");
exit;
};
if (!lookup("location")) {
xlog("LOOKUP(LOCATION) FAILED \r\n");
# log to acc as missed call
acc_rad_request("404 Not Found");
acc_log_request("404 Not Found");
xlog("L_DBG", "ACC RADIUS: 404 NOT FOUND FOR $si \r\n");
sl_send_reply("404", "Not Found");
exit;
};
append_hf("P-hint: usrloc applied\r\n");
};
route(1);
}
## Generic Forward
route[1] {
xlog("STARTING ROUTE 1 \r\n");
if (subst_uri('/(sip:.*);nat=yes/\1/')){
#setflag(6); # Deprecated, for version 1.1
xlog("SETTING BFLAGS 3 & 5 \r\n");
setbflag(3); # NAT flag
setbflag(5); # For SIP PINGS
};
#if (isflagset(5)||isflagset(6)) {
if (isbflagset(3)) {
xlog("FLAG 3 OK GOTO ROUTE 3 \r\n");
route(3);
} else {
xlog("!!!! STRANGE, NO FLAG 3 -> NORMAL ROUTE \r\n");
}
if (!t_relay()) {
sl_reply_error();
};
exit;
}
# NAT Detection
route[2]{
xlog("ROUTE2: STARTING NAT DETECTION \r\n");
force_rport(); # Add port number of the client in the request
if (nat_uac_test("19")) {
xlog("!!!!!!!!! NAT UAC TEST 19 SUCEEDEED \r\n");
if (method=="REGISTER") {
xlog("FIX NATED REGISTER \r\n");
fix_nated_register();
} else {
xlog("FIX NATED CONTACT \r\n");
fix_nated_contact(); # Change the IP -> public
fix_nated_sdp("2"); # Force to be active
};
#setflag(5); Deprecated
xlog("ROUTE2: SETFLAG 3 \r\n");
setbflag(3);
};
}
## Route for natted contact
route[3] {
xlog("!!!!!!!!! ON ROUTE 3 FOR NATTED CONTACT \r\n");
if (is_method("BYE|CANCEL")) {
# Ajout Maison
#acc_rad_request("200 ok");
#acc_log_request("200 ok");
#unforce_rtp_proxy();
t_on_failure("1");
} else if (is_method("INVITE")){
#force_rtp_proxy();
t_on_failure("1");
};
#if (isflagset(5))
if (isbflagset(3)){
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
}
t_on_reply("1");
}
## Failure Route 1
failure_route[1] {
xlog("!!!!!!!!! ON FAILURE ROUTE \r\n");
#if (isflagset(6) || isflagset(5)) {
#if (isbflagset(3)) {
#unforce_rtp_proxy();
#}
}
## Reply route
onreply_route[1] {
xlog("!!!!!!!!! ON REPLY ROUTE \r\n");
#if ((isflagset(5) || isflagset(6)) && status=~"(183)|(2[0-9][0-9])") {
#if (isbflagset(3) && status=~"(183)|(2[0-9][0-9])") {
#force_rtp_proxy();
#}
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
#if (isflagset(6)) {
if (isbflagset(3)) {
xlog("!!!!!!!!! ON REPLY ROUTE / FIX NATED CONTACT \r\n");
fix_nated_contact();
}
exit;
}
Dan-Cristian Bogos a écrit :
> Marc,
>
> can u post your newly modified configuration again? Also, I would add
> an exit after route(1) in the loose routing.
> Did u try also disabling the accounting?
>
> Dan
>
> On 8/2/07, Marc LEURENT <lftsy at free.fr> wrote:
>> Do you have any idea to solve this matter:
>> In the BYE request:
>>
>> 0(2569) found end of header
>> 0(2569) find_next_route: No next Route HF found
>> 0(2569) after_loose: No next URI found
>>
>> So the BYE message is not forwarded by openser
>>
>>
>>
>>
>>
>>
>> Please find below INVITE and BYE requests
>>
>>
>>
>>
>>
>>
>>
>>
>> 0(2632) SIP Request:
>> 0(2632) method: <INVITE>
>> 0(2632) uri: <sip:103 at sd-7501.dedibox.fr:5060>
>> 0(2632) version: <SIP/2.0>
>> 0(2632) parse_headers: flags=2
>> 0(2632) Found param type 232, <branch> = <z9hG4bK4747925369759203710>; state=16
>> 0(2632) end of header reached, state=5
>> 0(2632) parse_headers: Via found, flags=2
>> 0(2632) parse_headers: this is the first via
>> 0(2632) After parse_msg...
>> 0(2632) preparing to run routing scripts...
>> 0(2632) parse_headers: flags=100
>> 0(2632) DEBUG:parse_to:end of header reached, state=10
>> 0(2632) DBUG:parse_to: display={}, ruri={sip:103 at sd-7501.dedibox.fr:5060;user=phone}
>> 0(2632) DEBUG: get_hdr_field: <To> [46]; uri=[sip:103 at sd-7501.dedibox.fr:5060;user=phone]
>> 0(2632) DEBUG: to body [<sip:103 at sd-7501.dedibox.fr:5060;user=phone>
>> ]
>> 0(2632) get_hdr_field: cseq <CSeq>: <1> <INVITE>
>> 0(2632) DEBUG:maxfwd:is_maxfwd_present: value = 70
>> 0(2632) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 10
>> 0(2632) ROUTE2: STARTING NAT DETECTION
>> 0(2632) !!!!!!!!! NAT UAC TEST 19 SUCEDEED
>> 0(2632) parse_headers: flags=80
>> 0(2632) ROUTE2: SETFLAG 3
>> 0(2632) DEBUG: add_param: tag=c0a80101-b67ff5
>> 0(2632) DEBUG:parse_to:end of header reached, state=29
>> 0(2632) DBUG:parse_to: display={"101"}, ruri={sip:101 at sd-7501.dedibox.fr:5060;user=phone}
>> 0(2632) parse_headers: flags=200
>> 0(2632) DEBUG: get_hdr_body : content_length=269
>> 0(2632) found end of header
>> 0(2632) find_first_route: No Route headers found
>> 0(2632) loose_route: There is no Route HF
>> 0(2632) DEBUG: has_totag: no totag
>> 0(2632) I AM SETTING THE FLAGS FOR RADIUS
>> 0(2632) SETTING FLAGS 1 & 2 FOR RADIUS
>> 0(2632) CHECKING IF URI <> myself
>> 0(2632) grep_sock_info - checking if host==us: 18==12 && [sd-7501.dedibox.fr] == [88.191.45.91]
>> 0(2632) grep_sock_info - checking if port 5060 matches port 5060
>> 0(2632) grep_sock_info - checking if host==us: 18==12 && [sd-7501.dedibox.fr] == [88.191.45.91]
>> 0(2632) grep_sock_info - checking if port 5060 matches port 5060
>> 0(2632) grep_sock_info - checking if host==us: 18==12 && [sd-7501.dedibox.fr] == [88.191.45.91]
>> 0(2632) grep_sock_info - checking if port 5060 matches port 5060
>> 0(2632) grep_sock_info - checking if host==us: 18==12 && [sd-7501.dedibox.fr] == [88.191.45.91]
>> 0(2632) grep_sock_info - checking if port 5060 matches port 5060
>> 0(2632) rewrite_uri: Rewriting Request-URI with 'sip:103 at 82.127.0.79:1028;user=phone'
>> 0(2632) parse_headers: flags=ffffffffffffffff
>> 0(2632) STARTING ROUTE 1
>> 0(2632) subst_run: running. r=1
>> 0(2632) subst_str: no match
>> 0(2632) FLAG 3 OK GOTO ROUTE 3
>> 0(2632) !!!!!!!!! ON ROUTE 3 FOR NATTED CONTACT
>> 0(2632) DEBUG: t_newtran: T on entrance=0xffffffff
>> 0(2632) parse_headers: flags=ffffffffffffffff
>> 0(2632) parse_headers: flags=78
>> 0(2632) t_lookup_request: start searching: hash=12532, isACK=0
>> 0(2632) DEBUG: RFC3261 transaction matching failed
>> 0(2632) DEBUG: t_lookup_request: no transaction found
>> 0(2632) DBG: trans=0xb5c08fa8, callback type 1, id 1 entered
>> 0(2632) trace_onreq_in: trace off...
>> 0(2632) DBG: trans=0xb5c08fa8, callback type 1, id 0 entered
>> 0(2632) parse_headers: flags=78
>> 0(2632) DEBUG: noisy_timer set for accounting
>> 0(2632) DEBUG:rr:is_direction: param ftag not found
>> 0(2632) parse_headers: flags=ffffffffffffffff
>> 0(2632) check_via_address(82.127.0.79, 82.127.0.79, 0)
>>
>>
>>
>>
>>
>>
>>
>> 0(2569) SIP Request:
>> 0(2569) method: <BYE>
>> 0(2569) uri: <sip:101 at 82.127.0.79:1312>
>> 0(2569) version: <SIP/2.0>
>> 0(2569) parse_headers: flags=2
>> 0(2569) Found param type 232, <branch> = <z9hG4bK2074253192092946047>; state=16
>> 0(2569) end of header reached, state=5
>> 0(2569) parse_headers: Via found, flags=2
>> 0(2569) parse_headers: this is the first via
>> 0(2569) After parse_msg...
>> 0(2569) preparing to run routing scripts...
>> 0(2569) parse_headers: flags=100
>> 0(2569) DEBUG: add_param: tag=c0a80101-b31387
>> 0(2569) DEBUG:parse_to:end of header reached, state=29
>> 0(2569) DBUG:parse_to: display={}, ruri={sip:101 at sd-7501.dedibox.fr:5060;user=phone}
>> 0(2569) DEBUG: get_hdr_field: <To> [66]; uri=[sip:101 at sd-7501.dedibox.fr:5060;user=phone]
>> 0(2569) DEBUG: to body [<sip:101 at sd-7501.dedibox.fr:5060;user=phone>]
>> 0(2569) get_hdr_field: cseq <CSeq>: <1> <BYE>
>> 0(2569) DEBUG:maxfwd:is_maxfwd_present: value = 70
>> 0(2569) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 10
>> 0(2569) ROUTE2: STARTING NAT DETECTION
>> 0(2569) !!!!!!!!! NAT UAC TEST 19 SUCEDEED
>> 0(2569) parse_headers: flags=80
>> 0(2569) DEBUG: get_hdr_body : content_length=0
>> 0(2569) found end of header
>> 0(2569) ROUTE2: SETFLAG 3
>> 0(2569) DEBUG: add_param: tag=c0a80101-2376fc2
>> 0(2569) DEBUG:parse_to:end of header reached, state=29
>> 0(2569) DBUG:parse_to: display={}, ruri={sip:103 at sd-7501.dedibox.fr:5060;user=phone}
>> 0(2569) parse_headers: flags=200
>> 0(2569) is_preloaded: No
>> 0(2569) grep_sock_info - checking if host==us: 11==12 && [82.127.0.79] == [88.191.45.91]
>> 0(2569) grep_sock_info - checking if port 5060 matches port 1312
>> 0(2569) grep_sock_info - checking if host==us: 11==12 && [82.127.0.79] == [88.191.45.91]
>> 0(2569) grep_sock_info - checking if port 5060 matches port 1312
>> 0(2569) DEBUG:check_self: host != me
>> 0(2569) grep_sock_info - checking if host==us: 12==12 && [88.191.45.91] == [88.191.45.91]
>> 0(2569) grep_sock_info - checking if port 5060 matches port 5060
>> 0(2569) after_loose: Topmost route URI: 'sip:88.191.45.91;lr=on;ftag=c0a80101-b31387' is me
>> 0(2569) parse_headers: flags=200
>> 0(2569) found end of header
>> 0(2569) find_next_route: No next Route HF found
>> 0(2569) after_loose: No next URI found
>> 0(2569) DBG:rr:run_rr_callbacks: callback id 0 entered with <lr=on;ftag=c0a80101-b31387>
>>
>>
>>
>>
>> Dan-Cristian Bogos a écrit :
>>> That's because for INVITE your will take routing decisions but BYE u
>>> will just proxy out.
>>>
>>> DanB
>>>
>>> On 8/2/07, Marc LEURENT <lftsy at free.fr> wrote:
>>>> I've compared the INVITE and BYE method....
>>>> And the uri in the INVITE method is
>>>> 0(2632) SIP Request:
>>>> 0(2632) method: <INVITE>
>>>> 0(2632) uri: <sip:103 at sd-7501.dedibox.fr:5060>
>>>> 0(2632) version: <SIP/2.0>
>>>>
>>>> whereas in the BYE method
>>>>
>>>> 0(2569) SIP Request:
>>>> 0(2569) method: <BYE>
>>>> 0(2569) uri: <sip:101 at 82.127.0.79:1312>
>>>> 0(2569) version: <SIP/2.0>
>>>>
>>>>
>>>> so the DEBUG:check_self: host != me
>>>> I'm going to try without accoounting, but it should'nt change anything...
>>>>
>>>> Best Regards
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
More information about the Users
mailing list