R: [OpenSER-Users] Problem with 2 PC behind the same NAT

Daniel Grotti d.grotti at gmail.com
Tue Oct 9 13:26:19 CEST 2007


I have not configured it explicitely.
This is my opense.cfg file:

---------------------
debug=4
fork=yes
log_stderror=yes
sip_warning=yes

listen=xxx.xxx.xxx
port=5060
children=4

dns=no
rev_dns=no
disable_dns_blacklist=yes

mpath="/usr/local/lib/openser/modules/"


#------------------------------------------------------
# Load Module
#------------------------------------------------------

loadmodule "mysql.so"
loadmodule "auth.so"
loadmodule "auth_db.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "mi_fifo.so"
loadmodule "uri.so"
loadmodule "uri_db.so"
loadmodule "domain.so"
loadmodule "mediaproxy.so"
loadmodule "nathelper.so"
loadmodule "textops.so"
loadmodule "xlog.so"
loadmodule "cpl-c.so"
loadmodule "avpops.so"

#----------------------------------------------------------
# Parameters
#----------------------------------------------------------
modparam("auth_db|uri_db|usrloc|domain", "db_url", 
"mysql://openser:openserrw@localhost/openser")

modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")

modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")

modparam("usrloc", "db_mode", 2)
modparam("usrloc", "nat_bflag", 6)

modparam("rr", "enable_full_lr", 1)

# CPL MODULE
modparam("cpl-c", "db_url", "mysql://openser:openserrw@localhost/openser")
modparam("cpl-c", "cpl_table", "cpl")
modparam("cpl-c", "cpl_dtd_file", 
"/usr/src/openser-1.2.2-notls/modules/cpl-c/cpl-06.dtd")
modparam("cpl-c", "lookup_domain", "location")


#NATHELPER MODULE
modparam("nathelper", "rtpproxy_disable", 1)
modparam("nathelper", "natping_interval", 0)
modparam("nathelper", "received_avp", "$avp(i:42)")


#MEDIAPROXY MODULE
modparam("mediaproxy", "natping_interval", 20)
modparam("mediaproxy", "mediaproxy_socket", "/var/run/mediaproxy.sock")
modparam("mediaproxy", "sip_asymmetrics", 
"/usr/local/etc/openser/sip-asymmetric-clients")
modparam("mediaproxy", "rtp_asymmetrics", 
"/usr/local/etc/openser/rtp-asymmetric-clients")

#REGISTRAR MODULE
modparam("registrar", "received_avp", "$avp(i:42)")
modparam("registrar", "default_expires", 1800)


#------------------------------------------------------------
#MAIN ROUTE
#-----------------------------------------------------------

route {

#------------------------------------
# Sanity checks
#------------------------------------
if (!mf_process_maxfwd_header("10"))
{ sl_send_reply("483", "Too much Hops");
exit;
};

if (msg:len >= 2048)
{ sl_send_reply("513", "Message too big");
exit;
};
#------------------------------------
# RECORD-ROUTE
#------------------------------------
if(method=="INVITE" && client_nat_test("7"))
{
record_route_preset ("137.204.107.138:5060;nat=yes");
}
else if (!method=="REGISTER")
{ record_route();
};

#----------------------------------------
# CALL TEAR DOWN
#----------------------------------------
if (method=="BYE")
{
end_media_session();
};
if (method=="CANCEL")
{
end_media_session();
};

#--------------------------------------------
# LOOSE ROUTE
#--------------------------------------------
if (loose_route())
{
if (method=="INVITE")
{
if (!proxy_authorize("","subscriber"))
{ proxy_challenge("","0");
exit;
}
else if (!check_from())
{ sl_send_reply("403","Unauthorized");
exit;
};
consume_credentials();

if (client_nat_test("7") || search("^Route:.*;nat=yes"))
{ setbflag(6); # Set the NAT Flag
use_media_proxy();
};
};

route(1);
exit;
};
#-------------------------------------------------
#CALL TYPE PROCESSING
#-------------------------------------------------
if (!uri==myself)
{ route(4);
route(1);
exit;
};

if (uri==myself)
{
if (method=="REGISTER")
{ xlog("L_DBG", "INFO: REGISTER Message received");
route(2);
exit;
};
if (method=="ACK")
{ route(1);
exit;
};
if (method=="INVITE")
{
route(3);
exit;
};
lookup("aliases");
if (!uri==myself)
{ route(4);
route(1);
exit;
};

#Find the Destination - Check the R-URI

if (!lookup("location"))
{ sl_send_reply("404", "Destination not found");
exit;
};

};

route(1);
}


#----------------------------------------------------
# DEFAULT MESSAGE HANDLER
#----------------------------------------------------
route[1]
{
t_on_reply("1"); #Passa il controlla alla route on reply 1

if (!t_relay())
{
if (method=="INVITE" || method=="ACK")
{
end_media_session();
};

sl_reply_error();
};

}

#--------------------------------------------------------
# REGISTER PROCESSING
#--------------------------------------------------------
route[2]
{


if(!www_authorize("","subscriber"))
{ www_challenge("","0");
exit;
}

else if(!check_to())
{ sl_send_reply("401", "Unauthorized");
exit;
};

consume_credentials();


if (!search("^Contact:[ ]*\*") && client_nat_test("7"))
{
setbflag(6); #Set NAT Flag in USRLOC.
xlog("L_DBG","NOTICE: Bflag 6, related to BRANCH=$T_branch_idx, is 
setted as $bf");

fix_nated_register();

force_rport();
xlog("L_DBG","INFO: Registration behind nat");
};

sl_send_reply("100", "Trying");

if(!save("location"))
{ sl_reply_error();
xlog("L_DBG", "Registration of [$fU] Failed");
};
xlog("L_DBG", "INFO: Registration of [$fU] Complete.");
xlog("L_DBG", "INFO: 200 OK has been sended");
}

#----------------------------------------------------------
# INVITE PROCESSING
#----------------------------------------------------------
route[3]
{
if(client_nat_test("7"))
{
setbflag(7);
xlog("L_DBG","NOTICE: Bflag 7, related to BRANCH=$T_branch_idx of this 
INVITE, is setted as $bf");
if(force_rport())
{
xlog("L_DBG","NOTICE: rport FORCED");
};

#Rewrites Contact HF to contain nated request's source address:port.
if(fix_nated_contact())
{
xlog("L_DBG","NOTICE: Contact HF is now [$ct]");
};

};

if(!proxy_authorize("","subscriber"))
{ proxy_challenge("","0");
exit;
}

else if (!check_from())
{ sl_send_reply("403", "Unauthorized");
exit;
};
consume_credentials();

lookup("aliases");
if(uri!=myself)
{ route(4);
route(1);
exit;
};

if (!lookup("location"))
{ sl_send_reply("404", "Destination not found");
exit;
};

if(!cpl_run_script("incoming", "force_stateful"))
{
t_reply("500", "CPL script execution failed");
};

route(4);
route(1);
}

#--------------------------------------------------------------------
# NAT Traversal
#--------------------------------------------------------------------
route[4]
{
# Se il chiamato (flag 6) o il chiamante (flag 7) è sotto nat
if (isbflagset(6) || isbflagset(7))
{
# if(!isbflagset(8))
# { setbflag(8);
xlog("L_DBG", "NOTICE: flag 6 or 7 setted");

if(!use_media_proxy())
{

xlog("L_DBG","NOTICE: mediaproxy wasn't called!!");
};


# };

};
}

#---------------------------------------------------------------------
# On Reply Route
#---------------------------------------------------------------------

onreply_route[1]
{
if ((isbflagset(6) || isbflagset(7)) && (status=~"(180)|(183)|2[0-9][0-9]"))
{
if (!search("^Content-Lenght:[ ]*0"))
{
if (use_media_proxy())
{

xlog("L_DBG","NOTICE: mediaproxy in ON REPLY");
};


};
};
if (client_nat_test("7"))
{
fix_nated_contact();
};
}



----------------------------------------------------------------------


Inviato: mar 10/9/2007 12:28
A: users at openser.org
Oggetto: Re: [OpenSER-Users] Problem with 2 PC behind the same NAT

El Tuesday 09 October 2007 11:51:34 Daniel Grotti escribió:
 > I have 2 SJphone behind the same NAT (I know that it's a restricted con
 > NAT).
 >
 >
 > UA1 ----> (NAT 1) --------> PROXY
 >
 >
 > UA2 <-----(NAT 1)<-------------
 >
 > I've configured my openser.cfg to use Mediaproxy (installed in the same
 > pc) if 1 or 2 pc are behind NAT (in this case both of my pc).
 > But when I call from UA1 to the other and I accept the call with UA2,
 > the RTP stream doesn't flow through the Mediaproxy but it's direct from
 > UA1 to UA2.

Have you tryied to call from UA1 (behind your NAT) to other device out 
of your
LAN? MediaProxy (if it well configured) should work in that case.

In case caller and called behind the same call, you explicitely **need** to
allow direct RP in openser.cfg by matching $si with $dd (if pulbic source
address and destination address is the same don't apply SDP fix).

But if you haven't configured it explicitely then maybe your conf is worng.




-- 
Iñaki Baz Castillo
ibc at in.ilimit.es

_______________________________________________
Users mailing list
Users at openser.org
http://openser.org/cgi-bin/mailman/listinfo/users






More information about the Users mailing list