[OpenSIPS-Users] NAT problem

Juan Backson juanbackson at gmail.com
Thu Nov 27 13:26:01 CET 2008


Hi Bogdan

Thank you for your help.

The nated client does register to opensips.  It is set to register every
3600 sec, min time  is 20 s and max time is 1800 s.  It is default xLite
setting.

Here is the 200OK I captured from my nated client box:

!'DVVEGTeEd=3SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.1.101
;branch=z9hG4bKbf91.9b9bad57.0;received=233.32.345.5
Via: SIP/2.0/UDP
233.32.345.5:5800;received=233.32.345.5;rport=5800;branch=z9hG4bKNj4y6pUrS49FF
Record-Route: <sip:192.168.1.101;lr;ftag=UD1K6e2FpUgNj>
Contact: <sip:1000 at 192.168.1.100:33756>
To: "1000"<sip:1000 at 233.32.345.5:5060>;tag=194ddb10
From: "0"<sip:0 at 233.32.345.5:5060>;tag=UD1K6e2FpUgNj
Call-ID: MGUzMzZjNGNhNGM3MzY4ZDVjMjg3M2I2OGI2OTc0OWE.
CSeq: 107790129 BYE
User-Agent: X-Lite release 1011s stamp 41150
Content-Length: 0

Here is the INVITE request:

!'DVVEMKd=*INVITE sip:0 at 233.32.345.5:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.100:33756
;branch=z9hG4bK-d87543-8e2c20026843651b-1--d87543-;rport
Max-Forwards: 70
Contact: <sip:1000 at 192.168.1.100:33756>
To: "0"<sip:0 at 233.32.345.5:5060>
From: "1000"<sip:1000 at 233.32.345.5:5060>;tag=194ddb10
Call-ID: MGUzMzZjNGNhNGM3MzY4ZDVjMjg3M2I2OGI2OTc0OWE.
CSeq: 1 INVITE
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE,
INFO
Content-Type: application/sdp
User-Agent: X-Lite release 1011s stamp 41150
Content-Length: 423
v=0
o=- 9 2 IN IP4 192.168.1.100
s=CounterPath X-Lite 3.0
c=IN IP4 192.168.1.100
t=0 0
m=audio 26258 RTP/AVP 107 119 100 106 0 105 98 8 101
a=alt:1 1 : LGfU4oal SL5N8UZJ 192.168.1.100 26258
a=fmtp:101 0-15
a=rtpmap:107 BV32/16000
a=rtpmap:119 BV32-FEC/16000
a=rtpmap:100 SPEEX/16000
a=rtpmap:106 SPEEX-FEC/16000
a=rtpmap:105 SPEEX-FEC/8000
a=rtpmap:98 iLBC/8000
a=rtpmap:101 telephone-event/8000
a=sendrecv





On Thu, Nov 27, 2008 at 1:53 AM, Bogdan-Andrei Iancu <bogdan at voice-system.ro
> wrote:

> Hi Juan,
>
> I need to see the request part also to figure out if the flow through the
> NAT is ok or not.
>
> As a side note - could you check if the device behind the nat is actually
> receiving the 200 OK?. Because a typical reason for a missing ACK is  a
> missing 200 OK.
>
> Another question - the device placing the call (from behind the nat) is
> registered or not? what is the estimated setup time in this case (time
> between invite and 200 OK) ?
>
> Regards,
> Bogdan
>
> Juan Backson wrote:
>
>> Hi,
>>
>> I am having problem with configuring opensips to work with NATed clients.
>>  In my configuration, I am using a B2BUA and Opensips as the sip proxy.
>> The problem I am having is that when the B2BUA(233.32.345.5:5800) sends
>> out 200 OK, Opensips (192.168.1.101:5060)is able to proxy it to the NATed
>> client ( 116.24.163.21:2751 <http://116.24.163.21:2751>), but the NATed
>> client is not sending back any ACK, so the B2BUA hangs up after 30 second.
>> Could someone give me any suggestion on what may be wrong in my config?
>>
>> Thanks in advance for all the help.
>>
>>
>> U 233.32.345.5:5800 -> 192.168.1.101:5060 <http://192.168.1.101:5060>
>> SIP/2.0 200 OK.
>> Via: SIP/2.0/UDP 192.168.1.101 <http://192.168.1.101
>> >;branch=z9hG4bK3ab5.9b17c4a1.0;received=233.32.345.5.
>> Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21 <
>> http://116.24.163.21
>> >;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.
>> Record-Route: <sip:192.168.1.101 <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.
>>
>>
>> From: "1000" <sip:1000 at 233.32.345.5:5060>;tag=b81a6b5e.
>> To: "0" <sip:0 at 233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
>> Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
>> CSeq: 2 INVITE.
>> Contact: <sip:mod_sofia at 233.32.345.5:5800;transport=udp>.
>> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
>> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE,
>> NOTIFY, REFER, UPDATE, REGISTER, INFO.
>> Supported: timer, precondition, path, replaces.
>> Allow-Events: talk.
>> Session-Expires: 120;refresher=uas.
>> Min-SE: 120.
>> Content-Type: application/sdp.
>> Content-Disposition: session.
>> Content-Length: 269.
>> .
>> v=0.
>> o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.
>> s=FreeSWITCH.
>> c=IN IP4 233.32.345.5.
>> t=0 0.
>> m=audio 10272 RTP/AVP 0 101.
>> a=rtpmap:0 PCMU/8000.
>> a=rtpmap:101 telephone-event/8000.
>> a=fmtp:101 0-16.
>> a=silenceSupp:off - - - -.
>> a=ptime:20.
>>
>>
>> U 192.168.1.101:5060 <http://192.168.1.101:5060> -> 116.24.163.21:2751 <
>> http://116.24.163.21:2751>
>> SIP/2.0 200 OK.
>> Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21 <
>> http://116.24.163.21
>> >;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751.
>> Record-Route: <sip:192.168.1.101 <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.
>>
>>
>> From: "1000" <sip:1000 at 233.32.345.5:5060>;tag=b81a6b5e.
>> To: "0" <sip:0 at 233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
>> Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
>> CSeq: 2 INVITE.
>> Contact: <sip:mod_sofia at 233.32.345.5:5800;transport=udp>.
>> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
>> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE,
>> NOTIFY, REFER, UPDATE, REGISTER, INFO.
>> Supported: timer, precondition, path, replaces.
>> Allow-Events: talk.
>> Session-Expires: 120;refresher=uas.
>> Min-SE: 120.
>> Content-Type: application/sdp.
>> Content-Disposition: session.
>> Content-Length: 269.
>> .
>> v=0.
>> o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5.
>> s=FreeSWITCH.
>> c=IN IP4 233.32.345.5.
>> t=0 0.
>> m=audio 10272 RTP/AVP 0 101.
>> a=rtpmap:0 PCMU/8000.
>> a=rtpmap:101 telephone-event/8000.
>> a=fmtp:101 0-16.
>> a=silenceSupp:off - - - -.
>> a=ptime:20.
>>
>>
>> U 192.168.1.101:5800 <http://192.168.1.101:5800> -> 233.32.345.5:5060
>> BYE sip:1000 at 116.24.163.21:2751 <http://sip:1000@116.24.163.21:2751>
>> SIP/2.0.
>> Via: SIP/2.0/UDP 233.32.345.5:5800;rport;branch=z9hG4bK01H0jSevQ2Nmc.
>> Route: <sip:192.168.1.101 <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>.
>>
>>
>> Max-Forwards: 70.
>> From: "0" <sip:0 at 233.32.345.5:5060>;tag=Sy7K9eUFg61tB.
>> To: "1000" <sip:1000 at 233.32.345.5:5060>;tag=b81a6b5e.
>> Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA..
>> CSeq: 107702524 BYE.
>> Contact: <sip:mod_sofia at 233.32.345.5:5800;transport=udp>.
>> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M.
>> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE,
>> NOTIFY, REFER, UPDATE, REGISTER, INFO.
>> Supported: timer, precondition, path, replaces.
>> Reason: SIP;cause=408;text="ACK Timeout".
>> Content-Length: 0.
>> .
>>
>>
>>
>>
>> #
>> # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
>> #
>> #simple quick-start config script
>> #Please refer to the Core CookBook at
>> http://www.openser.org/dokuwiki/doku.php
>> #for a explanation of possible statements, functions and parameters.
>> #
>> # ----------- global configuration parameters ------------------------
>> debug=3            # debug level (cmd line: -dddddddddd)
>> fork=no
>> log_stderror=yes    # (cmd line: -E)
>> children=4
>> port=5060
>> mpath="/usr/local/lib64/opensips/modules/"
>> loadmodule "db_mysql.so"
>> loadmodule "sl.so"
>> loadmodule "tm.so"
>> loadmodule "rr.so"
>> loadmodule "maxfwd.so"
>> loadmodule "usrloc.so"
>> loadmodule "registrar.so"
>> loadmodule "textops.so"
>> loadmodule "mi_fifo.so"
>> loadmodule "uri.so"
>> loadmodule "uri_db.so"
>> loadmodule "domain.so"
>> loadmodule "xlog.so"
>> loadmodule "permissions.so"
>> loadmodule "auth.so"
>> loadmodule "auth_db.so"
>> loadmodule "dispatcher.so"
>> loadmodule "nathelper.so"
>> loadmodule "mediaproxy.so"
>>
>>
>>
>>
>>
>>
>>
>>
>> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
>> modparam("usrloc", "db_mode", 2)
>>
>>   modparam("rr", "enable_full_lr", 1)
>>
>>  modparam("auth_db|usrloc|domain|uri_db|permissions|dispatcher","db_url","mysql://
>> root:sqlpass at 192.168.1.105/app <http://root:sqlpass@192.168.1.105/app>")
>> modparam("auth_db","calculate_ha1",yes)
>> modparam("auth_db","password_column","password")
>> modparam("auth_db","user_column","sip_user")
>> modparam("auth_db","load_credentials","agent_id")
>>  modparam("uri_db","db_table","agent")
>> modparam("uri_db","user_column","sip_user")
>> modparam("uri_db","use_uri_table",0)
>> modparam("auth_db","use_domain",0)
>>  modparam("permissions", "db_mode", 1)
>> modparam("permissions", "trusted_table", "server")
>> modparam("permissions","source_col","server_ip")
>> modparam("permissions","proto_col","transport")
>> modparam("permissions","from_col","from_pattern")
>> modparam("permissions","tag_col","peer_tag")
>>  modparam("dispatcher","table_name","dispatcher")
>> modparam("dispatcher","setid_col","setid")
>> modparam("dispatcher","destination_col","destination")
>> modparam("dispatcher","flags_col","flags")
>> modparam("dispatcher","flags",3)
>>  modparam("auth_db","load_credentials","enable")
>>
>>
>> modparam("nathelper","received_avp", "$avp(i:42)")
>>
>> modparam("nathelper","received_avp", "$avp(i:42)")
>> modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7890 <
>> http://127.0.0.1:7890>")
>> modparam("nathelper", "natping_interval", 30)
>> modparam("nathelper", "ping_nated_only", 0)
>> modparam("nathelper", "sipping_bflag", 7)
>> modparam("nathelper", "sipping_from", "sip:pinger at 8.8.1.20<sip%3Apinger at 8.8.1.20><mailto:
>> sip%3Apinger at 8.8.1.20 <sip%253Apinger at 8.8.1.20>>")
>>
>>
>>  listen=udp:192.168.1.101:5060 <http://192.168.1.101:5060>
>> listen=tcp:192.168.1.101:5060 <http://192.168.1.101:5060>
>>
>> listen=udp:233.32.345.5:5060
>> listen=tcp:233.32.345.5:5060
>>   # -------------------------    request routing logic -------------------
>> # main routing logic
>> route{
>>  xlog("method <$rm> from-header <$fu>\n");
>>         # initial sanity checks -- messages with
>>         # max_forwards==0, or excessively long requests
>>         if (!mf_process_maxfwd_header("10")) {
>>                 sl_send_reply("483","Too Many Hops");
>>                 exit;
>>         };
>>         if (msg:len >= 2048 ) {
>>                 sl_send_reply("513", "Message too big");
>>                 exit;
>>         };
>>         # we record-route all messages -- to make sure that
>>         # subsequent messages will go through our proxy; that's
>>         # particularly good if upstream and downstream entities
>>         # use different transport protocol
>>
>>    ## NAT Detection          #
>>        force_rport();
>>        if (nat_uac_test("19")) {
>>            if (method=="REGISTER") {
>>                    fix_nated_register();
>>            } else {
>>                fix_nated_contact();
>>            };
>>            setflag(5);
>>        };
>>
>>    if(!is_method("REGISTER")){
>>           if(nat_uac_test("19")){
>>              record_route(";nat=yes");
>>           } else {
>>              record_route();
>>           };
>>    };
>>
>>           if (has_totag()) {
>>              if (loose_route()) {
>>
>>                      if(method=="INVITE" && (!allow_trusted())) {
>>                               if (!proxy_authorize("","auth")) {
>>                                     proxy_challenge("","0");
>>                                   exit;
>>                           } else if (!check_from()) {
>>                             sl_send_reply("403", "Forbidden, use
>> From=ID");
>>                               exit;
>>                          };
>>                                if ($avp(s:enable)=="0") {
>>                    sl_send_reply("403", "Forbidden, use From=ID");
>>                                          exit;
>>                   }
>>                      };
>>                        route(1);
>>          } else {
>>                 sl_send_reply("404","Not here");
>>          }
>>        route(1);
>>          exit;
>>    }
>>              if (is_method("CANCEL")) {
>>            if (t_check_trans())              t_relay();
>>            exit;
>>    }
>>    if (method=="REGISTER") {
>>             route(2);
>>    } else {
>>             route(3);
>>    };
>>  }
>> route[1] {
>>
>>
>>        # send it out now; use stateful forwarding as it works
>>        # reliably even for UDP2TCP
>>      t_on_reply("1");
>>    t_on_failure("1");
>>          if (!t_relay()) {
>>                sl_reply_error();
>>        };
>>        exit;
>> }
>>  route[2] {
>>        #
>>        # -- Register request handler --
>>        #
>>        if (is_uri_host_local()) {
>>                  if (!www_authorize("", "auth")) {
>>                                   www_challenge("", "0");
>>                          exit;
>>
>>                };
>>                                if (!check_to()) {
>>                          sl_send_reply("403", "Forbidden");
>>                        exit;
>>                };
>>
>>         if ($avp(s:enable)=="0") {
>>                                        sl_send_reply("403", "Forbidden,
>> use From=ID");
>>                                          exit;
>>                  }
>>                    save("location");
>>                exit;
>>        } else if {
>>                                        sl_send_reply("403", "Forbidden");
>>        };
>> }
>>  route[3] {
>>
>>          if (is_from_local()){
>>            # From an internal domain -> check the credentials and the FROM
>>                  if (!proxy_authorize("","auth")) {
>>                        proxy_challenge("","0");
>>                          exit;
>>                } else if (!check_from()) {
>>                                sl_send_reply("403", "Forbidden, use
>> From=ID");
>>                        exit;
>>                };
>>                  consume_credentials();
>>                # Verify aliases
>>                  if (is_uri_host_local()) {
>>                        # -- Inbound to Inbound
>>                    route(10);
>>               } else {
>>                    # -- Inbound to outbound
>>                    route(11);
>>               };
>>      } else {
>>                     if (is_uri_host_local()) {
>>              #-- Outbound to inbound
>>              route(12);
>>           } else {
>>              # -- Outbound to outbound
>>              route(13);
>>           };
>>      };
>> }
>>   route[4] {
>>    revert_uri();
>>          rewritehostport("233.32.345.5:5800");
>>    route(1);
>>
>>
>>
>>
>> }
>>
>>
>> route[6] {
>>    if (is_method("BYE")) {
>>            } else if ((is_method("INVITE"))){
>>            append_hf("P-hint: Route[6]: Rtpproxy \r\n");
>>     t_on_failure("3");
>>    };
>>  }
>>   route[10] {
>>     append_hf("P-hint: inbound->inbound \r\n");
>>     route(4);
>>  }
>> route[11] {
>>     append_hf("P-hint: inbound->outbound \r\n");
>>     route(1);
>> }
>> route[12] {
>>     lookup("aliases");
>>     if (!lookup("location")) {
>>          sl_send_reply("404", "Not Found");
>>          exit;
>>     };
>>     route(1);
>> }
>> route[13] {
>>     append_hf("P-hint: outbound->inbound \r\n");
>>     sl_send_reply("403", "Forbidden");
>>     exit;
>> }
>>   onreply_route[1] {
>>    xlog("L_INFO", "Reply - S=$rs D=$rr F=$fu T=$tu IP=$si ID=$ci\n");
>>        search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
>>    fix_nated_contact();
>>    exit;
>>
>>  }
>> failure_route[1] {
>>   append_hf("P-hint: (4)passed thru failure_route[1]\r\n");
>>
>>
>>
>>
>>
>>
>>       if (t_was_cancelled()) {
>>            exit;
>>    };
>>    if (t_check_status("486")) {
>>           revert_uri();
>>              prefix("b");
>>              xlog("L_ERR","Stepped into the 486 ruri=<$ru>");
>>             #ds_select_dst("2", "4");
>>        rewritehostport("233.32.345.5:5800");
>>        append_branch();
>>             route(1);
>>               exit;
>>    };
>>    if (t_check_status("408") || t_check_status("480")) {
>>           revert_uri();
>>           prefix("u");
>>           xlog("L_ERR","Stepped into the 480 ruri=<$ru>");
>>           #ds_select_dst("2", "4");
>>        rewritehostport("233.32.345.5:5800");            append_branch();
>>           route(1);
>>           exit;
>>    };
>>        }
>>
>>
>> failure_route[3] {
>>    if (isbflagset(6) || isflagset(5)) {
>>      }
>>  }
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20081127/426bf5b8/attachment-0001.htm 


More information about the Users mailing list