[OpenSIPS-Users] Weird NAT traversal problem

John Buswell buswellj at gmail.com
Mon Sep 22 15:27:26 CEST 2008


Hi,

I have a weird NAT traversal problem, I think is just a configuration issue
with OpenSIPS. Outbound dialing works ok, inbound dialing works ok, but
station to station calling does not work.

Phone (behind NAT) <-----> OpenSIPS [nat traversal] <------> SIP-PBX

When the REGISTER comes into OpenSIPS, its doing NAT traversal and then
passing it on to the SIP-PBX.  Calls outbound and inbound work ok to a
remote destination. The SIP-PBX is a production from Interactive
Intelligence (i3). The problem appears to be when a new call originates from
the SIP-PBX, it tries to send it directly to the Phone's public IP but does
not have the NAT traversal information.

I think I may have configured OpenSIPS incorrectly, would appreciate someone
with more of a clue about OpenSIPs than me to take a quick sanity check of
the configuration. I swapped out the real IPs with private IPs for security
reasons (10.13.140.245 => SIP-PBX, 10.13.140.240 => SIP-PBX, 10.14.210.97 =>
upstream sip trunk, 10.14.210.99 => SIP-PBX).

route{

    #
    # -- 1 -- Request Validation
    #
    if (!mf_process_maxfwd_header("10")) {
        sl_send_reply("483","Too Many Hops");
        exit;
    };

    if (msg:len >=  2048 ) {
        sl_send_reply("513", "Message too big");
        exit;
    };

    # nat detection
    route(5);

    #
    # -- 2 -- Routing Preprocessing
    #
    ## Record-route all except Register
    if (!method=="REGISTER") record_route();

    if (uri==myself) {
        if (method=="REGISTER") {
            if (isflagset(5)) {
                setflag(6);
            }
            save("location");
#           exit;
        }
    }

    ##Loose_route packets
    if (has_totag()) {
        #sequential request withing a dialog should
        # take the path determined by record-routing
        if (loose_route()) {
            if(method=="BYE") {
                #Account BYE transactions
                setflag(2);
            };
            #Check authentication of re-invites
            route(1);
        } else {
            sl_send_reply("404","Not here");
        }
        exit;
    }

    #CANCEL processing
    if (is_method("CANCEL")) {
        if (t_check_trans()) t_relay();
        exit;
    };

    t_check_trans();

    #
    # -- 3 -- Determine Request Target
    #
    if (method=="REGISTER") {
        route(2);
    } else {
        route(3);
    };
}

route[1] {
    #
    # -- 4 -- Forward request to target
    #
    ## Forward statefully
        if (subst_uri('/(sip:.*);nat=yes/\1/')){
                setflag(6);
        };

        if (isflagset(5)||isflagset(6)) {
                route(6);
        }

    if (!t_relay()) {
        sl_reply_error();
    };
    exit;
}

route[2] {
        rewritehostport("10.13.140.245");
        if (subst_uri('/(sip:.*);nat=yes/\1/')){
                setflag(6);
        };

        if (isflagset(5)||isflagset(6)) {
                route(6);
        }

    if (!t_relay()) {
        sl_reply_error();
    };
    exit;
#        sl_send_reply("401", "Forbidden");
}

route[3] {
    ## Non-Register request handler
    if (method=="INVITE") {
        # Account INVITE packets
        setflag(2);
        # Account Missed calls
        setflag(3);
    };

    if (src_ip == 10.13.140.240) {

       #Verify aliases, if found replace R-URI.

       #Verify aliases, if found replace R-URI.
       lookup("aliases");
    append_hf("P-hint: route3-1 \r\n");
       # -- Inbound to outbound
       route(11);
    } else if (src_ip == 10.13.140.99) {
       lookup("aliases");
    append_hf("P-hint: route3-2 \r\n");
       # -- Inbound to outbound
       route(11);
    } else if (src_ip == 10.13.140.245) {
       lookup("aliases");
    append_hf("P-hint: route3-3 \r\n");
           # -- Inbound to outbound
           route(11);
    } else if (src_ip == 10.14.210.97) {
       #From an external domain ->do not check credentials
           append_hf("P-hint: route3-4 \r\n");
       #Verify aliases, if found replace R-URI.
       lookup("aliases");
           route(12);
    } else {
    append_hf("P-hint: route3-5 \r\n");
        lookup("aliases");
        route(12);
    };
}

route[4] {
    # routing to the public network
    record_route();
    rewritehostport("10.14.210.97");
    route(1);
}

route[5]{
        force_rport();
        if (nat_uac_test("19")) {
                if (method=="REGISTER") {
                        fix_nated_register();
                } else {
                        fix_nated_contact();
                };
                setflag(5);
        };
}

route[6] {
        if (is_method("BYE|CANCEL")) {
                unforce_rtp_proxy();
        } else if (is_method("INVITE")){
                force_rtp_proxy();
                t_on_failure("1");
        };
        if (isflagset(5))
                search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
        t_on_reply("1");
}


route[10] {
    #from an internal domain -> inbound
    #Native SIP destinations are handled using the location table
    #Gateway destinations are handled by regular expressions
    append_hf("P-hint: inbound->inbound \r\n");

    if (uri=~"^sip:[2-9][0-9]{6}@") {
            route(4);
            exit;
    };

    if (uri=~"^sip:[2-9][1-9]{9}@") {
            route(4);
            exit;
    };

    if (uri=~"^sip:1[2-9][1-9]{10}@") {
            route(4);
            exit;
    };

    if (uri=~"^sip:011[0-9]*@") {
            route(4);
            exit;
    };

     if (!lookup("location")) {
          sl_send_reply("404", "Not Found");
          exit;
     };
     route(1);
}

route[11] {
    # from an internal domain -> outbound
    # Simply route the call outbound using DNS search
    append_hf("P-hint: inbound->outbound \r\n");
    route(4);
}

route[12] {
    # From an external domain -> inbound
    # Verify aliases, if found replace R-URI.
#    lookup("aliases");
#    if (!lookup("location")) {
#        sl_send_reply("404", "Not Found");
#        exit;
#    };
    record_route();
     rewritehostport("10.13.140.245");
    route(1);
}
route[13] {
    #From an external domain outbound
    #we are not accepting these calls
    append_hf("P-hint: outbound->inbound \r\n");
    sl_send_reply("403", "Forbidden");
    exit;
}


failure_route[1] {
        if (isflagset(6) || isflagset(5)) {
                unforce_rtp_proxy();
        }
}

onreply_route[1] {
        if ((isflagset(5) || isflagset(6)) && status=~"(183)|(2[0-9][0-9])")
{
                force_rtp_proxy();
        }
        search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');

        if (isflagset(6)) {
                fix_nated_contact();
        }
        exit;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20080922/0543b974/attachment-0001.htm 


More information about the Users mailing list