[OpenSIPS-Users] OpenSIPS Server behind a NAT firewall
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Tue Jan 4 14:26:32 CET 2011
Hi Damon,
Damon Miller wrote:
> Bogdan,
>
>
> Thanks very much for your response. I took some time to educate myself a bit more on OpenSIPS and tried again. I now have UACs registering successfully. Unfortunately, while the clients register properly, they attempt to communicate with one-another directly (rather than via the RTPproxy setup I've configured in OpenSIPS). RTPproxy is running and I've configured it in OpenSIPS. I'm also calling rtpproxy_offer() and rtpproxy_answer() in my reply(1) and onreply_route(1) routes, respectively.
>
>
> Ultimately I want to use Freeswitch in a B2BUA configuration but I haven't found any complete working examples for that so I thought I would first try to send everything through OpenSIPS.
>
Note that opensips can act as a B2BUA - see
http://www.opensips.org/Resources/B2buaTutorial
>
> The only information I have on what might be wrong is the following output from the OpenSIPS log:
>
> DBG:core:parse_content_type_hdr: missing Content-Type header
> DBG:core:get_hdr_field: cseq <CSeq>: <1> <SUBSCRIBE>
> ERROR:nathelper:force_rtp_proxy: Unable to parse body
>
> The "ERROR" happens immediately after I call rtpproxy_offer(). I checked the source and get_all_bodies() indeed exits if parse_content_type_hdr() fails to locate a Content-Type header. I don't actually know what this means in the context of the SIP messages I'm generating but it does at least explain why the nathelper module's rtpproxy_offer() isn't completing.
>
Well, you do not need to use RTPproxy for all requests and replies, but
only for that once that have an SDP body, so add in the rtpproxy
condition the `has_body("application/sdp")` test.
The error you get is because you try to use RTPproxy for a SUBSCRIBE
which has no SDP at all.
Regards,
Bogdan
>
> Any guidance would be much-appreciated.
>
>
> My complete opensips.cfg is as follows:
>
> --
>
> ####### Global Parameters #########
>
> debug=3
> log_stderror=no
> log_facility=LOG_LOCAL0
>
> fork=yes
> children=4
>
> advertised_address="50.16.215.136"
> alias="50.16.215.136:5060"
> port=5060
>
> ####### Modules Section ########
>
> #set module path
> mpath="/usr/local/lib64/opensips/modules/"
>
> loadmodule "db_mysql.so"
> loadmodule "signaling.so"
> loadmodule "sl.so"
> loadmodule "tm.so"
> loadmodule "rr.so"
> loadmodule "maxfwd.so"
> loadmodule "usrloc.so"
> loadmodule "registrar.so"
> loadmodule "textops.so"
> loadmodule "mi_fifo.so"
> loadmodule "uri.so"
> loadmodule "acc.so"
> loadmodule "domain.so"
> loadmodule "nathelper.so"
>
>
> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
> modparam("rr", "enable_full_lr", 1)
> modparam("rr", "append_fromtag", 0)
> modparam("usrloc", "db_mode", 0)
> modparam("uri", "use_uri_table", 0)
>
> modparam("acc", "early_media", 1)
> modparam("acc", "report_ack", 1)
> modparam("acc", "report_cancels", 1)
> modparam("acc", "detect_direction", 0)
> modparam("acc", "failed_transaction_flag", 3)
> modparam("acc", "log_flag", 1)
> modparam("acc", "log_missed_flag", 2)
> modparam("acc", "db_flag", 1)
> modparam("acc", "db_missed_flag", 2)
>
> modparam("domain", "db_url", "mysql://opensipsrw:opensipsrw@localhost/opensips")
>
> modparam("usrloc","nat_bflag",6)
> modparam("nathelper", "ping_nated_only", 1)
> modparam("nathelper","sipping_bflag",8)
> modparam("nathelper","received_avp", "$avp(i:801)")
> modparam("nathelper", "force_socket", "udp:127.0.0.1:12221")
> modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:12221")
>
>
> ####### Routing Logic ########
>
>
> # main request routing logic
>
> route{
> xlog("L_INFO", "New request - Request/failure/branch routes: M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");
>
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops...");
> exit;
> };
>
> if (msg:len >= 2048 ) {
> sl_send_reply("513", "Message too big...");
> exit;
> };
>
> xlog("L_INFO", "MsgFlag:[$mf] \n");
>
> if (method == "OPTIONS") {
> sl_send_reply("200", "OK");
> return;
> };
>
>
> if (nat_uac_test("3")) {
>
> if (is_method("REGISTER") && !is_present_hf("Record-Route")) {
>
> # Rewrite contact with source IP of signalling
> fix_nated_contact();
>
> if ( is_method("INVITE") ) {
> xlog("L_ERR","DTM: Calling fix_nated_sdp(1)\n");
> fix_nated_sdp("1"); # Add direction=active to SDP
> };
>
> force_rport();
>
> setbflag(6); # Mark as NATed
> setbflag(8); # SIP NAT pinging
>
> };
> };
>
> if (loose_route()) {
> append_hf("P-hint: rr-enforced\r\n");
> route(1);
> exit;
> };
>
> if (!is_method("REGISTER")) {
> record_route();
> }
>
> if (!uri==myself) {
> append_hf("P-hint: outbound\r\n");
> route(1);
> exit;
> };
>
> if (uri==myself) {
> if (is_method("REGISTER")) {
> save("location");
> exit;
> };
>
> lookup("aliases");
>
> if (!uri==myself) {
> append_hf("P-hint: outbound alias\r\n");
> route(1);
> exit;
> };
>
> if (!lookup("location")) {
> sl_send_reply("404", "Not Found");
> exit;
> };
> };
>
> append_hf("P-hint: usrloc applied\r\n");
> route(1);
> }
>
> route[1] {
> if (uri=~"[@:](192\.168\.10\.172\.(1[6-9]2[0-9]3[0-1])\.)" && !search("^Route:")){
> sl_send_reply("479", "We don't forward to private IP addresses");
> exit;
> };
>
> # if client or server is behind a NAT, enable relay
> if (isbflagset(6)) {
> rtpproxy_offer();
> };
>
> t_on_reply("1");
>
> if (!t_relay()) {
> sl_reply_error();
> };
> }
>
> onreply_route[1] {
>
> if (isbflagset(6) && status =~ "(183)2[0-9][0-9]") {
> fix_nated_contact();
>
> rtpproxy_answer();
> } else {
> if (nat_uac_test("1")) {
> fix_nated_contact();
> };
> };
> }
>
> --
>
>
>
> Thanks,
>
> Damon
>
>
>
>> -----Original Message-----
>> From: users-bounces at lists.opensips.org [mailto:users-
>> bounces at lists.opensips.org] On Behalf Of Bogdan-Andrei Iancu
>> Sent: Wednesday, December 22, 2010 4:53 AM
>> To: OpenSIPS users mailling list
>> Subject: Re: [OpenSIPS-Users] OpenSIPS Server behind a NAT firewall
>>
>> Hi Damon,
>>
>> Looking at:
>>
>> if (is_method("REGISTER")) {
>> #-- Request is behind NAT(flag5) save with bflag 6 -#
>> #---- Use bflag 7 to start SIP pinging (Options) ---#
>> if (isflagset(5)) {
>> setbflag(6);
>> setbflag(7);
>> };
>>
>> if (!save("location")) {
>> sl_reply_error();
>> exit;
>> };
>>
>> if($rU=~"^\*") {
>> # Route to media servers
>> route(5);
>> route(1);
>> };
>>
>> send_reply("420", "Invalid Extension");
>> exit;
>> };
>>
>>
>>
>> There is a bogus test:
>>
>> if($rU=~"^\*") {
>>
>> As REGISTER requests do not have username in RURI (RURI simply points
>> to
>> registrar address), that test will always fail, so you end up with the
>> 420.
>>
>> I'm not sure what you want to do there - you want to forward certain
>> REGISTERs to other parties ? the "*" test should be on registered user?
>>
>> Regards,
>> Bogdan
>> --
>> Bogdan-Andrei Iancu
>> OpenSIPS Event - expo, conf, social, bootcamp
>> 2 - 4 February 2011, ITExpo, Miami, USA
>> www.voice-system.ro
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
--
Bogdan-Andrei Iancu
OpenSIPS Event - expo, conf, social, bootcamp
2 - 4 February 2011, ITExpo, Miami, USA
www.voice-system.ro
More information about the Users
mailing list