[OpenSIPS-Users] Opensips 488 Not acceptable here

Bogdan Chifor chiforbogdan86 at gmail.com
Thu Jun 6 19:26:00 CEST 2013


Hello,

I am using OpenSIPs as a SIP server solution.I just finished a server
configuration which permits NAT traversal (I used RTP proxy)(on Debian).
As a SIP client application I am using CSipSimple(Android) (which uses
PJSUA as backend solution).
The setup works fine and the NAT traversal problem is solved. (I am able to
call from a 3G network provider to my wireless LAN-it uses NAT on both
sides and it works great).
However sometimes I am getting the 488 Not acceptable here error. Sometimes
this error appears even when both of the phones are in the same LAN.

Also this error appeared when I called from the 3G network operator to my
wireless LAN.(when I called from my wireless LAN to the 3G operator it
worked fine).

The conclusion is that I cannot replicate this error every time.

I know that is a SDP issue.

Here is my opensips.cfg

#
# $Id: nathelper.cfg 9345 2012-10-18 20:24:22Z osas $
#
# simple quick-start config script including nathelper support

# This default script includes nathelper support. To make it work
# you will also have to install Maxim's RTP proxy. The proxy is enforced
# if one of the parties is behind a NAT.
#
# If you have an endpoing in the public internet which is known to
# support symmetric RTP (Cisco PSTN gateway or voicemail, for example),
# then you don't have to force RTP proxy. If you don't want to enforce
# RTP proxy for some destinations than simply use t_relay() instead of
# route(1)
#
# Sections marked with !! Nathelper contain modifications for nathelper
#
# NOTE !! This config is EXPERIMENTAL !
#
# ----------- global configuration parameters ------------------------

debug=5
log_stderror=no
log_facility=LOG_LOCAL0
#log_name=opensips.log

fork=yes
children=4

/* uncomment the following lines to enable debugging */
#debug=6
#fork=no
#log_stderror=yes


check_via=no    # (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)

#port=5060
listen=udp:195.95.167.214:8899
#advertised_address="195.95.167.194"
#advertised_port=5060
port=8899


children=4

disable_tcp=yes

alias=voip.certsign.ro
alias=195.95.167.214
#alias=192.168.185.26
# ------------------ module loading ----------------------------------

#set module path
mpath="/usr/lib/opensips/modules/"

# Uncomment this if you want to use SQL database
loadmodule "db_mysql.so"

loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "signaling.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"
loadmodule "sipmsgops.so"
loadmodule "dialog.so"
loadmodule "avpops.so"
loadmodule "domain.so"
#loadmodule "xlog.so"
loadmodule "acc.so"

# Uncomment this if you want digest authentication
# db_mysql.so must be loaded !
loadmodule "auth.so"
loadmodule "auth_db.so"

# !! Nathelper
loadmodule "nathelper.so"
loadmodule "rtpproxy.so"

# ----------------- setting module-specific parameters ---------------

# -- mi_fifo params --
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")

# -- usrloc params --
modparam("usrloc", "db_mode",   2)
modparam("usrloc", "db_url", "mysql://opensips:qwe123@localhost/opensips")


# -- auth params --
# Uncomment if you are using auth module
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
modparam("auth_db", "password_column", "password")
modparam("auth_db", "db_url", "mysql://opensips:qwe123@localhost/opensips")
modparam("auth_db", "load_credentials", "")

db_default_url="mysql://opensips:qwe123@localhost/opensips"


#
# !! Nathelper
#
modparam("usrloc", "nat_bflag", 6)
modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT
modparam("nathelper", "sipping_bflag", 8)
modparam("nathelper", "received_avp", "$avp(i:801)")

# RTPProxy setup
#modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7789")
modparam("nathelper", "force_socket", "udp:127.0.0.1:7789")

modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7789")
modparam("rtpproxy", "rtpproxy_autobridge", 1)
modparam("rtpproxy", "rtpproxy_timeout", "0.5")
modparam("rtpproxy", "rtpproxy_retr", 3)


#
# ------- dialog --------
#**
modparam("dialog", "db_mode", 1)
modparam("dialog", "db_update_period", 30)
#modparam("dialog", "dlg_flag", 4)
modparam("dialog", "dlg_match_mode", 1)

#
# --> avpops params -----
#**
modparam("avpops", "avp_table", "usr_preferences")
modparam("avpops", "use_domain", 1)



# ************
# ----- presence params -----
/* uncomment the following lines if you want to enable presence */
#modparam("presencepresence_xml", "db_url",
# "mysql://opensips:opensipsrw@localhost/opensips")
#modparam("presence_xml", "force_active", 1)
#modparam("presence", "server_address", "sip:localhost:5060")


# -------------------------  request routing logic -------------------

# main routing logic

route{
        # initial sanity checks -- messages with
        # max_forwards==0, or excessively long requests
        if (!mf_process_maxfwd_header("10")) {
                sl_send_reply("483","Too Many Hops");
                exit;
        };
        if (msg:len >=  2048 ) {
                sl_send_reply("513", "Message too big");
                exit;
        };

        # !! Nathelper
        # Special handling for NATed clients; first, NAT test is
        # executed: it looks for via!=received and RFC1918 addresses
        # in Contact (may fail if line-folding is used); also,
        # the received test should, if completed, should check all
        # vias for rpesence of received
        #if (nat_uac_test("3")) {
                # Allow RR-ed requests, as these may indicate that
                # a NAT-enabled proxy takes care of it; unless it is
                # a REGISTER

                if (is_method("REGISTER") ||
!is_present_hf("Record-Route")) {
                        log("LOG:Someone trying to register from private
IP, rewriting\n");
                        # This will work only for user agents that support
symmetric
                        # communication. We tested quite many of them and
majority is
                        # smart enough to be symmetric. In some phones it
takes a
                        # configuration option. With Cisco 7960, it is
called
                        # NAT_Enable=Yes, with kphone it is called
"symmetric media" and
                        # "symmetric signalling".

                        # Rewrite contact with source IP of signalling
                        fix_nated_contact();
                        if ( is_method("INVITE") ) {
                                log("@DEBUG:FIX SDP");
                                fix_nated_sdp("2"); # Add direction=active
to SDP
                        };
                        force_rport(); # Add rport parameter to topmost Via
                        setbflag(6);    # Mark as NATed

                        # if you want sip nat pinging
                        # setbflag(8);
                };
        #};

        # subsequent messages withing a dialog should take the
        # path determined by record-routing
        if (loose_route()) {
                # mark routing logic in request
                append_hf("P-hint: rr-enforced\r\n");
                route(1);
                exit;
        };
 # we record-route all messages -- to make sure that
        # subsequent messages will go through our proxy; that's
        # particularly good if upstream and downstream entities
        # use different transport protocol
        if (!is_method("REGISTER"))
                record_route();

        if (!uri==myself) {
                # mark routing logic in request
                append_hf("P-hint: outbound\r\n");
                route(1);
                exit;
        };

        # if the request is for other domain use UsrLoc
        # (in case, it does not work, use the following command
        # with proper names and addresses in it)
        if (uri==myself) {

                if (is_method("REGISTER")) {

                        # Uncomment this if you want to use digest
authentication
                        #if (!www_authorize("siphub.org", "subscriber")) {
                        #       www_challenge("siphub.org", "0");
                        #       return;
                        #};

                        save("location");
                        exit;
                };

                lookup("aliases");
                if (!uri==myself) {
                        append_hf("P-hint: outbound alias\r\n");
                        route(1);
                        exit;
                };

                # native SIP destinations are handled using our USRLOC DB
                if (!lookup("location")) {
                        sl_send_reply("404", "Not Found");
                        exit;
                };
        };
        append_hf("P-hint: usrloc applied\r\n");
        log("@DEBUG:LINE BEFORE ROUTE[1]");
        route(1);
}

route[1]
{
        # !! Nathelper
        if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" &&
!search("^Route:")){
               sl_send_reply("479", "We don't forward to private IP
addresses");
                exit;
        };

        # if client or server know to be behind a NAT, enable relay
        if (isbflagset(6)){

                if (is_method("INVITE")) {
                        log("@DEBUG:INVITE METHOD");
                        if (has_body("application/sdp")) {
                                log("@DEBUG:application/sdp");
                                if (rtpproxy_offer("195.95.167.214")) {
                                        t_on_reply("2");
                                        log("@DEBUG:RTP PROXY OFFER");
                                        }
                } else {
                        t_on_reply("3");
                }
    }
    if (is_method("ACK") && has_body("application/sdp"))
        rtpproxy_answer();
        };

        # NAT processing of replies; apply to all transactions (for example,
        # re-INVITEs from public to private UA are hard to identify as
        # NATed at the moment of request processing); look at replies
        t_on_reply("1");

        # send it out now; use stateful forwarding as it works reliably
        # even for UDP2TCP
        if (!t_relay()) {
                sl_reply_error();
        };
}

# !! Nathelper
onreply_route[1] {
        # NATed transaction ?
        if (isbflagset(6) && status =~ "(183)|2[0-9][0-9]") {
                fix_nated_contact();
                rtpproxy_answer();
        # otherwise, is it a transaction behind a NAT and we did not
        # know at time of request processing ? (RFC1918 contacts)
        } else if (nat_uac_test("1")) {
                fix_nated_contact();
        };
}
onreply_route[2]
{

    if (has_body("application/sdp"))
        rtpproxy_answer("195.95.167.214");
}

onreply_route[3]
{

    if (has_body("application/sdp"))
        rtpproxy_offer("195.95.167.214");
}



Please help me.

Thank you very much,

Chifor Bogdan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20130606/e7f70bd9/attachment-0001.htm>


More information about the Users mailing list