[OpenSIPS-Users] udp or tcp for nat traversal?

Bogdan-Andrei Iancu bogdan at opensips.org
Wed Oct 15 14:46:02 CEST 2014


Hi George,

Not sure if a media relay process has anything to do with the ability to 
send traffic to an UAC - do you actually see with ngrep/tcpdump the 
request (on the network level) sent by opensips to the UAC ?

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 15.10.2014 15:06, george wu wrote:
> Hi, Bogdan:
>
> I think I have found the problem.
> I am using mediaproxy. If I kill that proxy.
> suddenly the uac can get the message.
> So it is quite obvious that my mediaproxy setting is not correct.
> Just I don't know how to fix it. I modify it from my old rtpproxy setting.
>
>
> George
>
> /////////////////////
>
>
> ####  NAT modules
> loadmodule "nathelper.so"
> modparam("nathelper", "natping_interval", 10)
> modparam("nathelper", "ping_nated_only", 1)
> modparam("nathelper", "received_avp", "$avp(received_nh)")
>
> #loadmodule "rtpproxy.so"
> #modparam("rtpproxy", "rtpproxy_sock", "udp:localhost:12221") # 
> CUSTOMIZE ME
>
> loadmodule "mediaproxy.so"
> modparam("mediaproxy", "mediaproxy_socket", 
> "/var/run/mediaproxy/dispatcher.sock")
> modparam("mediaproxy", "ice_candidate", "low-priority")
>
>
>
>
> ####### Routing Logic ########
>
> # main request routing logic
>
> route{
>     force_rport();
>     if (nat_uac_test("23")) {
>         if (is_method("REGISTER")) {
>             fix_nated_register();
>             setbflag(NAT);
>         } else {
>             fix_nated_contact();
>             setflag(NAT);
>         }
>     }
>
>
>     if (!mf_process_maxfwd_header("10")) {
>         sl_send_reply("483","Too Many Hops");
>         exit;
>     }
>
>     if (has_totag()) {
>         # sequential request withing a dialog should
>         # take the path determined by record-routing
>         if (loose_route()) {
>
>             if (is_method("BYE")) {
>                 setflag(ACC_DO); # do accounting ...
>                 setflag(ACC_FAILED); # ... even if the transaction fails
>             } else if (is_method("INVITE")) {
>                 # even if in most of the cases is useless, do RR for
>                 # re-INVITEs alos, as some buggy clients do change 
> route set
>                 # during the dialog.
>                 record_route();
>             }
>
>             if (check_route_param("nat=yes"))
>                 setflag(NAT);
>
>             # route it out to whatever destination was set by 
> loose_route()
>             # in $du (destination URI).
>             route(relay);
>         } else {
>
>             if ( is_method("ACK") ) {
>                 if ( t_check_trans() ) {
>                     # non loose-route, but stateful ACK; must be an 
> ACK after
>                     # a 487 or e.g. 404 from upstream server
>                     t_relay();
>                     exit;
>                 } else {
>                     # ACK without matching transaction ->
>                     # ignore and discard
>                     exit;
>                 }
>             }
>             sl_send_reply("404","Not here");
>         }
>         exit;
>     }
>
>     # CANCEL processing
>     if (is_method("CANCEL"))
>     {
>         if (t_check_trans())
>             t_relay();
>         exit;
>     }
>
>     t_check_trans();
>
>     if ( !(is_method("REGISTER")  ) ) {
>
>         if (from_uri==myself)
>
>         {
>
>         } else {
>             # if caller is not local, then called number must be local
>
>             if (!uri==myself) {
>                 send_reply("403","Rely forbidden");
>                 exit;
>             }
>         }
>
>     }
>
>     # preloaded route checking
>     if (loose_route()) {
>         xlog("L_ERR",
>         "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
>         if (!is_method("ACK"))
>             sl_send_reply("403","Preload Route denied");
>         exit;
>     }
>
>     # record routing
>     if (!is_method("REGISTER|MESSAGE"))
>         record_route();
>
>     # account only INVITEs
>     if (is_method("INVITE")) {
>
>         setflag(ACC_DO); # do accounting
>     }
>
>
>     if (!uri==myself) {
>         append_hf("P-hint: outbound\r\n");
>
>         # if you have some interdomain connections via TLS
>         ## CUSTOMIZE IF NEEDED
>         ##if ($rd=="tls_domain1.net"
>         ## || $rd=="tls_domain2.net"
>         ##) {
>         ##    force_send_socket(tls:127.0.0.1:5061); # CUSTOMIZE
>         ##}
>
>         route(relay);
>     }
>
>     # requests for my domain
>
>     if (is_method("PUBLISH|SUBSCRIBE"))
>     {
>         sl_send_reply("503", "Service Unavailable");
>         exit;
>     }
>
>     if (is_method("REGISTER"))
>     {
>
>
>         if ( proto==TCP || proto==TLS || 0 ) setflag(TCP_PERSISTENT);
>
>         if (!save("location"))
>             sl_reply_error();
>
>         exit;
>     }
>
>     if ($rU==NULL) {
>         # request with no Username in RURI
>         sl_send_reply("484","Address Incomplete");
>         exit;
>     }
>
>
>
>
>
>
>
>     # do lookup with method filtering
>     if (!lookup("location","m")) {
>
>
>         t_newtran();
>         t_reply("404", "Not Found");
>         exit;
>     }
>
>     if (isbflagset(NAT)) setflag(NAT);
>
>     # when routing via usrloc, log the missed calls also
>     setflag(ACC_MISSED);
>     route(relay);
> }
>
>
> route[relay] {
>     # for INVITEs enable some additional helper routes
>     if (is_method("INVITE")) {
>
>         if (isflagset(NAT)) {
> #            rtpproxy_offer("ro");
>                         use_media_proxy();
>
>         }
>
>         t_on_branch("per_branch_ops");
>         t_on_reply("handle_nat");
>         t_on_failure("missed_call");
>     }
>         if (is_method("BYE")) {
>                 if (isflagset(NAT)) {
>                         end_media_session();
>                 }
>         }
>
>
>     if (isflagset(NAT)) {
>         add_rr_param(";nat=yes");
>         }
>
>     if (!t_relay()) {
>         send_reply("500","Internal Error");
>     };
>     exit;
> }
>
>
>
>
> branch_route[per_branch_ops] {
>     xlog("new branch at $ru\n");
> }
>
>
> onreply_route[handle_nat] {
>     if (nat_uac_test("1"))
>         fix_nated_contact();
> #    if ( isflagset(NAT) )
> #        rtpproxy_answer("ro");
>         if (is_method("INVITE")) {
>                 if (isflagset(NAT)) {
>                         use_media_proxy();
>                 }
>         }
>         if (is_method("BYE")) {
>                 if (isflagset(NAT)) {
>                         end_media_session();
>                 }
>         }
>
>     xlog("incoming reply\n");
> }
>
>
> failure_route[missed_call] {
>     if (t_was_cancelled()) {
>         exit;
>     }
>
>     # uncomment the following lines if you want to block client
>     # redirect based on 3xx replies.
>     ##if (t_check_status("3[0-9][0-9]")) {
>     ##t_reply("404","Not found");
>     ##    exit;
>     ##}
>
>
> }
>
>
>
>
>
> 在 2014-10-15 15:13:00,"Bogdan-Andrei Iancu" <bogdan at opensips.org> 写道:
>
>     Hi George,
>
>     If your OpenSIPS fails to reach the UAC is because of two reasons:
>         - NAT pinhole is closed - but if pinging is done, it shouldn't be
>         - opensips is trying to contact UAC via wrong IP:port - can
>     you confirm that when calling the UAC, OpenSIPS sends the INVITE
>     to same IP and port as where the pingings are coming from ?
>
>     TCP works as this part is "automatically" resolved because of the
>     connection (where the other pipe is known).
>
>     Regards,
>
>     Bogdan-Andrei Iancu
>     OpenSIPS Founder and Developer
>     http://www.opensips-solutions.com
>
>     On 15.10.2014 03:24, george wu wrote:
>>
>>     Hi, Bogdan-Andrei:
>>
>>     For udp, it fails when reaching the UAC even though the UAC keeps
>>     pinging the server all the time.
>>
>>     For tcp, although it works. I find something interesting.
>>     Only when the client pings the server, the invite message is sent
>>     to the UAC.
>>     In my understanding, the server should be able to send message to
>>     the UAC since the
>>     tcp connection is open. Actually the sip server is unable to send
>>     message to the UAC.
>>
>>     About the firewall type, I use opensipsctl ul show/rm to check.
>>     I find every time when it register, i get the same ip/portmost of
>>     time.
>>     But occasionally it might get different ip/port.
>>     I believe it is nat within a cone.
>>
>>     I am using ice, the ice only work after the first invite message
>>     is delivered to the peer.
>>     My ice with mediaproxy works perfectly.
>>
>>
>>     George Wu
>>
>>     At 2014-10-15 00:22:46, "Bogdan-Andrei Iancu"
>>     <bogdan at opensips.org> wrote:
>>
>>         Hi George,
>>
>>         NAT traversal is not only about pinging, but also about
>>         mangling/correcting the SIP traffic (from private IPs
>>         perspective) and ensuring the RTP flow.
>>
>>         So you need to be sure that all 3 points are addressed.
>>
>>         TCP versus UDP - there is only a difference at IP transport
>>         level...like datagram versus connection, and their
>>         implications at NAT level (being able to reach the device
>>         behind the nat). Otherwise it;s the same.
>>
>>         For UDP, can you see what fails ? the registration? reaching
>>         the UAC ?
>>
>>         Regards,
>>
>>         Bogdan-Andrei Iancu
>>         OpenSIPS Founder and Developer
>>         http://www.opensips-solutions.com
>>
>>         On 14.10.2014 18:37, george wu wrote:
>>>         My experience is for two uac (linphone) behind a firewall,
>>>         tcp/tls will always work.
>>>         udp will never work.
>>>
>>>         for both tcp/udp, my uac will send keep alive every 10 seconds.
>>>         I don't understand what makes those difference.
>>>         Can any one  share your experience?
>>>
>>>         George Wu
>>>
>>>
>>>
>>>
>>>
>>>
>>>         _______________________________________________
>>>         Users mailing list
>>>         Users at lists.opensips.org
>>>         http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20141015/e6e87313/attachment-0001.htm>


More information about the Users mailing list