<div dir="ltr"><div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Hi David,</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Sorry for the late reply, but here it is:</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif">My config:</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif">if(is_method("REGISTER")){<br>  if (is_present_hf("Authorization")) {<br>    route(ATTEMPT_AUTHORIZATION);<br>  } else {<br>    add_uri_param("nat=yes");<br>    auth_challenge("$fd", "0");<br>    exit;<br>  }<br>}<br><br>Challenge and response:</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br>SIP/2.0 401 Unauthorized<br>Via: SIP/2.0/TLS 192.168.0.1:39329;rport=43648;branch=z9hG4bK1b76da3e-1749-46f5-8e87-7320b967c5a4;alias;received=1.2.3.4<br>From: <<a href="mailto:sip%3Auser@sip.domain.com">sip:user@sip.domain.com</a>>;tag=f11c81da-ad20-4df1-9c71-cb8bace862ce<br>To: <<a href="mailto:sip%3Auser@sip.domain.com">sip:user@sip.domain.com</a>>;tag=61fed0b66377dfce2e6266f6ac54bc0e.fc1b940b<br>Call-ID: abbd756e-d89a-42be-a668-f5f1597e233a<br>CSeq: 3583 REGISTER<br>WWW-Authenticate: Digest realm="<a href="http://sip.domain.com">sip.domain.com</a>", nonce="Xlz8IV5c+vWQwkBJWZGyufmmkpGUNohH"<br>Content-Length: 0<br><br>REGISTER sip:sip.domain.com:5061;transport=tls SIP/2.0<br>Via: SIP/2.0/TLS 1.2.3.4:43648;rport;branch=z9hG4bKd1d8a846-5e3f-4d5e-a9cf-6920bbceceb2;alias<br>Max-Forwards: 69<br>From: <<a href="mailto:sip%3Auser@sip.domain.com">sip:user@sip.domain.com</a>>;tag=f11c81da-ad20-4df1-9c71-cb8bace862ce<br>To: <<a href="mailto:sip%3Auser@sip.domain.com">sip:user@sip.domain.com</a>><br>Call-ID: abbd756e-d89a-42be-a668-f5f1597e233a<br>CSeq: 3584 REGISTER<br>User-Agent: TalkHome/3.0.9 (samsung SM-G973F; Android 10) pjsip/2.6<br>Supported: outbound, path<br>Contact: <sip:user@1.2.3.4:43648;transport=TLS;ob>;+sip.ice;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000e922f243>"<br>Expires: 300<br>Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS<br>Authorization: Digest username="user", realm="<a href="http://sip.domain.com">sip.domain.com</a>", nonce="Xlz8IV5c+vWQwkBJWZGyufmmkpGUNohH", uri="sip:sip.domain.com:5061;transport=tls", response="97e3445bc7302a4bcc6a74b145dc4efc"<br>Content-Length:  0<br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Thanks</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 28 Feb 2020 at 17:03, David Villasmil <<a href="mailto:david.villasmil.work@gmail.com">david.villasmil.work@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div dir="auto">Can you paste the challenge and responses?</div></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 28 Feb 2020 at 14:50, Awal Junanto <<a href="mailto:a.junanto@gmail.com" target="_blank">a.junanto@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">I added a call to add_uri_param("nat=yes") before auth_challenge("$fd", "0"), but couldn't see any difference in the actual SIP messages. The challenge (and the response) didn't contain that newly added keyword. Or am I missing something here?</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 28 Feb 2020 at 13:58, David Villasmil <<a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div dir="auto">There probably is a better way of doing this, but maybe you can store the fact that the first register came from a natted device in the locations table (or a hash).</div><div dir="auto"><br></div><div dir="auto">Or maybe add a parameter when challenging where you state the client is natting?</div><div dir="auto"><br></div><div dir="auto">Something like this</div><div dir="auto"><br></div><div dir="auto"><div><a href="https://kamailio.org/docs/modules/3.1.x/modules_k/siputils.html#id2769802" target="_blank">https://kamailio.org/docs/modules/3.1.x/modules_k/siputils.html#id2769802</a></div><br></div><div dir="auto"><br></div><div dir="auto">Hope that helps</div><div dir="auto"><br></div><div dir="auto">David</div></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 28 Feb 2020 at 12:03, Awal Junanto <<a href="mailto:a.junanto@gmail.com" target="_blank">a.junanto@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">Hi,</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"><br></div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">We are building a service where we need to detect NAT when the clients register to our server. We are struggling in analyzing NAT status of some clients which modify their IP addresses/ports in the headers according to the value of "received" parameter sent during "401 Unauthorized" response.</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"><br></div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">Here's the flow:</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"><br></div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">Client->Server</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">REGISTER sip:...</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">Via: SIP/2.0/TLS 192.168.0.1:41157;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;alias</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">Contact: <sip:user@192.168.0.1:42251;transport=TLS;ob></div><div style="font-family:"trebuchet ms",sans-serif"><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">...</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"></div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"></div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">Server->Client</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">SIP/2.0 401 Unauthorized<br></div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">Via: SIP/2.0/TLS 192.168.0.1:41157;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;alias;received=1.2.3.4</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">WWW-Authenticate: ...<br></div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">...</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"><br></div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">Client->Server</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">REGISTER sip:...</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"></div></div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">Via: SIP/2.0/TLS 1.2.3.4:6201;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;alias</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">Contact: <sip:user@

1.2.3.4:6201;transport=TLS;ob></div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">Authorization: ...<br></div><div style="font-family:"trebuchet ms",sans-serif"><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">...</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"></div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"></div></div></div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"><br></div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">By the time the client is authenticated, there is no way to detect whether the request was coming from a natted device or not by just analysing the Via or Contact headers.</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"><br></div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">Thanks in advance.</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"><br></div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"></div></div></div></div><div><br></div></div>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div></div>-- <br><div dir="ltr"><div dir="ltr"><div>Regards,</div><div><br></div>David Villasmil<div>email: <a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.com</a></div><div>phone: +34669448337</div></div></div>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr"><div dir="ltr"><div><font face="trebuchet ms, sans-serif" style="font-family:"trebuchet ms",sans-serif;color:rgb(0,0,0)">Best Regards,</font></div><font face="trebuchet ms, sans-serif" style="font-family:"trebuchet ms",sans-serif;color:rgb(0,0,0)">Awal</font></div></div>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div></div>-- <br><div dir="ltr"><div dir="ltr"><div>Regards,</div><div><br></div>David Villasmil<div>email: <a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.com</a></div><div>phone: +34669448337</div></div></div>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><font face="trebuchet ms, sans-serif">Best Regards,</font></div><font face="trebuchet ms, sans-serif">Awal</font></div></div>