Hi <br>
I think I am very close to solve this issue, based on suggestions of Tavis and Klaus for openser in: <br>
<a href="http://openser.org/dokuwiki/doku.php?id=how_to_set_up_nathelper_rtpproxy_when_both_sip_ua_s_are_behind_same_nat">http://openser.org/dokuwiki/doku.php?id=how_to_set_up_nathelper_rtpproxy_when_both_sip_ua_s_are_behind_same_nat
</a><br>
<br>
I´ve
been able to disable rtpproxy in this cases but I have a problem with
accounting, if the callee hungup first appears an error and no cdr for
BYE is generated until caller hungup the call, bellow the errors and
config.
<br>
<br>
thanks for any help<br>
rafael<br>
<br>
4(22193) BYE - STOP ACCOUNTING<br>
4(22193) DEBUG: add_param: tag=3658302912<br>
<br>
4(22193) grep_sock_info - checking if host==us: 13==13 && [<a href="http://192.168.1.205">192.168.1.205</a>] == [<a href="http://10.0.2.130">10.0.2.130</a>]<br>
4(22193) grep_sock_info - checking if port 5060 matches port 5060<br>
4(22193) grep_sock_info - checking if host==us: 13==9 && [<a href="http://192.168.1.205">192.168.1.205</a>] == [<a href="http://127.0.0.1">127.0.0.1</a>]<br>
4(22193) grep_sock_info - checking if port 5060 matches port 5060<br>
4(22193) check_self: host != me<br>
4(22193) grep_sock_info - checking if host==us: 13==13 && [<a href="http://10.0.2.130">10.0.2.130</a>] == [<a href="http://10.0.2.130">10.0.2.130</a>]<br>
4(22193) grep_sock_info - checking if port 5060 matches port 5060<br>
<br>
4(22193) check_via_address(<a href="http://10.0.1.25">10.0.1.25</a>, <a href="http://192.168.1.100">192.168.1.100</a>, 0)<br>
4(22193) ERROR: udp_send: sendto(sock,0x4051e800,588,0,0x4051f2ac,16): Operation not permitted(1)<br>
4(22193) msg_send: ERROR: udp_send failed<br>
4(22193) ERROR:tm:t_forward_nonack: sending request failed<br>
4(22193) DEBUG: add_to_tail_of_timer[4]: 0x4051f2cc<br>
4(22193) DEBUG: add_to_tail_of_timer[0]: 0x4051f2dc<br>
4(22193) ERROR:tm:t_relay_to: t_forward_nonack returned error <br>
4(22193) parse_headers: flags=ffffffffffffffff<br>
4(22193) check_via_address(<a href="http://10.0.1.25">10.0.1.25</a>, <a href="http://192.168.1.100">192.168.1.100</a>, 0)<br>
4(22193) WARNING:vqm_resize: resize(0) called<br>
.<br>
.<br>
.<br>
<br>
<br>
# ----------- global configuration parameters ------------------------<br>
<br>
#/* Uncomment these lines to enter debugging mode<br>
debug=6<br>
fork=yes<br>
log_stderror=yes<br>
#*/<br>
<br>
listen=<a href="http://10.0.2.130">10.0.2.130</a><br>
listen=<a href="http://127.0.0.1">127.0.0.1</a><br>
port=5060<br>
<br>
# hostname matching an alias will satisfy the condition uri==myself".<br>
alias=<a href="http://mydomain.com.pe">mydomain.com.pe</a><br>
alias=<a href="http://10.0.2.130">10.0.2.130</a><br>
alias=<a href="http://127.0.0.1">127.0.0.1</a><br>
<br>
check_via=no # (cmd. line: -v)<br>
dns=no # (cmd. line: -r)<br>
rev_dns=no # (cmd. line: -R)<br>
children=4<br>
fifo="/tmp/openser_fifo"<br>
fifo_mode=0666 # Fifo permissions can be changes from here.<br>
<br>
# sip_warning - Should replies include extensive warnings? <br>
# By default yes, it is good for trouble-shooting.<br>
sip_warning=yes<br>
<br>
# ------------------ module loading ----------------------------------<br>
loadmodule "/usr/local/lib/openser/modules/domain.so"<br>
loadmodule "/usr/local/lib/openser/modules/avpops.so"<br>
loadmodule "/usr/local/lib/openser/modules/mysql.so"<br>
loadmodule "/usr/local/lib/openser/modules/sl.so"<br>
loadmodule "/usr/local/lib/openser/modules/tm.so"<br>
loadmodule "/usr/local/lib/openser/modules/rr.so"<br>
loadmodule "/usr/local/lib/openser/modules/maxfwd.so"<br>
loadmodule "/usr/local/lib/openser/modules/usrloc.so"<br>
loadmodule "/usr/local/lib/openser/modules/registrar.so"<br>
loadmodule "/usr/local/lib/openser/modules/group.so"<br>
loadmodule "/usr/local/lib/openser/modules/uri.so"<br>
loadmodule "/usr/local/lib/openser/modules/uri_db.so" <br>
loadmodule "/usr/local/lib/openser/modules/acc.so"<br>
loadmodule "/usr/local/lib/openser/modules/textops.so"<br>
loadmodule "/usr/local/lib/openser/modules/xlog.so"<br>
<br>
# digest authentication<br>
loadmodule "/usr/local/lib/openser/modules/auth.so"<br>
loadmodule "/usr/local/lib/openser/modules/auth_db.so"<br>
<br>
# !! Nathelper<br>
loadmodule "/usr/local/lib/openser/modules/nathelper.so"<br>
<br>
# ----------------- setting module-specific parameters ---------------<br>
<br>
modparam("usrloc", "db_mode", 2)<br>
<br>
# minimize write back window - default is 60 seconds<br>
modparam("usrloc", "timer_interval", 10)<br>
<br>
# database location<br>
modparam("usrloc", "db_url", "<a href="mysql://admin:heslo@localhost/openser">mysql://admin:heslo@localhost/openser</a>")<br>
<br>
modparam("usrloc", "use_domain", 1)<br>
modparam("auth_db", "use_domain", 1)<br>
<br>
modparam("domain", "db_mode", 1)<br>
modparam("domain", "domain_table", "domain")<br>
modparam("domain", "domain_col", "domain")<br>
<br>
# ------------- Mysql Accounting parameters<br>
modparam("acc", "log_flag", 1)<br>
modparam("acc", "log_level", 2)<br>
modparam("acc", "db_flag", 1)<br>
modparam("acc", "db_missed_flag", 3)<br>
modparam("acc", "log_missed_flag", 3)<br>
modparam("acc", "db_url", "<a href="mysql://admin:heslo@localhost/openser">mysql://admin:heslo@localhost/openser</a>")<br>
modparam("acc", "report_ack", 0)<br>
modparam("acc", "log_fmt", "miocfsputdr")<br>
<br>
modparam("tm", "fr_timer", 20 )<br>
modparam("tm", "fr_inv_timer", 40 ) # Timer which hits if no final reply for an INVITE<br>
modparam("tm", "wt_timer", 20 )<br>
<br>
# add value to ;lr param to make some broken UAs happy<br>
modparam("rr", "enable_full_lr", 1)<br>
<br>
modparam("group", "db_url", "<a href="mysql://seradmin:heslo@localhost/openser">mysql://seradmin:heslo@localhost/openser</a>")<br>
modparam("uri_db", "db_url", "<a href="mysql://seradmin:heslo@localhost/openser">mysql://seradmin:heslo@localhost/openser</a>")<br>
<br>
# ------------- registration parameters<br>
modparam("registrar", "nat_flag", 6)<br>
modparam("registrar", "min_expires", 60)<br>
modparam("registrar", "max_expires", 86400)<br>
modparam("registrar", "default_expires", 3600)<br>
modparam("registrar", "desc_time_order", 1)<br>
modparam("registrar", "append_branches", 1)<br>
<br>
modparam("registrar", "use_domain", 1)<br>
<br>
# !! Nathelper<br>
# modparam("registrar", "nat_flag", 6)<br>
modparam("nathelper", "natping_interval", 30) # Ping interval 30 s<br>
modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT<br>
<br>
# -------------------------- request routing logic --------------------------<br>
<br>
route {<br>
<br>
log(1, "-------------------------------------------\n");<br>
log(1, "entering main loop\n");<br>
<br>
<br>
# initial sanity checks -- messages with<br>
# max_forwards==0, or excessively long requests<br>
if (!mf_process_maxfwd_header("10")) {<br>
sl_send_reply("483","Too Many Hops");<br>
return;<br>
};<br>
if ( msg:len >= max_len ) {<br>
sl_send_reply("513", "Message too big");<br>
return;<br>
};<br>
<br>
# set flag for Radius Accounting:<br>
if (!method=="OPTIONS") setflag(3); <br>
<br>
if (method=="INVITE") {<br>
log(1, "INVITE MESSAGE RECEIVED - START ACC\n");<br>
setflag(1); /* set for accounting (the same value as in log_flag!) */<br>
};<br>
<br>
if (method=="BYE") {<br>
log (1, "BYE - STOP ACCOUNTING\n");<br>
setflag(1);<br>
};<br>
<br>
if (method=="CANCEL") {<br>
log (1, "CANCEL - STOP ACCOUNTING\n");<br>
setflag(1);<br>
};<br>
<br>
<br>
# -----------------------------------------------------------------<br>
# Record Route Section<br>
# -----------------------------------------------------------------<br>
# record-route all messages -- to make sure that<br>
# subsequent messages will go through our proxy; that's<br>
# particularly good if upstream and downstream entities<br>
# use different transport protocol<br>
<br>
if (!method=="REGISTER") record_route();<br>
<br>
if (method=="BYE" || method=="CANCEL") {<br>
unforce_rtp_proxy();<br>
}; <br>
<br>
# -----------------------------------------------------------------<br>
# Loose Route Section<br>
# -----------------------------------------------------------------<br>
if (loose_route() && (!src_ip==<a href="http://10.0.2.130">10.0.2.130</a> && !src_port==5070)) {<br>
<br>
if (has_totag() && (method=="INVITE" || method=="ACK")) {<br>
if (nat_uac_test("19")) {<br>
setflag(7);<br>
force_rport();<br>
fix_nated_contact();<br>
};<br>
force_rtp_proxy("l");<br>
};<br>
route(2);<br>
return;<br>
};<br>
<br>
# -----------------------------------------------------------------<br>
# Call Type Processing Section<br>
# -----------------------------------------------------------------<br>
if (!uri==myself && (!src_ip==<a href="http://10.0.2.130">10.0.2.130</a> && !src_port==5070)) {<br>
route(1);<br>
return;<br>
};<br>
<br>
if (method=="CANCEL") {<br>
route(2);<br>
return;<br>
};<br>
<br>
if (method == "REGISTER") {<br>
<br>
if (!search("^Contact:[ ]*\*") && nat_uac_test("19")) {<br>
setflag(6);<br>
fix_nated_register();<br>
force_rport();<br>
};<br>
<br>
sl_send_reply("100", "Trying");<br>
<br>
log(1, "ANALYZING REGISTER REQUEST\n");<br>
<br>
# ... to use digest authentication<br>
if (is_user_in("Request-URI", "desactivado")) {<br>
sl_send_reply("402", "Su cuenta fue desactivada por falta de pago");<br>
return;<br>
};<br>
<br>
if (!www_authorize("", "subscriber")) {<br>
log(1," ----- Fails to Register \n");<br>
www_challenge("", "0");<br>
return;<br>
};<br>
<br>
# only signed users are allowed <br>
if (!check_to()) {<br>
log(1, "LOG: Hijack!!!--> unsigned user registration attempt\n");<br>
sl_send_reply("403", "hijack attempt!!!! Only signed users are allowed");<br>
return;<br>
};<br>
consume_credentials();<br>
log(1," Registered!!! \n");<br>
if (!save("location")) {<br>
sl_reply_error();<br>
};<br>
return;<br>
};<br>
<br>
<br>
# INVITE ? First check the source of the call<br>
#********************************************<br>
# If the call comes from the gateways, no authentication is required.<br>
if (method == "INVITE" && (src_ip==<a href="http://10.0.2.145">10.0.2.145</a> || src_ip==<a href="http://10.0.2.132">10.0.2.132</a> || src_ip==<a href="http://10.0.2.131">10.0.2.131</a>)) {<br>
log(1,"Call from pstn|*, no authentication is required. \n");<br>
<br>
# If the call comes from B2BUA, no authentication is required. <br>
# The first leg of the call has already been authenticated.<br>
} else if (src_ip==<a href="http://10.0.2.130">10.0.2.130</a> && src_port==5070) {<br>
log(1,"Call from B2BUA, no authentication is required. \n");<br>
} else { <br>
log(1, "ANALYZING INVITE REQUESTs\n");<br>
if (method == "INVITE" && !src_ip==<a href="http://10.0.2.130">10.0.2.130</a> && !src_port==5070){<br>
<br>
if (!proxy_authorize("", "subscriber")) {<br>
proxy_challenge("", "0");<br>
return;<br>
} else {<br>
if (!check_from()) {<br>
sl_send_reply("403", "Only registered users are allowed"); <br>
log(1," ----> Only registered users are allowed \n");<br>
return;<br>
};<br>
consume_credentials();<br>
<br>
if (nat_uac_test("19")) {<br>
setflag(7);<br>
};<br>
};<br>
<br>
<br>
# Not all the users are PREPAID, so we check the database<br>
# to see if the call will be routed through B2BUA.<br>
# If every call is to be routed through B2BUA the "is_user_in"<br>
# conditional is not required.<br>
# Do not use b2bua for local calls (660++++)<br>
<br>
if (is_user_in("From", "prepaidb") && uri=~"^sip:00") {<br>
log(1," ----> Usuario PREPAGO!!! enviando a b2bua... \n");<br>
rewritehostport("<a href="http://10.0.2.130:5070">10.0.2.130:5070</a>");<br>
t_relay_to_udp("<a href="http://10.0.2.130">10.0.2.130</a>", "5070");<br>
return;<br>
};<br>
<br>
}; <br>
}; # End of if (method == "INVITE" |...<br>
<br>
<br>
/* *********** Dial out to Local and PSTN logic ********* */ <br>
<br>
if(uri=~"^sip:00"){<br>
log(1,"00N match - Larga Distancia Internacional \n");<br>
if (!is_user_in("from", "ldix")) {<br>
log(1,"No permission for international calls \n");<br>
sl_send_reply("403", "No permission for international calls");<br>
acc_db_request("403 Forbidden", "missed_calls");<br>
return;<br>
};<br>
rewritehostport("<a href="http://10.0.2.131:5070">10.0.2.131:5070</a>");<br>
strip(2);<br>
route(1);<br>
return;<br>
};<br>
<br>
/* ******************************************************************** */ <br>
<br>
lookup("aliases");<br>
if (uri!=myself) {<br>
route(1);<br>
return;<br>
};<br>
<br>
<br>
# does the user wish redirection on no availability? (i.e., is he<br>
# in the voicemail group?) -- determine it now and store it in<br>
# flag 4, before we rewrite the flag using UsrLoc<br>
<br>
if (is_user_in("Request-URI", "voicemail")) {<br>
log(1, "requested user is in voicemail group \n");<br>
setflag(4);<br>
};<br>
<br>
# native SIP destinations are handled using our USRLOC DB<br>
if (!lookup("location")) {<br>
log(1,"unable to locate user X ... sending to route(4)! \n");<br>
# handle user which was not found<br>
route(4);<br>
return;<br>
};<br>
<br>
<br>
### Check if UAS are behind the same NAT system: ###<br>
<br>
if (isflagset(6) && isflagset(7)){<br>
log(2, "Both Clients are behind NAT");<br>
# Store the destination domain into an AVP<br>
avp_printf("i:450", "$dd");<br>
if (avp_check("i:450", "eq/$src_ip/g")){<br>
log(3, "Detected Two Clients Behind the Same NAT - Disabling Mediaproxy");<br>
# Do not use media-proxy as the clients seem to be behind the same NAT<br>
resetflag(6);<br>
resetflag(7);<br>
route(2);<br>
return;<br>
};<br>
};<br>
<br>
route(1);<br>
<br>
# if user is on-line and is in Voicemail group, enable redirection<br>
if (method == "INVITE" && isflagset(4)) {<br>
log(1, "invite for voicemail user->initiate failureroute[1]\n");<br>
t_on_failure("1");<br>
};<br>
}<br>
<br>
### ##### ####### ########## ########### ############### ################# #####################<br>
<br>
route[1] <br>
{<br>
<br>
# if client or server know to be behind a NAT, enable relay<br>
if (isflagset(6) || isflagset(7)) {<br>
force_rport();<br>
fix_nated_contact();<br>
force_rtp_proxy();<br>
};<br>
<br>
# NAT processing of replies; apply to all transactions (for example,<br>
# re-INVITEs from public to private UA are hard to identify as<br>
# NATed at the moment of request processing); look at replies<br>
t_on_reply("1");<br>
<br>
# send it out now; use stateful forwarding as it works reliably<br>
# even for UDP2TCP<br>
<br>
if (!t_relay()) {<br>
if (method=="INVITE" && (isflagset(6) || isflagset(7))) {<br>
unforce_rtp_proxy();<br>
};<br>
sl_reply_error();<br>
};<br>
log(1, "Route[1]: Send it out now!!!\n");<br>
}<br>
<br>
# !! Nathelper<br>
onreply_route[1] {<br>
# NATed transaction ?<br>
# Not all 2xx messages have a content body so here we<br>
# make sure our Content-Length > 0 to avoid a parse error<br>
<br>
if ((isflagset(6) || isflagset(7)) && status =~ "(183)|2[0-9][0-9]") {<br>
fix_nated_contact();<br>
if (!search("^Content-Length:\ 0")) {<br>
force_rtp_proxy();<br>
log(1, "onreply_route1: force rtp proxy!!!\n");<br>
};<br>
# otherwise, is it a transaction behind a NAT and we did not<br>
# know at time of request processing ? (RFC1918 contacts)<br>
} else if (nat_uac_test("1")) {<br>
fix_nated_contact();<br>
};<br>
}<br>
<br>
# -------------- Default Message Handler ---------------------<br>
<br>
route[2]{ <br>
<br>
# ----------------------------------------------------<br>
# Default Message Handler<br>
# ----------------------------------------------------<br>
<br>
t_on_reply("1");<br>
<br>
if (!t_relay()) {<br>
if (method=="INVITE" && isflagset(7)) {<br>
unforce_rtp_proxy();<br>
};<br>
sl_reply_error();<br>
};<br>
}<br>
<br>
# --------------- Handling of Unavailable user ----------------<br>
<br>
route[4] {<br>
<br>
# non-Voip -- just send "off-line"<br>
if (!(method=="INVITE" || method=="ACK" || method=="CANCEL" || method=="BYE" || method=="OPTIONS")) {<br>
sl_send_reply("404", "Not Found");<br>
acc_db_request("404 Not Found", "missed_calls");<br>
log(1, "acc 404 Not Found 1 \n");<br>
return;<br>
};<br>
<br>
# not voicemail subscriber<br>
if (!isflagset(4) && !method=="OPTIONS" && !method=="ACK" && !method=="BYE") { <br>
sl_send_reply("404", "Not Found and no voicemail turned on !! ");<br>
acc_db_request("404 Not Found", "missed_calls");<br>
log(1, " acc 404 Not Found and no voicemail \n");<br>
return;<br>
};<br>
<br>
# forward to voicemail adding prefix to simplify asterisk "extension.conf" ::<br>
# exten => _vmXXXXXXX,1,SetLanguage(es)<br>
# exten => _vmXXXXXXX,2,Voicemail(u${EXTEN:2})<br>
# exten => _vmXXXXXXX,3,Hangup<br>
prefix("vm"); <br>
acc_db_request("404 Not Found -> Vm", "missed_calls");<br>
rewritehostport("<a href="http://10.0.2.131:5070">10.0.2.131:5070</a>");<br>
t_relay_to_udp("<a href="http://10.0.2.131">10.0.2.131</a>", "5070");<br>
}<br>
<br>
# If forwarding downstream did not succeed, try voicemail running at Asterisk <br>
<br>
failure_route[1]{<br>
if (t_check_status("408")){<br>
# revert_uri (); back to the original URI, makes me loose all lookup/rewrite stuff<br>
prefix("vm");<br>
rewritehostport ("<a href="http://10.0.2.131:5070">10.0.2.131:5070</a>");<br>
acc_db_request("408 Timeout -> Vm", "missed_calls");<br>
append_branch();<br>
t_relay();<br>
return;<br>
} else if (t_check_status("486")){<br>
# revert_uri (); back to the original URI, makes me loose all lookup/rewrite stuff<br>
prefix("vm");<br>
rewritehostport ("<a href="http://10.0.2.131:5070">10.0.2.131:5070</a>");<br>
acc_db_request("486 Busy -> Vm", "missed_calls");<br>
append_branch();<br>
t_relay();<br>
return;<br>
}<br>
}<br>
<br>
<br>