sr-users-es January 2012

sr-users-es@lists.kamailio.org

2 participants
2 discussions

Problema con NAT y RTPPROXY
by David Candamil Santos 26 Mar '12

26 Mar '12

Hola, estoy utilizando kamailio 3.2.0 (x86_64/linux) y desde hace unos días estoy intentando comunicar un softphone desde el interior de una red con NAT con el exterior. La configuración es la siguiente: Softphone (192.168.0.5) <--> Kamailio (192.168.0.3) <--> Router (192.168.0.1) <--> Softphone sobre smartphone Todos los puertos del router están redireccionados a 192.168.0.3 Tengo instalado rtpproxy 1.2.1-1 con la siguiente configuración: --------------------------/etc/defaults/rtpproxy-------------------------------- # The control socket. #CONTROL_SOCK="unix:/var/run/rtpproxy/rtpproxy.sock" # To listen on an UDP socket, uncomment this line: CONTROL_SOCK=udp:127.0.0.1:22222 # Additional options that are passed to the daemon. EXTRA_OPTS="-l candamil.dyndns.org" ---------------------------------------------------------------------------------------- y el funcionamiento es correcto. Este es el mensaje de salida del log de kamailio: ---------------------------------------------------------------------------------------------- Nov 12 20:09:13 condor kamailio[7001]: INFO: rtpproxy [rtpproxy.c:1415]: rtp proxy <udp:127.0.0.1:22222> found, support for it enabled ----------------------------------------------------------------------------------------------- Tanto el softphone del interior de la red como el del exterior son linphone. La configuración del del interior de la red es la siguiente: SIP identity: sip:1001@192.168.0.3 SIP proxy: sip:192.168.0.3 Indico conexión directa a internet. En la del externo especifico como proxy y domain "candamil.dyndns.org", que es la dirección DNS que apunta a la IP de mi router. En este caso, los síntomas son los siguientes: La autentificación de ambos, tanto externo como interno, es correcta. Al realizar una llamada en cualquiera de los dos sentidos, el softphone suena y la llamada se contesta y cuelga correctamente, pero no se transmite la señal de voz. En el log figura el siguiente mensaje: ---------------------------------------------------------------------------------------------- Nov 12 20:23:14 condor kamailio[6991]: ERROR: rtpproxy [rtpproxy.c:2260]: incorrect port 0 in reply from rtp proxy ---------------------------------------------------------------------------------------------- Ocurre lo mismo si en el interno indico que está tras NAT, con la ip del router, y que está tras NAT con un servidor STUN (stunserver.org). En los 3 casos, en el softphone externo, figura una llamada de 1001(a)192.168.0.3, mientras que en el interno, figura una llamada de 1002(a)candamil.dyndns.org. Si cambio en el softphone interno el proxy a sip:candamil.dyndns.org, todo se vuelve a repetir. Si lo que hago es cambiar la SIP identity a sip:1001@candamil.dyndns.org, al realizar una llamada desde interno a externo, el interno no llega a percatarse de que se respondió a la llamada, y aparece el siguiente error en el log: ---------------------------------------------------------------------------------------------------------- Nov 12 20:53:00 condor kamailio[7306]: ERROR: <core> [parser/parse_via.c:2600]: ERROR: parse_via: invalid port number <5060ranch=z9hG4bKc 50f.b4825246.0> Nov 12 20:53:00 condor kamailio[7306]: ERROR: <core> [parser/parse_via.c:2629]: ERROR: parse_via on: <SIP/2.0/UDP 192.168.0.3:5060ranch=z 9hG4bKc50f.b4825246.0;received=87.223.138.84#015#012Via: SIP/2.0/UDP 87.223.138.84:5060;rport=5060;branch=z9hG4bK1021772993#015#012From: <sip:1001@candamil.dyndns.org>;tag=783852345#015#012To: < sip:1002@candamil.dyndns.org>#015#012Call-ID: 1644787160#015#012CSeq: 21 INVITE# 015#012User-Agent: Linphone/3.4.0 (eXosip2/unknown)#015#012Content-Length: 0#015#012#015#012> ------------------------------------------------------------------------------------------------------------ Por el contrario, haciendo una llamada desde el externo al interno, ocurre lo mismo que antes. Por último, esta es la configuración relevante de kamailio: -----------------------------------------kamailio.cfg---------------------------------------------------- #!define WITH_MYSQL #!define WITH_AUTH #!define WITH_NAT ####### Defined Values ######### # *** Value defines - IDs used later in config #!ifdef WITH_MYSQL # - database URL - used to connect to database server by modules such # as: auth_db, acc, usrloc, a.s.o. #!define DBURL "mysql://openser:openserrw@localhost/openser" #!endif #!ifdef WITH_MULTIDOMAIN # - the value for 'use_domain' parameters #!define MULTIDOMAIN 1 #!else #!define MULTIDOMAIN 0 #!endif # - flags # FLT_ - per transaction (message) flags # FLB_ - per branch flags #!define FLT_ACC 1 #!define FLT_ACCMISSED 2 #!define FLT_ACCFAILED 3 #!define FLT_NATS 5 #!define FLB_NATB 6 #!define FLB_NATSIPPING 7 ####### Global Parameters ######### /* uncomment the next line to disable the auto discovery of local aliases based on reverse DNS on IPs (default on) */ #auto_aliases=no /* add local domain aliases */ alias="candamil.dyndns.org" /* port to listen to * - can be specified more than once if needed to listen on many ports */ port=5060 #!ifdef WITH_TLS enable_tls=yes #!endif # life time of TCP connection when there is no traffic # - a bit higher than registration expires to cope with UA behind NAT tcp_connection_lifetime=3605 ####### Custom Parameters ######### #!ifdef WITH_PSTN # PSTN GW Routing # # - pstn.gw_ip: valid IP or hostname as string value, example: # pstn.gw_ip = "10.0.0.101" desc "My PSTN GW Address" # # - by default is empty to avoid misrouting pstn.gw_ip = "" desc "PSTN GW Address" #!endif ####### Modules Section ######## #!ifdef WITH_MYSQL loadmodule "db_mysql.so" #!endif #!ifdef WITH_AUTH loadmodule "auth.so" loadmodule "auth_db.so" #!ifdef WITH_NAT loadmodule "nathelper.so" loadmodule "rtpproxy.so" #!endif # ----------------- setting module-specific parameters --------------- # ----- auth_db params ----- #!ifdef WITH_AUTH modparam("auth_db", "db_url", DBURL) modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password") modparam("auth_db", "load_credentials", "") modparam("auth_db", "use_domain", MULTIDOMAIN) #!ifdef WITH_NAT # ----- rtpproxy params ----- modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:22222") # ----- nathelper params ----- modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "sipping_bflag", FLB_NATSIPPING) modparam("nathelper", "sipping_from", "sip:pinger@kamailio.org") # params needed for NAT traversal in other modules modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)") modparam("usrloc", "nat_bflag", FLB_NATB) #!endif ####### Routing Logic ######## # Main SIP request routing logic # - processing of any incoming SIP request starts with this route # - note: this is the same as route { ... } request_route { # per request initial checks route(REQINIT); # NAT detection route(NATDETECT); # handle requests within SIP dialogs route(WITHINDLG); ### only initial requests (no To tag) # CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) t_relay(); exit; } t_check_trans(); # authentication route(AUTH); # record routing for dialog forming requests (in case they are routed) # - remove preloaded route headers remove_hf("Route"); if (is_method("INVITE|SUBSCRIBE")) record_route(); # account only INVITEs if (is_method("INVITE")) { setflag(FLT_ACC); # do accounting } # dispatch requests to foreign domains route(SIPOUT); ### requests for my local domains # handle presence related requests route(PRESENCE); # handle registrations route(REGISTRAR); if ($rU==$null) { # request with no Username in RURI sl_send_reply("484","Address Incomplete"); exit; } # dispatch destinations to PSTN route(PSTN); # user location service route(LOCATION); route(RELAY); } route[RELAY] { # enable additional event routes for forwarded requests # - serial forking, RTP relaying handling, a.s.o. if (is_method("INVITE|SUBSCRIBE")) { t_on_branch("MANAGE_BRANCH"); t_on_reply("MANAGE_REPLY"); } if (is_method("INVITE")) { t_on_failure("MANAGE_FAILURE"); } if (!t_relay()) { sl_reply_error(); } exit; } # Per SIP request initial checks route[REQINIT] { #!ifdef WITH_ANTIFLOOD # flood dection from same IP and traffic ban for a while # be sure you exclude checking trusted peers, such as pstn gateways # - local host excluded (e.g., loop to self) if(src_ip!=myself) { if($sht(ipban=>$si)!=$null) { # ip is already blocked xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n"); exit; } if (!pike_check_req()) { xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n"); $sht(ipban=>$si) = 1; exit; } } #!endif if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; } if(!sanity_check("1511", "7")) { xlog("Malformed SIP message from $si:$sp\n"); exit; } } # Handle requests within SIP dialogs route[WITHINDLG] { if (has_totag()) { # sequential request withing a dialog should # take the path determined by record-routing if (loose_route()) { if (is_method("BYE")) { setflag(FLT_ACC); # do accounting ... setflag(FLT_ACCFAILED); # ... even if the transaction fails } if ( is_method("ACK") ) { # ACK is forwarded statelessy route(NATMANAGE); } route(RELAY); } else { if (is_method("SUBSCRIBE") && uri == myself) { # in-dialog subscribe requests route(PRESENCE); exit; } if ( is_method("ACK") ) { if ( t_check_trans() ) { # no loose-route, but stateful ACK; # must be an ACK after a 487 # or e.g. 404 from upstream server t_relay(); exit; } else { # ACK without matching transaction ... ignore and discard exit; } } sl_send_reply("404","Not here"); } exit; } } # Handle SIP registrations route[REGISTRAR] { if (is_method("REGISTER")) { if(isflagset(FLT_NATS)) { setbflag(FLB_NATB); # uncomment next line to do SIP NAT pinging setbflag(FLB_NATSIPPING); } if (!save("location")) sl_reply_error(); exit; } } # USER location service route[LOCATION] { #!ifdef WITH_SPEEDIAL # search for short dialing - 2-digit extension if($rU=~"^[0-9][0-9]$") if(sd_lookup("speed_dial")) route(SIPOUT); #!endif #!ifdef WITH_ALIASDB # search in DB-based aliases if(alias_db_lookup("dbaliases")) route(SIPOUT); #!endif $avp(oexten) = $rU; if (!lookup("location")) { $var(rc) = $rc; route(TOVOICEMAIL); t_newtran(); switch ($var(rc)) { case -1: case -3: send_reply("404", "Not Found"); exit; case -2: send_reply("405", "Method Not Allowed"); exit; } } # when routing via usrloc, log the missed calls also if (is_method("INVITE")) { setflag(FLT_ACCMISSED); } } # Presence server route route[PRESENCE] { if(!is_method("PUBLISH|SUBSCRIBE")) return; #!ifdef WITH_PRESENCE if (!t_newtran()) { sl_reply_error(); exit; }; if(is_method("PUBLISH")) { handle_publish(); t_release(); } else if( is_method("SUBSCRIBE")) { handle_subscribe(); t_release(); } exit; #!endif # if presence enabled, this part will not be executed if (is_method("PUBLISH") || $rU==$null) { sl_send_reply("404", "Not here"); exit; } return; } # Authentication route route[AUTH] { #!ifdef WITH_AUTH if (is_method("REGISTER")) { # authenticate the REGISTER requests (uncomment to enable auth) if (!www_authorize("$td", "subscriber")) { www_challenge("$td", "0"); exit; } if ($au!=$tU) { sl_send_reply("403","Forbidden auth ID"); exit; } } else { #!ifdef WITH_IPAUTH if(allow_source_address()) { # source IP allowed return; } #!endif # authenticate if from local subscriber if (from_uri==myself) { if (!proxy_authorize("$fd", "subscriber")) { proxy_challenge("$fd", "0"); exit; } if (is_method("PUBLISH")) { if ($au!=$fU || $au!=$tU) { sl_send_reply("403","Forbidden auth ID"); exit; } if ($au!=$rU) { sl_send_reply("403","Forbidden R-URI"); exit; } #!ifdef WITH_MULTIDOMAIN if ($fd!=$rd) { sl_send_reply("403","Forbidden R-URI domain"); exit; } #!endif } else { if ($au!=$fU) { sl_send_reply("403","Forbidden auth ID"); exit; } } consume_credentials(); # caller authenticated } else { # caller is not local subscriber, then check if it calls # a local destination, otherwise deny, not an open relay here if (!uri==myself) { sl_send_reply("403","Not relaying"); exit; } } } #!endif return; } # Caller NAT detection route route[NATDETECT] { #!ifdef WITH_NAT force_rport(); if (nat_uac_test("19")) { if (is_method("REGISTER")) { fix_nated_register(); } else { fix_nated_contact(); } setflag(FLT_NATS); } #!endif return; } # RTPProxy control route[NATMANAGE] { #!ifdef WITH_NAT if (is_request()) { if(has_totag()) { if(check_route_param("nat=yes")) { setbflag(FLB_NATB); } } } if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB))) return; rtpproxy_manage(); if (is_request()) { if (!has_totag()) { add_rr_param(";nat=yes"); } } if (is_reply()) { if(isbflagset(FLB_NATB)) { fix_nated_contact(); } } #!endif return; } # Routing to foreign domains route[SIPOUT] { if (!uri==myself) { append_hf("P-hint: outbound\r\n"); route(RELAY); } } # PSTN GW routing route[PSTN] { #!ifdef WITH_PSTN # check if PSTN GW IP is defined if (strempty($sel(cfg_get.pstn.gw_ip))) { xlog("SCRIPT: PSTN rotuing enabled but pstn.gw_ip not defined\n"); return; } # route to PSTN dialed numbers starting with '+' or '00' # (international format) # - update the condition to match your dialing rules for PSTN routing if(!($rU=~"^(\+|00)[1-9][0-9]{3,20}$")) return; # only local users allowed to call if(from_uri!=myself) { sl_send_reply("403", "Not Allowed"); exit; } $ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip); route(RELAY); exit; #!endif return; } # XMLRPC routing #!ifdef WITH_XMLRPC route[XMLRPC] { # allow XMLRPC from localhost if ((method=="POST" || method=="GET") && (src_ip==127.0.0.1)) { # close connection only for xmlrpclib user agents (there is a bug in # xmlrpclib: it waits for EOF before interpreting the response). if ($hdr(User-Agent) =~ "xmlrpclib") set_reply_close(); set_reply_no_connect(); dispatch_rpc(); exit; } send_reply("403", "Forbidden"); exit; } #!endif # route to voicemail server route[TOVOICEMAIL] { #!ifdef WITH_VOICEMAIL if(!is_method("INVITE")) return; # check if VoiceMail server IP is defined if (strempty($sel(cfg_get.voicemail.srv_ip))) { xlog("SCRIPT: VoiceMail rotuing enabled but IP not defined\n"); return; } if($avp(oexten)==$null) return; $ru = "sip:" + $avp(oexten) + "@" + $sel(cfg_get.voicemail.srv_ip) + $sel(cfg_get.voicemail.srv_port); route(RELAY); exit; #!endif return; } # manage outgoing branches branch_route[MANAGE_BRANCH] { xdbg("new branch [$T_branch_idx] to $ru\n"); route(NATMANAGE); } # manage incoming replies onreply_route[MANAGE_REPLY] { xdbg("incoming reply\n"); if(status=~"[12][0-9][0-9]") route(NATMANAGE); } # manage failure routing cases failure_route[MANAGE_FAILURE] { route(NATMANAGE); if (t_is_canceled()) { exit; } #!ifdef WITH_BLOCK3XX # block call redirect based on 3xx replies. if (t_check_status("3[0-9][0-9]")) { t_reply("404","Not found"); exit; } #!endif #!ifdef WITH_VOICEMAIL # serial forking # - route to voicemail on busy or no answer (timeout) if (t_check_status("486|408")) { route(TOVOICEMAIL); exit; } #!endif } -------------------------------------------------------------------------------------------------------------- Espero que alguien pueda echarme una mano. Gracias.

3 10

problemas con NAT
by Javier Vidal 23 Jan '12

23 Jan '12

Buenas a todos, tengo un problemilla y le llevo dado muchas vueltas y no logro resolverlo, os planteo un poco la probroblematica que tengo. Tengo una instalación con Kamailio y RTPProxy, la funcionalidad que tengo es de tener usuarios registrados y poder encaminar sus llamadas hacia distintos carriers, en principio todo esta funcionando ok, pero esta semana me he encontrado con un caso en el que me falla el audio, es decir, no gestiono bien el nat y entrego a mis clientes la ip de mi carrier a nivel SDP. El caso es que mi cliente hace la llamada, nosotros comprobamos el NAT, y forzamos el RTPproxy para gestionar el trafico RTP, bien le devolvemos la respuesta al INVITE a nuestro cliente con la IP de origen del trafico RTP de nuestra maquina. El problema surge cuando llega el Ringing(180), solo el Ringing, en este momento se nos cambia la IP a la de nuestro carrier y aquí empieza el problema. El tema es que si en vez de un 180 Ringing, el carrier nos da un 183 Session Progress todo funciona bien y la IP de la sesión SDP no se cambia. Por favor si alguien tiene una idea de donde puede venir el problema... Posiblemente sea una tontería, pero yo no soy capaz de verla, o es que ya llevo demasiadas horas con esto.... Muchas Gracias por todo. Javier Vidal.

2 3

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

sr-users-es January 2012