I am having trouble with getting messaging between two SIP clients each
behind difference NATs, each making connection to SER using STUN.
The clients are reaching each other successfully for the INVITE, ACK,
REQUEST BYE messaging but during the call the clients are attempting to
reach each other on their private IPs ie IPs behind their NATs. Is there a
config alteration that I should make to fix ? Or am I looking in the wrong
place ?
My ser.cfg is below, thanks in advance
Peter
# ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)
# Uncomment these lines to enter debugging mode #fork=no #log_stderror=yes
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/acc.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/vm.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# Transaction Module Params
modparam("tm", "fr_inv_timer", 90)
# Acounting Module Params
# set the reporting log level
modparam("acc", "log_level", 1)
# number of flag, which will be used for accounting; if a message is
labeled with this flag, its completion status will be reported
modparam("acc", "log_flag", 1)
modparam("acc", "log_missed_flag", 2)
modparam("acc", "db_url", "mysql://xxx:xxx@localhost/ser")
modparam("acc", "db_flag", 11)
modparam("acc", "db_missed_flag", 12)
modparam("acc", "failed_transactions", 1)
# !! Nathelper
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# !! Nathelper
modparam("registrar", "nat_flag", 6)
modparam("nathelper", "natping_interval", 30) # Ping interval 30 s
modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT
# ------------------------- request routing logic -------------------
# main routing logic
route{
/* ********* ROUTINE CHECKS ********************************** */
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len >= max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# Process record-routing
#if (loose_route()) { t_relay(); break; };
# labeled all transaction for accounting
setflag(11);
# record-route INVITES to make sure BYEs will visit our server too
if (method=="INVITE") record_route();
# forward the request statefuly now; (we need *stateful* forwarding,
# because the stateful mode correlates requests with replies and
# drops retranmissions; otherwise, we would have to report on
# every single message received)
/* if (!t_relay()) {
sl_reply_error();
break;
};
*/
# !! Nathelper
# Special handling for NATed clients; first, NAT test is
# executed: it looks for via!=received and RFC1918 addresses
# in Contact (may fail if line-folding is used); also,
# the received test should, if completed, should check all
# vias for rpesence of received
if (nat_uac_test("3")) {
# Allow RR-ed requests, as these may indicate that
# a NAT-enabled proxy takes care of it; unless it is
# a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:")) {
log("LOG: Someone trying to register from private IP,
rewriting\n");
# This will work only for user agents that support
symmetric
# communication. We tested quite many of them and
majority is
# smart enough to be symmetric. In some phones it takes
a configuration
# option. With Cisco 7960, it is called NAT_Enable=Yes,
with kphone it is
# called "symmetric media" and "symmetric signalling".
fix_nated_contact(); # Rewrite contact with source IP of
signalling
if (method == "INVITE") {
fix_nated_sdp("1"); # Add direction=active to SDP
};
force_rport(); # Add rport parameter to topmost Via
setflag(11); # Mark as NATed
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER") record_route();
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
break;
};
if (!uri=~"xxx.com.au") {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri=~"xxx.com.au") {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!www_authorize("xxx.com.au", "subscriber")) {
www_challenge("xxx.com.au", "0");
break;
};
save("location");
break;
};
lookup("aliases");
if (!uri=~"xxx.com.au") {
append_hf("P-hint: outbound alias\r\n");
route(1);
break;
};
# attempt handoff to PSTN
## This assumes that the caller is registered in our realm
if (uri=~"^sip:[0-9]*@sip.xxx.com.au") {
log("Forwarding to PSTN\n");
t_relay_to_udp( "xxx.xxx.xxx.xxx", "xxx"); ## Our
Cisco router
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Foundx");
break;
};
};
append_hf("P-hint: usrloc applied\r\n");
route(1);
}
route[1]
{
# !! Nathelper
/* if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" &&
!search("^Route:")){
sl_send_reply("479", "We don't forward to private IP
addresses");
break;
};
*/
# if client or server know to be behind a NAT, enable relay
if (isflagset(6)) {
force_rtp_proxy();
};
# NAT processing of replies; apply to all transactions (for example,
# re-INVITEs from public to private UA are hard to identify as
# NATed at the moment of request processing); look at replies
t_on_reply("1");
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
}
# !! Nathelper
onreply_route[1] {
# NATed transaction ?
if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
fix_nated_contact();
force_rtp_proxy();
# otherwise, is it a transaction behind a NAT and we
did not
# know at time of request processing ? (RFC1918
contacts)
} else if (nat_uac_test("1")) {
fix_nated_contact();
};
}
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.698 / Virus Database: 455 - Release Date: 6/2/2004
dear all,
i have some problems with the sip ser server.
* i've tried to register to the iptel.org public
server with an instant messaging client (jain-sip
client) and it works. but when sending a message to
another client registred with the same server i've the
202 response (accepted for later delivery) instead of
200 ok response.
the real problem is when using the web interface of
the iptel.org server for instant messaging to send a
message to my jain-sip client i had a 404 rsponse (not
found).
* i used another client to register with the iptel.org
server. it was the sip-communicator for multimedia
communications. it comes to register with the proxy
correctly. but when i dial up a number (sip address)
to contact another client and invite him to share a
session and i have the same response 404 not found.
* i've tried to install the ser server on my machine
and to use it as a local server. when sending a
register request to this server it loops back on
itself (by adding the via header field corresponding
to its sip address) and it generate a response : to
many hops 483.
could someone help me to resolve one of these problems
at least...
thanks for all.
Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout !
Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/
Dialoguez en direct avec vos amis grâce à Yahoo! Messenger !Téléchargez Yahoo! Messenger sur http://fr.messenger.yahoo.com
Hi all
We are having problems with our Grandstream BT100 and handytones phones with
the latest firmware. Those
phones with firmware 1.0.4.50 the server is able to talk to them and there
is no one way audio problem
For softphones there is no such problem
For phones with the latest firmware (1.0.5) there is one way audio. When I
send an OPTIONS SIP method to one of them I get 400 (Bad Request) from those
phone while when I do the same thing on a phone with previous version I get
200 OK message .
Here is a sipsak trace to the phone # 04400112 which has 1.0.5 firmware
As you can see it the last message received is 400 (Bad Request) while it
should be 200 OK as the message below
This message was sent to 04400202 which is a handytone 286 with 1.0.4.5
firmware
I am able to call the phone below and from these two to any other softphone
but the one above gives me one audio
And again the HandyTones I talked about last time still do not work.
Any idea of what is wrong?
Regards,
Dear Group,
I got a copy of ser + sems + serweb and voicemail working, thanks to some
great input from the group.
I saw that there was error 77 on the missed calls page on serweb. I
understood from the user group that this is due to a missing function in
version 3.1.x of Mysql. I upgraded my MySQL version 4.0.22. I booted ran the
fix privileges routine as advised. MySQL started.
I then started my testing and now my Voice Mail and Forwarding to my
Asterisk Box are broken ☹. I can see from the debug(below) that the system
can no longer find the user in the voicemail group? So there is some change
in the table/db or the interaction of the script with the DB.
I tried dropping the DB, recreating is with the ser_mysql.sh command, and
reading the users and I keep getting the same result;
Here is the debug. You can see from the debug that 5(2226) is_user_in():
User is not in group 'voicemail, before the upgrade the system showed the
user in the voicemail group???
Before this issue my voicemail would go to the voicemail.cfg script and
record a voicemail, now I get Not Found and no voicemail turned on from;
if ( !( isflagset(4) || (uri =~ "conference") || (uri =~ "echo") ) )
{
log(1, "no voicemail subscriber->return 404");
sl_send_reply("404", "Not Found and no voicemail turned
on");
break;
};
As always your help would be appreciated.
Here is the debug.
5(2226) SIP Request:
5(2226) method: <INVITE>
5(2226) uri: <sip:ella@convergenceone.com>
5(2226) version: <SIP/2.0>
5(2226) parse_headers: flags=1
5(2226) Found param type 235, <rport> = <n/a>; state=6
5(2226) Found param type 232, <branch> =
<z9hG4bKF54DAB3D6C0C455FBF00B605D4C8A3CD>; state=16
5(2226) end of header reached, state=5
5(2226) parse_headers: Via found, flags=1
5(2226) parse_headers: this is the first via
5(2226) After parse_msg...
5(2226) preparing to run routing scripts...
5(2226) -------------------------------------------
5(2226) entering main loop
5(2226) INVITE message received
5(2226) DEBUG : is_maxfwd_present: searching for max_forwards header
5(2226) parse_headers: flags=128
5(2226) end of header reached, state=9
5(2226) DEBUG: get_hdr_field: <To> [31]; uri=[sip:ella@convergenceone.com]
5(2226) DEBUG: to body [<sip:ella@convergenceone.com>
]
5(2226) get_hdr_field: cseq <CSeq>: <54246> <INVITE>
5(2226) DEBUG: is_maxfwd_present: value = 70
5(2226) parse_headers: flags=256
5(2226) DEBUG: get_hdr_body : content_length=270
5(2226) found end of header
5(2226) find_first_route(): No Route headers found
5(2226) loose_route(): There is no Route HF
5(2226) check_self - checking if host==us: 18==9 && [convergenceone.com]
== [127.0.0.1]
5(2226) check_self - checking if port 5060 matches port 5060
5(2226) check_self - checking if host==us: 18==13 && [convergenceone.com]
== [192.168.0.206]
5(2226) check_self - checking if port 5060 matches port 5060
5(2226) lookup(): 'ella' Not found in usrloc
5(2226) is_user_in(): User is not in group 'voicemail
'
5(2226) lookup(): 'ella' Not found in usrloc
5(2226) requested user not found
5(2226) -------------------------------------------
5(2226) entering route[4] = requested user not online
5(2226) no voicemail subscriber->return 404 5(2226) parse_headers: flags=-1
5(2226) check_via_address(192.168.0.1, 144.137.65.167, 0)
5(2226) receive_msg: cleaning up
7(2234) SIP Request:
7(2234) method: <ACK>
7(2234) uri: <sip:ella@convergenceone.com>
7(2234) version: <SIP/2.0>
7(2234) parse_headers: flags=1
7(2234) Found param type 235, <rport> = <n/a>; state=6
7(2234) Found param type 232, <branch> =
<z9hG4bKF54DAB3D6C0C455FBF00B605D4C8A3CD>; state=16
7(2234) end of header reached, state=5
7(2234) parse_headers: Via found, flags=1
7(2234) parse_headers: this is the first via
7(2234) After parse_msg...
7(2234) parse_headers: flags=4
7(2234) DEBUG: add_param: tag=b27e1a1d33761e85846fc98f5f3a7e58.9612
7(2234) end of header reached, state=29
7(2234) DEBUG: get_hdr_field: <To> [73]; uri=[sip:ella@convergenceone.com]
7(2234) DEBUG: to body [<sip:ella@convergenceone.com>]
7(2234) DEBUG: sl_filter_ACK : local ACK found -> dropping it!
Kind Regards
Shad Mortazavi
---------------------------------------------------
Nexus Technical Manager
n|m Nexus Management Inc
Neutral Bay
Sydney
Problems:
1. SER do not start properly after reboot.
2. Can´t not log on to SIP-server trough NAT.
Description:
1. SER do not start properly after reboot.
First of all i must point out that i have no more than a couple of weeks
experience. I downloaded the "Admin guide" and the "Dan Austin howto" as
reference dokumentation to set up a basic SER server. I followed it step
by step and tested it. I found out that ive got some problem with ser when
i restarted the machine. I restarted the machine, startted ser with "ser
start" witch gived me:
Listening on:
127.0.0.1[127.0.0.1]:5060
192.168.1.3[192.168.1.3]:5060
But when i was checking the status with "serctl monitor" It semed to me as
ether the ser server or the ser_fifo was down cause it dident give me any
status att all.
when i checked the lokal processes with "ps aux" it dident give me
anything on "ser start" as it usualy do. So i tried out the default
ser.cfg and it worked.... ps aux gived me "ser start". Then i tried the
default ser.cfg with mysql auth support and it worked. I rebooted and the
same problem all over again.
2. Can not log on to SIP-server trough NAT.
I can make local connections and initiate calls but not trough my
dial.mine.nu adress. I have routed port 5060-5062 in my firewall against
the server machine.(i think it would be sufficient to at least log on) I
can make connections against iptel.org reference server but not against my
local server.
Enviromental variables:
OS: Slackware 9.1 (Linux)
client: Kphone and W-messenger.
server: ser 0.8.12
Host-name:SIPserver.hasselan
Domain: hasselan
SIP-domain: SIPserver.hasselan
Mysql: 4.0.18
external domain: dial.mine.nu
configurationsfile= default ser.cfg + auth modules and mysql support.
following lines were edited:
www_authorise =SIPserver.hasselan
www_challenge SIPserver.hasselan
hello friends,
i have installed free radius server-0.9.3 and radius
client-0.3.2
and followed the ser howto
radtest is success full
and i updated dictionary of radius client with of in
web
available dictionary.ser ( of sip related attributies>
and i included statement of INCLUDE <path of
dicionary.ser>
when i start radiusd -x its givens error as
Errors reading dictionary: dict_init:
/usr/local/etc/raddb/dictionary[23]: Couldn't open
dictionary "
/usr/local/etc/raddb/dictionary.ser": No such file or
directory
Errors reading radiusd.conf
so i gone to "/usr/local/share/freeradius/"
path and appended whole dictionary.ser contets into it
and also kept link as INclude dictinary.ser
even though if i create packet "digest"
User-Name = "test", Digest-Response =
"631d6d73147add2f9e437f59bbc3aeb7",
Digest-Realm = "testrealm", Digest-Nonce = "1234abcd"
,
Digest-Method = "INVITE", Digest-URI =
"sip:5555551212@example.com",
Digest-Algorithm = "MD5", Digest-User-Name = "test"
and run with
root@/usr/local/src# radclient -f digest localhost
auth <shared_secret>
it s giveng error as
radclient:No token read where we expected an attribute
name
i checked both in client and server
dictionary attributes are present for the all that
which are included in the pakcet.
if include only
User-Name = "test",User-Password="test" in the digest
packet
and check it s sucessfull so what may be the wrong
sip method digest packet
please help me
with regards
rama kanth
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
hello,
How can I configure the SER SIP server which is behind a NAT router?
Currently I put the SER into my router's DMZ but it still doesn't work.
Thanks.
HI ALL;
FIRST: In order to get voicemail worked , do I need to install 2 copies of ser?
SECOND:I used dbtext for subscribtion_table and it is as follows:
email, user. domain
Should the email field be a valid sip address or it can be any valid email address?
BEST REGARDS
mohammad
Hello Andrei.
Perfect. That seems to have done the trick! (adding force_rport() to
the NAT section)
Thanks both of you for your help!
Tom
Tom Lowe, President/CTO
Compro Technologies, Inc.
512 South Main Street
Forked River, NJ 08731
My Phone: +1-609-290-0544
Main Phone: +1-609-242-2211
Fax: +1-609-242-2212
Email: tom(a)comprotech.com
Web: www.comprotech.com
-----Original Message-----
From: Andrei Pelinescu-Onciul
[mailto:pelinescu-onciul@fokus.fraunhofer.de]
Sent: Saturday, June 05, 2004 3:36 AM
To: Tom Lowe
Cc: Gregory D. Burns; serusers(a)lists.iptel.org
Subject: Re: [Serusers] Problem with ATA186 and NAT (Linksys).
On Jun 04, 2004 at 18:21, Tom Lowe <tom(a)comprotech.com> wrote:
>
> I actually tried that once, but I tried it again just to be sure.
>
> My linksys is LAN side is 192.168.51.X. So my Linksys is 192.168.51.1
> and my ATA is 192.168.51.153. I put 192.168.51.1 in the NATIP field.
> It worked....so to prove that's the solution, I removed it, and it
> still works. So that's not the solution.
>
> Out of curiosity, Can anyone say what this NATIP field actually
> accomplishes? Asterisk doesn't require you to populate that field
> with anything.
>
> My understanding of the mechanics behind NAT is that, if the router
> receives a request for a port that is already mapped to another user,
it
> will assign a new port. That's what was happening here. 5060 was
> already mapped to another user (I believe a softphone on my PC), so it
> used 15060.
>
> So, it sends to SER 5060 from 15060. SER should respond to 15060 from
> 5060, Router will tranlate the 15060 to 5060 and deliver it to my ATA.
> The problem was that SER was sending to 5060 instead of 15060.
No, ser should respond to the port in Via, or if rport is present to the
source port of the packet. Your CISCO ATA doesn't include rport (it
seems they don't support it),
Solution: in your ser.cfg nat block add force_rport() (this will force
ser to behave as if rport was present).
>
> I suspect that the original mapping in the router expired, so now it's
> using 5060 instead of 15060, which is allowing it to work.
>
> So, to test this theory, I fired up XTEN on my PC. Sure enough, it's
> mapping another, but now, SER is responding with the proper port.
Because xten includes rport in its Via.
>
> I'm wondering if that section of code in my ser.cfg file that is
> calling the nathelper commands if the originator is an ATA is actually
causing
> damage rather than fixing things? (I got that code from someone else
> who suposedly got this all working with ATA behind a NAT) I'm going
> to have to wait until this mapping times out again to try it back
> around the other way.
You should have a section dealing with all kinds of natted UACs, not
only ATA. See nat_uac_test(...), it can test in various ways if an
icoming request is comming from behind a nat.
Andrei