Hi,
I am deploying openser 1.2.2-notls on a machine with public IP. On the same machine I run a sip client (A) that registers with the above openser.
On an another machine behind NAT (typical adsl router) I use a sip client (B) to register with the above openser and try to invite sip client A.
I do not use any NAT-traversal techniques (the outgoing packets from B are modified by NAT and reach openser, responses are received by B through NAT due to statefull (?) routing on the NAT).
The SIP messages reach their destination properly and moreover the IP addresses in the SDP (from B) are updated by openser to indicate the external interface of NAT. This is very useful in my case since the client A sends the media packets to the proper address (I also configure virtual servers on the adsl router to have these forwarded to B). However, the port numbers in the SDP are also updated (usually by an offset of +16) which hinders the media session from A to B since B is expecting the packets on other ports.
Is there any way to have the ports remain unaltered during the above operation?
Thanks in advance,
Kostas
Below is my openser.cfg
# # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $ # # simple quick-start config script # Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php # for a explanation of possible statements, functions and parameters. #
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) children=4
# Uncomment these lines to enter debugging mode #fork=no #log_stderror=yes #
port=5060
# uncomment the following lines for TLS support #disable_tls = 0 #listen = tls:your_IP:5061 #tls_verify_server = 1 #tls_verify_client = 1 #tls_require_client_certificate = 0 #tls_method = TLSv1 #tls_certificate = "/opt/openser/etc/openser/tls/user/user-cert.pem" #tls_private_key = "/opt/openser/etc/openser/tls/user/user-privkey.pem" #tls_ca_list = "/opt/openser/etc/openser/tls/user/user-calist.pem"
# ------------------ module loading ----------------------------------
#set module path mpath="/lib/openser/modules/"
# Uncomment this if you want to use SQL database loadmodule "mysql.so"
loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "mi_fifo.so"
# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "auth.so" loadmodule "auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- mi_fifo params --
modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2)
# -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; };
if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; };
# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route();
# subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); };
if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); # if you have some interdomain connections via TLS #if(uri=~"@tls_domain1.net") { # t_relay("tls:domain1.net"); # exit; #} else if(uri=~"@tls_domain2.net") { # t_relay("tls:domain2.net"); # exit; #} route(1); };
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication if (!www_authorize("......", "subscriber")) { www_challenge(".....", "0"); exit; };
save("location"); exit; };
lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); };
# native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); };
route(1); }
route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit; }