All right, I have been trying without too much success so far :(
The SIP signalling path seems to be working OK, but not for voice. Some
magic is going in, for which I cannot really grasp the how and why. I
got outgoing signalling from my ZyXEL UA to the RTPProxy, which is
relaying it to the upstream SIP proxy, but NOT the host that SHOULD
receive the signal.
******************
I have been monitoring the channel between the Internet Firewall and
ADSL modem (bridge), which also happens to have the VoIP modem
connected. (Long live SpeedTouch with their switch with port
mirror/monitor function.)
[UA -> SER-proxy] INVITE
SDP: c=192.168.8.193 : 60026 (RTP)
[SER-proxy -> Inet-server] INVITE
SDP: c=82.168.191.xx : 35120 (RTP)
[Inet-server -> SER-proxy] 183 Session progress
SDP: c=62.41.aa.bb : 9112 (RTP)
[SER-proxy -> UA] 183 Session progress
SDP: c=82.168.191.xx : 35122 (RTP)
=== Looks OK for the untrained eye...
RTP traffic spotted
192.168.8.193:60026 -> 82.168.191.xx:35122
:: Looks OK
82.168.191.xx:35122 -> 194..221.62.dd:9112
:: Takes SIP Inet server IP address, but SHOULD take 62.41.aa.bb!
=== Don't see traffic flowing in the other direction, NOT good! Maybe
its still trying to send to 192.168.8.193, but I can't monitor that in
any way...
******************
It seems quite hard to get this all working as desired/how it should
work. And that seems a good reason to try some of the alternatives, like
siproxd. Maybe thats better suited for my immediate needs...
Still, I like the flexibility you get with OpenSER, but I need a
"production" installation really really fast! I'll probably be digging
into this at some later date, when I'm grasping more how everything is
actually implemented and how it should be working.
Thanks for the help so far!
Of course I'm still open to suggestions and advice.
- Joris
Joris Dobbelsteen wrote:
Dear,
I'm really trying to use OpenSER as a NAT traversal SIP proxy, since my
home phone keeps breaking voice channels (the box was not intended
behind NAT and I'm, of course, using a configuration that no so well
supported).
What is the idea:
SIP transactions should travel this way:
ZyXEL UA <-> SIP Proxy <-> NAT Firewall (iptables) <-> {Internet}
RTP should travel this way:
ZyXEL UA <-> NAT Firewall & RTPProxy <-> {Internet}
My current test is using X-Lite with voipbuster, but that doesn't really
work. It seems that registers are functioning, at least X-Lite reports
itself being registered.
Voice calls always end up in timeouts, so something is really going
wrong here, it might be authentication problems?
An added problem is that I have just sufficient knowledge of SIP to see
what it is doing, without really knowing what to expect exactly.
Furthermore I have virtually no knowledge of OpenSER. I've quite a hard
time even grasping the configuration I typed in. This is not really helpful
What I do know:
* SIP Proxy traffic is flowing.
* SIP INVITES don't work at all.
* SIP to RTP is communication, but I don't know if RTP is actually flowing.
I stole most of the configuration from the "04 NAT Traversal" slides of
the "Italy 2007 Admin course", to which there is link on the
documentation site. I adapted it to make it work with the debian
supplied OpenSER 1.1.
How do I get this all working?
What am I getting wrong?
I really really appeciate any help I can get to get it working!
- Joris
Config is this:
# ----------- global configuration parameters ------------------------
debug=4 # debug level (cmd line: -dddddddddd)
fork=yes # Set to no to enter debugging mode
log_stderror=no # (cmd line: -E) Set to yes to enter debugging mode
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
advertised_address="82.168.191.xx"
advertised_port=5060
port=5060
children=4
fifo="/tmp/openser_fifo"
#
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
mpath="/usr/lib/openser/modules/"
loadmodule "mysql.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "nathelper.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "auth.so"
loadmodule "auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# -- nathelper params ---
modparam("nathelper", "rtpproxy_sock",
"udp:192.168.10.6:22222")
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
#modparam("nathelper", "sipping_bflag", 7)
modparam("nathelper", "sipping_from",
"sip:pinger@82.168.191.xx")
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# NAT detection
route(2);
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER")
record_route();
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
};
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
# if you have some interdomain connections via TLS
#if(uri=~"(a)tls_domain1.net") {
# t_relay("tls:domain1.net");
# exit;
#} else if(uri=~"(a)tls_domain2.net") {
# t_relay("tls:domain2.net");
# exit;
#}
route(1);
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest
authentication
if (!www_authorize("sip.familiedobbelsteen.nl",
"subscriber")) {
www_challenge("sip.familiedobbelsteen.nl", "0");
exit;
};
if (isflagset(5)) {
# set branch flag -- when someone will
call this user
# INVITE will have branch flag 6 set
after loopup("location")
setflag(6);
# if you want OPTIONS natpings
uncomment next
# setflag(7);
};
save("location");
exit;
};
lookup("aliases");
if (!uri==myself) {
append_hf("P-hint: outbound alias\r\n");
route(1);
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
exit;
};
append_hf("P-hint: usrloc applied\r\n");
};
route(1);
}
route[1] {
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (subst_uri('/(sip:.*);nat=yes/\1/i')) {
setflag(6);
};
if (isflagset(5) || isflagset(6)) {
route(3);
};
if (!t_relay()) {
sl_reply_error();
};
exit;
}
route[2] {
force_rport();
if(nat_uac_test("19")) {
if (method=="REGISTER") {
fix_nated_register();
} else {
fix_nated_contact();
};
setflag(5);
};
}
route[3] {
if (is_method("BYE")) {
unforce_rtp_proxy();
} else if (is_method("INVITE")) {
force_rtp_proxy("", "82.168.191.xx");
t_on_failure("2");
};
if (isflagset(5))
search_append('Contact:.*sip:[^>[:cntrl:]]*',
';nat=yes');
t_on_reply("1");
}
failure_route[2] {
if (isflagset(6)||isflagset(5)) {
unforce_rtp_proxy();
};
}
onreply_route[1] {
if ((isflagset(5) || isflagset(6)) && status =~
"(183)|(2[0-9][0-9])") {
force_rtp_proxy();
};
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
if (isflagset(6)) {
fix_nated_contact();
};
exit;
}
_______________________________________________
Users mailing list
Users(a)lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users