Andrei,
Hello
I have following use case:
Endpoint1 <------> NAT <------> SER <------> NAT <------> Endpoint2 10.0.0.10 TCP TCP 192.168.0.4
First of all try to use UDP. NAT traversal works with UDP. Nobody really tested it with TCP. Theoretically you could get it working with unstable ser, special options and a well behaved UA (one that will always reuse the tcp connections and will keep the nat bindings open).
I have been using UDP for kphone and it alvays works fine. But I use Windows Messenger too and it seems to me that the TCP is the only possibility to connect it from a NAT-ed network.
Yes, ser cannot find an open tcp connection and tries to open a new one. To get arround this you should force tcp aliases and use a very high timeout for the tcp connections (if a connection is not used, ser will close it after some time):
- use tcp_accept_aliases=yes in your ser.cfg if you have compliant UAs (I think only kphone knows about them)
- use force_tcp_alias(); if your UAs don't know about tcp alias.
- edit tcp_conn.h and change TCP_CON_TIMEOUT and TCP_CON_SEND_TIMEOUT to a very high value
I changed the constants and now the connections are permanent. But I still haven't solved the problem routing messages. Here is a snippet of code from my cfg file:
if (uri==myself) { if (method=="REGISTER") { # digest authentication if (!www_authorize("i-tel.sk", "subscriber")) { log(1, "Authorization failed\n"); www_challenge("i-tel.sk", "0"); log(1, "www_challenge sent\n"); break; };
# symmetric but don't advertise it -- force use of rport if (client_nat_test("3")) { log(1, "Client is behind a NAT\n"); if (! search("^Record-Route:")) { fix_contact(); force_rport(); }; };
log(1, "Forcing tcp alias\n"); force_tcp_alias();
save("location"); break; }; };
My undersanding is that the function force_tcp_alias() should add the source port of the tcp connection to the list of aliases. Then later existing connections are searched by userid and port to be reused. Please correct me if I'm wrong.
In my case it doesn't work, I found the following message in the log:
tcpconn_add_alias: alias port 5060 for hash 17, id 1
so it tries to add the port 5060 insted of the source port.
Martin