[Serusers] rtpproxy/nathelper configuration issues. i think.

i've been getting my sea legs with SER and am having trouble getting rtpproxy to nathelper to work correctly with my setup. since everything works fine if i test the scenario with a freeworld dialup account, i'm assuming that my problems are solely due to the vastness of my ignorance on how to configure SER correctly.

i have three x-lite clients [ one is running on windows 2000 not sure of the build number, but it's the latest download from the website; the other two clients are both build 1101 on mac 10.2.3. SER running on a rh9 box on a public IP with rtpproxy. i installed ser-0.8.12-0.i386.rpm which i downloaded from the ftp server. the x-lite clients are sitting behind a linksys befw11s4 nat router.

i can run SER without nathelper/rtpproxy and make and receive calls to clients outside the my network. however, things fall apart quickly when i try to run more than one client behind the nat [ lost audio, timeouts etc] which i presume is what nathelper is supposed to deal with. if try to run to use nathelper, i can't make a call from a one client to another client behind the lan. the calls won't go through - they simply timeout.

i downloaded and compiled rtpproxy which i obtained from the portaone website and simply started it from the command line. i can't figure out how to get any debugging messages from rtpproxy, but i can see that the process exists and /var/run/rtpproxy.sock is created.

i altered ser.cfg using the template i found in the ser-0.8.12_src tarball [ /modules/nathelper/nathelper.cfg ]. see my config below [1]. i understand that things have changed quite a bit in the CVS head, but i tried to compile and install the latest CVS version, but i ran into a host of config errors using the nathelper.cfg supplied, so i decided to backtrack, gather my wits, and stick with the released version.

the x-lite clients appear to register appropriately with the server [2 - public ip addresses have been changed to protect the innocent]. to my untrained eye, these messages look the same as what i see when i test things using freeworld dialup accounts and i can make a call to another client on the same lan segment - i.e. the internal IP addresses are being sent. the location database also shows that the internal IP addresses are being used [3], but i don't know if this is what i want or not. oh. i'm also using my.public.box - a FQDN - as in the x-lite fields where it asks for "Domain/Realm", "SIP Proxy" and "Out Bound Proxy".

so anyone care to grab me by the lapels and point out what i'm obviously doing wrong :-)

[1] # # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script #

# ----------- global configuration parameters ------------------------

#debug=3 # debug level (cmd line: -dddddddddd) #fork=yes #log_stderror=no # (cmd line: -E)

/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */

check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 #children=4 fifo="/tmp/ser_fifo"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database #loadmodule "/usr/lib/ser/modules/mysql.so"

loadmodule "/usr/lib/ser/modules/nathelper.so"

loadmodule "/usr/lib/ser/modules/sl.so" loadmodule "/usr/lib/ser/modules/tm.so" loadmodule "/usr/lib/ser/modules/rr.so" loadmodule "/usr/lib/ser/modules/maxfwd.so" loadmodule "/usr/lib/ser/modules/usrloc.so" loadmodule "/usr/lib/ser/modules/registrar.so"

# Uncomment this if you want digest authentication # mysql.so must be loaded ! #loadmodule "/usr/lib/ser/modules/auth.so" #loadmodule "/usr/lib/ser/modules/auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

modparam("usrloc", "db_mode", 0)

# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2)

# -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password")

# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)

alias="my.public.box"

# ------------------------- request routing logic -------------------

# main routing logic

route{

# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; };

# compulsory processing of Route header fields and adding RR loose_route();

/* registration (uses rewritten contacts) */ if (method=="REGISTER") { save("location"); break; };

if (method=="INVITE") { record_route(); if (isflagset(1)) { # ATA ? fix_nated_sdp("3"); }; /* set up reply processing */ t_on_reply("1"); };

if (method == "INVITE" || method == "CANCEL") { if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; };

/* set up reply processing and forward statefuly */ t_relay(); }

# all incoming replies for t_onrepli-ed transactions enter here onreply_route[1] { if (status=~"2[0-9][0-9]") fix_nated_contact(); fix_nated_sdp("3"); }

[2]

Established SIP protocol listen on: 192.168.1.100:5060

Discovered Restricted Cone NAT Firewall

SIP: 192.168.1.100:5060 RTP: 192.168.1.100:8000 NAT: my.router.public.ip

PROXY#0: ser.public.ip:5060

OUTBOUND-PROXY#0: ser.public.ip:5060

SEND >> ser.public.ip:5060 REGISTER sip:my.public.box SIP/2.0 Via: SIP/2.0/UDP 192.168.1.100:5060;rport;branch=z9hG4bK9DF27D98551C11D882E3000393B930BA From: snowdeal sip:123@my.public.box To: snowdeal sip:123@my.public.box Contact: "snowdeal" sip:123@192.168.1.100:5060 Call-ID: 9DA51D06551C11D882E3000393B930BA@my.public.box CSeq: 56648 REGISTER Expires: 1800 Max-Forwards: 70 User-Agent: X-Lite build 1101 Content-Length: 0

RECEIVE << ser.public.ip:5060 SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.1.100:5060;rport=5060;branch=z9hG4bK9DF27D98551C11D882E3000393B930BA;received=my.router.public.ip From: snowdeal sip:123@my.public.box To: snowdeal sip:123@my.public.box;tag=b27e1a1d33761e85846fc98f5f3a7e58.3894 Call-ID: 9DA51D06551C11D882E3000393B930BA@my.public.box CSeq: 56648 REGISTER Contact: sip:123@192.168.1.100:5060;q=0.00;expires=1800 Server: Sip EXpress router (0.8.12 (i386/linux)) Content-Length: 0 Warning: 392 ser.public.ip:5060 "Noisy feedback tells: pid=21653 req_src_ip=my.router.public.ip req_src_port=5060 in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1"

----------

Established SIP protocol listen on: 192.168.1.101:5060

Discovered Restricted Cone NAT Firewall

SIP: 192.168.1.101:5060 RTP: 192.168.1.101:8000 NAT: my.router.public.ip

PROXY#0: 69.55.224.151:5060

OUTBOUND-PROXY#0: 69.55.224.151:5060

SEND >> ser.public.ip:5060 REGISTER sip:my.public.box SIP/2.0 Via: SIP/2.0/UDP 192.168.1.101:5060;rport;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC13A From: kristine sip:456@my.public.box To: kristine sip:456@my.public.box Contact: "kristine" sip:456@192.168.1.101:5060 Call-ID: AC7B8E18551C11D8B317000A957BC13A@my.public.box CSeq: 55034 REGISTER Expires: 1800 Max-Forwards: 70 User-Agent: X-Lite build 1101 Content-Length: 0

RECEIVE << ser.public.ip:5060 SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.1.101:5060;rport=15060;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC13A;received=my.router.public.ip From: kristine sip:456@my.public.box To: kristine sip:456@my.public.box;tag=b27e1a1d33761e85846fc98f5f3a7e58.b0ef Call-ID: AC7B8E18551C11D8B317000A957BC13A@my.public.box CSeq: 55034 REGISTER Contact: sip:456@192.168.1.101:5060;q=0.00;expires=1800 Server: Sip EXpress router (0.8.12 (i386/linux)) Content-Length: 0 Warning: 392 ser.public.ip:5060 "Noisy feedback tells: pid=21658 req_src_ip=my.router.public.ip req_src_port=15060 in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1

[3]

===Domain list=== ---Domain--- name : 'location' size : 512 table: 0x402d60d8 d_ll { n : 2 first: 0x402d80e0 last : 0x402d81c8 }

...Record(0x402d80e0)... domain: 'location' aor : '123' ~~~Contact(0x402d8120)~~~ domain : 'location' aor : '123' Contact: 'sip:123@192.168.1.100:5060' Expires: 583 q : 0.00 Call-ID: '9DA51D06551C11D882E3000393B930BA@my.public.box' CSeq : 56648 replic : 0 State : CS_NEW Flags : 0 next : (nil) prev : (nil) ~~~/Contact~~~~ .../Record... ...Record(0x402d81c8)... domain: 'location' aor : '456' ~~~Contact(0x402d8208)~~~ domain : 'location' aor : '456' Contact: 'sip:456@192.168.1.101:5060' Expires: 614 q : 0.00 Call-ID: 'AC7B8E18551C11D8B317000A957BC13A@my.public.box' CSeq : 55034 replic : 0 State : CS_NEW Flags : 0 next : (nil) prev : (nil) ~~~/Contact~~~~ .../Record...

---/Domain--- ===/Domain list===