24 Mar
2006
24 Mar
'06
5 p.m.
Dear Group,
A few years ago I successfully configured SER. My UA's were both sitting
behind Firewall FVS318 and I was able to use X-Ten lite and a public
STUN server and hold conversations with various people across the NET.
I have tried to recreate the same environment and I'm running into
difficulties. I have provided as much information as possible so that
someone may be able to add some ideas to help me resolve this problem.
My SER server
-------------
192.168.0.1 || LINUX FIRWALL NAT || 65.X.Y.64 (public IP Address)
I have mapped UDP/TCP 5060 from 65.X.Y.64 to 192.168.0.1
UA1
---
192.168.0.10 || FVS318 FIREWALL ||84.X.Y.Z (Public IP Address)
UA2
---
192.168.1.12|| Nortel 221 Firewal||84.X.Y.A
My first test is always to try and call myself!
I have placed a packet sniffer outside of my FVS318, on on the UA LAN
and I'm running an ethereal capture on the SER server.
Here is what I see;
UA1 FVS318 LINUX FIREWALL SER
------------------------------------------------------------
INVITE-->
SRC Port 5060 SRC Port 18564 SRC Port 18564 SRC Port 5060
DST Port 5060 DST Port 5060 DST Port 5060 DST Port 5060
<--TRYING
SRC Port 5060 SRC 5060 SRC port 5060 SRC Port 5060
DST Port 5060 DST Port 5060 DST Port 5060 DST Port 5060
<--INVITE
SRC Port 5060 SRC Port
5060
DENY DST Port 5060 SRC Port
5060
<--INVITE
SRC Port 5060 SRC Port
5060
DENY DST Port 5060 SRC Port
5060
<--INVITE
SRC Port 5060 SRC Port
5060
DENY DST Port 5060 SRC Port
5060
etc... until we time out.
Here is the sip digest (email continues after the digest :);
SIP MESSAGE 1 84.X.Y.Z:18425() -> 192.168.0.1:5060()
UDP Frame 538 24/Mar/06 10:26:48.2393
TimeFromPreviousSipFrame=20.2531 TimeFromStart=20.2531
INVITE sip:shad@65.X.Y.642 SIP/2.0
Via: SIP/2.0/UDP
84.X.Y.Z:5060;rport;branch=z9hG4bKAC3E8656BB4A11DAAE75000393A75010
From: Shad <sip:Shad@65.X.Y.642>;tag=2118835080
To: <sip:shad@65.X.Y.642>
Contact: <sip:Shad@84.X.Y.Z:5060>
Call-ID: AB162664-BB4A-11DA-AE75-000393A75010(a)192.168.0.3
CSeq: 40569 INVITE
Max-Forwards: 70
Content-Type: application/sdp
User-Agent: X-Lite release 1105x
Content-Length: 282
v=0
o=Shad 194756629 194756693 IN IP4 84.X.Y.Z
s=X-Lite
c=IN IP4 84.X.Y.Z
t=0 0
m=audio 8000 RTP/AVP 0 8 98 97 101
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:98 iLBC/8000
a=rtpmap:97 speex/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
========================================================================
====
SIP MESSAGE 2 192.168.0.1:5060() -> 84.X.Y.Z:18425()
UDP Frame 539 24/Mar/06 10:26:48.2514
TimeFromPreviousSipFrame=0.0121 TimeFromStart=20.2652
SIP/2.0 100 trying -- your call is important to us
Via: SIP/2.0/UDP
84.X.Y.Z:5060;rport=18425;branch=z9hG4bKAC3E8656BB4A11DAAE75000393A75010
From: Shad <sip:Shad@65.X.Y.642>;tag=2118835080
To: <sip:shad@65.X.Y.642>
Call-ID: AB162664-BB4A-11DA-AE75-000393A75010(a)192.168.0.3
CSeq: 40569 INVITE
Server: Sip EXpress router (0.8.12 (i386/linux))
Content-Length: 0
Warning: 392 192.168.0.1:5060 "Noisy feedback tells: pid=30110
req_src_ip=84.X.Y.Z req_src_port=18425 in_uri=sip:shad@65.X.Y.642
out_uri=sip:Shad@84.X.Y.Z:5060 via_cnt==1"
========================================================================
====
SIP MESSAGE 3 192.168.0.1:5060() -> 84.X.Y.Z:5060()
UDP Frame 540 24/Mar/06 10:26:48.2592
TimeFromPreviousSipFrame=0.0078 TimeFromStart=20.2730
INVITE sip:Shad@84.X.Y.Z:5060 SIP/2.0
Record-Route: <sip:shad@192.168.0.1;ftag=2118835080;lr=on>
Via: SIP/2.0/UDP 192.168.0.1;branch=z9hG4bK00fc.855877d1.0
Via: SIP/2.0/UDP
84.X.Y.Z:5060;rport=18425;branch=z9hG4bKAC3E8656BB4A11DAAE75000393A75010
From: Shad <sip:Shad@65.X.Y.642>;tag=2118835080
To: <sip:shad@65.X.Y.642>
Contact: <sip:Shad@84.X.Y.Z:5060>
Call-ID: AB162664-BB4A-11DA-AE75-000393A75010(a)192.168.0.3
CSeq: 40569 INVITE
Max-Forwards: 69
Content-Type: application/sdp
User-Agent: X-Lite release 1105x
Content-Length: 282
v=0
o=Shad 194756629 194756693 IN IP4 84.X.Y.Z
s=X-Lite
c=IN IP4 84.X.Y.Z
t=0 0
m=audio 8000 RTP/AVP 0 8 98 97 101
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:98 iLBC/8000
a=rtpmap:97 speex/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
========================================================================
====
SIP MESSAGE 4 192.168.0.1:5060() -> 84.X.Y.Z:5060()
UDP Frame 596 24/Mar/06 10:26:49.1709
TimeFromPreviousSipFrame=0.9117 TimeFromStart=21.1847
INVITE sip:Shad@84.X.Y.Z:5060 SIP/2.0
Record-Route: <sip:shad@192.168.0.1;ftag=2118835080;lr=on>
Via: SIP/2.0/UDP 192.168.0.1;branch=z9hG4bK00fc.855877d1.0
Via: SIP/2.0/UDP
84.X.Y.Z:5060;rport=18425;branch=z9hG4bKAC3E8656BB4A11DAAE75000393A75010
From: Shad <sip:Shad@65.X.Y.642>;tag=2118835080
To: <sip:shad@65.X.Y.642>
Contact: <sip:Shad@84.X.Y.Z:5060>
Call-ID: AB162664-BB4A-11DA-AE75-000393A75010(a)192.168.0.3
CSeq: 40569 INVITE
Max-Forwards: 69
Content-Type: application/sdp
User-Agent: X-Lite release 1105x
Content-Length: 282
v=0
o=Shad 194756629 194756693 IN IP4 84.X.Y.Z
s=X-Lite
c=IN IP4 84.X.Y.Z
t=0 0
m=audio 8000 RTP/AVP 0 8 98 97 101
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:98 iLBC/8000
a=rtpmap:97 speex/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
========================================================================
====
Obviously if the INVITE from the SER Server goes through on Port 5060
this is going to break !
I see the same thing if I try and call from UA2 to UA1 (More Email after
the digest :))
========================================================================
====
SIP MESSAGE 1 84.X.Y.A:24575() -> 192.168.0.1:5060()
UDP Frame 103 24/Mar/06 11:40:14.4074
TimeFromPreviousSipFrame=1.7003 TimeFromStart=1.7003
OPTIONS sip:65.X.Y.64:5060 SIP/2.0
Via: SIP/2.0/UDP
192.168.6.50;rport;branch=z9hG4bKc0a8063200000010442420ee0000369900000f1
b
Content-Length: 0
Call-ID: CE4F0254-4004-4129-9E4B-51CE8AAEE198(a)192.168.6.50
CSeq: 61 OPTIONS
From: <sip:bart@65.X.Y.64:5060>;tag=2925878122169
Max-Forwards: 70
To: <sip:65.X.Y.64:5060>
========================================================================
====
SIP MESSAGE 2 192.168.0.1:5060() -> 84.X.Y.A:24575()
UDP Frame 104 24/Mar/06 11:40:14.4078
TimeFromPreviousSipFrame=0.0004 TimeFromStart=1.7007
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP
192.168.6.50;rport=24575;branch=z9hG4bKc0a8063200000010442420ee000036990
0000f1b;received=84.X.Y.A
Call-ID: CE4F0254-4004-4129-9E4B-51CE8AAEE198(a)192.168.6.50
CSeq: 61 OPTIONS
From: <sip:bart@65.X.Y.64:5060>;tag=2925878122169
To: <sip:65.X.Y.64:5060>;tag=b27e1a1d33761e85846fc98f5f3a7e58.c661
Server: Sip EXpress router (0.8.12 (i386/linux))
Content-Length: 0
Warning: 392 192.168.0.1:5060 "Noisy feedback tells: pid=30107
req_src_ip=84.X.Y.A req_src_port=24575 in_uri=sip:65.X.Y.64:5060
out_uri=sip:65.X.Y.64:5060 via_cnt==1"
========================================================================
====
SIP MESSAGE 3 84.X.Y.A:24575() -> 192.168.0.1:5060()
UDP Frame 699 24/Mar/06 11:40:29.5842
TimeFromPreviousSipFrame=15.1763 TimeFromStart=16.8771
INVITE sip:shad@65.X.Y.64:5060 SIP/2.0
Via: SIP/2.0/UDP
192.168.6.50;rport;branch=z9hG4bKc0a8063200000225442420fd0000740600000f1
d
Content-Length: 264
Contact: <sip:bart@84.X.Y.A:5060>
Call-ID: 27CA29B7-302C-4FA1-BD57-AA2C4ADD5C69(a)192.168.6.50
Content-Type: application/sdp
CSeq: 1 INVITE
From: "unknown"<sip:bart@65.X.Y.64:5060>;tag=292738906749
Max-Forwards: 70
To: <sip:shad@65.X.Y.64:5060>
User-Agent: SJphone/1.60.289a (SJ Labs)
v=0
o=- 3352207229 3352207229 IN IP4 84.X.Y.A
s=SJphone
c=IN IP4 84.X.Y.A
t=0 0
a=direction:active
m=audio 49180 RTP/AVP 3 0 8 101
a=rtpmap:3 GSM/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-11,16
========================================================================
====
SIP MESSAGE 4 192.168.0.1:5060() -> 84.X.Y.A:24575()
UDP Frame 701 24/Mar/06 11:40:29.6111
TimeFromPreviousSipFrame=0.0270 TimeFromStart=16.9040
SIP/2.0 100 trying -- your call is important to us
Via: SIP/2.0/UDP
192.168.6.50;rport=24575;branch=z9hG4bKc0a8063200000225442420fd000074060
0000f1d;received=84.X.Y.A
Call-ID: 27CA29B7-302C-4FA1-BD57-AA2C4ADD5C69(a)192.168.6.50
CSeq: 1 INVITE
From: "unknown"<sip:bart@65.X.Y.64:5060>;tag=292738906749
To: <sip:shad@65.X.Y.64:5060>
Server: Sip EXpress router (0.8.12 (i386/linux))
Content-Length: 0
Warning: 392 192.168.0.1:5060 "Noisy feedback tells: pid=30097
req_src_ip=84.X.Y.A req_src_port=24575 in_uri=sip:shad@65.X.Y.64:5060
out_uri=sip:Shad@84.X.Y.Z:5060 via_cnt==1"
========================================================================
====
SIP MESSAGE 5 192.168.0.1:5060() -> 84.X.Y.Z:5060()
UDP Frame 702 24/Mar/06 11:40:29.6114
TimeFromPreviousSipFrame=0.0003 TimeFromStart=16.9043
INVITE sip:Shad@84.X.Y.Z:5060 SIP/2.0
Record-Route: <sip:shad@192.168.0.1;ftag=292738906749;lr=on>
Via: SIP/2.0/UDP 192.168.0.1;branch=z9hG4bK779f.4d153ff7.0
Via: SIP/2.0/UDP
192.168.6.50;received=84.X.Y.A;rport=24575;branch=z9hG4bKc0a806320000022
5442420fd0000740600000f1d
Content-Length: 264
Contact: <sip:bart@84.X.Y.A:5060>
Call-ID: 27CA29B7-302C-4FA1-BD57-AA2C4ADD5C69(a)192.168.6.50
Content-Type: application/sdp
CSeq: 1 INVITE
From: "unknown"<sip:bart@65.X.Y.64:5060>;tag=292738906749
Max-Forwards: 69
To: <sip:shad@65.X.Y.64:5060>
User-Agent: SJphone/1.60.289a (SJ Labs)
v=0
o=- 3352207229 3352207229 IN IP4 84.X.Y.A
s=SJphone
c=IN IP4 84.X.Y.A
t=0 0
a=direction:active
m=audio 49180 RTP/AVP 3 0 8 101
a=rtpmap:3 GSM/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-11,16
========================================================================
====
I see STUN packets being sent to the public STUN server, I see UDP
packets keeping the firewall ports open, the problem is unless the
INVITE from the ser server is initiated on on open port this is never
going to work !
As a final test if I R-NAT UDP 5060 on the FVS318 it obviously work.
This is great if I have only one user that needs to use the service?
however what happens when I want to have 2 or 3?
I would appreciate some help.
Thanks and Regards
Shad Mortazavi
------------------------------------------------------
Nexus Group Technical Manager
n|m Nexus Management Inc