Hi
I think I am very close to solve this issue, based on suggestions of Tavis and Klaus for openser in:
http://openser.org/dokuwiki/doku.php?id=how_to_set_up_nathelper_rtpproxy_when_both_sip_ua_s_are_behind_same_nat

I´ve been able to disable rtpproxy in this cases but I have a problem with accounting, if the callee hungup first appears an error and no cdr for BYE is generated until caller hungup the call, bellow the errors and config.

thanks for any help
rafael

 4(22193) BYE  - STOP ACCOUNTING
 4(22193) DEBUG: add_param: tag=3658302912
 
 4(22193) grep_sock_info - checking if host==us: 13==13 &&  [192.168.1.205] == [10.0.2.130]
 4(22193) grep_sock_info - checking if port 5060 matches port 5060
 4(22193) grep_sock_info - checking if host==us: 13==9 &&  [192.168.1.205] == [127.0.0.1]
 4(22193) grep_sock_info - checking if port 5060 matches port 5060
 4(22193) check_self: host != me
 4(22193) grep_sock_info - checking if host==us: 13==13 &&  [10.0.2.130] == [10.0.2.130]
 4(22193) grep_sock_info - checking if port 5060 matches port 5060
 
 4(22193) check_via_address(10.0.1.25, 192.168.1.100, 0)
 4(22193) ERROR: udp_send: sendto(sock,0x4051e800,588,0,0x4051f2ac,16): Operation not permitted(1)
 4(22193) msg_send: ERROR: udp_send failed
 4(22193) ERROR:tm:t_forward_nonack: sending request failed
 4(22193) DEBUG: add_to_tail_of_timer[4]: 0x4051f2cc
 4(22193) DEBUG: add_to_tail_of_timer[0]: 0x4051f2dc
 4(22193) ERROR:tm:t_relay_to:  t_forward_nonack returned error
 4(22193) parse_headers: flags=ffffffffffffffff
 4(22193) check_via_address(10.0.1.25, 192.168.1.100, 0)
 4(22193) WARNING:vqm_resize: resize(0) called
.
.
.


# ----------- global configuration parameters ------------------------

#/* Uncomment these lines to enter debugging mode
debug=6
fork=yes
log_stderror=yes
#*/

listen=10.0.2.130
listen=127.0.0.1
port=5060

# hostname matching an alias will satisfy the condition uri==myself".
alias=mydomain.com.pe
alias=10.0.2.130
alias=127.0.0.1

check_via=no    # (cmd. line: -v)
dns=no          # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
children=4
fifo="/tmp/openser_fifo"
fifo_mode=0666  # Fifo permissions can be changes from here.

# sip_warning - Should replies include extensive warnings?
# By default yes, it is good for trouble-shooting.
sip_warning=yes

# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/openser/modules/domain.so"
loadmodule "/usr/local/lib/openser/modules/avpops.so"
loadmodule "/usr/local/lib/openser/modules/mysql.so"
loadmodule "/usr/local/lib/openser/modules/sl.so"
loadmodule "/usr/local/lib/openser/modules/tm.so"
loadmodule "/usr/local/lib/openser/modules/rr.so"
loadmodule "/usr/local/lib/openser/modules/maxfwd.so"
loadmodule "/usr/local/lib/openser/modules/usrloc.so"
loadmodule "/usr/local/lib/openser/modules/registrar.so"
loadmodule "/usr/local/lib/openser/modules/group.so"
loadmodule "/usr/local/lib/openser/modules/uri.so"
loadmodule "/usr/local/lib/openser/modules/uri_db.so"
loadmodule "/usr/local/lib/openser/modules/acc.so"
loadmodule "/usr/local/lib/openser/modules/textops.so"
loadmodule "/usr/local/lib/openser/modules/xlog.so"

# digest authentication
loadmodule "/usr/local/lib/openser/modules/auth.so"
loadmodule "/usr/local/lib/openser/modules/auth_db.so"

# !! Nathelper
loadmodule "/usr/local/lib/openser/modules/nathelper.so"

# ----------------- setting module-specific parameters ---------------

modparam("usrloc", "db_mode", 2)

# minimize write back window - default is 60 seconds
modparam("usrloc", "timer_interval", 10)

# database location
modparam("usrloc", "db_url", "mysql://admin:heslo@localhost/openser")

modparam("usrloc", "use_domain", 1)
modparam("auth_db", "use_domain", 1)

modparam("domain", "db_mode", 1)
modparam("domain", "domain_table", "domain")
modparam("domain", "domain_col", "domain")

# ------------- Mysql Accounting parameters
modparam("acc", "log_flag", 1)
modparam("acc", "log_level", 2)
modparam("acc", "db_flag", 1)
modparam("acc", "db_missed_flag", 3)
modparam("acc", "log_missed_flag", 3)
modparam("acc", "db_url", "mysql://admin:heslo@localhost/openser")
modparam("acc", "report_ack", 0)
modparam("acc", "log_fmt", "miocfsputdr")

modparam("tm", "fr_timer", 20 )
modparam("tm", "fr_inv_timer", 40 ) # Timer which hits if no final reply for an INVITE
modparam("tm", "wt_timer", 20 )

# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)

modparam("group", "db_url", "mysql://seradmin:heslo@localhost/openser")
modparam("uri_db", "db_url", "mysql://seradmin:heslo@localhost/openser")

# ------------- registration parameters
modparam("registrar", "nat_flag", 6)
modparam("registrar", "min_expires", 60)
modparam("registrar", "max_expires", 86400)
modparam("registrar", "default_expires", 3600)
modparam("registrar", "desc_time_order", 1)
modparam("registrar", "append_branches", 1)

modparam("registrar", "use_domain", 1)

# !! Nathelper
# modparam("registrar", "nat_flag", 6)
modparam("nathelper", "natping_interval", 30) # Ping interval 30 s
modparam("nathelper", "ping_nated_only", 1)   # Ping only clients behind NAT

# -------------------------- request routing logic --------------------------

route {

        log(1, "-------------------------------------------\n");
        log(1, "entering main loop\n");


        # initial sanity checks -- messages with
        # max_forwards==0, or excessively long requests
        if (!mf_process_maxfwd_header("10")) {
                sl_send_reply("483","Too Many Hops");
                return;
        };
        if ( msg:len >= max_len ) {
                sl_send_reply("513", "Message too big");
                return;
        };

        # set flag for Radius Accounting:
        if (!method=="OPTIONS") setflag(3);

        if (method=="INVITE") {
                log(1, "INVITE MESSAGE RECEIVED - START ACC\n");
                setflag(1); /* set for accounting (the same value as in log_flag!) */
        };

        if (method=="BYE") {
                log (1, "BYE  - STOP ACCOUNTING\n");
                setflag(1);
        };

        if (method=="CANCEL") {
                log (1, "CANCEL - STOP ACCOUNTING\n");
                setflag(1);
        };


        # -----------------------------------------------------------------
        # Record Route Section
        # -----------------------------------------------------------------
        # record-route all messages -- to make sure that
        # subsequent messages will go through our proxy; that's
        # particularly good if upstream and downstream entities
        # use different transport protocol

        if (!method=="REGISTER") record_route();

        if (method=="BYE" || method=="CANCEL") {
                unforce_rtp_proxy();
        };

        # -----------------------------------------------------------------
        # Loose Route Section
        # -----------------------------------------------------------------
        if (loose_route() && (!src_ip==10.0.2.130 && !src_port==5070)) {

                if (has_totag() && (method=="INVITE" || method=="ACK")) {
                        if (nat_uac_test("19")) {
                                setflag(7);
                                force_rport();
                                fix_nated_contact();
                        };
                        force_rtp_proxy("l");
                };
                route(2);
                return;
        };

        # -----------------------------------------------------------------
        # Call Type Processing Section
        # -----------------------------------------------------------------
        if (!uri==myself && (!src_ip==10.0.2.130 && !src_port==5070)) {
                route(1);
                return;
        };

        if (method=="CANCEL") {
                route(2);
                return;
        };

        if (method == "REGISTER") {

                        if (!search("^Contact:[ ]*\*") && nat_uac_test("19")) {
                                setflag(6);
                                fix_nated_register();
                                force_rport();
                        };

                        sl_send_reply("100", "Trying");
                       
                        log(1, "ANALYZING REGISTER REQUEST\n");

                        # ... to use digest authentication
                        if (is_user_in("Request-URI", "desactivado")) {
                                sl_send_reply("402", "Su cuenta fue desactivada por falta de pago");
                                return;
                        };

                        if (!www_authorize("", "subscriber")) {
                                log(1,"       ----- Fails to Register \n");
                                www_challenge("", "0");
                                return;
                        };

                        # only signed users are allowed
                        if (!check_to()) {
                                log(1, "LOG: Hijack!!!--> unsigned user registration attempt\n");
                                sl_send_reply("403", "hijack attempt!!!! Only signed users are allowed");
                                return;
                        };
                        consume_credentials();
                        log(1,"      Registered!!! \n");
                        if (!save("location")) {
                                sl_reply_error();
                        };
                        return;
        };


        # INVITE ? First check the source of the call
        #********************************************
        # If the call comes from the gateways, no authentication is required.
        if (method == "INVITE"  && (src_ip==10.0.2.145 || src_ip==10.0.2.132 || src_ip==10.0.2.131)) {
                log(1,"Call from pstn|*, no authentication is required. \n");

        # If the call comes from B2BUA, no authentication is required.
        # The first leg of the call has already been authenticated.
        } else if (src_ip==10.0.2.130 && src_port==5070) {
                log(1,"Call from B2BUA, no authentication is required.  \n");
        } else {
                log(1, "ANALYZING INVITE REQUESTs\n");
                if (method == "INVITE"  && !src_ip==10.0.2.130 && !src_port==5070){

                        if (!proxy_authorize("", "subscriber")) {
                                proxy_challenge("", "0");
                                return;
                        } else {
                                if (!check_from()) {
                                        sl_send_reply("403", "Only registered users are allowed");
                                        log(1," ----> Only registered users are allowed \n");
                                        return;
                                };
                        consume_credentials();

                                if (nat_uac_test("19")) {
                                        setflag(7);
                                };
                        };


                # Not all the users are PREPAID, so we check the database
                # to see if the call will be routed through B2BUA.
                # If every call is to be routed through B2BUA the "is_user_in"
                # conditional is not required.
                # Do not use b2bua for local calls (660++++)

                        if (is_user_in("From", "prepaidb") && uri=~"^sip:00") {
                                log(1," ----> Usuario PREPAGO!!! enviando a b2bua... \n");
                                rewritehostport("10.0.2.130:5070");
                                t_relay_to_udp("10.0.2.130", "5070");
                                return;
                        };

                };
        }; # End of if (method == "INVITE" |...


        /* *********** Dial out to Local and PSTN logic ********* */          

                if(uri=~"^sip:00"){
                log(1,"00N match - Larga Distancia Internacional \n");
                        if (!is_user_in("from", "ldix")) {
                        log(1,"No permission for international calls \n");
                        sl_send_reply("403", "No permission for international calls");
                        acc_db_request("403 Forbidden", "missed_calls");
                        return;
                        };
                rewritehostport("10.0.2.131:5070");
                strip(2);
                route(1);
                return;
                };

        /* ******************************************************************** */  

                lookup("aliases");
                if (uri!=myself) {
                        route(1);
                        return;
                };
               

                # does the user wish redirection on no availability? (i.e., is he
                # in the voicemail group?) -- determine it now and store it in
                # flag 4, before we rewrite the flag using UsrLoc

                if (is_user_in("Request-URI", "voicemail")) {
                        log(1, "requested user is in voicemail group \n");
                        setflag(4);
                };

                # native SIP destinations are handled using our USRLOC DB
                if (!lookup("location")) {
                        log(1,"unable to locate user X ... sending to route(4)! \n");
                        # handle user which was not found
                        route(4);
                        return;
                };


        ### Check if UAS are behind the same NAT system: ###

        if (isflagset(6) && isflagset(7)){
                log(2, "Both Clients are behind NAT");
                # Store the destination domain into an AVP
                avp_printf("i:450", "$dd");
                if (avp_check("i:450", "eq/$src_ip/g")){
                        log(3, "Detected Two Clients Behind the Same NAT - Disabling Mediaproxy");
                        # Do not use media-proxy as the clients seem to be behind the same NAT
                        resetflag(6);
                        resetflag(7);
                        route(2);
                        return;
                };
        };

        route(1);

        # if user is on-line and is in Voicemail group, enable redirection
        if (method == "INVITE" && isflagset(4)) {
                log(1, "invite for voicemail user->initiate failureroute[1]\n");
                t_on_failure("1");
        };
}

### ##### ####### ########## ########### ############### ################# #####################

route[1]
{

        # if client or server know to be behind a NAT, enable relay
        if (isflagset(6) || isflagset(7)) {
                force_rport();
                fix_nated_contact();
                force_rtp_proxy();
        };

        # NAT processing of replies; apply to all transactions (for example,
        # re-INVITEs from public to private UA are hard to identify as
        # NATed at the moment of request processing); look at replies
        t_on_reply("1");

        # send it out now; use stateful forwarding as it works reliably
        # even for UDP2TCP

        if (!t_relay()) {
                if (method=="INVITE" && (isflagset(6) || isflagset(7))) {
                        unforce_rtp_proxy();
                };
                sl_reply_error();
        };
        log(1, "Route[1]: Send it out now!!!\n");
}

# !! Nathelper
onreply_route[1] {
        # NATed transaction ?
        # Not all 2xx messages have a content body so here we
        # make sure our Content-Length > 0 to avoid a parse error

    if ((isflagset(6) || isflagset(7)) && status =~ "(183)|2[0-9][0-9]") {
        fix_nated_contact();
        if (!search("^Content-Length:\ 0")) {
                force_rtp_proxy();
                log(1, "onreply_route1: force rtp proxy!!!\n");
        };
    # otherwise, is it a transaction behind a NAT and we did not
    # know at time of request processing ? (RFC1918 contacts)
    } else if (nat_uac_test("1")) {
        fix_nated_contact();
    };
}

# -------------- Default Message Handler ---------------------

route[2]{      

        # ----------------------------------------------------
        # Default Message Handler
        # ----------------------------------------------------

        t_on_reply("1");

        if (!t_relay()) {
                if (method=="INVITE" && isflagset(7)) {
                        unforce_rtp_proxy();
                };
                sl_reply_error();
        };
}

# --------------- Handling of Unavailable user ----------------

route[4] {
 
        # non-Voip -- just send "off-line"
        if (!(method=="INVITE" || method=="ACK" || method=="CANCEL" || method=="BYE" || method=="OPTIONS")) {
                sl_send_reply("404", "Not Found");
                acc_db_request("404 Not Found", "missed_calls");
                log(1, "acc 404 Not Found 1 \n");
                return;
        };

        # not voicemail subscriber
        if (!isflagset(4) && !method=="OPTIONS" && !method=="ACK" && !method=="BYE") {
                sl_send_reply("404", "Not Found and no voicemail turned on !! ");
                acc_db_request("404 Not Found", "missed_calls");
                log(1, " acc 404 Not Found and no voicemail \n");
                return;
        };

        # forward to voicemail adding prefix to simplify asterisk "extension.conf" ::
        # exten => _vmXXXXXXX,1,SetLanguage(es)
        # exten => _vmXXXXXXX,2,Voicemail(u${EXTEN:2})
        # exten => _vmXXXXXXX,3,Hangup
        prefix("vm"); 
        acc_db_request("404 Not Found -> Vm", "missed_calls");
        rewritehostport("10.0.2.131:5070");
        t_relay_to_udp("10.0.2.131", "5070");
}

# If forwarding downstream did not succeed, try voicemail running at Asterisk

failure_route[1]{
        if (t_check_status("408")){
                # revert_uri (); back to the original URI, makes me loose all lookup/rewrite stuff
                prefix("vm");
                rewritehostport ("10.0.2.131:5070");
                acc_db_request("408 Timeout   -> Vm", "missed_calls");
                append_branch();
                t_relay();
                return;
        } else if (t_check_status("486")){
                # revert_uri (); back to the original URI, makes me loose all lookup/rewrite stuff
                prefix("vm");
                rewritehostport ("10.0.2.131:5070");
                acc_db_request("486 Busy      -> Vm", "missed_calls");
                append_branch();
                t_relay();
                return;
        }
}