But why it becomes a problem? It looks like client reloves NAT issue on his side. So during the call of this user you will send request to the proper destination address anyway._______________________________________________On Fri, 28 Feb 2020, 18:03 David Villasmil, <david.villasmil.work@gmail.com> wrote:Can you paste the challenge and responses?--On Fri, 28 Feb 2020 at 14:50, Awal Junanto <a.junanto@gmail.com> wrote:I added a call to add_uri_param("nat=yes") before auth_challenge("$fd", "0"), but couldn't see any difference in the actual SIP messages. The challenge (and the response) didn't contain that newly added keyword. Or am I missing something here?On Fri, 28 Feb 2020 at 13:58, David Villasmil <david.villasmil.work@gmail.com> wrote:There probably is a better way of doing this, but maybe you can store the fact that the first register came from a natted device in the locations table (or a hash).Or maybe add a parameter when challenging where you state the client is natting?Something like thisHope that helpsDavid--On Fri, 28 Feb 2020 at 12:03, Awal Junanto <a.junanto@gmail.com> wrote:_______________________________________________Hi,We are building a service where we need to detect NAT when the clients register to our server. We are struggling in analyzing NAT status of some clients which modify their IP addresses/ports in the headers according to the value of "received" parameter sent during "401 Unauthorized" response.Here's the flow:Client->ServerREGISTER sip:...Via: SIP/2.0/TLS 192.168.0.1:41157;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;aliasContact: <sip:user@192.168.0.1:42251;transport=TLS;ob>...Server->ClientSIP/2.0 401 UnauthorizedVia: SIP/2.0/TLS 192.168.0.1:41157;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;alias;received=1.2.3.4WWW-Authenticate: ......Client->ServerREGISTER sip:...Via: SIP/2.0/TLS 1.2.3.4:6201;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;aliasContact: <sip:user@ 1.2.3.4:6201;transport=TLS;ob>Authorization: ......By the time the client is authenticated, there is no way to detect whether the request was coming from a natted device or not by just analysing the Via or Contact headers.Thanks in advance.
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--_______________________________________________Best Regards,Awal
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users