Hi,
I am deploying openser 1.2.2-notls on a machine with public IP. On the same machine I run a sip client (A) that registers with the above openser.
On an another machine behind NAT (typical adsl router) I use a sip client (B) to register with the above openser and try to invite sip client A.
I do not use any NAT-traversal techniques (the outgoing packets from B are modified by NAT and reach openser, responses are received by B through NAT due to statefull (?) routing on the NAT).
The SIP messages reach their destination properly and moreover the IP addresses in the SDP (from B) are updated by openser to indicate the external interface of NAT. This is very useful in my case since the client A sends the media packets to the proper address (I also configure virtual servers on the adsl router to have these forwarded to B). However, the port numbers in the SDP are also updated (usually by an offset of +16) which hinders the media session from A to B since B is expecting the packets on other ports.
Is there any way to have the ports remain unaltered during the above operation?
Thanks in advance,
Kostas
Below is my openser.cfg
# # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $ # # simple quick-start config script # Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php # for a explanation of possible statements, functions and parameters. #
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) children=4
# Uncomment these lines to enter debugging mode #fork=no #log_stderror=yes #
port=5060
# uncomment the following lines for TLS support #disable_tls = 0 #listen = tls:your_IP:5061 #tls_verify_server = 1 #tls_verify_client = 1 #tls_require_client_certificate = 0 #tls_method = TLSv1 #tls_certificate = "/opt/openser/etc/openser/tls/user/user-cert.pem" #tls_private_key = "/opt/openser/etc/openser/tls/user/user-privkey.pem" #tls_ca_list = "/opt/openser/etc/openser/tls/user/user-calist.pem"
# ------------------ module loading ----------------------------------
#set module path mpath="/lib/openser/modules/"
# Uncomment this if you want to use SQL database loadmodule "mysql.so"
loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "mi_fifo.so"
# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "auth.so" loadmodule "auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- mi_fifo params --
modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2)
# -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; };
if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; };
# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route();
# subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); };
if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); # if you have some interdomain connections via TLS #if(uri=~"@tls_domain1.net") { # t_relay("tls:domain1.net"); # exit; #} else if(uri=~"@tls_domain2.net") { # t_relay("tls:domain2.net"); # exit; #} route(1); };
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication if (!www_authorize("......", "subscriber")) { www_challenge(".....", "0"); exit; };
save("location"); exit; };
lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); };
# native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); };
route(1); }
route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit; }
Hi Kostas,
If you want to change only the port, try the mangle module: http://www.openser.org/docs/modules/1.2.x/mangler.html#AEN99
Regards, Bogdan
Konstantinos Koutsopoulos wrote:
Hi,
I am deploying openser 1.2.2-notls on a machine with public IP. On the same machine I run a sip client (A) that registers with the above openser.
On an another machine behind NAT (typical adsl router) I use a sip client (B) to register with the above openser and try to invite sip client A.
I do not use any NAT-traversal techniques (the outgoing packets from B are modified by NAT and reach openser, responses are received by B through NAT due to statefull (?) routing on the NAT).
The SIP messages reach their destination properly and moreover the IP addresses in the SDP (from B) are updated by openser to indicate the external interface of NAT. This is very useful in my case since the client A sends the media packets to the proper address (I also configure virtual servers on the adsl router to have these forwarded to B). However, the port numbers in the SDP are also updated (usually by an offset of +16) which hinders the media session from A to B since B is expecting the packets on other ports.
Is there any way to have the ports remain unaltered during the above operation?
Thanks in advance,
Kostas
Hi Bogdan,
thanks for the response, but I actually need the ports to remain the same. The address modification is convenient.
Kostas
Bogdan-Andrei Iancu wrote:
Hi Kostas,
If you want to change only the port, try the mangle module: http://www.openser.org/docs/modules/1.2.x/mangler.html#AEN99
Regards, Bogdan
Konstantinos Koutsopoulos wrote:
Hi,
I am deploying openser 1.2.2-notls on a machine with public IP. On the same machine I run a sip client (A) that registers with the above openser.
On an another machine behind NAT (typical adsl router) I use a sip client (B) to register with the above openser and try to invite sip client A.
I do not use any NAT-traversal techniques (the outgoing packets from B are modified by NAT and reach openser, responses are received by B through NAT due to statefull (?) routing on the NAT).
The SIP messages reach their destination properly and moreover the IP addresses in the SDP (from B) are updated by openser to indicate the external interface of NAT. This is very useful in my case since the client A sends the media packets to the proper address (I also configure virtual servers on the adsl router to have these forwarded to B). However, the port numbers in the SDP are also updated (usually by an offset of +16) which hinders the media session from A to B since B is expecting the packets on other ports.
Is there any way to have the ports remain unaltered during the above operation?
Thanks in advance,
Kostas
Hi,
But who is changing the IP and port in SDP? The script you sent makes no changes on the SDP part of the messages.
regards, bogdan
Konstantinos Koutsopoulos wrote:
Hi Bogdan,
thanks for the response, but I actually need the ports to remain the same. The address modification is convenient.
Kostas
Bogdan-Andrei Iancu wrote:
Hi Kostas,
If you want to change only the port, try the mangle module: http://www.openser.org/docs/modules/1.2.x/mangler.html#AEN99
Regards, Bogdan
Konstantinos Koutsopoulos wrote:
Hi,
I am deploying openser 1.2.2-notls on a machine with public IP. On the same machine I run a sip client (A) that registers with the above openser.
On an another machine behind NAT (typical adsl router) I use a sip client (B) to register with the above openser and try to invite sip client A.
I do not use any NAT-traversal techniques (the outgoing packets from B are modified by NAT and reach openser, responses are received by B through NAT due to statefull (?) routing on the NAT).
The SIP messages reach their destination properly and moreover the IP addresses in the SDP (from B) are updated by openser to indicate the external interface of NAT. This is very useful in my case since the client A sends the media packets to the proper address (I also configure virtual servers on the adsl router to have these forwarded to B). However, the port numbers in the SDP are also updated (usually by an offset of +16) which hinders the media session from A to B since B is expecting the packets on other ports.
Is there any way to have the ports remain unaltered during the above operation?
Thanks in advance,
Kostas
Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users
Hi Bogdan,
exactly that is why I did not manage to explain, although I am relatively new user to openser. I tried to locate documentation that explains this behaviour and I found that no module performing such action is loaded and configured in my set-up. I have just captured the packets to and form openser and saw that openser alters the sdp fields.
Regards,
Kostas
Bogdan-Andrei Iancu wrote:
Hi,
But who is changing the IP and port in SDP? The script you sent makes no changes on the SDP part of the messages.
regards, bogdan
Konstantinos Koutsopoulos wrote:
Hi Bogdan,
thanks for the response, but I actually need the ports to remain the same. The address modification is convenient.
Kostas
Bogdan-Andrei Iancu wrote:
Hi Kostas,
If you want to change only the port, try the mangle module: http://www.openser.org/docs/modules/1.2.x/mangler.html#AEN99
Regards, Bogdan
Konstantinos Koutsopoulos wrote:
Hi,
I am deploying openser 1.2.2-notls on a machine with public IP. On the same machine I run a sip client (A) that registers with the above openser.
On an another machine behind NAT (typical adsl router) I use a sip client (B) to register with the above openser and try to invite sip client A.
I do not use any NAT-traversal techniques (the outgoing packets from B are modified by NAT and reach openser, responses are received by B through NAT due to statefull (?) routing on the NAT).
The SIP messages reach their destination properly and moreover the IP addresses in the SDP (from B) are updated by openser to indicate the external interface of NAT. This is very useful in my case since the client A sends the media packets to the proper address (I also configure virtual servers on the adsl router to have these forwarded to B). However, the port numbers in the SDP are also updated (usually by an offset of +16) which hinders the media session from A to B since B is expecting the packets on other ports.
Is there any way to have the ports remain unaltered during the above operation?
Thanks in advance,
Kostas
Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users
Hi Kostas,
With the configuration you sent it is impossible for openser to change the SDP - maybe you have some ALG that's doing that.....
regards, bogdan
Konstantinos Koutsopoulos wrote:
Hi Bogdan,
exactly that is why I did not manage to explain, although I am relatively new user to openser. I tried to locate documentation that explains this behaviour and I found that no module performing such action is loaded and configured in my set-up. I have just captured the packets to and form openser and saw that openser alters the sdp fields.
Regards,
Kostas
Bogdan-Andrei Iancu wrote:
Hi,
But who is changing the IP and port in SDP? The script you sent makes no changes on the SDP part of the messages.
regards, bogdan
Konstantinos Koutsopoulos wrote:
Hi Bogdan,
thanks for the response, but I actually need the ports to remain the same. The address modification is convenient.
Kostas
Bogdan-Andrei Iancu wrote:
Hi Kostas,
If you want to change only the port, try the mangle module: http://www.openser.org/docs/modules/1.2.x/mangler.html#AEN99
Regards, Bogdan
Konstantinos Koutsopoulos wrote:
Hi,
I am deploying openser 1.2.2-notls on a machine with public IP. On the same machine I run a sip client (A) that registers with the above openser.
On an another machine behind NAT (typical adsl router) I use a sip client (B) to register with the above openser and try to invite sip client A.
I do not use any NAT-traversal techniques (the outgoing packets from B are modified by NAT and reach openser, responses are received by B through NAT due to statefull (?) routing on the NAT).
The SIP messages reach their destination properly and moreover the IP addresses in the SDP (from B) are updated by openser to indicate the external interface of NAT. This is very useful in my case since the client A sends the media packets to the proper address (I also configure virtual servers on the adsl router to have these forwarded to B). However, the port numbers in the SDP are also updated (usually by an offset of +16) which hinders the media session from A to B since B is expecting the packets on other ports.
Is there any way to have the ports remain unaltered during the above operation?
Thanks in advance,
Kostas
El Wednesday 31 October 2007 08:03:11 Bogdan-Andrei Iancu escribió:
Hi Kostas,
With the configuration you sent it is impossible for openser to change the SDP - maybe you have some ALG that's doing that.....
Which router are you using? maybe a Zyxel P600 ?
El Wednesday 31 October 2007 10:22:05 Konstantinos Koutsopoulos escribió:
The NATted device (client B) is behind a USR 9112, the other machine (with openser and client B) is on an academic LAN. The fact, however, is that tshark indicates that the original sdp (from B) reaches port 5060 of openser but the invite that is thereafter forwarded to client A contains a modified sdp.
Not sure if I've understood, you said always "client B" XD
I assume client B calls from NAT. Is it a softphone? Could you try with a softphone as B and do a ngrep o tshark in the **same** machine B is running and notate the INVITE message?
Then you can do a ngrep in OpenSer and inspect the received INVITE form B.
If the NAT has been fixed "by magic" then your router (in B LAN) does ALG's, so it rewrites the SIP message and replaces private IP with public IP and internal ports with NAT mapped external ports.
Hi,
first of all to correct the message below
(with openser and client B) should be (with openser and client A).
I have checked again with tshark on the openser's interface and it seems that indeed my adsl router intervene with my SDP. Thanks for the hints and sorry for the inaccuracies.
Regards,
Kostas
Iñaki Baz Castillo wrote:
El Wednesday 31 October 2007 10:22:05 Konstantinos Koutsopoulos escribió:
The NATted device (client B) is behind a USR 9112, the other machine (with openser and client B) is on an academic LAN. The fact, however, is that tshark indicates that the original sdp (from B) reaches port 5060 of openser but the invite that is thereafter forwarded to client A contains a modified sdp.
Not sure if I've understood, you said always "client B" XD
I assume client B calls from NAT. Is it a softphone? Could you try with a softphone as B and do a ngrep o tshark in the **same** machine B is running and notate the INVITE message?
Then you can do a ngrep in OpenSer and inspect the received INVITE form B.
If the NAT has been fixed "by magic" then your router (in B LAN) does ALG's, so it rewrites the SIP message and replaces private IP with public IP and internal ports with NAT mapped external ports.
El Wednesday 31 October 2007 11:26:27 Konstantinos Koutsopoulos escribió:
I have checked again with tshark on the openser's interface and it seems that indeed my adsl router intervene with my SDP. Thanks for the hints and sorry for the inaccuracies.
So your router implements ALG. this can be good (if it does correctly) or the worst it can occurs to you (if the AGL works wrongly).
For example, my home router (Zyxel P600) does a very painful ALG and writes port grater that 32665 !!!!!
You can dissable ALG's in the router (depending on the model maybe needed using telnet).
Regards.
In my case it adds 16 to every port in the sdp.
Iñaki Baz Castillo wrote:
El Wednesday 31 October 2007 11:26:27 Konstantinos Koutsopoulos escribió:
I have checked again with tshark on the openser's interface and it seems that indeed my adsl router intervene with my SDP. Thanks for the hints and sorry for the inaccuracies.
So your router implements ALG. this can be good (if it does correctly) or the worst it can occurs to you (if the AGL works wrongly).
For example, my home router (Zyxel P600) does a very painful ALG and writes port grater that 32665 !!!!!
You can dissable ALG's in the router (depending on the model maybe needed using telnet).
Regards.
-
Bogdan-Andrei Iancu -
Iñaki Baz Castillo -
Konstantinos Koutsopoulos