Hi,
We have openser (currently 1.1.1) deployed in our iptel-solution and almost everything seems to work ok but one strange thing has come up. A user has a few Dlink DVG-2001S (behind a net-hide firewall) that tries to register but doesn't succeed and my guess is that openser sends the reply to the incorrect port and there firewall blocks this. A small ngrep-dump of the session:
U 2007/04/24 11:40:12.620330 xx.xx.243.11:3710 -> xx.xxx.248.10:5060 REGISTER sip:sip.domain.tld SIP/2.0. Via: SIP/2.0/UDP 192.168.0.164:5060;branch=z9hG4bK8294fce7242e1605. Max-Forwards: 70. From: xx55551904 sip:xx55551904@sip.domain.tld;tag=1c2bcb8b48c89388. To: xx55551904 sip:xx55551904@sip.domain.tld. Call-ID: fec625fb04d0f004@192.168.0.164. CSeq: 1 REGISTER. Contact: *. Expires: 0. Allow: INVITE, ACK, CANCEL, BYE, REFER, NOTIFY, OPTIONS, INFO. Content-Length: 0. .
U 2007/04/24 11:40:12.620555 xx.xxx.248.10:5060 -> xx.xxx.243.11:5060 SIP/2.0 100 Trying. Via: SIP/2.0/UDP 192.168.0.164:5060;branch=z9hG4bK8294fce7242e1605;received=xx.xxx.243.11. From: xx55551904 sip:xx55551904@sip.domain.tld;tag=1c2bcb8b48c89388. To: xx55551904 sip:xx55551904@sip.domain.tld. Call-ID: fec625fb04d0f004@192.168.0.164. CSeq: 1 REGISTER. Server: OpenSer (1.1.1-tls (i386/linux)). Content-Length: 0. Warning: 392 xx.xxx.248.10:5060 "Noisy feedback tells: pid=23636 req_src_ip=xx.xxx.243.11 req_src_port=3710 in_uri=sip:sip.domain.tld out_uri=sip :sip.domain.tld via_cnt==1".
Does anyone have a guess what might be causing openser to send the reply to the wrong port ? The openser-box has a live internet-ip and and isn't behind any type of firewall or nat-device. I think all client nat-stuff is correct since it seems to work with other customers that are behind net-hide firewalls (broadband-routers).
/Thanks in advance - Ronnie Flink
Hello,
the reply is routed based in VIA header. Use force_rport() to force using source port instead if VIA port.
http://openser.org/dokuwiki/doku.php/core-cookbook:1.2.x#force_rport
Cheers, Daniel
On 04/26/07 15:42, Ronnie Flink wrote:
Hi,
We have openser (currently 1.1.1) deployed in our iptel-solution and almost everything seems to work ok but one strange thing has come up. A user has a few Dlink DVG-2001S (behind a net-hide firewall) that tries to register but doesn't succeed and my guess is that openser sends the reply to the incorrect port and there firewall blocks this. A small ngrep-dump of the session:
U 2007/04/24 11:40:12.620330 xx.xx.243.11:3710 -> xx.xxx.248.10:5060 REGISTER sip:sip.domain.tld SIP/2.0. Via: SIP/2.0/UDP 192.168.0.164:5060;branch=z9hG4bK8294fce7242e1605. Max-Forwards: 70. From: xx55551904 sip:xx55551904@sip.domain.tld;tag=1c2bcb8b48c89388. To: xx55551904 sip:xx55551904@sip.domain.tld. Call-ID: fec625fb04d0f004@192.168.0.164. CSeq: 1 REGISTER. Contact: *. Expires: 0. Allow: INVITE, ACK, CANCEL, BYE, REFER, NOTIFY, OPTIONS, INFO. Content-Length: 0. .
U 2007/04/24 11:40:12.620555 xx.xxx.248.10:5060 -> xx.xxx.243.11:5060 SIP/2.0 100 Trying. Via: SIP/2.0/UDP 192.168.0.164:5060;branch=z9hG4bK8294fce7242e1605;received=xx.xxx.243.11. From: xx55551904 sip:xx55551904@sip.domain.tld;tag=1c2bcb8b48c89388. To: xx55551904 sip:xx55551904@sip.domain.tld. Call-ID: fec625fb04d0f004@192.168.0.164. CSeq: 1 REGISTER. Server: OpenSer (1.1.1-tls (i386/linux)). Content-Length: 0. Warning: 392 xx.xxx.248.10:5060 "Noisy feedback tells: pid=23636 req_src_ip=xx.xxx.243.11 req_src_port=3710 in_uri=sip:sip.domain.tld out_uri=sip :sip.domain.tld via_cnt==1".
Does anyone have a guess what might be causing openser to send the reply to the wrong port ? The openser-box has a live internet-ip and and isn't behind any type of firewall or nat-device. I think all client nat-stuff is correct since it seems to work with other customers that are behind net-hide firewalls (broadband-routers).
/Thanks in advance - Ronnie Flink
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Daniel-Constantin Mierla -
Ronnie Flink