Hi list, I am trying to solve my nat problem with openser 1.3.2 and rtpproxy 1.1, I have my openser with 2 net cards. I detail my scenario:
(192.168.10.1) LAN-eth1- Server Openser eth0-WAN (192.168.1.64)<-> NAT <-> ADSL dyndns <-> Internet <-> ADSL <-> NAT <-> UAC
All my external clients are also behind an ADSL with address private ip and my server openser, I don't have ip it public but register a domain with dyndns and it configures it in my router adsl, I have access from out to my server through dyndns.
All my external clients configure them so that they use of address proxy the dyndns domain, my external clients register but when they call to another UAC that this behind the server openser is not audio, and if a UAC that this behind the server openser calls an external client the call doesn't arrive he fails.
I have open the ports UDP 5060:5065, 10000:20000, 35000:65000 TCP: 5060
some idea of like I can solve this problem?...
best regards all list
rickygm
### LOG SIP ###
U +1.744617 192.168.10.30:5062 -> 192.168.10.1:5060 SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.10.1;branch=z9hG4bK2fc9.6c704556.0 Via: SIP/2.0/UDP 192.168.0.60:5063;rport=5063;received=190.184.35.4;branch=z9hG4bK-de71d299 Record-Route: sip:192.168.10.1;r2=on;lr=on;ftag=636fc42148cbcd9ao3 Record-Route: sip:192.168.1.64;r2=on;lr=on;ftag=636fc42148cbcd9ao3 From: sip:122@gnuforever.homelinux.com;tag=636fc42148cbcd9ao3 To: sip:113@gnuforever.homelinux.com;tag=a5f269a554788978 Call-ID: 6f8c5fed-1d1d043e@192.168.0.60 CSeq: 102 INVITE User-Agent: Grandstream GXP2020 1.1.6.16 Contact: sip:113@192.168.10.30:5062;transport=udp Allow: INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE,UPDATE,PRACK,MESSAGE Content-Type: application/sdp Supported: replaces, timer Content-Length: 214
v=0 o=113 8000 8000 IN IP4 192.168.10.30 s=SIP Call c=IN IP4 192.168.10.30 t=0 0 m=audio 5004 RTP/AVP 18 101 a=sendrecv a=rtpmap:18 G729/8000 a=ptime:30 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-11
# U +0.000481 192.168.1.64:5060 -> 190.184.35.4:5063 SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.0.60:5063;rport=5063;received=190.184.35.4;branch=z9hG4bK-de71d299 Record-Route: sip:192.168.10.1;r2=on;lr=on;ftag=636fc42148cbcd9ao3 Record-Route: sip:192.168.1.64;r2=on;lr=on;ftag=636fc42148cbcd9ao3 From: sip:122@gnuforever.homelinux.com;tag=636fc42148cbcd9ao3 To: sip:113@gnuforever.homelinux.com;tag=a5f269a554788978 Call-ID: 6f8c5fed-1d1d043e@192.168.0.60 CSeq: 102 INVITE User-Agent: Grandstream GXP2020 1.1.6.16 Contact: sip:113@192.168.10.30:5062;transport=udp Allow: INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE,UPDATE,PRACK,MESSAGE Content-Type: application/sdp Supported: replaces, timer Content-Length: 232 P-hint: onreply_route|force_rtp_proxy
v=0 o=113 8000 8000 IN IP4 192.168.10.30 s=SIP Call c=IN IP4 192.168.1.64 t=0 0 m=audio 35006 RTP/AVP 18 101 a=sendrecv a=rtpmap:18 G729/8000 a=ptime:30 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-11 a=nortpproxy:yes
# U +0.219110 190.184.35.4:5063 -> 192.168.1.64:5060 ACK sip:113@192.168.10.30:5062;transport=udp SIP/2.0 Via: SIP/2.0/UDP 192.168.0.60:5063;branch=z9hG4bK-547056da From: sip:122@gnuforever.homelinux.com;tag=636fc42148cbcd9ao3 To: sip:113@gnuforever.homelinux.com;tag=a5f269a554788978 Call-ID: 6f8c5fed-1d1d043e@192.168.0.60 CSeq: 102 ACK Max-Forwards: 70 Route: sip:192.168.1.64;r2=on;lr=on;ftag=636fc42148cbcd9ao3, sip:192.168.10.1;r2=on;lr=on;ftag=636fc42148cbcd9ao3 Proxy-Authorization: Digest username="122",realm="gnuforever.homelinux.com",nonce="48f260b8529fd8e9d8f0247fa92f734a317f2da5",uri="sip:113@gnuforever.homelinux.com",algorithm=MD5,response="ec45ed24126b924160da73b8ba10e73d" Contact: sip:122@192.168.0.60:5063 User-Agent: Linksys/SPA942-5.2.8 Content-Length: 0
# U +0.000944 192.168.10.1:5060 -> 192.168.10.30:5062 ACK sip:113@192.168.10.30:5062;transport=udp SIP/2.0 Record-Route: sip:192.168.10.1;r2=on;lr=on;ftag=636fc42148cbcd9ao3 Record-Route: sip:192.168.1.64;r2=on;lr=on;ftag=636fc42148cbcd9ao3 Via: SIP/2.0/UDP 192.168.10.1;branch=z9hG4bK2fc9.6c704556.2 Via: SIP/2.0/UDP 192.168.0.60:5063;rport=5063;received=190.184.35.4;branch=z9hG4bK-547056da From: sip:122@gnuforever.homelinux.com;tag=636fc42148cbcd9ao3 To: sip:113@gnuforever.homelinux.com;tag=a5f269a554788978 Call-ID: 6f8c5fed-1d1d043e@192.168.0.60 CSeq: 102 ACK Max-Forwards: 69 Proxy-Authorization: Digest username="122",realm="gnuforever.homelinux.com",nonce="48f260b8529fd8e9d8f0247fa92f734a317f2da5",uri="sip:113@gnuforever.homelinux.com",algorithm=MD5,response="ec45ed24126b924160da73b8ba10e73d" Contact: sip:122@190.184.35.4:5063;nat=yes User-Agent: Linksys/SPA942-5.2.8 Content-Length: 0
# U +0.140447 192.168.1.64:5060 -> 190.184.35.4:5063 OPTIONS sip:190.184.35.4:5063 SIP/2.0 Via: SIP/2.0/UDP 192.168.1.64:5060;branch=0 From: sip:pinger@192.168.1.64;tag=f7508b75 To: sip:190.184.35.4:5063 Call-ID: 29b7fe71-06901b84-fa6@192.168.1.64 CSeq: 1 OPTIONS Content-Length: 0
# U +0.164881 190.184.35.4:5063 -> 192.168.1.64:5060 SIP/2.0 404 Not Found To: sip:190.184.35.4:5063;tag=a04ea06caeb3256i3 From: sip:pinger@192.168.1.64;tag=f7508b75 Call-ID: 29b7fe71-06901b84-fa6@192.168.1.64 CSeq: 1 OPTIONS Via: SIP/2.0/UDP 192.168.1.64:5060;branch=0 Server: Linksys/SPA942-5.2.8 Content-Length: 0
# U +1.195009 192.168.10.28:5060 -> 192.168.10.1:5060
# U +0.639899 192.168.10.1:5060 -> 192.168.10.27:5060 OPTIONS sip:192.168.10.27:5060 SIP/2.0 Via: SIP/2.0/UDP 192.168.10.1:5060;branch=0 From: sip:pinger@192.168.1.64;tag=08508b75 To: sip:192.168.10.27:5060 Call-ID: 29b7fe71-16901b84-1b6@192.168.10.1 CSeq: 1 OPTIONS Content-Length: 0
# U +0.001412 192.168.10.27:5060 -> 192.168.10.1:5060 SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.10.1:5060;branch=0 From: sip:pinger@192.168.1.64;tag=08508b75 To: sip:192.168.10.27:5060;tag=b1e56101b3b09b53 Call-ID: 29b7fe71-16901b84-1b6@192.168.10.1 CSeq: 1 OPTIONS User-Agent: Grandstream GXV3000 1.1.3.14 Contact: sip:120@192.168.10.27:5060 Allow: INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE,UPDATE,PRACK Supported: replaces, timer, 100rel, path Content-Length: 0
# U +3.393457 190.184.35.4:5063 -> 192.168.1.64:5060 BYE sip:113@192.168.10.30:5062;transport=udp SIP/2.0 Via: SIP/2.0/UDP 192.168.0.60:5063;branch=z9hG4bK-f7539b7 From: sip:122@gnuforever.homelinux.com;tag=636fc42148cbcd9ao3 To: sip:113@gnuforever.homelinux.com;tag=a5f269a554788978 Call-ID: 6f8c5fed-1d1d043e@192.168.0.60 CSeq: 103 BYE Max-Forwards: 70 Route: sip:192.168.1.64;r2=on;lr=on;ftag=636fc42148cbcd9ao3, sip:192.168.10.1;r2=on;lr=on;ftag=636fc42148cbcd9ao3 Proxy-Authorization: Digest username="122",realm="gnuforever.homelinux.com",nonce="48f260b8529fd8e9d8f0247fa92f734a317f2da5",uri="sip:113@192.168.10.30:5062",algorithm=MD5,response="4416adbfacebc76ed9cc3f002ff958a1" User-Agent: Linksys/SPA942-5.2.8 Content-Length: 0
# U +0.000768 192.168.10.1:5060 -> 192.168.10.30:5062 BYE sip:113@192.168.10.30:5062;transport=udp SIP/2.0 Record-Route: sip:192.168.10.1;r2=on;lr=on;ftag=636fc42148cbcd9ao3 Record-Route: sip:192.168.1.64;r2=on;lr=on;ftag=636fc42148cbcd9ao3 Via: SIP/2.0/UDP 192.168.10.1;branch=z9hG4bK3fc9.1cba8107.0 Via: SIP/2.0/UDP 192.168.0.60:5063;rport=5063;received=190.184.35.4;branch=z9hG4bK-f7539b7 From: sip:122@gnuforever.homelinux.com;tag=636fc42148cbcd9ao3 To: sip:113@gnuforever.homelinux.com;tag=a5f269a554788978 Call-ID: 6f8c5fed-1d1d043e@192.168.0.60 CSeq: 103 BYE Max-Forwards: 69 Proxy-Authorization: Digest username="122",realm="gnuforever.homelinux.com",nonce="48f260b8529fd8e9d8f0247fa92f734a317f2da5",uri="sip:113@192.168.10.30:5062",algorithm=MD5,response="4416adbfacebc76ed9cc3f002ff958a1" User-Agent: Linksys/SPA942-5.2.8 Content-Length: 0
# U +0.055972 192.168.10.30:5062 -> 192.168.10.1:5060 SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.10.1;branch=z9hG4bK3fc9.1cba8107.0 Via: SIP/2.0/UDP 192.168.0.60:5063;rport=5063;received=190.184.35.4;branch=z9hG4bK-f7539b7 Record-Route: sip:192.168.10.1;r2=on;lr=on;ftag=636fc42148cbcd9ao3 Record-Route: sip:192.168.1.64;r2=on;lr=on;ftag=636fc42148cbcd9ao3 From: sip:122@gnuforever.homelinux.com;tag=636fc42148cbcd9ao3 To: sip:113@gnuforever.homelinux.com;tag=a5f269a554788978 Call-ID: 6f8c5fed-1d1d043e@192.168.0.60 CSeq: 103 BYE User-Agent: Grandstream GXP2020 1.1.6.16 Contact: sip:113@192.168.10.30:5062;transport=udp Allow: INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE,UPDATE,PRACK,MESSAGE Supported: replaces, timer Content-Length: 0
El Domingo, 12 de Octubre de 2008, Ricky Gutierrez escribió:
(192.168.10.1) LAN-eth1- Server Openser eth0-WAN (192.168.1.64)<-> NAT <-> ADSL dyndns <-> Internet <-> ADSL <-> NAT <-> UAC
All my external clients are also behind an ADSL with address private ip and my server openser, I don't have ip it public but register a domain with dyndns and it configures it in my router adsl, I have access from out to my server through dyndns.
OpenSer behind a NAT router with dynamic IP? It's really an annoying scenario.
Note that when the INVITE/200/(ACK) comes from the LAN 192.168.10.X and goes through OpenSer, you must replace the media IP in the SDP and the IP in "Contact" with the **public** IP of the LAN router, that is a dynamic IP and AFAIK it's not valid to set a domain in the SDP.
And when he INVITE/200/(ACK) comes from Internet and goes through OpenSer, you must replace the media IP in the SDP and IP in "Contact" with the eth1 IP of RtpProxy (19.168.10.1).
Also, you need the SIP ports and RtpProxy media ports redirected in the router to the RtpProxy server.
Anyway, this scenario is not appropiate for a businnes service.
I have open the ports UDP 5060:5065, 10000:20000, 35000:65000 TCP: 5060
Why do you open all these ports? and what do you mean with "open"? don't you mean "redirected"?
PD: A suggestion: Buy an space in a datacenter (a virtual machine could be enough depending on your traffic ammount) and install the OpenSer and RtpProxy decently in a host with public IP.
On Sunday 12 October 2008 22:43:16 Iñaki Baz Castillo wrote:
El Domingo, 12 de Octubre de 2008, Ricky Gutierrez escribió:
(192.168.10.1) LAN-eth1- Server Openser eth0-WAN (192.168.1.64)<-> NAT <-> ADSL dyndns <-> Internet <-> ADSL <-> NAT <-> UAC
All my external clients are also behind an ADSL with address private ip and my server openser, I don't have ip it public but register a domain with dyndns and it configures it in my router adsl, I have access from out to my server through dyndns.
OpenSer behind a NAT router with dynamic IP? It's really an annoying scenario.
Simply it's a "Never will work" scenario
Note that when the INVITE/200/(ACK) comes from the LAN 192.168.10.X and goes through OpenSer, you must replace the media IP in the SDP and the IP in "Contact" with the **public** IP of the LAN router, that is a dynamic IP and AFAIK it's not valid to set a domain in the SDP.
And when he INVITE/200/(ACK) comes from Internet and goes through OpenSer, you must replace the media IP in the SDP and IP in "Contact" with the eth1 IP of RtpProxy (19.168.10.1).
Also, you need the SIP ports and RtpProxy media ports redirected in the router to the RtpProxy server.
Will never work, when use_mediaproxy() is called, IP's will be changed with the current IP of the rtpproxy, so no matther now many ports you redirect, it will never works.
Anyway, this scenario is not appropiate for a businnes service.
Not only that, it's a no-working one ... no matter if businnes of experimental or testing scenario ...
2008/10/13 Raúl Alexis Betancor Santana rabs@dimension-virtual.com:
Will never work, when use_mediaproxy() is called, IP's will be changed with the current IP of the rtpproxy, so no matther now many ports you redirect, it will never works.
You can replace the IP in the SDP with a custom IP instead of the RtpProxy IP, there is a funcion for that in nathelper module (AFAIK). So you can set the public IP in the SDP but this IP is dynamic, so...
-
Iñaki Baz Castillo -
Raúl Alexis Betancor Santana -
Ricky Gutierrez