dang. i forgot to mention that when i try to dial a client on the same lan segment, i get the SEND and RECEIVE messages that i posted, however the call with still not go through the end with a "Call failed: 408 request timeout" message.

Eric C. Snowdeal III wrote:

hmmm. i replaced the INVITE in my original config with the one you supplied and SER started fine:

---

Feb 1 18:12:52 localhost ser: Listening on Feb 1 18:12:52 localhost ser: 127.0.0.1 [127.0.0.1]:5060 Feb 1 18:12:52 localhost ser: my.public.ip [my.public.ip]:5060 Feb 1 18:12:52 localhost ser: Aliases: localhost.localdomain:5060 localhost:5060 my.public.box:* Feb 1 18:12:52 localhost ser: ser startup succeeded

---

clients register and get a "200 o.k." response. i just realized that i left out the send and receive message that i get when i try to call a client on the same lan segment - my.public.ip is the ip address of the my.public.box on which ser is running:

---

SEND >> my.public.ip:5060 INVITE sip:456@my.public.box SIP/2.0 Via: SIP/2.0/UDP 192.168.1.100:5060;rport;branch=z9hG4bK63D6D07A552611D8908A000393B930BA From: snowdeal sip:123@my.public.box;tag=748430901 To: sip:456@my.public.box Contact: sip:123@192.168.1.100:5060 Call-ID: 61C9E3CB-5526-11D8-908A-000393B930BA@192.168.1.100 CSeq: 59170 INVITE Max-Forwards: 70 Content-Type: application/sdp User-Agent: X-Lite build 1101 Content-Length: 296

v=0 o=123 584059347 584059347 IN IP4 192.168.1.100 s=X-Lite c=IN IP4 192.168.1.100 t=0 0 m=audio 8000 RTP/AVP 0 8 3 98 97 101 a=rtpmap:0 pcmu/8000 a=rtpmap:8 pcma/8000 a=rtpmap:3 gsm/8000 a=rtpmap:98 iLBC/8000 a=rtpmap:97 speex/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15

RECEIVE << my.public.ip:5060 SIP/2.0 100 trying -- your call is important to us Via: SIP/2.0/UDP 192.168.1.100:5060;rport=5060;branch=z9hG4bK63D6D07A552611D8908A000393B930BA;received=my.router.public.ip

From: snowdeal sip:123@my.public.box;tag=748430901 To: sip:456@my.public.box Call-ID: 61C9E3CB-5526-11D8-908A-000393B930BA@192.168.1.100 CSeq: 59170 INVITE Server: Sip EXpress router (0.8.12 (i386/linux)) Content-Length: 0 Warning: 392 my.public.ip:5060 "Noisy feedback tells: pid=16985 req_src_ip=my.router.public.ip req_src_port=5060 in_uri=sip:456@my.public.box out_uri=sip:456@192.168.1.101:5060 via_cnt==1"

---

the rtpmap messages are new, so i guess that's progress. that said, should i ditch the released version and wade through the config errors that i get when i compile the CVS head? is there anything glaringly obviously wrong with my current setup?

thanks,

• eric

Andres wrote:

...

Eric,

I don't think the release version has support for RTPProxy. Change your config to this and I bet it won't start.

   if (method=="INVITE") {
           record_route();
           if (isflagset(1)) { # ATA ?
                    force_rtp_proxy();
           };
           /* set up reply processing */
           t_on_reply("1");
   };

Eric C. Snowdeal III wrote:

...

i've been getting my sea legs with SER and am having trouble getting rtpproxy to nathelper to work correctly with my setup. since everything works fine if i test the scenario with a freeworld dialup account, i'm assuming that my problems are solely due to the vastness of my ignorance on how to configure SER correctly.

i have three x-lite clients [ one is running on windows 2000 not sure of the build number, but it's the latest download from the website; the other two clients are both build 1101 on mac 10.2.3. SER running on a rh9 box on a public IP with rtpproxy. i installed ser-0.8.12-0.i386.rpm which i downloaded from the ftp server. the x-lite clients are sitting behind a linksys befw11s4 nat router.

i can run SER without nathelper/rtpproxy and make and receive calls to clients outside the my network. however, things fall apart quickly when i try to run more than one client behind the nat [ lost audio, timeouts etc] which i presume is what nathelper is supposed to deal with. if try to run to use nathelper, i can't make a call from a one client to another client behind the lan. the calls won't go through - they simply timeout.

i downloaded and compiled rtpproxy which i obtained from the portaone website and simply started it from the command line. i can't figure out how to get any debugging messages from rtpproxy, but i can see that the process exists and /var/run/rtpproxy.sock is created.

i altered ser.cfg using the template i found in the ser-0.8.12_src tarball [ /modules/nathelper/nathelper.cfg ]. see my config below [1]. i understand that things have changed quite a bit in the CVS head, but i tried to compile and install the latest CVS version, but i ran into a host of config errors using the nathelper.cfg supplied, so i decided to backtrack, gather my wits, and stick with the released version.

the x-lite clients appear to register appropriately with the server [2 - public ip addresses have been changed to protect the innocent]. to my untrained eye, these messages look the same as what i see when i test things using freeworld dialup accounts and i can make a call to another client on the same lan segment - i.e. the internal IP addresses are being sent. the location database also shows that the internal IP addresses are being used [3], but i don't know if this is what i want or not. oh. i'm also using my.public.box - a FQDN - as in the x-lite fields where it asks for "Domain/Realm", "SIP Proxy" and "Out Bound Proxy".

so anyone care to grab me by the lapels and point out what i'm obviously doing wrong :-)

[1] # # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script #

# ----------- global configuration parameters ------------------------

#debug=3 # debug level (cmd line: -dddddddddd) #fork=yes #log_stderror=no # (cmd line: -E)

/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */

check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 #children=4 fifo="/tmp/ser_fifo"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database #loadmodule "/usr/lib/ser/modules/mysql.so"

loadmodule "/usr/lib/ser/modules/nathelper.so"

loadmodule "/usr/lib/ser/modules/sl.so" loadmodule "/usr/lib/ser/modules/tm.so" loadmodule "/usr/lib/ser/modules/rr.so" loadmodule "/usr/lib/ser/modules/maxfwd.so" loadmodule "/usr/lib/ser/modules/usrloc.so" loadmodule "/usr/lib/ser/modules/registrar.so"

# Uncomment this if you want digest authentication # mysql.so must be loaded ! #loadmodule "/usr/lib/ser/modules/auth.so" #loadmodule "/usr/lib/ser/modules/auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

modparam("usrloc", "db_mode", 0)

# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2)

# -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password")

# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)

alias="my.public.box"

# ------------------------- request routing logic -------------------

# main routing logic

route{

    # initial sanity checks -- messages with
    # max_forwards==0, or excessively long requests
    if (!mf_process_maxfwd_header("10")) {
            sl_send_reply("483","Too Many Hops");
            break;
    };
    if ( msg:len > max_len ) {
            sl_send_reply("513", "Message too big");
            break;
    };


    # compulsory processing of Route header fields and adding RR
    loose_route();

    /* registration (uses rewritten contacts) */
    if (method=="REGISTER") {
            save("location");
            break;
    };

    if (method=="INVITE") {
            record_route();
            if (isflagset(1)) { # ATA ?
                    fix_nated_sdp("3");
            };
            /* set up reply processing */
            t_on_reply("1");
    };

    if (method == "INVITE" || method == "CANCEL") {
            if (!lookup("location")) {
                    sl_send_reply("404", "Not Found");
                    break;
            };
    };

    /* set up reply processing and forward statefuly */
    t_relay();

}

# all incoming replies for t_onrepli-ed transactions enter here onreply_route[1] { if (status=~"2[0-9][0-9]") fix_nated_contact(); fix_nated_sdp("3"); }

[2]

Established SIP protocol listen on: 192.168.1.100:5060

Discovered Restricted Cone NAT Firewall

SIP: 192.168.1.100:5060 RTP: 192.168.1.100:8000 NAT: my.router.public.ip

PROXY#0: ser.public.ip:5060

OUTBOUND-PROXY#0: ser.public.ip:5060

SEND >> ser.public.ip:5060 REGISTER sip:my.public.box SIP/2.0 Via: SIP/2.0/UDP 192.168.1.100:5060;rport;branch=z9hG4bK9DF27D98551C11D882E3000393B930BA From: snowdeal sip:123@my.public.box To: snowdeal sip:123@my.public.box Contact: "snowdeal" sip:123@192.168.1.100:5060 Call-ID: 9DA51D06551C11D882E3000393B930BA@my.public.box CSeq: 56648 REGISTER Expires: 1800 Max-Forwards: 70 User-Agent: X-Lite build 1101 Content-Length: 0

RECEIVE << ser.public.ip:5060 SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.1.100:5060;rport=5060;branch=z9hG4bK9DF27D98551C11D882E3000393B930BA;received=my.router.public.ip

From: snowdeal sip:123@my.public.box To: snowdeal sip:123@my.public.box;tag=b27e1a1d33761e85846fc98f5f3a7e58.3894 Call-ID: 9DA51D06551C11D882E3000393B930BA@my.public.box CSeq: 56648 REGISTER Contact: sip:123@192.168.1.100:5060;q=0.00;expires=1800 Server: Sip EXpress router (0.8.12 (i386/linux)) Content-Length: 0 Warning: 392 ser.public.ip:5060 "Noisy feedback tells: pid=21653 req_src_ip=my.router.public.ip req_src_port=5060 in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1"

---

Established SIP protocol listen on: 192.168.1.101:5060

Discovered Restricted Cone NAT Firewall

SIP: 192.168.1.101:5060 RTP: 192.168.1.101:8000 NAT: my.router.public.ip

PROXY#0: 69.55.224.151:5060

OUTBOUND-PROXY#0: 69.55.224.151:5060

SEND >> ser.public.ip:5060 REGISTER sip:my.public.box SIP/2.0 Via: SIP/2.0/UDP 192.168.1.101:5060;rport;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC13A From: kristine sip:456@my.public.box To: kristine sip:456@my.public.box Contact: "kristine" sip:456@192.168.1.101:5060 Call-ID: AC7B8E18551C11D8B317000A957BC13A@my.public.box CSeq: 55034 REGISTER Expires: 1800 Max-Forwards: 70 User-Agent: X-Lite build 1101 Content-Length: 0

RECEIVE << ser.public.ip:5060 SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.1.101:5060;rport=15060;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC13A;received=my.router.public.ip

From: kristine sip:456@my.public.box To: kristine sip:456@my.public.box;tag=b27e1a1d33761e85846fc98f5f3a7e58.b0ef Call-ID: AC7B8E18551C11D8B317000A957BC13A@my.public.box CSeq: 55034 REGISTER Contact: sip:456@192.168.1.101:5060;q=0.00;expires=1800 Server: Sip EXpress router (0.8.12 (i386/linux)) Content-Length: 0 Warning: 392 ser.public.ip:5060 "Noisy feedback tells: pid=21658 req_src_ip=my.router.public.ip req_src_port=15060 in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1

[3]

===Domain list=== ---Domain--- name : 'location' size : 512 table: 0x402d60d8 d_ll { n : 2 first: 0x402d80e0 last : 0x402d81c8 }

...Record(0x402d80e0)... domain: 'location' aor : '123'

domain : 'location'
aor    : '123'
Contact: 'sip:123@192.168.1.100:5060'
Expires: 583
q      :       0.00
Call-ID: '9DA51D06551C11D882E3000393B930BA@my.public.box'
CSeq   : 56648
replic : 0
State  : CS_NEW
Flags  : 0
next   : (nil)
prev   : (nil)
~~~/Contact~~~~
.../Record...
...Record(0x402d81c8)...
domain: 'location'
aor   : '456'
~~~Contact(0x402d8208)~~~
domain : 'location'
aor    : '456'
Contact: 'sip:456@192.168.1.101:5060'
Expires: 614
q      :       0.00
Call-ID: 'AC7B8E18551C11D8B317000A957BC13A@my.public.box'
CSeq   : 55034
replic : 0
State  : CS_NEW
Flags  : 0
next   : (nil)
prev   : (nil)
~~~/Contact~~~~
.../Record...

---/Domain---
===/Domain list===

_______________________________________________
Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

o.k. going back to my config [ and keeping in mind that i only know enough to make myself dangerous], here's what i've changed:

if (method=="INVITE") { record_route(); setflag(1); if (isflagset(1)) { # ATA ? fix_nated_sdp("3"); }; /* set up reply processing */ t_on_reply("1"); };

onreply_route[1] { if (status=~"2[0-9][0-9]") fix_nated_contact(); fix_nated_sdp("3"); force_rtp_proxy(); }

i now get a busy signal instead of a timeout.

Andres wrote:

My mistake then. In any case you must complete 2 things. You must first set the flag...or else that part of the code does not get executed.

For example: if (search("User-Agent: Cisco ATA.*")) { setflag(1); # remember this is ATA force_rport(); fix_nated_contact(); };

and your on_reply must look something like this:

onreply_route[1] { if ((status=~"[12][0-9][0-9]")) fix_nated_contact(); force_rtp_proxy(); }

It should work after that.

Eric C. Snowdeal III wrote:

...

hmmm. i replaced the INVITE in my original config with the one you supplied and SER started fine:

---

Feb 1 18:12:52 localhost ser: Listening on Feb 1 18:12:52 localhost ser: 127.0.0.1 [127.0.0.1]:5060 Feb 1 18:12:52 localhost ser: my.public.ip [my.public.ip]:5060 Feb 1 18:12:52 localhost ser: Aliases: localhost.localdomain:5060 localhost:5060 my.public.box:* Feb 1 18:12:52 localhost ser: ser startup succeeded

---

clients register and get a "200 o.k." response. i just realized that i left out the send and receive message that i get when i try to call a client on the same lan segment - my.public.ip is the ip address of the my.public.box on which ser is running:

---

SEND >> my.public.ip:5060 INVITE sip:456@my.public.box SIP/2.0 Via: SIP/2.0/UDP 192.168.1.100:5060;rport;branch=z9hG4bK63D6D07A552611D8908A000393B930BA From: snowdeal sip:123@my.public.box;tag=748430901 To: sip:456@my.public.box Contact: sip:123@192.168.1.100:5060 Call-ID: 61C9E3CB-5526-11D8-908A-000393B930BA@192.168.1.100 CSeq: 59170 INVITE Max-Forwards: 70 Content-Type: application/sdp User-Agent: X-Lite build 1101 Content-Length: 296

v=0 o=123 584059347 584059347 IN IP4 192.168.1.100 s=X-Lite c=IN IP4 192.168.1.100 t=0 0 m=audio 8000 RTP/AVP 0 8 3 98 97 101 a=rtpmap:0 pcmu/8000 a=rtpmap:8 pcma/8000 a=rtpmap:3 gsm/8000 a=rtpmap:98 iLBC/8000 a=rtpmap:97 speex/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15

RECEIVE << my.public.ip:5060 SIP/2.0 100 trying -- your call is important to us Via: SIP/2.0/UDP 192.168.1.100:5060;rport=5060;branch=z9hG4bK63D6D07A552611D8908A000393B930BA;received=my.router.public.ip

From: snowdeal sip:123@my.public.box;tag=748430901 To: sip:456@my.public.box Call-ID: 61C9E3CB-5526-11D8-908A-000393B930BA@192.168.1.100 CSeq: 59170 INVITE Server: Sip EXpress router (0.8.12 (i386/linux)) Content-Length: 0 Warning: 392 my.public.ip:5060 "Noisy feedback tells: pid=16985 req_src_ip=my.router.public.ip req_src_port=5060 in_uri=sip:456@my.public.box out_uri=sip:456@192.168.1.101:5060 via_cnt==1"

---

the rtpmap messages are new, so i guess that's progress. that said, should i ditch the released version and wade through the config errors that i get when i compile the CVS head? is there anything glaringly obviously wrong with my current setup?

thanks,

• eric

Andres wrote:

...

Eric,

I don't think the release version has support for RTPProxy. Change your config to this and I bet it won't start.

   if (method=="INVITE") {
           record_route();
           if (isflagset(1)) { # ATA ?
                    force_rtp_proxy();
           };
           /* set up reply processing */
           t_on_reply("1");
   };

Eric C. Snowdeal III wrote:

...

i've been getting my sea legs with SER and am having trouble getting rtpproxy to nathelper to work correctly with my setup. since everything works fine if i test the scenario with a freeworld dialup account, i'm assuming that my problems are solely due to the vastness of my ignorance on how to configure SER correctly.

i have three x-lite clients [ one is running on windows 2000 not sure of the build number, but it's the latest download from the website; the other two clients are both build 1101 on mac 10.2.3. SER running on a rh9 box on a public IP with rtpproxy. i installed ser-0.8.12-0.i386.rpm which i downloaded from the ftp server. the x-lite clients are sitting behind a linksys befw11s4 nat router.

i can run SER without nathelper/rtpproxy and make and receive calls to clients outside the my network. however, things fall apart quickly when i try to run more than one client behind the nat [ lost audio, timeouts etc] which i presume is what nathelper is supposed to deal with. if try to run to use nathelper, i can't make a call from a one client to another client behind the lan. the calls won't go through - they simply timeout.

i downloaded and compiled rtpproxy which i obtained from the portaone website and simply started it from the command line. i can't figure out how to get any debugging messages from rtpproxy, but i can see that the process exists and /var/run/rtpproxy.sock is created.

i altered ser.cfg using the template i found in the ser-0.8.12_src tarball [ /modules/nathelper/nathelper.cfg ]. see my config below [1]. i understand that things have changed quite a bit in the CVS head, but i tried to compile and install the latest CVS version, but i ran into a host of config errors using the nathelper.cfg supplied, so i decided to backtrack, gather my wits, and stick with the released version.

the x-lite clients appear to register appropriately with the server [2 - public ip addresses have been changed to protect the innocent]. to my untrained eye, these messages look the same as what i see when i test things using freeworld dialup accounts and i can make a call to another client on the same lan segment - i.e. the internal IP addresses are being sent. the location database also shows that the internal IP addresses are being used [3], but i don't know if this is what i want or not. oh. i'm also using my.public.box - a FQDN - as in the x-lite fields where it asks for "Domain/Realm", "SIP Proxy" and "Out Bound Proxy".

so anyone care to grab me by the lapels and point out what i'm obviously doing wrong :-)

[1] # # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script #

# ----------- global configuration parameters ------------------------

#debug=3 # debug level (cmd line: -dddddddddd) #fork=yes #log_stderror=no # (cmd line: -E)

/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */

check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 #children=4 fifo="/tmp/ser_fifo"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database #loadmodule "/usr/lib/ser/modules/mysql.so"

loadmodule "/usr/lib/ser/modules/nathelper.so"

loadmodule "/usr/lib/ser/modules/sl.so" loadmodule "/usr/lib/ser/modules/tm.so" loadmodule "/usr/lib/ser/modules/rr.so" loadmodule "/usr/lib/ser/modules/maxfwd.so" loadmodule "/usr/lib/ser/modules/usrloc.so" loadmodule "/usr/lib/ser/modules/registrar.so"

# Uncomment this if you want digest authentication # mysql.so must be loaded ! #loadmodule "/usr/lib/ser/modules/auth.so" #loadmodule "/usr/lib/ser/modules/auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

modparam("usrloc", "db_mode", 0)

# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2)

# -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password")

# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)

alias="my.public.box"

# ------------------------- request routing logic -------------------

# main routing logic

route{

    # initial sanity checks -- messages with
    # max_forwards==0, or excessively long requests
    if (!mf_process_maxfwd_header("10")) {
            sl_send_reply("483","Too Many Hops");
            break;
    };
    if ( msg:len > max_len ) {
            sl_send_reply("513", "Message too big");
            break;
    };


    # compulsory processing of Route header fields and adding RR
    loose_route();

    /* registration (uses rewritten contacts) */
    if (method=="REGISTER") {
            save("location");
            break;
    };

    if (method=="INVITE") {
            record_route();
            if (isflagset(1)) { # ATA ?
                    fix_nated_sdp("3");
            };
            /* set up reply processing */
            t_on_reply("1");
    };

    if (method == "INVITE" || method == "CANCEL") {
            if (!lookup("location")) {
                    sl_send_reply("404", "Not Found");
                    break;
            };
    };

    /* set up reply processing and forward statefuly */
    t_relay();

}

# all incoming replies for t_onrepli-ed transactions enter here onreply_route[1] { if (status=~"2[0-9][0-9]") fix_nated_contact(); fix_nated_sdp("3"); }

[2]

Established SIP protocol listen on: 192.168.1.100:5060

Discovered Restricted Cone NAT Firewall

SIP: 192.168.1.100:5060 RTP: 192.168.1.100:8000 NAT: my.router.public.ip

PROXY#0: ser.public.ip:5060

OUTBOUND-PROXY#0: ser.public.ip:5060

SEND >> ser.public.ip:5060 REGISTER sip:my.public.box SIP/2.0 Via: SIP/2.0/UDP 192.168.1.100:5060;rport;branch=z9hG4bK9DF27D98551C11D882E3000393B930BA From: snowdeal sip:123@my.public.box To: snowdeal sip:123@my.public.box Contact: "snowdeal" sip:123@192.168.1.100:5060 Call-ID: 9DA51D06551C11D882E3000393B930BA@my.public.box CSeq: 56648 REGISTER Expires: 1800 Max-Forwards: 70 User-Agent: X-Lite build 1101 Content-Length: 0

RECEIVE << ser.public.ip:5060 SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.1.100:5060;rport=5060;branch=z9hG4bK9DF27D98551C11D882E3000393B930BA;received=my.router.public.ip

From: snowdeal sip:123@my.public.box To: snowdeal sip:123@my.public.box;tag=b27e1a1d33761e85846fc98f5f3a7e58.3894 Call-ID: 9DA51D06551C11D882E3000393B930BA@my.public.box CSeq: 56648 REGISTER Contact: sip:123@192.168.1.100:5060;q=0.00;expires=1800 Server: Sip EXpress router (0.8.12 (i386/linux)) Content-Length: 0 Warning: 392 ser.public.ip:5060 "Noisy feedback tells: pid=21653 req_src_ip=my.router.public.ip req_src_port=5060 in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1"

---

Established SIP protocol listen on: 192.168.1.101:5060

Discovered Restricted Cone NAT Firewall

SIP: 192.168.1.101:5060 RTP: 192.168.1.101:8000 NAT: my.router.public.ip

PROXY#0: 69.55.224.151:5060

OUTBOUND-PROXY#0: 69.55.224.151:5060

SEND >> ser.public.ip:5060 REGISTER sip:my.public.box SIP/2.0 Via: SIP/2.0/UDP 192.168.1.101:5060;rport;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC13A From: kristine sip:456@my.public.box To: kristine sip:456@my.public.box Contact: "kristine" sip:456@192.168.1.101:5060 Call-ID: AC7B8E18551C11D8B317000A957BC13A@my.public.box CSeq: 55034 REGISTER Expires: 1800 Max-Forwards: 70 User-Agent: X-Lite build 1101 Content-Length: 0

RECEIVE << ser.public.ip:5060 SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.1.101:5060;rport=15060;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC13A;received=my.router.public.ip

From: kristine sip:456@my.public.box To: kristine sip:456@my.public.box;tag=b27e1a1d33761e85846fc98f5f3a7e58.b0ef Call-ID: AC7B8E18551C11D8B317000A957BC13A@my.public.box CSeq: 55034 REGISTER Contact: sip:456@192.168.1.101:5060;q=0.00;expires=1800 Server: Sip EXpress router (0.8.12 (i386/linux)) Content-Length: 0 Warning: 392 ser.public.ip:5060 "Noisy feedback tells: pid=21658 req_src_ip=my.router.public.ip req_src_port=15060 in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1

[3]

===Domain list=== ---Domain--- name : 'location' size : 512 table: 0x402d60d8 d_ll { n : 2 first: 0x402d80e0 last : 0x402d81c8 }

...Record(0x402d80e0)... domain: 'location' aor : '123'

domain : 'location'
aor    : '123'
Contact: 'sip:123@192.168.1.100:5060'
Expires: 583
q      :       0.00
Call-ID: '9DA51D06551C11D882E3000393B930BA@my.public.box'
CSeq   : 56648
replic : 0
State  : CS_NEW
Flags  : 0
next   : (nil)
prev   : (nil)
~~~/Contact~~~~
.../Record...
...Record(0x402d81c8)...
domain: 'location'
aor   : '456'
~~~Contact(0x402d8208)~~~
domain : 'location'
aor    : '456'
Contact: 'sip:456@192.168.1.101:5060'
Expires: 614
q      :       0.00
Call-ID: 'AC7B8E18551C11D8B317000A957BC13A@my.public.box'
CSeq   : 55034
replic : 0
State  : CS_NEW
Flags  : 0
next   : (nil)
prev   : (nil)
~~~/Contact~~~~
.../Record...

---/Domain---
===/Domain list===

_______________________________________________
Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

i thought i had started out with the RTP config in the nathelper directory of the release tarball, but maybe i had made one too many modifications to make it recognizeable :-)

in any case, i put what you posted in my config file and re-discovered that the "Cisco ATA" function breaks the server in the release. so i removed that, but kept everything else the same [ see below ]. the however, i'm still getting the same behavior - a busy signal and 408 request timeouts.

again, thanks for the help.

# ------------------------- request routing logic -------------------

# main routing logic

route{

# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; };

# compulsory processing of Route header fields and adding RR loose_route();

/* registration (uses rewritten contacts) */ if (method=="REGISTER") { save("location"); break; };

if (method=="INVITE") { record_route(); if (isflagset(1)) { # ATA ? force_rtp_proxy(); }; /* set up reply processing */ t_on_reply("1"); };

if (method == "INVITE" || method == "CANCEL") { if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; };

/* set up reply processing and forward statefuly */ t_relay(); }

# all incoming replies for t_onrepli-ed transactions enter here onreply_route[1] { if (status=~"2[0-9][0-9]") fix_nated_contact(); force_rtp_proxy(); }

Andres wrote:

Eric,

I think you should just try out the example RTP config in the nathelper directory. It is this one:

# main routing logic

route{

   # compulsory processing of Route header fields and adding RR
   loose_route();

   # ATA's are symmetric but don't advertise it -- force use of rport
   if (search("User-Agent: Cisco ATA.*")) {
           setflag(1); # remember this is ATA
           force_rport();
           fix_nated_contact();
   };

   /* registration (uses rewritten contacts) */
   if (method=="REGISTER") {
           save("location");
           break;
   };

   if (method=="INVITE") {
           record_route();
           if (isflagset(1)) { # ATA ?
                   force_rtp_proxy();
           };
           /* set up reply processing */
           t_on_reply("1");
   };

   if (method == "INVITE" || method == "CANCEL") {
           if (!lookup("location")) {
                   sl_send_reply("404", "Not Found");
                   break;
           };
   };

   /* set up reply processing and forward statefuly */
   t_relay();

}

# all incoming replies for t_onrepli-ed transactions enter here onreply_route[1] { if (status=~"2[0-9][0-9]" && search("Server: Cisco ATA.*")) fix_nated_contact(); force_rtp_proxy(); }

Andres wrote:

Eric C. Snowdeal III wrote:

...

   if (method=="INVITE") {
           record_route();

There is no way this config can pass thru here since the flag is never set. If you are not interested in discriminating then remove the isflagset check and just do force_rtp_proxy for every INVITE:

...

          if (isflagset(1)) { # ATA ?
                   force_rtp_proxy();
           };
           /* set up reply processing */
           t_on_reply("1");
   };

o.k. that was stupid. let me try again. i've changed the config as follows:

if (method=="INVITE") { record_route(); setflag(1); force_rtp_proxy(); /* set up reply processing */ t_on_reply("1"); };

and it works! i'll work in discriminating UAs down the road. i sincerely appreciate you humoring my newbieness, i obviously have more to learn about the ways of the config file.

Even if there is just one UA behind a symmetric NAT and the other guy is on the public Internet, you need to use RTP proxy. A way around would be smart UAs that are able to detect this condition and use symmetric media (comedia SDP extentsion) but I would be surprised if this technique would be deployable with today's SIP phone.

-jiri

At 08:17 AM 2/2/2004, Dinesh wrote:

I would like to know if force_rtp_proxy() is necessary when (UA behind NAT) is calling a (UA not behind NAT).

I have no problem calling (ATA186 - Real IP) to (Grandstream behind NAT) However (Grandstream behind NAT) to (ATA186 - Real IP) ATA can hear but GrandStream cannot hear. NAT router is Vigor 2600 - known to be symetric.

Also I am using Flag 6 to indicate behind NAT however when I look in the mysql db flags field shows a 1 and not a 6 is this as it should be?

My ser.cfg is below.

Thanks, Dinesh

fork=yes log_stderror=no # (cmd line: -E) check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/textops.so"

# Uncomment this if you want digest authentication # mysql.so must be loaded ! #loadmodule "/usr/local/lib/ser/modules/auth.so" #loadmodule "/usr/local/lib/ser/modules/auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

#modparam("usrloc", "db_mode", 0)

# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line # No Cache #modparam("usrloc", "db_mode", 1) # With Cache modparam("usrloc", "db_mode", 2)

# -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password")

# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)

# Nathelper modparam("registrar", "nat_flag", 6) modparam("nathelper", "natping_interval", 30) # Ping interval 30 s modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT

# ------------------------- request routing logic -------------------

# main routing logic

route{

   # initial sanity checks -- messages with
   # max_forwards==0, or excessively long requests
   if (!mf_process_maxfwd_header("10")) {
           sl_send_reply("483","Too Many Hops");
           break;
   };
   if (msg:len >=  max_len ) {
           sl_send_reply("513", "Message too big");
           break;
   };

# !! Nathelper
   # Special handling for NATed clients; first, NAT test is
   # executed: it looks for via!=received and RFC1918 addresses
   # in Contact (may fail if line-folding is used); also,
   # the received test should, if completed, should check all
   # vias for rpesence of received
   if (nat_uac_test("2")) {
           # Allow RR-ed requests, as these may indicate that
           # a NAT-enabled proxy takes care of it; unless it is
           # a REGISTER

           if (method == "REGISTER" || ! search("^Record-Route:"))

{ log("LOG: Someone trying to register from private IP, rewriting\n"); fix_nated_contact(); # Rewrite contact with source IP of signalling if (method == "INVITE") { fix_nated_sdp("1"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed }; };

   # we record-route all messages -- to make sure that
   # subsequent messages will go through our proxy; that's
   # particularly good if upstream and downstream entities
   # use different transport protocol
   if (!method=="REGISTER") record_route();        

   # subsequent messages withing a dialog should take the
   # path determined by record-routing
   if (loose_route()) {
           # mark routing logic in request
           append_hf("P-hint: rr-enforced\r\n"); 
           route(1);
           break;
   };

   if (!uri==myself) {
           # mark routing logic in request
           append_hf("P-hint: outbound\r\n"); 
           route(1);
           break;
   };


   if (uri==myself) {
           if (method=="INVITE") {
                   record_route();
                   if (isflagset(6)) {
                           force_rtp_proxy();
                   };
   };


           if (method=="REGISTER") {
                   save("location");
                   break;
           };

           lookup("aliases");
           if (!uri==myself) {
                   append_hf("P-hint: outbound alias\r\n"); 
                   route(1);
                   break;
           };


           # native SIP destinations are handled using our USRLOC

DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; }; append_hf("P-hint: usrloc applied\r\n"); route(1); }

route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; }

onreply_route[1] { # NATed transaction ? if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); force_rtp_proxy(); # otherwise, is it a transaction behind a NAT and we did not # know at time of request processing ? (RFC1918 contacts) } else if (nat_uac_test("1")) { fix_nated_contact(); }; }

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

-- Jiri Kuthan http://iptel.org/~jiri/

yes.

Dinesh wrote:

I am using Flag 6 to indicate behind NAT however when I look in the mysql - ser -location - flags field shows a 1 in that column and not a 6 is this as it should be?

My ser.cfg is below.

Thanks, Dinesh

fork=yes log_stderror=no # (cmd line: -E) check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/textops.so"

# Uncomment this if you want digest authentication # mysql.so must be loaded ! #loadmodule "/usr/local/lib/ser/modules/auth.so" #loadmodule "/usr/local/lib/ser/modules/auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

#modparam("usrloc", "db_mode", 0)

# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line # No Cache #modparam("usrloc", "db_mode", 1) # With Cache modparam("usrloc", "db_mode", 2)

# -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password")

# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)

# Nathelper modparam("registrar", "nat_flag", 6) modparam("nathelper", "natping_interval", 30) # Ping interval 30 s modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT

# ------------------------- request routing logic -------------------

# main routing logic

route{

# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (msg:len >= max_len ) { sl_send_reply("513", "Message too big"); break; };

 # !! Nathelper

# Special handling for NATed clients; first, NAT test is # executed: it looks for via!=received and RFC1918 addresses # in Contact (may fail if line-folding is used); also, # the received test should, if completed, should check all # vias for rpesence of received if (nat_uac_test("2")) { # Allow RR-ed requests, as these may indicate that # a NAT-enabled proxy takes care of it; unless it is # a REGISTER

if (method == "REGISTER" || ! search("^Record-Route:"))

{ log("LOG: Someone trying to register from private IP, rewriting\n"); fix_nated_contact(); # Rewrite contact with source IP of signalling if (method == "INVITE") { fix_nated_sdp("1"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed }; };

# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route();

# subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); break; };

if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); break; };

if (uri==myself) { if (method=="INVITE") { record_route(); if (isflagset(6)) { force_rtp_proxy(); }; };

if (method=="REGISTER") {
	save("location");
	break;
};

lookup("aliases");
if (!uri==myself) {
	append_hf("P-hint: outbound alias\r\n"); 
	route(1);
	break;
};


# native SIP destinations are handled using our USRLOC

DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; }; append_hf("P-hint: usrloc applied\r\n"); route(1); }

route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; }

onreply_route[1] { # NATed transaction ? if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); force_rtp_proxy(); # otherwise, is it a transaction behind a NAT and we did not # know at time of request processing ? (RFC1918 contacts) } else if (nat_uac_test("1")) { fix_nated_contact(); }; }

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

syslog logs to /var/log/messages

watch the output with: tail -f /var/log/messages

klaus

Dinesh wrote:

My familarity with linux is rather short and for the most part limited to my experence with SER. So Forgive me if this sounds like a sill question

When the log statement is excuted in SER.CFG Where does it write this information to? A file or a system log ???

log("LOG: Someone trying to register from private IP, rewriting\n");

Thanks, Dinesh

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

if you are using mysql, install phpMyAdmin - a webased database client - very nice!

klaus

Dinesh wrote:

Is there any way using serctl or querying the ser database on mysql to determine what flags were or were not for a Registered UA

I am using nat_uac_test("2") to only select UAs that have not already been set up for DMZ or Port forwarding.

I want to verify that only the UAs without Port Forwarding or DMZ are having Flag(6) set.

if (nat_uac_test("2")) { if (method == "REGISTER" || ! search("^Record-Route:")) { fix_nated_contact(); # Rewrite contact with source IP of signalling if (method == "INVITE") { fix_nated_sdp("1"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed }; };

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

For a REGISTER will the below be true if the UA that is registering has a 5 in the 4th digit

ie 1115999 true 1114999 false

if (uri=~"[0-9][0-9][0-9]5")

I saw some where in the docs that "User name is optional (it is for example never included in REGISTER requests)"

Thanks, Dinesh

On Wednesday 04 February 2004 13:53, Dinesh wrote:

For a REGISTER will the below be true if the UA that is registering has a 5 in the 4th digit

ie 1115999 true 1114999 false

if (uri=~"[0-9][0-9][0-9]5")

I saw some where in the docs that "User name is optional (it is for example never included in REGISTER requests)"

No it will not because REGISTER do not contain the username in the uri. In a REGISTER is only the server address.

Nils

No, there is not such. You can test if the party id is on a list (group module) but that's pretty much it. Something we will certainly address someday (note certain indeterminsm in this word).

-jiri

At 06:52 AM 2/5/2004, Dinesh wrote:

Is there any varible that I can test during a Register that contains the registering partys id.

Thanks, dinesh

-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Nils Ohlmeier Sent: Thursday, February 05, 2004 12:34 AM To: serusers@lists.iptel.org Cc: Dinesh Subject: Re: [Serusers] log

On Wednesday 04 February 2004 13:53, Dinesh wrote:

...

For a REGISTER will the below be true if the UA that is registering

has

...

a 5 in the 4th digit

ie 1115999 true 1114999 false

if (uri=~"[0-9][0-9][0-9]5")

I saw some where in the docs that "User name is optional (it is for example never included in REGISTER requests)"

No it will not because REGISTER do not contain the username in the uri. In a REGISTER is only the server address.

Nils

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

-- Jiri Kuthan http://iptel.org/~jiri/

Dinesh wrote:

For a REGISTER will the below be true if the UA that is registering has a 5 in the 4th digit

ie 1115999 true 1114999 false

if (uri=~"[0-9][0-9][0-9]5")

I saw some where in the docs that "User name is optional (it is for example never included in REGISTER requests)"

Thanks, Dinesh

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

So I take you are simply trying to centrally manage whether a user is to be foced through the RTPProxy or not. Seems your are trying to do this with a numbering scheme which is quite cumbersom. We are testing a more flexible approach based on acl groups. We simply defined a new acl group called "rtp_proxy". On a request like REGISTER or INVITE, Ser will check if either the "From" or "To" usernames belong to the group and apply the RTPProxy. Something like:

# Check if caller is on the rtp_proxy group if (is_user_in("From", "rtp_proxy")) { setflag(2); force_rport(); fix_nated_contact(); exec_msg("echo `date` - Caller is in rtp_proxy group - From: $SIP_HF_FROM To: $SIP_HF_TO Contact: $SIP_HF_CONTACT >> /var/log/ser/rtp_proxy.log"); };

# Check if called user is on the rtp_proxy group if ((is_user_in("To", "rtp_proxy")) & !(isflagset(2)) { setflag(2); force_rport(); fix_nated_contact(); exec_msg("echo `date` - Called User is in rtp_proxy group - From: $SIP_HF_FROM To: $SIP_HF_TO Contact: $SIP_HF_CONTACT >> /var/log/ser/rtp_proxy.log"); }; . . . if (method=="INVITE") { if (isflagset(2)) { # rtp_proxy group ? force_rtp_proxy();

}; # /* set up reply processing */ t_on_reply("1"); };

Actually we are also testing "nat_uac_test". We anticipate that it will take care of most of our needs. And on our production network we have 2 SER Servers exclusively for RTPProxy running non-stop for about 7 months now. Whenever we can't make STUN or port forwarding work on a client we simply poing them to one of those 2 servers. But we plan to migrate out of that structure. It is too cumbersome. We are planning on simply integrating the "nat_uac_test" into all our servers so there won't be need for separate types.

Klaus Darilion wrote:

So you have to configure each user if he is allowed to use rtpproxy or not? And what is if the user is mobile - some times behind NAT, some times not?

regards, Klaus

Andres wrote:

...

Dinesh wrote:

...

For a REGISTER will the below be true if the UA that is registering has a 5 in the 4th digit

ie 1115999 true 1114999 false

if (uri=~"[0-9][0-9][0-9]5") I saw some where in the docs that "User name is optional (it is for example never included in REGISTER requests)"

Thanks, Dinesh

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

So I take you are simply trying to centrally manage whether a user is to be foced through the RTPProxy or not. Seems your are trying to do this with a numbering scheme which is quite cumbersom. We are testing a more flexible approach based on acl groups. We simply defined a new acl group called "rtp_proxy". On a request like REGISTER or INVITE, Ser will check if either the "From" or "To" usernames belong to the group and apply the RTPProxy. Something like:

   # Check if caller is on the rtp_proxy group
   if (is_user_in("From", "rtp_proxy")) {
           setflag(2);                force_rport();
           fix_nated_contact();
           exec_msg("echo `date` - Caller is in rtp_proxy group - 

From: $SIP_HF_FROM To: $SIP_HF_TO Contact: $SIP_HF_CONTACT >> /var/log/ser/rtp_proxy.log"); };

   # Check if called user is on the rtp_proxy group
   if ((is_user_in("To", "rtp_proxy")) & !(isflagset(2)) {
           setflag(2);                force_rport();
           fix_nated_contact();
           exec_msg("echo `date` - Called User is in rtp_proxy 

group - From: $SIP_HF_FROM To: $SIP_HF_TO Contact: $SIP_HF_CONTACT

...

...

/var/log/ser/rtp_proxy.log");

   };

. . . if (method=="INVITE") { if (isflagset(2)) { # rtp_proxy group ? force_rtp_proxy();

          };
    #       /* set up reply processing */
           t_on_reply("1");
   };

Klaus Darilion wrote:

Just for curiosity - how do your customers call another customer if they are registerd at serveral proxies - do you use the replicate() feature, a special dial plan, a non caching ser or any other method?

regards, Klaus

Yes, we use replication between the RTPProxy servers. As well as replication between the standard servers. And we separate the users by numbering plan. This is something we want to move out of in the near future, thanks to "nat_uac_test". We just want to have 2 -3 servers geographically separated that can handle peer-to-peer calls as well as RTPProxy calls. Tests so far indicate this will work well for us.

Andres wrote:

...

Actually we are also testing "nat_uac_test". We anticipate that it will take care of most of our needs. And on our production network we have 2 SER Servers exclusively for RTPProxy running non-stop for about 7 months now. Whenever we can't make STUN or port forwarding work on a client we simply poing them to one of those 2 servers. But we plan to migrate out of that structure. It is too cumbersome. We are planning on simply integrating the "nat_uac_test" into all our servers so there won't be need for separate types.

Klaus Darilion wrote:

...

So you have to configure each user if he is allowed to use rtpproxy or not? And what is if the user is mobile - some times behind NAT, some times not?

regards, Klaus

Andres wrote:

...

Dinesh wrote:

...

For a REGISTER will the below be true if the UA that is registering has a 5 in the 4th digit

ie 1115999 true 1114999 false

if (uri=~"[0-9][0-9][0-9]5") I saw some where in the docs that "User name is optional (it is for example never included in REGISTER requests)"

Thanks, Dinesh

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

So I take you are simply trying to centrally manage whether a user is to be foced through the RTPProxy or not. Seems your are trying to do this with a numbering scheme which is quite cumbersom. We are testing a more flexible approach based on acl groups. We simply defined a new acl group called "rtp_proxy". On a request like REGISTER or INVITE, Ser will check if either the "From" or "To" usernames belong to the group and apply the RTPProxy. Something like:

   # Check if caller is on the rtp_proxy group
   if (is_user_in("From", "rtp_proxy")) {
           setflag(2);                force_rport();
           fix_nated_contact();
           exec_msg("echo `date` - Caller is in rtp_proxy group 

• From: $SIP_HF_FROM To: $SIP_HF_TO Contact: $SIP_HF_CONTACT >>

/var/log/ser/rtp_proxy.log"); };

   # Check if called user is on the rtp_proxy group
   if ((is_user_in("To", "rtp_proxy")) & !(isflagset(2)) {
           setflag(2);                force_rport();
           fix_nated_contact();
           exec_msg("echo `date` - Called User is in rtp_proxy 

group - From: $SIP_HF_FROM To: $SIP_HF_TO Contact: $SIP_HF_CONTACT

...

...

/var/log/ser/rtp_proxy.log");

   };

. . . if (method=="INVITE") { if (isflagset(2)) { # rtp_proxy group ? force_rtp_proxy();

          };
    #       /* set up reply processing */
           t_on_reply("1");
   };

Our RTPproxy bandwidth is very limited. We will only allow about 5 of our mobile users to utilize the proxy. Essentially we use our SER for our own internal communication world wide. If we do not restrict it's use I know we will have some IT managers that will not bother to setup port forwarding etc as the Phones will work with out it.

The solution Andres listed below seems VERY suitable for our needs. I plan to look at that approach instead. However I could use some help with that. Using serctl I see show, grant & revoke How do you create a new group ?

-----Original Message----- From: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Sent: Thursday, February 05, 2004 6:11 AM To: andres@telesip.net Cc: Dinesh; serusers@lists.iptel.org Subject: Re: [Serusers] log

So you have to configure each user if he is allowed to use rtpproxy or not? And what is if the user is mobile - some times behind NAT, some times not?

regards, Klaus

Andres wrote:

Dinesh wrote:

...

For a REGISTER will the below be true if the UA that is registering

has

...

a 5 in the 4th digit

ie 1115999 true 1114999 false

if (uri=~"[0-9][0-9][0-9]5") I saw some where in the docs that "User name is optional (it is for example never included in REGISTER requests)"

Thanks, Dinesh

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

So I take you are simply trying to centrally manage whether a user is

to

be foced through the RTPProxy or not. Seems your are trying to do

this

with a numbering scheme which is quite cumbersom. We are testing a

more

flexible approach based on acl groups. We simply defined a new acl group called "rtp_proxy". On a request like REGISTER or INVITE, Ser will check if either the "From" or "To" usernames belong to the group and apply the RTPProxy. Something like:

   # Check if caller is on the rtp_proxy group
   if (is_user_in("From", "rtp_proxy")) {
           setflag(2);                force_rport();
           fix_nated_contact();
           exec_msg("echo `date` - Caller is in rtp_proxy group - 

From: $SIP_HF_FROM To: $SIP_HF_TO Contact: $SIP_HF_CONTACT >> /var/log/ser/rtp_proxy.log"); };

   # Check if called user is on the rtp_proxy group
   if ((is_user_in("To", "rtp_proxy")) & !(isflagset(2)) {
           setflag(2);                force_rport();
           fix_nated_contact();
           exec_msg("echo `date` - Called User is in rtp_proxy

group

• From: $SIP_HF_FROM To: $SIP_HF_TO Contact: $SIP_HF_CONTACT >>

/var/log/ser/rtp_proxy.log"); }; . . . if (method=="INVITE") { if (isflagset(2)) { # rtp_proxy group ? force_rtp_proxy();

          };
    #       /* set up reply processing */
           t_on_reply("1");
   };

I am using nat_uac_test("2") to only select UAs behind NAT that may need NAThelper assistance. However I find that natt_uac_test("2") is also giving a positive on some ATA's that we have setup with port forwarding or DMZ. These ATA have also been set to determine the external IP of the routers they are on using VIA - They function without the nathelper module.

These UA do not need any help from NAT helper but because they are flaged they are pinged to keeps ports alive and they are forced through the RTPProxy.

Any Ideas. We know in advance which UA are setup with Port Forwarding/DMZ. Can a flag be set in the subscriber table which is also tested at the time of Registration if so, how?

if (nat_uac_test("2")) { if (method == "REGISTER" || ! search("^Record-Route:")) { fix_nated_contact(); # Rewrite contact with source IP of signalling if (method == "INVITE") { fix_nated_sdp("1"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed }; };

Thanks, Dinesh

It appears your setup is very similar to what we are trying to achive. 1. Group with permission to use the proxy 2. Group that does not need proxy or Nat Help. Is it possible for you to post or email me your cfg to study.

One more question using the groups as you suggest: would it avoid the unnecessery pining of the UA with fort forwarding set up.

Thanks, Dinesh

-----Original Message----- From: Andres [mailto:andres@telesip.net] Sent: Tuesday, March 02, 2004 12:00 PM To: Dinesh Cc: serusers@lists.iptel.org Subject: Re: [Serusers] nat_uac_test

We ran into this same issue.

Test #2 : #define NAT_UAC_TEST_RCVD 0x02

This should test for:

/* * test if source address of signaling is different from * address advertised in Via */

So if the ATA is port forwarded then it will give a positive result since the IP in the Via Header is different from the source IP. Maybe you could do just Test#1 which is for the Contact Header. Or you can do as we do which is to define a special "group" called "port_forwarded", put those port forwarded UACs in it, and just do a test logic for it like this:

if (!(is_user_in("From", "port_forwarded")) { ...do not do RTP Proxy }

----- Original Message ----- From: "Dinesh" feedbak@imelhk.com To: serusers@lists.iptel.org Sent: Monday, March 01, 2004 5:24 PM Subject: [Serusers] nat_uac_test

I am using nat_uac_test("2") to only select UAs behind NAT that may

need

NAThelper assistance. However I find that natt_uac_test("2") is also giving a positive on

some

ATA's that we have setup with port forwarding or DMZ. These ATA have also been set to determine the external IP of the routers they are on using VIA - They function without the nathelper module.

These UA do not need any help from NAT helper but because they are flaged they are pinged to keeps ports alive and they are forced

through

the RTPProxy.

Any Ideas. We know in advance which UA are setup with Port Forwarding/DMZ. Can a flag be set in the subscriber table which is

also

tested at the time of Registration if so, how?

if (nat_uac_test("2")) { if (method == "REGISTER" || ! search("^Record-Route:")) { fix_nated_contact(); # Rewrite contact with source IP of signalling if (method == "INVITE") { fix_nated_sdp("1"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed }; };

Thanks, Dinesh

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

while i can certainly appreciate the view that it might seem dopey to route RTP traffic to the external proxy with UAs that are behind the same nat, i have a set of use cases that require that i do so.

on a separate note, i'm also trying to determine that i have the rtp proxy configured correctly, using a setup where both clients are behind the same lan. but perhaps i'm best served testing the proxy with clients behind different lans and dealing with use cases differently?

thanks -

- eric

Nils Ohlmeier wrote:

If the UAs are sitting behind the same NAT then the nathelper module may help you (but that is not the intention of the module). But you should give up the idea to use the external RTP proxy IMHO. It simply does not make much sence to route the traffic of the two UAs through the internet when the can talk to each other directly in the same LAN (i mean only the RTP part not the signaling part).

Regards Nils

On Monday 02 February 2004 02:44, Eric C. Snowdeal III wrote:

...

i've been getting my sea legs with SER and am having trouble getting rtpproxy to nathelper to work correctly with my setup. since everything works fine if i test the scenario with a freeworld dialup account, i'm assuming that my problems are solely due to the vastness of my ignorance on how to configure SER correctly.

i have three x-lite clients [ one is running on windows 2000 not sure of the build number, but it's the latest download from the website; the other two clients are both build 1101 on mac 10.2.3. SER running on a rh9 box on a public IP with rtpproxy. i installed ser-0.8.12-0.i386.rpm which i downloaded from the ftp server. the x-lite clients are sitting behind a linksys befw11s4 nat router.

i can run SER without nathelper/rtpproxy and make and receive calls to clients outside the my network. however, things fall apart quickly when i try to run more than one client behind the nat [ lost audio, timeouts etc] which i presume is what nathelper is supposed to deal with. if try to run to use nathelper, i can't make a call from a one client to another client behind the lan. the calls won't go through - they simply timeout.

i downloaded and compiled rtpproxy which i obtained from the portaone website and simply started it from the command line. i can't figure out how to get any debugging messages from rtpproxy, but i can see that the process exists and /var/run/rtpproxy.sock is created.

i altered ser.cfg using the template i found in the ser-0.8.12_src tarball [ /modules/nathelper/nathelper.cfg ]. see my config below [1]. i understand that things have changed quite a bit in the CVS head, but i tried to compile and install the latest CVS version, but i ran into a host of config errors using the nathelper.cfg supplied, so i decided to backtrack, gather my wits, and stick with the released version.

the x-lite clients appear to register appropriately with the server [2 - public ip addresses have been changed to protect the innocent]. to my untrained eye, these messages look the same as what i see when i test things using freeworld dialup accounts and i can make a call to another client on the same lan segment - i.e. the internal IP addresses are being sent. the location database also shows that the internal IP addresses are being used [3], but i don't know if this is what i want or not. oh. i'm also using my.public.box - a FQDN - as in the x-lite fields where it asks for "Domain/Realm", "SIP Proxy" and "Out Bound Proxy".

so anyone care to grab me by the lapels and point out what i'm obviously doing wrong :-)

[1] # # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script #

# ----------- global configuration parameters ------------------------

#debug=3 # debug level (cmd line: -dddddddddd) #fork=yes #log_stderror=no # (cmd line: -E)

/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */

check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 #children=4 fifo="/tmp/ser_fifo"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database #loadmodule "/usr/lib/ser/modules/mysql.so"

loadmodule "/usr/lib/ser/modules/nathelper.so"

loadmodule "/usr/lib/ser/modules/sl.so" loadmodule "/usr/lib/ser/modules/tm.so" loadmodule "/usr/lib/ser/modules/rr.so" loadmodule "/usr/lib/ser/modules/maxfwd.so" loadmodule "/usr/lib/ser/modules/usrloc.so" loadmodule "/usr/lib/ser/modules/registrar.so"

# Uncomment this if you want digest authentication # mysql.so must be loaded ! #loadmodule "/usr/lib/ser/modules/auth.so" #loadmodule "/usr/lib/ser/modules/auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

modparam("usrloc", "db_mode", 0)

# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2)

# -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password")

# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)

alias="my.public.box"

# ------------------------- request routing logic -------------------

# main routing logic

route{

    # initial sanity checks -- messages with
    # max_forwards==0, or excessively long requests
    if (!mf_process_maxfwd_header("10")) {
            sl_send_reply("483","Too Many Hops");
            break;
    };
    if ( msg:len > max_len ) {
            sl_send_reply("513", "Message too big");
            break;
    };


    # compulsory processing of Route header fields and adding RR
    loose_route();

    /* registration (uses rewritten contacts) */
    if (method=="REGISTER") {
            save("location");
            break;
    };

    if (method=="INVITE") {
            record_route();
            if (isflagset(1)) { # ATA ?
                    fix_nated_sdp("3");
            };
            /* set up reply processing */
            t_on_reply("1");
    };

    if (method == "INVITE" || method == "CANCEL") {
            if (!lookup("location")) {
                    sl_send_reply("404", "Not Found");
                    break;
            };
    };

    /* set up reply processing and forward statefuly */
    t_relay();

}

# all incoming replies for t_onrepli-ed transactions enter here onreply_route[1] { if (status=~"2[0-9][0-9]") fix_nated_contact(); fix_nated_sdp("3"); }

[2]

Established SIP protocol listen on: 192.168.1.100:5060

Discovered Restricted Cone NAT Firewall

SIP: 192.168.1.100:5060 RTP: 192.168.1.100:8000 NAT: my.router.public.ip

PROXY#0: ser.public.ip:5060

OUTBOUND-PROXY#0: ser.public.ip:5060

SEND >> ser.public.ip:5060 REGISTER sip:my.public.box SIP/2.0 Via: SIP/2.0/UDP 192.168.1.100:5060;rport;branch=z9hG4bK9DF27D98551C11D882E3000393B930BA From: snowdeal sip:123@my.public.box To: snowdeal sip:123@my.public.box Contact: "snowdeal" sip:123@192.168.1.100:5060 Call-ID: 9DA51D06551C11D882E3000393B930BA@my.public.box CSeq: 56648 REGISTER Expires: 1800 Max-Forwards: 70 User-Agent: X-Lite build 1101 Content-Length: 0

RECEIVE << ser.public.ip:5060 SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.1.100:5060;rport=5060;branch=z9hG4bK9DF27D98551C11D882E3000393B930B A;received=my.router.public.ip From: snowdeal sip:123@my.public.box To: snowdeal sip:123@my.public.box;tag=b27e1a1d33761e85846fc98f5f3a7e58.3894 Call-ID: 9DA51D06551C11D882E3000393B930BA@my.public.box CSeq: 56648 REGISTER Contact: sip:123@192.168.1.100:5060;q=0.00;expires=1800 Server: Sip EXpress router (0.8.12 (i386/linux)) Content-Length: 0 Warning: 392 ser.public.ip:5060 "Noisy feedback tells: pid=21653 req_src_ip=my.router.public.ip req_src_port=5060 in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1"

---

Established SIP protocol listen on: 192.168.1.101:5060

Discovered Restricted Cone NAT Firewall

SIP: 192.168.1.101:5060 RTP: 192.168.1.101:8000 NAT: my.router.public.ip

PROXY#0: 69.55.224.151:5060

OUTBOUND-PROXY#0: 69.55.224.151:5060

SEND >> ser.public.ip:5060 REGISTER sip:my.public.box SIP/2.0 Via: SIP/2.0/UDP 192.168.1.101:5060;rport;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC13A From: kristine sip:456@my.public.box To: kristine sip:456@my.public.box Contact: "kristine" sip:456@192.168.1.101:5060 Call-ID: AC7B8E18551C11D8B317000A957BC13A@my.public.box CSeq: 55034 REGISTER Expires: 1800 Max-Forwards: 70 User-Agent: X-Lite build 1101 Content-Length: 0

RECEIVE << ser.public.ip:5060 SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.1.101:5060;rport=15060;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC1 3A;received=my.router.public.ip From: kristine sip:456@my.public.box To: kristine sip:456@my.public.box;tag=b27e1a1d33761e85846fc98f5f3a7e58.b0ef Call-ID: AC7B8E18551C11D8B317000A957BC13A@my.public.box CSeq: 55034 REGISTER Contact: sip:456@192.168.1.101:5060;q=0.00;expires=1800 Server: Sip EXpress router (0.8.12 (i386/linux)) Content-Length: 0 Warning: 392 ser.public.ip:5060 "Noisy feedback tells: pid=21658 req_src_ip=my.router.public.ip req_src_port=15060 in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1

[3]

===Domain list=== ---Domain--- name : 'location' size : 512 table: 0x402d60d8 d_ll { n : 2 first: 0x402d80e0 last : 0x402d81c8 }

...Record(0x402d80e0)... domain: 'location' aor : '123'

domain : 'location'
aor    : '123'
Contact: 'sip:123@192.168.1.100:5060'
Expires: 583
q      :       0.00
Call-ID: '9DA51D06551C11D882E3000393B930BA@my.public.box'
CSeq   : 56648
replic : 0
State  : CS_NEW
Flags  : 0
next   : (nil)
prev   : (nil)
~~~/Contact~~~~
.../Record...
...Record(0x402d81c8)...
domain: 'location'
aor   : '456'
~~~Contact(0x402d8208)~~~
domain : 'location'
aor    : '456'
Contact: 'sip:456@192.168.1.101:5060'
Expires: 614
q      :       0.00
Call-ID: 'AC7B8E18551C11D8B317000A957BC13A@my.public.box'
CSeq   : 55034
replic : 0
State  : CS_NEW
Flags  : 0
next   : (nil)
prev   : (nil)
~~~/Contact~~~~
.../Record...

---/Domain---
===/Domain list===

_______________________________________________
Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

A simple solution is that you simply compare the IP in the Request-URI with the IP address from which the INVITE has come. If there more NATs then this will not work, of course, but the question is if it makes sense so support such configurations.

Jan.

On 02-02 09:29, Klaus Darilion wrote:

Hi Nils!

How will you detect that both clients are behind the same NAT? You could check, if the requests come from the same IP address (the IP address of the NAT-box), but what if there some more NATs behind the first NAT-box?

klaus

Nils Ohlmeier wrote:

...

If the UAs are sitting behind the same NAT then the nathelper module may help you (but that is not the intention of the module). But you should give up the idea to use the external RTP proxy IMHO. It simply does not make much sence to route the traffic of the two UAs through the internet when the can talk to each other directly in the same LAN (i mean only the RTP part not the signaling part).

Regards Nils

On Monday 02 February 2004 02:44, Eric C. Snowdeal III wrote:

...

i've been getting my sea legs with SER and am having trouble getting rtpproxy to nathelper to work correctly with my setup. since everything works fine if i test the scenario with a freeworld dialup account, i'm assuming that my problems are solely due to the vastness of my ignorance on how to configure SER correctly.

i have three x-lite clients [ one is running on windows 2000 not sure of the build number, but it's the latest download from the website; the other two clients are both build 1101 on mac 10.2.3. SER running on a rh9 box on a public IP with rtpproxy. i installed ser-0.8.12-0.i386.rpm which i downloaded from the ftp server. the x-lite clients are sitting behind a linksys befw11s4 nat router.

i can run SER without nathelper/rtpproxy and make and receive calls to clients outside the my network. however, things fall apart quickly when i try to run more than one client behind the nat [ lost audio, timeouts etc] which i presume is what nathelper is supposed to deal with. if try to run to use nathelper, i can't make a call from a one client to another client behind the lan. the calls won't go through - they simply timeout.

i downloaded and compiled rtpproxy which i obtained from the portaone website and simply started it from the command line. i can't figure out how to get any debugging messages from rtpproxy, but i can see that the process exists and /var/run/rtpproxy.sock is created.

i altered ser.cfg using the template i found in the ser-0.8.12_src tarball [ /modules/nathelper/nathelper.cfg ]. see my config below [1]. i understand that things have changed quite a bit in the CVS head, but i tried to compile and install the latest CVS version, but i ran into a host of config errors using the nathelper.cfg supplied, so i decided to backtrack, gather my wits, and stick with the released version.

the x-lite clients appear to register appropriately with the server [2 - public ip addresses have been changed to protect the innocent]. to my untrained eye, these messages look the same as what i see when i test things using freeworld dialup accounts and i can make a call to another client on the same lan segment - i.e. the internal IP addresses are being sent. the location database also shows that the internal IP addresses are being used [3], but i don't know if this is what i want or not. oh. i'm also using my.public.box - a FQDN - as in the x-lite fields where it asks for "Domain/Realm", "SIP Proxy" and "Out Bound Proxy".

so anyone care to grab me by the lapels and point out what i'm obviously doing wrong :-)

[1] # # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script #

# ----------- global configuration parameters ------------------------

#debug=3 # debug level (cmd line: -dddddddddd) #fork=yes #log_stderror=no # (cmd line: -E)

/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */

check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 #children=4 fifo="/tmp/ser_fifo"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database #loadmodule "/usr/lib/ser/modules/mysql.so"

loadmodule "/usr/lib/ser/modules/nathelper.so"

loadmodule "/usr/lib/ser/modules/sl.so" loadmodule "/usr/lib/ser/modules/tm.so" loadmodule "/usr/lib/ser/modules/rr.so" loadmodule "/usr/lib/ser/modules/maxfwd.so" loadmodule "/usr/lib/ser/modules/usrloc.so" loadmodule "/usr/lib/ser/modules/registrar.so"

# Uncomment this if you want digest authentication # mysql.so must be loaded ! #loadmodule "/usr/lib/ser/modules/auth.so" #loadmodule "/usr/lib/ser/modules/auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

modparam("usrloc", "db_mode", 0)

# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2)

# -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password")

# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)

alias="my.public.box"

# ------------------------- request routing logic -------------------

# main routing logic

route{

   # initial sanity checks -- messages with
   # max_forwards==0, or excessively long requests
   if (!mf_process_maxfwd_header("10")) {
           sl_send_reply("483","Too Many Hops");
           break;
   };
   if ( msg:len > max_len ) {
           sl_send_reply("513", "Message too big");
           break;
   };


   # compulsory processing of Route header fields and adding RR
   loose_route();

   /* registration (uses rewritten contacts) */
   if (method=="REGISTER") {
           save("location");
           break;
   };

   if (method=="INVITE") {
           record_route();
           if (isflagset(1)) { # ATA ?
                   fix_nated_sdp("3");
           };
           /* set up reply processing */
           t_on_reply("1");
   };

   if (method == "INVITE" || method == "CANCEL") {
           if (!lookup("location")) {
                   sl_send_reply("404", "Not Found");
                   break;
           };
   };

   /* set up reply processing and forward statefuly */
   t_relay();

}

# all incoming replies for t_onrepli-ed transactions enter here onreply_route[1] { if (status=~"2[0-9][0-9]") fix_nated_contact(); fix_nated_sdp("3"); }

[2]

Established SIP protocol listen on: 192.168.1.100:5060

Discovered Restricted Cone NAT Firewall

SIP: 192.168.1.100:5060 RTP: 192.168.1.100:8000 NAT: my.router.public.ip

PROXY#0: ser.public.ip:5060

OUTBOUND-PROXY#0: ser.public.ip:5060

SEND >> ser.public.ip:5060 REGISTER sip:my.public.box SIP/2.0 Via: SIP/2.0/UDP 192.168.1.100:5060;rport;branch=z9hG4bK9DF27D98551C11D882E3000393B930BA From: snowdeal sip:123@my.public.box To: snowdeal sip:123@my.public.box Contact: "snowdeal" sip:123@192.168.1.100:5060 Call-ID: 9DA51D06551C11D882E3000393B930BA@my.public.box CSeq: 56648 REGISTER Expires: 1800 Max-Forwards: 70 User-Agent: X-Lite build 1101 Content-Length: 0

RECEIVE << ser.public.ip:5060 SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.1.100:5060;rport=5060;branch=z9hG4bK9DF27D98551C11D882E3000393B930B A;received=my.router.public.ip From: snowdeal sip:123@my.public.box To: snowdeal sip:123@my.public.box;tag=b27e1a1d33761e85846fc98f5f3a7e58.3894 Call-ID: 9DA51D06551C11D882E3000393B930BA@my.public.box CSeq: 56648 REGISTER Contact: sip:123@192.168.1.100:5060;q=0.00;expires=1800 Server: Sip EXpress router (0.8.12 (i386/linux)) Content-Length: 0 Warning: 392 ser.public.ip:5060 "Noisy feedback tells: pid=21653 req_src_ip=my.router.public.ip req_src_port=5060 in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1"

---

Established SIP protocol listen on: 192.168.1.101:5060

Discovered Restricted Cone NAT Firewall

SIP: 192.168.1.101:5060 RTP: 192.168.1.101:8000 NAT: my.router.public.ip

PROXY#0: 69.55.224.151:5060

OUTBOUND-PROXY#0: 69.55.224.151:5060

SEND >> ser.public.ip:5060 REGISTER sip:my.public.box SIP/2.0 Via: SIP/2.0/UDP 192.168.1.101:5060;rport;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC13A From: kristine sip:456@my.public.box To: kristine sip:456@my.public.box Contact: "kristine" sip:456@192.168.1.101:5060 Call-ID: AC7B8E18551C11D8B317000A957BC13A@my.public.box CSeq: 55034 REGISTER Expires: 1800 Max-Forwards: 70 User-Agent: X-Lite build 1101 Content-Length: 0

RECEIVE << ser.public.ip:5060 SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.1.101:5060;rport=15060;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC1 3A;received=my.router.public.ip From: kristine sip:456@my.public.box To: kristine sip:456@my.public.box;tag=b27e1a1d33761e85846fc98f5f3a7e58.b0ef Call-ID: AC7B8E18551C11D8B317000A957BC13A@my.public.box CSeq: 55034 REGISTER Contact: sip:456@192.168.1.101:5060;q=0.00;expires=1800 Server: Sip EXpress router (0.8.12 (i386/linux)) Content-Length: 0 Warning: 392 ser.public.ip:5060 "Noisy feedback tells: pid=21658 req_src_ip=my.router.public.ip req_src_port=15060 in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1

[3]

===Domain list=== ---Domain--- name : 'location' size : 512 table: 0x402d60d8 d_ll { n : 2 first: 0x402d80e0 last : 0x402d81c8 }

...Record(0x402d80e0)... domain: 'location' aor : '123'

domain : 'location'
aor    : '123'
Contact: 'sip:123@192.168.1.100:5060'
Expires: 583
q      :       0.00
Call-ID: '9DA51D06551C11D882E3000393B930BA@my.public.box'
CSeq   : 56648
replic : 0
State  : CS_NEW
Flags  : 0
next   : (nil)
prev   : (nil)
~~~/Contact~~~~
.../Record...
...Record(0x402d81c8)...
domain: 'location'
aor   : '456'
~~~Contact(0x402d8208)~~~
domain : 'location'
aor    : '456'
Contact: 'sip:456@192.168.1.101:5060'
Expires: 614
q      :       0.00
Call-ID: 'AC7B8E18551C11D8B317000A957BC13A@my.public.box'
CSeq   : 55034
replic : 0
State  : CS_NEW
Flags  : 0
next   : (nil)
prev   : (nil)
~~~/Contact~~~~
.../Record...

---/Domain---
===/Domain list===

_______________________________________________
Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

Check that the user running serctl has read and write access to /tmp/ser_fifo.

Jan.

On 10-03 10:04, Muhammad Nasim wrote:

I have upgraded from 0.8.11 to 12. Ser is running happily (I can make calls) however when I do serctl moni I get don't get any cycle increment. Also serctl ps and serctl ul show give me nothing. Any ideas?

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers