At 13.51 19/12/2006, Klaus Darilion wrote:

You said that the 200 contains openser's IP in the SDP? Is it put in there by openser or already by Asterisk?

Tnx very much for help

It's put in there by OpenSER.

I'm attaching the 2 SIP/SDP packets (1 from asterisk to openser and 1 from openser to client)

AAA.AAA.AAA.AAA stands for IP of Asterisk OOO.OOO.OOO.OOO stands for IP of OpenSER CCC.CCC.CCC.CCC stands for IP of client 3333333333 is the called number

No. Time Source Destination Protocol Info 20 12.646925 AAA.AAA.AAA.AAA OOO.OOO.OOO.OOO SIP/SDP Status: 200 OK, with session description

Session Initiation Protocol Status-Line: SIP/2.0 200 OK Message Header Via: SIP/2.0/UDP OOO.OOO.OOO.OOO;branch=z9hG4bK5bbd.eaf4f093.0;received=OOO.OOO.OOO.OOO Via: SIP/2.0/UDP CCC.CCC.CCC.CCC:8952;branch=z9hG4bK-d87543-e15656230434101e-1--d87543-;rport=8952 Record-Route: sip:OOO.OOO.OOO.OOO;lr=on;ftag=9043ec70 From: "test"sip:test@OOO.OOO.OOO.OOO;tag=9043ec70 To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as30a7528b Call-ID: 98684a222a2eeb7aYmVlZTUzZDRhNjMzN2Y0MTZhYmNmOTc5MzQ4OGI3ZGU. CSeq: 3 INVITE User-Agent: Asterisk Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060 Content-Type: application/sdp Content-Length: 291 Message body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): root 20137 20138 IN IP4 AAA.AAA.AAA.AAA Session Name (s): session Connection Information (c): IN IP4 AAA.AAA.AAA.AAA Time Description, active time (t): 0 0 Media Description, name and address (m): audio 58508 RTP/AVP 98 3 8 0 101 Media Attribute (a): rtpmap:98 iLBC/8000 Media Attribute (a): rtpmap:3 GSM/8000 Media Attribute (a): rtpmap:8 PCMA/8000 Media Attribute (a): rtpmap:0 PCMU/8000 Media Attribute (a): rtpmap:101 telephone-event/8000 Media Attribute (a): fmtp:101 0-16 Media Attribute (a): silenceSupp:off - - - -

No. Time Source Destination Protocol Info 21 12.647437 OOO.OOO.OOO.OOO CCC.CCC.CCC.CCC SIP/SDP Status: 200 OK, with session description

Session Initiation Protocol Status-Line: SIP/2.0 200 OK Message Header Via: SIP/2.0/UDP OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-e15656230434101e-1--d87543-;rport=8952 Record-Route: sip:OOO.OOO.OOO.OOO;lr=on;ftag=9043ec70 From: "test"sip:test@OOO.OOO.OOO.OOO;tag=9043ec70 To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as30a7528b Call-ID: 98684a222a2eeb7aYmVlZTUzZDRhNjMzN2Y0MTZhYmNmOTc5MzQ4OGI3ZGU. CSeq: 3 INVITE User-Agent: Asterisk Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060 Content-Type: application/sdp Content-Length: 291 Message body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): root 20137 20138 IN IP4 OOO.OOO.OOO.OOO Session Name (s): session Connection Information (c): IN IP4 OOO.OOO.OOO.OOO Time Description, active time (t): 0 0 Media Description, name and address (m): audio 58508 RTP/AVP 98 3 8 0 101 Media Attribute (a): rtpmap:98 iLBC/8000 Media Attribute (a): rtpmap:3 GSM/8000 Media Attribute (a): rtpmap:8 PCMA/8000 Media Attribute (a): rtpmap:0 PCMU/8000 Media Attribute (a): rtpmap:101 telephone-event/8000 Media Attribute (a): fmtp:101 0-16 Media Attribute (a): silenceSupp:off - - - -

Tnx very much for help again

Regards

Edoardo

regards klaus

regards klaus

Edoardo Serra wrote:

...

Hi guys, I'm having a problem with an OpenSER acting as registrar server and load balancer for many Asterisk servers. In a few words: "users are registering on openser and, when they want to make a call, OpenSER proxies the request to an Asterisk server with the dispatcher module" Here is the intended data flow (SIP goes through OpenSER and media goes directly to Asterisk) User <-- SIP --> OpenSER <-- SIP --> Asterisk User <-- RTP --> Asterisk Both, OpenSER and Asterisks have public IPs I already have a working setup of that and everything seems working correctly. I'm trying to replicate that setup on another site, same configurations of the boxes, same versions of OpenSER and Asterisk, etc... but I'm having monodirectional Audio. Having a look with tethereal I see that OpenSER, when the communication is answered, sends a SIP packet (200 OK) to the user indicating itself as media endpoint instead of the Asterisks. From that moment I see RTP packets flowing from the client to OpenSER This seems really strange to me because I just copied the same configurations file from a working setup to the new installation. Tnx in advance for help. Regards P.S.: Here is my openser.cfg ## $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ ## simple quick-start config script # # ----------- global configuration parameters ------------------------ #debug=3 # debug level (cmd line: -dddddddddd) fork=yes #log_stderror=no # (cmd line: -E) check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #children=4 #port=5060 fifo="/tmp/ser_fifo" #uid=nobody #gid=nobody # ------------------ module loading ---------------------------------- loadmodule "/usr/lib/openser/modules/sl.so" loadmodule "/usr/lib/openser/modules/tm.so" loadmodule "/usr/lib/openser/modules/rr.so" loadmodule "/usr/lib/openser/modules/maxfwd.so" loadmodule "/usr/lib/openser/modules/usrloc.so" loadmodule "/usr/lib/openser/modules/registrar.so" loadmodule "/usr/lib/openser/modules/nathelper.so" loadmodule "/usr/lib/openser/modules/textops.so" loadmodule "/usr/lib/openser/modules/exec.so" loadmodule "/usr/lib/openser/modules/uri.so" loadmodule "/usr/lib/openser/modules/uri_db.so" loadmodule "/usr/lib/openser/modules/dispatcher.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/lib/openser/modules/mysql.so" loadmodule "/usr/lib/openser/modules/auth.so" loadmodule "/usr/lib/openser/modules/auth_db.so" modparam("usrloc", "db_mode", 2) modparam("usrloc", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/openser") modparam("usrloc", "timer_interval", 120) modparam("auth_db", "calculate_ha1", 0) modparam("auth_db", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/voip") modparam("uri_db", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/openser") modparam("rr", "enable_full_lr", 1) modparam("registrar", "nat_flag", 6) modparam("registrar", "max_expires", 3600) modparam("registrar", "min_expires", 60) modparam("registrar", "append_branches", 0) modparam("registrar", "desc_time_order", 1) modparam("nathelper", "natping_interval", 20) # Ping interval 20 s modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT modparam("dispatcher", "force_dst", 1) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); exit; }; if ( (method=="OPTIONS") || (method=="SUBSCRIBE") || (method=="NOTIFY") ) { sl_send_reply("405", "Method Not Allowed"); exit; } if (!method=="REGISTER") { record_route(); }; if ((src_ip==xxx.xxx.xxx.xxx) || (src_ip==xxx.xxx.xxx.xxx)) { # IP of Asterisks if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); }; exit; }; if (nat_uac_test("3")) { if ((method=="REGISTER") || (method=="INVITE") || (method=="OPTIONS")) { fix_nated_contact(); force_rport(); setflag(6); # Mark as NATed } } # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (method=="REGISTER") { if (!proxy_authorize("domain", "openser_view")) { proxy_challenge("domain", "0"); exit; } if (!check_to()) { sl_send_reply("403", "Digest username and URI username do NOT match! Stay away!"); exit; } save("location"); exit; };

if (method=="INVITE") { if (!proxy_authorize("domain", "openser_view")) { proxy_challenge("domain", "0"); exit; } if (!check_from()) { sl_send_reply("403", "Digest username and URI username do NOT match! Stay away!"); exit; } } # loose-route processing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); exit; }; if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); exit; }; append_hf("P-hint: usrloc applied\r\n"); route(1); } route[1] { # ! Nathelper if (uri=~"[@:](192.168.|10.|172.(1[6-9]|2[0-9]|3[0-1]).)" && !search("^Route:")){ sl_send_reply("479", "We don't forward to private IP addresses"); exit; }; # NAT processing of replies; apply to all transactions (for example, # re-INVITEs from public to private UA are hard to identify as # NATed at the moment of request processing); look at replies t_on_reply("1"); # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if ((src_ip!=xxx.xxx.xxx.xxx) && (src_ip!=xxx.xxx.xxx.xxx)) { # IP of Asterisks ds_select_dst("2", "0"); } if (!t_relay()) { sl_reply_error(); }; } # ! Nathelper onreply_route[1] { # NATed transaction ? if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); # otherwise, is it a transaction behind a NAT and we did not # know at time of request processing ? (RFC1918 contacts) } else if (nat_uac_test("1")) { fix_nated_contact(); }; }

---

Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users

-- Klaus Darilion nic.at

Hello tnx for the attention

At 17.00 19/12/2006, Stefano Capitanio wrote:

Hi,

is it correct that in the second Via Header of the message from Asterisk to OpenSER there is the address of the Client? there should be the address of Asterisk no?

I guess it is correct for outbound calls (from client to openser -> asterisk) I captured some packets on a working setup and I see the same via headers: one with OpenSER address and one with Client address

maybe this make OpenSER think that the message is coming from a NAT... i'm not sure, maybe i'm wrong... try to set:

modparam("nathelper", "rtpproxy_disable", 1)

I also think it's a NAT-related issue but that modparam doesn't solve the problem :(

Tnx again for help

Regards

Edoardo

regards, Stefano

Edoardo Serra ha scritto:

...

At 13.51 19/12/2006, Klaus Darilion wrote:

...

You said that the 200 contains openser's IP in the SDP? Is it put in there by openser or already by Asterisk?

Tnx very much for help

It's put in there by OpenSER.

I'm attaching the 2 SIP/SDP packets (1 from asterisk to openser and 1 from openser to client)

AAA.AAA.AAA.AAA stands for IP of Asterisk OOO.OOO.OOO.OOO stands for IP of OpenSER CCC.CCC.CCC.CCC stands for IP of client 3333333333 is the called number

No. Time Source Destination Protocol Info 20 12.646925 AAA.AAA.AAA.AAA OOO.OOO.OOO.OOO SIP/SDP Status: 200 OK, with session description

Session Initiation Protocol Status-Line: SIP/2.0 200 OK Message Header Via: SIP/2.0/UDP OOO.OOO.OOO.OOO;branch=z9hG4bK5bbd.eaf4f093.0;received=OOO.OOO.OOO.OOO Via: SIP/2.0/UDP CCC.CCC.CCC.CCC:8952;branch=z9hG4bK-d87543-e15656230434101e-1--d87543-;rport=8952

   Record-Route: <sip:OOO.OOO.OOO.OOO;lr=on;ftag=9043ec70>
   From: "test"<sip:test@OOO.OOO.OOO.OOO>;tag=9043ec70
   To: "3333333333"<sip:3333333333@OOO.OOO.OOO.OOO>;tag=as30a7528b
   Call-ID: 98684a222a2eeb7aYmVlZTUzZDRhNjMzN2Y0MTZhYmNmOTc5MzQ4OGI3ZGU.
   CSeq: 3 INVITE
   User-Agent: Asterisk
   Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
   Contact: <sip:3333333333@AAA.AAA.AAA.AAA:5060>
   Content-Type: application/sdp
   Content-Length: 291

Message body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): root 20137 20138 IN IP4 AAA.AAA.AAA.AAA Session Name (s): session Connection Information (c): IN IP4 AAA.AAA.AAA.AAA Time Description, active time (t): 0 0 Media Description, name and address (m): audio 58508 RTP/AVP 98 3 8 0 101 Media Attribute (a): rtpmap:98 iLBC/8000 Media Attribute (a): rtpmap:3 GSM/8000 Media Attribute (a): rtpmap:8 PCMA/8000 Media Attribute (a): rtpmap:0 PCMU/8000 Media Attribute (a): rtpmap:101 telephone-event/8000 Media Attribute (a): fmtp:101 0-16 Media Attribute (a): silenceSupp:off - - - -

No. Time Source Destination Protocol Info 21 12.647437 OOO.OOO.OOO.OOO CCC.CCC.CCC.CCC SIP/SDP Status: 200 OK, with session description

Session Initiation Protocol Status-Line: SIP/2.0 200 OK Message Header Via: SIP/2.0/UDP OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-e15656230434101e-1--d87543-;rport=8952

   Record-Route: <sip:OOO.OOO.OOO.OOO;lr=on;ftag=9043ec70>
   From: "test"<sip:test@OOO.OOO.OOO.OOO>;tag=9043ec70
   To: "3333333333"<sip:3333333333@OOO.OOO.OOO.OOO>;tag=as30a7528b
   Call-ID: 98684a222a2eeb7aYmVlZTUzZDRhNjMzN2Y0MTZhYmNmOTc5MzQ4OGI3ZGU.
   CSeq: 3 INVITE
   User-Agent: Asterisk
   Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
   Contact: <sip:3333333333@AAA.AAA.AAA.AAA:5060>
   Content-Type: application/sdp
   Content-Length: 291

Message body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): root 20137 20138 IN IP4 OOO.OOO.OOO.OOO Session Name (s): session Connection Information (c): IN IP4 OOO.OOO.OOO.OOO Time Description, active time (t): 0 0 Media Description, name and address (m): audio 58508 RTP/AVP 98 3 8 0 101 Media Attribute (a): rtpmap:98 iLBC/8000 Media Attribute (a): rtpmap:3 GSM/8000 Media Attribute (a): rtpmap:8 PCMA/8000 Media Attribute (a): rtpmap:0 PCMU/8000 Media Attribute (a): rtpmap:101 telephone-event/8000 Media Attribute (a): fmtp:101 0-16 Media Attribute (a): silenceSupp:off - - - -

Tnx very much for help again

Regards

Edoardo

...

regards klaus

regards klaus

Edoardo Serra wrote:

...

Hi guys, I'm having a problem with an OpenSER acting as registrar server and load balancer for many Asterisk servers. In a few words: "users are registering on openser and, when they want to make a call, OpenSER proxies the request to an Asterisk server with the dispatcher module" Here is the intended data flow (SIP goes through OpenSER and media goes directly to Asterisk) User <-- SIP --> OpenSER <-- SIP --> Asterisk User <-- RTP --> Asterisk Both, OpenSER and Asterisks have public IPs I already have a working setup of that and everything seems working correctly. I'm trying to replicate that setup on another site, same configurations of the boxes, same versions of OpenSER and Asterisk, etc... but I'm having monodirectional Audio. Having a look with tethereal I see that OpenSER, when the communication is answered, sends a SIP packet (200 OK) to the user indicating itself as media endpoint instead of the Asterisks. From that moment I see RTP packets flowing from the client to OpenSER This seems really strange to me because I just copied the same configurations file from a working setup to the new installation. Tnx in advance for help. Regards P.S.: Here is my openser.cfg ## $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ ## simple quick-start config script # # ----------- global configuration parameters ------------------------ #debug=3 # debug level (cmd line: -dddddddddd) fork=yes #log_stderror=no # (cmd line: -E) check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #children=4 #port=5060 fifo="/tmp/ser_fifo" #uid=nobody #gid=nobody # ------------------ module loading ---------------------------------- loadmodule "/usr/lib/openser/modules/sl.so" loadmodule "/usr/lib/openser/modules/tm.so" loadmodule "/usr/lib/openser/modules/rr.so" loadmodule "/usr/lib/openser/modules/maxfwd.so" loadmodule "/usr/lib/openser/modules/usrloc.so" loadmodule "/usr/lib/openser/modules/registrar.so" loadmodule "/usr/lib/openser/modules/nathelper.so" loadmodule "/usr/lib/openser/modules/textops.so" loadmodule "/usr/lib/openser/modules/exec.so" loadmodule "/usr/lib/openser/modules/uri.so" loadmodule "/usr/lib/openser/modules/uri_db.so" loadmodule "/usr/lib/openser/modules/dispatcher.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/lib/openser/modules/mysql.so" loadmodule "/usr/lib/openser/modules/auth.so" loadmodule "/usr/lib/openser/modules/auth_db.so" modparam("usrloc", "db_mode", 2) modparam("usrloc", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/openser") modparam("usrloc", "timer_interval", 120) modparam("auth_db", "calculate_ha1", 0) modparam("auth_db", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/voip") modparam("uri_db", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/openser") modparam("rr", "enable_full_lr", 1) modparam("registrar", "nat_flag", 6) modparam("registrar", "max_expires", 3600) modparam("registrar", "min_expires", 60) modparam("registrar", "append_branches", 0) modparam("registrar", "desc_time_order", 1) modparam("nathelper", "natping_interval", 20) # Ping interval 20 s modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT modparam("dispatcher", "force_dst", 1) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); exit; }; if ( (method=="OPTIONS") || (method=="SUBSCRIBE") || (method=="NOTIFY") ) { sl_send_reply("405", "Method Not Allowed"); exit; } if (!method=="REGISTER") { record_route(); }; if ((src_ip==xxx.xxx.xxx.xxx) || (src_ip==xxx.xxx.xxx.xxx)) { # IP of Asterisks if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); }; exit; }; if (nat_uac_test("3")) { if ((method=="REGISTER") || (method=="INVITE") || (method=="OPTIONS")) { fix_nated_contact(); force_rport(); setflag(6); # Mark as NATed } } # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (method=="REGISTER") { if (!proxy_authorize("domain", "openser_view")) { proxy_challenge("domain", "0"); exit; } if (!check_to()) { sl_send_reply("403", "Digest username and URI username do NOT match! Stay away!"); exit; } save("location"); exit; };

if (method=="INVITE") { if (!proxy_authorize("domain", "openser_view")) { proxy_challenge("domain", "0"); exit; } if (!check_from()) { sl_send_reply("403", "Digest username and URI username do NOT match! Stay away!"); exit; } } # loose-route processing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); exit; }; if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); exit; }; append_hf("P-hint: usrloc applied\r\n"); route(1); } route[1] { # ! Nathelper if (uri=~"[@:](192.168.|10.|172.(1[6-9]|2[0-9]|3[0-1]).)" && !search("^Route:")){ sl_send_reply("479", "We don't forward to private IP addresses"); exit; }; # NAT processing of replies; apply to all transactions (for example, # re-INVITEs from public to private UA are hard to identify as # NATed at the moment of request processing); look at replies t_on_reply("1"); # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if ((src_ip!=xxx.xxx.xxx.xxx) && (src_ip!=xxx.xxx.xxx.xxx)) { # IP of Asterisks ds_select_dst("2", "0"); } if (!t_relay()) { sl_reply_error(); }; } # ! Nathelper onreply_route[1] { # NATed transaction ? if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); # otherwise, is it a transaction behind a NAT and we did not # know at time of request processing ? (RFC1918 contacts) } else if (nat_uac_test("1")) { fix_nated_contact(); }; }

---

Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users

-- Klaus Darilion nic.at

---

Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users

Hello Klaus,

...

No. Time Source Destination Protocol Info 21 12.647437 OOO.OOO.OOO.OOO CCC.CCC.CCC.CCC SIP/SDP Status: 200 OK, with session description Session Initiation Protocol Status-Line: SIP/2.0 200 OK Message Header Via: SIP/2.0/UDP OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-e15656230434101e-1--d87543-;rport=8952

^^^^^^^^^here should be CCC.CCC.CCC.CCC maybe a search/replace typo?

I also think so, but I just double checked, no search/replace error :(

have you sniffed directly on the SIP proxy server? (Maybe is there a SIP ALG somewhere inbetween)

Yes, directly on the proxy server

Tnx again for help

Regards

Edoardo

At 17.21 20/12/2006, Klaus Darilion wrote:

Then we have to go back to the beginning: Please send a complete ngrep Trace (not ethereal or tcpdump - they are horrible to read) of the call: ngrep -t -W byline port 5060 (make sure not to mix IP addresses when replacing them) And also send openser.cfg (remove passwords)

Here I am, dump with ngrep and openser.cfg follow.

The most strange thing, as you wuold notice, is that the 2 packets with 183 Session Progress contain the right IP addresses for the media path in SDP Those IPs are changed in the 200 OK packets so subsequents packet go to the wrong server (the result is monodirectional audio)

IP and called number substitutions: AAA.AAA.AAA.AAA stands for IP of Asterisk OOO.OOO.OOO.OOO stands for IP of OpenSER CCC.CCC.CCC.CCC stands for IP of client 3333333333 is the called number

Tnx in advance for help

Regards Edoardo

---- Dump ----

interface: eth0 filter: ip and ( port 5060 )

# U 2006/12/20 19:15:34.678287 CCC.CCC.CCC.CCC:21722 -> OOO.OOO.OOO.OOO:5060 INVITE sip:3333333333@OOO.OOO.OOO.OOO SIP/2.0. Via: SIP/2.0/UDP 192.168.1.207:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport. Max-Forwards: 70. Contact: sip:webrainstorm@OOO.OOO.OOO.OOO:21722. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO. From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO. Content-Type: application/sdp. Proxy-Authorization: Digest username="webrainstorm",realm="exorsa",nonce="45897ef2b587b98fc67ea19dd5b09d828729da7a",uri="sip:3333333333@OOO.OOO.OOO.OOO",response="eab1c8c11786217fa91a1cccd5ab12ee",algorithm=MD5. User-Agent: X-Lite release 1002tx stamp 29712. Content-Length: 531. . v=0. o=- 8 2 IN IP4 192.168.1.207. s=<CounterPath eyeBeam 1.5>. c=IN IP4 192.168.1.207. t=0 0. m=audio 51126 RTP/AVP 107 119 0 98 8 3 101. a=alt:1 4 : j8K0NvX0 kXY4R7xZ 10.20.0.18 51126. a=alt:2 3 : fLWQkZY+ MYtnqw0q 192.168.1.207 51126. a=alt:3 2 : yXdwE+mU 41ew0wrw 192.168.33.1 51126. a=alt:4 1 : 4uQ0NB/Z F+dp79Pq 192.168.8.1 51126. a=fmtp:101 0-15. a=rtpmap:107 BV32/16000. a=rtpmap:119 BV32-FEC/16000. a=rtpmap:98 iLBC/8000. a=rtpmap:101 telephone-event/8000. a=sendrecv. a=x-rtp-session-id:6754D37B91D842568EE88680F168B966.

# U 2006/12/20 19:15:34.679538 CCC.CCC.CCC.CCC:21722 -> OOO.OOO.OOO.OOO:5060 . .

# U 2006/12/20 19:15:34.680057 OOO.OOO.OOO.OOO:5060 -> CCC.CCC.CCC.CCC:21722 SIP/2.0 100 trying -- your call is important to us. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO. From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. Server: OpenSer (1.1.0-notls (i386/linux)). Content-Length: 0. Warning: 392 OOO.OOO.OOO.OOO:5060 "Noisy feedback tells: pid=31932 req_src_ip=CCC.CCC.CCC.CCC req_src_port=21722 in_uri=sip:3333333333@OOO.OOO.OOO.OOO out_uri=sip:3333333333@OOO.OOO.OOO.OOO via_cnt==1". .

# U 2006/12/20 19:15:34.680156 OOO.OOO.OOO.OOO:5060 -> AAA.AAA.AAA.AAA:5060 5766@0:1480 ........INVITE sip:3333333333@OOO.OOO.OOO.OOO SIP/2.0. Record-Route: sip:OOO.OOO.OOO.OOO;lr=on;ftag=1d106710. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0. Via: SIP/2.0/UDP CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722. Max-Forwards: 69. Contact: sip:webrainstorm@CCC.CCC.CCC.CCC:21722. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO. From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO. Content-Type: application/sdp. Proxy-Authorization: Digest username="webrainstorm",realm="exorsa",nonce="45897ef2b587b98fc67ea19dd5b09d828729da7a",uri="sip:3333333333@OOO.OOO.OOO.OOO",response="eab1c8c11786217fa91a1cccd5ab12ee",algorithm=MD5. User-Agent: X-Lite release 1002tx stamp 29712. Content-Length: 529. P-hint: usrloc applied. . v=0. o=- 8 2 IN IP4 CCC.CCC.CCC.CCC. s=<CounterPath eyeBeam 1.5>. c=IN IP4 CCC.CCC.CCC.CCC. t=0 0. m=audio 51126 RTP/AVP 107 119 0 98 8 3 101. a=alt:1 4 : j8K0NvX0 kXY4R7xZ 10.20.0.18 51126. a=alt:2 3 : fLWQkZY+ MYtnqw0q 192.168.1.207 51126. a=alt:3 2 : yXdwE+mU 41ew0wrw 192.168.33.1 51126. a=alt:4 1 : 4uQ0NB/Z F+dp79Pq 192.168.8.1 51126. a=fmtp:101 0-15. a=rtpmap:107 BV32/16000. a=rtpmap:119 BV32-FEC/16000. a=rtpmap:98 iLBC/8000. a=rtpmap:101 telephone-event/8000. a=sendrecv. a=x-rtp-session-id:6754D37B91D842568EE88680F168B # U 2006/12/20 19:15:34.681110 AAA.AAA.AAA.AAA:5060 -> OOO.OOO.OOO.OOO:5060 SIP/2.0 100 Trying. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0;received=OOO.OOO.OOO.OOO. Via: SIP/2.0/UDP CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722. From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. User-Agent: Asterisk. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY. Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060. Content-Length: 0. .

# U 2006/12/20 19:15:35.025207 AAA.AAA.AAA.AAA:5060 -> OOO.OOO.OOO.OOO:5060 SIP/2.0 183 Session Progress. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0;received=OOO.OOO.OOO.OOO. Via: SIP/2.0/UDP CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722. From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as1f398d64. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. User-Agent: Asterisk. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY. Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060. Content-Type: application/sdp. Content-Length: 291. . v=0. o=root 20137 20137 IN IP4 AAA.AAA.AAA.AAA. s=session. c=IN IP4 AAA.AAA.AAA.AAA. t=0 0. m=audio 30502 RTP/AVP 98 3 8 0 101. a=rtpmap:98 iLBC/8000. a=rtpmap:3 GSM/8000. a=rtpmap:8 PCMA/8000. a=rtpmap:0 PCMU/8000. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-16. a=silenceSupp:off - - - -.

# U 2006/12/20 19:15:35.025446 OOO.OOO.OOO.OOO:5060 -> CCC.CCC.CCC.CCC:21722 SIP/2.0 183 Session Progress. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722. From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as1f398d64. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. User-Agent: Asterisk. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY. Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060. Content-Type: application/sdp. Content-Length: 291. . v=0. o=root 20137 20137 IN IP4 AAA.AAA.AAA.AAA. s=session. c=IN IP4 AAA.AAA.AAA.AAA. t=0 0. m=audio 30502 RTP/AVP 98 3 8 0 101. a=rtpmap:98 iLBC/8000. a=rtpmap:3 GSM/8000. a=rtpmap:8 PCMA/8000. a=rtpmap:0 PCMU/8000. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-16. a=silenceSupp:off - - - -.

# U 2006/12/20 19:15:39.290612 AAA.AAA.AAA.AAA:5060 -> OOO.OOO.OOO.OOO:5060 SIP/2.0 180 Ringing. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0;received=OOO.OOO.OOO.OOO. Via: SIP/2.0/UDP CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722. From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as1f398d64. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. User-Agent: Asterisk. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY. Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060. Content-Length: 0. .

# U 2006/12/20 19:15:39.290784 OOO.OOO.OOO.OOO:5060 -> CCC.CCC.CCC.CCC:21722 SIP/2.0 180 Ringing. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722. From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as1f398d64. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. User-Agent: Asterisk. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY. Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060. Content-Length: 0. .

# U 2006/12/20 19:15:45.284233 AAA.AAA.AAA.AAA:5060 -> OOO.OOO.OOO.OOO:5060 SIP/2.0 200 OK. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0;received=OOO.OOO.OOO.OOO. Via: SIP/2.0/UDP CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722. Record-Route: sip:OOO.OOO.OOO.OOO;lr=on;ftag=1d106710. From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as1f398d64. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. User-Agent: Asterisk. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY. Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060. Content-Type: application/sdp. Content-Length: 291. . v=0. o=root 20137 20138 IN IP4 AAA.AAA.AAA.AAA. s=session. c=IN IP4 AAA.AAA.AAA.AAA. t=0 0. m=audio 30502 RTP/AVP 98 3 8 0 101. a=rtpmap:98 iLBC/8000. a=rtpmap:3 GSM/8000. a=rtpmap:8 PCMA/8000. a=rtpmap:0 PCMU/8000. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-16. a=silenceSupp:off - - - -.

# U 2006/12/20 19:15:45.284766 OOO.OOO.OOO.OOO:5060 -> CCC.CCC.CCC.CCC:21722 SIP/2.0 200 OK. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722. Record-Route: sip:OOO.OOO.OOO.OOO;lr=on;ftag=1d106710. From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as1f398d64. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. User-Agent: Asterisk. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY. Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060. Content-Type: application/sdp. Content-Length: 291. . v=0. o=root 20137 20138 IN IP4 OOO.OOO.OOO.OOO. s=session. c=IN IP4 OOO.OOO.OOO.OOO. t=0 0. m=audio 30502 RTP/AVP 98 3 8 0 101. a=rtpmap:98 iLBC/8000. a=rtpmap:3 GSM/8000. a=rtpmap:8 PCMA/8000. a=rtpmap:0 PCMU/8000. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-16. a=silenceSupp:off - - - -.

# U 2006/12/20 19:15:45.523120 CCC.CCC.CCC.CCC:21722 -> OOO.OOO.OOO.OOO:5060 ACK sip:3333333333@AAA.AAA.AAA.AAA:5060 SIP/2.0. Via: SIP/2.0/UDP 192.168.1.207:21722;branch=z9hG4bK-d87543-1276651d53700b28-1--d87543-;rport. Max-Forwards: 70. Route: sip:OOO.OOO.OOO.OOO;lr;ftag=1d106710. Contact: sip:webrainstorm@OOO.OOO.OOO.OOO:21722. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as1f398d64. From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 ACK. Proxy-Authorization: Digest username="webrainstorm",realm="exorsa",nonce="45897ef2b587b98fc67ea19dd5b09d828729da7a",uri="sip:3333333333@OOO.OOO.OOO.OOO",response="eab1c8c11786217fa91a1cccd5ab12ee",algorithm=MD5. User-Agent: X-Lite release 1002tx stamp 29712. Content-Length: 0. .

#

---- openser.cfg ----

AAA.AAA.AAA.111 and AAA.AAA.AAA.222 are the 2 asterisks used for load balance In the capure before only one of the 2 Asterisk boxes was in dispatcher.list

# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # simple quick-start config script #

# ----------- global configuration parameters ------------------------

#debug=3 # debug level (cmd line: -dddddddddd) fork=yes #log_stderror=no # (cmd line: -E)

check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #children=4 #port=5060 fifo="/tmp/ser_fifo"

#uid=nobody #gid=nobody

# ------------------ module loading ----------------------------------

loadmodule "/usr/lib/openser/modules/sl.so" loadmodule "/usr/lib/openser/modules/tm.so" loadmodule "/usr/lib/openser/modules/rr.so" loadmodule "/usr/lib/openser/modules/maxfwd.so" loadmodule "/usr/lib/openser/modules/usrloc.so" loadmodule "/usr/lib/openser/modules/registrar.so" loadmodule "/usr/lib/openser/modules/nathelper.so" loadmodule "/usr/lib/openser/modules/textops.so" loadmodule "/usr/lib/openser/modules/exec.so" loadmodule "/usr/lib/openser/modules/uri.so" loadmodule "/usr/lib/openser/modules/uri_db.so" loadmodule "/usr/lib/openser/modules/dispatcher.so"

# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/lib/openser/modules/mysql.so" loadmodule "/usr/lib/openser/modules/auth.so" loadmodule "/usr/lib/openser/modules/auth_db.so"

modparam("usrloc", "db_mode", 2) modparam("usrloc", "db_url", "mysql://xxx:xxx@192.168.252.5/openser")

# abbassare il timer modparam("usrloc", "timer_interval", 120)

modparam("auth_db", "calculate_ha1", 0) modparam("auth_db", "db_url", "mysql://xxx:xxx@192.168.252.5/voismartdb")

modparam("uri_db", "db_url", "mysql://xxx:xxx@192.168.252.5/openser")

modparam("rr", "enable_full_lr", 1)

modparam("registrar", "nat_flag", 6) #modparam("registrar", "default_expires", 300) modparam("registrar", "max_expires", 3600) modparam("registrar", "min_expires", 60) modparam("registrar", "append_branches", 0) modparam("registrar", "desc_time_order", 1)

modparam("nathelper", "natping_interval", 20) # Ping interval 20 s modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT

modparam("dispatcher", "force_dst", 1)

# ------------------------- request routing logic -------------------

# main routing logic

route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); exit; };

if ( (method=="OPTIONS") || (method=="SUBSCRIBE") || (method=="NOTIFY") ) { sl_send_reply("405", "Method Not Allowed"); exit; }

if (!method=="REGISTER") { record_route(); };

if ((src_ip==AAA.AAA.AAA.111) || (src_ip==AAA.AAA.AAA.222)) { if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); }; exit; };

if (nat_uac_test("3")) { if ((method=="REGISTER") || (method=="INVITE") || (method=="OPTIONS")) { fix_nated_contact(); force_rport(); setflag(6); # Mark as NATed } } # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (method=="REGISTER") { if (!proxy_authorize("exorsa", "openser_view")) { proxy_challenge("exorsa", "0"); exit; } if (!check_to()) { sl_send_reply("403", "Digest username and URI username do NOT match! Stay away!"); exit; }

save("location");

exit; };

if (method=="INVITE") { if (!proxy_authorize("exorsa", "openser_view")) { proxy_challenge("exorsa", "0"); exit; }

if (!check_from()) { sl_send_reply("403", "Digest username and URI username do NOT match! Stay away!"); exit; } }

# loose-route processing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); exit; };

if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); exit; };

append_hf("P-hint: usrloc applied\r\n"); route(1); }

route[1] { # !! Nathelper if (uri=~"[@:](192.168.|10.|172.(1[6-9]|2[0-9]|3[0-1]).)" && !search("^Route:")){ sl_send_reply("479", "We don't forward to private IP addresses"); exit; };

# NAT processing of replies; apply to all transactions (for example, # re-INVITEs from public to private UA are hard to identify as # NATed at the moment of request processing); look at replies t_on_reply("1");

# send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if ((src_ip!=AAA.AAA.AAA.111) && (src_ip!=AAA.AAA.AAA.222)) { ds_select_dst("2", "0"); }

if (!t_relay()) { sl_reply_error(); }; }

# !! Nathelper onreply_route[1] { # NATed transaction ? if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); #force_rtp_proxy(); # otherwise, is it a transaction behind a NAT and we did not # know at time of request processing ? (RFC1918 contacts) } else if (nat_uac_test("1")) { fix_nated_contact(); }; }

Hope it helps.

Tnx again for your help

Regards

Edoardo

inline ....

Edoardo Serra wrote:

At 17.21 20/12/2006, Klaus Darilion wrote:

...

Then we have to go back to the beginning: Please send a complete ngrep Trace (not ethereal or tcpdump - they are horrible to read) of the call: ngrep -t -W byline port 5060 (make sure not to mix IP addresses when replacing them) And also send openser.cfg (remove passwords)

Here I am, dump with ngrep and openser.cfg follow.

The most strange thing, as you wuold notice, is that the 2 packets with 183 Session Progress contain the right IP addresses for the media path in SDP Those IPs are changed in the 200 OK packets so subsequents packet go to the wrong server (the result is monodirectional audio)

IP and called number substitutions: AAA.AAA.AAA.AAA stands for IP of Asterisk OOO.OOO.OOO.OOO stands for IP of OpenSER CCC.CCC.CCC.CCC stands for IP of client 3333333333 is the called number

Tnx in advance for help

Regards Edoardo

---- Dump ----

interface: eth0 filter: ip and ( port 5060 )

# U 2006/12/20 19:15:34.678287 CCC.CCC.CCC.CCC:21722 -> OOO.OOO.OOO.OOO:5060 INVITE sip:3333333333@OOO.OOO.OOO.OOO SIP/2.0. Via: SIP/2.0/UDP 192.168.1.207:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport.

Max-Forwards: 70. Contact: sip:webrainstorm@OOO.OOO.OOO.OOO:21722. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO. From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO. Content-Type: application/sdp. Proxy-Authorization: Digest username="webrainstorm",realm="exorsa",nonce="45897ef2b587b98fc67ea19dd5b09d828729da7a",uri="sip:3333333333@OOO.OOO.OOO.OOO",response="eab1c8c11786217fa91a1cccd5ab12ee",algorithm=MD5.

User-Agent: X-Lite release 1002tx stamp 29712. Content-Length: 531. . v=0. o=- 8 2 IN IP4 192.168.1.207. s=<CounterPath eyeBeam 1.5>. c=IN IP4 192.168.1.207. t=0 0. m=audio 51126 RTP/AVP 107 119 0 98 8 3 101. a=alt:1 4 : j8K0NvX0 kXY4R7xZ 10.20.0.18 51126. a=alt:2 3 : fLWQkZY+ MYtnqw0q 192.168.1.207 51126. a=alt:3 2 : yXdwE+mU 41ew0wrw 192.168.33.1 51126. a=alt:4 1 : 4uQ0NB/Z F+dp79Pq 192.168.8.1 51126. a=fmtp:101 0-15. a=rtpmap:107 BV32/16000. a=rtpmap:119 BV32-FEC/16000. a=rtpmap:98 iLBC/8000. a=rtpmap:101 telephone-event/8000. a=sendrecv. a=x-rtp-session-id:6754D37B91D842568EE88680F168B966.

# U 2006/12/20 19:15:34.679538 CCC.CCC.CCC.CCC:21722 -> OOO.OOO.OOO.OOO:5060 . .

# U 2006/12/20 19:15:34.680057 OOO.OOO.OOO.OOO:5060 -> CCC.CCC.CCC.CCC:21722 SIP/2.0 100 trying -- your call is important to us. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.

To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO. From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. Server: OpenSer (1.1.0-notls (i386/linux)). Content-Length: 0. Warning: 392 OOO.OOO.OOO.OOO:5060 "Noisy feedback tells: pid=31932 req_src_ip=CCC.CCC.CCC.CCC req_src_port=21722 in_uri=sip:3333333333@OOO.OOO.OOO.OOO out_uri=sip:3333333333@OOO.OOO.OOO.OOO via_cnt==1". .

# U 2006/12/20 19:15:34.680156 OOO.OOO.OOO.OOO:5060 -> AAA.AAA.AAA.AAA:5060 5766@0:1480 ........INVITE sip:3333333333@OOO.OOO.OOO.OOO SIP/2.0. Record-Route: sip:OOO.OOO.OOO.OOO;lr=on;ftag=1d106710. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0. Via: SIP/2.0/UDP CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.

Max-Forwards: 69. Contact: sip:webrainstorm@CCC.CCC.CCC.CCC:21722. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO. From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO. Content-Type: application/sdp. Proxy-Authorization: Digest username="webrainstorm",realm="exorsa",nonce="45897ef2b587b98fc67ea19dd5b09d828729da7a",uri="sip:3333333333@OOO.OOO.OOO.OOO",response="eab1c8c11786217fa91a1cccd5ab12ee",algorithm=MD5.

User-Agent: X-Lite release 1002tx stamp 29712. Content-Length: 529. P-hint: usrloc applied. . v=0. o=- 8 2 IN IP4 CCC.CCC.CCC.CCC. s=<CounterPath eyeBeam 1.5>. c=IN IP4 CCC.CCC.CCC.CCC. t=0 0. m=audio 51126 RTP/AVP 107 119 0 98 8 3 101. a=alt:1 4 : j8K0NvX0 kXY4R7xZ 10.20.0.18 51126. a=alt:2 3 : fLWQkZY+ MYtnqw0q 192.168.1.207 51126. a=alt:3 2 : yXdwE+mU 41ew0wrw 192.168.33.1 51126. a=alt:4 1 : 4uQ0NB/Z F+dp79Pq 192.168.8.1 51126. a=fmtp:101 0-15. a=rtpmap:107 BV32/16000. a=rtpmap:119 BV32-FEC/16000. a=rtpmap:98 iLBC/8000. a=rtpmap:101 telephone-event/8000. a=sendrecv. a=x-rtp-session-id:6754D37B91D842568EE88680F168B # U 2006/12/20 19:15:34.681110 AAA.AAA.AAA.AAA:5060 -> OOO.OOO.OOO.OOO:5060 SIP/2.0 100 Trying. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0;received=OOO.OOO.OOO.OOO. Via: SIP/2.0/UDP CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.

From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. User-Agent: Asterisk. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY. Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060. Content-Length: 0. .

# U 2006/12/20 19:15:35.025207 AAA.AAA.AAA.AAA:5060 -> OOO.OOO.OOO.OOO:5060 SIP/2.0 183 Session Progress. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0;received=OOO.OOO.OOO.OOO. Via: SIP/2.0/UDP CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.

From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as1f398d64. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. User-Agent: Asterisk. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY. Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060. Content-Type: application/sdp. Content-Length: 291. . v=0. o=root 20137 20137 IN IP4 AAA.AAA.AAA.AAA. s=session. c=IN IP4 AAA.AAA.AAA.AAA. t=0 0. m=audio 30502 RTP/AVP 98 3 8 0 101. a=rtpmap:98 iLBC/8000. a=rtpmap:3 GSM/8000. a=rtpmap:8 PCMA/8000. a=rtpmap:0 PCMU/8000. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-16. a=silenceSupp:off - - - -.

# U 2006/12/20 19:15:35.025446 OOO.OOO.OOO.OOO:5060 -> CCC.CCC.CCC.CCC:21722 SIP/2.0 183 Session Progress. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.

^^^^^^^^^^^^^^

strange bug again - there must be CCC.CCC.CCC.CCC

From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as1f398d64. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. User-Agent: Asterisk. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY. Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060. Content-Type: application/sdp. Content-Length: 291. . v=0. o=root 20137 20137 IN IP4 AAA.AAA.AAA.AAA. s=session. c=IN IP4 AAA.AAA.AAA.AAA. t=0 0. m=audio 30502 RTP/AVP 98 3 8 0 101. a=rtpmap:98 iLBC/8000. a=rtpmap:3 GSM/8000. a=rtpmap:8 PCMA/8000. a=rtpmap:0 PCMU/8000. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-16. a=silenceSupp:off - - - -.

# U 2006/12/20 19:15:39.290612 AAA.AAA.AAA.AAA:5060 -> OOO.OOO.OOO.OOO:5060 SIP/2.0 180 Ringing. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0;received=OOO.OOO.OOO.OOO. Via: SIP/2.0/UDP CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.

From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as1f398d64. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. User-Agent: Asterisk. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY. Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060. Content-Length: 0. .

# U 2006/12/20 19:15:39.290784 OOO.OOO.OOO.OOO:5060 -> CCC.CCC.CCC.CCC:21722 SIP/2.0 180 Ringing. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.

From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as1f398d64. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. User-Agent: Asterisk. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY. Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060. Content-Length: 0. .

# U 2006/12/20 19:15:45.284233 AAA.AAA.AAA.AAA:5060 -> OOO.OOO.OOO.OOO:5060 SIP/2.0 200 OK. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO;branch=z9hG4bK6a7a.17f1fb15.0;received=OOO.OOO.OOO.OOO. Via: SIP/2.0/UDP CCC.CCC.CCC.CCC:21722;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.

Record-Route: sip:OOO.OOO.OOO.OOO;lr=on;ftag=1d106710. From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as1f398d64. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. User-Agent: Asterisk. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY. Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060. Content-Type: application/sdp. Content-Length: 291. . v=0. o=root 20137 20138 IN IP4 AAA.AAA.AAA.AAA. s=session. c=IN IP4 AAA.AAA.AAA.AAA. t=0 0. m=audio 30502 RTP/AVP 98 3 8 0 101. a=rtpmap:98 iLBC/8000. a=rtpmap:3 GSM/8000. a=rtpmap:8 PCMA/8000. a=rtpmap:0 PCMU/8000. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-16. a=silenceSupp:off - - - -.

# U 2006/12/20 19:15:45.284766 OOO.OOO.OOO.OOO:5060 -> CCC.CCC.CCC.CCC:21722 SIP/2.0 200 OK. Via: SIP/2.0/UDP OOO.OOO.OOO.OOO:5060;branch=z9hG4bK-d87543-3e229802603d7c32-1--d87543-;rport=21722.

Record-Route: sip:OOO.OOO.OOO.OOO;lr=on;ftag=1d106710. From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as1f398d64. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 INVITE. User-Agent: Asterisk. Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY. Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060. Content-Type: application/sdp. Content-Length: 291. . v=0. o=root 20137 20138 IN IP4 OOO.OOO.OOO.OOO. s=session. c=IN IP4 OOO.OOO.OOO.OOO. t=0 0. m=audio 30502 RTP/AVP 98 3 8 0 101. a=rtpmap:98 iLBC/8000. a=rtpmap:3 GSM/8000. a=rtpmap:8 PCMA/8000. a=rtpmap:0 PCMU/8000. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-16. a=silenceSupp:off - - - -.

# U 2006/12/20 19:15:45.523120 CCC.CCC.CCC.CCC:21722 -> OOO.OOO.OOO.OOO:5060 ACK sip:3333333333@AAA.AAA.AAA.AAA:5060 SIP/2.0. Via: SIP/2.0/UDP 192.168.1.207:21722;branch=z9hG4bK-d87543-1276651d53700b28-1--d87543-;rport.

Max-Forwards: 70. Route: sip:OOO.OOO.OOO.OOO;lr;ftag=1d106710. Contact: sip:webrainstorm@OOO.OOO.OOO.OOO:21722. To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as1f398d64. From: "Edoardo Serra"sip:webrainstorm@OOO.OOO.OOO.OOO;tag=1d106710. Call-ID: da31b94065790c5fMzgwMGUxNTE5NTVmNGIwMTAxNDk4YjZhNDIwNDU5Mjc.. CSeq: 2 ACK. Proxy-Authorization: Digest username="webrainstorm",realm="exorsa",nonce="45897ef2b587b98fc67ea19dd5b09d828729da7a",uri="sip:3333333333@OOO.OOO.OOO.OOO",response="eab1c8c11786217fa91a1cccd5ab12ee",algorithm=MD5.

User-Agent: X-Lite release 1002tx stamp 29712. Content-Length: 0. .

#

---- openser.cfg ----

AAA.AAA.AAA.111 and AAA.AAA.AAA.222 are the 2 asterisks used for load balance In the capure before only one of the 2 Asterisk boxes was in dispatcher.list

# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # simple quick-start config script #

# ----------- global configuration parameters ------------------------

#debug=3 # debug level (cmd line: -dddddddddd) fork=yes #log_stderror=no # (cmd line: -E)

check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #children=4 #port=5060 fifo="/tmp/ser_fifo"

#uid=nobody #gid=nobody

# ------------------ module loading ----------------------------------

loadmodule "/usr/lib/openser/modules/sl.so" loadmodule "/usr/lib/openser/modules/tm.so" loadmodule "/usr/lib/openser/modules/rr.so" loadmodule "/usr/lib/openser/modules/maxfwd.so" loadmodule "/usr/lib/openser/modules/usrloc.so" loadmodule "/usr/lib/openser/modules/registrar.so" loadmodule "/usr/lib/openser/modules/nathelper.so" loadmodule "/usr/lib/openser/modules/textops.so" loadmodule "/usr/lib/openser/modules/exec.so" loadmodule "/usr/lib/openser/modules/uri.so" loadmodule "/usr/lib/openser/modules/uri_db.so" loadmodule "/usr/lib/openser/modules/dispatcher.so"

# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/lib/openser/modules/mysql.so" loadmodule "/usr/lib/openser/modules/auth.so" loadmodule "/usr/lib/openser/modules/auth_db.so"

modparam("usrloc", "db_mode", 2) modparam("usrloc", "db_url", "mysql://xxx:xxx@192.168.252.5/openser")

# abbassare il timer modparam("usrloc", "timer_interval", 120)

modparam("auth_db", "calculate_ha1", 0) modparam("auth_db", "db_url", "mysql://xxx:xxx@192.168.252.5/voismartdb")

modparam("uri_db", "db_url", "mysql://xxx:xxx@192.168.252.5/openser")

modparam("rr", "enable_full_lr", 1)

modparam("registrar", "nat_flag", 6) #modparam("registrar", "default_expires", 300) modparam("registrar", "max_expires", 3600) modparam("registrar", "min_expires", 60) modparam("registrar", "append_branches", 0) modparam("registrar", "desc_time_order", 1)

modparam("nathelper", "natping_interval", 20) # Ping interval 20 s modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT

modparam("dispatcher", "force_dst", 1)

# ------------------------- request routing logic -------------------

# main routing logic

route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); exit; };

    if ( (method=="OPTIONS") || (method=="SUBSCRIBE") || 

(method=="NOTIFY") ) { sl_send_reply("405", "Method Not Allowed"); exit; }

do loose_route here

    if (!method=="REGISTER") {
            record_route();
    };

    if ((src_ip==AAA.AAA.AAA.111) || (src_ip==AAA.AAA.AAA.222)) {
            if (!lookup("location")) {
                    sl_send_reply("404", "Not Found");
                    exit;
            };

here you need to apply NAT traversal for the client too: if (isflagset(6)) { force_rtp_proxy(); t_on_reply("1"); }

            # forward to current uri now; use stateful forwarding; that
            # works reliably even if we forward from TCP to UDP
            if (!t_relay()) {
                    sl_reply_error();
            };
            exit;
    };

    if (nat_uac_test("3")) {
            if ((method=="REGISTER") || (method=="INVITE") || 

(method=="OPTIONS")) { fix_nated_contact();

for REGISTER you should use fix_nated_register()

                    force_rport();
                    setflag(6);    # Mark as NATed

use reply route here:

t_on_reply("1");

            }
    }
    # if the request is for other domain use UsrLoc
    # (in case, it does not work, use the following command
    # with proper names and addresses in it)
    if (method=="REGISTER") {
            if (!proxy_authorize("exorsa", "openser_view")) {
                    proxy_challenge("exorsa", "0");
                    exit;
            }
            if (!check_to()) {
                    sl_send_reply("403", "Digest username and URI 

username do NOT match! Stay away!"); exit; }

            save("location");

            exit;
    };

    if (method=="INVITE") {
            if (!proxy_authorize("exorsa", "openser_view")) {
                    proxy_challenge("exorsa", "0");
                    exit;
            }

            if (!check_from()) {
                    sl_send_reply("403", "Digest username and URI 

username do NOT match! Stay away!"); exit; } }

    # loose-route processing
    if (loose_route()) {
            # mark routing logic in request
            append_hf("P-hint: rr-enforced\r\n");
            route(1);
            exit;
    };

move loose_route up

    if (!uri==myself) {
            # mark routing logic in request
            append_hf("P-hint: outbound\r\n");
            route(1);
            exit;
    };

    append_hf("P-hint: usrloc applied\r\n");
    route(1);

}

route[1] { # !! Nathelper if (uri=~"[@:](192.168.|10.|172.(1[6-9]|2[0-9]|3[0-1]).)" && !search("^Route:")){ sl_send_reply("479", "We don't forward to private IP addresses"); exit; };

    # NAT processing of replies; apply to all transactions (for 

example, # re-INVITEs from public to private UA are hard to identify as # NATed at the moment of request processing); look at replies t_on_reply("1");

you active the reply route for all calls. You should do this only for call which need it. Thus, move it up.

    # send it out now; use stateful forwarding as it works reliably
    # even for UDP2TCP
    if ((src_ip!=AAA.AAA.AAA.111) && (src_ip!=AAA.AAA.AAA.222)) {
            ds_select_dst("2", "0");
    }

    if (!t_relay()) {
            sl_reply_error();
    };

}

# !! Nathelper onreply_route[1] { # NATed transaction ? if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); #force_rtp_proxy();

^ Are you sure it is commented? I do not believe it because the ngrep shows that the SDP of 200 Ok is rewritten.

btw: enable it for NAT traversal

# otherwise, is it a transaction behind a NAT and we did not
# know at time of request processing ? (RFC1918 contacts)
} else if (nat_uac_test("1")) {
    fix_nated_contact();
};

I think you do not need this test.

Please read the Getting Started Turial from onsip.org carefully. It describes how you handle NAT correctly and also describes how to do NAT traversal for in-dialog messages, which is missing in your config.

regards klaus

}

Hope it helps.

Tnx again for your help

Regards

Edoardo

I think I may have spotted the problem in the signalling.

In this reply to the INVITE, the *first stage* is fine:

Asterisk -> OpenSER (The signalling here is fine from Asterisk)

In the *second stage*, the reply from OpenSER to UAC

OpenSER -> Client

this part

Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): root 20137 20138 IN IP4 *OOO.OOO.OOO.OOO* Session Name (s): session Connection Information (c): IN IP4 Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): root 20137 20138 IN IP4 OOO.OOO.OOO.OOO Session Name (s): session Connection Information (c): IN IP4 OOO.OOO.OOO.OOO Time Description, active time (t): 0 0 Media Description, name and address (m): audio 58508 Time Description, active time (t): 0 0 Media Description, name and address (m): audio 58508

you see where it says IN IP4, this should *still* have the IP of Asterisk if you want the RTP to go to the Asterisk server, but instead it has the IP of OpenSER so RTP is sent to OpenSER.

This information is taken from somewhere (I forget - i think it's the * contact* of the REGISTER message), but it can be fixed.

You will need to look at the entire call flow starting from when the UAC first registers with OpenSER. Then, in your NAT handling routine use I think *fix_nated_register* and *fix_nated_contact*.

Hope this helps.

On 12/19/06, Edoardo Serra osdevel@webrainstorm.it wrote:

At 13.51 19/12/2006, Klaus Darilion wrote:

...

You said that the 200 contains openser's IP in the SDP? Is it put in there by openser or already by Asterisk?

Tnx very much for help

It's put in there by OpenSER.

I'm attaching the 2 SIP/SDP packets (1 from asterisk to openser and 1 from openser to client)

AAA.AAA.AAA.AAA stands for IP of Asterisk OOO.OOO.OOO.OOO stands for IP of OpenSER CCC.CCC.CCC.CCC stands for IP of client 3333333333 is the called number

No. Time Source Destination Protocol Info 20 12.646925 AAA.AAA.AAA.AAA OOO.OOO.OOO.OOO SIP/SDP Status: 200 OK, with session description

Session Initiation Protocol Status-Line: SIP/2.0 200 OK Message Header Via: SIP/2.0/UDP OOO.OOO.OOO.OOO;branch=z9hG4bK5bbd.eaf4f093.0;received=OOO.OOO.OOO.OOO Via: SIP/2.0/UDP CCC.CCC.CCC.CCC :8952;branch=z9hG4bK-d87543-e15656230434101e-1--d87543-;rport=8952 Record-Route: sip:OOO.OOO.OOO.OOO;lr=on;ftag=9043ec70 From: "test"sip:test@OOO.OOO.OOO.OOO;tag=9043ec70 To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as30a7528b Call-ID: 98684a222a2eeb7aYmVlZTUzZDRhNjMzN2Y0MTZhYmNmOTc5MzQ4OGI3ZGU. CSeq: 3 INVITE User-Agent: Asterisk Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060 Content-Type: application/sdp Content-Length: 291 Message body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): root 20137 20138 IN IP4 AAA.AAA.AAA.AAA Session Name (s): session Connection Information (c): IN IP4 AAA.AAA.AAA.AAA Time Description, active time (t): 0 0 Media Description, name and address (m): audio 58508 RTP/AVP 98 3 8 0 101 Media Attribute (a): rtpmap:98 iLBC/8000 Media Attribute (a): rtpmap:3 GSM/8000 Media Attribute (a): rtpmap:8 PCMA/8000 Media Attribute (a): rtpmap:0 PCMU/8000 Media Attribute (a): rtpmap:101 telephone-event/8000 Media Attribute (a): fmtp:101 0-16 Media Attribute (a): silenceSupp:off - - - -

No. Time Source Destination Protocol Info 21 12.647437 OOO.OOO.OOO.OOO CCC.CCC.CCC.CCC SIP/SDP Status: 200 OK, with session description

Session Initiation Protocol Status-Line: SIP/2.0 200 OK Message Header Via: SIP/2.0/UDP OOO.OOO.OOO.OOO :5060;branch=z9hG4bK-d87543-e15656230434101e-1--d87543-;rport=8952 Record-Route: sip:OOO.OOO.OOO.OOO;lr=on;ftag=9043ec70 From: "test"sip:test@OOO.OOO.OOO.OOO;tag=9043ec70 To: "3333333333"sip:3333333333@OOO.OOO.OOO.OOO;tag=as30a7528b Call-ID: 98684a222a2eeb7aYmVlZTUzZDRhNjMzN2Y0MTZhYmNmOTc5MzQ4OGI3ZGU. CSeq: 3 INVITE User-Agent: Asterisk Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Contact: sip:3333333333@AAA.AAA.AAA.AAA:5060 Content-Type: application/sdp Content-Length: 291 Message body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): root 20137 20138 IN IP4 OOO.OOO.OOO.OOO Session Name (s): session Connection Information (c): IN IP4 OOO.OOO.OOO.OOO Time Description, active time (t): 0 0 Media Description, name and address (m): audio 58508 RTP/AVP 98 3 8 0 101 Media Attribute (a): rtpmap:98 iLBC/8000 Media Attribute (a): rtpmap:3 GSM/8000 Media Attribute (a): rtpmap:8 PCMA/8000 Media Attribute (a): rtpmap:0 PCMU/8000 Media Attribute (a): rtpmap:101 telephone-event/8000 Media Attribute (a): fmtp:101 0-16 Media Attribute (a): silenceSupp:off - - - -

Tnx very much for help again

Regards

Edoardo

...

regards klaus

regards klaus

Edoardo Serra wrote:

...

Hi guys, I'm having a problem with an OpenSER acting as registrar server and load balancer for many Asterisk servers. In a few words: "users are registering on openser and, when they want to make a call, OpenSER proxies the request to an Asterisk server with the dispatcher module" Here is the intended data flow (SIP goes through OpenSER and media goes directly to Asterisk) User <-- SIP --> OpenSER <-- SIP --> Asterisk User <-- RTP --> Asterisk Both, OpenSER and Asterisks have public IPs I already have a working setup of that and everything seems working correctly. I'm trying to replicate that setup on another site, same configurations of the boxes, same versions of OpenSER and Asterisk, etc... but I'm having monodirectional Audio. Having a look with tethereal I see that OpenSER, when the communication is answered, sends a SIP packet (200 OK) to the user indicating itself as media endpoint instead of the Asterisks. From that moment I see RTP packets flowing from the client to OpenSER This seems really strange to me because I just copied the same configurations file from a working setup to the new installation. Tnx in advance for help. Regards P.S.: Here is my openser.cfg ## $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ ## simple quick-start config script # # ----------- global configuration parameters ------------------------ #debug=3 # debug level (cmd line: -dddddddddd) fork=yes #log_stderror=no # (cmd line: -E) check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #children=4 #port=5060 fifo="/tmp/ser_fifo" #uid=nobody #gid=nobody # ------------------ module loading ---------------------------------- loadmodule "/usr/lib/openser/modules/sl.so" loadmodule "/usr/lib/openser/modules/tm.so" loadmodule "/usr/lib/openser/modules/rr.so" loadmodule "/usr/lib/openser/modules/maxfwd.so" loadmodule "/usr/lib/openser/modules/usrloc.so" loadmodule "/usr/lib/openser/modules/registrar.so" loadmodule "/usr/lib/openser/modules/nathelper.so" loadmodule "/usr/lib/openser/modules/textops.so" loadmodule "/usr/lib/openser/modules/exec.so" loadmodule "/usr/lib/openser/modules/uri.so" loadmodule "/usr/lib/openser/modules/uri_db.so" loadmodule "/usr/lib/openser/modules/dispatcher.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/lib/openser/modules/mysql.so" loadmodule "/usr/lib/openser/modules/auth.so" loadmodule "/usr/lib/openser/modules/auth_db.so" modparam("usrloc", "db_mode", 2) modparam("usrloc", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/openser") modparam("usrloc", "timer_interval", 120) modparam("auth_db", "calculate_ha1", 0) modparam("auth_db", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/voip") modparam("uri_db", "db_url", "mysql://xxx:xxx@xxx.xxx.xxx.xxx/openser") modparam("rr", "enable_full_lr", 1) modparam("registrar", "nat_flag", 6) modparam("registrar", "max_expires", 3600) modparam("registrar", "min_expires", 60) modparam("registrar", "append_branches", 0) modparam("registrar", "desc_time_order", 1) modparam("nathelper", "natping_interval", 20) # Ping interval 20 s modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind

NAT

...

...

modparam("dispatcher", "force_dst", 1) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); exit; }; if ( (method=="OPTIONS") || (method=="SUBSCRIBE") || (method=="NOTIFY")

) {

...

...

sl_send_reply("405", "Method Not Allowed"); exit; } if (!method=="REGISTER") { record_route(); }; if ((src_ip==xxx.xxx.xxx.xxx) || (src_ip==xxx.xxx.xxx.xxx)) { # IP of Asterisks if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); }; exit; }; if (nat_uac_test("3")) { if ((method=="REGISTER") || (method=="INVITE") || (method=="OPTIONS")) { fix_nated_contact(); force_rport(); setflag(6); # Mark as NATed } } # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (method=="REGISTER") { if (!proxy_authorize("domain", "openser_view")) { proxy_challenge("domain", "0"); exit; } if (!check_to()) { sl_send_reply("403", "Digest username and URI username do NOT match! Stay away!"); exit; } save("location"); exit; };

if (method=="INVITE") { if (!proxy_authorize("domain", "openser_view")) { proxy_challenge("domain", "0"); exit; } if (!check_from()) { sl_send_reply("403", "Digest username and URI username do NOT match! Stay away!"); exit; } } # loose-route processing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); exit; }; if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); exit; }; append_hf("P-hint: usrloc applied\r\n"); route(1); } route[1] { # ! Nathelper if (uri=~"[@:](192.168.|10.|172.(1[6-9]|2[0-9]|3[0-1]).)" && !search("^Route:")){ sl_send_reply("479", "We don't forward to private IP addresses"); exit; }; # NAT processing of replies; apply to all transactions (for example, # re-INVITEs from public to private UA are hard to identify as # NATed at the moment of request processing); look at replies t_on_reply("1"); # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if ((src_ip!=xxx.xxx.xxx.xxx) && (src_ip!=xxx.xxx.xxx.xxx)) { # IP of Asterisks ds_select_dst("2", "0"); } if (!t_relay()) { sl_reply_error(); }; } # ! Nathelper onreply_route[1] { # NATed transaction ? if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); # otherwise, is it a transaction behind a NAT and we did not # know at time of request processing ? (RFC1918 contacts) } else if (nat_uac_test("1")) { fix_nated_contact(); }; }

---

Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users

-- Klaus Darilion nic.at

---

Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users