[OpenSER-Users] ALG error workarounds - sr-users

26 Oct 2007


      Hi,
I have a number of users behind cisco ADSL routers which have ALG on by  
default, and are causing problems.
If I ask the broadband company to add:
     no ip nat service sip udp port 5060
     no ip nat service H225
to the general config on their Ciscos everything works ok, but getting  
them to change each one individually is a pain, and I know some SIP  
carriers are working fine even with the ALG on.
There are a few errors that happen, one is a 19 second call cut.
The invite is sent, authenticated and connected to the PSTN, but when the  
cisco-gateway sends the 200-OK to say the call is connected things go  
wrong:
1.2.3.201  = Openser proxy
1.2.3.204 = Cisco gateway
81.1.2.218 = User agent IP.
U 1.2.3.204:51431 -> 1.2.3.201:5060
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 1.2.3.201;branch=z9hG4bKf233.b0309086.0,SIP/2.0/UDP  
81.1.2.218:2020;branch=z9hG4bK-13d1535f.
From: %5 sip:101000000@sip.example.com;tag=32750c901739579ao0.
To: sip:00243999049102@sip.example.com;tag=F48836B0-608.
U 1.2.3.201:5060 -> 81.1.2.218:2020
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 81.1.2.218:2020;branch=z9hG4bK-13d1535f.
From: %5 sip:101000000@sip.example.com;tag=32750c901739579ao0.
To: sip:00243999049102@sip.example.com;tag=F48836B0-608.
U 81.1.2.218:2020 -> 1.2.3.201:5060
ACK sip:202000243999049102@81.1.2.218:2021 SIP/2.0.
Via: SIP/2.0/UDP 81.1.2.218:2020;branch=z9hG4bK-a8d9ae6f.
From: %5 sip:101000000@sip.example.com;tag=32750c901739579ao0.
To: sip:00243999049102@sip.example.com;tag=F48836B0-608.
U 1.2.3.201:5060 -> 81.1.2.218:2021
ACK sip:202000243999049102@81.1.2.218:2021 SIP/2.0.
Record-Route: sip:1.2.3.201;lr=on;ftag=32750c901739579ao0.
Via: SIP/2.0/UDP 1.2.3.201;branch=z9hG4bKf233.b0309086.2.
Via: SIP/2.0/UDP 81.1.2.218:2020;branch=z9hG4bK-a8d9ae6f.
From: %5 sip:101000000@sip.example.com;tag=32750c901739579ao0.
To: sip:00243999049102@sip.example.com;tag=F48836B0-608.
So for some reason the ACK sent by the useragent is:
ACK sip:202000243999049102@81.1.2.218:2021 SIP/2.0.
instead of:
ACK sip:202000243999049102@89.202.141.204:5060 SIP/2.0.
so openser sends the ACK back to the useragent instead of to the cisco  
gateway.
The cisco gateway then keeps sending the 200 OKs because it is not getting  
the reply, and finally the call times out after 19 seconds and the cisco  
send a BYE.
The full trace is attached.
Sometimes this problem does not occur, but the same thing happens with the  
final BYE, so the useragent sends:
BYE sip:202000243999174148@81.241.251.218:2022 SIP/2.0.
instead of:
BYE sip:202000243999174148@89.202.141.204:5060 SIP/2.0.
So openser sends the BYE back to the useragent instead of to the gateway.
Sorry for the long mail, and thanks for any pointers.
Richard