At 10:59 PM 10/3/2004, Michael Shuler wrote:
SER doesn't seem to be returning the Unauthorized message to the correct port, but it does get at least the right IP.
It does return the replies to correct port. RFC3261 mandates the replies to be sent to the port advertised in Via, which is implicitely 5060. Solid clients are symmetric and advertise it as specified in RFC3581; then SER sends replies back symmetrically. You can force it do it anyhow using force_rport at the risk of confusing non-symmetric clients.
-jiri
You will notice the REGISTER is received on 216.43.27.75:56059 but the Unauthorized is sent back to 216.43.27.75:5060. Is there any way to get SER to send back to the correct port so symmetrical NAT will work correctly?
U 216.43.27.75:56059 -> 198.88.216.87:5060 REGISTER sip:bwsys.net SIP/2.0..Via: SIP/2.0/UDP 192.168.1.119:5060;branch=z9hG4bK2309979991..From: SafeWayLine1 <sip:SafeWayLi ne1@bwsys.net>;tag=1023220770..To: SafeWayLine1 sip:SafeWayLine1@bwsys.net..Call-ID: 3966543944@192.168.1.119..CSeq: 15 REGIS TER..Contact: sip:SafeWayLine1@192.168.1.119:5060..max-forwards: 70..user-agent: Azacall200..expires: 60..Content-Length: 0.. ..
# U 198.88.216.87:5060 -> 216.43.27.75:5060 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 192.168.1.119:5060;branch=z9hG4bK2309979991;received=216.43.27.75..From: SafeWayLine 1 sip:SafeWayLine1@bwsys.net;tag=1023220770..To: SafeWayLine1 sip:SafeWayLine1@bwsys.net;tag=ceb07c727e9d78dd71cafc9196e2f4 a7.535c..Call-ID: 3966543944@192.168.1.119..CSeq: 15 REGISTER..WWW-Authenticate: Digest realm="bwsys.net", nonce="416067d1a3983 6e4022698b6217bab605b990a18", qop="auth"..Server: Sip EXpress router (0.8.14 (i386/linux))..Content-Length: 0....
Michael Shuler, C.E.O. BitWise Communications, Inc. (CLEC) And BitWise Systems, Inc. (ISP) 682 High Point Lane East Peoria, IL 61611 Office: (217) 585-0357 Cell: (309) 657-6365 Fax: (309) 213-3500 E-Mail: mike@bwsys.net Customer Service: (877) 976-0711
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
That's what I was looking for except SER seems to not like it as a global config option, is it supposed to be an option for a particular module?
I do agree that the Via line should show the correct values in it and that is true of all of my other NAT'ed clients who sit behind LinkSys, Netgear, etc. routers. However also in RFC3581 shows how symmetric NAT is to work and although a client *should* be able to detect its IP/PORT that the NAT router will be using for it, it does state that this is not bullet proof and the proxy should compensate for it i.e. the force_rport option. Please let me know if I am misunderstanding the RFC.
----------------------------------------
Michael Shuler, C.E.O. BitWise Communications, Inc. (CLEC) And BitWise Systems, Inc. (ISP) 682 High Point Lane East Peoria, IL 61611 Office: (217) 585-0357 Cell: (309) 657-6365 Fax: (309) 213-3500 E-Mail: mike@bwsys.net Customer Service: (877) 976-0711
-----Original Message----- From: Jiri Kuthan [mailto:jiri@iptel.org] Sent: Sunday, October 03, 2004 4:21 PM To: Michael Shuler; serusers@lists.iptel.org Subject: Re: [Serusers] REGISTER NAT Failure
At 10:59 PM 10/3/2004, Michael Shuler wrote:
SER doesn't seem to be returning the Unauthorized message to
the correct
port, but it does get at least the right IP.
It does return the replies to correct port. RFC3261 mandates the replies to be sent to the port advertised in Via, which is implicitely 5060. Solid clients are symmetric and advertise it as specified in RFC3581; then SER sends replies back symmetrically. You can force it do it anyhow using force_rport at the risk of confusing non-symmetric clients.
-jiri
You will notice the REGISTER is received on 216.43.27.75:56059 but the Unauthorized is
sent back to
216.43.27.75:5060. Is there any way to get SER to send back
to the correct
port so symmetrical NAT will work correctly?
U 216.43.27.75:56059 -> 198.88.216.87:5060 REGISTER sip:bwsys.net SIP/2.0..Via: SIP/2.0/UDP 192.168.1.119:5060;branch=z9hG4bK2309979991..From: SafeWayLine1 <sip:SafeWayLi ne1@bwsys.net>;tag=1023220770..To: SafeWayLine1 sip:SafeWayLine1@bwsys.net..Call-ID:
3966543944@192.168.1.119..CSeq: 15
REGIS TER..Contact: sip:SafeWayLine1@192.168.1.119:5060..max-forwards: 70..user-agent: Azacall200..expires: 60..Content-Length: 0.. ..
# U 198.88.216.87:5060 -> 216.43.27.75:5060 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 192.168.1.119:5060;branch=z9hG4bK2309979991;received=216.43.2
7.75..From:
SafeWayLine 1 sip:SafeWayLine1@bwsys.net;tag=1023220770..To: SafeWayLine1 sip:SafeWayLine1@bwsys.net;tag=ceb07c727e9d78dd71cafc9196e2f4 a7.535c..Call-ID: 3966543944@192.168.1.119..CSeq: 15 REGISTER..WWW-Authenticate: Digest realm="bwsys.net",
nonce="416067d1a3983
6e4022698b6217bab605b990a18", qop="auth"..Server: Sip
EXpress router
(0.8.14 (i386/linux))..Content-Length: 0....
Michael Shuler, C.E.O. BitWise Communications, Inc. (CLEC) And BitWise Systems, Inc. (ISP) 682 High Point Lane East Peoria, IL 61611 Office: (217) 585-0357 Cell: (309) 657-6365 Fax: (309) 213-3500 E-Mail: mike@bwsys.net Customer Service: (877) 976-0711
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
-
Jiri Kuthan -
Michael Shuler