[OpenSER-Users] nat_uac_test("31") not enough to detect with some consumer voip passthrough routers
27 Mar
2008
27 Mar
'08
1:13 p.m.
Hi,
Some of our customers have been connecting behind NAT routers that mangle
the sip headers but don't keep the ports open. I've added checks on the
source port to catch this case. Has anyone done something similar or
better? It'd be nice if this could be added as a flag to nat_uac_test() if
it is a common test and there isn't already a better way.
Here is the code I've used to handle my registers. I need to do more
testing once I can get some of these routers in my lab to see how this
affects call processing, not just registering.
Mike
if (!search("^Contact:\ +\*") && nat_uac_test("7"))
{
xlog("L_INFO", "M=$rm RURI=$ru F=$fu IP=$si:$sp CS=$cs
route2: matched nat_uac_test7\n");
xlog("L_NOTICE", "M=$rm RURI=$ru F=$fu IP=$si:$sp CS=$cs
route2: setbflag(6)\n");
setbflag(6);
xlog("L_NOTICE", "M=$rm RURI=$ru F=$fu IP=$si:$sp CS=$cs
route2: fix_natted_register()\n");
fix_nated_register();
#xlog("L_INFO", "M=$rm RURI=$ru F=$fu IP=$si:$sp CS=$cs
route2: force_rport()\n");
#force_rport();
};
#Some NAT devices modify SIP headers to but do not keep the port
mappings open, also some UAs detect report the
#public IP address. In both cases we need nat ping. Exceptions for
default ports. These ports if used as
#source ports can be assumed to be at the very least port forwarded.
if (!isbflagset(6) && $sp != '5060' && $sp != '5061')
{
xlog("L_NOTICE", "M=$rm RURI=$ru F=$fu IP=$si:$sp CS=$cs
route2: matched !isbflagset(6) && ($sp != '5060' && $sp !=
'5061')\n");
setbflag(6);
};
27 Mar
27 Mar
6:30 p.m.
New subject: [OpenSER-Users] nat_uac_test("31") not enough to detect with some consumer voip passthrough routers
El Thursday 27 March 2008 17:13:38 Mike Fedyk escribió:
Hi,
Some of our customers have been connecting behind NAT routers that mangle
the sip headers but don't keep the ports open. I've added checks on the
source port to catch this case. Has anyone done something similar or
better? It'd be nice if this could be added as a flag to nat_uac_test() if
it is a common test and there isn't already a better way.
Here is the code I've used to handle my registers. I need to do more
testing once I can get some of these routers in my lab to see how this
affects call processing, not just registering.
Dear Mike,
I could save you tons of hours trying to solve that problem, ANY router on the
market that do SIP ALG (sip mangling) do it well, ALL of them (cisco, zyxel,
netgear, etc.) do it the wrong way or worst than wrong .. :-(
My advice to you, if you have customers that have that broken routers, 2
solutions:
- Disable SIP ALG support (most of them could disable that feature)
- If SIP ALG could not be disable, tell your customer to change the router.
Another solution is what it is done by Betamax and it's clones ... just IGNORE
all the information on the SDP about IP media sources, tell you customer's UA
to send all the traffic to your RTP proxies and then wait for that RTP before
knowing to were you have to send yours. Also this "solution" have its own
tons of problems, the bigger of them is that it totaly broke SIP standar.
--
Saludos.
Raúl Alexis Betancor Santana
Dimensión Virtual S.L.
7:19 p.m.
New subject: [OpenSER-Users] nat_uac_test("31") not enough to detect with some consumer voip passthrough routers
Hi Raul
Do you experience with iptables SIP module? Is it broken as well? I have been
curious but have not got around to testing it.
Thanks Rob
On Thursday 27 March 2008, Raúl Alexis Betancor Santana wrote:
El Thursday 27 March 2008 17:13:38 Mike Fedyk
escribió:
Hi,
Some of our customers have been connecting behind NAT routers that mangle
the sip headers but don't keep the ports open. I've added checks on the
source port to catch this case. Has anyone done something similar or
better? It'd be nice if this could be added as a flag to nat_uac_test()
if it is a common test and there isn't already a better way.
Here is the code I've used to handle my registers. I need to do more
testing once I can get some of these routers in my lab to see how this
affects call processing, not just registering.
Dear Mike,
I could save you tons of hours trying to solve that problem, ANY router on
the market that do SIP ALG (sip mangling) do it well, ALL of them (cisco,
zyxel, netgear, etc.) do it the wrong way or worst than wrong .. :-(
My advice to you, if you have customers that have that broken routers, 2
solutions:
- Disable SIP ALG support (most of them could disable that feature)
- If SIP ALG could not be disable, tell your customer to change the router.
Another solution is what it is done by Betamax and it's clones ... just
IGNORE all the information on the SDP about IP media sources, tell you
customer's UA to send all the traffic to your RTP proxies and then wait for
that RTP before knowing to were you have to send yours. Also this
"solution" have its own tons of problems, the bigger of them is that it
totaly broke SIP standar. 
31 Mar
31 Mar
8:02 a.m.
Hi Mike!
Dealing with SIP ALGs is really PITA. Currently I do not use any NAT
tests at all but always do NAT traversal (except I know for sure that
the client is asymmetric).
Another useful approach is to open another socket on the SIP proxy with
non-standard port, as most SIP ALGs trigger on port 5060.
regards
klaus
Mike Fedyk schrieb:
Hi,
Some of our customers have been connecting behind NAT routers that mangle
the sip headers but don't keep the ports open. I've added checks on the
source port to catch this case. Has anyone done something similar or
better? It'd be nice if this could be added as a flag to nat_uac_test() if
it is a common test and there isn't already a better way.
Here is the code I've used to handle my registers. I need to do more
testing once I can get some of these routers in my lab to see how this
affects call processing, not just registering.
Mike
if (!search("^Contact:\ +\*") && nat_uac_test("7"))
{
xlog("L_INFO", "M=$rm RURI=$ru F=$fu IP=$si:$sp CS=$cs
route2: matched nat_uac_test7\n");
xlog("L_NOTICE", "M=$rm RURI=$ru F=$fu IP=$si:$sp CS=$cs
route2: setbflag(6)\n");
setbflag(6);
xlog("L_NOTICE", "M=$rm RURI=$ru F=$fu IP=$si:$sp CS=$cs
route2: fix_natted_register()\n");
fix_nated_register();
#xlog("L_INFO", "M=$rm RURI=$ru F=$fu IP=$si:$sp CS=$cs
route2: force_rport()\n");
#force_rport();
};
#Some NAT devices modify SIP headers to but do not keep the port
mappings open, also some UAs detect report the
#public IP address. In both cases we need nat ping. Exceptions for
default ports. These ports if used as
#source ports can be assumed to be at the very least port forwarded.
if (!isbflagset(6) && $sp != '5060' && $sp != '5061')
{
xlog("L_NOTICE", "M=$rm RURI=$ru F=$fu IP=$si:$sp CS=$cs
route2: matched !isbflagset(6) && ($sp != '5060' && $sp !=
'5061')\n");
setbflag(6);
};
_______________________________________________
Users mailing list
Users(a)lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users
6114
days inactive
6118
days old
3 comments
4 participants
participants (4)
-
Klaus Darilion -
Mike Fedyk -
Raúl Alexis Betancor Santana -
Robert Dyck