Hello,
I have an issue with the fix_nated_contact() function. OpenSer is supposed to change Contact header, but it only changes it in the INVITE message, but not in the OK response. As a consequence, ACK messages contain sip:test@192.168.1.1:5060 and not the public ip. OpenSer doesn't know how to handle that ACK and forward it to 192.168.1.1:5060.
The same issue occurs in CANCEL/487. Changes are done in CANCEL Contact header, but not in 487 reply. No problem for BYE, as OK response doesn't need an ACK
I suppose I have something wrong in my cfg file, but I can't find it out.
Regards,
Paul
Openser.Cfg:
...default loadmodules and modparam ...
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER"){
record_route();
force_rport();
fix_nated_register();
fix_nated_contact();
};
#if(search("Contact")){
#setflag(6);
#force_rport();
# fix_nated_contact();
#};
if(method!="REGISTER" && method!="ACK")
{
#record everything besides registers and acks
setflag(1);
setflag(3);
};
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
};
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
# if you have some interdomain connections via TLS
#if(uri=~"@tls_domain1.net") {
# t_relay_to_tls("IP_domain1","port_domain1");
# exit;
#} else if(uri=~"@tls_domain2.net") {
# t_relay_to_tls("IP_domain2","port_domain2");
# exit;
#}
route(1);
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
#change contact field IP and port by those received really used after NAT rewritting by router
#fix_nated_contact();
#force openSer to respond on the port from which the request has been sent insteed of the port
#in contact field.
force_rport();
# Uncomment this if you want to use digest authentication
if (!www_authorize("mydomain", "subscriber")) {
www_challenge("mydomain ", "0");
exit;
};
setflag(1);
setflag(3);
fix_nated_register();
save("location");
exit;
};
lookup("aliases");
if (!uri==myself) {
append_hf("P-hint: outbound alias\r\n");
route(1);
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
exit;
};
append_hf("P-hint: usrloc applied\r\n");
};
route(1);
}
route[1] {
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
exit;
}
I don't have much time so I can not detail it but you need to add a reply_route and check if the reply comes from a nated end-poin, in this case you should add fixed_nated_contact.
For details, check www.onsip.org and the getting started document...
Hope it helps. Samuel
2006/4/4, PREVOT Paul prevot@enseirb.fr:
Hello,
I have an issue with the fix_nated_contact() function. OpenSer is supposed to change Contact header, but it only changes it in the INVITE message, but not in the OK response. As a consequence, ACK messages contain sip:test@192.168.1.1:5060 and not the public ip. OpenSer doesn't know how to handle that ACK and forward it to 192.168.1.1:5060.
The same issue occurs in CANCEL/487. Changes are done in CANCEL Contact header, but not in 487 reply. No problem for BYE, as OK response doesn't need an ACK
I suppose I have something wrong in my cfg file, but I can't find it out.
Regards,
Paul
Openser.Cfg:
...default loadmodules and modparam ...
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER"){ record_route(); force_rport(); fix_nated_register(); fix_nated_contact(); }; #if(search("Contact")){ #setflag(6); #force_rport(); # fix_nated_contact(); #}; if(method!="REGISTER" && method!="ACK") { #record everything besides registers and acks setflag(1); setflag(3); }; # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); }; if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); # if you have some interdomain connections via TLS #if(uri=~"@tls_domain1.net") { #t_relay_to_tls("IP_domain1","port_domain1");
# exit; #} else if(uri=~"@tls_domain2.net") { #t_relay_to_tls("IP_domain2","port_domain2");
# exit; #} route(1); }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") { #change contact field IP and port by those received reallyused after NAT rewritting by router
#fix_nated_contact(); #force openSer to respond on the port from which therequest has been sent insteed of the port
#in contact field. force_rport(); # Uncomment this if you want to use digest authentication if (!www_authorize("mydomain", "subscriber")) { www_challenge("mydomain ", "0"); exit; }; setflag(1); setflag(3); fix_nated_register(); save("location"); exit; }; lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); }; route(1);}
route[1] {
# send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit;}
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
PREVOT Paul -
samuel