[Serusers] rtpproxy/nathelper configuration issues. i think.

Eric C. Snowdeal III eric at snowdeal.org
Mon Feb 2 02:44:27 CET 2004 

i've been getting my sea legs with SER and am having trouble getting 
rtpproxy to nathelper to work correctly with my setup.  since everything 
works fine if i test the scenario with a freeworld dialup account, i'm 
assuming that my problems are solely due to the vastness of my ignorance 
on how to configure SER correctly.

i have three x-lite clients [ one is running on windows 2000 not sure of 
the build number, but it's the latest download from the website; the 
other two clients are both build 1101 on mac 10.2.3. SER running on a 
rh9 box on a public IP with rtpproxy. i installed ser-0.8.12-0.i386.rpm 
which i downloaded from the ftp server.  the x-lite clients are sitting 
behind a linksys befw11s4 nat router.

i can run SER without nathelper/rtpproxy and make and receive calls to 
clients outside the my network.  however, things fall apart quickly when 
i try to run more than one client behind the nat [ lost audio, timeouts 
etc] which i presume is what nathelper is supposed to deal with.  if try 
to run to use nathelper, i can't make a call from a one client to 
another client behind the lan.  the calls won't go through - they simply 
timeout.

i downloaded and compiled rtpproxy which i obtained from the portaone 
website and simply started it from the command line.  i can't figure out 
how to get any debugging messages from rtpproxy, but i can see that the 
process exists and /var/run/rtpproxy.sock is created.

i altered ser.cfg using the template i found in the ser-0.8.12_src 
tarball [ /modules/nathelper/nathelper.cfg ].  see my config below [1]. 
  i understand that things have changed quite a bit in the CVS head, but 
i tried to compile and install the latest CVS version, but i ran into a 
host of config errors using the nathelper.cfg supplied, so i decided to 
backtrack, gather my wits, and stick with the released version.

the x-lite clients appear to register appropriately with the server [2 - 
public ip addresses have been changed to protect the innocent].  to my 
untrained eye, these messages look the same as what i see when i test 
things using freeworld dialup accounts and i can make a call to another 
client on the same lan segment - i.e. the internal IP addresses are 
being sent. the location database also shows that the internal IP 
addresses are being used [3], but i don't know if this is what i want or 
not.  oh.  i'm also using my.public.box - a FQDN - as in the x-lite 
fields where it asks for "Domain/Realm", "SIP Proxy" and "Out Bound Proxy".

so anyone care to grab me by the lapels and point out what i'm obviously 
doing wrong :-)


[1]
#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#

# ----------- global configuration parameters ------------------------

#debug=3         # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no        # (cmd line: -E)

/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/

check_via=no    # (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database
#loadmodule "/usr/lib/ser/modules/mysql.so"

loadmodule "/usr/lib/ser/modules/nathelper.so"

loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"

# Uncomment this if you want digest authentication
# mysql.so must be loaded !
#loadmodule "/usr/lib/ser/modules/auth.so"
#loadmodule "/usr/lib/ser/modules/auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

modparam("usrloc", "db_mode",   0)

# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)

# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")

# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)

alias="my.public.box"

# -------------------------  request routing logic -------------------

# main routing logic

route{

         # initial sanity checks -- messages with
         # max_forwards==0, or excessively long requests
         if (!mf_process_maxfwd_header("10")) {
                 sl_send_reply("483","Too Many Hops");
                 break;
         };
         if ( msg:len > max_len ) {
                 sl_send_reply("513", "Message too big");
                 break;
         };


         # compulsory processing of Route header fields and adding RR
         loose_route();

         /* registration (uses rewritten contacts) */
         if (method=="REGISTER") {
                 save("location");
                 break;
         };

         if (method=="INVITE") {
                 record_route();
                 if (isflagset(1)) { # ATA ?
                         fix_nated_sdp("3");
                 };
                 /* set up reply processing */
                 t_on_reply("1");
         };

         if (method == "INVITE" || method == "CANCEL") {
                 if (!lookup("location")) {
                         sl_send_reply("404", "Not Found");
                         break;
                 };
         };

         /* set up reply processing and forward statefuly */
         t_relay();
}

# all incoming replies for t_onrepli-ed transactions enter here
onreply_route[1] {
         if (status=~"2[0-9][0-9]")
                 fix_nated_contact();
                 fix_nated_sdp("3");
}

[2]

Established SIP protocol listen on: 192.168.1.100:5060

Discovered Restricted Cone NAT Firewall

SIP: 192.168.1.100:5060
RTP: 192.168.1.100:8000
NAT: my.router.public.ip

PROXY#0: ser.public.ip:5060

OUTBOUND-PROXY#0: ser.public.ip:5060


SEND >> ser.public.ip:5060
REGISTER sip:my.public.box SIP/2.0
Via: SIP/2.0/UDP 
192.168.1.100:5060;rport;branch=z9hG4bK9DF27D98551C11D882E3000393B930BA
From: snowdeal <sip:123 at my.public.box>
To: snowdeal <sip:123 at my.public.box>
Contact: "snowdeal" <sip:123 at 192.168.1.100:5060>
Call-ID: 9DA51D06551C11D882E3000393B930BA at my.public.box
CSeq: 56648 REGISTER
Expires: 1800
Max-Forwards: 70
User-Agent: X-Lite build 1101
Content-Length: 0


RECEIVE << ser.public.ip:5060
SIP/2.0 200 OK
Via: SIP/2.0/UDP 
192.168.1.100:5060;rport=5060;branch=z9hG4bK9DF27D98551C11D882E3000393B930BA;received=my.router.public.ip
From: snowdeal <sip:123 at my.public.box>
To: snowdeal 
<sip:123 at my.public.box>;tag=b27e1a1d33761e85846fc98f5f3a7e58.3894
Call-ID: 9DA51D06551C11D882E3000393B930BA at my.public.box
CSeq: 56648 REGISTER
Contact: <sip:123 at 192.168.1.100:5060>;q=0.00;expires=1800
Server: Sip EXpress router (0.8.12 (i386/linux))
Content-Length: 0
Warning: 392 ser.public.ip:5060 "Noisy feedback tells:  pid=21653 
req_src_ip=my.router.public.ip req_src_port=5060 
in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1"


----------


Established SIP protocol listen on: 192.168.1.101:5060

Discovered Restricted Cone NAT Firewall

SIP: 192.168.1.101:5060
RTP: 192.168.1.101:8000
NAT: my.router.public.ip

PROXY#0: 69.55.224.151:5060

OUTBOUND-PROXY#0: 69.55.224.151:5060


SEND >> ser.public.ip:5060
REGISTER sip:my.public.box SIP/2.0
Via: SIP/2.0/UDP 
192.168.1.101:5060;rport;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC13A
From: kristine <sip:456 at my.public.box>
To: kristine <sip:456 at my.public.box>
Contact: "kristine" <sip:456 at 192.168.1.101:5060>
Call-ID: AC7B8E18551C11D8B317000A957BC13A at my.public.box
CSeq: 55034 REGISTER
Expires: 1800
Max-Forwards: 70
User-Agent: X-Lite build 1101
Content-Length: 0


RECEIVE << ser.public.ip:5060
SIP/2.0 200 OK
Via: SIP/2.0/UDP 
192.168.1.101:5060;rport=15060;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC13A;received=my.router.public.ip
From: kristine <sip:456 at my.public.box>
To: kristine 
<sip:456 at my.public.box>;tag=b27e1a1d33761e85846fc98f5f3a7e58.b0ef
Call-ID: AC7B8E18551C11D8B317000A957BC13A at my.public.box
CSeq: 55034 REGISTER
Contact: <sip:456 at 192.168.1.101:5060>;q=0.00;expires=1800
Server: Sip EXpress router (0.8.12 (i386/linux))
Content-Length: 0
Warning: 392 ser.public.ip:5060 "Noisy feedback tells: pid=21658 
req_src_ip=my.router.public.ip req_src_port=15060 
in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1

[3]

===Domain list===
---Domain---
name : 'location'
size : 512
table: 0x402d60d8
d_ll {
     n    : 2
     first: 0x402d80e0
     last : 0x402d81c8
}

...Record(0x402d80e0)...
domain: 'location'
aor   : '123'
~~~Contact(0x402d8120)~~~
domain : 'location'
aor    : '123'
Contact: 'sip:123 at 192.168.1.100:5060'
Expires: 583
q      :       0.00
Call-ID: '9DA51D06551C11D882E3000393B930BA at my.public.box'
CSeq   : 56648
replic : 0
State  : CS_NEW
Flags  : 0
next   : (nil)
prev   : (nil)
~~~/Contact~~~~
.../Record...
...Record(0x402d81c8)...
domain: 'location'
aor   : '456'
~~~Contact(0x402d8208)~~~
domain : 'location'
aor    : '456'
Contact: 'sip:456 at 192.168.1.101:5060'
Expires: 614
q      :       0.00
Call-ID: 'AC7B8E18551C11D8B317000A957BC13A at my.public.box'
CSeq   : 55034
replic : 0
State  : CS_NEW
Flags  : 0
next   : (nil)
prev   : (nil)
~~~/Contact~~~~
.../Record...

---/Domain---
===/Domain list===

More information about the sr-users mailing list