[Serusers] rtpproxy/nathelper configuration issues. i think.
Jan Janak
jan at iptel.org
Thu Feb 5 16:50:18 CET 2004
A simple solution is that you simply compare the IP in the Request-URI
with the IP address from which the INVITE has come. If there more NATs
then this will not work, of course, but the question is if it makes
sense so support such configurations.
Jan.
On 02-02 09:29, Klaus Darilion wrote:
> Hi Nils!
>
> How will you detect that both clients are behind the same NAT? You could
> check, if the requests come from the same IP address (the IP address
> of the NAT-box), but what if there some more NATs behind the first NAT-box?
>
> klaus
>
> Nils Ohlmeier wrote:
> >If the UAs are sitting behind the same NAT then the nathelper module may
> >help you (but that is not the intention of the module). But you should
> >give up the idea to use the external RTP proxy IMHO. It simply does not
> >make much sence to route the traffic of the two UAs through the internet
> >when the can talk to each other directly in the same LAN (i mean only the
> >RTP part not the signaling part).
> >
> >Regards
> > Nils
> >
> >On Monday 02 February 2004 02:44, Eric C. Snowdeal III wrote:
> >
> >>i've been getting my sea legs with SER and am having trouble getting
> >>rtpproxy to nathelper to work correctly with my setup. since everything
> >>works fine if i test the scenario with a freeworld dialup account, i'm
> >>assuming that my problems are solely due to the vastness of my ignorance
> >>on how to configure SER correctly.
> >>
> >>i have three x-lite clients [ one is running on windows 2000 not sure of
> >>the build number, but it's the latest download from the website; the
> >>other two clients are both build 1101 on mac 10.2.3. SER running on a
> >>rh9 box on a public IP with rtpproxy. i installed ser-0.8.12-0.i386.rpm
> >>which i downloaded from the ftp server. the x-lite clients are sitting
> >>behind a linksys befw11s4 nat router.
> >>
> >>i can run SER without nathelper/rtpproxy and make and receive calls to
> >>clients outside the my network. however, things fall apart quickly when
> >>i try to run more than one client behind the nat [ lost audio, timeouts
> >>etc] which i presume is what nathelper is supposed to deal with. if try
> >>to run to use nathelper, i can't make a call from a one client to
> >>another client behind the lan. the calls won't go through - they simply
> >>timeout.
> >>
> >>i downloaded and compiled rtpproxy which i obtained from the portaone
> >>website and simply started it from the command line. i can't figure out
> >>how to get any debugging messages from rtpproxy, but i can see that the
> >>process exists and /var/run/rtpproxy.sock is created.
> >>
> >>i altered ser.cfg using the template i found in the ser-0.8.12_src
> >>tarball [ /modules/nathelper/nathelper.cfg ]. see my config below [1].
> >> i understand that things have changed quite a bit in the CVS head, but
> >>i tried to compile and install the latest CVS version, but i ran into a
> >>host of config errors using the nathelper.cfg supplied, so i decided to
> >>backtrack, gather my wits, and stick with the released version.
> >>
> >>the x-lite clients appear to register appropriately with the server [2 -
> >>public ip addresses have been changed to protect the innocent]. to my
> >>untrained eye, these messages look the same as what i see when i test
> >>things using freeworld dialup accounts and i can make a call to another
> >>client on the same lan segment - i.e. the internal IP addresses are
> >>being sent. the location database also shows that the internal IP
> >>addresses are being used [3], but i don't know if this is what i want or
> >>not. oh. i'm also using my.public.box - a FQDN - as in the x-lite
> >>fields where it asks for "Domain/Realm", "SIP Proxy" and "Out Bound
> >>Proxy".
> >>
> >>so anyone care to grab me by the lapels and point out what i'm obviously
> >>doing wrong :-)
> >>
> >>
> >>[1]
> >>#
> >># $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
> >>#
> >># simple quick-start config script
> >>#
> >>
> >># ----------- global configuration parameters ------------------------
> >>
> >>#debug=3 # debug level (cmd line: -dddddddddd)
> >>#fork=yes
> >>#log_stderror=no # (cmd line: -E)
> >>
> >>/* Uncomment these lines to enter debugging mode
> >>debug=7
> >>fork=no
> >>log_stderror=yes
> >>*/
> >>
> >>check_via=no # (cmd. line: -v)
> >>dns=no # (cmd. line: -r)
> >>rev_dns=no # (cmd. line: -R)
> >>#port=5060
> >>#children=4
> >>fifo="/tmp/ser_fifo"
> >>
> >># ------------------ module loading ----------------------------------
> >>
> >># Uncomment this if you want to use SQL database
> >>#loadmodule "/usr/lib/ser/modules/mysql.so"
> >>
> >>loadmodule "/usr/lib/ser/modules/nathelper.so"
> >>
> >>loadmodule "/usr/lib/ser/modules/sl.so"
> >>loadmodule "/usr/lib/ser/modules/tm.so"
> >>loadmodule "/usr/lib/ser/modules/rr.so"
> >>loadmodule "/usr/lib/ser/modules/maxfwd.so"
> >>loadmodule "/usr/lib/ser/modules/usrloc.so"
> >>loadmodule "/usr/lib/ser/modules/registrar.so"
> >>
> >># Uncomment this if you want digest authentication
> >># mysql.so must be loaded !
> >>#loadmodule "/usr/lib/ser/modules/auth.so"
> >>#loadmodule "/usr/lib/ser/modules/auth_db.so"
> >>
> >># ----------------- setting module-specific parameters ---------------
> >>
> >># -- usrloc params --
> >>
> >>modparam("usrloc", "db_mode", 0)
> >>
> >># Uncomment this if you want to use SQL database
> >># for persistent storage and comment the previous line
> >>#modparam("usrloc", "db_mode", 2)
> >>
> >># -- auth params --
> >># Uncomment if you are using auth module
> >>#
> >>#modparam("auth_db", "calculate_ha1", yes)
> >>#
> >># If you set "calculate_ha1" parameter to yes (which true in this config),
> >># uncomment also the following parameter)
> >>#
> >>#modparam("auth_db", "password_column", "password")
> >>
> >># -- rr params --
> >># add value to ;lr param to make some broken UAs happy
> >>modparam("rr", "enable_full_lr", 1)
> >>
> >>alias="my.public.box"
> >>
> >># ------------------------- request routing logic -------------------
> >>
> >># main routing logic
> >>
> >>route{
> >>
> >> # initial sanity checks -- messages with
> >> # max_forwards==0, or excessively long requests
> >> if (!mf_process_maxfwd_header("10")) {
> >> sl_send_reply("483","Too Many Hops");
> >> break;
> >> };
> >> if ( msg:len > max_len ) {
> >> sl_send_reply("513", "Message too big");
> >> break;
> >> };
> >>
> >>
> >> # compulsory processing of Route header fields and adding RR
> >> loose_route();
> >>
> >> /* registration (uses rewritten contacts) */
> >> if (method=="REGISTER") {
> >> save("location");
> >> break;
> >> };
> >>
> >> if (method=="INVITE") {
> >> record_route();
> >> if (isflagset(1)) { # ATA ?
> >> fix_nated_sdp("3");
> >> };
> >> /* set up reply processing */
> >> t_on_reply("1");
> >> };
> >>
> >> if (method == "INVITE" || method == "CANCEL") {
> >> if (!lookup("location")) {
> >> sl_send_reply("404", "Not Found");
> >> break;
> >> };
> >> };
> >>
> >> /* set up reply processing and forward statefuly */
> >> t_relay();
> >>}
> >>
> >># all incoming replies for t_onrepli-ed transactions enter here
> >>onreply_route[1] {
> >> if (status=~"2[0-9][0-9]")
> >> fix_nated_contact();
> >> fix_nated_sdp("3");
> >>}
> >>
> >>[2]
> >>
> >>Established SIP protocol listen on: 192.168.1.100:5060
> >>
> >>Discovered Restricted Cone NAT Firewall
> >>
> >>SIP: 192.168.1.100:5060
> >>RTP: 192.168.1.100:8000
> >>NAT: my.router.public.ip
> >>
> >>PROXY#0: ser.public.ip:5060
> >>
> >>OUTBOUND-PROXY#0: ser.public.ip:5060
> >>
> >>
> >>SEND >> ser.public.ip:5060
> >>REGISTER sip:my.public.box SIP/2.0
> >>Via: SIP/2.0/UDP
> >>192.168.1.100:5060;rport;branch=z9hG4bK9DF27D98551C11D882E3000393B930BA
> >>From: snowdeal <sip:123 at my.public.box>
> >>To: snowdeal <sip:123 at my.public.box>
> >>Contact: "snowdeal" <sip:123 at 192.168.1.100:5060>
> >>Call-ID: 9DA51D06551C11D882E3000393B930BA at my.public.box
> >>CSeq: 56648 REGISTER
> >>Expires: 1800
> >>Max-Forwards: 70
> >>User-Agent: X-Lite build 1101
> >>Content-Length: 0
> >>
> >>
> >>RECEIVE << ser.public.ip:5060
> >>SIP/2.0 200 OK
> >>Via: SIP/2.0/UDP
> >>192.168.1.100:5060;rport=5060;branch=z9hG4bK9DF27D98551C11D882E3000393B930B
> >>A;received=my.router.public.ip From: snowdeal <sip:123 at my.public.box>
> >>To: snowdeal
> >><sip:123 at my.public.box>;tag=b27e1a1d33761e85846fc98f5f3a7e58.3894
> >>Call-ID: 9DA51D06551C11D882E3000393B930BA at my.public.box
> >>CSeq: 56648 REGISTER
> >>Contact: <sip:123 at 192.168.1.100:5060>;q=0.00;expires=1800
> >>Server: Sip EXpress router (0.8.12 (i386/linux))
> >>Content-Length: 0
> >>Warning: 392 ser.public.ip:5060 "Noisy feedback tells: pid=21653
> >>req_src_ip=my.router.public.ip req_src_port=5060
> >>in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1"
> >>
> >>
> >>----------
> >>
> >>
> >>Established SIP protocol listen on: 192.168.1.101:5060
> >>
> >>Discovered Restricted Cone NAT Firewall
> >>
> >>SIP: 192.168.1.101:5060
> >>RTP: 192.168.1.101:8000
> >>NAT: my.router.public.ip
> >>
> >>PROXY#0: 69.55.224.151:5060
> >>
> >>OUTBOUND-PROXY#0: 69.55.224.151:5060
> >>
> >>
> >>SEND >> ser.public.ip:5060
> >>REGISTER sip:my.public.box SIP/2.0
> >>Via: SIP/2.0/UDP
> >>192.168.1.101:5060;rport;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC13A
> >>From: kristine <sip:456 at my.public.box>
> >>To: kristine <sip:456 at my.public.box>
> >>Contact: "kristine" <sip:456 at 192.168.1.101:5060>
> >>Call-ID: AC7B8E18551C11D8B317000A957BC13A at my.public.box
> >>CSeq: 55034 REGISTER
> >>Expires: 1800
> >>Max-Forwards: 70
> >>User-Agent: X-Lite build 1101
> >>Content-Length: 0
> >>
> >>
> >>RECEIVE << ser.public.ip:5060
> >>SIP/2.0 200 OK
> >>Via: SIP/2.0/UDP
> >>192.168.1.101:5060;rport=15060;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC1
> >>3A;received=my.router.public.ip From: kristine <sip:456 at my.public.box>
> >>To: kristine
> >><sip:456 at my.public.box>;tag=b27e1a1d33761e85846fc98f5f3a7e58.b0ef
> >>Call-ID: AC7B8E18551C11D8B317000A957BC13A at my.public.box
> >>CSeq: 55034 REGISTER
> >>Contact: <sip:456 at 192.168.1.101:5060>;q=0.00;expires=1800
> >>Server: Sip EXpress router (0.8.12 (i386/linux))
> >>Content-Length: 0
> >>Warning: 392 ser.public.ip:5060 "Noisy feedback tells: pid=21658
> >>req_src_ip=my.router.public.ip req_src_port=15060
> >>in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1
> >>
> >>[3]
> >>
> >>===Domain list===
> >>---Domain---
> >>name : 'location'
> >>size : 512
> >>table: 0x402d60d8
> >>d_ll {
> >> n : 2
> >> first: 0x402d80e0
> >> last : 0x402d81c8
> >>}
> >>
> >>...Record(0x402d80e0)...
> >>domain: 'location'
> >>aor : '123'
> >>~~~Contact(0x402d8120)~~~
> >>domain : 'location'
> >>aor : '123'
> >>Contact: 'sip:123 at 192.168.1.100:5060'
> >>Expires: 583
> >>q : 0.00
> >>Call-ID: '9DA51D06551C11D882E3000393B930BA at my.public.box'
> >>CSeq : 56648
> >>replic : 0
> >>State : CS_NEW
> >>Flags : 0
> >>next : (nil)
> >>prev : (nil)
> >>~~~/Contact~~~~
> >>.../Record...
> >>...Record(0x402d81c8)...
> >>domain: 'location'
> >>aor : '456'
> >>~~~Contact(0x402d8208)~~~
> >>domain : 'location'
> >>aor : '456'
> >>Contact: 'sip:456 at 192.168.1.101:5060'
> >>Expires: 614
> >>q : 0.00
> >>Call-ID: 'AC7B8E18551C11D8B317000A957BC13A at my.public.box'
> >>CSeq : 55034
> >>replic : 0
> >>State : CS_NEW
> >>Flags : 0
> >>next : (nil)
> >>prev : (nil)
> >>~~~/Contact~~~~
> >>.../Record...
> >>
> >>---/Domain---
> >>===/Domain list===
> >>
> >>_______________________________________________
> >>Serusers mailing list
> >>serusers at lists.iptel.org
> >>http://lists.iptel.org/mailman/listinfo/serusers
> >
> >
> >_______________________________________________
> >Serusers mailing list
> >serusers at lists.iptel.org
> >http://lists.iptel.org/mailman/listinfo/serusers
> >
> >
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list