[Serusers] RTP Proxy: can' t have RTP traversing NAT

Marian Dumitru marian.dumitru at voice-sistem.ro
Mon Nov 8 20:19:52 CET 2004 

Hi Francois,

My first guess is the SER and RTP-PROXY versions are not compatible. For 
0.8.14 use the latest rtpproxy version from cvs (same as ser).

Best regards,
Marian


frbilles at libertysurf.fr wrote:
> Hi.
> 
> I've been trying to fix this issue by myself for about a month but definitely needs your help.
> 
> I use SER 0.8.14 from CVS sources with RTPProxy V 1.19 and can't have RTP stream working through NAT (the phone rings -- SIP is OK).
> 
> SER and RTPProxy run on the same server.
> 
> RTPProxy is up and running, and I set 777 rights to the socket:
> 
> [root at servername rtpproxy]# ll /var/run/rtpproxy.sock
> srwxrwxrwx 1 root root 0 Nov 8 16:22 /var/run/rtpproxy.sock=
> 
> I use as a client X-Lite V2.0 on each side.
> 
> Please find below the log (call initiated from Internet to a callee on our LAN) and the excellent ser.cfg file I found in the Serusers Archives.
> 
> Thank you in advance for your help.
> 
> Francois.
> 
> 
> 
> =====================================================================================================================
> LOG:
> =====================================================================================================================
> Maxfwd module- initializing
> 0(28184) mod_init(): Database connection opened successfuly
> textops - initializing
> 0(0) INFO: udp_init: SO_RCVBUF is initially 65535
> 0(0) INFO: udp_init: SO_RCVBUF is finally 131070
> 1(28186) rtpp_test: RTP proxy found, support for it enabled
> 5(28195) INFO: fifo process starting: 28195
> 2(28187) rtpp_test: RTP proxy found, support for it enabled
> 3(28188) rtpp_test: RTP proxy found, support for it enabled
> 4(28194) rtpp_test: RTP proxy found, support for it enabled
> 5(28195) rtpp_test: RTP proxy found, support for it enabled
> 5(28195) SER: open_uac_fifo: fifo server up at /tmp/ser_fifo...
> 8(28208) rtpp_test: RTP proxy found, support for it enabled
> 6(28206) rtpp_test: RTP proxy found, support for it enabled
> 10(28213) rtpp_test: RTP proxy found, support for it enabled
> 7(28207) rtpp_test: RTP proxy found, support for it enabled
> 11(28214) rtpp_test: RTP proxy found, support for it enabled
> 9(28209) rtpp_test: RTP proxy found, support for it enabled
> 0(28184) rtpp_test: RTP proxy found, support for it enabled
> 4(28194) -------------------------------------------
> 4(28194) entering main loop
> 4(28194) src address different than via header->NAT detected
> 4(28194) force_rport and fix_nated_contact and setflag(5)
> 4(28194) INVITE message received
> 4(28194) -------------------------------------------
> 4(28194) entering route[1] - relaying SIP message
> 4(28194) at least one of the participants is NATed->record_route
> 4(28194) -->setting up reply processing ->onreply_route[1] 4(28194) INVITE request-->force_rtp_proxy, set NATED-INVITE flag(7) 4(28194) relaying message ...
> 3(28188) -------------------------------------------
> 3(28188) onreply_route[1] entered
> 3(28188) status 100 received
> 4(28194) -------------------------------------------
> 4(28194) onreply_route[1] entered
> 4(28194) status 180 received
> 2(28187) -------------------------------------------
> 2(28187) onreply_route[1] entered
> 2(28187) status 2xx or 183 2(28187) marked(7) as NATED-INVITE -> force_rtp_proxy
> 2(28187) ERROR: send_rtpp_command: can't read reply from a RTP proxy
> 2(28187) -------------------------------------------
> 2(28187) onreply_route[1] entered
> 2(28187) status 2xx or 183 2(28187) marked(7) as NATED-INVITE -> force_rtp_proxy
> 2(28187) ERROR: send_rtpp_command: can't connect to RTP proxy
> 3(28188) -------------------------------------------
> 3(28188) entering main loop
> 3(28188) BYE message received
> 3(28188) -------------------------------------------
> 
> 
> 
> 
> 
> 
> 
> 
> ========================================================================================================================
> SER.CFG
> ========================================================================================================================
> 
> #
> # $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $
> #
> # simple quick-start config script
> #
> 
> # ----------- global configuration parameters ------------------------
> 
> debug=3 # debug level (cmd line: -dddddddddd)
> fork=yes
> log_stderror=yes # (cmd line: -E)
> 
> 
> listen=<ip address in the DMZ>
> #listen=127.0.0.1
> 
> # hostname matching an alias will satisfy the condition uri==myself".
> alias=servername.mycompany.com
> alias=mycompany.com localhost
> 
> 
> # Uncomment these lines to enter debugging mode
> #debug=7
> #fork=no
> #log_stderror=yes
> 
> 
> 
> check_via=no # (cmd. line: -v)
> dns=no # (cmd. line: -r)
> rev_dns=no # (cmd. line: -R)
> port=5060
> children=4
> fifo="/tmp/ser_fifo"
> 
> # ------------------ module loading ----------------------------------
> 
> loadmodule "/usr/local/lib/ser/modules/mysql.so"
> loadmodule "/usr/local/lib/ser/modules/sl.so"
> loadmodule "/usr/local/lib/ser/modules/tm.so"
> loadmodule "/usr/local/lib/ser/modules/rr.so"
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
> loadmodule "/usr/local/lib/ser/modules/textops.so"
> 
> # Uncomment this if you want digest authentication
> # mysql.so must be loaded !
> loadmodule "/usr/local/lib/ser/modules/auth.so"
> loadmodule "/usr/local/lib/ser/modules/auth_db.so"
> 
> # load the voicemail module
> #loadmodule "/usr/local/lib/ser/modules/vm.so"
> 
> # load the enum module
> loadmodule "/usr/local/lib/ser/modules/enum.so"
> 
> # load the group module, to verify if a user forwards to voicemail
> loadmodule "/usr/local/lib/ser/modules/group.so"
> 
> # load the nathelper module
> loadmodule "/usr/local/lib/ser/modules/nathelper.so"
> 
> # ----------------- setting module-specific parameters ---------------
> 
> # -- registrar parameter
> # special NAT flag indicates that a registered client is behind NAT
> modparam("registrar", "nat_flag", 6)
> 
> # -- usrloc params --
> 
> #modparam("usrloc", "db_mode", 0)
> 
> # Uncomment this if you want to use SQL database
> # for persistent storage and comment the previous line
> modparam("usrloc", "db_mode", 2)
> #modparam("usrloc", "db_url", "mysql://login:password@localhost/ser")
> modparam("usrloc|auth_db|acc|group|msilo|uri","db_url","mysql://login:password@localhost/ser")
> 
> # -- auth params --
> # Uncomment if you are using auth module
> #
> modparam("auth_db", "calculate_ha1", yes)
> #
> # If you set "calculate_ha1" parameter to yes (which true in this config),
> # uncomment also the following parameter)
> #
> modparam("auth_db", "password_column", "password")
> #modparam("auth_db", "db_url", "mysql://login:password@localhost/ser")
> 
> # -- rr params --
> # add value to ;lr param to make some broken UAs happy
> modparam("rr", "enable_full_lr", 1)
> 
> # -- voicemail params --
> #modparam("voicemail", "db_url","mysql://login:password@localhost/ser")
> 
> # -- voicemail params --
> #modparam("group", "db_url","mysql://login:password@localhost/ser")
> 
> # -- nathelper params --
> modparam("nathelper", "natping_interval", 60)
> modparam("nathelper", "ping_nated_only", 1)
> 
> modparam("tm", "fr_inv_timer", 30 )
> #modparam("tm", "fr_inv_timer", 8 )
> 
> #Explicitly set the socket used by rtpproxy
> #modparam("nathelpler", "rtpproxy_sock", "/var/run/rtpproxy.sock")
> 
> 
> # ------------------------- request routing logic -------------------
> 
> # main routing logic
> 
> route{
> log(1, "-------------------------------------------\n");
> log(1, "entering main loop\n");
> 
> if (nat_uac_test("2")) {
> log(1, "src address different than via header->NAT detected\n");
> log(1, "force_rport and fix_nated_contact and setflag(5)\n");
> #try NAT traversal, works only if the client is symmetrical
> force_rport();
> fix_nated_contact();
> append_hf("P-hint: fixed NAT contact for request\r\n");
> # flag 5 indicates that incoming request is from NATed client
> setflag(5);
> };
> 
> if (method=="REGISTER")
> log(1, "REGISTER message received\n");
> 
> if (method=="INVITE")
> log(1, "INVITE message received\n");
> 
> if (method=="ACK")
> log(1, "ACK message received\n");
> 
> if (method=="BYE")
> log(1, "BYE message received\n");
> 
> if (method=="CANCEL")
> log(1, "CANCEL message received\n");
> 
> if (method=="SUBSCRIBE")
> log(1, "SUBSCRIBE message received\n");
> 
> if (method=="NOTIFY")
> log(1, "NOTIFY message received\n");
> 
> if (method=="OPTIONS")
> log(1, "OPTIONS message received\n");
> 
> if (method=="INFO")
> log(1, "INFO message received\n");
> 
> if (method=="MESSAGE")
> log(1, "MESSAGE message received\n");
> 
> if (method=="REFER")
> log(1, "REFER message received\n");
> 
> # initial sanity checks -- messages with
> # max_forwards==0, or excessively long requests
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> break;
> };
> 
> if (msg:len > max_len) {
> #if (len_gt( max_len )) {
> sl_send_reply("513", "Message too big");
> break;
> };
> 
> # loose-route processing
> if (loose_route()) {
> log(1, "loose_route processing\n");
> t_relay();
> break;
> };
> 
> # create transaction state; abort if error occured
> # if ( !t_newtran()) {
> # sl_reply_error();
> # break;
> # };
> 
> #new
> # now check if it's about PSTN destinations through our gateway;
> # note that 8.... is exempted for numerical non-gw destinations
> if (uri=~"^sip:0[0-9]*@.*") {
> route(3);
> break;
> };
> 
> #
> 
> # if the request is for other domain use UsrLoc
> # (in case, it does not work, use the following command
> # with proper names and addresses in it)
> if (uri==myself) {
> 
> if (method=="REGISTER") {
> log(1, "analyzing REGISTER request\n");
> # Uncomment this if you want to use digest authentication
> if (!www_authorize("servername.mycompany.com", "subscriber")) {
> www_challenge("servername.mycompany.com", "0");
> break;
> };
> 
> if (isflagset(5)) {
> #register from nated client, save nat_flag=6
> #in location table
> setflag(6);
> };
> if (!save("location")) {
> log(1, "save location error\n");
> sl_reply_error();
> };
> break;
> };
> 
> lookup("aliases");
> 
> 
> #mark transaction for voicemail
> if (is_user_in("Request-URI", "voicemail\n")) {
> log(1, "requested user is in voicemail group");
> setflag(4);
> };
> # native SIP destinations are handled using our USRLOC DB
> if (!lookup("location")) {
> # handle user which was not found
> log(1, "requested user not found\n");
> route(4);
> break;
> };
> };
> 
> #add failure route which should be performed if response code >=300
> if (method=="INVITE" && isflagset(4)) {
> log(1, "invite for voicemail user->initiate failureroute[1]\n");
> t_on_failure("1");
> };
> 
> # forward to current uri now; use stateful forwarding; that
> # works reliably even if we forward from TCP to UDP
> 
> route(1);
> }
> 
> route[1]{
> log(1, "-------------------------------------------\n");
> log(1, "entering route[1] - relaying SIP message\n");
> if ((isflagset(5)) || (isflagset(6))) {
> log(1, "at least one of the participants is NATed->record_route\n");
> record_route();
> log(1, " -->setting up reply processing ->onreply_route[1]");
> t_on_reply("1");
> if (method=="INVITE") {
> log(1, " INVITE request-->force_rtp_proxy, set NATED-INVITE flag(7)");
> force_rtp_proxy();
> append_hf("P-hint: request forced to rtp proxy\r\n");
> setflag(7);
> };
> };
> 
> log(1, "relaying message ...\n");
> if (!t_relay()) {
> log(1, "t_relay error occured\n");
> sl_reply_error();
> };
> 
> }
> 
> # all incoming replies for t_onrepli-ed transactions enter here
> onreply_route[1] {
> log(1, "-------------------------------------------\n");
> log(1, "onreply_route[1] entered\n");
> if (isflagset(6)) {
> log(1, "transaction was sent to a NATED client -> fix nated contact\n");
> fix_nated_contact();
> append_hf("P-hint: fixed NAT contact for response\r\n");
> }
> 
> if ( (status=~"100") ) {
> log(1, "status 100 received\n");
> };
> 
> if ( (status=~"180") ) {
> log(1, "status 180 received\n");
> };
> 
> if ( (status=~"202") ) {
> log(1, "status 202 received\n");
> };
> 
> if ( (status=~"200" || status=~"183") ) {
> log(1, "status 2xx or 183");
> if ( isflagset(7) ) {
> log(1, "marked(7) as NATED-INVITE -> force_rtp_proxy \n");
> force_rtp_proxy();
> append_hf("P-hint: response forced to rtp proxy\r\n");
> };
> };
> }
> 
> #new
> # logic for calls to the PSTN
> route[3] {
> # turn accounting on
> setflag(1);
> 
> /* require all who call PSTN to be members of the "int" group;
> apply ACLs only to INVITEs -- we don't need to protect other requests, as they
> don't imply charges; also it could cause troubles when a call comes in via PSTN
> and goes to a party that can't authenticate (voicemail, other domain) -- BYEs would
> fail then; exempt Cisco gateway from authentication by IP address -- it does not
> support digest
> */
> if (method=="INVITE" && (!src_ip==WhateverIP)) {
> if (!proxy_authorize( "servername.mycompany.com" /* realm */,
> "subscriber" /* table name */)) {
> proxy_challenge( "servername.mycompany.com" /* realm */, "0" /* no qop */ );
> break;
> };
> # let's check from=id ... avoids accounting confusion
> 
> if(!is_user_in("credentials", "int")) {
> sl_send_reply("403", "NO PSTN Privileges...");
> break;
> };
> consume_credentials();
> 
> }; # INVITE to authorized PSTN
> 
> # if you have passed through all the checks, let your call go to GW!
> force_rtp_proxy();
> record_route();
> t_on_reply("1");
> # snom conditioner
> if (method=="INVITE" && search("User-Agent: snom")) {
> replace("100rel, ", "");
> };
> 
> append_hf("P-hint: GATEWAY\r\n");
> # use UDP to guarantee well-known sender port (TCP ephemeral)
> t_relay_to_udp("212.17.35.184","5060");
> }
> 
> 
> 
> route[4]{
> log(1, "-------------------------------------------\n");
> log(1, "entering route[4] = requested user not online\n");
> # non-Voip -- just send "off-line"
> if (!(method == "INVITE" || method == "ACK" || method == "CANCEL" || method == "REFER" || method == "BYE")) {
> log(1, "no invite,ack,cancel,refer->return 404\n");
> sl_send_reply("404", "Not Found");
> break;
> };
> 
> # not voicemail subscriber and no echo/conference call
> if ( isflagset(4)) {
> log(1, "flag(4) active\n");
> };
> if (uri =~ "conference") {
> log(1, "conference call\n");
> };
> if (uri =~ "echo") {
> log(1, "echo call\n");
> };
> if ( !( isflagset(4) || (uri =~ "conference") || (uri =~ "echo") ) ) {
> log(1, "no voicemail subscriber->return 404");
> sl_send_reply("404", "Not Found and no voicemail turned on");
> break;
> };
> 
> if ( isflagset(5) ) {
> log(1, "caller is NATed->record_route\n");
> record_route();
> log(1, " -->setting up reply processing ->onreply_route[1]");
> t_on_reply("1");
> if (method=="INVITE") {
> log(1, " INVITE request-->force_rtp_proxy");
> force_rtp_proxy();
> };
> };
> 
> # forward to voicemail now
> ² rewritehostport("WhateverIP:5060");
> log(1, "forward to voicemail\n");
> t_relay_to_udp("WhateverIP", "5060");
> 
> }
> 
> 
> 
> failure_route[1] {
> /* XX: note: unsafe if preloaded routes without username used */
> log(1, "-------------------------------------------\n");
> log(1, "failureroute[1] entered\");
> revert_uri();
> rewritehostport("WhateverIP:5060");
> append_branch();
> t_relay_to_udp("WhateverIP", "5060");
> 
> }
> 
> 
> ************************ ADSL ILLIMITE TISCALI + TELEPHONE GRATUIT ************************ 
> Surfez 40 fois plus vite pour 30EUR/mois seulement !  Et téléphonez partout en France gratuitement,  
> vers les postes fixes (hors numéros spéciaux). Tarifs très avantageux vers les mobiles et l'international !
> Pour profiter de cette offre exceptionnelle, cliquez ici : http://register.tiscali.fr/adsl  (voir conditions sur le site)
> 
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 

-- 
Voice Sistem
http://www.voice-sistem.ro

More information about the sr-users mailing list