[Serusers] RTP Proxy: can' t have RTP traversing NAT
frbilles@libertysurf.fr
frbilles at libertysurf.fr
Mon Nov 8 18:11:33 CET 2004
Hi.
I've been trying to fix this issue by myself for about a month but definitely needs your help.
I use SER 0.8.14 from CVS sources with RTPProxy V 1.19 and can't have RTP stream working through NAT (the phone rings -- SIP is OK).
SER and RTPProxy run on the same server.
RTPProxy is up and running, and I set 777 rights to the socket:
[root at servername rtpproxy]# ll /var/run/rtpproxy.sock
srwxrwxrwx 1 root root 0 Nov 8 16:22 /var/run/rtpproxy.sock=
I use as a client X-Lite V2.0 on each side.
Please find below the log (call initiated from Internet to a callee on our LAN) and the excellent ser.cfg file I found in the Serusers Archives.
Thank you in advance for your help.
Francois.
=====================================================================================================================
LOG:
=====================================================================================================================
Maxfwd module- initializing
0(28184) mod_init(): Database connection opened successfuly
textops - initializing
0(0) INFO: udp_init: SO_RCVBUF is initially 65535
0(0) INFO: udp_init: SO_RCVBUF is finally 131070
1(28186) rtpp_test: RTP proxy found, support for it enabled
5(28195) INFO: fifo process starting: 28195
2(28187) rtpp_test: RTP proxy found, support for it enabled
3(28188) rtpp_test: RTP proxy found, support for it enabled
4(28194) rtpp_test: RTP proxy found, support for it enabled
5(28195) rtpp_test: RTP proxy found, support for it enabled
5(28195) SER: open_uac_fifo: fifo server up at /tmp/ser_fifo...
8(28208) rtpp_test: RTP proxy found, support for it enabled
6(28206) rtpp_test: RTP proxy found, support for it enabled
10(28213) rtpp_test: RTP proxy found, support for it enabled
7(28207) rtpp_test: RTP proxy found, support for it enabled
11(28214) rtpp_test: RTP proxy found, support for it enabled
9(28209) rtpp_test: RTP proxy found, support for it enabled
0(28184) rtpp_test: RTP proxy found, support for it enabled
4(28194) -------------------------------------------
4(28194) entering main loop
4(28194) src address different than via header->NAT detected
4(28194) force_rport and fix_nated_contact and setflag(5)
4(28194) INVITE message received
4(28194) -------------------------------------------
4(28194) entering route[1] - relaying SIP message
4(28194) at least one of the participants is NATed->record_route
4(28194) -->setting up reply processing ->onreply_route[1] 4(28194) INVITE request-->force_rtp_proxy, set NATED-INVITE flag(7) 4(28194) relaying message ...
3(28188) -------------------------------------------
3(28188) onreply_route[1] entered
3(28188) status 100 received
4(28194) -------------------------------------------
4(28194) onreply_route[1] entered
4(28194) status 180 received
2(28187) -------------------------------------------
2(28187) onreply_route[1] entered
2(28187) status 2xx or 183 2(28187) marked(7) as NATED-INVITE -> force_rtp_proxy
2(28187) ERROR: send_rtpp_command: can't read reply from a RTP proxy
2(28187) -------------------------------------------
2(28187) onreply_route[1] entered
2(28187) status 2xx or 183 2(28187) marked(7) as NATED-INVITE -> force_rtp_proxy
2(28187) ERROR: send_rtpp_command: can't connect to RTP proxy
3(28188) -------------------------------------------
3(28188) entering main loop
3(28188) BYE message received
3(28188) -------------------------------------------
========================================================================================================================
SER.CFG
========================================================================================================================
#
# $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=yes # (cmd line: -E)
listen=<ip address in the DMZ>
#listen=127.0.0.1
# hostname matching an alias will satisfy the condition uri==myself".
alias=servername.mycompany.com
alias=mycompany.com localhost
# Uncomment these lines to enter debugging mode
#debug=7
#fork=no
#log_stderror=yes
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# load the voicemail module
#loadmodule "/usr/local/lib/ser/modules/vm.so"
# load the enum module
loadmodule "/usr/local/lib/ser/modules/enum.so"
# load the group module, to verify if a user forwards to voicemail
loadmodule "/usr/local/lib/ser/modules/group.so"
# load the nathelper module
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# -- registrar parameter
# special NAT flag indicates that a registered client is behind NAT
modparam("registrar", "nat_flag", 6)
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
#modparam("usrloc", "db_url", "mysql://login:password@localhost/ser")
modparam("usrloc|auth_db|acc|group|msilo|uri","db_url","mysql://login:password@localhost/ser")
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")
#modparam("auth_db", "db_url", "mysql://login:password@localhost/ser")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# -- voicemail params --
#modparam("voicemail", "db_url","mysql://login:password@localhost/ser")
# -- voicemail params --
#modparam("group", "db_url","mysql://login:password@localhost/ser")
# -- nathelper params --
modparam("nathelper", "natping_interval", 60)
modparam("nathelper", "ping_nated_only", 1)
modparam("tm", "fr_inv_timer", 30 )
#modparam("tm", "fr_inv_timer", 8 )
#Explicitly set the socket used by rtpproxy
#modparam("nathelpler", "rtpproxy_sock", "/var/run/rtpproxy.sock")
# ------------------------- request routing logic -------------------
# main routing logic
route{
log(1, "-------------------------------------------\n");
log(1, "entering main loop\n");
if (nat_uac_test("2")) {
log(1, "src address different than via header->NAT detected\n");
log(1, "force_rport and fix_nated_contact and setflag(5)\n");
#try NAT traversal, works only if the client is symmetrical
force_rport();
fix_nated_contact();
append_hf("P-hint: fixed NAT contact for request\r\n");
# flag 5 indicates that incoming request is from NATed client
setflag(5);
};
if (method=="REGISTER")
log(1, "REGISTER message received\n");
if (method=="INVITE")
log(1, "INVITE message received\n");
if (method=="ACK")
log(1, "ACK message received\n");
if (method=="BYE")
log(1, "BYE message received\n");
if (method=="CANCEL")
log(1, "CANCEL message received\n");
if (method=="SUBSCRIBE")
log(1, "SUBSCRIBE message received\n");
if (method=="NOTIFY")
log(1, "NOTIFY message received\n");
if (method=="OPTIONS")
log(1, "OPTIONS message received\n");
if (method=="INFO")
log(1, "INFO message received\n");
if (method=="MESSAGE")
log(1, "MESSAGE message received\n");
if (method=="REFER")
log(1, "REFER message received\n");
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len > max_len) {
#if (len_gt( max_len )) {
sl_send_reply("513", "Message too big");
break;
};
# loose-route processing
if (loose_route()) {
log(1, "loose_route processing\n");
t_relay();
break;
};
# create transaction state; abort if error occured
# if ( !t_newtran()) {
# sl_reply_error();
# break;
# };
#new
# now check if it's about PSTN destinations through our gateway;
# note that 8.... is exempted for numerical non-gw destinations
if (uri=~"^sip:0[0-9]*@.*") {
route(3);
break;
};
#
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
log(1, "analyzing REGISTER request\n");
# Uncomment this if you want to use digest authentication
if (!www_authorize("servername.mycompany.com", "subscriber")) {
www_challenge("servername.mycompany.com", "0");
break;
};
if (isflagset(5)) {
#register from nated client, save nat_flag=6
#in location table
setflag(6);
};
if (!save("location")) {
log(1, "save location error\n");
sl_reply_error();
};
break;
};
lookup("aliases");
#mark transaction for voicemail
if (is_user_in("Request-URI", "voicemail\n")) {
log(1, "requested user is in voicemail group");
setflag(4);
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
# handle user which was not found
log(1, "requested user not found\n");
route(4);
break;
};
};
#add failure route which should be performed if response code >=300
if (method=="INVITE" && isflagset(4)) {
log(1, "invite for voicemail user->initiate failureroute[1]\n");
t_on_failure("1");
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
route(1);
}
route[1]{
log(1, "-------------------------------------------\n");
log(1, "entering route[1] - relaying SIP message\n");
if ((isflagset(5)) || (isflagset(6))) {
log(1, "at least one of the participants is NATed->record_route\n");
record_route();
log(1, " -->setting up reply processing ->onreply_route[1]");
t_on_reply("1");
if (method=="INVITE") {
log(1, " INVITE request-->force_rtp_proxy, set NATED-INVITE flag(7)");
force_rtp_proxy();
append_hf("P-hint: request forced to rtp proxy\r\n");
setflag(7);
};
};
log(1, "relaying message ...\n");
if (!t_relay()) {
log(1, "t_relay error occured\n");
sl_reply_error();
};
}
# all incoming replies for t_onrepli-ed transactions enter here
onreply_route[1] {
log(1, "-------------------------------------------\n");
log(1, "onreply_route[1] entered\n");
if (isflagset(6)) {
log(1, "transaction was sent to a NATED client -> fix nated contact\n");
fix_nated_contact();
append_hf("P-hint: fixed NAT contact for response\r\n");
}
if ( (status=~"100") ) {
log(1, "status 100 received\n");
};
if ( (status=~"180") ) {
log(1, "status 180 received\n");
};
if ( (status=~"202") ) {
log(1, "status 202 received\n");
};
if ( (status=~"200" || status=~"183") ) {
log(1, "status 2xx or 183");
if ( isflagset(7) ) {
log(1, "marked(7) as NATED-INVITE -> force_rtp_proxy \n");
force_rtp_proxy();
append_hf("P-hint: response forced to rtp proxy\r\n");
};
};
}
#new
# logic for calls to the PSTN
route[3] {
# turn accounting on
setflag(1);
/* require all who call PSTN to be members of the "int" group;
apply ACLs only to INVITEs -- we don't need to protect other requests, as they
don't imply charges; also it could cause troubles when a call comes in via PSTN
and goes to a party that can't authenticate (voicemail, other domain) -- BYEs would
fail then; exempt Cisco gateway from authentication by IP address -- it does not
support digest
*/
if (method=="INVITE" && (!src_ip==WhateverIP)) {
if (!proxy_authorize( "servername.mycompany.com" /* realm */,
"subscriber" /* table name */)) {
proxy_challenge( "servername.mycompany.com" /* realm */, "0" /* no qop */ );
break;
};
# let's check from=id ... avoids accounting confusion
if(!is_user_in("credentials", "int")) {
sl_send_reply("403", "NO PSTN Privileges...");
break;
};
consume_credentials();
}; # INVITE to authorized PSTN
# if you have passed through all the checks, let your call go to GW!
force_rtp_proxy();
record_route();
t_on_reply("1");
# snom conditioner
if (method=="INVITE" && search("User-Agent: snom")) {
replace("100rel, ", "");
};
append_hf("P-hint: GATEWAY\r\n");
# use UDP to guarantee well-known sender port (TCP ephemeral)
t_relay_to_udp("212.17.35.184","5060");
}
route[4]{
log(1, "-------------------------------------------\n");
log(1, "entering route[4] = requested user not online\n");
# non-Voip -- just send "off-line"
if (!(method == "INVITE" || method == "ACK" || method == "CANCEL" || method == "REFER" || method == "BYE")) {
log(1, "no invite,ack,cancel,refer->return 404\n");
sl_send_reply("404", "Not Found");
break;
};
# not voicemail subscriber and no echo/conference call
if ( isflagset(4)) {
log(1, "flag(4) active\n");
};
if (uri =~ "conference") {
log(1, "conference call\n");
};
if (uri =~ "echo") {
log(1, "echo call\n");
};
if ( !( isflagset(4) || (uri =~ "conference") || (uri =~ "echo") ) ) {
log(1, "no voicemail subscriber->return 404");
sl_send_reply("404", "Not Found and no voicemail turned on");
break;
};
if ( isflagset(5) ) {
log(1, "caller is NATed->record_route\n");
record_route();
log(1, " -->setting up reply processing ->onreply_route[1]");
t_on_reply("1");
if (method=="INVITE") {
log(1, " INVITE request-->force_rtp_proxy");
force_rtp_proxy();
};
};
# forward to voicemail now
² rewritehostport("WhateverIP:5060");
log(1, "forward to voicemail\n");
t_relay_to_udp("WhateverIP", "5060");
}
failure_route[1] {
/* XX: note: unsafe if preloaded routes without username used */
log(1, "-------------------------------------------\n");
log(1, "failureroute[1] entered\");
revert_uri();
rewritehostport("WhateverIP:5060");
append_branch();
t_relay_to_udp("WhateverIP", "5060");
}
************************ ADSL ILLIMITE TISCALI + TELEPHONE GRATUIT ************************
Surfez 40 fois plus vite pour 30EUR/mois seulement ! Et téléphonez partout en France gratuitement,
vers les postes fixes (hors numéros spéciaux). Tarifs très avantageux vers les mobiles et l'international !
Pour profiter de cette offre exceptionnelle, cliquez ici : http://register.tiscali.fr/adsl (voir conditions sur le site)
More information about the sr-users
mailing list