[Serusers] NAT Problem No Voice
Greger V. Teigre
greger at teigre.com
Sat Apr 9 09:21:08 CEST 2005
Kamran,
There is not rtpproxy installation. Just start it... It will communicate
through the default Unix socket. You need to make sure that rtpproxy has
the correct version number to communicate with your ser version.
You will find instructions in the Getting Started document at
http://onsip.org/ as well as a ser Getting Started source package where the
versions match.
g-)
Kamran Ahmad wrote:
> hello
>
> NATHelper Module is usefull in communicating through
> sip.
>
> now i am getting calles on both sides of NAT but
> without voice. here is my "var/log/messages"
>
> need help on RTP Proxy. how to install RTPProxy.
>
> ------------------------------------------------------
> Apr 9 01:55:10 achieva ser[10869]: ERROR:
> force_rtp_proxy2: support for RTP proxy is disabled
> Apr 9 01:55:15 achieva ser[10870]: ERROR:
> send_rtpp_command: can't connect to RTP proxy
> Apr 9 01:55:15 achieva ser[10870]: WARNING:
> rtpp_test: can't get version of the RTP proxy
> Apr 9 01:55:15 achieva ser[10870]: WARNING:
> rtpp_test: support for RTP proxyhas been disabled
> temporarily
> Apr 9 01:55:15 achieva ser[10870]: ERROR:
> force_rtp_proxy2: support for RTP proxy is disabled
> Apr 9 01:55:15 achieva ser[10870]: ERROR: on_reply
> processing failed
> ------------------------------------------------------
>
> ser.cfg
> ------------------------------------------------------
> debug=3 # debug level (cmd line: -dddddddddd)
> fork=yes
> log_stderror=no # (cmd line: -E)
>
> /* Uncomment these lines to enter debugging mode
> fork=no
> log_stderror=yes
> */
>
> check_via=no # (cmd. line: -v)
> dns=no # (cmd. line: -r)
> rev_dns=no # (cmd. line: -R)
> port=5060
> children=4
> fifo="/tmp/ser_fifo"
>
> # ------------------ module loading
> ----------------------------------
>
> # Uncomment this if you want to use SQL database
> #loadmodule "/usr/local/lib/ser/modules/mysql.so"
>
> loadmodule "/usr/local/lib/ser/modules/sl.so"
> loadmodule "/usr/local/lib/ser/modules/tm.so"
> loadmodule "/usr/local/lib/ser/modules/rr.so"
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
> loadmodule "/usr/local/lib/ser/modules/textops.so"
>
> # Uncomment this if you want digest authentication
> # mysql.so must be loaded !
> #loadmodule "/usr/local/lib/ser/modules/auth.so"
> #loadmodule "/usr/local/lib/ser/modules/auth_db.so"
>
> # !! Nathelper
> loadmodule "/usr/local/lib/ser/modules/nathelper.so"
>
> # ----------------- setting module-specific parameters
> ---------------
>
> # -- usrloc params --
>
> modparam("usrloc", "db_mode", 0)
>
> # Uncomment this if you want to use SQL database
> # for persistent storage and comment the previous line
> #modparam("usrloc", "db_mode", 2)
>
> # -- auth params --
> # Uncomment if you are using auth module
> #
> #modparam("auth_db", "calculate_ha1", yes)
> #
> # If you set "calculate_ha1" parameter to yes (which
> true in this config),
> # uncomment also the following parameter)
> #
> #modparam("auth_db", "password_column", "password")
>
> # -- rr params --
> # add value to ;lr param to make some broken UAs happy
> modparam("rr", "enable_full_lr", 1)
>
> # !! Nathelper
> modparam("registrar", "nat_flag", 6)
> modparam("nathelper", "natping_interval", 30) # Ping
> interval 30 s
> modparam("nathelper", "ping_nated_only", 1) # Ping
> only clients behind NAT
>
> # ------------------------- request routing logic
> -------------------
>
> # main routing logic
>
> route{
>
> # initial sanity checks -- messages with
> # max_forwards==0, or excessively long requests
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> break;
> };
> if (msg:len >= max_len ) {
> sl_send_reply("513", "Message too big");
> break;
> };
>
> # !! Nathelper
> # Special handling for NATed clients; first, NAT test
> is
> # executed: it looks for via!=received and RFC1918
> addresses
> # in Contact (may fail if line-folding is used);
> also,
> # the received test should, if completed, should
> check all
> # vias for rpesence of received
> if (nat_uac_test("3")) {
> # Allow RR-ed requests, as these may indicate that
> # a NAT-enabled proxy takes care of it; unless it is
> # a REGISTER
>
> if (method == "REGISTER" || !
> search("^Record-Route:")) {
> log("LOG: Someone trying to register from
> private IP, rewriting\n");
>
> # This will work only for user agents that
> support symmetric
> # communication. We tested quite many of them
> and majority is
> # smart enough to be symmetric. In some phones
> it takes a configuration
> # option. With Cisco 7960, it is called
> NAT_Enable=Yes, with kphone it is
> # called "symmetric media" and "symmetric
> signalling".
>
> fix_nated_contact(); # Rewrite contact with
> source IP of signalling
> if (method == "INVITE") {
> fix_nated_sdp("1"); # Add direction=active
> to SDP
> };
> force_rport(); # Add rport parameter to topmost
> Via
> setflag(6); # Mark as NATed
> };
> };
>
> # we record-route all messages -- to make sure that
> # subsequent messages will go through our proxy;
> that's
> # particularly good if upstream and downstream
> entities
> # use different transport protocol
> if (!method=="REGISTER") record_route();
>
> # subsequent messages withing a dialog should take
> the
> # path determined by record-routing
> if (loose_route()) {
> # mark routing logic in request
> append_hf("P-hint: rr-enforced\r\n");
> route(1);
> break;
> };
>
> if (!uri==myself) {
> # mark routing logic in request
> append_hf("P-hint: outbound\r\n");
> route(1);
> break;
> };
>
> # if the request is for other domain use UsrLoc
> # (in case, it does not work, use the following
> command
> # with proper names and addresses in it)
> if (uri==myself) {
>
> if (method=="REGISTER") {
>
> # Uncomment this if you want to use digest
> authentication
> # if (!www_authorize("iptel.org", "subscriber")) {
> # www_challenge("iptel.org", "0");
> # break;
> # };
>
> save("location");
> break;
> };
>
> lookup("aliases");
> if (!uri==myself) {
> append_hf("P-hint: outbound alias\r\n");
> route(1);
> break;
> };
>
> # native SIP destinations are handled using our
> USRLOC DB
> if (!lookup("location")) {
> sl_send_reply("404", "Not Found");
> break;
> };
> };
> append_hf("P-hint: usrloc applied\r\n");
> route(1);
> }
>
> route[1]
> {
> # !! Nathelper
> if
> (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)"
> && !search("^Route:")){
> sl_send_reply("479", "We don't forward to private
> IP addresses");
> break;
> };
>
> # if client or server know to be behind a NAT, enable
> relay
> if (isflagset(6)) {
> force_rtp_proxy();
> };
>
> # NAT processing of replies; apply to all
> transactions (for example,
> # re-INVITEs from public to private UA are hard to
> identify as
> # NATed at the moment of request processing); look at
> replies
> t_on_reply("1");
>
> # send it out now; use stateful forwarding as it
> works reliably
> # even for UDP2TCP
> if (!t_relay()) {
> sl_reply_error();
> };
> }
>
> # !! Nathelper
> onreply_route[1] {
> # NATed transaction ?
> if (isflagset(6) && status =~ "(183)|2[0-9][0-9]")
> {
> fix_nated_contact();
> force_rtp_proxy();
> # otherwise, is it a transaction behind a NAT and
> we did not
> # know at time of request processing ? (RFC1918
> contacts)
> } else if (nat_uac_test("1")) {
> fix_nated_contact();
> };
> }
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Small Business - Try our new resources site!
> http://smallbusiness.yahoo.com/resources/
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list