[Serusers] STUN, rtpproxy problem

[support]

Please ignore my previous email. Here is the correct one. Thank you.

----- Original Message ----- 
From: support 
To: serusers at lists.iptel.org 
Sent: Thursday, February 17, 2005 11:59 AM
Subject: STUN, rtpproxy problem


Hi,

I am running ser-0.8.14 with rtpproxy and nathelper. I have also enabled STUN on the same server.

My SIP UA supports STUN, but my PSTN gateway does not.

If I don't enable STUN on SIP UA, I can route the call to PSTN gateway successfully using rtpproxy.

If I enable STUN on SIP UA, I cannot route the call out to PSTN gateway. On ringing sound is heard on callie, but no voice passing through.

I use t_relay_to_udp to forward the call to PSTN gateway. It seems that if STUN is supported on SIP UA, the call cannot be routed to PSTN gateway.

Hope someone could fix this problem.


Best wishes,

Thomas

My ser.cfg is as follows:

#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#

# ----------- global configuration parameters ------------------------

debug=3         # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)

check_via=no # (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)

listen=""
port=5060
#children=4
fifo_mode=0666
fifo="/tmp/ser_fifo"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so"

loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"

# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"

# Nathelper
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

#modparam("usrloc", "db_mode",   0)

# Uncomment this if you want to use SQL database 
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)

# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config), 
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")

# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)

# -- Nathelper params --
modparam("registrar", "nat_flag", 6)
modparam("nathelper", "natping_interval", 30)  # Ping interval
modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT

# -------------------------  request routing logic -------------------

# main routing logic

route{

 # initial sanity checks -- messages with
 # max_forwards==0, or excessively long requests
 if (!mf_process_maxfwd_header("10")) {
  sl_send_reply("483","Too Many Hops");
  break;
 };
 if ( msg:len > max_len ) {
  sl_send_reply("513", "Message too big");
  break;
 };

 # Nathelper
 if (nat_uac_test("3")) {
  # Allow RR-ed requests, as these may indicate that
  # a NAT-enabled proxy takes care of it; unless it is
  # a REGISTER
  
  if (method == "REGISTER" || ! search("^Record-Route:")) {
      log("LOG: Someone trying to register from private IP, rewriting\n");

      # This will work only for user agents that support symmetric
      # communication. We tested quite many of them and majority is
      # smart enough to be symmetric. In some phones it takes a configuration
      # option. With Cisco 7960, it is called NAT_Enable=Yes, with kphone it is
      # called "symmetric media" and "symmetric signalling".

      fix_nated_contact(); # Rewrite contact with source IP of signalling
      if (method == "INVITE") {
          fix_nated_sdp("1"); # Add direction=active to SDP
      };
      force_rport(); # Add rport parameter to topmost Via
      setflag(6);    # Mark as NATed
  };
 };

 # we record-route all messages -- to make sure that
 # subsequent messages will go through our proxy; that's
 # particularly good if upstream and downstream entities
 # use different transport protocol
 if (!method=="REGISTER") record_route(); 

 # subsequent messages withing a dialog should take the
 # path determined by record-routing
 if (loose_route()) {
  # mark routing logic in request
  append_hf("P-hint: rr-enforced\r\n"); 
  route(1);
  break;
 };

 if (!uri==myself) {
  # mark routing logic in request
  append_hf("P-hint: outbound\r\n"); 
  route(1);
  break;
 };

 # if the request is for other domain use UsrLoc
 # (in case, it does not work, use the following command
 # with proper names and addresses in it)
 if (uri==myself) {

  if (method=="REGISTER") {

# Uncomment this if you want to use digest authentication
   if (!www_authorize("", "subscriber")) {
    www_challenge("", "0");
    break;
   };

   save("location");
   break;
  };
  
  if (uri=~"^sip:866*") {
   log(1, "going to PSTN route\n");
   route(2);
   break;
  };
  
  lookup("aliases");
  
  if (!uri==myself) {
   append_hf("P-hint: outbound alias\r\n"); 
   route(1);
   break;
  };
  
  # native SIP destinations are handled using our USRLOC DB
  if (!lookup("location")) {
   sl_send_reply("404", "Not Found");
   break;
  };
 };
 append_hf("P-hint: usrloc applied\r\n");
 route(1);

}

route[1] 
{
 # !! Nathelper
 if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && !search("^Route:")){
     sl_send_reply("479", "We don't forward to private IP addresses");
     break;
        };

 # if client or server know to be behind a NAT, enable relay
 if (isflagset(6)) {
     force_rtp_proxy();
 };

 # NAT processing of replies; apply to all transactions (for example,
 # re-INVITEs from public to private UA are hard to identify as
 # NATed at the moment of request processing); look at replies
 t_on_reply("1");
 
 
 # send it out now; use stateful forwarding as it works reliably
 # even for UDP2TCP
 if (!t_relay()) {
  sl_reply_error();
  break;
 };
}

route[2] {
 force_rtp_proxy();
 t_on_reply("1");
 t_relay_to_udp("T1 gateway IP","T1 Gateway UDP port");
}

# !! Nathelper
onreply_route[1] {
    # NATed transaction ?
    if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
        fix_nated_contact();

 # Not all 2xx messages have a content body so here we make sure
 # out Content-Length > 0 to avoid a parse error
 if (!search("^Content-Length:\0")) {
  force_rtp_proxy();
        };
    # otherwise, is it a transaction behind a NAT and we did not
    # know at time of request processing ? (RFC1918 contacts)
    } else if (nat_uac_test("1")) {
        fix_nated_contact();
    };
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20050217/d47ada05/attachment.htm>