[Serusers] SER SDP Port Problem??
Aisling O'Driscoll
ashling.odriscoll at cit.ie
Mon Feb 21 13:17:01 CET 2005
Hi Greger,
I only use nat_uac_test("3") as that is what is given in most
examples on the mailing list. Is there any way that i can test if I
am behind symmetric nat? I have rtpproxy running with ser but not
sure if my below ser.cfg script invokes it correctly. Do you know
where I could find the rtpproxy debug log?
Thanks again,
Aisling.
---- Original Message ----
From: greger at teigre.com
To: ashling.odriscoll at cit.ie, serusers at iptel.org
Subject: Re: [Serusers] SER SDP Port Problem??
Date: Mon, 21 Feb 2005 12:11:15 +0100
>Aisling,
>The port is in the m= line. You use nat_uac_test("3"). Any particular
>reason
>for not using all tests?
>Please note that sdp rewriting does not work if the UA is behind a
>symmetric
>NAT and you are calling in. You must then via an RTP proxy like
>mediaproxy
>or rtpproxy.
>g-)
>
>Aisling O'Driscoll wrote:
>> Hi,
>>
>> I understand the basic problem behind one way audio is that the
>> client behind nat has a private address in the sdp information,
>> therefore the voice cannot be delivered to this private address. It
>> is necessary to rewrite this sdp info with the nat public address.
>> However I have done this in my ser.cfg and I still have one way
>> voice.
>>
>> I have included some of relevant ethereal messages on SER and my
>> ser.cfg below. The messages show that the rtp information has been
>> changed. Does anyone think the problem is because there is no port
>> information in the "c" and "o" fields in the sdp?? If so how can I
>> make sure the port is included?
>>
>> Many Thanks,
>> Aisling.
>>
>> Ethereal messages:
>>
>> call between private client with public nat address 63.218.54.71
>and
>> a public client with address 157.190.183.80. The SER address is
>> 157.190.183.70.
>>
>> REGISTER sip:157.190.183.70 SIP/2.0
>> VIA: SIP/2.0/UDP 63.218.54.71:11987;rport;branch=z9h.....
>> FROM: whoever <sip:2008 at 157.190.183.70>;tag=455....
>> TO: whoever <sip:2008 at 157.190.183.70>
>> CONTACT: "whoever" <sip:2008 at 63.218.54.71:11987>
>> Call-Id: ....
>> CSeq: 22227 REGISTER
>> Expires; 1800
>> User Agent: X-Lite release 1103m
>> Content-Length: 0
>>
>> SIP/2.0 200 OK
>> VIA: SIP/2.0/UDP 63.218.54.71:11987;rport;branch=z9h.....
>> FROM: whoever <sip:2008 at 157.190.183.70>;tag=455....
>> TO: whoever <sip:2008 at 157.190.183.70>
>> CONTACT: "whoever" <sip:2008 at 63.218.54.71:11987>;q=0.00
>expires=1800
>> Call-Id: ....
>> CSeq: 22227 REGISTER
>> Expires; 1800
>> User Agent: X-Lite release 1103m
>> Content-Length: 0
>>
>> The public client (157.190.183.80 also registers)
>>
>> Then the private client invites the public client to a voice
>> conversation:
>>
>> INVITE sip:2001 at 157.190.183.70 SIP/2.0
>> VIA: SIP/2.0/UDP 63.218.54.71:11987;rport;branch=z9h.....
>> FROM: whoever <sip:2008 at 157.190.183.70>;tag=455....
>> TO: whoever <sip:2001 at 157.190.183.70>
>> CONTACT: "whoever" <sip:2008 at 63.218.54.71:11987>
>> Call-Id: ....
>> CSeq: 19929 INVITE
>> Expires; 1800
>> User Agent: X-Lite release 1103m
>> Content-Type=application/sdp
>> Content-Length: 290
>>
>> Session description Protocol
>> Owner/Creator of the Session (o): 2008 245812 272828 IN IP4
>> 63.218.54.71
>> Connection information (c): IN IP4 63.218.54.71
>>
>> A 100 Trying is sent back from SER to the private client (i.e.
>caller)
>>
>> The INVITE is forwarded from SER to public client (callee) as show
>> below:
>>
>> INVITE sip:2001 at 157.190.183.70 SIP/2.0
>> VIA: SIP/2.0/UDP 157.190.183.70;branch=....
>> VIA: SIP/2.0/UDP 63.218.54.71:11987;branch=z9h.....
>> FROM: whoever <sip:2008 at 157.190.183.70>;tag=455....
>> TO: whoever <sip:2001 at 157.190.183.70>
>> CONTACT: "whoever" <sip:2008 at 63.218.54.71:11987>
>> Call-Id: ....
>> CSeq: 19929 INVITE
>> Expires; 1800
>> User Agent: X-Lite release 1103m
>> Content-Type=application/sdp
>> Content-Length: 290
>>
>> Session description Protocol
>> Owner/Creator of the Session (o): 2008 245812 272828 IN IP4
>> 63.218.54.71
>> Connection information (c): IN IP4 63.218.54.71
>>
>> 157.190.183.80 157.190.183.70 SIP 100 Trying
>> 157.190.183.80 157.190.183.70 SIP 180 Ringing
>> 157.190.183.70 63.218.54.71 SIP 180 Ringing
>>
>> 157.190.183.80 157.190.183.70 SIP/SDP Status: 200OK
>>
>> SIP/2.0 200 OK
>> Via: SIP/2.0/UDP 157.190.183.70;branch=....
>> Via: SIP/2.0/UDP 63.218.54.71:11987;rport=11987;branch=.....
>> From: whoever<sip:2008 at 157.190.183.70>;tag=...
>> To: <sip:2001 at 157.190.183.70>;tag=....
>> CSeq: 19929 INVITE
>> User Agent: Grandtsream BT100 1.0.5.18
>> Contact: <sip:2001 at 157.190.183.80>
>>
>> Session description protocol
>> (c) IN IP4 157.190.183.80
>>
>>
>> #
>> # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
>> #
>> # simple quick-start config script
>> #
>>
>> # ----------- global configuration parameters
>------------------------
>>
>> #debug=3 # debug level (cmd line: -dddddddddd)
>> #fork=yes
>> #log_stderror=no # (cmd line: -E)
>>
>> /* Uncomment these lines to enter debugging mode
>> debug=7
>> fork=no
>> log_stderror=yes
>> */
>>
>> check_via=no # (cmd. line: -v)
>> dns=no # (cmd. line: -r)
>> rev_dns=no # (cmd. line: -R)
>> #port=5060
>> #children=4
>> fifo="/tmp/ser_fifo"
>>
>> alias="157.190.183.70:5060"
>>
>> # ------------------ module loading
>----------------------------------
>>
>> # Uncomment this if you want to use SQL database
>> loadmodule "/usr/lib/ser/modules/mysql.so"
>>
>> loadmodule "/usr/lib/ser/modules/sl.so"
>> loadmodule "/usr/lib/ser/modules/tm.so"
>> loadmodule "/usr/lib/ser/modules/rr.so"
>> loadmodule "/usr/lib/ser/modules/maxfwd.so"
>> loadmodule "/usr/lib/ser/modules/usrloc.so"
>> loadmodule "/usr/lib/ser/modules/registrar.so"
>> loadmodule "/usr/lib/ser/modules/textops.so"
>> loadmodule "/usr/lib/ser/modules/nathelper.so"
>>
>> # Uncomment this if you want digest authentication
>> # mysql.so must be loaded !
>> loadmodule "/usr/lib/ser/modules/auth.so"
>> loadmodule "/usr/lib/ser/modules/auth_db.so"
>>
>> # ----------------- setting module-specific parameters
>---------------
>>
>> # -- usrloc params --
>>
>> #modparam("usrloc", "db_mode", 0)
>>
>> # Uncomment this if you want to use SQL database
>> # for persistent storage and comment the previous line
>> modparam("usrloc", "db_mode", 2)
>>
>> # -- auth params --
>> # Uncomment if you are using auth module
>> #
>> #modparam("auth_db", "calculate_ha1", yes)
>> #
>> # If you set "calculate_ha1" parameter to yes (which true in this
>> config),
>> # uncomment also the following parameter)
>> #
>> #modparam("auth_db", "password_column", "password")
>>
>> # -- rr params --
>> # add value to ;lr param to make some broken UAs happy
>> #NB Had to up this value from 1 to 11 because reinvites were
>> bombarding called phone
>> modparam("rr", "enable_full_lr", 11)
>>
>> #!! Nathelper
>> modparam("registrar", "nat_flag", 6)
>> modparam("nathelper", "natping_interval", 30) #Ping interval 30 s
>> modparam("nathelper", "ping_nated_only", 1) #Ping only clients
>> behind NAT
>>
>> modparam("tm", "fr_inv_timer", 80)
>>
>> # ------------------------- request routing logic
>-------------------
>>
>> # main routing logic
>>
>> route{
>>
>> # initial sanity checks -- messages with
>> # max_forwards==0, or excessively long requests
>> if (!mf_process_maxfwd_header("10")) {
>> sl_send_reply("483","Too Many Hops");
>> break;
>> };
>> if ( msg:len > max_len ) {
>> sl_send_reply("513", "Message too big");
>> break;
>> };
>>
>> #########################added for cit client behind nat
>> 09/02/05#######################
>> if (nat_uac_test("3")){
>> if (method == "REGISTER" || ! search("^Record-Route:")){
>> log("Log: Someone trying to register from private IP,rewriting\n");
>> fix_nated_contact(); #Rewrite contact with source IP
>> if (method == "INVITE"){
>> fix_nated_sdp("1"); #Add direction=active to SDP
>> };
>> force_rport(); # Add rport parameter to topmost Via
>> setflag(6); # Mark as Nated
>> };
>> };
>>
>#####################################################################
>> ###################
>>
>> # we record-route all messages -- to make sure that
>> # subsequent messages will go through our proxy; that's
>> # particularly good if upstream and downstream entities
>> # use different transport protocol
>>
>> if (method =="REGISTER") record_route();
>>
>> # loose-route processing
>> if (loose_route()) {
>> #commented 11/02/05
>> #t_relay();
>> route(1);
>> break;
>> };
>>
>> # if the request is for other domain use UsrLoc
>> # (in case, it does not work, use the following command
>> # with proper names and addresses in it)
>> if (uri==myself) {
>>
>> log(1,"into loop");
>> if (method=="REGISTER") {
>>
>> # Uncomment this if you want to use digest authentication
>> # if (!www_authorize("157.190.183.70", "subscriber")) {
>> # www_challenge("157.190.183.70", "0");
>> # break;
>> # };
>>
>> save("location");
>> break;
>> };
>>
>> lookup("aliases");
>> if (!uri==myself) {
>> append_hf("P-hint: outbound alias\r\n");
>> route(1);
>> break;
>> };
>>
>> if (method=="INVITE"){
>> log(1,"in invite loop");
>> #break; #no 100 trying
>> t_on_failure("1");
>> };
>>
>> # native SIP destinations are handled using our USRLOC DB
>> if (!lookup("location")) {
>> #sl_send_reply("404", "Not Found");
>> route(2);
>> break;
>> };
>> };
>>
>> # forward to current uri now; use stateful forwarding; that
>> # works reliably even if we forward from TCP to UDP
>> #commented 11/02/05#######################
>> if (!t_relay()) {
>> sl_reply_error();
>> };
>>
>> }
>>
>> ######################################entered
>>
>11/02/05############################################################
>> route[1]
>> {
>> #!!Nathelper
>> if(uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" &&
>> !search("^Route:")){
>> sl_send_reply("479", "We don't forward to private IP addresses");
>> break;
>> };
>>
>> t_on_reply("1");
>>
>> if(!t_relay()){
>> sl_reply_error();
>> };
>> }
>> ######################################entered
>>
>11/02/05############################################################
>> #!! Nathelper
>> onreply_route[1]{
>> if(isflagset(6) && status =~ "(183)|2[0-9][0-9]"){
>> fix_nated_contact();
>> force_rtp_proxy();
>> } else if (nat_uac_test("1")){
>> fix_nated_contact();
>> };
>> }
>>
>#####################################################################
>#
>> ###########################################
>>
>> # ------------- handling of unavailable user ------------------
>> route[2] {
>>
>> # non-Voip -- just send "off-line"
>> if (!(method == "INVITE" || method == "ACK" || method ==
>> "CANCEL")) {
>> sl_send_reply("404", "Not Found");
>> break;
>> };
>>
>> # forward to voicemail now
>> rewritehostport("157.190.183.70:5062");
>> t_relay_to_udp("157.190.183.70", "5062");
>> }
>>
>> # if forwarding downstream did not succeed, try voicemail running
>> # at 157.190.183.70:5062
>>
>> failure_route[1] {
>> revert_uri();
>> rewritehostport("157.190.183.70:5062");
>> append_branch();
>> t_relay_to_udp("157.190.183.70", "5062");
>> }
>>
>>
>>
>>
>>
>> -------------------Legal
>> Disclaimer---------------------------------------
>>
>> The above electronic mail transmission is confidential and intended
>> only for the person to whom it is addressed. Its contents may be
>> protected by legal and/or professional privilege. Should it be
>> received by you in error please contact the sender at the above
>> quoted email address. Any unauthorised form of reproduction of this
>> message is strictly prohibited. The Institute does not guarantee
>the
>> security of any information electronically transmitted and is not
>> liable if the information contained in this communication is not a
>> proper and complete record of the message as transmitted by the
>> sender nor for any delay in its receipt.
>>
>> _______________________________________________
>> Serusers mailing list
>> Serusers at iptel.org
>> http://mail.iptel.org/mailman/listinfo/serusers
>
>
>-------------------Legal
>Disclaimer---------------------------------------
>
>The above electronic mail transmission is confidential and intended
>only for the person to whom it is addressed. Its contents may be
>protected by legal and/or professional privilege. Should it be
>received by you in error please contact the sender at the above
>quoted email address. Any unauthorised form of reproduction of this
>message is strictly prohibited. The Institute does not guarantee the
>security of any information electronically transmitted and is not
>liable if the information contained in this communication is not a
>proper and complete record of the message as transmitted by the
>sender nor for any delay in its receipt.
>
-------------------Legal Disclaimer---------------------------------------
The above electronic mail transmission is confidential and intended only for the person to whom it is addressed. Its contents may be protected by legal and/or professional privilege. Should it be received by you in error please contact the sender at the above quoted email address. Any unauthorised form of reproduction of this message is strictly prohibited. The Institute does not guarantee the security of any information electronically transmitted and is not liable if the information contained in this communication is not a proper and complete record of the message as transmitted by the sender nor for any delay in its receipt.
More information about the sr-users
mailing list