[Serusers] NATHELPER/rtpproxy does not work
Freddy - VoiceFinder SA
freddy2006 at gmail.com
Thu Feb 24 04:56:08 CET 2005
Sip EXpress router (0.8.99-dev1 (i386/linux)) (CVS Agosto 2004), ...
actually I was thinking in to downgrade to version 0.8.14...
On Wed, 23 Feb 2005 19:49:38 -0500, Walter Willis <walterwn at gmail.com> wrote:
> wath version the SER do you use?
>
>
> On Wed, 23 Feb 2005 15:15:27 -0500, Freddy - VoiceFinder SA
> <freddy2006 at gmail.com> wrote:
> > Hello
> > My SER implementation includes Asterisk voicemail for unavailable
> > users, Radius Accounting, Digest Authentication and PSTN gateway
> > forwarding, everything works very well but now I am trying
> > NatHelper/rtpproxy for nated endpoints, nated clients are registering
> > with public IP but I cannot hear incoming audio in nated X-lite
> > clients even if I use Port Forwarding or enable DMZ in NAT device
> > (LinkSys), I am very confused because I can hear audio from
> > Asterisk... maybe I have some problem in ser, please take a look to my
> > configuration file and send me some advice, thanks
> >
> >
> >
> > PS: myser.cfg based on
> > http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/etc/nathelper.cfg?rev=1.1.2.1&content-type=text/vnd.viewcvs-markup
> >
> > /usr/local/etc/ser/Ser_VM_RadAcc_NatHelp-Test1.cfg
> >
> > # Version: We are using: Sip EXpress router (0.8.99-dev1 (i386/linux))
> > (Agosto 2004)
> > # This default script includes nathelper support. To make it work
> > # you will also have to install Maxim's RTP proxy. The proxy is enforced
> > # if one of the parties is behind a NAT.
> > #
> > # If you have an endpoing in the public internet which is known to
> > # support symmetric RTP (Cisco PSTN gateway or voicemail, for example),
> > # then you don't have to force RTP proxy. If you don't want to enforce
> > # RTP proxy for some destinations than simply use t_relay() instead of
> > # route(1)
> > #
> > # Sections marked with !! Nathelper contain modifications for nathelper
> >
> > # ----------- global configuration parameters ------------------------
> >
> > #/* Uncomment these lines to enter debugging mode
> > debug=9
> > fork=yes
> > log_stderror=yes
> > #*/
> >
> > listen=100.110.*.*
> > listen=127.0.0.1
> > port=5060
> >
> > # hostname matching an alias will satisfy the condition uri==myself".
> > alias=my.domain.com.pe
> > alias=100.110.*.*
> >
> > check_via=no # (cmd. line: -v)
> > dns=no # (cmd. line: -r)
> > rev_dns=no # (cmd. line: -R)
> > children=4
> > fifo="/tmp/ser_fifo"
> >
> > # sip_warning - Should replies include extensive warnings?
> > # By default yes, it is good for trouble-shooting.
> > sip_warning=yes
> >
> > # ------------------ module loading ----------------------------------
> > loadmodule "/usr/local/lib/ser/modules/mysql.so"
> > loadmodule "/usr/local/lib/ser/modules/sl.so"
> > loadmodule "/usr/local/lib/ser/modules/tm.so"
> > loadmodule "/usr/local/lib/ser/modules/rr.so"
> > loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> > loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> > loadmodule "/usr/local/lib/ser/modules/registrar.so"
> > loadmodule "/usr/local/lib/ser/modules/group.so"
> > loadmodule "/usr/local/lib/ser/modules/uri.so"
> > loadmodule "/usr/local/lib/ser/modules/uri_db.so"
> > loadmodule "/usr/local/lib/ser/modules/acc.so"
> > loadmodule "/usr/local/lib/ser/modules/textops.so"
> >
> > # digest authentication
> > loadmodule "/usr/local/lib/ser/modules/auth.so"
> > loadmodule "/usr/local/lib/ser/modules/auth_db.so"
> >
> > # !! Nathelper
> > loadmodule "/usr/local/lib/ser/modules/nathelper.so"
> >
> > # ----------------- setting module-specific parameters ---------------
> >
> > modparam("usrloc", "db_mode", 2)
> >
> > # storing passwords in our database in plain text:
> > # modparam("auth_db", "calculate_ha1", yes)
> > # modparam("auth_db", "password_column", "password")
> >
> > # For Rad Accounting
> > modparam("acc", "radius_config","/usr/local/etc/radiusclient/radiusclient.conf")
> > modparam("acc", "service_type", 15)
> > modparam("acc", "radius_flag", 1)
> > modparam("acc", "radius_missed_flag", 3)
> > modparam("acc", "report_ack", 0) # 1 reporta dos starts en acc
> >
> > modparam("tm", "fr_timer", 20 )
> > modparam("tm", "fr_inv_timer", 30 )
> > modparam("tm", "wt_timer", 20 )
> >
> > # add value to ;lr param to make some broken UAs happy
> > modparam("rr", "enable_full_lr", 1)
> >
> > modparam("group", "db_url", "mysql://ser:heslo@localhost/ser") #
> > "mysql" in cvs head version
> > # modparam("uri", "db_url", "sql://ser:heslo@localhost/ser") # "sql" in ser0814
> > modparam("uri_db", "db_url", "mysql://ser:heslo@localhost/ser") #
> > "mysql" in cvs head version
> >
> > # ------------- registration parameters
> > modparam("registrar", "nat_flag", 6)
> > modparam("registrar", "min_expires", 60)
> > modparam("registrar", "max_expires", 86400)
> > modparam("registrar", "default_expires", 3600)
> > modparam("registrar", "desc_time_order", 1)
> > modparam("registrar", "append_branches", 1)
> >
> > # !! Nathelper
> > # modparam("registrar", "nat_flag", 6)
> > modparam("nathelper", "natping_interval", 30) # Ping interval 30 s
> > modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT
> >
> > # -------------------------- request routing logic --------------------------
> >
> > route {
> >
> > log(1, "-------------------------------------------\n");
> > log(1, "entering main loop\n");
> >
> > # initial sanity checks -- messages with
> > # max_forwards==0, or excessively long requests
> > if (!mf_process_maxfwd_header("10")) {
> > sl_send_reply("483","Too Many Hops");
> > break;
> > };
> > if ( msg:len >= max_len ) {
> > sl_send_reply("513", "Message too big");
> > break;
> > };
> >
> > # !! Nathelper
> > # Special handling for NATed clients; first, NAT test is
> > # executed: it looks for via!=received and RFC1918 addresses
> > # in Contact (may fail if line-folding is used); also,
> > # the received test should, if completed, should check all
> > # vias for rpesence of received
> > if (nat_uac_test("3")) {
> > # Allow RR-ed requests, as these may indicate that
> > # a NAT-enabled proxy takes care of it; unless it is
> > # a REGISTER
> >
> > if (method == "REGISTER" || ! search("^Record-Route:")) {
> > log("LOG: Someone trying to register from private
> > IP, rewriting\n");
> >
> > # This will work only for user agents that support symmetric
> > # communication. We tested quite many of them and
> > majority is
> > # smart enough to be symmetric. In some phones it
> > takes a configuration
> > # option. With Cisco 7960, it is called
> > NAT_Enable=Yes, with kphone it is
> > # called "symmetric media" and "symmetric signalling".
> >
> > fix_nated_contact(); # Rewrite contact with source
> > IP of signalling
> > if (method == "INVITE") {
> > fix_nated_sdp("1"); # Add direction=active to SDP
> > };
> > force_rport(); # Add rport parameter to topmost Via
> > setflag(6); # Mark as NATed
> > };
> > };
> >
> > # record-route all messages -- to make sure that
> > # subsequent messages will go through our proxy; that's
> > # particularly good if upstream and downstream entities
> > # use different transport protocol
> >
> > if (!method=="REGISTER") record_route();
> >
> > # subsequent messages withing a dialog should take the
> > # path determined by record-routing
> >
> > if (loose_route()) {
> > # mark routing logic in request
> > append_hf("P-hint: rr-enforced\r\n");
> > # t_relay(); ### use If don't want to enforce RTP proxy
> > route(1); ### Nathelper!!
> > break;
> > };
> >
> > # set Flag for Radius Accounting:
> >
> > if (method=="INVITE") {
> > log(1, "INVITE MESSAGE RECEIVED - START ACC\n");
> > setflag(1); /* set for accounting (the same value as
> > in log_flag!) */
> > };
> >
> > if (method=="BYE") {
> > log (1, "BYE - STOP ACCOUNTING\n");
> > setflag(1);
> > };
> >
> > if (method=="CANCEL") {
> > log (1, "CANCEL - STOP ACCOUNTING\n");
> > setflag(1);
> > };
> >
> > setflag(3); # Set Radius Missed Flag (radius_missed_flag
> > param...)
> >
> > if (!uri==myself) {
> > # mark routing logic in request
> > append_hf("P-hint: outbound\r\n");
> > # t_relay();
> > route(1);
> > break;
> > };
> >
> > if (uri==myself) {
> >
> > if (method == "REGISTER") {
> > log(1, "ANALYZING REGISTER REQUEST\n");
> > # to use digest authentication
> > if (!www_authorize("my.domain.com.pe", "subscriber")) {
> > www_challenge("my.domain.com.pe", "0");
> > break;
> > };
> > if (!save("location")) {
> > sl_reply_error();
> > };
> > break;
> > };
> >
> > /* ***************** very insecure Dial out to PSTN
> > logic ****************** */
> > ### Pendiente agregar seguridad a esta etapa, usar
> > Digest-Auth o "credentials"
> > ### ver http://www.voip-info.org/wiki-SER+example+pstn
> >
> > # forward n digit requests to gateway AS5350
> > if(uri=~"^sip:9"){
> > log(1,"n digit expression match - Celulares Lima");
> > rewritehostport("100.110.*.*:5060");
> > route(2);
> > break;
> > };
> >
> > # forward international calls to Asterisk (using Oh323
> > module to connect with H323 GWs)
> > if(uri=~"^sip:00"){
> > rewritehostport("100.110.*.*:5060");
> > log(1,"n digit expression match - LDI");
> > route(2);
> > break;
> > };
> >
> > /*
> > ********************************************************************
> > */
> >
> > lookup("aliases");
> > if (!uri==myself) {
> > append_hf("P-hint: outbound alias\r\n");
> > # t_relay();
> > route(1);
> > break;
> > };
> >
> > # does the user wish redirection on no availability?
> > (i.e., is he
> > # in the voicemail group?) -- determine it now and store it in
> > # flag 4, before we rewrite the flag using UsrLoc
> >
> > if (is_user_in("Request-URI", "voicemail")) {
> > log(1, "requested user is in voicemail group");
> > setflag(4);
> > };
> >
> > # native SIP destinations are handled using our USRLOC DB
> > if (!lookup("location")) {
> > log(1,"unable to locate user");
> > # handle user which was not found
> > route(4);
> > break;
> > };
> >
> > }; # End of "if(uri==myself)"
> >
> > append_hf("P-hint: usrloc applied\r\n");
> > route(1);
> >
> > # if user is on-line and is in Voicemail group, enable redirection
> > if (method == "INVITE" && isflagset(4)) {
> > log(1, "invite for voicemail user->initiate failureroute[1]\n");
> > t_on_failure("1");
> > };
> >
> > # t_relay();
> > }
> >
> > route[1]
> > {
> > # !! Nathelper
> > if (uri=~"[@:](192\.168\.)" && !search("^Route:")){
> > sl_send_reply("479", "We don't forward to private IP addresses");
> > break;
> > };
> >
> > # if client or server know to be behind a NAT, enable relay
> > if (isflagset(6)) {
> > force_rtp_proxy();
> > };
> >
> > # NAT processing of replies; apply to all transactions (for example,
> > # re-INVITEs from public to private UA are hard to identify as
> > # NATed at the moment of request processing); look at replies
> > t_on_reply("1");
> >
> > # send it out now; use stateful forwarding as it works reliably
> > # even for UDP2TCP
> > if (!t_relay()) {
> > sl_reply_error();
> > };
> > }
> >
> > # !! Nathelper
> > onreply_route[1] {
> > # NATed transaction ?
> > if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
> > fix_nated_contact();
> > force_rtp_proxy();
> > # otherwise, is it a transaction behind a NAT and we did not
> > # know at time of request processing ? (RFC1918 contacts)
> > } else if (nat_uac_test("1")) {
> > fix_nated_contact();
> > };
> > }
> >
> > # ----------------- SIP-to-PSTN call routed -------------------
> >
> > route[2]{
> > log(1,"route[2]:SIP-to-GW call routed");
> > if(!t_relay()){
> > sl_reply_error();
> > };
> > }
> >
> > # --------------- Handling of Unavailable user ----------------
> > route[4] {
> >
> > # non-Voip -- just send "off-line"
> > if (!(method=="INVITE" || method=="ACK" || method=="CANCEL" ||
> > method=="BYE")) {
> > sl_send_reply("404", "Not Found");
> > acc_rad_request("404 Not Found");
> > break;
> > };
> >
> > # not voicemail subscriber
> > if (!isflagset(4)) {
> > sl_send_reply("404", "Not Found and no voicemail turned on");
> > acc_rad_request("404 Not Found");
> > break;
> > };
> >
> > ### Forward to * voicemail adding prefix "vm" to simplify *
> > "extension.conf" to this:
> > ### exten => _vmXXXXXXX,1,Voicemail(u${EXTEN:2})
> > ### exten => _vmXXXXXXX,2,Hangup
> >
> > prefix("vm");
> > rewritehostport("100.110.**.**:5060");
> > t_relay_to_udp("100.110.**.**","5060");
> > }
> >
> > # if forwarding downstream did not succeed, try voicemail running at Asterisk
> >
> > failure_route[1]{
> > if (t_check_status("485")){
> > revert_uri ();
> > prefix("vm");
> > rewritehostport ("100.110.**.**:5060");
> > append_branch();
> > t_relay();
> > break;
> > }
> > }
> >
> > _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> >
>
More information about the sr-users
mailing list