[Serusers] TCP/TLS and NAT. Problem with BYE...

Cesc cesc.santa at gmail.com
Sun Oct 16 14:49:56 CEST 2005 

I think that the solution is using force_tcp_alias. This would solve the
problem for the incoming bye, as ser would
search for an already open tcp connection to alice (let's hope is still
there). The phone of alice needs not know/support
connection reuse draft (ser does).
This solved a similar problem i used to have, as you pointed me. Now i do a
force_tcp_alias for all mesages going
through the config file ... probably not optimal, but my config file is
faaar from optimal :)

Regards

Cesc

On 10/15/05, Alexander Ph. Lintenhofer <lintenhofer at aon.at> wrote:
>
> Hi everybody,
>
> A short question:
>
> alice at atlanta.com is behind NAT. She uses TCP to connect her UAC to
> sip.atlanta.com <http://sip.atlanta.com> in the public network.
> Inviting bob at biloxi.com suceeds. But Bob can't terminate the call. His
> BYE is not routed back, because fix_nated_contact() does only work with
> UDP. And Bob builds the R-URI with the Infos of Alice's contact header.
>
> The route is as follows:
> alice at atlanta.com [172.16.0.4 <http://172.16.0.4>] -> natbox.atlanta.com<http://natbox.atlanta.com>[
> 172.16.0.1 <http://172.16.0.1> |
> 192.168.0.13 <http://192.168.0.13>] -> sip.atlanta.com<http://sip.atlanta.com>[
> 192.168.0.14 <http://192.168.0.14>] -> sip.biloxi.com<http://sip.biloxi.com>
> [192.168.1.14 <http://192.168.1.14>] -> bob at biloxi.com [192.168.1.1<http://192.168.1.1>
> ]
>
> Possible solutions:
> - force_tcp_alias() -> but reading the draft
> draft-ietf-sip-connect-reuse-04.txt yields that this must be supported
> by the components - so doesn't the snom360 of Alice
> - commenting some lines in nathelper.c and activate it for TCP -> this
> works pretty fine and the BYE finds its way from Bob through the NAT-Box
> to Alice. But this is a dirty solution.
>
> So does anybody has a similar problem? My config works fine with UDP but
> switching to TCP makes life hard...
> I attached the traces Bob received, his last BYE is finally dropped by
> sip.atlanta.com <http://sip.atlanta.com>, because the network-address
> 172.16.0.4 <http://172.16.0.4> can't be found!
>
> Thank you for your help!
> regards, Philipp
>
> =========================================================================
>
> Received from tcp:192.168.1.14:5060 <http://192.168.1.14:5060> at
> 15/10/2005 19:18:32:250 (1751 bytes):
>
> INVITE sip:bob at 192.168.1.1:2063;transport=tcp;line=wxqurd1s SIP/2.0
> Record-Route: <sip:192.168.1.14 <http://192.168.1.14>
> ;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route:
> <sip:192.168.1.14:5061 <http://192.168.1.14:5061>
> ;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route:
> <sip:192.168.0.14:5061 <http://192.168.0.14:5061>
> ;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route: <sip:192.168.0.14 <http://192.168.0.14>
> ;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> Via: SIP/2.0/TCP 192.168.1.14 <http://192.168.1.14>;branch=
> z9hG4bKcad9.057cd815.0;i=d
> Via: SIP/2.0/TLS 192.168.0.14:5061 <http://192.168.0.14:5061>;branch=
> z9hG4bKcad9.685be3c3.0;i=1
> Via: SIP/2.0/TCP
> 172.16.0.4:2327 <http://172.16.0.4:2327>;received=192.168.0.13<http://192.168.0.13>
> ;branch=z9hG4bK-y79imu6dlqxs;rport=2327
> From: "Alice" <sip:alice at atlanta.com>;tag=5s8qncdbso
> To: <sip:bob at biloxi.com>
> Call-ID: 3c2675cac832-ce5ge5sxlx2q at snom360
> CSeq: 1 INVITE
> Max-Forwards: 68
> Contact: <sip:alice at 172.16.0.4:2327;transport=tcp;line=fyyuh6tl>
> P-Key-Flags: resolution="31x13", keys="4"
> User-Agent: snom360/4.3
> Accept: application/sdp
> Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE,
> PRACK, MESSAGE, INFO
> Allow-Events: talk, hold, refer
> Supported: timer, 100rel, replaces, callerid
> Session-Expires: 3600
> Content-Type: application/sdp
> Content-Length: 507
> P-hint: outbound
> P-hint: forced TLS relay
> P-hint: usrloc applied
>
> Sent to tcp:192.168.1.14:5060 <http://192.168.1.14:5060> at 15/10/2005
> 19:18:32:270 (929 bytes):
>
> SIP/2.0 180 Ringing
> Via: SIP/2.0/TCP 192.168.1.14 <http://192.168.1.14>;branch=
> z9hG4bKcad9.057cd815.0;i=d
> Via: SIP/2.0/TLS 192.168.0.14:5061 <http://192.168.0.14:5061>;branch=
> z9hG4bKcad9.685be3c3.0;i=1
> Via: SIP/2.0/TCP
> 172.16.0.4:2327 <http://172.16.0.4:2327>;received=192.168.0.13<http://192.168.0.13>
> ;branch=z9hG4bK-y79imu6dlqxs;rport=2327
> Record-Route: <sip:192.168.1.14 <http://192.168.1.14>
> ;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route:
> <sip:192.168.1.14:5061 <http://192.168.1.14:5061>
> ;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route:
> <sip:192.168.0.14:5061 <http://192.168.0.14:5061>
> ;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route: <sip:192.168.0.14 <http://192.168.0.14>
> ;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> From: "Alice" <sip:alice at atlanta.com>;tag=5s8qncdbso
> To: <sip:bob at biloxi.com>;tag=fxdufnc4xz
> Call-ID: 3c2675cac832-ce5ge5sxlx2q at snom360
> CSeq: 1 INVITE
> Contact: <sip:bob at 192.168.1.1:2063;transport=tcp;line=wxqurd1s>
> Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE,
> PRACK, MESSAGE, INFO
> Allow-Events: talk, hold, refer
> Content-Length: 0
>
> Sent to tcp:192.168.1.14:5060 <http://192.168.1.14:5060> at 15/10/2005
> 19:18:33:390 (1377 bytes):
>
> SIP/2.0 200 Ok
> Via: SIP/2.0/TCP 192.168.1.14 <http://192.168.1.14>;branch=
> z9hG4bKcad9.057cd815.0;i=d
> Via: SIP/2.0/TLS 192.168.0.14:5061 <http://192.168.0.14:5061>;branch=
> z9hG4bKcad9.685be3c3.0;i=1
> Via: SIP/2.0/TCP
> 172.16.0.4:2327 <http://172.16.0.4:2327>;received=192.168.0.13<http://192.168.0.13>
> ;branch=z9hG4bK-y79imu6dlqxs;rport=2327
> Record-Route: <sip:192.168.1.14 <http://192.168.1.14>
> ;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route:
> <sip:192.168.1.14:5061 <http://192.168.1.14:5061>
> ;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route:
> <sip:192.168.0.14:5061 <http://192.168.0.14:5061>
> ;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route: <sip:192.168.0.14 <http://192.168.0.14>
> ;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> From: "Alice" <sip:alice at atlanta.com>;tag=5s8qncdbso
> To: <sip:bob at biloxi.com>;tag=fxdufnc4xz
> Call-ID: 3c2675cac832-ce5ge5sxlx2q at snom360
> CSeq: 1 INVITE
> Contact: <sip:bob at 192.168.1.1:2063;transport=tcp;line=wxqurd1s>
> Require: timer
> Session-Expires: 3600;refresher=uac
> User-Agent: snom360/4.3
> Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE,
> PRACK, MESSAGE, INFO
> Allow-Events: talk, hold, refer
> Supported: timer, 100rel, replaces, callerid
> Content-Type: application/sdp
> Content-Length: 296
>
> ACK sip:bob at 192.168.1.1:2063;transport=tcp;line=wxqurd1s SIP/2.0
> Record-Route: <sip:192.168.1.14 <http://192.168.1.14>
> ;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route:
> <sip:192.168.1.14:5061 <http://192.168.1.14:5061>
> ;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route:
> <sip:192.168.0.14:5061 <http://192.168.0.14:5061>
> ;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route: <sip:192.168.0.14 <http://192.168.0.14>
> ;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> Via: SIP/2.0/TCP 192.168.1.14 <http://192.168.1.14>;branch=0;i=d
> Via: SIP/2.0/TLS 192.168.0.14:5061 <http://192.168.0.14:5061>;branch=0;i=1
> Via: SIP/2.0/TCP
> 172.16.0.4:2327 <http://172.16.0.4:2327>;received=192.168.0.13<http://192.168.0.13>
> ;branch=z9hG4bK-o9f1lglhf4pk;rport=2327
> From: "Alice" <sip:alice at atlanta.com>;tag=5s8qncdbso
> To: <sip:bob at biloxi.com>;tag=fxdufnc4xz
> Call-ID: 3c2675cac832-ce5ge5sxlx2q at snom360
> CSeq: 1 ACK
> Max-Forwards: 68
> Contact: <sip:alice at 172.16.0.4:2327;transport=tcp;line=fyyuh6tl>
> Content-Length: 0
> P-hint: rr-enforced
> P-hint: rr-enforced
>
> Sent to tcp:192.168.1.14:5060 <http://192.168.1.14:5060> at 15/10/2005
> 19:18:34:480 (703 bytes):
>
> BYE sip:alice at 172.16.0.4:2327;transport=tcp;line=fyyuh6tl SIP/2.0
> Via: SIP/2.0/TCP 192.168.1.1:2063 <http://192.168.1.1:2063>
> ;branch=z9hG4bK-gu03sll9uumm;rport
> Route: <sip:192.168.1.14 <http://192.168.1.14>
> ;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> Route: <sip:192.168.1.14:5061 <http://192.168.1.14:5061>
> ;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Route: <sip:192.168.0.14:5061 <http://192.168.0.14:5061>
> ;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Route: <sip:192.168.0.14 <http://192.168.0.14>
> ;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> From: <sip:bob at biloxi.com>;tag=fxdufnc4xz
> To: "Alice" <sip:alice at atlanta.com>;tag=5s8qncdbso
> Call-ID: 3c2675cac832-ce5ge5sxlx2q at snom360
> CSeq: 1 BYE
> Max-Forwards: 70
> Contact: <sip:bob at 192.168.1.1:2063;transport=tcp;line=wxqurd1s>
> User-Agent: snom360/4.3
> Content-Length: 0
>
> _______________________________________________
> Serusers mailing list
> Serusers at iptel.org
> http://mail.iptel.org/mailman/listinfo/serusers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20051016/b55c6792/attachment.htm>

More information about the sr-users mailing list