[Serusers] TCP/TLS and NAT. Problem with BYE...
Alexander Ph. Lintenhofer
lintenhofer at aon.at
Sun Oct 16 18:32:21 CEST 2005
Thank you Cesc,
I added two lines to openser.cfg:
- tcp_accept_aliases= yes
- force_tcp_alias();
without any results. Is there anything more to concern?
Errors:
5(1500) ERROR: tcp_blocking_connect: timeout (10)
5(1500) ERROR: tcpconn_connect: tcp_blocking_connect failed
5(1500) ERROR: tcp_send: connect failed
5(1500) msg_send: ERROR: tcp_send failed
5(1500) ERROR:tm:t_forward_nonack: sending request failed
Maybe I did not understand the draft, but I believed, that only OpenSER
can originate the creation of a TCP-alias by force_tcp_alias().
Section4:
The proposed mechanism uses a new Via header field parameter. The
"alias" parameter is included in a Via header field value to indicate
that the originator of the request wants to create a transport layer
alias. The originator places their alias in the Via header field
value (in the "sent-by" production). This "alias" address becomes
mapped to the a actual IP address and port number observed as the
source address of the current connection.
So if Alice sends the INVITE-Request, how could she originate a TCP-alias.
The trying, ringing and OK find their way back to alice over the existing TCP connection.
But - assuming that the TCP connection still exists - how can this connection be used by the BYE request initiated by Bob ???
The connection from OpenSER to Alice is ESTABLISHED - as seen by netstat on the OpenSER machine and on the natbox.
regards,
Philipp
> I think that the solution is using force_tcp_alias. This would solve
> the problem for the incoming bye, as ser would
> search for an already open tcp connection to alice (let's hope is
> still there). The phone of alice needs not know/support
> connection reuse draft (ser does).
> This solved a similar problem i used to have, as you pointed me. Now i
> do a force_tcp_alias for all mesages going
> through the config file ... probably not optimal, but my config file
> is faaar from optimal :)
>
> Regards
>
> Cesc
>
> On 10/15/05, *Alexander Ph. Lintenhofer* <lintenhofer at aon.at
> <mailto:lintenhofer at aon.at>> wrote:
>
> Hi everybody,
>
> A short question:
>
> alice at atlanta.com <mailto:alice at atlanta.com> is behind NAT. She
> uses TCP to connect her UAC to
> sip.atlanta.com <http://sip.atlanta.com> in the public network.
> Inviting bob at biloxi.com <mailto:bob at biloxi.com> suceeds. But Bob
> can't terminate the call. His
> BYE is not routed back, because fix_nated_contact() does only work
> with
> UDP. And Bob builds the R-URI with the Infos of Alice's contact
> header.
>
> The route is as follows:
> alice at atlanta.com <mailto:alice at atlanta.com> [172.16.0.4
> <http://172.16.0.4>] -> natbox.atlanta.com
> <http://natbox.atlanta.com> [ 172.16.0.1 <http://172.16.0.1> |
> 192.168.0.13 <http://192.168.0.13>] -> sip.atlanta.com
> <http://sip.atlanta.com> [192.168.0.14 <http://192.168.0.14>] ->
> sip.biloxi.com <http://sip.biloxi.com>
> [192.168.1.14 <http://192.168.1.14>] -> bob at biloxi.com
> <mailto:bob at biloxi.com> [192.168.1.1 <http://192.168.1.1>]
>
> Possible solutions:
> - force_tcp_alias() -> but reading the draft
> draft-ietf-sip-connect-reuse-04.txt yields that this must be supported
> by the components - so doesn't the snom360 of Alice
> - commenting some lines in nathelper.c and activate it for TCP -> this
> works pretty fine and the BYE finds its way from Bob through the
> NAT-Box
> to Alice. But this is a dirty solution.
>
> So does anybody has a similar problem? My config works fine with
> UDP but
> switching to TCP makes life hard...
> I attached the traces Bob received, his last BYE is finally
> dropped by
> sip.atlanta.com <http://sip.atlanta.com>, because the
> network-address 172.16.0.4 <http://172.16.0.4> can't be found!
>
> Thank you for your help!
> regards, Philipp
>
> =========================================================================
>
>
> Received from tcp:192.168.1.14:5060 <http://192.168.1.14:5060> at
> 15/10/2005 19:18:32:250 (1751 bytes):
>
> INVITE sip:bob at 192.168.1.1:2063;transport=tcp;line=wxqurd1s SIP/2.0
> Record-Route: <sip: 192.168.1.14
> <http://192.168.1.14>;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route:
> <sip:192.168.1.14:5061
> <http://192.168.1.14:5061>;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route:
> <sip:192.168.0.14:5061
> <http://192.168.0.14:5061>;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route: <sip:192.168.0.14
> <http://192.168.0.14>;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> Via: SIP/2.0/TCP 192.168.1.14
> <http://192.168.1.14>;branch=z9hG4bKcad9.057cd815.0;i=d
> Via: SIP/2.0/TLS 192.168.0.14:5061
> <http://192.168.0.14:5061>;branch=z9hG4bKcad9.685be3c3.0;i=1
> Via: SIP/2.0/TCP
> 172.16.0.4:2327 <http://172.16.0.4:2327>;received=192.168.0.13
> <http://192.168.0.13>;branch=z9hG4bK-y79imu6dlqxs;rport=2327
> From: "Alice" < sip:alice at atlanta.com
> <mailto:sip:alice at atlanta.com>>;tag=5s8qncdbso
> To: <sip:bob at biloxi.com <mailto:sip:bob at biloxi.com>>
> Call-ID: 3c2675cac832-ce5ge5sxlx2q at snom360
> CSeq: 1 INVITE
> Max-Forwards: 68
> Contact: <sip:alice at 172.16.0.4 :2327;transport=tcp;line=fyyuh6tl>
> P-Key-Flags: resolution="31x13", keys="4"
> User-Agent: snom360/4.3
> Accept: application/sdp
> Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE,
> PRACK, MESSAGE, INFO
> Allow-Events: talk, hold, refer
> Supported: timer, 100rel, replaces, callerid
> Session-Expires: 3600
> Content-Type: application/sdp
> Content-Length: 507
> P-hint: outbound
> P-hint: forced TLS relay
> P-hint: usrloc applied
>
> Sent to tcp:192.168.1.14:5060 <http://192.168.1.14:5060> at
> 15/10/2005 19:18:32:270 (929 bytes):
>
> SIP/2.0 180 Ringing
> Via: SIP/2.0/TCP 192.168.1.14
> <http://192.168.1.14>;branch=z9hG4bKcad9.057cd815.0;i=d
> Via: SIP/2.0/TLS 192.168.0.14:5061
> <http://192.168.0.14:5061>;branch=z9hG4bKcad9.685be3c3.0;i=1
> Via: SIP/2.0/TCP
> 172.16.0.4:2327 <http://172.16.0.4:2327>;received=192.168.0.13
> <http://192.168.0.13>;branch=z9hG4bK-y79imu6dlqxs;rport=2327
> Record-Route: <sip:192.168.1.14
> <http://192.168.1.14>;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route:
> <sip:192.168.1.14:5061
> <http://192.168.1.14:5061>;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route:
> <sip:192.168.0.14:5061
> <http://192.168.0.14:5061>;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route: <sip:192.168.0.14
> <http://192.168.0.14>;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> From: "Alice" <sip:alice at atlanta.com
> <mailto:sip:alice at atlanta.com>>;tag=5s8qncdbso
> To: <sip:bob at biloxi.com <mailto:sip:bob at biloxi.com>>;tag=fxdufnc4xz
> Call-ID: 3c2675cac832-ce5ge5sxlx2q at snom360
> CSeq: 1 INVITE
> Contact: <sip:bob at 192.168.1.1:2063;transport=tcp;line=wxqurd1s>
> Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE,
> PRACK, MESSAGE, INFO
> Allow-Events: talk, hold, refer
> Content-Length: 0
>
> Sent to tcp:192.168.1.14:5060 <http://192.168.1.14:5060> at
> 15/10/2005 19:18:33:390 (1377 bytes):
>
> SIP/2.0 200 Ok
> Via: SIP/2.0/TCP 192.168.1.14
> <http://192.168.1.14>;branch=z9hG4bKcad9.057cd815.0;i=d
> Via: SIP/2.0/TLS 192.168.0.14:5061
> <http://192.168.0.14:5061>;branch=z9hG4bKcad9.685be3c3.0;i=1
> Via: SIP/2.0/TCP
> 172.16.0.4:2327 <http://172.16.0.4:2327>;received=192.168.0.13
> <http://192.168.0.13>;branch=z9hG4bK-y79imu6dlqxs;rport=2327
> Record-Route: <sip:192.168.1.14
> <http://192.168.1.14>;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route:
> <sip:192.168.1.14:5061
> <http://192.168.1.14:5061>;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route:
> <sip:192.168.0.14:5061
> <http://192.168.0.14:5061>;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route: <sip:192.168.0.14
> <http://192.168.0.14>;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> From: "Alice" <sip:alice at atlanta.com
> <mailto:sip:alice at atlanta.com>>;tag=5s8qncdbso
> To: <sip:bob at biloxi.com <mailto:sip:bob at biloxi.com>>;tag=fxdufnc4xz
> Call-ID: 3c2675cac832-ce5ge5sxlx2q at snom360
> CSeq: 1 INVITE
> Contact: <sip:bob at 192.168.1.1:2063;transport=tcp;line=wxqurd1s>
> Require: timer
> Session-Expires: 3600;refresher=uac
> User-Agent: snom360/4.3
> Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE,
> PRACK, MESSAGE, INFO
> Allow-Events: talk, hold, refer
> Supported: timer, 100rel, replaces, callerid
> Content-Type: application/sdp
> Content-Length: 296
>
> ACK sip:bob at 192.168.1.1:2063;transport=tcp;line=wxqurd1s SIP/2.0
> Record-Route: <sip:192.168.1.14
> <http://192.168.1.14>;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route:
> <sip:192.168.1.14:5061
> <http://192.168.1.14:5061>;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route:
> <sip:192.168.0.14:5061
> <http://192.168.0.14:5061>;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Record-Route: <sip:192.168.0.14
> <http://192.168.0.14>;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> Via: SIP/2.0/TCP 192.168.1.14 <http://192.168.1.14>;branch=0;i=d
> Via: SIP/2.0/TLS 192.168.0.14:5061
> <http://192.168.0.14:5061>;branch=0;i=1
> Via: SIP/2.0/TCP
> 172.16.0.4:2327 <http://172.16.0.4:2327>;received=192.168.0.13
> <http://192.168.0.13>;branch=z9hG4bK-o9f1lglhf4pk;rport=2327
> From: "Alice" <sip:alice at atlanta.com
> <mailto:sip:alice at atlanta.com>>;tag=5s8qncdbso
> To: <sip:bob at biloxi.com <mailto:sip:bob at biloxi.com>>;tag=fxdufnc4xz
> Call-ID: 3c2675cac832-ce5ge5sxlx2q at snom360
> CSeq: 1 ACK
> Max-Forwards: 68
> Contact: <sip:alice at 172.16.0.4:2327;transport=tcp;line=fyyuh6tl>
> Content-Length: 0
> P-hint: rr-enforced
> P-hint: rr-enforced
>
> Sent to tcp:192.168.1.14:5060 <http://192.168.1.14:5060> at
> 15/10/2005 19:18:34:480 (703 bytes):
>
> BYE sip:alice at 172.16.0.4:2327;transport=tcp;line=fyyuh6tl SIP/2.0
> Via: SIP/2.0/TCP 192.168.1.1:2063
> <http://192.168.1.1:2063>;branch=z9hG4bK-gu03sll9uumm;rport
> Route: <sip:192.168.1.14
> <http://192.168.1.14>;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> Route: <sip:192.168.1.14:5061
> <http://192.168.1.14:5061>;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Route: <sip:192.168.0.14:5061
> <http://192.168.0.14:5061>;transport=tls;r2=on;ftag=5s8qncdbso;lr=on>
> Route: <sip:192.168.0.14
> <http://192.168.0.14>;transport=tcp;r2=on;ftag=5s8qncdbso;lr=on>
> From: <sip:bob at biloxi.com <mailto:sip:bob at biloxi.com>>;tag=fxdufnc4xz
> To: "Alice" < sip:alice at atlanta.com
> <mailto:sip:alice at atlanta.com>>;tag=5s8qncdbso
> Call-ID: 3c2675cac832-ce5ge5sxlx2q at snom360
> CSeq: 1 BYE
> Max-Forwards: 70
> Contact: <sip:bob at 192.168.1.1:2063;transport=tcp;line=wxqurd1s>
> User-Agent: snom360/4.3
> Content-Length: 0
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org <mailto:serusers at lists.iptel.org>
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
More information about the sr-users
mailing list