[Serusers] Review ser.cfg - SER NAT RTPProxy PSTN Gateway
Ronald Voermans
r.voermans at global-e.nl
Sat Apr 1 19:08:40 CEST 2006
Hello,
I have a question regarding my ser.cfg. First let me explain our
situation.
I have a SER server (actually openser) behind a NAT firewall (Cisco PIX,
which is doing SIP ALG). The SER server has ip address 10.254.254.1
which is translated by de NAT Firewall to a public IP address. Behind
the SER we have a connect with a telco who provides us a SIP PSTN
gateway. It's IP address is 10.166.38.108 (so, also private).
Remote clients connect to our SER via the public IP address of the SER.
For this to work, I use RTPProxy for all sessions. So I do NO client_nat
tests or whatsoever. Most of the time, all calls go well. However
sometimes when a UAC retransmits INVITE requests, the retransmitted
responses display the wrong proxy-address (for RTPProxy). For example,
when the UAC does 4 INVITE request (so 1 request, and 3
retransmissions), 3 of the responses have SDP with 10.254.254.1 in their
body. The last one doesn't change the SDP address, but has 10.166.38.108
in its body. What could be causing this? Clients obviously don't get
audio in their conversation.
Next, since I wrote the ser.cfg by my own, it would be nice if some of
you could review my ser.cfg and, if needed, give me some suggestions
etc.
Thank you all very much in advance,
My ser.cfg:
########################################################################
######################################
debug=3
fork=yes
log_stderror=no
#debug=4
#fork=no
#log_stderror=yes
listen=10.254.254.1
port=5060
children=4
dns=no
rev_dns=no
fifo="/tmp/openser_fifo"
fifo_db_url="mysql://XXX:XXX@localhost/ser"
fifo_mode=0666
loadmodule "/usr/local/lib/openser/modules/mysql.so"
loadmodule "/usr/local/lib/openser/modules/sl.so"
loadmodule "/usr/local/lib/openser/modules/tm.so"
loadmodule "/usr/local/lib/openser/modules/rr.so"
loadmodule "/usr/local/lib/openser/modules/maxfwd.so"
loadmodule "/usr/local/lib/openser/modules/usrloc.so"
loadmodule "/usr/local/lib/openser/modules/registrar.so"
loadmodule "/usr/local/lib/openser/modules/auth.so"
loadmodule "/usr/local/lib/openser/modules/auth_db.so"
loadmodule "/usr/local/lib/openser/modules/uri.so"
loadmodule "/usr/local/lib/openser/modules/uri_db.so"
loadmodule "/usr/local/lib/openser/modules/mediaproxy.so"
loadmodule "/usr/local/lib/openser/modules/nathelper.so"
loadmodule "/usr/local/lib/openser/modules/textops.so"
loadmodule "/usr/local/lib/openser/modules/domain.so"
loadmodule "/usr/local/lib/openser/modules/permissions.so"
loadmodule "/usr/local/lib/openser/modules/acc.so"
loadmodule "/usr/local/lib/openser/modules/xlog.so"
loadmodule "/usr/local/lib/openser/modules/exec.so"
loadmodule "/usr/local/lib/openser/modules/group.so"
modparam("auth_db|permissions|uri_db|usrloc|acc|domain|group",
"db_url", "mysql://XXX:XXX@localhost/ser")
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "rtpproxy_sock", "/var/run/rtpproxy.sock")
modparam("usrloc", "db_mode", 2)
modparam("registrar", "nat_flag", 6)
modparam("rr", "enable_full_lr", 1)
modparam("rr", "append_fromtag", 1)
modparam("tm", "fr_inv_timer", 27)
modparam("tm", "fr_inv_timer_avp", "inv_timeout")
modparam("permissions", "db_mode", 1)
modparam("permissions", "trusted_table", "trusted")
modparam("acc", "log_level", 1)
modparam("acc", "log_flag", 1)
modparam("acc", "db_flag", 1)
route {
#
-----------------------------------------------------------------
# Sanity Check Section
#
-----------------------------------------------------------------
if (search("User-Agent: Grandstream")) {
replace("UPDATE,", "");
}
if (search("Server: Cisco ATA.*")) {
replace(", UPDATE", "");
}
if (search("User-Agent: Cisco ATA.*")) {
replace(", UPDATE", "");
}
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483", "Too Many Hops");
exit;
};
if (msg:len > max_len) {
sl_send_reply("513", "Message Overflow");
exit;
};
#
-----------------------------------------------------------------
# Record Route Section
#
-----------------------------------------------------------------
if (method!="REGISTER") {
record_route();
};
#
-----------------------------------------------------------------
# Call Tear Down Section
#
-----------------------------------------------------------------
if (method=="BYE" || method=="CANCEL") {
unforce_rtp_proxy();
};
#
-----------------------------------------------------------------
# Loose Route Section
#
-----------------------------------------------------------------
if (loose_route()) {
if (has_totag() && (method=="INVITE" || method=="ACK"))
{
setflag(6);
force_rport();
fix_nated_contact();
force_rtp_proxy();
};
route(1);
exit;
};
#
-----------------------------------------------------------------
# Call Type Processing Section
#
-----------------------------------------------------------------
if (!is_uri_host_local()) {
if (is_from_local() || src_ip=="10.166.38.108") {
route(4);
route(1);
} else {
sl_send_reply("403", "Forbidden");
};
exit;
};
if (method=="CANCEL") {
route(1);
exit;
} else if (method=="INVITE") {
route(3);
exit;
} else if (method=="REGISTER") {
route(2);
exit;
} else if (method=="ACK") { # Added 28-3-06: I won't send a
reply for ACK!
route(1);
exit;
};
lookup("aliases");
if (uri!=myself) {
route(4);
route(1);
exit;
};
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
exit;
};
route(1);
}
route[1] {
#
-----------------------------------------------------------------
# Default Message Handler
#
-----------------------------------------------------------------
t_on_reply("1");
setflag(1);
if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
unforce_rtp_proxy();
};
sl_reply_error();
};
}
route[2] {
#
-----------------------------------------------------------------
# REGISTER Message Handler
#
-----------------------------------------------------------------
sl_send_reply("100", "Trying");
if (!search("^Contact:[ ]*\*")) {
setflag(6);
fix_nated_register();
force_rport();
};
if (!www_authorize("","subscriber")) {
www_challenge("","0");
return;
};
if (!check_to()) {
sl_send_reply("401", "Unauthorized");
return;
};
consume_credentials();
if (!save("location")) {
sl_reply_error();
};
}
route[3] {
#
-----------------------------------------------------------------
# INVITE Message Handler
#
-----------------------------------------------------------------
if (!src_ip=="10.166.38.108") {
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","0");
return;
};
consume_credentials();
};
setflag(6);
lookup("aliases");
if (uri!=myself) {
route(4);
route(1);
return;
};
if (!lookup("location")) {
if (uri=~"^sip:0[0-9]*@") { # PSTN
route(5);
return;
};
sl_send_reply("404", "User Not Found");
return;
};
route(4);
route(1);
}
route[4] {
#
-----------------------------------------------------------------
# NAT Traversal Section
#
-----------------------------------------------------------------
if (isflagset(6)) {
force_rport();
fix_nated_contact();
force_rtp_proxy();
};
}
route[5] {
#
-----------------------------------------------------------------
# PSTN Handler
#
-----------------------------------------------------------------
rewritehost("10.166.38.108"); # INSERT YOUR PSTN GATEWAY IP
ADDRESS
avp_write("i:45", "inv_timeout");
route(4);
route(1);
}
onreply_route[1] {
if (search("Server: Cisco ATA.*")) {
replace(", UPDATE", "");
}
if (search("User-Agent: Grandstream")) {
replace("UPDATE,", "");
}
if (isflagset(6) && (status=~"180|183|2[0-9][0-9]")) {
if (search("application/sdp")) {
force_rtp_proxy();
};
};
fix_nated_contact();
}
########################################################################
################
Regards,
Ronald
More information about the sr-users
mailing list