[Serusers] No Media with Nated Client and rtp proxy

Ryan Churches ryan.churches at gmail.com
Thu Nov 2 12:33:53 CET 2006


I just posted about a problem with rtpproxy, but i was able to correct
that.  now ser is able to connect to rtpproxy, but media is still
being lost.

someone suggested i put my external ip in the  listen= value at the
top, but that breaks remote registration.

I am following the rtpproxy section of the "Getting Started with Ser
Docs" http://siprouter.onsip.org/doc/gettingstarted/ch08s02.html so
one would expect i would have ser.cfg set up correctly, but obviously
something is wrong.

here is some ngrep output.  10.0.0.10 is SER.  10.0.0.110 is a client
LOCAL to ser, and 10.0.0.100/67.84.215.54 is a remote client behind
yet another nat

U 10.0.0.10:6060 -> 10.0.0.110:9267
INVITE sip:1000 at 10.0.0.110:9267 SIP/2.0.
Record-Route: <sip:10.0.0.10:6060;ftag=d752304f;lr=on>.
To: <sip:1000 at bmy.gotdns.org>.
From: <sip:1001 at bmy.gotdns.org>;tag=d752304f.
Via: SIP/2.0/UDP 10.0.0.10:6060;branch=z9hG4bK44a9.9b2912a1.1.
Via: SIP/2.0/UDP
10.0.0.100:9170;received=67.84.215.54;branch=z9hG4bK-d87543-71698269-1--d87543-;rport=9170.
Call-ID: cc766a6d3e104232.
CSeq: 2 INVITE.
Contact: <sip:1001 at 67.84.215.54:9170>.
Max-Forwards: 16.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO.
Content-Type: application/sdp.
User-Agent: eyeBeam release 3004w stamp 16863.
Content-Length: 285.
.
v=0.
o=- 105355536 105355589 IN IP4 10.0.0.100.
s=eyeBeam.
c=IN IP4 10.0.0.10.
t=0 0.
m=audio 20026 RTP/AVP 100 6 0 8 3 18 5 101.
a=alt:1 1 : 7D3DDAD1 578F25CA 10.0.0.100 9172.
a=fmtp:101 0-15.
a=rtpmap:100 speex/16000.
a=rtpmap:101 telephone-event/8000.
a=sendrecv.
a=nortpproxy:yes.

#
U 10.0.0.110:9267 -> 10.0.0.10:6060
SIP/2.0 180 Ringing.
To: <sip:1000 at bmy.gotdns.org>;tag=703e0d1b.
From: <sip:1001 at bmy.gotdns.org>;tag=d752304f.
Via: SIP/2.0/UDP
10.0.0.10:6060;branch=z9hG4bK44a9.9b2912a1.1;received=10.0.0.10.
Via: SIP/2.0/UDP
10.0.0.100:9170;received=67.84.215.54;branch=z9hG4bK-d87543-71698269-1--d87543-;rport=9170.
Call-ID: cc766a6d3e104232.
CSeq: 2 INVITE.
Record-Route: <sip:10.0.0.10:6060;ftag=d752304f;lr=on>.
Contact: <sip:1000 at 10.0.0.110:9267>.
Content-Length: 0.
.

#
U 10.0.0.10:6060 -> 67.84.215.54:9170
SIP/2.0 180 Ringing.
To: <sip:1000 at bmy.gotdns.org>;tag=703e0d1b.
From: <sip:1001 at bmy.gotdns.org>;tag=d752304f.
Via: SIP/2.0/UDP
10.0.0.100:9170;received=67.84.215.54;branch=z9hG4bK-d87543-71698269-1--d87543-;rport=9170.
Call-ID: cc766a6d3e104232.
CSeq: 2 INVITE.
Record-Route: <sip:10.0.0.10:6060;ftag=d752304f;lr=on>.
Contact: <sip:1000 at 10.0.0.110:9267>.
Content-Length: 0.
.

#
U 10.0.0.110:9267 -> 10.0.0.10:6060
SIP/2.0 180 Ringing.
To: <sip:1000 at bmy.gotdns.org>;tag=703e0d1b.
From: <sip:1001 at bmy.gotdns.org>;tag=d752304f.
Via: SIP/2.0/UDP
10.0.0.10:6060;branch=z9hG4bK44a9.9b2912a1.1;received=10.0.0.10.
Via: SIP/2.0/UDP
10.0.0.100:9170;received=67.84.215.54;branch=z9hG4bK-d87543-71698269-1--d87543-;rport=9170.
Call-ID: cc766a6d3e104232.
CSeq: 2 INVITE.
Record-Route: <sip:10.0.0.10:6060;ftag=d752304f;lr=on>.
Contact: <sip:1000 at 10.0.0.110:9267>.
Content-Length: 0.
.

#
U 10.0.0.10:6060 -> 67.84.215.54:9170
SIP/2.0 180 Ringing.
To: <sip:1000 at bmy.gotdns.org>;tag=703e0d1b.
From: <sip:1001 at bmy.gotdns.org>;tag=d752304f.
Via: SIP/2.0/UDP
10.0.0.100:9170;received=67.84.215.54;branch=z9hG4bK-d87543-71698269-1--d87543-;rport=9170.
Call-ID: cc766a6d3e104232.
CSeq: 2 INVITE.
Record-Route: <sip:10.0.0.10:6060;ftag=d752304f;lr=on>.
Contact: <sip:1000 at 10.0.0.110:9267>.
Content-Length: 0.



and here is my ser.cfg which ive also attached.

#
# $Id: ser.cfg,v 1.25.2.1 2005/02/18 14:30:44 andrei Exp $
#
# simple quick-start config script
#

# ----------- global configuration parameters ------------------------

debug=3         # debug level (cmd line: -dddddddddd)
fork=no
log_stderror=yes	# (cmd line: -E)

/* Uncomment these lines to enter debugging mode
fork=no
log_stderror=yes
*/

check_via=no	# (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)

listen=10.0.0.10
alias=hostname.dyndns.org
port=6060
children=4
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://user:pw@localhost/ser"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database
#loadmodule "/usr/local/lib/ser/modules/mysql.so"

loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/uri.so"
loadmodule "/usr/local/lib/ser/modules/uri_db.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"

#From Getting Started
modparam("auth_db|uri_db|usrloc", "db_url", "mysql://user:pw@localhost/ser")
# ----------------- setting module-specific parameters ---------------

# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)

#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")

modparam("nathelper", "rtpproxy_disable", 1)
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock")

modparam("usrloc", "db_mode", 2)

modparam("registrar", "nat_flag", 6)

# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)

# -------------------------  request routing logic -------------------

# main routing logic

route{

	# initial sanity checks -- messages with
	# max_forwards==0, or excessively long requests
	if (!mf_process_maxfwd_header("10")) {
		sl_send_reply("483","Too Many Hops");
		break;
	};
	if (msg:len >=  2048 ) {
		sl_send_reply("513", "Message too big");
		break;
	};
	

	# we record-route all messages -- to make sure that
	# subsequent messages will go through our proxy; that's
	# particularly good if upstream and downstream entities
	# use different transport protocol
	if (method!="REGISTER") {
		record_route();
	};	

	if (method=="BYE" || method=="CANCEL") {
		unforce_rtp_proxy();
	}
	
	# subsequent messages withing a dialog should take the
	# path determined by record-routing
	if (loose_route()) {
		if ((method=="INVITE" || method=="REFER") && !has_totag()) {
      			sl_send_reply("403", "Forbidden");
      			break;
    		};
	if (method=="INVITE") {
		if (!proxy_authorize("","subscriber")) {
        		proxy_challenge("","0");
 			break;
      		}else if (!check_from()) {
        		sl_send_reply("403", "Use From=ID");
        		break;
      		};

      		consume_credentials();

      		if (nat_uac_test("19")) {
        		setflag(6);
			force_rport();
			fix_nated_contact();
      		};
		force_rtp_proxy("l");
    	};	

	route(1);
   	break;
	};

#======= call type processing section
	
	if (!uri==myself) {
		append_hf("P-hint: outbound\r\n");
		route(4);
		route(1);
		break;
	};

	if (method=="ACK") {
		route(1);
		break;
	} else if (method=="CANCEL") {
		route(1);
		break;
	} else if (method=="INVITE") {
	  	route(3);
	  	break;
	} else if (method=="REGISTER") {
	  	route(2);
	  	break;
	};

	lookup("aliases");
	if (uri!=myself) {	
		route(4);
		route(1);
		break;
	};
	
	if (!lookup("location")) {
		sl_send_reply("404", "User Not Found");
		break;
	};

	route(1);
}

route[1]
{
	t_on_reply("1");
	# send it out now; use stateful forwarding as it works reliably
	# even for UDP2TCP
	if (!t_relay()) {
		if (method=="INVITE" || isflagset(6)) {
			unforce_rtp_proxy();
		};
		sl_reply_error();
	};
}

route[2] {
	#-------------------------
	#REGISTER Message Handler
	#-------------------------
	if (!search("^Contact:[ ]*\*") && nat_uac_test("19")) {
		setflag(6);
		fix_nated_register();
		force_rport();
	};

	sl_send_reply("100", "Trying");

	if (!www_authorize("","subscriber")) {
		www_challenge("","0");
		break;
	};

	if (!check_to()) {
		sl_send_reply("401", "Unauthorized");
		break;
	};

	consume_credentials();	

	if (!save("location")) {
		sl_reply_error();
	};
}

route[3] {
#----------
#--INVITE Message Handler
#-----------
	if (!proxy_authorize("","subscriber")) {
		proxy_challenge("","0");
		break;
	} else if (!check_from()) {
	  	sl_send_reply("403", "Use From=ID");
	  	break;
	};

	consume_credentials();
	
	if (nat_uac_test("19")) {
    		setflag(6);
     	}

	lookup("aliases");
	if (uri!=myself) {
		route(4);
		route(1);
		break;
	};

	if (!lookup("location")) {
		sl_send_reply("404", "User Not Found");
		break;
	};

	route(4);
	route(1);
}

route[4] {
#NAT Traversal
	if (isflagset(6)) {
		force_rport();
		fix_nated_contact();
		force_rtp_proxy();
	}
}

onreply_route[1] {
	if (isflagset(6) && status=~"(180)|(183)|2[0-9][0-9]") {
		if (!search("^Contact-Length:[ ]*0")) {
			force_rtp_proxy();
		};
	};
	if (nat_uac_test("1")) {
		fix_nated_contact();
	};
}
-------------- next part --------------
#
# $Id: ser.cfg,v 1.25.2.1 2005/02/18 14:30:44 andrei Exp $
#
# simple quick-start config script
#

# ----------- global configuration parameters ------------------------

debug=3         # debug level (cmd line: -dddddddddd)
fork=no
log_stderror=yes	# (cmd line: -E)

/* Uncomment these lines to enter debugging mode 
fork=no
log_stderror=yes
*/

check_via=no	# (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)

listen=10.0.0.10
alias=hostname.dyndns.org
port=6060
children=4
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://user:pw@localhost/ser"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database
#loadmodule "/usr/local/lib/ser/modules/mysql.so"

loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/uri.so"
loadmodule "/usr/local/lib/ser/modules/uri_db.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"

#From Getting Started 
modparam("auth_db|uri_db|usrloc", "db_url", "mysql://user:pw@localhost/ser")
# ----------------- setting module-specific parameters ---------------

# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)

#
# If you set "calculate_ha1" parameter to yes (which true in this config), 
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")

modparam("nathelper", "rtpproxy_disable", 1)
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock")

modparam("usrloc", "db_mode", 2)

modparam("registrar", "nat_flag", 6)

# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)

# -------------------------  request routing logic -------------------

# main routing logic

route{

	# initial sanity checks -- messages with
	# max_forwards==0, or excessively long requests
	if (!mf_process_maxfwd_header("10")) {
		sl_send_reply("483","Too Many Hops");
		break;
	};
	if (msg:len >=  2048 ) {
		sl_send_reply("513", "Message too big");
		break;
	};
	

	# we record-route all messages -- to make sure that
	# subsequent messages will go through our proxy; that's
	# particularly good if upstream and downstream entities
	# use different transport protocol
	if (method!="REGISTER") {
		record_route();
	};	

	if (method=="BYE" || method=="CANCEL") {
		unforce_rtp_proxy();
	}
	
	# subsequent messages withing a dialog should take the
	# path determined by record-routing
	if (loose_route()) {
		if ((method=="INVITE" || method=="REFER") && !has_totag()) {
      			sl_send_reply("403", "Forbidden");
      			break;
    		};
	if (method=="INVITE") {
		if (!proxy_authorize("","subscriber")) {
        		proxy_challenge("","0");
 			break;
      		}else if (!check_from()) {
        		sl_send_reply("403", "Use From=ID");
        		break;
      		};

      		consume_credentials();

      		if (nat_uac_test("19")) {
        		setflag(6);
			force_rport();
			fix_nated_contact();
      		};
		force_rtp_proxy("l");
    	};	

	route(1);
   	break;
	};

#======= call type processing section
	
	if (!uri==myself) {
		append_hf("P-hint: outbound\r\n"); 
		route(4);
		route(1);
		break;
	};

	if (method=="ACK") {
		route(1);
		break;
	} else if (method=="CANCEL") {
		route(1);
		break;
	} else if (method=="INVITE") {
	  	route(3);
	  	break; 
	} else if (method=="REGISTER") {
	  	route(2);
	  	break;
	};

	lookup("aliases");
	if (uri!=myself) {	
		route(4);
		route(1);
		break;
	};
	
	if (!lookup("location")) {
		sl_send_reply("404", "User Not Found");
		break;
	};

	route(1);
}

route[1] 
{
	t_on_reply("1");
	# send it out now; use stateful forwarding as it works reliably
	# even for UDP2TCP
	if (!t_relay()) {
		if (method=="INVITE" || isflagset(6)) {
			unforce_rtp_proxy();
		};
		sl_reply_error();
	};
}

route[2] {
	#-------------------------
	#REGISTER Message Handler
	#-------------------------
	if (!search("^Contact:[ ]*\*") && nat_uac_test("19")) {
		setflag(6);
		fix_nated_register();
		force_rport();
	};

	sl_send_reply("100", "Trying");

	if (!www_authorize("","subscriber")) {
		www_challenge("","0");
		break;
	};

	if (!check_to()) {
		sl_send_reply("401", "Unauthorized");
		break;
	};

	consume_credentials();	

	if (!save("location")) {
		sl_reply_error();
	};
}

route[3] {
#----------
#--INVITE Message Handler
#-----------
	if (!proxy_authorize("","subscriber")) {
		proxy_challenge("","0");
		break;
	} else if (!check_from()) {
	  	sl_send_reply("403", "Use From=ID");
	  	break;
	};

	consume_credentials();
	
	if (nat_uac_test("19")) { 
    		setflag(6);
     	}

	lookup("aliases");
	if (uri!=myself) {
		route(4);
		route(1);
		break;
	};

	if (!lookup("location")) {
		sl_send_reply("404", "User Not Found");
		break;
	};

	route(4);
	route(1);
}

route[4] {
#NAT Traversal
	if (isflagset(6)) {
		force_rport();
		fix_nated_contact();
		force_rtp_proxy();
	}
}

onreply_route[1] {
	if (isflagset(6) && status=~"(180)|(183)|2[0-9][0-9]") {
		if (!search("^Contact-Length:[ ]*0")) {
			force_rtp_proxy();
		};
	};
	if (nat_uac_test("1")) {
		fix_nated_contact();
	};
}


More information about the sr-users mailing list