[Serusers] OptiPoint420 behind a NAT device

Weiter Leiter bp4mls at googlemail.com
Sat Nov 25 21:56:48 CET 2006 

Maybe you can send some SIP traces, a generic diagram doesn't tell too much
in this case.

On 11/24/06, hiSIPatH <hisipath at gmail.com> wrote:
>
> Hi all,
>
> as suggested by Bogdan, i try to fix my issue with OptiPoint, using
> the "force_rport()" statement in my ser.cfg. I have tried several
> changes but have still the same result.
>
> I am able to register the OptiPoint...
> optipoint------[Request REGISTER]------>SER
> optipoint<----[     100 Trying         ]--------SER
> optipoint<----[  401 Unauthorized  ]--------SER
> optipoint------[Request REGISTER]------>SER
> optipoint<----[     100 Trying         ]--------SER
> optipoint<----[     200 OK             ]--------SER
>
> but the when the OptiPoint sends an INVITE, the response from ser is sent
> to Src
> Port: 5060 (5060), Dst Port: 5060 (5060) instead of the NATed port.
>
> I use the nat-rtpproxy.5.0.cfg from the GettingStarted. Is there some
> thing more i have to change in the ser.cfg.
>
> suggestions are wellcome.
>
> thx in advance!!!
>
>
> On 11/20/06, hiSIPatH <hisipath at gmail.com> wrote:
> > Hi Bogdan,
> >
> > you are right. There is no rport in the VIA header field for the
> > INVITE from the Optipoint.
> >
> > Via: SIP/2.0/UDP 192.168.204.5:5060;branch=z9hG4bK416072b30
> >
> > But for other UA you can notice this VIA header (received and rport
> > parameter)...
> > Via: SIP/2.0/UDP
> > 192.168.204.2:26010;received=89.xxx.xxx.xxx
> ;branch=z9hG4bK-d87543-fb641a689c2c295f-1--d87543-;rport=64365.
> >
> > i will try to use the "force_rport()" to fix this issue...
> >
> > thx again for the hint.
> >
> >
> >
> >
> > On 11/19/06, Bogdan Pintea <pintea at iptego.de> wrote:
> > > Your OptiPoint might not add the "rport" Via parameter (unfortunately,
> > > your net trace is not too relevant), probably unlike your other Snom
> and
> > > Xlite clients.
> > >
> > > In this case, check if you have a "force_rport();" statement in you
> SER
> > > cfg. See a NAT handling SER sample script otherwise, for how to add
> it,
> > > if missing; or try tune the UA to add it, at least in REGISTERs.
> > >
> > > Hth,
> > > Bogdan.
> > >
> > > hiSIPatH wrote:
> > > > Hi Michal,
> > > >
> > > > Thx for the reply. It seems that there isn't such an option in the
> > > > OptiPoint.
> > > > But to be honest i am a little confused, because i am able to
> register
> > > > my OptiPoint. So NAT seems to work with the REGISTER but doesn't
> with
> > > > the INVITE.
> > > >
> > > >
> > > >
> > > > On 11/16/06, Michal Matyska <michal at iptel.org> wrote:
> > > >> Check whether there is configuration option "symetric signalling" (
> e.g.
> > > >> use the same port for sending requests and receiveng replies) in
> your
> > > >> OptiPoint UEa and check that to be used.
> > > >>
> > > >> The asymetric signaling does not work when the UE is behind NAT,
> the
> > > >> port is not open for replies.
> > > >>
> > > >> The same applies to RTP streams, you have to setup the RTP to be
> > > >> symetric.
> > > >>
> > > >> Michal
> > > >>
> > > >> On Thu, 2006-11-16 at 13:19 +0100, hiSIPatH wrote:
> > > >> > Hi all,
> > > >> >
> > > >> > i have a ser setup (CentOS 4.4/ser 0.9.6) with several ip phones
> > > >> > (SNOM320 and Xlite30) and every thing seems to work fine. The ser
> > > >> > server has a public ip address 89.xxx.xxx.xxx and the ua are
> behind a
> > > >> > NAT device (corporate FW).
> > > >> >
> > > >> > I want now to add some OptiPoint420 SIP but was unable to get
> them
> > > >> > working. That means that the registration is ok and calls to the
> > > >> > Optipoints from other ua (xlite or Snom) work but i was unable to
> > > >> > place a call from Optipoint to other ua.
> > > >> >
> > > >> > In the trace you can notice that the INVITE is sent to ser with
> Src
> > > >> > Port 38625 and Dst Port 5060. But the response from ser is sent
> to Src
> > > >> > Port: 5060 (5060), Dst Port: 5060 (5060). The result is of couse
> ICMP
> > > >> > Destination unreachable (Port unreachable).
> > > >> >
> > > >> > I have rtp proxy and ser running on the same server and my
> ser.cfg
> > > >> > looks like the one from the SER GettingStarted
> > > >> > http://siprouter.onsip.org/doc/gettingstarted/ch08s02.html). I
> read
> > > >> > the doc about "handling of NAT using RTP Proxy" but was unable to
> > > >> > change the config to get this scenario with OptiPoint working.
> Has
> > > >> > anyone managed to get OptiPoint to work with ser?
> > > >> >
> > > >> > thx in advance?
> > > >> >
> > > >> > No.     Time        Source                Destination
> > > >> Protocol Info
> > > >> >      14 8.907171    89.xxx.xxx.xxx         89.xxx.xxx.xxx
> > > >> > SIP/SDP  Request: INVITE
> > > >> > sip:8001 at registrar.mydomaine.com;transport=udp, with session
> > > >> > description
> > > >> >
> > > >> > Frame 14 (972 bytes on wire, 972 bytes captured)
> > > >> > Ethernet II, Src: AminoCom_02:02:02 (00:02:02:02:02:02), Dst:
> > > >> > AcerTech_9c:00:8d (00:00:e2:9c:00:8d)
> > > >> > Internet Protocol, Src: 89.xxx.xxx.xxx (89.xxx.xxx.xxx), Dst:
> > > >> > 89.xxx.xxx.xxx (89.xxx.xxx.xxx)
> > > >> > User Datagram Protocol, Src Port: 38625 (38625), Dst Port: 5060
> (5060)
> > > >> > Session Initiation Protocol
> > > >> >
> > > >> > No.     Time        Source                Destination
> > > >> Protocol Info
> > > >> >      15 8.907394    89.xxx.xxx.xxx        89.xxx.xxx.xxx
> SIP
> > > >> >    Status: 407 Proxy Authentication Required
> > > >> >
> > > >> > Frame 15 (772 bytes on wire, 772 bytes captured)
> > > >> > Ethernet II, Src: AcerTech_9c:00:8d (00:00:e2:9c:00:8d), Dst:
> > > >> > AminoCom_02:02:02 (00:02:02:02:02:02)
> > > >> > Internet Protocol, Src: 89.xxx.xxx.xxx (89.xxx.xxx.xxx), Dst:
> > > >> > 89.xxx.xxx.xxx (89.xxx.xxx.xxx)
> > > >> > User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 5060
> (5060)
> > > >> > Session Initiation Protocol
> > > >> > _______________________________________________
> > > >> > Serusers mailing list
> > > >> > Serusers at lists.iptel.org
> > > >> > http://lists.iptel.org/mailman/listinfo/serusers
> > > >>
> > > >> _______________________________________________
> > > >> Serusers mailing list
> > > >> Serusers at lists.iptel.org
> > > >> http://lists.iptel.org/mailman/listinfo/serusers
> > > >>
> > > > _______________________________________________
> > > > Serusers mailing list
> > > > Serusers at lists.iptel.org
> > > > http://lists.iptel.org/mailman/listinfo/serusers
> > > >
> > >
> > >
> > > --
> > > Bogdan Pintea
> > >
> > > iptego GmbH  -  VoIP Security
> > > http://www.iptego.de
> > >
> > >
> >
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20061125/f67cc3c9/attachment.htm>

More information about the sr-users mailing list