[Users] caller and callee behind diff NAT - ACK of 200OK is not reaching to callee
shankar
shankar_bandal at yahoo.com
Mon Apr 16 10:45:24 CEST 2007
I am very sorry Bogdan due to comany policy I can not attach any file.
Regards,
Shankar
----- Original Message ----
From: Bogdan-Andrei Iancu <bogdan at voice-system.ro>
To: shankar <shankar_bandal at yahoo.com>
Cc: users at openser.org
Sent: Monday, 16 April, 2007 1:29:56 PM
Subject: Re: [Users] caller and callee behind diff NAT - ACK of 200OK is not reaching to callee
Hi there,
unfortunately your msg flow is not comprehensive due text misalignment.
Make it a simple text file and attach it to the email .
regards,
bogdan
shankar wrote:
> Hi ALL,
>
> Currently I am useing ser 0.9.6 version, I am switching to openser but before that I want to find out whether my scenario is valid. If it is valid then how can I solve this problem using openser.
>
> Belo is message sequence for my scenario.
>
> user1 NAT router 1 SER Proxy SIP Server NAT router 2 User2
> (192.x.x.3) (107.x.x.78) (107.x.x.201) (107.x.x.150) (107.x.y.249) (192.x.x3)
> | REGISTER(user1) |REGISTER(user1) |REGISTER(user1)| | |
> |-------------------> |---------------> |--------------> | | |
> | | |REGISTER(user2)| | |
> | | | ------------> | | |
> | | | REGISTER(user2) | REGISTER(user2)|
> | | | <--------------------------------------------------------|<------------------------ |
> | INVITE | INVITE | INVITE | INVITE | INVITE |
> |----------------------------->|-------------------------->| ----------------------->|------------------------------>|------------------------->|
> | | | | | |
> | 100 trying | 100 trying | | | |
> | <-------------------------- |<------------------------- | | | |
> | 180 Ringing | 180 Ringing | 180 Ringing | 180 Ringing | 180 Ringing |
> | <--------------------------- | <----------------------- |<---------------------- | <---------------------------- | <---------------------- |
> | | | | | |
> | 200 OK | 200 OK | 200 OK | 200 OK | 200 OK |
> | <--------------------------- | <---------------------- | <---------------------- | <---------------------------- | <---------------------- |
> | | | | | |
> | ACK | ACK | ACK | | |
> | -----------------> | -----------------------> | ----------------------> | ?????? | |
> Set up:
> user 1:
> Internal IP: 192.x.x.3
> external ip: 107.x.x.78
> user 2:
> Internal IP: 192.x.x.3
> external ip: 107.x.y.249
>
> Nat routers are FC5 linux PCs on which I have enabled SNAT and posrt forwarding.
>
> In above case user2 is not getting ACK. fix_nated_contact() API of SER is modifying contact
> header to the destination ip of receiving message. e.g. SER proxy receives REGISTER meassage
> from user 1 from NAT router 1 then it changing contact ip to the dst ip of REGISTER message i.e.
> Nated ip of user1. Because of this RFEGISTER and INVITE goes fine.
> But in case of 200 OK of INVITE comming from user 2 dst ip is IP of SIP server, so SER adds server ip in the contact header of 200Ok because of this user1 is sending ACK to SERVER but not to user2.
> If I ignore the ACK (just for testing) and start media using RTPPROXY then media packets are
> going to SERVER but not to user2 because force_rtp_proxy follows the same principle like
> fix_nated_contact().
>
> Please provide me some pointers. I am not able to unserstand how use1 will know that 200OK is came from user 2. In 200OK message there no reference of the nated IP of user2
>
> below is my SER config file.
> # $Id: nat-mediaproxy.cfg 51 2006-01-31 13:28:04Z /CN=Paul Hazlett/emailAddress=paul at onsip.org $
> debug=6
> fork=no
> log_stderror=yes
> listen=107.108.70.201 # INSERT YOUR IP ADDRESS HERE
> port=5060
> children=4
> dns=no
> rev_dns=no
> fifo="/tmp/ser_fifo"
> fifo_db_url="mysql://ser:heslo@localhost/ser"
> #unix_sock="/tmp/ser_sock"
> loadmodule "/usr/local/lib/ser/modules/mysql.so"
> loadmodule "/usr/local/lib/ser/modules/sl.so"
> loadmodule "/usr/local/lib/ser/modules/tm.so"
> loadmodule "/usr/local/lib/ser/modules/rr.so"
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
> #loadmodule "/usr/local/lib/ser/modules/auth.so"
> #loadmodule "/usr/local/lib/ser/modules/auth_db.so"
> loadmodule "/usr/local/lib/ser/modules/uri.so"
> loadmodule "/usr/local/lib/ser/modules/uri_db.so"
> #loadmodule "/usr/local/lib/ser/modules/domain.so"
> #loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
> loadmodule "/usr/local/lib/ser/modules/nathelper.so"
> loadmodule "/usr/local/lib/ser/modules/textops.so"
> modparam("auth_db|domain|uri_db|usrloc", "db_url", "mysql://ser:heslo@localhost/ser")
> #modparam("auth_db", "calculate_ha1", 1)
> #modparam("auth_db", "password_column", "password")
> modparam("nathelper", "natping_interval", 30)
> modparam("nathelper", "ping_nated_only", 1)
> modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock")
> modparam("usrloc", "db_mode", 2)
> modparam("registrar", "nat_flag", 6)
> modparam("rr", "enable_full_lr", 1)
> route {
> # -----------------------------------------------------------------
> # Sanity Check Section
> # -----------------------------------------------------------------
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483", "Too Many Hops");
> break;
> };
> if (msg:len > max_len) {
> sl_send_reply("513", "Message Overflow");
> break;
> };
> # !! Nathelper
> # Special handling for NATed clients; first, NAT test is
> # executed: it looks for via!=received and RFC1918 addresses
> # in Contact (may fail if line-folding is used); also,
> # the received test should, if completed, should check all
> # vias for rpesence of received
> if (nat_uac_test("3")) {
> # Allow RR-ed requests, as these may indicate that
> # a NAT-enabled proxy takes care of it; unless it is
> # a REGISTER
> if (method == "REGISTER" || ! search("^Record-Route:")) {
> log("LOG: Someone trying to register from private IP, rewriting\n");
> # This will work only for user agents that support symmetric
> # communication. We tested quite many of them and majority is
> # smart enough to be symmetric. In some phones it takes a configuration
> # option. With Cisco 7960, it is called NAT_Enable=Yes, with kphone it is
> # called "symmetric media" and "symmetric signalling".
> fix_nated_contact(); # Rewrite contact with source IP of signalling
> # if (method == "INVITE") {
> # fix_nated_sdp("1"); # Add direction=active to SDP
> # };
> force_rport(); # Add rport parameter to topmost Via
> setflag(6); # Mark as NATed
> };
> };
>
> # we record-route all messages -- to make sure that
> # subsequent messages will go through our proxy; that's
> # particularly good if upstream and downstream entities
> # use different transport protocol
> if (!method=="REGISTER") record_route();
> # -----------------------------------------------------------------
> # Call Tear Down Section
> # -----------------------------------------------------------------
> if (method=="BYE" || method=="CANCEL") {
> unforce_rtp_proxy();
> };
> # -----------------------------------------------------------------
> # Loose Route Section
> # -----------------------------------------------------------------
> if (loose_route()) {
> if ((method=="INVITE" || method=="REFER") && !has_totag()) {
> sl_send_reply("403", "Forbidden");
> break;
> };
> if (method=="INVITE") {
> # if (!proxy_authorize("","subscriber")) {
> # proxy_challenge("","0");
> # break;
> # } else if (!check_from()) {
> # sl_send_reply("403", "Use From=ID");
> # break;
> # };
> # consume_credentials();
>
> if (nat_uac_test("19")) {
> setflag(6);
> force_rport();
> fix_nated_contact();
> };
> force_rtp_proxy("l");
> };
> route(1);
> break;
> };
> # -----------------------------------------------------------------
> # Call Type Processing Section
> # -----------------------------------------------------------------
> if (uri!=myself) {
> route(4);
> route(1);
> break;
> };
> if (method=="ACK") {
> route(1);
> break;
> } else if (method=="CANCEL") {
> route(1);
> break;
> } else if (method=="INVITE") {
> route(3);
> break;
> } else if (method=="REGISTER") {
> route(2);
> break;
> };
> lookup("aliases");
> if (uri!=myself) {
> append_hf("P-hint: outbound alias\r\n");
> route(4);
> route(1);
> break;
> };
> if (!lookup("location")) {
> sl_send_reply("404", "User Not Found");
> break;
> };
> route(1);
> }
> route[1] {
> # -----------------------------------------------------------------
> # Default Message Handler
> # -----------------------------------------------------------------
> t_on_reply("1");
> if (!t_relay()) {
> if (method=="INVITE" && isflagset(6)) {
> unforce_rtp_proxy();
> };
> sl_reply_error();
> };
> }
> route[2] {
> # -----------------------------------------------------------------
> # REGISTER Message Handler
> # ----------------------------------------------------------------
> if (!search("^Contact:[ ]*\*") && nat_uac_test("19")) {
> setflag(6);
> fix_nated_register();
> force_rport();
> };
> sl_send_reply("100", "Trying");
> # if (!www_authorize("","subscriber")) {
> # www_challenge("","0");
> # break;
> # };
> # if (!check_to()) {
> # sl_send_reply("401", "Unauthorized");
> # break;
> # };
> # consume_credentials();
> if (!save("location")) {
> sl_reply_error();
> };
> }
>
>
> Send a FREE SMS to your friend's mobile from Yahoo! Messenger. Get it now at http://in.messenger.yahoo.com/
>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
>
>
Send a FREE SMS to your friend's mobile from Yahoo! Messenger. Get it now at http://in.messenger.yahoo.com/
More information about the sr-users
mailing list