[OpenSER-Users] NAT + STUN
Dan-Cristian Bogos
dan.bogos at gmail.com
Thu Aug 2 18:27:54 CEST 2007
Can u place an exit also in this bloc?
if (!uri==myself) {
append_hf("P-hint: outbound\r\n");
xlog("URI <> myself TO ROUTE 1 \r\n");
route(1);
-> exit;
};
DanB
On 8/2/07, Marc LEURENT <lftsy at free.fr> wrote:
> There is already an exit; function at the end of the route1
> And I have disabled the acc functions in the route
>
> Do you have a working configuration using STUN and version 1.2.1 of openser?
>
> Thanks
>
>
>
> debug=7 # debug level (cmd line: -dddddddddd)
> fork=no
> log_stderror=yes # (cmd line: -E)
> children=4
>
> listen=88.191.45.91
> #alias=sd-7501.dedibox.fr
>
> port=5060
>
>
> avp_aliases="day=i:101;time=i:102;can_uri=i:800;s_ip=i:801;billing_party=i:802;from_header=i:803;sip_proxy_ip=i:804"
> #;pstnuser=i:805;pstnpassword=i:806:pstnrealm=i:807"
>
>
> # ------------------ module loading ----------------------------------
>
> #set module path
> mpath="/usr/lib/openser/modules/"
>
> # Uncomment this if you want to use SQL database
> loadmodule "mysql.so"
>
> loadmodule "sl.so" # Stateless Module
> loadmodule "tm.so" # Transaction Module
> loadmodule "rr.so" # Record-Route and Route Module
> loadmodule "maxfwd.so" # Max-Forward processor Module
> loadmodule "usrloc.so" # User Location Implementation Module
> loadmodule "registrar.so" # SIP Registrat Implementation Module (need usrloc)
> loadmodule "textops.so" # Text Operation Module
> loadmodule "mi_fifo.so" # FIFO transport layer implementation for Management Interface
>
> loadmodule "acc.so" # Accounting Module
> loadmodule "avpops.so" # AVP Operation Module (user preference)
> loadmodule "uri.so" # Generic URI operation Module
>
> loadmodule "auth.so" # Authentification Module
> #loadmodule "auth_db.so" # Database-backend Authentication mMdule
> loadmodule "auth_radius.so" # RADIUS-backend Authentication Module
> loadmodule "group_radius.so" # User-groups Module with RADIUS-backend
> #loadmodule "avp_radius.so" # RADIUS-backend for AVP loading Module
>
> #loadmodule "presence.so" # Presence server Module
> #loadmodule "pua.so" # Common API for presence user agent client
>
> loadmodule "options.so" # OPTIONS server replier Module
> loadmodule "xlog.so" # Advanced Logger Module
>
> loadmodule "nathelper.so" # NAT Traversal Helper Module
> #loadmodule "dispatcher.so" # Dispatcher (load-balancer) Module
>
> loadmodule "uac.so" # User Agent Client
> loadmodule "siptrace.so" # SipTrace module (storage of SIP requests)
> #loadmodule "exec.so" # Allows to start an external command from a OpenSER script
>
> # ----------------- setting module-specific parameters ---------------
>
>
> # -- exec params --
> #modparam("exec", "setvars", 1) # Turn off to disable setting environment variables for executed commands
> #modparam("exec", "time_to_kill", 20) # longest time a program is allowed to execute
>
>
> # -- maxfwd params --
> modparam("maxfwd", "max_limit", 10) # Default is 256 | 10 in the functions
>
>
> # -- sl params --
> modparam("sl", "enable_stats", 1)
>
>
> # -- mi_fifo params --
> modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
>
>
> # -- usrloc params --
> # Uncomment this if you want to use SQL database
> modparam("usrloc", "db_mode", 1) # Write instantaneously in the DB
> modparam("usrloc", "db_url", "mysql://openser:razovski@127.0.0.1/openser")
> modparam("usrloc", "timer_interval", 10)
> #modparam("usrloc", "use_domain", 1) # Not working for now...
> #modparam("usrloc", "cseq_delay", 5) # Delay before authorizing others retransmissions
> #modparam("usrloc", "matching_mode", 1) # 1 - CONTACT and CALLID based matching algorithm
> modparam("usrloc", "nat_bflag" , 3)
>
>
> # -- rr params --
> modparam("rr", "enable_full_lr", 1) # add value to ;lr param to make some broken UAs happy
> #modparam("rr", "add_username", 1) # username is added to the record-route
>
>
> # -- siptrace params --
> modparam("siptrace", "db_url", "mysql://openser:razovski@127.0.0.1/openser")
> modparam("siptrace", "table", "sip_trace") # Default value "sip_trace"
> modparam("siptrace", "trace_on", 1)
>
>
>
>
> # -- registrar params --
> modparam("registrar", "default_expires", 1800)
> modparam("registrar", "max_expires", 60)
> modparam("registrar", "received_avp", "$avp(i:42)")
> modparam("registrar", "max_contacts", 100) # TO INCREASE LATER
>
>
> # -- nathelper params --
> #modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:22222")
> modparam("nathelper", "rtpproxy_disable", 1)
> modparam("nathelper", "sipping_bflag", 5)
> modparam("nathelper", "natping_interval", 20)
> modparam("nathelper", "ping_nated_only", 1)
> modparam("nathelper", "sipping_method", "OPTIONS")
> modparam("nathelper", "received_avp", "$avp(i:42)") # Same Value as the registrar module
> modparam("nathelper", "sipping_from", "sip:pinger at sd-7501.dedibox.fr")
>
> #modparam("auth", "nonce_expire", 300) # Time before nounce expiration
> modparam("auth_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
>
>
> # -- group_radius params --
> modparam("group_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
> modparam("group_radius", "use_domain", 1) # username at domain will be used for lookup
>
>
> # -- avp_radius parameter --
> #modparam("avp_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
>
>
> # -- acc params (with radius )--
> modparam("acc", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
> modparam("acc", "radius_flag", 1)
> modparam("acc", "radius_missed_flag", 2)
>
> modparam("acc", "early_media", 1)
> modparam("acc", "report_cancels", 1)
> #modparam("acc", "report_ack", 0)
> modparam("acc", "detect_direction", 1)
> #modparam("acc", "log_flag", 1) # number of the flag which will be used to mark messages for accounting
> #modparam("acc", "log_level", 1) # Set the reporting log level
> #modparam("acc", "log_missed_flag", 2) #
> #modparam("acc", "failed_transaction_flag", 2)
> modparam("acc", "service_type", 15) # Radius service type used for accounting : 15 = (SIP)
> #modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp")
> # ATTENTION: DO NOT PUT ; at the end of the radius_extra attribute
> modparam("acc", "radius_extra", "Sip-Src-IP=$si;
> Sip-Src-Port=$sp;
> Canonical-URI=$avp(can_uri);
> Billing-Party=$avp(billing_party);
> SIP-Proxy-IP=$avp(sip_proxy_ip);
> User-Agent=$ua
> ")
> #Billing-Party=$avp(billing_party)
> #From-Header=$hdr(from);
> #User-Name=$fU;
> #From-Header=$avp(from_header);
> #Digest-Realm=$fd
> #Sip-From-Tag=$avp(from_header);
> #SIP-Method=$rm;
>
>
> # ------------------------- request routing logic -------------------
>
> # main routing logic
>
> route{
>
> # initial sanity checks -- messages with
> # max_forwards==0, or excessively long requests
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> exit;
> };
>
> if (msg:len >= 2048 ) {
> sl_send_reply("513", "Message too big");
> exit;
> };
>
>
>
>
> # NAT detection
> route(2);
>
> # subsequent messages will go through our proxy; that's
> # particularly good if upstream and downstream entities
> # use different transport protocol
> if (!method=="REGISTER") {
> record_route();
> };
>
> # subsequent messages withing a dialog should take the
> # path determined by record-routing
> if (loose_route()) { # mark routing logic in request
> xlog("IN LOOSE ROUTE SECTION \r\n");
> append_hf("P-hint: rr-enforced\r\n");
> if(is_method("BYE")) { # log it all the time
> acc_rad_request("200 ok");
> acc_log_request("200 ok");
> }
> route(1);
> exit;
> };
>
>
>
> # Functions when calling other domains
> xlog("CHECKING IF URI <> myself \r\n");
> if (!uri==myself) {
> append_hf("P-hint: outbound\r\n");
> xlog("URI <> myself TO ROUTE 1 \r\n");
> route(1);
> };
>
>
> if (uri==myself) {
>
> if (method=="REGISTER") {
> sip_trace();
> xlog("L_INFO", "$fu IS TRYING TO REGISTER \r\n");
>
>
> if (!radius_www_authorize("sd-7501.dedibox.fr")) {
> www_challenge("sd-7501.dedibox.fr", "0"); # qop set to 1
> xlog("L_INFO", "WWW_CHALLENGE of $si FAILED \r\n");
> exit;
> };
>
> #if (isflagset(5)) {
> if (isbflagset(3)) {
> #setflag(6);
> # if you want OPTIONS natpings uncomment next
> # setflag(7); # Deprecated
> setbflag(5); # Set Flag for SIP PINGING
> };
>
>
> save("location");
> xlog("L_INFO", "SAVE LOCATION OF $si \r\n");
> exit;
> };
>
>
>
> if (!lookup("location")) {
> xlog("LOOKUP(LOCATION) FAILED \r\n");
> # log to acc as missed call
> acc_rad_request("404 Not Found");
> acc_log_request("404 Not Found");
> xlog("L_DBG", "ACC RADIUS: 404 NOT FOUND FOR $si \r\n");
> sl_send_reply("404", "Not Found");
> exit;
> };
> append_hf("P-hint: usrloc applied\r\n");
>
> };
>
> route(1);
> }
>
> ## Generic Forward
> route[1] {
> xlog("STARTING ROUTE 1 \r\n");
> if (subst_uri('/(sip:.*);nat=yes/\1/')){
> #setflag(6); # Deprecated, for version 1.1
> xlog("SETTING BFLAGS 3 & 5 \r\n");
> setbflag(3); # NAT flag
> setbflag(5); # For SIP PINGS
> };
>
> #if (isflagset(5)||isflagset(6)) {
> if (isbflagset(3)) {
> xlog("FLAG 3 OK GOTO ROUTE 3 \r\n");
> route(3);
> } else {
> xlog("!!!! STRANGE, NO FLAG 3 -> NORMAL ROUTE \r\n");
> }
>
> if (!t_relay()) {
> sl_reply_error();
> };
> exit;
> }
>
>
>
>
> # NAT Detection
> route[2]{
> xlog("ROUTE2: STARTING NAT DETECTION \r\n");
> force_rport(); # Add port number of the client in the request
> if (nat_uac_test("19")) {
> xlog("!!!!!!!!! NAT UAC TEST 19 SUCEEDEED \r\n");
> if (method=="REGISTER") {
> xlog("FIX NATED REGISTER \r\n");
> fix_nated_register();
> } else {
> xlog("FIX NATED CONTACT \r\n");
> fix_nated_contact(); # Change the IP -> public
> fix_nated_sdp("2"); # Force to be active
> };
> #setflag(5); Deprecated
> xlog("ROUTE2: SETFLAG 3 \r\n");
> setbflag(3);
> };
> }
>
>
> ## Route for natted contact
> route[3] {
> xlog("!!!!!!!!! ON ROUTE 3 FOR NATTED CONTACT \r\n");
> if (is_method("BYE|CANCEL")) {
> # Ajout Maison
> #acc_rad_request("200 ok");
> #acc_log_request("200 ok");
>
> #unforce_rtp_proxy();
> t_on_failure("1");
>
> } else if (is_method("INVITE")){
> #force_rtp_proxy();
> t_on_failure("1");
> };
> #if (isflagset(5))
> if (isbflagset(3)){
> search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
> }
> t_on_reply("1");
> }
>
>
> ## Failure Route 1
> failure_route[1] {
> xlog("!!!!!!!!! ON FAILURE ROUTE \r\n");
> #if (isflagset(6) || isflagset(5)) {
> #if (isbflagset(3)) {
> #unforce_rtp_proxy();
> #}
> }
>
> ## Reply route
> onreply_route[1] {
> xlog("!!!!!!!!! ON REPLY ROUTE \r\n");
> #if ((isflagset(5) || isflagset(6)) && status=~"(183)|(2[0-9][0-9])") {
> #if (isbflagset(3) && status=~"(183)|(2[0-9][0-9])") {
> #force_rtp_proxy();
> #}
> search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
>
> #if (isflagset(6)) {
> if (isbflagset(3)) {
> xlog("!!!!!!!!! ON REPLY ROUTE / FIX NATED CONTACT \r\n");
> fix_nated_contact();
> }
> exit;
> }
>
>
> Dan-Cristian Bogos a écrit :
> > Marc,
> >
> > can u post your newly modified configuration again? Also, I would add
> > an exit after route(1) in the loose routing.
> > Did u try also disabling the accounting?
> >
> > Dan
> >
> > On 8/2/07, Marc LEURENT <lftsy at free.fr> wrote:
> >> Do you have any idea to solve this matter:
> >> In the BYE request:
> >>
> >> 0(2569) found end of header
> >> 0(2569) find_next_route: No next Route HF found
> >> 0(2569) after_loose: No next URI found
> >>
> >> So the BYE message is not forwarded by openser
> >>
> >>
> >>
> >>
> >>
> >>
> >> Please find below INVITE and BYE requests
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> 0(2632) SIP Request:
> >> 0(2632) method: <INVITE>
> >> 0(2632) uri: <sip:103 at sd-7501.dedibox.fr:5060>
> >> 0(2632) version: <SIP/2.0>
> >> 0(2632) parse_headers: flags=2
> >> 0(2632) Found param type 232, <branch> = <z9hG4bK4747925369759203710>; state=16
> >> 0(2632) end of header reached, state=5
> >> 0(2632) parse_headers: Via found, flags=2
> >> 0(2632) parse_headers: this is the first via
> >> 0(2632) After parse_msg...
> >> 0(2632) preparing to run routing scripts...
> >> 0(2632) parse_headers: flags=100
> >> 0(2632) DEBUG:parse_to:end of header reached, state=10
> >> 0(2632) DBUG:parse_to: display={}, ruri={sip:103 at sd-7501.dedibox.fr:5060;user=phone}
> >> 0(2632) DEBUG: get_hdr_field: <To> [46]; uri=[sip:103 at sd-7501.dedibox.fr:5060;user=phone]
> >> 0(2632) DEBUG: to body [<sip:103 at sd-7501.dedibox.fr:5060;user=phone>
> >> ]
> >> 0(2632) get_hdr_field: cseq <CSeq>: <1> <INVITE>
> >> 0(2632) DEBUG:maxfwd:is_maxfwd_present: value = 70
> >> 0(2632) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 10
> >> 0(2632) ROUTE2: STARTING NAT DETECTION
> >> 0(2632) !!!!!!!!! NAT UAC TEST 19 SUCEDEED
> >> 0(2632) parse_headers: flags=80
> >> 0(2632) ROUTE2: SETFLAG 3
> >> 0(2632) DEBUG: add_param: tag=c0a80101-b67ff5
> >> 0(2632) DEBUG:parse_to:end of header reached, state=29
> >> 0(2632) DBUG:parse_to: display={"101"}, ruri={sip:101 at sd-7501.dedibox.fr:5060;user=phone}
> >> 0(2632) parse_headers: flags=200
> >> 0(2632) DEBUG: get_hdr_body : content_length=269
> >> 0(2632) found end of header
> >> 0(2632) find_first_route: No Route headers found
> >> 0(2632) loose_route: There is no Route HF
> >> 0(2632) DEBUG: has_totag: no totag
> >> 0(2632) I AM SETTING THE FLAGS FOR RADIUS
> >> 0(2632) SETTING FLAGS 1 & 2 FOR RADIUS
> >> 0(2632) CHECKING IF URI <> myself
> >> 0(2632) grep_sock_info - checking if host==us: 18==12 && [sd-7501.dedibox.fr] == [88.191.45.91]
> >> 0(2632) grep_sock_info - checking if port 5060 matches port 5060
> >> 0(2632) grep_sock_info - checking if host==us: 18==12 && [sd-7501.dedibox.fr] == [88.191.45.91]
> >> 0(2632) grep_sock_info - checking if port 5060 matches port 5060
> >> 0(2632) grep_sock_info - checking if host==us: 18==12 && [sd-7501.dedibox.fr] == [88.191.45.91]
> >> 0(2632) grep_sock_info - checking if port 5060 matches port 5060
> >> 0(2632) grep_sock_info - checking if host==us: 18==12 && [sd-7501.dedibox.fr] == [88.191.45.91]
> >> 0(2632) grep_sock_info - checking if port 5060 matches port 5060
> >> 0(2632) rewrite_uri: Rewriting Request-URI with 'sip:103 at 82.127.0.79:1028;user=phone'
> >> 0(2632) parse_headers: flags=ffffffffffffffff
> >> 0(2632) STARTING ROUTE 1
> >> 0(2632) subst_run: running. r=1
> >> 0(2632) subst_str: no match
> >> 0(2632) FLAG 3 OK GOTO ROUTE 3
> >> 0(2632) !!!!!!!!! ON ROUTE 3 FOR NATTED CONTACT
> >> 0(2632) DEBUG: t_newtran: T on entrance=0xffffffff
> >> 0(2632) parse_headers: flags=ffffffffffffffff
> >> 0(2632) parse_headers: flags=78
> >> 0(2632) t_lookup_request: start searching: hash=12532, isACK=0
> >> 0(2632) DEBUG: RFC3261 transaction matching failed
> >> 0(2632) DEBUG: t_lookup_request: no transaction found
> >> 0(2632) DBG: trans=0xb5c08fa8, callback type 1, id 1 entered
> >> 0(2632) trace_onreq_in: trace off...
> >> 0(2632) DBG: trans=0xb5c08fa8, callback type 1, id 0 entered
> >> 0(2632) parse_headers: flags=78
> >> 0(2632) DEBUG: noisy_timer set for accounting
> >> 0(2632) DEBUG:rr:is_direction: param ftag not found
> >> 0(2632) parse_headers: flags=ffffffffffffffff
> >> 0(2632) check_via_address(82.127.0.79, 82.127.0.79, 0)
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> 0(2569) SIP Request:
> >> 0(2569) method: <BYE>
> >> 0(2569) uri: <sip:101 at 82.127.0.79:1312>
> >> 0(2569) version: <SIP/2.0>
> >> 0(2569) parse_headers: flags=2
> >> 0(2569) Found param type 232, <branch> = <z9hG4bK2074253192092946047>; state=16
> >> 0(2569) end of header reached, state=5
> >> 0(2569) parse_headers: Via found, flags=2
> >> 0(2569) parse_headers: this is the first via
> >> 0(2569) After parse_msg...
> >> 0(2569) preparing to run routing scripts...
> >> 0(2569) parse_headers: flags=100
> >> 0(2569) DEBUG: add_param: tag=c0a80101-b31387
> >> 0(2569) DEBUG:parse_to:end of header reached, state=29
> >> 0(2569) DBUG:parse_to: display={}, ruri={sip:101 at sd-7501.dedibox.fr:5060;user=phone}
> >> 0(2569) DEBUG: get_hdr_field: <To> [66]; uri=[sip:101 at sd-7501.dedibox.fr:5060;user=phone]
> >> 0(2569) DEBUG: to body [<sip:101 at sd-7501.dedibox.fr:5060;user=phone>]
> >> 0(2569) get_hdr_field: cseq <CSeq>: <1> <BYE>
> >> 0(2569) DEBUG:maxfwd:is_maxfwd_present: value = 70
> >> 0(2569) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 10
> >> 0(2569) ROUTE2: STARTING NAT DETECTION
> >> 0(2569) !!!!!!!!! NAT UAC TEST 19 SUCEDEED
> >> 0(2569) parse_headers: flags=80
> >> 0(2569) DEBUG: get_hdr_body : content_length=0
> >> 0(2569) found end of header
> >> 0(2569) ROUTE2: SETFLAG 3
> >> 0(2569) DEBUG: add_param: tag=c0a80101-2376fc2
> >> 0(2569) DEBUG:parse_to:end of header reached, state=29
> >> 0(2569) DBUG:parse_to: display={}, ruri={sip:103 at sd-7501.dedibox.fr:5060;user=phone}
> >> 0(2569) parse_headers: flags=200
> >> 0(2569) is_preloaded: No
> >> 0(2569) grep_sock_info - checking if host==us: 11==12 && [82.127.0.79] == [88.191.45.91]
> >> 0(2569) grep_sock_info - checking if port 5060 matches port 1312
> >> 0(2569) grep_sock_info - checking if host==us: 11==12 && [82.127.0.79] == [88.191.45.91]
> >> 0(2569) grep_sock_info - checking if port 5060 matches port 1312
> >> 0(2569) DEBUG:check_self: host != me
> >> 0(2569) grep_sock_info - checking if host==us: 12==12 && [88.191.45.91] == [88.191.45.91]
> >> 0(2569) grep_sock_info - checking if port 5060 matches port 5060
> >> 0(2569) after_loose: Topmost route URI: 'sip:88.191.45.91;lr=on;ftag=c0a80101-b31387' is me
> >> 0(2569) parse_headers: flags=200
> >> 0(2569) found end of header
> >> 0(2569) find_next_route: No next Route HF found
> >> 0(2569) after_loose: No next URI found
> >> 0(2569) DBG:rr:run_rr_callbacks: callback id 0 entered with <lr=on;ftag=c0a80101-b31387>
> >>
> >>
> >>
> >>
> >> Dan-Cristian Bogos a écrit :
> >>> That's because for INVITE your will take routing decisions but BYE u
> >>> will just proxy out.
> >>>
> >>> DanB
> >>>
> >>> On 8/2/07, Marc LEURENT <lftsy at free.fr> wrote:
> >>>> I've compared the INVITE and BYE method....
> >>>> And the uri in the INVITE method is
> >>>> 0(2632) SIP Request:
> >>>> 0(2632) method: <INVITE>
> >>>> 0(2632) uri: <sip:103 at sd-7501.dedibox.fr:5060>
> >>>> 0(2632) version: <SIP/2.0>
> >>>>
> >>>> whereas in the BYE method
> >>>>
> >>>> 0(2569) SIP Request:
> >>>> 0(2569) method: <BYE>
> >>>> 0(2569) uri: <sip:101 at 82.127.0.79:1312>
> >>>> 0(2569) version: <SIP/2.0>
> >>>>
> >>>>
> >>>> so the DEBUG:check_self: host != me
> >>>> I'm going to try without accoounting, but it should'nt change anything...
> >>>>
> >>>> Best Regards
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
>
More information about the sr-users
mailing list