[Serusers] Question
Greger V. Teigre
greger at teigre.com
Wed Jan 10 09:26:12 CET 2007
Bill,
Note that the onsip.org config file uses a reference design where SER
has a public address and UAs may be behind NAT (far-end NAT traversal).
The nat_uac_test function uses private address segments to determine
whether to fix-up SDP and whether to proxy a call. Your mediaproxy
output indicates that you are running a scenario using a private segment
in 10.0.0.0/8.
g-)
Bill wrote:
> I am setting up a SER/Mediaproxy/MySQL box. I have it setup and running
> except for NAT. When I put up a call this is what my session look like. The
> 127 are the fakeconversations.py. The other session is my live traffic but
> the other end has all ????????????????. Any ideas. I am using the basic
> SER/Mediaproxy config below.
>
> Caller Via Called Status Duration
> Codec Type Traffic
> ----------------------------------------------------------------------------
> ----------------------------------------
> 127.0.0.1:10000 - 10.0.1.100:60004 - 127.0.0.1:10002 active 0'10"
> Dynamic(127) Audio 94.38k/188.58k/94.38k
> 10.0.2.1:15040 - 10.0.1.100:60000 - ?.?.?.?:? inactive 4'41"
> Dynamic(107) Audio 1.58M/0/0
>
> Total traffic: 120.55kbps/74.61kbps/149.22kbps (in1/in2/out)
> Session count: 2
> Proxy version: 1.8.0
>
> #####################SER.CFG
> [root at voipproxy1 mediaproxy]# cat /usr/local/etc/ser/ser.cfg
> # $Id: nat-mediaproxy.cfg 51 2006-01-31 13:28:04Z /CN=Paul
> Hazlett/emailAddress=paul at onsip.org $
> debug=7
> fork=yes
> log_stderror=no
>
> listen=10.0.1.100 # INSERT YOUR IP ADDRESS HERE
> port=5060
> children=4
> sock_mode=0666
>
> dns=no
> rev_dns=no
> fifo="/tmp/ser_fifo"
> fifo_db_url="mysql://ser:heslo@localhost/ser"
>
> loadmodule "/usr/local/lib/ser/modules/mysql.so"
> loadmodule "/usr/local/lib/ser/modules/sl.so"
> loadmodule "/usr/local/lib/ser/modules/tm.so"
> loadmodule "/usr/local/lib/ser/modules/rr.so"
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
> loadmodule "/usr/local/lib/ser/modules/auth.so"
> loadmodule "/usr/local/lib/ser/modules/auth_db.so"
> loadmodule "/usr/local/lib/ser/modules/uri.so"
> loadmodule "/usr/local/lib/ser/modules/uri_db.so"
> loadmodule "/usr/local/lib/ser/modules/domain.so"
> loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
> loadmodule "/usr/local/lib/ser/modules/nathelper.so"
> loadmodule "/usr/local/lib/ser/modules/textops.so"
>
> modparam("auth_db|domain|uri_db|usrloc", "db_url",
> "mysql://ser:heslo@localhost/ser")
> modparam("auth_db", "calculate_ha1", 1)
> modparam("auth_db", "password_column", "password")
>
> modparam("nathelper", "rtpproxy_disable", 1)
> modparam("nathelper", "natping_interval", 0)
>
> modparam("mediaproxy","natping_interval", 30)
> modparam("mediaproxy","mediaproxy_socket", "/var/run/mediaproxy.sock")
> modparam("mediaproxy","sip_asymmetrics","/usr/local/etc/ser/sip-clients")
> modparam("mediaproxy","rtp_asymmetrics","/usr/local/etc/ser/rtp-clients")
>
> modparam("usrloc", "db_mode", 2)
>
> modparam("registrar", "nat_flag", 6)
>
> modparam("rr", "enable_full_lr", 1)
>
> route {
>
> # -----------------------------------------------------------------
> # Sanity Check Section
> # -----------------------------------------------------------------
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483", "Too Many Hops");
> break;
> };
>
> if (msg:len > max_len) {
> sl_send_reply("513", "Message Overflow");
> break;
> };
>
> # -----------------------------------------------------------------
> # Record Route Section
> # -----------------------------------------------------------------
> if (method=="INVITE" && client_nat_test("3")) {
> # INSERT YOUR IP ADDRESS HERE
> record_route_preset("10.0.1.100:5060;nat=yes");
> } else if (method!="REGISTER") {
> record_route();
> };
>
> # -----------------------------------------------------------------
> # Call Tear Down Section
> # -----------------------------------------------------------------
> if (method=="BYE" || method=="CANCEL") {
> end_media_session();
> };
>
> # -----------------------------------------------------------------
> # Loose Route Section
> # -----------------------------------------------------------------
> if (loose_route()) {
>
> if ((method=="INVITE" || method=="REFER") && !has_totag()) {
> sl_send_reply("403", "Forbidden");
> break;
> };
>
> if (method=="INVITE") {
>
> if (!proxy_authorize("","subscriber")) {
> proxy_challenge("","0");
> break;
> } else if (!check_from()) {
> sl_send_reply("403", "Use From=ID");
> break;
> };
> consume_credentials();
>
> if (client_nat_test("3") ||
> search("^Route:.*;nat=yes")) {
> setflag(6);
> use_media_proxy();
> };
> };
>
> route(1);
> break;
> };
>
> # -----------------------------------------------------------------
> # Call Type Processing Section
> # -----------------------------------------------------------------
> if (uri!=myself) {
> route(4);
> route(1);
> break;
> };
>
> if (method=="ACK") {
> route(1);
> break;
> } else if (method=="CANCEL") {
> route(1);
> break;
> } else if (method=="INVITE") {
> route(3);
> break;
> } else if (method=="REGISTER") {
> route(2);
> break;
> };
>
> lookup("aliases");
> if (uri!=myself) {
> route(4);
> route(1);
> break;
> };
>
> if (!lookup("location")) {
> sl_send_reply("404", "User Not Found");
> break;
> };
>
> route(1);
> }
>
> route[1] {
>
> # -----------------------------------------------------------------
> # Default Message Handler
> # -----------------------------------------------------------------
>
> t_on_reply("1");
>
> if (!t_relay()) {
>
> if (method=="INVITE" || method=="ACK") {
> end_media_session();
> };
>
> sl_reply_error();
> };
> }
>
> route[2] {
>
> # -----------------------------------------------------------------
> # REGISTER Message Handler
> # ----------------------------------------------------------------
>
> sl_send_reply("100", "Trying");
>
> if (!search("^Contact:[ ]*\*") && client_nat_test("7")) {
> setflag(6);
> fix_nated_register();
> force_rport();
> };
>
> if (!www_authorize("","subscriber")) {
> www_challenge("","0");
> break;
> };
>
> if (!check_to()) {
> sl_send_reply("401", "Unauthorized");
> break;
> };
>
> consume_credentials();
>
> if (!save("location")) {
> sl_reply_error();
> };
> }
>
> route[3] {
>
> # -----------------------------------------------------------------
> # INVITE Message Handler
> # -----------------------------------------------------------------
>
> if (client_nat_test("3")) {
> setflag(7);
> force_rport();
> fix_nated_contact();
> };
>
> if (!proxy_authorize("","subscriber")) {
> proxy_challenge("","0");
> break;
> } else if (!check_from()) {
> sl_send_reply("403", "Use From=ID");
> break;
> };
>
> consume_credentials();
>
> lookup("aliases");
> if (uri!=myself) {
> route(4);
> route(1);
> break;
> };
>
> if (!lookup("location")) {
> sl_send_reply("404", "User Not Found");
> break;
> };
>
> route(4);
> route(1);
> }
>
> route[4] {
>
> # -----------------------------------------------------------------
> # NAT Traversal Section
> # -----------------------------------------------------------------
>
> if (isflagset(6) || isflagset(7)) {
> if (!isflagset(8)) {
> setflag(8);
> use_media_proxy();
> };
> };
> }
>
> onreply_route[1] {
>
> if ((isflagset(6) || isflagset(7)) &&
> (status=~"(180)|(183)|2[0-9][0-9]")) {
>
> if (!search("^Content-Length:[ ]*0")) {
> use_media_proxy();
> };
> };
>
> if (client_nat_test("1")) {
> fix_nated_contact();
> };
> }
>
>
> ######################MEDIAPROXY.INI
> [Dispatcher]
> defaultProxy = /var/run/mediaproxy.sock
>
> [MediaProxy]
> ;start = yes
> ;socket = /var/run/mediaproxy.sock
> ;group = openser
> ;listen = None
> ;allow = None
> proxyIP = 10.0.1.100
> portRange = 60000:65000
> ;TOS = 0xb8
> ;idleTimeout = 60
> ;holdTimeout = 3600
> ;forceClose = 0
>
> [Accounting]
> ; one of none, radius or database
> accounting = database
>
> [Database]
> user = ser
> password = heslo
> host = localhost
> database = ser
> table = acc
>
> [Radius]
> secret = secret
> server = localhost
> authport = 1812
> acctport = 1813
> dictionaries = /etc/radiusclient-ng/dictionary,
> /etc/openser/radius/dictionary, /usr/local/mediaproxy/dictionary
> retries = 2
> timeout = 3
>
> Bill
>
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
>
More information about the sr-users
mailing list