[Users] openser behind nat UAs behind NAT

asahin abdsahin at gmail.com
Fri Mar 30 21:26:31 CEST 2007 

hi;
i installed and tested openser on the internal network, it was working.
i tried to test it behind NAT with x-lite sip client, but it failed.

i defined a port mapping on the adsl modem for udp/tcp 5060 ports to forward the packets to the openser installed machine.
when i try to register to openser i received a 408 request timeout message.

i guess its due to external ip of the openser server. i think i should define external ip of the modem to the openser as if it's its own ip, but dont where to define it.

here is the ngrep dump at the server.
U external_ip_of_ua:23975 -> 192.168.200.2:5060  REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport..Max-Forwards: 70..Contact: <sip:apo at external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo at external_ip_of_openser>..From: "apo"<sip:apo at external_ip_of_ua;tag=da6a3851..Call-ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER..  Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0....#U 192.168.200.2:5060 -> external_ip_of_openser:5060
  REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP 192.168.200.2;branch=z9hG4bKd734.53940821.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport=23975..Max-Forwards: 69..Contact: <sip:apo at external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo at external_ip_of_openser>..From: "apo"<sip:apo at external_ip_of_ua;tag=da6a3851..Call-  ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER..Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, B  YE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0..P-hint: out  bound....


my openser.cfg file is the initial openser openser.cfg file i didnt change it.
-------------
#

# $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $

#

# simple quick-start config script

# Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php

# for a explanation of possible statements, functions and parameters.

#

# ----------- global configuration parameters ------------------------

debug=3 # debug level (cmd line: -dddddddddd)

fork=yes

log_stderror=no # (cmd line: -E)

children=4

# Uncomment these lines to enter debugging mode 

#fork=no

#log_stderror=yes

#

port=5060

# uncomment the following lines for TLS support

#disable_tls = 0

#listen = tls:your_IP:5061

#tls_verify_server = 1

#tls_verify_client = 1

#tls_require_client_certificate = 0

#tls_method = TLSv1

#tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"

#tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"

#tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"

# ------------------ module loading ----------------------------------

#set module path

mpath="/usr/local/lib64/openser/modules/"

# Uncomment this if you want to use SQL database

#loadmodule "mysql.so"

loadmodule "sl.so"

loadmodule "tm.so"

loadmodule "rr.so"

loadmodule "maxfwd.so"

loadmodule "usrloc.so"

loadmodule "registrar.so"

loadmodule "textops.so"

loadmodule "mi_fifo.so"

# Uncomment this if you want digest authentication

# mysql.so must be loaded !

#loadmodule "auth.so"

#loadmodule "auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- mi_fifo params --

modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")

# -- usrloc params --

modparam("usrloc", "db_mode", 0)

# Uncomment this if you want to use SQL database 

# for persistent storage and comment the previous line

#modparam("usrloc", "db_mode", 2)

# -- auth params --

# Uncomment if you are using auth module

#

#modparam("auth_db", "calculate_ha1", yes)

#

# If you set "calculate_ha1" parameter to yes (which true in this config), 

# uncomment also the following parameter)

#

#modparam("auth_db", "password_column", "password")

# -- rr params --

# add value to ;lr param to make some broken UAs happy

modparam("rr", "enable_full_lr", 1)

# ------------------------- request routing logic -------------------

# main routing logic

route{

# initial sanity checks -- messages with

# max_forwards==0, or excessively long requests

if (!mf_process_maxfwd_header("10")) {

sl_send_reply("483","Too Many Hops");

exit;

};

if (msg:len >= 2048 ) {

sl_send_reply("513", "Message too big");

exit;

};

# we record-route all messages -- to make sure that

# subsequent messages will go through our proxy; that's

# particularly good if upstream and downstream entities

# use different transport protocol

if (!method=="REGISTER")

record_route();

# subsequent messages withing a dialog should take the

# path determined by record-routing

if (loose_route()) {

# mark routing logic in request

append_hf("P-hint: rr-enforced\r\n"); 

route(1);

};

if (!uri==myself) {

# mark routing logic in request

append_hf("P-hint: outbound\r\n"); 

# if you have some interdomain connections via TLS

#if(uri=~"@tls_domain1.net") {

# t_relay("tls:domain1.net");

# exit;

#} else if(uri=~"@tls_domain2.net") {

# t_relay("tls:domain2.net");

# exit;

#}

route(1);

};

# if the request is for other domain use UsrLoc

# (in case, it does not work, use the following command

# with proper names and addresses in it)

if (uri==myself) {

if (method=="REGISTER") {

# Uncomment this if you want to use digest authentication

#if (!www_authorize("openser.org", "subscriber")) {

# www_challenge("openser.org", "0");

# exit;

#};

save("location");

exit;

};

lookup("aliases");

if (!uri==myself) {

append_hf("P-hint: outbound alias\r\n"); 

route(1);

};

# native SIP destinations are handled using our USRLOC DB

if (!lookup("location")) {

sl_send_reply("404", "Not Found");

exit;

};

append_hf("P-hint: usrloc applied\r\n"); 

};

route(1);

}



route[1] {

# send it out now; use stateful forwarding as it works reliably

# even for UDP2TCP

if (!t_relay()) {

sl_reply_error();

};

exit;

}




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20070330/1ee50174/attachment.htm>

More information about the sr-users mailing list