[Users] Re: openser behind nat UAs behind NAT

Abdurrahman Sahin abdsahin at gmail.com
Sat Mar 31 10:32:15 CEST 2007


hi;
when i use a stun server i can register my UAs , but i didnt like this method, i think i should be able to do it without a stun server at first, i see nathelper Module in the documentatios.
is there somebody to show how to use nathelper module?


  ----- Original Message ----- 
  From: raviprakash sunkara 
  To: asahin 
  Sent: Saturday, March 31, 2007 7:25 AM
  Subject: Re: [Users] Re: openser behind nat UAs behind NAT


  Hi Asahin, 

  When U  with OpenSER Behind  NAT, 
  I need to know that is  OpenSER is Behind the NAT, which having the Firewall router/NAT. 

  Is the OpenSER is private IP or Public IP (ISP)

  if the OpenSER is Having the Private IP,  of that IP is should forwards the SIP port and RTP ports, 
  and in openserclt, SIP Domain is the public ip. 


  alias should be the Sip domain name 
  In Register Section if!www_authorize("alias name or realm", " subscriber" )



  On 3/31/07, asahin <abdsahin at gmail.com> wrote:
    hi all;
    i am now able to register my client with the openserver server.

    i used STUN server option of x-lite and stun.voipuser.org as the stun server
    i also set/exported SIP_DOMAIN variable to my public openser server ip address.

    i wonder do i have to use a stun server ?




      ----- Original Message ----- 
      From: asahin 
      To: users at openser.org 
      Sent: Friday, March 30, 2007 10:26 PM
      Subject: openser behind nat UAs behind NAT


      hi;
      i installed and tested openser on the internal network, it was working.
      i tried to test it behind NAT with x-lite sip client, but it failed.

      i defined a port mapping on the adsl modem for udp/tcp 5060 ports to forward the packets to the openser installed machine.
      when i try to register to openser i received a 408 request timeout message.

      i guess its due to external ip of the openser server. i think i should define external ip of the modem to the openser as if it's its own ip, but dont where to define it.

      here is the ngrep dump at the server.
      U external_ip_of_ua:23975 -> 192.168.200.2:5060  REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport..Max-Forwards: 70..Contact: <sip:apo at external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo at external_ip_of_openser>..From: "apo"<sip:apo at external_ip_of_ua;tag=da6a3851..Call-ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER..  Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0....#U 192.168.200.2:5060 -> external_ip_of_openser:5060
        REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP 192.168.200.2;branch=z9hG4bKd734.53940821.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport=23975..Max-Forwards: 69..Contact: <sip:apo at external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo at external_ip_of_openser>..From: "apo"<sip:apo at external_ip_of_ua;tag=da6a3851..Call-  ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER..Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, B  YE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0..P-hint: out  bound....


      my openser.cfg file is the initial openser openser.cfg file i didnt change it.
      -------------
      #

      # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $

      #

      # simple quick-start config script

      # Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php

      # for a explanation of possible statements, functions and parameters.

      #

      # ----------- global configuration parameters ------------------------

      debug=3 # debug level (cmd line: -dddddddddd)

      fork=yes

      log_stderror=no # (cmd line: -E)

      children=4

      # Uncomment these lines to enter debugging mode 

      #fork=no

      #log_stderror=yes

      #

      port=5060

      # uncomment the following lines for TLS support

      #disable_tls = 0

      #listen = tls:your_IP:5061

      #tls_verify_server = 1

      #tls_verify_client = 1

      #tls_require_client_certificate = 0

      #tls_method = TLSv1

      #tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"

      #tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"

      #tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"

      # ------------------ module loading ----------------------------------

      #set module path

      mpath="/usr/local/lib64/openser/modules/"

      # Uncomment this if you want to use SQL database

      #loadmodule "mysql.so"

      loadmodule "sl.so"

      loadmodule "tm.so"

      loadmodule "rr.so"

      loadmodule "maxfwd.so"

      loadmodule "usrloc.so"

      loadmodule "registrar.so"

      loadmodule "textops.so"

      loadmodule "mi_fifo.so"

      # Uncomment this if you want digest authentication

      # mysql.so must be loaded !

      #loadmodule "auth.so"

      #loadmodule "auth_db.so"

      # ----------------- setting module-specific parameters ---------------

      # -- mi_fifo params --

      modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")

      # -- usrloc params --

      modparam("usrloc", "db_mode", 0)

      # Uncomment this if you want to use SQL database 

      # for persistent storage and comment the previous line

      #modparam("usrloc", "db_mode", 2)

      # -- auth params --

      # Uncomment if you are using auth module

      #

      #modparam("auth_db", "calculate_ha1", yes)

      #

      # If you set "calculate_ha1" parameter to yes (which true in this config), 

      # uncomment also the following parameter)

      #

      #modparam("auth_db", "password_column", "password")

      # -- rr params --

      # add value to ;lr param to make some broken UAs happy

      modparam("rr", "enable_full_lr", 1)

      # ------------------------- request routing logic -------------------

      # main routing logic

      route{

      # initial sanity checks -- messages with

      # max_forwards==0, or excessively long requests

      if (!mf_process_maxfwd_header("10")) {

      sl_send_reply("483","Too Many Hops");

      exit;

      };

      if (msg:len >= 2048 ) {

      sl_send_reply("513", "Message too big");

      exit;

      };

      # we record-route all messages -- to make sure that

      # subsequent messages will go through our proxy; that's

      # particularly good if upstream and downstream entities

      # use different transport protocol

      if (!method=="REGISTER")

      record_route();

      # subsequent messages withing a dialog should take the

      # path determined by record-routing

      if (loose_route()) {

      # mark routing logic in request

      append_hf("P-hint: rr-enforced\r\n"); 

      route(1);

      };

      if (!uri==myself) {

      # mark routing logic in request

      append_hf("P-hint: outbound\r\n"); 

      # if you have some interdomain connections via TLS

      #if(uri=~"@tls_domain1.net") {

      # t_relay("tls:domain1.net");

      # exit;

      #} else if(uri=~"@tls_domain2.net") {

      # t_relay("tls:domain2.net");

      # exit;

      #}

      route(1);

      };

      # if the request is for other domain use UsrLoc

      # (in case, it does not work, use the following command

      # with proper names and addresses in it)

      if (uri==myself) {

      if (method=="REGISTER") {

      # Uncomment this if you want to use digest authentication

      #if (!www_authorize("openser.org", "subscriber")) { 

      # www_challenge("openser.org", "0");

      # exit;

      #};

      save("location");

      exit;

      };

      lookup("aliases");

      if (!uri==myself) {

      append_hf("P-hint: outbound alias\r\n"); 

      route(1);

      };

      # native SIP destinations are handled using our USRLOC DB

      if (!lookup("location")) {

      sl_send_reply("404", "Not Found");

      exit;

      };

      append_hf("P-hint: usrloc applied\r\n"); 

      };

      route(1);

      }



      route[1] {

      # send it out now; use stateful forwarding as it works reliably

      # even for UDP2TCP

      if (!t_relay()) {

      sl_reply_error();

      };

      exit;

      }






    _______________________________________________
    Users mailing list
    Users at openser.org
    http://openser.org/cgi-bin/mailman/listinfo/users





  -- 
  Thanks and Regards
  Ravi Prakash Sunkara 
  ravi.sunkara at hyperion-tech.com 
  M:+91 9985077535
  www.hyperion-tech.com
  Client and Parent company :- www.august-networks.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20070331/5fb5751f/attachment.htm>


More information about the sr-users mailing list