[Users] Re: openser behind nat UAs behind NAT

raviprakash sunkara sunkara.raviprakash.feb14 at gmail.com
Sat Mar 31 10:52:54 CEST 2007 

Hi
Use
www.sipwise.com
x-lite has its  own stun server.

http://siprouter.onsip.org/doc/gettingstated/

U can get clear opinion on NAT with Rtp proxy or Media proxy .

On 3/31/07, Abdurrahman Sahin <abdsahin at gmail.com> wrote:
>
>  hi;
> when i use a stun server i can register my UAs , but i didnt like this
> method, i think i should be able to do it without a stun server at first, i
> see nathelper Module in the documentatios.
> is there somebody to show how to use nathelper module?
>
>
>
> ----- Original Message -----
> *From:* raviprakash sunkara <sunkara.raviprakash.feb14 at gmail.com>
> *To:* asahin <abdsahin at gmail.com>
> *Sent:* Saturday, March 31, 2007 7:25 AM
> *Subject:* Re: [Users] Re: openser behind nat UAs behind NAT
>
> Hi Asahin,
>
> When U  with OpenSER Behind  NAT,
> I need to know that is  OpenSER is Behind the NAT, which having the
> Firewall router/NAT.
>
> Is the OpenSER is private IP or Public IP (ISP)
>
> if the OpenSER is Having the Private IP,  of that IP is should forwards
> the SIP port and RTP ports,
> and in openserclt, SIP Domain is the public ip.
>
>
> alias should be the Sip domain name
> In Register Section if!www_authorize("alias name or realm", " subscriber"
> )
>
>
> On 3/31/07, asahin <abdsahin at gmail.com> wrote:
> >
> >  hi all;
> > i am now able to register my client with the openserver server.
> >
> > i used STUN server option of x-lite and stun.voipuser.org as the stun
> > server
> > i also set/exported SIP_DOMAIN variable to my public openser server ip
> > address.
> >
> > i wonder do i have to use a stun server ?
> >
> >
> >
> >
> >
> > ----- Original Message -----
> > *From:* asahin <abdsahin at gmail.com>
> > *To:* users at openser.org
> > *Sent:* Friday, March 30, 2007 10:26 PM
> > *Subject:* openser behind nat UAs behind NAT
> >
> > hi;
> > i installed and tested openser on the internal network, it was working.
> > i tried to test it behind NAT with x-lite sip client, but it failed.
> >
> > i defined a port mapping on the adsl modem for udp/tcp 5060 ports to
> > forward the packets to the openser installed machine.
> > when i try to register to openser i received a 408 request timeout
> > message.
> >
> > i guess its due to external ip of the openser server. i think i should
> > define external ip of the modem to the openser as if it's its own ip, but
> > dont where to define it.
> >
> > here is the ngrep dump at the server.
> > U external_ip_of_ua:23975 -> 192.168.200.2:5060  REGISTER
> > sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP
> > external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport..Max-Forwards:
> > 70..Contact: <sip:apo at external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To:
> > "apo"<sip:apo at external_ip_of_openser>..From: "apo"<sip:apo at external_ip_of_ua;tag=da6a3851..Call-ID:
> > ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER..  Expires:
> > 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
> > SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp
> > 34025..Content-Length: 0....#U 192.168.200.2:5060 ->
> > external_ip_of_openser:5060
> >   REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP
> > 192.168.200.2;branch=z9hG4bKd734.53940821.0..Via: SIP/2.0/UDP
> > external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport=23975..Max-Forwards:
> > 69..Contact: <sip:apo at external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To:
> > "apo"<sip:apo at external_ip_of_openser>..From: "apo"<sip:apo at external_ip_of_ua;tag=da6a3851..Call-
> > ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER..Expires:
> > 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, B  YE, REFER, NOTIFY, MESSAGE,
> > SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp
> > 34025..Content-Length: 0..P-hint: out  bound....
> >
> >
> > my openser.cfg file is the initial openser openser.cfg file i didnt
> > change it.
> > -------------
> >
> > #
> >
> > # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
> >
> > #
> >
> > # simple quick-start config script
> >
> > # Please refer to the Core CookBook at
> > http://www.openser.org/dokuwiki/doku.php
> >
> > # for a explanation of possible statements, functions and parameters.
> >
> > #
> >
> > # ----------- global configuration parameters ------------------------
> >
> > debug=3 # debug level (cmd line: -dddddddddd)
> >
> > fork=yes
> >
> > log_stderror=no # (cmd line: -E)
> >
> > children=4
> >
> > # Uncomment these lines to enter debugging mode
> >
> > #fork=no
> >
> > #log_stderror=yes
> >
> > #
> >
> > port=5060
> >
> > # uncomment the following lines for TLS support
> >
> > #disable_tls = 0
> >
> > #listen = tls:your_IP:5061
> >
> > #tls_verify_server = 1
> >
> > #tls_verify_client = 1
> >
> > #tls_require_client_certificate = 0
> >
> > #tls_method = TLSv1
> >
> > #tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
> >
> > #tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
> >
> > #tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
> >
> > # ------------------ module loading ----------------------------------
> >
> > #set module path
> >
> > mpath="/usr/local/lib64/openser/modules/"
> >
> > # Uncomment this if you want to use SQL database
> >
> > #loadmodule "mysql.so"
> >
> > loadmodule "sl.so"
> >
> > loadmodule "tm.so"
> >
> > loadmodule "rr.so"
> >
> > loadmodule "maxfwd.so"
> >
> > loadmodule "usrloc.so"
> >
> > loadmodule "registrar.so"
> >
> > loadmodule "textops.so"
> >
> > loadmodule "mi_fifo.so"
> >
> > # Uncomment this if you want digest authentication
> >
> > # mysql.so must be loaded !
> >
> > #loadmodule "auth.so"
> >
> > #loadmodule "auth_db.so"
> >
> > # ----------------- setting module-specific parameters ---------------
> >
> > # -- mi_fifo params --
> >
> > modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
> >
> > # -- usrloc params --
> >
> > modparam("usrloc", "db_mode", 0)
> >
> > # Uncomment this if you want to use SQL database
> >
> > # for persistent storage and comment the previous line
> >
> > #modparam("usrloc", "db_mode", 2)
> >
> > # -- auth params --
> >
> > # Uncomment if you are using auth module
> >
> > #
> >
> > #modparam("auth_db", "calculate_ha1", yes)
> >
> > #
> >
> > # If you set "calculate_ha1" parameter to yes (which true in this
> > config),
> >
> > # uncomment also the following parameter)
> >
> > #
> >
> > #modparam("auth_db", "password_column", "password")
> >
> > # -- rr params --
> >
> > # add value to ;lr param to make some broken UAs happy
> >
> > modparam("rr", "enable_full_lr", 1)
> >
> > # ------------------------- request routing logic -------------------
> >
> > # main routing logic
> >
> > route{
> >
> > # initial sanity checks -- messages with
> >
> > # max_forwards==0, or excessively long requests
> >
> > if (!mf_process_maxfwd_header("10")) {
> >
> > sl_send_reply("483","Too Many Hops");
> >
> > exit;
> >
> > };
> >
> > if (msg:len >= 2048 ) {
> >
> > sl_send_reply("513", "Message too big");
> >
> > exit;
> >
> > };
> >
> > # we record-route all messages -- to make sure that
> >
> > # subsequent messages will go through our proxy; that's
> >
> > # particularly good if upstream and downstream entities
> >
> > # use different transport protocol
> >
> > if (!method=="REGISTER")
> >
> > record_route();
> >
> > # subsequent messages withing a dialog should take the
> >
> > # path determined by record-routing
> >
> > if (loose_route()) {
> >
> > # mark routing logic in request
> >
> > append_hf("P-hint: rr-enforced\r\n");
> >
> > route(1);
> >
> > };
> >
> > if (!uri==myself) {
> >
> > # mark routing logic in request
> >
> > append_hf("P-hint: outbound\r\n");
> >
> > # if you have some interdomain connections via TLS
> >
> > #if(uri=~"@tls_domain1.net") {
> >
> > # t_relay("tls:domain1.net");
> >
> > # exit;
> >
> > #} else if(uri=~"@tls_domain2.net") {
> >
> > # t_relay("tls:domain2.net");
> >
> > # exit;
> >
> > #}
> >
> > route(1);
> >
> > };
> >
> > # if the request is for other domain use UsrLoc
> >
> > # (in case, it does not work, use the following command
> >
> > # with proper names and addresses in it)
> >
> > if (uri==myself) {
> >
> > if (method=="REGISTER") {
> >
> > # Uncomment this if you want to use digest authentication
> >
> > #if (!www_authorize("openser.org", "subscriber")) {
> >
> > # www_challenge("openser.org", "0");
> >
> > # exit;
> >
> > #};
> >
> > save("location");
> >
> > exit;
> >
> > };
> >
> > lookup("aliases");
> >
> > if (!uri==myself) {
> >
> > append_hf("P-hint: outbound alias\r\n");
> >
> > route(1);
> >
> > };
> >
> > # native SIP destinations are handled using our USRLOC DB
> >
> > if (!lookup("location")) {
> >
> > sl_send_reply("404", "Not Found");
> >
> > exit;
> >
> > };
> >
> > append_hf("P-hint: usrloc applied\r\n");
> >
> > };
> >
> > route(1);
> >
> > }
> >
> >
> >
> > route[1] {
> >
> > # send it out now; use stateful forwarding as it works reliably
> >
> > # even for UDP2TCP
> >
> > if (!t_relay()) {
> >
> > sl_reply_error();
> >
> > };
> >
> > exit;
> >
> > }
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at openser.org
> > http://openser.org/cgi-bin/mailman/listinfo/users
> >
> >
>
>
> --
> Thanks and Regards
> Ravi Prakash Sunkara
> ravi.sunkara at hyperion-tech.com
> M:+91 9985077535
> www.hyperion-tech.com
> Client and Parent company :- www.august-networks.com
>
>


-- 
Thanks and Regards
Ravi Prakash Sunkara
ravi.sunkara at hyperion-tech.com
M:+91 9985077535
www.hyperion-tech.com
Client and Parent company :- www.august-networks.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20070331/25eaaabb/attachment.htm>

More information about the sr-users mailing list