[Serusers] nathelper doesn't ping registered users

Tomasz Zieleniewski tzieleniewski at gmail.com
Mon Nov 26 09:43:24 CET 2007 

Hi Jiri,

On Nov 25, 2007 10:08 PM, Jiri Kuthan <jiri at iptel.org> wrote:
> At 10:56 25/11/2007, Tomasz Zieleniewski wrote:
> >Hi,
> >
> >I don't have those lines because I have a registrar on seperate SIP Proxy.
> >This proxy here is the boundary one, but they both use the same database
> >and have access to location table common.
>
> Well, I'm not sure I'm getting the context of this configuration so I don't
> feel certain with providing some hints (in particular two proxy serveer
> in a series both using usrloc seems unusual to me). A hand-waving estimate
> is you need to configure the "boundary proxy" to change all natted clients
> to form "as seen by the network" and the "actual proxy" to send pings to
> all contacts.
>
Boundary proxy uses usrloc only for the purpose of pinging the natted users.
Nathelper module requires usrloc. Because all reuqest travels 'boundary proxy'
before entering network the 'boundary proxy' must ping users to keep
my nat bindings
right. they are both on seperate machines.

 -tomek
>
> -jiri
>
>
>
> >-tomasz
> >
> >On Nov 25, 2007 10:40 AM, Jiri Kuthan <jiri at iptel.org> wrote:
> >> Hi Tomasz,
> >>
> >> well it could be that reusing an existing config and commiting than your specific
> >> changes to it would save you quite some laborous exercises rather than writing
> >> it from scratch....
> >> http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/etc/ser-oob.cfg?rev=1.1.2.1&content-type=text/plain
> >>
> >> The lines in question are (out of which I think you are missing the registrar params)
> >>
> >>
> >>   FLAG_NAT            : 3, # the UAC is behind a NAT
> >>
> >> ...
> >> # identify natted contacts using a flag
> >> modparam("registrar", "load_nat_flag", "FLAG_NAT")
> >> modparam("registrar", "save_nat_flag", "FLAG_NAT")
> >> ...
> >> modparam("rr", "cookie_filter", "(account|uac_nat)")
> >> ...
> >> modparam("nathelper", "ping_nated_only", 1 )
> >> # if this option is not set, simple 4-bytes ping is sent
> >> modparam("nathelper", "natping_method", "OPTIONS" )
> >> #temporary statefull natping test (only in future versions)
> >> #modparam("nathelper", "natping_stateful", 1)
> >> ...
> >>
> >>                 setflag(FLAG_NAT);
> >>
> >>
> >> -jiri
> >>
> >>
> >> At 22:20 24/11/2007, Tomasz Zieleniewski wrote:
> >> >I'm sorry for the CC
> >> >here is my config:
> >> >
> >> >debug=3         # debug level (cmd line: -dddddddddd)
> >> >memdbg=5
> >> >memlog=5
> >> >log_facility=LOG_LOCAL0
> >> >fork=yes
> >> >log_stderror=no
> >> >check_via=yes    # (cmd. line: -v)
> >> >dns=no          # (cmd. line: -r)
> >> >rev_dns=no      # (cmd. line: -R)
> >> >port=5060
> >> >tls_port_no=5061
> >> >children=4
> >> >user=ser
> >> >group=ser
> >> >mhomed=yes
> >> >disable_tcp=no
> >> >tcp_accept_aliases=yes
> >> >enable_tls=no
> >> >sip_warning=0
> >> >reply_to_via=no
> >> >alias="voip.touk.pl"
> >> >
> >> >dns_retr_time=1
> >> >dns_retr_no=1
> >> >dns_servers_no=1
> >> >dns_use_search_list=no
> >> >dns_try_ipv6=no
> >> ># dns cache & failover
> >> >use_dns_cache=on
> >> >use_dns_failover=on
> >> ># dns_cache_flags=0
> >> >dns_cache_negative_ttl=300
> >> >dns_cache_min_ttl=60
> >> >dns_cache_max_ttl=86400 # 1 day
> >> >dns_cache_mem=2048 # 2 MB
> >> >dns_cache_gc_interval=60
> >> >
> >> >tcp_connection_lifetime=3600
> >> >tcp_max_connections=2048
> >> >tcp_connect_timeout=1
> >> >
> >> >loadmodule ...
> >> >....
> >> >
> >> ># specify the path to you database here
> >> >modparam("acc_db|auth_db|avp_db|domain|gflags|usrloc|uri_db|speeddial|msilo|lcr",
> >> >"db_url", "mysql://ser:ser@localhost/ser")
> >> >
> >> ># -- usrloc params --
> >> >modparam("usrloc", "db_mode", 1)
> >> >
> >> ># -- registrar params --
> >> >modparam("registrar", "default_expires", 300)
> >> >modparam("registrar", "min_expires", 60)
> >> >modparam("registrar", "max_expires", 300)
> >> >modparam("registrar", "append_branches", 1)
> >> >modparam("registrar", "received_param", "rcv")
> >> >modparam("registrar", "max_contacts", 2)
> >> >
> >> ># -- auth params --
> >> >modparam("auth_db", "calculate_ha1", yes)
> >> >modparam("auth_db", "password_column", "password")
> >> >
> >> ># -- rr params --
> >> >modparam("rr", "enable_full_lr", 1)
> >> >modparam("rr", "cookie_filter", "uac_nat")
> >> >modparam("rr", "cookie_secret", "secret")
> >> >modparam("rr", "user_part_avp", "route_user")
> >> >modparam("rr", "next_route_avp", "route_next")
> >> >
> >> ># -- gflags params --
> >> >modparam("gflags", "load_global_attrs", 1)
> >> >
> >> ># -- domain params --
> >> >modparam("domain", "load_domain_attrs", 1)
> >> >
> >> ># -- ctl params --
> >> >modparam("ctl", "binrpc", "unixs:/tmp/ser-bsp_ctl")
> >> >modparam("ctl", "fifo", "fifo:/tmp/ser-bsp_fifo")
> >> ># modparam("ctl", "binrpc", "tcp:localhost:2046")
> >> >modparam("ctl", "mode", 0777)
> >> >
> >> ># -- tm params --
> >> >modparam("tm", "restart_fr_on_each_reply", 1)
> >> >
> >> ># -- auth_radius params --
> >> >modparam("auth_radius", "radius_config",
> >> >"/usr/local/etc/radiusclient-ng/radiusclient.conf")
> >> >modparam("auth_radius", "service_type", 15)
> >> >
> >> ># -- options params --
> >> >modparam("options", "accept", "*/*")
> >> >modparam("options", "accept_encoding", "")
> >> >modparam("options", "accept_language", "en")
> >> >
> >> ># -- ratelimit params --
> >> >modparam("ratelimit","timer_interval", 10)
> >> >modparam("ratelimit","invite_limit", 100)
> >> >modparam("ratelimit","register_limit", 100)
> >> >modparam("ratelimit","subscribe_limit", 100)
> >> >
> >> ># -- xmlrpc params --
> >> >modparam("xmlrpc", "route","RPC")
> >> >
> >> ># -- nathelper params --
> >> >modparam("nathelper", "natping_interval", 20)
> >> >modparam("nathelper", "ping_nated_only", 0)
> >> >modparam("nathelper", "rtpproxy_disable", 1)
> >> >modparam("nathelper", "tcpping_crlf", 1)
> >> >
> >> ># -- tls params --
> >> >modparam("tls", "config", "/home/ser/ser/ca/tls-bsp.cfg")
> >> >modparam("tls", "tls_force_run", 0)
> >> >modparam("tls", "tls_log",3)
> >> >modparam("tls", "handshake_timeout", 10)
> >> >modparam("tls", "send_timeout", 10)
> >> >modparam("tls", "tls_disable_compression", 0)
> >> >#modparam("tls", "private_key", "/etc/certs/key.pem")
> >> >#modparam("tls", "certificate", "/etc/certs/cert.pem")
> >> >#modparam("tls", "ca_list", "/etc/certs/ca_list.pem")
> >> >#modparam("tls", "require_certificate", 0)
> >> >#modparam("tls", "verify_certificate", 1)
> >> >#modparam("tls", "tls_method", "TLSv1")
> >> >
> >> >route{
> >> >...
> >> >}
> >> >
> >> >On Nov 24, 2007 9:35 PM, Atle Samuelsen <clona at cyberhouse.no> wrote:
> >> >> Hi,
> >> >>
> >> >> Always CC the list.
> >> >>
> >> >> then I dont know.. post your full config so people can see if they see
> >> >> something
> >> >> -A
> >> >>
> >> >> * Tomasz Zieleniewski <tzieleniewski at gmail.com> [071124 20:38]:
> >> >>
> >> >> > Hi,
> >> >> >
> >> >> > I had that parameter set to 0, but still no udp packets...
> >> >> >
> >> >> > On Nov 24, 2007 6:43 PM, Atle Samuelsen <clona at cyberhouse.no> wrote:
> >> >> > > * Tomasz Zieleniewski <tzieleniewski at gmail.com> [071124 16:50]:
> >> >> > >
> >> >> > > > HI,
> >> >> > > >
> >> >> > > > I have the following nathelper settings:
> >> >> > > > modparam("nathelper", "natping_interval", 20)
> >> >> > > > modparam("nathelper", "ping_nated_only", 1)
> >> >> > > > modparam("nathelper", "rtpproxy_disable", 1)
> >> >> > > > modparam("nathelper", "tcpping_crlf", 1)
> >> >> > > >
> >> >> > > > But i cant see any udp packets being sent to registered users.
> >> >> > > > Please point me what did I miss.
> >> >> > >
> >> >> > > Hi,
> >> >> > >
> >> >> > > without seeing any more of your config, I'm guessing that you do not set
> >> >> > > the natflag, so if you change ping_nated_only to 0, I think you will see
> >> >> > > some udp packets.
> >> >> > >
> >> >> > > - Atle
> >> >> > > (shot in the whild world of sip)
> >> >> > >
> >> >> > >
> >> >> > > >
> >> >> > > > Best
> >> >> > > > Tomasz
> >> >> > > > _______________________________________________
> >> >> > > > Serusers mailing list
> >> >> > > > Serusers at lists.iptel.org
> >> >> > > > http://lists.iptel.org/mailman/listinfo/serusers
> >> >> > >
> >> >>
> >> >_______________________________________________
> >> >Serusers mailing list
> >> >Serusers at lists.iptel.org
> >> >http://lists.iptel.org/mailman/listinfo/serusers
> >>
> >>
> >>
> >> --
> >> Jiri Kuthan            http://iptel.org/~jiri/
> >>
> >>
> >_______________________________________________
> >Serusers mailing list
> >Serusers at lists.iptel.org
> >http://lists.iptel.org/mailman/listinfo/serusers
>
>
>
> --
> Jiri Kuthan            http://iptel.org/~jiri/
>
>

More information about the sr-users mailing list