[OpenSER-Users] ALG error workarounds

Richard Bennett richard.bennett at skynet.be
Fri Oct 26 16:24:41 CEST 2007 

Hi,
I have a number of users behind cisco ADSL routers which have ALG on by  
default, and are causing problems.
If I ask the broadband company to add:
     no ip nat service sip udp port 5060
     no ip nat service H225
to the general config on their Ciscos everything works ok, but getting  
them to change each one individually is a pain, and I know some SIP  
carriers are working fine even with the ALG on.

There are a few errors that happen, one is a 19 second call cut.
The invite is sent, authenticated and connected to the PSTN, but when the  
cisco-gateway sends the 200-OK to say the call is connected things go  
wrong:

1.2.3.201  = Openser proxy
1.2.3.204 = Cisco gateway
81.1.2.218 = User agent IP.

U 1.2.3.204:51431 -> 1.2.3.201:5060
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 1.2.3.201;branch=z9hG4bKf233.b0309086.0,SIP/2.0/UDP  
81.1.2.218:2020;branch=z9hG4bK-13d1535f.
From: %5 <sip:101000000 at sip.example.com>;tag=32750c901739579ao0.
To: <sip:00243999049102 at sip.example.com>;tag=F48836B0-608.

U 1.2.3.201:5060 -> 81.1.2.218:2020
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 81.1.2.218:2020;branch=z9hG4bK-13d1535f.
From: %5 <sip:101000000 at sip.example.com>;tag=32750c901739579ao0.
To: <sip:00243999049102 at sip.example.com>;tag=F48836B0-608.

U 81.1.2.218:2020 -> 1.2.3.201:5060
ACK sip:202000243999049102 at 81.1.2.218:2021 SIP/2.0.
Via: SIP/2.0/UDP 81.1.2.218:2020;branch=z9hG4bK-a8d9ae6f.
From: %5 <sip:101000000 at sip.example.com>;tag=32750c901739579ao0.
To: <sip:00243999049102 at sip.example.com>;tag=F48836B0-608.

U 1.2.3.201:5060 -> 81.1.2.218:2021
ACK sip:202000243999049102 at 81.1.2.218:2021 SIP/2.0.
Record-Route: <sip:1.2.3.201;lr=on;ftag=32750c901739579ao0>.
Via: SIP/2.0/UDP 1.2.3.201;branch=z9hG4bKf233.b0309086.2.
Via: SIP/2.0/UDP 81.1.2.218:2020;branch=z9hG4bK-a8d9ae6f.
From: %5 <sip:101000000 at sip.example.com>;tag=32750c901739579ao0.
To: <sip:00243999049102 at sip.example.com>;tag=F48836B0-608.

So for some reason the ACK sent by the useragent is:
ACK sip:202000243999049102 at 81.1.2.218:2021 SIP/2.0.
instead of:
ACK sip:202000243999049102 at 89.202.141.204:5060 SIP/2.0.
so openser sends the ACK back to the useragent instead of to the cisco  
gateway.
The cisco gateway then keeps sending the 200 OKs because it is not getting  
the reply, and finally the call times out after 19 seconds and the cisco  
send a BYE.
The full trace is attached.

Sometimes this problem does not occur, but the same thing happens with the  
final BYE, so the useragent sends:
BYE sip:202000243999174148 at 81.241.251.218:2022 SIP/2.0.
instead of:
BYE sip:202000243999174148 at 89.202.141.204:5060 SIP/2.0.
So openser sends the BYE back to the useragent instead of to the gateway.

Sorry for the long mail, and thanks for any pointers.

Richard

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 19sec.txt
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20071026/299a9db3/attachment.txt>

More information about the sr-users mailing list