[OpenSER-Users] port modification is sdp

Konstantinos Koutsopoulos kkoutso at telecom.ntua.gr
Tue Oct 30 15:59:58 CET 2007 

Hi,

I am deploying openser 1.2.2-notls on a machine with public IP.
On the same machine I run a sip client (A) that registers with the
above openser.

On an another machine behind NAT (typical adsl router) I use a sip 
client (B)
to register with the above openser and try to invite sip client A.

I do not use any NAT-traversal techniques (the outgoing packets from
B are modified by NAT and reach openser, responses are received by
B through NAT due to statefull (?) routing on the NAT).

The SIP messages reach their destination properly and moreover
the IP addresses in the SDP (from B) are updated by openser
to indicate the external interface of NAT. This is very useful in
my case since the client A sends the media packets to the proper
address (I also configure virtual servers on the adsl router to have
these forwarded to B). However, the port numbers in the SDP are
also updated (usually by an offset of +16) which hinders the media session
from A to B since B is expecting the packets on other ports.

Is there any way to have the ports remain unaltered during the above 
operation?

Thanks in advance,

Kostas


Below is my openser.cfg

#
# $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
#
# simple quick-start config script
# Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php
# for a explanation of possible statements, functions and parameters.
#

# ----------- global configuration parameters ------------------------

debug=3            # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no    # (cmd line: -E)
children=4

# Uncomment these lines to enter debugging mode 
#fork=no
#log_stderror=yes
#

port=5060

# uncomment the following lines for TLS support
#disable_tls = 0
#listen = tls:your_IP:5061
#tls_verify_server = 1
#tls_verify_client = 1
#tls_require_client_certificate = 0
#tls_method = TLSv1
#tls_certificate = "/opt/openser/etc/openser/tls/user/user-cert.pem"
#tls_private_key = "/opt/openser/etc/openser/tls/user/user-privkey.pem"
#tls_ca_list = "/opt/openser/etc/openser/tls/user/user-calist.pem"

# ------------------ module loading ----------------------------------

#set module path
mpath="/lib/openser/modules/"

# Uncomment this if you want to use SQL database
loadmodule "mysql.so"

loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"

# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "auth.so"
loadmodule "auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- mi_fifo params --

modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")

# -- usrloc params --

#modparam("usrloc", "db_mode",   0)

# Uncomment this if you want to use SQL database 
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)

# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config), 
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")

# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)

# -------------------------  request routing logic -------------------

# main routing logic

route{

	# initial sanity checks -- messages with
	# max_forwards==0, or excessively long requests
	if (!mf_process_maxfwd_header("10")) {
		sl_send_reply("483","Too Many Hops");
		exit;
	};

	if (msg:len >=  2048 ) {
		sl_send_reply("513", "Message too big");
		exit;
	};

	# we record-route all messages -- to make sure that
	# subsequent messages will go through our proxy; that's
	# particularly good if upstream and downstream entities
	# use different transport protocol
	if (!method=="REGISTER")
		record_route();

	# subsequent messages withing a dialog should take the
	# path determined by record-routing
	if (loose_route()) {
		# mark routing logic in request
		append_hf("P-hint: rr-enforced\r\n"); 
		route(1);
	};

	if (!uri==myself) {
		# mark routing logic in request
		append_hf("P-hint: outbound\r\n"); 
		# if you have some interdomain connections via TLS
		#if(uri=~"@tls_domain1.net") {
		#	t_relay("tls:domain1.net");
		#	exit;
		#} else if(uri=~"@tls_domain2.net") {
		#	t_relay("tls:domain2.net");
		#	exit;
		#}
		route(1);
	};

	# if the request is for other domain use UsrLoc
	# (in case, it does not work, use the following command
	# with proper names and addresses in it)
	if (uri==myself) {

		if (method=="REGISTER") {

			# Uncomment this if you want to use digest authentication
			if (!www_authorize("......", "subscriber")) {
				www_challenge(".....", "0");
				exit;
			};

			save("location");
			exit;
		};

		lookup("aliases");
		if (!uri==myself) {
			append_hf("P-hint: outbound alias\r\n"); 
			route(1);
		};

		# native SIP destinations are handled using our USRLOC DB
		if (!lookup("location")) {
			sl_send_reply("404", "Not Found");
			exit;
		};
		append_hf("P-hint: usrloc applied\r\n"); 
	};

	route(1);
}


route[1] {
	# send it out now; use stateful forwarding as it works reliably
	# even for UDP2TCP
	if (!t_relay()) {
		sl_reply_error();
	};
	exit;
}

More information about the sr-users mailing list