[Kamailio-Users] NAT Problems
neill.wilkinson at btinternet.com
neill.wilkinson at btinternet.com
Thu Jul 31 15:59:56 CEST 2008
Ross,
OK - RTP to asterisk is general to the same address as the SIP signalling,
because technically Asterisk is a SIP B2BUA and when Asterisk Detects NAT is
will always put its self in the media path. You can also affect this by
setting in the SIP.CONF file nat=yes in the peer settings.
>From You description the RTP coming back towards your NAT firewall is either
incorrectly addressed or being blocked by the NAT configuration.
It might be worth - since Asterisk is in the path to relax the NAT fix-up of
Kamailio . If the purpose of having Kamailio there is as a NAT traversal
solution, then you have a couple of choices to either Deploy the RTPProxy
partner to Kamailio or leave Asterisk as the termination point of all media
- whether it is PSTN based or not. It is the latter case I guess your
currently heading towards.
Try adding fix_nated_contact() to your INVITE processing:
This is some excerpts from my INVITE processing
if (method == "INVITE") {
log (1, "Inside INVITE Processing\n");
# Basically challenge all end-points that make calls
# before we ship the call to gateway
if (!proxy_authorize("domain.com","subscriber")) {
proxy_challenge("domain.com", "0");
break;
};
# Fixed NATed SDP and contact headers
if (nat_uac_test("3")) {
log(1, "Inside NATed INVITE Processing\n");
fix_nated_contact();
fix_nated_sdp("3");
t_on_reply("1");
}
else {
log (1, "In else of nated UAC test\n");
t_on_reply("1");
};
};
log (1, "Sending call to PSTN gateway\n");
rewritehostport("w.x.y.z:5060");
forward(uri:host, uri:port);
break;
};
And my Reply Route logic.
onreply_route[1] {
log (1, "Inside on reply route processing\n");
if (status =~ "(180)|(183)|2[0-9][0-9]|4[0-9][0-9]") {
log(1, "Inside 180|183|200|4XX Processing\n");
fix_nated_contact();
fix_nated_sdp("3");
break;
};
}
Neill...;o)
Neill Wilkinson
Principal Consultant
Aeonvista Ltd - opening up new ideas
From: Ross Beer [mailto:ross_beer at hotmail.com]
Sent: 31 July 2008 14:25
To: neill.wilkinson at btinternet.com; users at lists.kamailio.org
Subject: RE: [Kamailio-Users] NAT Problems
Hi Neill,
The outgoing audio works fine. The audio that is not passed is from PSTN ->
Phone.
The Snom does have symmetrical RTP set. I did have this working about a week
ago then it stopped working!
How does asterisk deal with NAT, as if I connect the phone directly to
Asterisk everything works perfectly!
Both Asterisk & Kamailio are on publically accessible IP addresses.
Thank you for your help so far.
Ross
_____
From: neill.wilkinson at btinternet.com
To: users at lists.kamailio.org
Date: Thu, 31 Jul 2008 13:32:05 +0100
Subject: Re: [Kamailio-Users] NAT Problems
Which direction is the one way audio in - from the Phone to the PSTN or
Vice-Versa - I assume audio outbound is OK and it's the audio returning to
the phone from the PSTN you're missing?
Do you have symmetrical RTP set in the Line settings (under NAT) on the
SNOM?
Is Kamailio inside or outside the NAT?
Neill...;o)
Neill Wilkinson
Principal Consultant
Aeonvista Ltd - opening up new ideas
From: users-bounces at lists.kamailio.org
[mailto:users-bounces at lists.kamailio.org] On Behalf Of Ross Beer
Sent: 31 July 2008 12:50
To: users at lists.kamailio.org
Subject: [Kamailio-Users] NAT Problems
I am having problems with a NAT device. I have an asterisk server that is
hosted on a public IP and when I connect my Snom phones to it directly audio
passes correctly both ways. When I introduce Kamailio 1.3 into the mix I get
one way audio.
I have fixed the SDP and contacts etc and everything appears to be ok with
the sip packet. I would be very grateful for any ideas what the problem
could be.
Outgoing calls from Kamailio -> asterisk -> PSTN work fine.
Thank you for your help in advance, it is much appreciated.
=================== config =======================
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# NAT detection
force_rport();
if(nat_uac_test("3"))
{
fix_nated_contact();
}
if (!method=="REGISTER")
{
record_route();
}
if (loose_route()) {
append_hf("P-hint: rr-enforced\r\n");
route(1);
};
if (!uri==myself) {
append_hf("P-hint: outbound\r\n");
route(1);
};
if (uri==myself) {
if (method=="REGISTER")
{
if (!www_authorize("", "subscriber")) {
www_challenge("", "0");
exit;
};
if (isflagset(5))
{
# set branch flag -- when someone will call this user
# the INVITE will have branch flag 6 set after lookup("location")
setbflag(6);
};
fix_nated_contact();
fix_nated_register();
consume_credentials();
save("location");
exit;
};
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
exit;
};
append_hf("P-hint: usrloc applied\r\n");
};
if(method=="MESSAGE")
{
if (!lookup("location"))
{
sl_send_reply("404", "User Offline");
exit;
}
route(4);
}
if (method=="REGISTER")
{
save("location");
}
route(1);
}
route[1] {
if (subst_uri('/(sip:.*);nat=yes/\1/')){
setbflag(6);
};
if (isflagset(5)||isbflagset(6)) {
route(3);
}
t_on_reply("1");
if (!t_relay()) {
sl_reply_error();
};
exit;
}
route[3] {
if (is_method("BYE"))
{
unforce_rtp_proxy();
}
else if (is_method("INVITE"))
{
fix_nated_sdp("3");
};
if (isflagset(5))
{
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
}
t_on_reply("1");
}
route[4]
{
if (!t_relay())
{
sl_reply_error();
};
exit;
}
failure_route[2] {
if (isbflagset(6) || isflagset(5))
{
unforce_rtp_proxy();
}
}
onreply_route[1]
{
fix_nated_contact();
if (((isflagset(5) || isbflagset(6)) && status=~"(183)|(2[0-9][0-9])") ||
is_method("INVITE"))
{
fix_nated_sdp("2");
force_rport();
}
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
}
==================== SIP PACKETS ===========================
INVITE sip:10001*202@**** IP ****;line=e25l7qyi SIP/2.0
Record-Route: <sip:*** IP ***;lr=on;ftag=as0a2e0c2e>
Via: SIP/2.0/UDP *** IP ***;branch=z9hG4bKb0a1.cf08f082.0
v: SIP/2.0/UDP *** IP ***:5060;branch=z9hG4bK2bc03835;rport=5060
f: "Name" <sip:*** DOMAIN ***>;tag=as0a2e0c2e
t: <sip:10001*202@** DOMAIN **>
m: <sip:number@**IP**>
i: 74391cce38d7c7f7549c863a651b8f81@*** DOMAIN ****
CSeq: 102 INVITE
User-Agent: asterisk
Max-Forwards: 69
Date: Thu, 31 Jul 2008 11:38:39 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
k: replaces
c: application/sdp
l: 422
P-hint: usrloc applied
v=0
o=root 5390 5390 IN IP4 194.xxx.xxx.xxx
s=session
c=IN IP4 194.xxx.xxx.xxx
b=CT:384
t=0 0
m=audio 12558 RTP/AVP 0 8 3 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -
a=ptime:20
a=sendrecv
m=video 17918 RTP/AVP 34 103 99
a=rtpmap:34 H263/90000
a=rtpmap:103 h263-1998/90000
a=rtpmap:99 H264/90000
a=sendrecv
////////////// PHONE REPLY ////////////////////
SIP/2.0 200 Ok
Via: SIP/2.0/UDP **** IP ****:5060;branch=z9hG4bK19d7ec13;rport=5060
Record-Route: <sip:*** IP ***;lr=on;ftag=as486f79a5>
From: "*** NUMBER *****" <sip:*** DOMAIN *****>;tag=as486f79a5
To: <sip:10001*202@*** DOMAIN *****>;tag=jgdy33ee6n
Call-ID: *** ID ***
CSeq: 102 INVITE
Contact: <sip:*** DOMAIN ****:54686;line=e25l7qyi;nat=yes>;reg-id=1
User-Agent: snom370/7.3.7
Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE, PRACK,
MESSAGE, INFO
Allow-Events: talk, hold, refer, call-info
Supported: timer, replaces, from-change
Content-Type: application/sdp
Content-Length: 508
v=0
o=root 1569142945 1569142946 IN IP4 192.168.1.20
s=call
c=IN IP4 ** EXTERNAL IP ***
t=0 0
m=audio 10014 RTP/AVP 0 8 3 101
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:3 gsm/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=alt:1 0.9 : user 9kksj== 192.168.1.20 10014
a=sendrecv
m=video 0 RTP/AVP 34 103 99
a=rtpmap:34 H263/90000
a=rtpmap:103 h263-1998/90000
a=rtpmap:99 H264/90000
a=alt:1 0.9 : user 9kksj== 192.168.1.20 10014
a=sendrecv
a=oldmediaip:192.168.1.20
_____
Find out how to make Messenger your very own TV! Try it
<http://clk.atdmt.com/UKM/go/101719648/direct/01/> Now!
_____
Get fish-slapping on Messenger! Play Now
<http://clk.atdmt.com/UKM/go/101719805/direct/01/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20080731/4d7f7d83/attachment.htm>
More information about the sr-users
mailing list