[SR-Users] Help need on NAT_Traversal

Mon Jun 14 08:31:47 CEST 2010

Everything you want to do is possible with the default configuration.

Just enable all configuration parts with "fix_nated_contact" and
fix_nated_register".
This will enable NAT traversal for SIP. Depeing if you want to relay
media or not just enable/disable the "force_rtpproxy" calls.

regards

klaus

Am 12.06.2010 04:58, schrieb JinKevin:
> Hi All,
> 
> I'm building a video conference system with the kamailio and the video 
> AS. The network is as below:
> 
> UAC(behind NAT) ------ kamailio(public IP) ------ AS (public IP)
> 
> I have setup the basic kamailio and the SIP signaling can reach the AS 
> and the call can be established. Now the time to setup the NAT traveral 
> since the UACs are behind the NAT.
> 
> Since it's video scenario, I don't want the kamailio as the RTPproxy so 
> try to use the NAT_Traversal module.
> 
>  From the module doc, NAT_Traversal needs the Dialog module as well. 
> Have no idea on how to load these two modules and the route config 
> required although have readed the module docs. Wondering if someone can 
> help on the config for this scenario?
> 
> All call with $rU=="0216666" is forwarded to the video AS as the 
> route[CONF].
> 
> Thanks in advance!
> 
> Thanks,
> Kevin
> 
> Below is the current config of the kamailio server:
> 
> ==============CFG=============
> AppSer01:root@/usr/local/kamailio-3.0/etc/kamailio$ cat kamailio.cfg
> #!KAMAILIO
> #!define WITH_DEBUG
> #!define WITH_MYSQL
> #!define WITH_AUTH
> #!define WITH_USRLOCDB
> # $Id$
> #
> # Kamailio (OpenSER) SIP Server v3.0 - basic configuration script
> # - web: http://www.kamailio.org
> # - git: http://sip-router.org
> #
> # Direct your questions about this file to: <users at lists.kamailio.org 
> <mailto:users at lists.kamailio.org>>
> #
> # Refer to the Core CookBook at http://www.kamailio.org/dokuwiki/doku.php
> # for an explanation of possible statements, functions and parameters.
> #
> # Several features can be enabled using '#!define WITH_FEATURE' directives:
> #
> # *** To run in debug mode:
> # - define WITH_DEBUG
> #
> # *** To enable mysql:
> # - define WITH_MYSQL
> #
> # *** To enable authentication execute:
> # - enable mysql
> # - define WITH_AUTH
> # - add users using 'kamctl'
> #
> # *** To enable persistent user location execute:
> # - enable mysql
> # - define WITH_USRLOCDB
> #
> # *** To enable presence server execute:
> # - enable mysql
> # - define WITH_PRESENCE
> #
> # *** To enable nat traversal execute:
> # - define WITH_NAT
> # - install RTPProxy: http://www.rtpproxy.org
> # - start RTPProxy:
> # rtpproxy -l _your_public_ip_ -s udp:localhost:7722
> #
> # *** To enable PSTN gateway routing execute:
> # - define WITH_PSTN
> # - set the value of pstn.gw_ip
> # - check route[PSTN] for regexp routing condition
> #
> # *** To enhance accounting execute:
> # - enable mysql
> # - define WITH_ACCDB
> # - add following columns to database
> #!ifdef ACCDB_COMMENT
> ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
> ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
> ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
> ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
> ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
> ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL 
> DEFAULT '';
> ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL 
> DEFAULT '';
> ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL 
> DEFAULT '';
> ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL 
> DEFAULT '';
> ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL 
> DEFAULT '';
> #!endif
> 
> ####### Global Parameters #########
> #!ifdef WITH_DEBUG
> debug=4
> log_stderror=no
> #!else
> debug=2
> log_stderror=no
> #!endif
> memdbg=5
> memlog=5
> log_facility=LOG_LOCAL0
> fork=yes
> children=4
> /* uncomment the next line to disable TCP (default on) */
> #disable_tcp=yes
> /* uncomment the next line to disable the auto discovery of local aliases
> based on revers DNS on IPs (default on) */
> #auto_aliases=no
> port=5060
> /* uncomment and configure the following line if you want Kamailio to
> bind on a specific interface/port/proto (default bind on all available) */
> listen=udp:210.13.124.15:5060
> 
> ####### Custom Parameters #########
> # These parameters can be modified runtime via RPC interface
> # - see the documentation of 'cfg_rpc' module.
> #
> # Format: group.id = value 'desc' description
> # Access: $sel(cfg_get.group.id) or @cfg_get.group.id
> #
> #!ifdef WITH_PSTN
> # PSTN GW Routing
> #
> # - pstn.gw_ip: valid IP or hostname as string value, example:
> # pstn.gw_ip = "10.0.0.101" desc "My PSTN GW Address"
> #
> # - by default is empty to avoid misrouting
> pstn.gw_ip = "" desc "PSTN GW Address"
> #!endif
> 
> ####### Modules Section ########
> #set module path
> mpath="/usr/local/kamailio-3.0/lib/kamailio/modules_k/:/usr/local/kamailio-3.0/lib/kamailio/modules/"
> /* uncomment next line for MySQL DB support */
> #!ifdef WITH_MYSQL
> loadmodule "db_mysql.so"
> #!endif
> loadmodule "mi_fifo.so"
> loadmodule "kex.so"
> loadmodule "tm.so"
> loadmodule "tmx.so"
> loadmodule "sl.so"
> loadmodule "rr.so"
> loadmodule "pv.so"
> loadmodule "maxfwd.so"
> loadmodule "usrloc.so"
> loadmodule "registrar.so"
> loadmodule "textops.so"
> loadmodule "uri_db.so"
> loadmodule "siputils.so"
> loadmodule "xlog.so"
> loadmodule "sanity.so"
> loadmodule "ctl.so"
> loadmodule "mi_rpc.so"
> loadmodule "acc.so"
> #!ifdef WITH_AUTH
> loadmodule "auth.so"
> loadmodule "auth_db.so"
> #!endif
> /* uncomment next line for aliases support
> NOTE: a DB (like db_mysql) module must be also loaded */
> #loadmodule "alias_db.so"
> /* uncomment next line for multi-domain support
> NOTE: a DB (like db_mysql) module must be also loaded
> NOTE: be sure and enable multi-domain support in all used modules
> (see "multi-module params" section ) */
> #loadmodule "domain.so"
> #!ifdef WITH_PRESENCE
> loadmodule "presence.so"
> loadmodule "presence_xml.so"
> #!endif
> #!ifdef WITH_NAT
> loadmodule "nathelper.so"
> #!endif
> # ----------------- setting module-specific parameters ---------------
> 
> # ----- mi_fifo params -----
> modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
> 
> # ----- rr params -----
> # add value to ;lr param to cope with most of the UAs
> modparam("rr", "enable_full_lr", 1)
> # do not append from tag to the RR (no need for this script)
> modparam("rr", "append_fromtag", 0)
> 
> # ----- rr params -----
> modparam("registrar", "method_filtering", 1)
> /* uncomment the next line to disable parallel forking via location */
> # modparam("registrar", "append_branches", 0)
> /* uncomment the next line not to allow more than 10 contacts per AOR */
> #modparam("registrar", "max_contacts", 10)
> 
> # ----- uri_db params -----
> /* by default we disable the DB support in the module as we do not need it
> in this configuration */
> modparam("uri_db", "use_uri_table", 0)
> modparam("uri_db", "db_url", "")
> 
> # ----- acc params -----
> /* what sepcial events should be accounted ? */
> modparam("acc", "early_media", 1)
> modparam("acc", "report_ack", 1)
> modparam("acc", "report_cancels", 1)
> /* by default ww do not adjust the direct of the sequential requests.
> if you enable this parameter, be sure the enable "append_fromtag"
> in "rr" module */
> modparam("acc", "detect_direction", 0)
> /* account triggers (flags) */
> modparam("acc", "failed_transaction_flag", 3)
> modparam("acc", "log_flag", 1)
> modparam("acc", "log_missed_flag", 2)
> modparam("acc", "log_extra",
> "src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
> /* enhanced DB accounting */
> #!ifdef WITH_ACCDB
> modparam("acc", "db_flag", 1)
> modparam("acc", "db_missed_flag", 2)
> modparam("acc", "db_url",
> "mysql://openser:openK2mrw23@localhost/openser")
> modparam("acc", "db_extra",
> "src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
> #!endif
> # ----- usrloc params -----
> /* enable DB persistency for location entries */
> #!ifdef WITH_USRLOCDB
> modparam("usrloc", "db_mode", 2)
> modparam("usrloc", "db_url",
> "mysql://openser:openK2mrw23@localhost/openser")
> #!endif
> # ----- auth_db params -----
> /* enable the DB based authentication */
> #!ifdef WITH_AUTH
> modparam("auth_db", "calculate_ha1", yes)
> modparam("auth_db", "password_column", "password")
> modparam("auth_db", "db_url",
> "mysql://openser:openK2mrw23@localhost/openser")
> modparam("auth_db", "load_credentials", "")
> #!endif
> # ----- alias_db params -----
> /* uncomment the following lines if you want to enable the DB based
> aliases */
> #modparam("alias_db", "db_url",
> # "mysql://openser:openK2mrw23@localhost/openser")
> 
> # ----- domain params -----
> /* uncomment the following lines to enable multi-domain detection
> support */
> #modparam("domain", "db_url",
> # "mysql://openser:openK2mrw23@localhost/openser")
> #modparam("domain", "db_mode", 1) # Use caching
> 
> # ----- multi-module params -----
> /* uncomment the following line if you want to enable multi-domain support
> in the modules (dafault off) */
> #modparam("alias_db|auth_db|usrloc|uri_db", "use_domain", 1)
> 
> # ----- presence params -----
> /* enable presence server support */
> #!ifdef WITH_PRESENCE
> modparam("presence|presence_xml", "db_url",
> "mysql://openser:openK2mrw23@localhost/openser")
> modparam("presence_xml", "force_active", 1)
> modparam("presence", "server_address", "sip:10.0.0.10:5060")
> #!endif
> # ----- nathelper -----
> #!ifdef WITH_NAT
> modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7722")
> modparam("nathelper", "natping_interval", 30)
> modparam("nathelper", "ping_nated_only", 1)
> modparam("nathelper", "sipping_bflag", 7)
> modparam("nathelper", "sipping_from", "sip:pinger at kamailio.org")
> modparam("registrar|nathelper", "received_avp", "$avp(i:80)")
> modparam("usrloc", "nat_bflag", 6)
> #!endif
> ####### Routing Logic ########
> 
> # main request routing logic
> route{
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> exit;
> }
> if(!sanity_check("1511", "7"))
> {
> xlog("Malformed SIP message from $si:$sp\n");
> exit;
> }
> # NAT detection
> route(NAT);
> if (has_totag()) {
> # sequential request withing a dialog should
> # take the path determined by record-routing
> if (loose_route()) {
> if (is_method("BYE")) {
> setflag(1); # do accounting ...
> setflag(3); # ... even if the transaction fails
> }
> route(RELAY);
> } else {
> if (is_method("SUBSCRIBE") && uri == myself) {
> # in-dialog subscribe requests
> route(PRESENCE);
> exit;
> }
> if ( is_method("ACK") ) {
> if ( t_check_trans() ) {
> # non loose-route, but stateful ACK; must be an ACK after a 487 or e.g. 
> 404 from upstream server
> t_relay();
> exit;
> } else {
> # ACK without matching transaction ... ignore and discard.\n");
> exit;
> }
> }
> sl_send_reply("404","Not here");
> }
> exit;
> }
> #initial requests
> # CANCEL processing
> if (is_method("CANCEL"))
> {
> if (t_check_trans())
> t_relay();
> exit;
> }
> t_check_trans();
> # authentication
> route(AUTH);
> # record routing for dialog forming requests (in case they are routed)
> # - remove preloaded route headers
> remove_hf("Route");
> if (is_method("INVITE|SUBSCRIBE"))
> record_route();
> # account only INVITEs
> if (is_method("INVITE")) {
> setflag(1); # do accounting
> }
> if (!uri==myself)
> /* replace with following line if multi-domain support is used */
> ##if (!is_uri_host_local())
> {
> append_hf("P-hint: outbound\r\n");
> route(RELAY);
> }
> # requests for my domain
> if( is_method("PUBLISH|SUBSCRIBE"))
> route(PRESENCE);
> if (is_method("REGISTER"))
> {
> if(isflagset(5))
> {
> setbflag("6");
> # uncomment next line to do SIP NAT pinging
> ## setbflag("7");
> }
> if (!save("location"))
> sl_reply_error();
> exit;
> }
> if ($rU==$null) {
> # request with no Username in RURI
> sl_send_reply("484","Address Incomplete");
> exit;
> }
> route(PSTN);
> 
> route(CONF);
> # apply DB based aliases (uncomment to enable)
> ##alias_db_lookup("dbaliases");
> if (!lookup("location")) {
> switch ($rc) {
> case -1:
> case -3:
> t_newtran();
> t_reply("404", "Not Found");
> exit;
> case -2:
> sl_send_reply("405", "Method Not Allowed");
> exit;
> }
> }
> # when routing via usrloc, log the missed calls also
> setflag(2);
> route(RELAY);
> }
> 
> route[RELAY] {
> #!ifdef WITH_NAT
> if (check_route_param("nat=yes")) {
> setbflag("6");
> }
> if (isflagset(5) || isbflagset("6")) {
> route(RTPPROXY);
> }
> #!endif
> /* example how to enable some additional event routes */
> if (is_method("INVITE")) {
> #t_on_branch("BRANCH_ONE");
> t_on_reply("REPLY_ONE");
> t_on_failure("FAIL_ONE");
> }
> if (!t_relay()) {
> sl_reply_error();
> }
> exit;
> }
> 
> # Presence server route
> route[PRESENCE]
> {
> #!ifdef WITH_PRESENCE
> if (!t_newtran())
> {
> sl_reply_error();
> exit;
> };
> if(is_method("PUBLISH"))
> {
> handle_publish();
> t_release();
> }
> else
> if( is_method("SUBSCRIBE"))
> {
> handle_subscribe();
> t_release();
> }
> exit;
> #!endif
> 
> # if presence enabled, this part will not be executed
> if (is_method("PUBLISH") || $rU==$null)
> {
> sl_send_reply("404", "Not here");
> exit;
> }
> return;
> }
> # Authentication route
> route[AUTH] {
> #!ifdef WITH_AUTH
> if (is_method("REGISTER"))
> {
> # authenticate the REGISTER requests (uncomment to enable auth)
> if (!www_authorize("", "subscriber"))
> {
> www_challenge("", "0");
> exit;
> }
> if ($au!=$tU)
> {
> sl_send_reply("403","Forbidden auth ID");
> exit;
> }
> } else {
> # authenticate if from local subscriber (uncomment to enable auth)
> if (from_uri==myself)
> {
> if (!proxy_authorize("", "subscriber")) {
> proxy_challenge("", "0");
> exit;
> }
> if (is_method("PUBLISH"))
> {
> if ($au!=$tU) {
> sl_send_reply("403","Forbidden auth ID");
> exit;
> }
> } else {
> if ($au!=$fU) {
> sl_send_reply("403","Forbidden auth ID");
> exit;
> }
> }
> consume_credentials();
> # caller authenticated
> }
> }
> #!endif
> return;
> }
> # Caller NAT detection route
> route[NAT]{
> #!ifdef WITH_NAT
> force_rport();
> if (nat_uac_test("19")) {
> if (method=="REGISTER") {
> fix_nated_register();
> } else {
> fix_nated_contact();
> }
> setflag(5);
> }
> #!endif
> return;
> }
> # RTPProxy control
> route[RTPPROXY] {
> #!ifdef WITH_NAT
> if (is_method("BYE")) {
> unforce_rtp_proxy();
> } else if (is_method("INVITE")){
> force_rtp_proxy();
> }
> if (!has_totag()) add_rr_param(";nat=yes");
> #!endif
> return;
> }
> # PSTN GW routing
> route[PSTN] {
> #!ifdef WITH_PSTN
> # check if PSTN GW IP is defined
> if (strempty($sel(cfg_get.pstn.gw_ip))) {
> xlog("SCRIPT: PSTN rotuing enabled but pstn.gw_ip not defined\n");
> return;
> }
> # route to PSTN dialed numbers starting with '+' or '00'
> # (international format)
> # - update the condition to match your dialing rules for PSTN routing
> if(!($rU=~"^(\+|00)[1-9][0-9]{3,20}$"))
> return;
> # only local users allowed to call
> if(from_uri!=myself) {
> sl_send_reply("403", "Not Allowed");
> exit;
> }
> $ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip);
> route(RELAY);
> exit;
> #!endif
> return;
> }
> # add by KJ --start
> route[CONF] {
> if(is_method("INVITE") && $rU=="0216666") {
> rewritehostport("210.x.y.z:5060");
> }
> route(RELAY);
> exit;
> }
> # add by KJ --end
> # Sample branch router
> branch_route[BRANCH_ONE] {
> xdbg("new branch at $ru\n");
> }
> # Sample onreply route
> onreply_route[REPLY_ONE] {
> xdbg("incoming reply\n");
> #!ifdef WITH_NAT
> if ((isflagset(5) || isbflagset("6")) && status=~"(183)|(2[0-9][0-9])") {
> force_rtp_proxy();
> }
> if (isbflagset("6")) {
> fix_nated_contact();
> }
> #!endif
> }
> # Sample failure route
> failure_route[FAIL_ONE] {
> #!ifdef WITH_NAT
> if (is_method("INVITE")
> && (isbflagset("6") || isflagset(5))) {
> unforce_rtp_proxy();
> }
> #!endif
> if (t_is_canceled()) {
> exit;
> }
> # uncomment the following lines if you want to block client
> # redirect based on 3xx replies.
> ##if (t_check_status("3[0-9][0-9]")) {
> ##t_reply("404","Not found");
> ## exit;
> ##}
> # uncomment the following lines if you want to redirect the failed
> # calls to a different new destination
> ##if (t_check_status("486|408")) {
> ## sethostport("192.168.2.100:5060");
> ## append_branch();
> ## # do not set the missed call flag again
> ## t_relay();
> ##}
> }
> AppSer01:root@/usr/local/kamailio-3.0/etc/kamailio$
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 使用新一代 Windows Live Messenger 轻松交流和共享！ 立刻下载！ 
> <http://www.windowslive.cn/messenger/>
> 
> 
> 
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users