[SR-Users] Trouble when bridging call between UDP and TCP clients behind NAT
Klaus Darilion
klaus.mailinglists at pernau.at
Fri Aug 9 13:34:39 CEST 2013
It seems that there is a NAT-ALG between the client and the proxy which
rewrites the VIa header and Contact header. These ALGs are quite often
buggy and should be avoided. Further, as the ALG rewrites the IP
addresses, it may be that your configuration does not detect the client
as NATed and thus does not NAT traversal.
You can try:
a) comment all "nat_uac_test()" functions in your config and force NAT
traversal always. This may help against the broken ALG
b) move to a different port, e.g. port 4567. Many ALGs trigger the
rewrite if they see messages to/from port 5060.
c) use TLS, then the ALG can not rewrite the message
regards
Klaus
On 09.08.2013 13:22, Roberto Fichera wrote:
> Hi All,
>
> I'm try to setup kamilio v4.0.2 under a Fedora18 64bits having a public address
> in order to bridge calls between UDP and TCP clients. Everything works pretty
> fine between UDP clients even if behind NAT. But as soon as one TCP client
> is being called I'm getting this below on kamailio side. Note that the port is wrong
> and the TCP client doesn't get aliased nor tcp port remappend or received field
> is set:
>
> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
> CSeq: 50696 REGISTER
> User-Agent: PJSUA v2.1-svn Linux-3.10.5.44/x86_64/glibc-2.17
> Supported: outbound, path
> Contact: <sip:528 at 94.94.X.X:1117;transport=TCP;ob>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>"
> Expires: 300
> Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
> Content-Length: 0
>
>
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/TCP 94.94.X.X:56120;rport=56120;branch=z9hG4bKPj75004c2a-7ba3-4807-805c-a3ac8016e5b7;alias
> From: <sip:528 at test.domain;hide>;tag=93cc1d8e-9ccc-4d36-8587-923ff44daf89
> To: <sip:528 at test.domain;hide>;tag=333a0370df4a40d5d5a0c21bb156e2a6.aab2
> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
> CSeq: 50696 REGISTER
> WWW-Authenticate: Digest realm="test.domain", nonce="UgOcJlIDmvotaQR8dxYacL2fFlyotlC2"
> Server: kamailio (4.0.2 (x86_64/linux))
> Content-Length: 0
>
>
> REGISTER sip:test.domain;transport=tcp;hide SIP/2.0
> Via: SIP/2.0/TCP 94.94.X.X:56120;rport;branch=z9hG4bKPja2e404d0-9812-4b7b-b86b-3f3b1a27d204;alias
> Max-Forwards: 70
> From: <sip:528 at test.domain;hide>;tag=93cc1d8e-9ccc-4d36-8587-923ff44daf89
> To: <sip:528 at test.domain;hide>
> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
> CSeq: 50697 REGISTER
> User-Agent: PJSUA v2.1-svn Linux-3.10.5.44/x86_64/glibc-2.17
> Supported: outbound, path
> Contact: <sip:528 at 94.94.X.X:1117;transport=TCP;ob>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>"
> Expires: 300
> Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
> Authorization: Digest username="528 at test.domain", realm="test.domain", nonce="UgOcJlIDmvotaQR8dxYacL2fFlyotlC2",
> uri="sip:test.domain;transport=tcp;hide", response="d6e93d582744a3cf12cc48989f66872e"
> Content-Length: 0
>
>
> SIP/2.0 200 OK
> Via: SIP/2.0/TCP 94.94.X.X:56120;rport=56120;branch=z9hG4bKPja2e404d0-9812-4b7b-b86b-3f3b1a27d204;alias
> From: <sip:528 at test.domain;hide>;tag=93cc1d8e-9ccc-4d36-8587-923ff44daf89
> To: <sip:528 at test.domain;hide>;tag=333a0370df4a40d5d5a0c21bb156e2a6.d863
> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
> CSeq: 50697 REGISTER
> Contact:
> <sip:528 at 94.94.X.X:1117;transport=TCP;ob>;expires=300;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>";reg-id=1
> Server: kamailio (4.0.2 (x86_64/linux))
> Content-Length: 0
>
> Thus, kamailio trigger this error:
> Aug 9 09:20:47 proxy /usr/sbin/kamailio[3553]: ERROR: <core> [tcp_main.c:4247]: handle_tcpconn_ev(): connect
> 94.94.X.X:1117 failed
>
> From the client side (pjsua client) the log looks:
>
>
> REGISTER sip:test.domain;transport=tcp;hide SIP/2.0
> Via: SIP/2.0/TCP 192.168.2.90:56120;rport;branch=z9hG4bKPj75004c2a-7ba3-4807-805c-a3ac8016e5b7;alias
> Max-Forwards: 70
> From: <sip:528 at test.domain;hide>;tag=93cc1d8e-9ccc-4d36-8587-923ff44daf89
> To: <sip:528 at test.domain;hide>
> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
> CSeq: 50696 REGISTER
> User-Agent: PJSUA v2.1-svn Linux-3.10.5.44/x86_64/glibc-2.17
> Supported: outbound, path
> Contact:
> <sip:528 at 192.168.2.90:5060;transport=TCP;ob>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>"
> Expires: 300
> Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
> Content-Length: 0
>
>
> --end msg--
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/TCP 192.168.2.90:56120;rport=56120;branch=z9hG4bKPj75004c2a-7ba3-4807-805c-a3ac8016e5b7;alias
> From: <sip:528 at test.domain;hide>;tag=93cc1d8e-9ccc-4d36-8587-923ff44daf89
> To: <sip:528 at test.domain;hide>;tag=333a0370df4a40d5d5a0c21bb156e2a6.aab2
> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
> CSeq: 50696 REGISTER
> WWW-Authenticate: Digest realm="test.domain", nonce="UgOcJlIDmvotaQR8dxYacL2fFlyotlC2"
> Server: kamailio (4.0.2 (x86_64/linux))
> Content-Length: 0
>
>
> --end msg--
> REGISTER sip:test.domain;transport=tcp;hide SIP/2.0
> Via: SIP/2.0/TCP 192.168.2.90:56120;rport;branch=z9hG4bKPja2e404d0-9812-4b7b-b86b-3f3b1a27d204;alias
> Max-Forwards: 70
> From: <sip:528 at test.domain;hide>;tag=93cc1d8e-9ccc-4d36-8587-923ff44daf89
> To: <sip:528 at test.domain;hide>
> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
> CSeq: 50697 REGISTER
> User-Agent: PJSUA v2.1-svn Linux-3.10.5.44/x86_64/glibc-2.17
> Supported: outbound, path
> Contact:
> <sip:528 at 192.168.2.90:5060;transport=TCP;ob>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>"
> Expires: 300
> Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
> Authorization: Digest username="528 at test.domain", realm="test.domain", nonce="UgOcJlIDmvotaQR8dxYacL2fFlyotlC2",
> uri="sip:test.domain;transport=tcp;hide", response="d6e93d582744a3cf12cc48989f66872e"
> Content-Length: 0
>
>
> --end msg--
> SIP/2.0 200 OK
> Via: SIP/2.0/TCP 192.168.2.90:56120;rport=56120;branch=z9hG4bKPja2e404d0-9812-4b7b-b86b-3f3b1a27d204;alias
> From: <sip:528 at test.domain;hide>;tag=93cc1d8e-9ccc-4d36-8587-923ff44daf89
> To: <sip:528 at test.domain;hide>;tag=333a0370df4a40d5d5a0c21bb156e2a6.d863
> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
> CSeq: 50697 REGISTER
> Contact:
> <sip:528 at 192.168.2.90:5060;transport=TCP;ob>;expires=300;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>";reg-id=1
> Server: kamailio (4.0.2 (x86_64/linux))
> Content-Length: 0
>
>
> --end msg--
> REGISTER sip:test.domain;transport=tcp;hide SIP/2.0
> Via: SIP/2.0/TCP 192.168.2.90:56120;rport;branch=z9hG4bKPj3f8c138b-df5e-40a1-8482-fa792c362291;alias
> Max-Forwards: 70
> From: <sip:528 at test.domain;hide>;tag=2256e1a1-bad1-4f02-a9ff-45ff349f2c52
> To: <sip:528 at test.domain;hide>
> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
> CSeq: 50698 REGISTER
> User-Agent: PJSUA v2.1-svn Linux-3.10.5.44/x86_64/glibc-2.17
> Supported: outbound, path
> Contact:
> <sip:528 at 192.168.2.90:5060;transport=TCP;ob>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>"
> Expires: 300
> Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
> Content-Length: 0
>
>
> --end msg--
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/TCP 192.168.2.90:56120;rport=56120;branch=z9hG4bKPj3f8c138b-df5e-40a1-8482-fa792c362291;alias
> From: <sip:528 at test.domain;hide>;tag=2256e1a1-bad1-4f02-a9ff-45ff349f2c52
> To: <sip:528 at test.domain;hide>;tag=333a0370df4a40d5d5a0c21bb156e2a6.15dd
> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
> CSeq: 50698 REGISTER
> WWW-Authenticate: Digest realm="test.domain", nonce="UgOdTVIDnCHViWa5LC/JUVsF0HRn4wA5"
> Server: kamailio (4.0.2 (x86_64/linux))
> Content-Length: 0
>
>
> --end msg--
> REGISTER sip:test.domain;transport=tcp;hide SIP/2.0
> Via: SIP/2.0/TCP 192.168.2.90:56120;rport;branch=z9hG4bKPj9539d611-09a9-4cac-bd29-bfe68132c058;alias
> Max-Forwards: 70
> From: <sip:528 at test.domain;hide>;tag=2256e1a1-bad1-4f02-a9ff-45ff349f2c52
> To: <sip:528 at test.domain;hide>
> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
> CSeq: 50699 REGISTER
> User-Agent: PJSUA v2.1-svn Linux-3.10.5.44/x86_64/glibc-2.17
> Supported: outbound, path
> Contact:
> <sip:528 at 192.168.2.90:5060;transport=TCP;ob>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>"
> Expires: 300
> Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
> Authorization: Digest username="528 at test.domain", realm="test.domain", nonce="UgOdTVIDnCHViWa5LC/JUVsF0HRn4wA5",
> uri="sip:test.domain;transport=tcp;hide", response="3d2ed2fc1da090f592424cfa5804943e"
> Content-Length: 0
>
>
> --end msg--
> SIP/2.0 200 OK
> Via: SIP/2.0/TCP 192.168.2.90:56120;rport=56120;branch=z9hG4bKPj9539d611-09a9-4cac-bd29-bfe68132c058;alias
> From: <sip:528 at test.domain;hide>;tag=2256e1a1-bad1-4f02-a9ff-45ff349f2c52
> To: <sip:528 at test.domain;hide>;tag=333a0370df4a40d5d5a0c21bb156e2a6.cf79
> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
> CSeq: 50699 REGISTER
> Contact:
> <sip:528 at 192.168.2.90:5060;transport=TCP;ob>;expires=300;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>";reg-id=1
> Server: kamailio (4.0.2 (x86_64/linux))
> Content-Length: 0
>
> Does anyone can show me how solve this problem?
>
> Thanks in advance,
> Roberto Fichera.
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
More information about the sr-users
mailing list