[SR-Users] Trouble when bridging call between UDP and TCP clients behind NAT

Roberto Fichera kernel at tekno-soft.it
Fri Aug 9 15:33:03 CEST 2013


On 08/09/2013 01:34 PM, Klaus Darilion wrote:
> It seems that there is a NAT-ALG between the client and the proxy which rewrites the VIa header and Contact header.
> These ALGs are quite often buggy and should be avoided. Further, as the ALG rewrites the IP addresses, it may be that
> your configuration does not detect the client as NATed and thus does not NAT traversal.

I forgot to say that I'm using a slightly modified default v4.0.x cfg file. So WITH_NAT and backend on postgresql.
That's it.

>
> You can try:
>
> a) comment all "nat_uac_test()" functions in your config and force NAT traversal always. This may help against the
> broken ALG
>
> b) move to a different port, e.g. port 4567. Many ALGs trigger the rewrite if they see messages to/from port 5060.
>
> c) use TLS, then the ALG can not rewrite the message

I'll try all the above

>
> regards
> Klaus
>
> On 09.08.2013 13:22, Roberto Fichera wrote:
>> Hi All,
>>
>> I'm try to setup kamilio v4.0.2 under a Fedora18 64bits having a public address
>> in order to bridge calls between UDP and TCP clients. Everything works pretty
>> fine between UDP clients even if behind NAT. But as soon as one TCP client
>> is being called I'm getting this below on kamailio side. Note that the port is wrong
>> and the TCP client doesn't get aliased nor tcp port remappend or received field
>> is set:
>>
>> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
>> CSeq: 50696 REGISTER
>> User-Agent: PJSUA v2.1-svn Linux-3.10.5.44/x86_64/glibc-2.17
>> Supported: outbound, path
>> Contact:
>> <sip:528 at 94.94.X.X:1117;transport=TCP;ob>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>"
>> Expires: 300
>> Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
>> Content-Length:  0
>>
>>
>> SIP/2.0 401 Unauthorized
>> Via: SIP/2.0/TCP 94.94.X.X:56120;rport=56120;branch=z9hG4bKPj75004c2a-7ba3-4807-805c-a3ac8016e5b7;alias
>> From: <sip:528 at test.domain;hide>;tag=93cc1d8e-9ccc-4d36-8587-923ff44daf89
>> To: <sip:528 at test.domain;hide>;tag=333a0370df4a40d5d5a0c21bb156e2a6.aab2
>> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
>> CSeq: 50696 REGISTER
>> WWW-Authenticate: Digest realm="test.domain", nonce="UgOcJlIDmvotaQR8dxYacL2fFlyotlC2"
>> Server: kamailio (4.0.2 (x86_64/linux))
>> Content-Length: 0
>>
>>
>> REGISTER sip:test.domain;transport=tcp;hide SIP/2.0
>> Via: SIP/2.0/TCP 94.94.X.X:56120;rport;branch=z9hG4bKPja2e404d0-9812-4b7b-b86b-3f3b1a27d204;alias
>> Max-Forwards: 70
>> From: <sip:528 at test.domain;hide>;tag=93cc1d8e-9ccc-4d36-8587-923ff44daf89
>> To: <sip:528 at test.domain;hide>
>> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
>> CSeq: 50697 REGISTER
>> User-Agent: PJSUA v2.1-svn Linux-3.10.5.44/x86_64/glibc-2.17
>> Supported: outbound, path
>> Contact:
>> <sip:528 at 94.94.X.X:1117;transport=TCP;ob>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>"
>> Expires: 300
>> Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
>> Authorization: Digest username="528 at test.domain", realm="test.domain", nonce="UgOcJlIDmvotaQR8dxYacL2fFlyotlC2",
>> uri="sip:test.domain;transport=tcp;hide", response="d6e93d582744a3cf12cc48989f66872e"
>> Content-Length:  0
>>
>>
>> SIP/2.0 200 OK
>> Via: SIP/2.0/TCP 94.94.X.X:56120;rport=56120;branch=z9hG4bKPja2e404d0-9812-4b7b-b86b-3f3b1a27d204;alias
>> From: <sip:528 at test.domain;hide>;tag=93cc1d8e-9ccc-4d36-8587-923ff44daf89
>> To: <sip:528 at test.domain;hide>;tag=333a0370df4a40d5d5a0c21bb156e2a6.d863
>> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
>> CSeq: 50697 REGISTER
>> Contact:
>> <sip:528 at 94.94.X.X:1117;transport=TCP;ob>;expires=300;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>";reg-id=1
>>
>> Server: kamailio (4.0.2 (x86_64/linux))
>> Content-Length: 0
>>
>> Thus, kamailio trigger this error:
>> Aug  9 09:20:47 proxy /usr/sbin/kamailio[3553]: ERROR: <core> [tcp_main.c:4247]: handle_tcpconn_ev(): connect
>> 94.94.X.X:1117 failed
>>
>>  From the client side (pjsua client) the log looks:
>>
>>
>> REGISTER sip:test.domain;transport=tcp;hide SIP/2.0
>> Via: SIP/2.0/TCP 192.168.2.90:56120;rport;branch=z9hG4bKPj75004c2a-7ba3-4807-805c-a3ac8016e5b7;alias
>> Max-Forwards: 70
>> From: <sip:528 at test.domain;hide>;tag=93cc1d8e-9ccc-4d36-8587-923ff44daf89
>> To: <sip:528 at test.domain;hide>
>> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
>> CSeq: 50696 REGISTER
>> User-Agent: PJSUA v2.1-svn Linux-3.10.5.44/x86_64/glibc-2.17
>> Supported: outbound, path
>> Contact:
>> <sip:528 at 192.168.2.90:5060;transport=TCP;ob>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>"
>> Expires: 300
>> Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
>> Content-Length:  0
>>
>>
>> --end msg--
>> SIP/2.0 401 Unauthorized
>> Via: SIP/2.0/TCP 192.168.2.90:56120;rport=56120;branch=z9hG4bKPj75004c2a-7ba3-4807-805c-a3ac8016e5b7;alias
>> From: <sip:528 at test.domain;hide>;tag=93cc1d8e-9ccc-4d36-8587-923ff44daf89
>> To: <sip:528 at test.domain;hide>;tag=333a0370df4a40d5d5a0c21bb156e2a6.aab2
>> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
>> CSeq: 50696 REGISTER
>> WWW-Authenticate: Digest realm="test.domain", nonce="UgOcJlIDmvotaQR8dxYacL2fFlyotlC2"
>> Server: kamailio (4.0.2 (x86_64/linux))
>> Content-Length: 0
>>
>>
>> --end msg--
>> REGISTER sip:test.domain;transport=tcp;hide SIP/2.0
>> Via: SIP/2.0/TCP 192.168.2.90:56120;rport;branch=z9hG4bKPja2e404d0-9812-4b7b-b86b-3f3b1a27d204;alias
>> Max-Forwards: 70
>> From: <sip:528 at test.domain;hide>;tag=93cc1d8e-9ccc-4d36-8587-923ff44daf89
>> To: <sip:528 at test.domain;hide>
>> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
>> CSeq: 50697 REGISTER
>> User-Agent: PJSUA v2.1-svn Linux-3.10.5.44/x86_64/glibc-2.17
>> Supported: outbound, path
>> Contact:
>> <sip:528 at 192.168.2.90:5060;transport=TCP;ob>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>"
>> Expires: 300
>> Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
>> Authorization: Digest username="528 at test.domain", realm="test.domain", nonce="UgOcJlIDmvotaQR8dxYacL2fFlyotlC2",
>> uri="sip:test.domain;transport=tcp;hide", response="d6e93d582744a3cf12cc48989f66872e"
>> Content-Length:  0
>>
>>
>> --end msg--
>> SIP/2.0 200 OK
>> Via: SIP/2.0/TCP 192.168.2.90:56120;rport=56120;branch=z9hG4bKPja2e404d0-9812-4b7b-b86b-3f3b1a27d204;alias
>> From: <sip:528 at test.domain;hide>;tag=93cc1d8e-9ccc-4d36-8587-923ff44daf89
>> To: <sip:528 at test.domain;hide>;tag=333a0370df4a40d5d5a0c21bb156e2a6.d863
>> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
>> CSeq: 50697 REGISTER
>> Contact:
>> <sip:528 at 192.168.2.90:5060;transport=TCP;ob>;expires=300;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>";reg-id=1
>>
>> Server: kamailio (4.0.2 (x86_64/linux))
>> Content-Length: 0
>>
>>
>> --end msg--
>> REGISTER sip:test.domain;transport=tcp;hide SIP/2.0
>> Via: SIP/2.0/TCP 192.168.2.90:56120;rport;branch=z9hG4bKPj3f8c138b-df5e-40a1-8482-fa792c362291;alias
>> Max-Forwards: 70
>> From: <sip:528 at test.domain;hide>;tag=2256e1a1-bad1-4f02-a9ff-45ff349f2c52
>> To: <sip:528 at test.domain;hide>
>> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
>> CSeq: 50698 REGISTER
>> User-Agent: PJSUA v2.1-svn Linux-3.10.5.44/x86_64/glibc-2.17
>> Supported: outbound, path
>> Contact:
>> <sip:528 at 192.168.2.90:5060;transport=TCP;ob>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>"
>> Expires: 300
>> Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
>> Content-Length:  0
>>
>>
>> --end msg--
>> SIP/2.0 401 Unauthorized
>> Via: SIP/2.0/TCP 192.168.2.90:56120;rport=56120;branch=z9hG4bKPj3f8c138b-df5e-40a1-8482-fa792c362291;alias
>> From: <sip:528 at test.domain;hide>;tag=2256e1a1-bad1-4f02-a9ff-45ff349f2c52
>> To: <sip:528 at test.domain;hide>;tag=333a0370df4a40d5d5a0c21bb156e2a6.15dd
>> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
>> CSeq: 50698 REGISTER
>> WWW-Authenticate: Digest realm="test.domain", nonce="UgOdTVIDnCHViWa5LC/JUVsF0HRn4wA5"
>> Server: kamailio (4.0.2 (x86_64/linux))
>> Content-Length: 0
>>
>>
>> --end msg--
>> REGISTER sip:test.domain;transport=tcp;hide SIP/2.0
>> Via: SIP/2.0/TCP 192.168.2.90:56120;rport;branch=z9hG4bKPj9539d611-09a9-4cac-bd29-bfe68132c058;alias
>> Max-Forwards: 70
>> From: <sip:528 at test.domain;hide>;tag=2256e1a1-bad1-4f02-a9ff-45ff349f2c52
>> To: <sip:528 at test.domain;hide>
>> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
>> CSeq: 50699 REGISTER
>> User-Agent: PJSUA v2.1-svn Linux-3.10.5.44/x86_64/glibc-2.17
>> Supported: outbound, path
>> Contact:
>> <sip:528 at 192.168.2.90:5060;transport=TCP;ob>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>"
>> Expires: 300
>> Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
>> Authorization: Digest username="528 at test.domain", realm="test.domain", nonce="UgOdTVIDnCHViWa5LC/JUVsF0HRn4wA5",
>> uri="sip:test.domain;transport=tcp;hide", response="3d2ed2fc1da090f592424cfa5804943e"
>> Content-Length:  0
>>
>>
>> --end msg--
>> SIP/2.0 200 OK
>> Via: SIP/2.0/TCP 192.168.2.90:56120;rport=56120;branch=z9hG4bKPj9539d611-09a9-4cac-bd29-bfe68132c058;alias
>> From: <sip:528 at test.domain;hide>;tag=2256e1a1-bad1-4f02-a9ff-45ff349f2c52
>> To: <sip:528 at test.domain;hide>;tag=333a0370df4a40d5d5a0c21bb156e2a6.cf79
>> Call-ID: 23306738-94b3-49b5-b7e8-dc1b8a8061db
>> CSeq: 50699 REGISTER
>> Contact:
>> <sip:528 at 192.168.2.90:5060;transport=TCP;ob>;expires=300;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0000be3c954f>";reg-id=1
>>
>> Server: kamailio (4.0.2 (x86_64/linux))
>> Content-Length: 0
>>
>> Does anyone can show me how solve this problem?
>>
>> Thanks in advance,
>> Roberto Fichera.
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>




More information about the sr-users mailing list