[SR-Users] Presence data to users behind NAT

Shane Harrison Shane.Harrison at imgtec.com
Sun Mar 22 20:59:46 CET 2015 

Hi Olli,

To overcome NAT issues requires a reasonable amount of reading to get some understanding of best techniques to apply in your situation.

Firewalls/NAT devices can  attempt to help by modifying packets using ALG (application level gateway) functions.  However often these are badly implemented  and of course don't work in the TLS transport case.

Most Kamailio implementors would, I imagine,  try and do two things to solve subscribe/notify issues:
1) Modify incoming packet contact headers using nathelper module - fix_nated_contact() is a useful function
2) Reuse incoming client connections for outgoing NOTIFY's.  There is an RFC concerning reuse of client connections that is worth reading.  
Also
3) Use of the "path"  header to force routing back through the connection terminating entity (load balancer or sip proxy depending on your topology) is also helpful

For simple single proxy type systems the first two above ideas should be sufficient.  In more complicated scenarios you also need to fully understand SIP routing.  For example, depending on topology, use of the "advertise" parameter on the listen command can be useful for ensuring RR's have public IP's.

HTH
Shane

> -----Original Message-----
> From: sr-users [mailto:sr-users-bounces at lists.sip-router.org] On Behalf Of
> Olli Attila
> Sent: Saturday, 21 March 2015 11:30 p.m.
> To: sr-users at lists.sip-router.org
> Subject: [SR-Users] Presence data to users behind NAT
> 
> Hello,
> 
> Im running kamailio 4.2.3 and I'm trying to build a system where I could have
> the following features: SIP proxy, RTP proxy, Presence & XCAP service for IM
> messaging.
> 
> I have a problem with the Presence service with users that are located
> behind nat. When Kamailio sends presence info to a watcher with sip NOTIFY
> message, the destaination ip for the pacage seems to be an un-routable
> (=private) ip, and so the watcher never receives the NOTIFY message making
> the watchers sip client unaware of the other users presence.
> 
> Any suggestions how to make Kamailio handle the watchers behind nat so
> that the NOTIFY messages will get delivered succesfully?
> 
> I tried the scenario with a client with public ip and the presence works fine.
> 
> my kamailio.cfg:
> http://tny.cz/7d85773c
> 
> -- Olli
> 
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-
> users at lists.sip-router.org http://lists.sip-router.org/cgi-
> bin/mailman/listinfo/sr-users

More information about the sr-users mailing list