[SR-Users] Kamailio and NAT

Nelson Migliaro eng.migliaro at gmail.com
Wed Jan 13 20:31:14 CET 2016 

Hello,

I finally were able to run my Kamailio behind NAT but in order to
accomplish that I included:

listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548

52548 is the port my internet router change when doing NAT (5060->52548). I
found this port sniffing traffic

Conclusions at this point are:

---------------------------------------------1--------------------------------------------------------------------------------------------------
If I use this line:

listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:5060 it does not work :(

When I dial a call, INVITE / ACK / Trying / OK goes fine because they are
part of the same transaction
When remote party disconnects the call, BYE goes to PUBLIC-IP port 5060 and
router blocks de request. I assume vendor sends BYE to 5060 because it is a
new transaction

-----------------------------------------------2--------------------------------------------------------------------------------------------------
If I use this line:

listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548 it work !!!!!!

When I dial a call, INVITE / ACK / Trying / OK goes fine because they are
part of the same transaction
When remote party disconnects the call, BYE goes to PUBLIC-IP port 52548
and router forward the request to Kamailio. Since there is an open
connection.

I need to find the way to find the way to advertise the public port
internet router is doing NAT (PAT).

---------------------------------------------------------------------------------------------------------------------------------------------------
This trace is a call that worked fine because I included line:

listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548


This trace is an INVITE with this line: listen=udp:SOURCE-IP:5060 advertise
PUBLIC-IP:52548
2016/01/13 20:10:15.793568 PRIVATE-IP-KAMAILIO:5060 -> VENDOR-IP:5060
INVITE sip:NUM-DESTINATION at VENDOR-IP SIP/2.0
Record-Route:
<sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tB
A-;nat=yes>
Via: SIP/2.0/UDP
PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.0
Via: SIP/2.0/UDP
PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
Max-Forwards: 69
From: NUM-SOURCE <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
To: <sip:NUM-DESTINATION at sip.VENDOR-IP>
Contact: <sip:NUM-SOURCE at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1>
Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
CSeq: 102 INVITE
User-Agent: Kamailio
Date: Wed, 13 Jan 2016 19:10:15 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH, MESSAGE
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 255


Trying.....

2016/01/13 20:10:15.842055 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
SIP/2.0 100 trying -- your call is important to us
Via: SIP/2.0/UDP
PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.1;rport=52548
Via: SIP/2.0/UDP
PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
From: NUM-SOURCE <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
To: <sip:NUM-DESTINATION at VENDOR-IP>
Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
CSeq: 102 INVITE
Server: kamailio
Content-Length: 0




And finally a BYE

2016/01/13 20:10:28.545526 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
BYE sip:34982298000 at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1 SIP/2.0
Via: SIP/2.0/UDP
VENDOR-IP;branch=z9hG4bK26d8.847e6e14eef37e2cfc8b5e81d33de73d.0
From: <sip:675896262 at PRIVATE-IP-KAMAILIO>;tag=gK0293ed93
To: "NUM-SOURCE" <sip:NUM-SOURCE at norvoz.es>;tag=as3b72a453
Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
CSeq: 28731 BYE
Max-Forwards: 69
Route:
<sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tBMzA-;na
yes>
Reason: Q.850;cause=16
Content-Length: 0



-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

Finally, It is finally working because I hardcoded NAT´d port.
I would like to find a way to avoid setting the port in "hard".

Thank you






2016-01-13 12:59 GMT+01:00 Gholamreza Sabery <gr.sabery at gmail.com>:

> When you are running Kamailio behind a NAT you should use advertise
> parameter of listen address. According to documentation " A typical use
> case for advertise address is when running SIP server behind a
> NAT/Firewall, when the local IP address (to be used for bind) is different
> than the public IP address (to be used for advertising).". For example:
>
> listen=udp:10.10.10.10:5060 advertise  11.11.11.11:5060
>
> For more info refer to http://www.kamailio.org/wiki/cookbooks/3.3.x/core#listen
>
> Regards
>
> Gholamreza Sabery Tabrizy
>
>
>
> On Wed, Jan 13, 2016 at 2:39 AM, Daniel-Constantin Mierla <
> miconda at gmail.com> wrote:
>
>> Hello,
>>
>> can you get the SIP trace with all the packets of such dialog outside of
>> the NAT router? It will help to see the headers and based on that we may be
>> able to provide a solution.
>>
>> Cheers,
>> Daniel
>>
>>
>> On 12/01/16 19:13, Nelson Migliaro wrote:
>>
>> Thank you for your answer.
>>
>> The problem I have is with internet router doing to PAT to SIP port.
>> I am already advertising public IP but unfortunately I cant know the
>> public port I am using.
>>
>> 2015-12-28 18:17 GMT+01:00 Alexandru Covalschi <568691 at gmail.com>:
>>
>>> AFAIK bye is usually sent to the address stored in record_route. Try
>>> setting changing record_route() to
>>> record_route_preset("PUBLICIP:5060;nat=yes:)
>>>
>>> 2015-12-23 16:28 GMT+02:00 Nelson Migliaro < <eng.migliaro at gmail.com>
>>> eng.migliaro at gmail.com>:
>>>
>>>>
>>>> Hello,
>>>>
>>>> I am running Kamailio behind NAT.
>>>>
>>>> Kanailio has a private IP and I am relaying NAT to internet router.
>>>>
>>>> I am using:
>>>>
>>>> - #!define WITH_NAT
>>>> - listen=udp:PRIVATE-IP:5060 advertise PUBLIC-IP:5060
>>>>
>>>> - Patched RTP proxy including the advertise option
>>>>
>>>> And everything goes fine. I can make calls and have two way audio.
>>>>
>>>> The problem begins when the callee ends the call. BYE is not received
>>>> in Kamailio (caller)
>>>>
>>>> I included the public IP using "add_contact_alias" because
>>>> "set_contact_alias" was not adding the public IP. I included this in in
>>>> NATDETECT (pre loaded router)
>>>>
>>>>         if(is_first_hop()) {
>>>>             xlog("L_NOTICE","Metodo: $rm \n");
>>>>             xlog("L_NOTICE","is first hop\n");
>>>>             #set_contact_alias();
>>>>                  if (!add_contact_alias("PUBLIC-IP", "$Rp", "udp")) {
>>>>                  xlog("L_ERR", "Error in aliasing contact $ct\n");
>>>>                     send_reply("400", "Bad request");
>>>>                             exit;
>>>>                     }
>>>>         }
>>>>
>>>> I think the problem is related to destination that BYE is sent by the
>>>> vendor. From what I see IP and port is taken from advertised in contact
>>>> (PUBLIC-IP and 5060).
>>>> The problem is that internet router changes the source port.
>>>>
>>>> Contact: <sip:999999999 at PRIVATE-IP:5060;alias=PUBLIC-IP~5060~1>
>>>>
>>>> --- Is it correcto to add_contact_alias("PUBLIC-IP", "$Rp", "udp") in
>>>> order to received new transactions or should I follow a different
>>>> procedure???
>>>>
>>>> Thank you
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>> sr-users at lists.sip-router.org
>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>>
>>>
>>>
>>> --
>>> Alexandru Covalschi
>>> ABRISS-Solutions
>>> VoIP engineer and system administrator
>>> phone: +37367398493
>>> web: http://abs-telecom.com/
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users at lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>>
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing listsr-users at lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>> --
>> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>> Book: SIP Routing With Kamailio - http://www.asipto.comhttp://miconda.eu
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160113/4a406682/attachment.html>

More information about the sr-users mailing list