[SR-Users] Fwd: Kamailio and NAT
Nelson Migliaro
eng.migliaro at gmail.com
Thu Jan 14 13:33:42 CET 2016
Thank you Daniel for your answer,
As you mention, there is a symmetric nat and router does not allow a static
NAT.
By sniffing traffic I can see the port is using new but in case it change,
how can automate the process of advertising the correct port?
Cheers!
---------- Forwarded message ----------
From: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2016-01-13 23:28 GMT+01:00
Subject: Re: [SR-Users] Kamailio and NAT
To: "Kamailio (SER) - Users Mailing List" <sr-users at lists.sip-router.org>
Hello,
it looks like you have a symmetric nat router, so the allocated port is
randomly selected.
If you don't control the nat router to set a static forwarding rule or it
doesn't provide the option to set static forwarding, then you are pretty
much left with sniffing the traffic to discover the external port and
advertise it.
Cheers,
Daniel
On 13/01/16 20:31, Nelson Migliaro wrote:
Hello,
I finally were able to run my Kamailio behind NAT but in order to
accomplish that I included:
listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
52548 is the port my internet router change when doing NAT (5060->52548). I
found this port sniffing traffic
Conclusions at this point are:
---------------------------------------------1--------------------------------------------------------------------------------------------------
If I use this line:
listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:5060 it does not work :(
When I dial a call, INVITE / ACK / Trying / OK goes fine because they are
part of the same transaction
When remote party disconnects the call, BYE goes to PUBLIC-IP port 5060 and
router blocks de request. I assume vendor sends BYE to 5060 because it is a
new transaction
-----------------------------------------------2--------------------------------------------------------------------------------------------------
If I use this line:
listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548 it work !!!!!!
When I dial a call, INVITE / ACK / Trying / OK goes fine because they are
part of the same transaction
When remote party disconnects the call, BYE goes to PUBLIC-IP port 52548
and router forward the request to Kamailio. Since there is an open
connection.
I need to find the way to find the way to advertise the public port
internet router is doing NAT (PAT).
---------------------------------------------------------------------------------------------------------------------------------------------------
This trace is a call that worked fine because I included line:
listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
This trace is an INVITE with this line: listen=udp:SOURCE-IP:5060 advertise
PUBLIC-IP:52548
2016/01/13 20:10:15.793568 PRIVATE-IP-KAMAILIO:5060 -> VENDOR-IP:5060
INVITE sip:NUM-DESTINATION at VENDOR-IP SIP/2.0
Record-Route: <
sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tB
A-;nat=yes>
Via: SIP/2.0/UDP
PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.0
Via: SIP/2.0/UDP
PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
Max-Forwards: 69
From: NUM-SOURCE <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
To: <sip:NUM-DESTINATION at sip.VENDOR-IP>
Contact: <sip:NUM-SOURCE at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1>
Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
CSeq: 102 INVITE
User-Agent: Kamailio
Date: Wed, 13 Jan 2016 19:10:15 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH, MESSAGE
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 255
Trying.....
2016/01/13 20:10:15.842055 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
SIP/2.0 100 trying -- your call is important to us
Via: SIP/2.0/UDP
PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.1;rport=52548
Via: SIP/2.0/UDP
PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
From: NUM-SOURCE <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
To: <sip:NUM-DESTINATION at VENDOR-IP>
Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
CSeq: 102 INVITE
Server: kamailio
Content-Length: 0
And finally a BYE
2016/01/13 20:10:28.545526 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
BYE sip:34982298000 at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1 SIP/2.0
Via: SIP/2.0/UDP
VENDOR-IP;branch=z9hG4bK26d8.847e6e14eef37e2cfc8b5e81d33de73d.0
From: <sip:675896262 at PRIVATE-IP-KAMAILIO>;tag=gK0293ed93
To: "NUM-SOURCE" <sip:NUM-SOURCE@ <sip%3ANUM-SOURCE at norvoz.es>VENDOR-IP
>;tag=as3b72a453
Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
CSeq: 28731 BYE
Max-Forwards: 69
Route: <
sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tBMzA-;na
yes>
Reason: Q.850;cause=16
Content-Length: 0
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
Finally, It is finally working because I hardcoded NAT´d port.
I would like to find a way to avoid setting the port in "hard".
Thank you
--
Daniel-Constantin Mierlahttp://twitter.com/#!/miconda -
http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.comhttp://miconda.eu
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users at lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160114/141438bb/attachment.html>
More information about the sr-users
mailing list