[SR-Users] Fwd: Kamailio and NAT

Nelson Migliaro eng.migliaro at gmail.com
Thu Jan 14 15:47:38 CET 2016 

There is not a public Kamailio, only one Kamailio behind NAT,

Right now the configuration is:

Asterisk <-> Kamailio (Private IP + advertise public IP + RTP Proxy  ) <->
Internet router (public IP + symmetric na) <-> Internet

Regards,

2016-01-14 15:43 GMT+01:00 Daniel-Constantin Mierla <miconda at gmail.com>:

> Is the kamailio behind nat communicating with another kamailio on a public
> IP?
>
> Cheers,
> DAniel
>
> On Thu, Jan 14, 2016 at 1:33 PM, Nelson Migliaro <eng.migliaro at gmail.com>
> wrote:
>
>> Thank you Daniel for your answer,
>>
>> As you mention, there is a symmetric nat and router does not allow a
>> static NAT.
>>
>> By sniffing traffic I can see the port is using new but in case it
>> change, how can automate the process of advertising the correct port?
>>
>> Cheers!
>>
>>
>> ---------- Forwarded message ----------
>> From: Daniel-Constantin Mierla <miconda at gmail.com>
>> Date: 2016-01-13 23:28 GMT+01:00
>> Subject: Re: [SR-Users] Kamailio and NAT
>> To: "Kamailio (SER) - Users Mailing List" <sr-users at lists.sip-router.org>
>>
>>
>> Hello,
>>
>> it looks like you have a symmetric nat router, so the allocated port is
>> randomly selected.
>>
>> If you don't control the nat router to set a static forwarding rule or it
>> doesn't provide the option to set static forwarding, then you are pretty
>> much left with sniffing the traffic to discover the external port and
>> advertise it.
>>
>> Cheers,
>> Daniel
>>
>>
>>
>>
>> On 13/01/16 20:31, Nelson Migliaro wrote:
>>
>> Hello,
>>
>> I finally were able to run my Kamailio behind NAT but in order to
>> accomplish that I included:
>>
>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
>>
>> 52548 is the port my internet router change when doing NAT (5060->52548).
>> I found this port sniffing traffic
>>
>> Conclusions at this point are:
>>
>>
>> ---------------------------------------------1--------------------------------------------------------------------------------------------------
>> If I use this line:
>>
>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:5060 it does not work :(
>>
>> When I dial a call, INVITE / ACK / Trying / OK goes fine because they are
>> part of the same transaction
>> When remote party disconnects the call, BYE goes to PUBLIC-IP port 5060
>> and router blocks de request. I assume vendor sends BYE to 5060 because it
>> is a new transaction
>>
>> -----------------------------------------------2--------------------------------------------------------------------------------------------------
>>
>> If I use this line:
>>
>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548 it work !!!!!!
>>
>> When I dial a call, INVITE / ACK / Trying / OK goes fine because they are
>> part of the same transaction
>> When remote party disconnects the call, BYE goes to PUBLIC-IP port 52548
>> and router forward the request to Kamailio. Since there is an open
>> connection.
>>
>> I need to find the way to find the way to advertise the public port
>> internet router is doing NAT (PAT).
>>
>>
>> ---------------------------------------------------------------------------------------------------------------------------------------------------
>> This trace is a call that worked fine because I included line:
>>
>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
>>
>>
>> This trace is an INVITE with this line: listen=udp:SOURCE-IP:5060
>> advertise PUBLIC-IP:52548
>> 2016/01/13 20:10:15.793568 PRIVATE-IP-KAMAILIO:5060 -> VENDOR-IP:5060
>> INVITE sip:NUM-DESTINATION at VENDOR-IP SIP/2.0
>> Record-Route: <
>> sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tB
>> A-;nat=yes>
>> Via: SIP/2.0/UDP
>> PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.0
>> Via: SIP/2.0/UDP
>> PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
>> Max-Forwards: 69
>> From: NUM-SOURCE <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
>> To: <sip:NUM-DESTINATION at sip.VENDOR-IP>
>> Contact:
>> <sip:NUM-SOURCE at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1>
>> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
>> CSeq: 102 INVITE
>> User-Agent: Kamailio
>> Date: Wed, 13 Jan 2016 19:10:15 GMT
>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
>> PUBLISH, MESSAGE
>> Supported: replaces, timer
>> Content-Type: application/sdp
>> Content-Length: 255
>>
>>
>> Trying.....
>>
>> 2016/01/13 20:10:15.842055 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
>> SIP/2.0 100 trying -- your call is important to us
>> Via: SIP/2.0/UDP
>> PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.1;rport=52548
>> Via: SIP/2.0/UDP
>> PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
>> From: NUM-SOURCE <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
>> To: <sip:NUM-DESTINATION at VENDOR-IP>
>> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
>> CSeq: 102 INVITE
>> Server: kamailio
>> Content-Length: 0
>>
>>
>>
>>
>> And finally a BYE
>>
>> 2016/01/13 20:10:28.545526 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
>> BYE sip:34982298000 at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1
>> SIP/2.0
>> Via: SIP/2.0/UDP
>> VENDOR-IP;branch=z9hG4bK26d8.847e6e14eef37e2cfc8b5e81d33de73d.0
>> From: <sip:675896262 at PRIVATE-IP-KAMAILIO>;tag=gK0293ed93
>> To: "NUM-SOURCE" <sip:NUM-SOURCE@ <sip%3ANUM-SOURCE at norvoz.es>VENDOR-IP
>> >;tag=as3b72a453
>> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
>> CSeq: 28731 BYE
>> Max-Forwards: 69
>> Route: <
>> sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tBMzA-;na
>> yes>
>> Reason: Q.850;cause=16
>> Content-Length: 0
>>
>>
>>
>>
>> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>> Finally, It is finally working because I hardcoded NAT´d port.
>> I would like to find a way to avoid setting the port in "hard".
>>
>> Thank you
>>
>>
>>
>>
>>
>> --
>> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>> Book: SIP Routing With Kamailio - http://www.asipto.comhttp://miconda.eu
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>
>
> --
> Daniel-Constantin Mierla - http://www.asipto.com
> http://twitter.com/#!/miconda - http://www.linkedin.com/in/micond
> <http://www.linkedin.com/in/miconda>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160114/25e5d282/attachment.html>

More information about the sr-users mailing list