[SR-Users] Fwd: Kamailio and NAT
Nelson Migliaro
eng.migliaro at gmail.com
Thu Jan 14 17:19:06 CET 2016
Yes, I manage all devices, even the internet router but it does not allow
static pat.
2016-01-14 16:07 GMT+01:00 Daniel-Constantin Mierla <miconda at gmail.com>:
> Do you control the Asterisk? If yes, depending on Asterisk capabilities of
> building replies, you may be able to do some automation to detect the
> external port.
>
> Cheers,
> Daniel
>
> On Thu, Jan 14, 2016 at 3:47 PM, Nelson Migliaro <eng.migliaro at gmail.com>
> wrote:
>
>> There is not a public Kamailio, only one Kamailio behind NAT,
>>
>> Right now the configuration is:
>>
>> Asterisk <-> Kamailio (Private IP + advertise public IP + RTP Proxy )
>> <-> Internet router (public IP + symmetric na) <-> Internet
>>
>> Regards,
>>
>> 2016-01-14 15:43 GMT+01:00 Daniel-Constantin Mierla <miconda at gmail.com>:
>>
>>> Is the kamailio behind nat communicating with another kamailio on a
>>> public IP?
>>>
>>> Cheers,
>>> DAniel
>>>
>>> On Thu, Jan 14, 2016 at 1:33 PM, Nelson Migliaro <eng.migliaro at gmail.com
>>> > wrote:
>>>
>>>> Thank you Daniel for your answer,
>>>>
>>>> As you mention, there is a symmetric nat and router does not allow a
>>>> static NAT.
>>>>
>>>> By sniffing traffic I can see the port is using new but in case it
>>>> change, how can automate the process of advertising the correct port?
>>>>
>>>> Cheers!
>>>>
>>>>
>>>> ---------- Forwarded message ----------
>>>> From: Daniel-Constantin Mierla <miconda at gmail.com>
>>>> Date: 2016-01-13 23:28 GMT+01:00
>>>> Subject: Re: [SR-Users] Kamailio and NAT
>>>> To: "Kamailio (SER) - Users Mailing List" <
>>>> sr-users at lists.sip-router.org>
>>>>
>>>>
>>>> Hello,
>>>>
>>>> it looks like you have a symmetric nat router, so the allocated port is
>>>> randomly selected.
>>>>
>>>> If you don't control the nat router to set a static forwarding rule or
>>>> it doesn't provide the option to set static forwarding, then you are pretty
>>>> much left with sniffing the traffic to discover the external port and
>>>> advertise it.
>>>>
>>>> Cheers,
>>>> Daniel
>>>>
>>>>
>>>>
>>>>
>>>> On 13/01/16 20:31, Nelson Migliaro wrote:
>>>>
>>>> Hello,
>>>>
>>>> I finally were able to run my Kamailio behind NAT but in order to
>>>> accomplish that I included:
>>>>
>>>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
>>>>
>>>> 52548 is the port my internet router change when doing NAT
>>>> (5060->52548). I found this port sniffing traffic
>>>>
>>>> Conclusions at this point are:
>>>>
>>>>
>>>> ---------------------------------------------1--------------------------------------------------------------------------------------------------
>>>> If I use this line:
>>>>
>>>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:5060 it does not work :(
>>>>
>>>> When I dial a call, INVITE / ACK / Trying / OK goes fine because they
>>>> are part of the same transaction
>>>> When remote party disconnects the call, BYE goes to PUBLIC-IP port 5060
>>>> and router blocks de request. I assume vendor sends BYE to 5060 because it
>>>> is a new transaction
>>>>
>>>> -----------------------------------------------2--------------------------------------------------------------------------------------------------
>>>>
>>>> If I use this line:
>>>>
>>>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548 it work !!!!!!
>>>>
>>>> When I dial a call, INVITE / ACK / Trying / OK goes fine because they
>>>> are part of the same transaction
>>>> When remote party disconnects the call, BYE goes to PUBLIC-IP port
>>>> 52548 and router forward the request to Kamailio. Since there is an open
>>>> connection.
>>>>
>>>> I need to find the way to find the way to advertise the public port
>>>> internet router is doing NAT (PAT).
>>>>
>>>>
>>>> ---------------------------------------------------------------------------------------------------------------------------------------------------
>>>> This trace is a call that worked fine because I included line:
>>>>
>>>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
>>>>
>>>>
>>>> This trace is an INVITE with this line: listen=udp:SOURCE-IP:5060
>>>> advertise PUBLIC-IP:52548
>>>> 2016/01/13 20:10:15.793568 PRIVATE-IP-KAMAILIO:5060 -> VENDOR-IP:5060
>>>> INVITE sip:NUM-DESTINATION at VENDOR-IP SIP/2.0
>>>> Record-Route: <
>>>> sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tB
>>>> A-;nat=yes>
>>>> Via: SIP/2.0/UDP
>>>> PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.0
>>>> Via: SIP/2.0/UDP
>>>> PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
>>>> Max-Forwards: 69
>>>> From: NUM-SOURCE <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
>>>> To: <sip:NUM-DESTINATION at sip.VENDOR-IP>
>>>> Contact:
>>>> <sip:NUM-SOURCE at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1>
>>>> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
>>>> CSeq: 102 INVITE
>>>> User-Agent: Kamailio
>>>> Date: Wed, 13 Jan 2016 19:10:15 GMT
>>>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY,
>>>> INFO, PUBLISH, MESSAGE
>>>> Supported: replaces, timer
>>>> Content-Type: application/sdp
>>>> Content-Length: 255
>>>>
>>>>
>>>> Trying.....
>>>>
>>>> 2016/01/13 20:10:15.842055 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
>>>> SIP/2.0 100 trying -- your call is important to us
>>>> Via: SIP/2.0/UDP
>>>> PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.1;rport=52548
>>>> Via: SIP/2.0/UDP
>>>> PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
>>>> From: NUM-SOURCE <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
>>>> To: <sip:NUM-DESTINATION at VENDOR-IP>
>>>> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
>>>> CSeq: 102 INVITE
>>>> Server: kamailio
>>>> Content-Length: 0
>>>>
>>>>
>>>>
>>>>
>>>> And finally a BYE
>>>>
>>>> 2016/01/13 20:10:28.545526 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
>>>> BYE sip:34982298000 at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1
>>>> SIP/2.0
>>>> Via: SIP/2.0/UDP
>>>> VENDOR-IP;branch=z9hG4bK26d8.847e6e14eef37e2cfc8b5e81d33de73d.0
>>>> From: <sip:675896262 at PRIVATE-IP-KAMAILIO>;tag=gK0293ed93
>>>> To: "NUM-SOURCE" <sip:NUM-SOURCE@ <sip%3ANUM-SOURCE at norvoz.es>VENDOR-IP
>>>> >;tag=as3b72a453
>>>> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
>>>> CSeq: 28731 BYE
>>>> Max-Forwards: 69
>>>> Route: <
>>>> sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tBMzA-;na
>>>> yes>
>>>> Reason: Q.850;cause=16
>>>> Content-Length: 0
>>>>
>>>>
>>>>
>>>>
>>>> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>>>
>>>> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>>>
>>>> Finally, It is finally working because I hardcoded NAT´d port.
>>>> I would like to find a way to avoid setting the port in "hard".
>>>>
>>>> Thank you
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>>>> Book: SIP Routing With Kamailio - http://www.asipto.comhttp://miconda.eu
>>>>
>>>>
>>>> _______________________________________________
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>> sr-users at lists.sip-router.org
>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>> sr-users at lists.sip-router.org
>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>>
>>>
>>>
>>> --
>>> Daniel-Constantin Mierla - http://www.asipto.com
>>> http://twitter.com/#!/miconda - http://www.linkedin.com/in/micond
>>> <http://www.linkedin.com/in/miconda>
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users at lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>
>
> --
> Daniel-Constantin Mierla - http://www.asipto.com
> http://twitter.com/#!/miconda - http://www.linkedin.com/in/micond
> <http://www.linkedin.com/in/miconda>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160114/329ba42a/attachment.html>
More information about the sr-users
mailing list