[SR-Users] Fwd: Kamailio and NAT
Nelson Migliaro
eng.migliaro at gmail.com
Thu Jan 14 18:51:33 CET 2016
Yes it is possible, but is there an easy way to workaround the issue using
Kamailio.
Because I have the port because vendor is sending that info in Trying:
2016/01/13 20:10:15.842055 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
SIP/2.0 100 trying -- your call is important to us
Via: SIP/2.0/UDP PUBLIC-IP:52548;branch=
z9hG4bKdd74.992e238037882e809653f713a5a580a9.1;rport=*52548*
I need to find the way to discover the port used by firewall (maybe getting
that info from Trying) and then advertise that port.
2016-01-14 18:32 GMT+01:00 Daniel-Constantin Mierla <miconda at gmail.com>:
> Not really up to date with all Asterisk features -- do you know if you can
> append a custom header to a SIP response that is going to be generated by
> Asterisk? Eventually the reply for an OPTIONS request.
>
> Cheers,
> Daniel
>
>
> On 14/01/16 17:19, Nelson Migliaro wrote:
>
> Yes, I manage all devices, even the internet router but it does not allow
> static pat.
>
> 2016-01-14 16:07 GMT+01:00 Daniel-Constantin Mierla < <miconda at gmail.com>
> miconda at gmail.com>:
>
>> Do you control the Asterisk? If yes, depending on Asterisk capabilities
>> of building replies, you may be able to do some automation to detect the
>> external port.
>>
>> Cheers,
>> Daniel
>>
>> On Thu, Jan 14, 2016 at 3:47 PM, Nelson Migliaro <
>> <eng.migliaro at gmail.com>eng.migliaro at gmail.com> wrote:
>>
>>> There is not a public Kamailio, only one Kamailio behind NAT,
>>>
>>> Right now the configuration is:
>>>
>>> Asterisk <-> Kamailio (Private IP + advertise public IP + RTP Proxy )
>>> <-> Internet router (public IP + symmetric na) <-> Internet
>>>
>>> Regards,
>>>
>>> 2016-01-14 15:43 GMT+01:00 Daniel-Constantin Mierla <miconda at gmail.com>:
>>>
>>>> Is the kamailio behind nat communicating with another kamailio on a
>>>> public IP?
>>>>
>>>> Cheers,
>>>> DAniel
>>>>
>>>> On Thu, Jan 14, 2016 at 1:33 PM, Nelson Migliaro <
>>>> <eng.migliaro at gmail.com>eng.migliaro at gmail.com> wrote:
>>>>
>>>>> Thank you Daniel for your answer,
>>>>>
>>>>> As you mention, there is a symmetric nat and router does not allow a
>>>>> static NAT.
>>>>>
>>>>> By sniffing traffic I can see the port is using new but in case it
>>>>> change, how can automate the process of advertising the correct port?
>>>>>
>>>>> Cheers!
>>>>>
>>>>>
>>>>> ---------- Forwarded message ----------
>>>>> From: Daniel-Constantin Mierla < <miconda at gmail.com>miconda at gmail.com>
>>>>> Date: 2016-01-13 23:28 GMT+01:00
>>>>> Subject: Re: [SR-Users] Kamailio and NAT
>>>>> To: "Kamailio (SER) - Users Mailing List" <
>>>>> <sr-users at lists.sip-router.org>sr-users at lists.sip-router.org>
>>>>>
>>>>>
>>>>> Hello,
>>>>>
>>>>> it looks like you have a symmetric nat router, so the allocated port
>>>>> is randomly selected.
>>>>>
>>>>> If you don't control the nat router to set a static forwarding rule or
>>>>> it doesn't provide the option to set static forwarding, then you are pretty
>>>>> much left with sniffing the traffic to discover the external port and
>>>>> advertise it.
>>>>>
>>>>> Cheers,
>>>>> Daniel
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 13/01/16 20:31, Nelson Migliaro wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>> I finally were able to run my Kamailio behind NAT but in order to
>>>>> accomplish that I included:
>>>>>
>>>>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
>>>>>
>>>>> 52548 is the port my internet router change when doing NAT
>>>>> (5060->52548). I found this port sniffing traffic
>>>>>
>>>>> Conclusions at this point are:
>>>>>
>>>>>
>>>>> ---------------------------------------------1--------------------------------------------------------------------------------------------------
>>>>> If I use this line:
>>>>>
>>>>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:5060 it does not work :(
>>>>>
>>>>> When I dial a call, INVITE / ACK / Trying / OK goes fine because they
>>>>> are part of the same transaction
>>>>> When remote party disconnects the call, BYE goes to PUBLIC-IP port
>>>>> 5060 and router blocks de request. I assume vendor sends BYE to 5060
>>>>> because it is a new transaction
>>>>>
>>>>> -----------------------------------------------2--------------------------------------------------------------------------------------------------
>>>>>
>>>>> If I use this line:
>>>>>
>>>>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548 it work !!!!!!
>>>>>
>>>>> When I dial a call, INVITE / ACK / Trying / OK goes fine because they
>>>>> are part of the same transaction
>>>>> When remote party disconnects the call, BYE goes to PUBLIC-IP port
>>>>> 52548 and router forward the request to Kamailio. Since there is an open
>>>>> connection.
>>>>>
>>>>> I need to find the way to find the way to advertise the public port
>>>>> internet router is doing NAT (PAT).
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------------------------------------------------------------------------------------
>>>>> This trace is a call that worked fine because I included line:
>>>>>
>>>>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
>>>>>
>>>>>
>>>>> This trace is an INVITE with this line: listen=udp:SOURCE-IP:5060
>>>>> advertise PUBLIC-IP:52548
>>>>> 2016/01/13 20:10:15.793568 PRIVATE-IP-KAMAILIO:5060 -> VENDOR-IP:5060
>>>>> INVITE sip:NUM-DESTINATION at VENDOR-IP SIP/2.0
>>>>> Record-Route: <
>>>>> sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tB
>>>>> A-;nat=yes>
>>>>> Via: SIP/2.0/UDP
>>>>> PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.0
>>>>> Via: SIP/2.0/UDP
>>>>> PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
>>>>> Max-Forwards: 69
>>>>> From: NUM-SOURCE <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
>>>>> To: <sip:NUM-DESTINATION at sip.VENDOR-IP>
>>>>> Contact:
>>>>> <sip:NUM-SOURCE at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1>
>>>>> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
>>>>> CSeq: 102 INVITE
>>>>> User-Agent: Kamailio
>>>>> Date: Wed, 13 Jan 2016 19:10:15 GMT
>>>>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY,
>>>>> INFO, PUBLISH, MESSAGE
>>>>> Supported: replaces, timer
>>>>> Content-Type: application/sdp
>>>>> Content-Length: 255
>>>>>
>>>>>
>>>>> Trying.....
>>>>>
>>>>> 2016/01/13 20:10:15.842055 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
>>>>> SIP/2.0 100 trying -- your call is important to us
>>>>> Via: SIP/2.0/UDP
>>>>> PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.1;rport=52548
>>>>> Via: SIP/2.0/UDP
>>>>> PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
>>>>> From: NUM-SOURCE <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
>>>>> To: <sip:NUM-DESTINATION at VENDOR-IP>
>>>>> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
>>>>> CSeq: 102 INVITE
>>>>> Server: kamailio
>>>>> Content-Length: 0
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> And finally a BYE
>>>>>
>>>>> 2016/01/13 20:10:28.545526 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
>>>>> BYE sip:34982298000 at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1
>>>>> SIP/2.0
>>>>> Via: SIP/2.0/UDP
>>>>> VENDOR-IP;branch=z9hG4bK26d8.847e6e14eef37e2cfc8b5e81d33de73d.0
>>>>> From: <sip:675896262 at PRIVATE-IP-KAMAILIO>;tag=gK0293ed93
>>>>> To: "NUM-SOURCE" < <sip%3ANUM-SOURCE at norvoz.es>sip:NUM-SOURCE@
>>>>> VENDOR-IP>;tag=as3b72a453
>>>>> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
>>>>> CSeq: 28731 BYE
>>>>> Max-Forwards: 69
>>>>> Route: <
>>>>> sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tBMzA-;na
>>>>> yes>
>>>>> Reason: Q.850;cause=16
>>>>> Content-Length: 0
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>>>>
>>>>> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>>>>
>>>>> Finally, It is finally working because I hardcoded NAT´d port.
>>>>> I would like to find a way to avoid setting the port in "hard".
>>>>>
>>>>> Thank you
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>>>>> Book: SIP Routing With Kamailio - http://www.asipto.comhttp://miconda.eu
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>>> <sr-users at lists.sip-router.org>sr-users at lists.sip-router.org
>>>>> <http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users>
>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>>> sr-users at lists.sip-router.org
>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Daniel-Constantin Mierla - http://www.asipto.com
>>>> http://twitter.com/#!/miconda - http://www.linkedin.com/in/micond
>>>> <http://www.linkedin.com/in/miconda>
>>>>
>>>> _______________________________________________
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>> sr-users at lists.sip-router.org
>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>>
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users at lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>>
>>
>>
>> --
>> Daniel-Constantin Mierla - <http://www.asipto.com>http://www.asipto.com
>> http://twitter.com/#!/miconda - http://www.linkedin.com/in/micond
>> <http://www.linkedin.com/in/miconda>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing listsr-users at lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
> --
> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
> Book: SIP Routing With Kamailio - http://www.asipto.comhttp://miconda.eu
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160114/d0ab6ff2/attachment.html>
More information about the sr-users
mailing list