[SR-Users] Fwd: Kamailio and NAT

Nelson Migliaro eng.migliaro at gmail.com
Tue Jan 19 18:18:17 CET 2016 

I am thinking that I cat get the port during the first call and then use
that port for the rest of calls.
Maybe that first call will fail but after that, all calls will go fine.

Example of a Trying showing received port: 52548

¿Do you know what pseudovariable represent that value?

I tested with all variables I could find but I could not find anyone.

Thank you

---------------------------------------------------------------------------------------------------------------------------------------------------------



2016/01/19 17:38:38.981987 VENDOR-IP:5060 -> KAMAILIO-IP:5060
SIP/2.0 100 trying -- your call is important to us
Via: SIP/2.0/UDP
PUBLIC-IP:52548;branch=z9hG4bK8b5c.b122371ac0ac2f3ef3204b0f192cb16c.1;rport=52548
Via: SIP/2.0/UDP
ASTERISK-IP:5060;received=ASTERISK-IP;branch=z9hG4bK4082d124;rport=5060
From: 888888888 <sip:888888888 at ASTERISK-IP>;tag=as34f971fe
To: <sip:999999999 at VENDOR-DOMAIN>
Call-ID: 0b5307fa290674a97b47970643fce42a at ASTERISK-IP:5060
CSeq: 102 INVITE
Server: kamailio
Content-Length: 0


2016-01-15 9:50 GMT+01:00 Nelson Migliaro <eng.migliaro at gmail.com>:

> Hello Daniel,
>
> Yes, I am registered to the vendor.
>
> Regards,
>
> Nelson.-
>
> 2016-01-15 7:58 GMT+01:00 Daniel-Constantin Mierla <miconda at gmail.com>:
>
>> Ahh, I thought Asterisk is in the public internet, but actually you
>> connect to a provider (vendor), which seems to run Kamailio as well.
>>
>> Using information from 100 trying is too late, as the INVITE was already
>> sent... so one more question before trying to propose a solution. Do you
>> have to register to the provider?
>>
>> Cheers,
>> Daniel
>>
>>
>> On 14/01/16 18:51, Nelson Migliaro wrote:
>>
>> Yes it is possible, but is there an easy way to workaround the issue
>> using Kamailio.
>>
>> Because I have the port because vendor is sending that info in Trying:
>>
>> 2016/01/13 20:10:15.842055 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
>> SIP/2.0 100 trying -- your call is important to us
>> Via: SIP/2.0/UDP PUBLIC-IP:52548;branch=
>> z9hG4bKdd74.992e238037882e809653f713a5a580a9.1;rport=*52548*
>>
>> I need to find the way to discover the port used by firewall (maybe
>> getting that info from Trying) and then advertise that port.
>>
>>
>>
>> 2016-01-14 18:32 GMT+01:00 Daniel-Constantin Mierla < <miconda at gmail.com>
>> miconda at gmail.com>:
>>
>>> Not really up to date with all Asterisk features -- do you know if you
>>> can append a custom header to a SIP response that is going to be generated
>>> by Asterisk? Eventually the reply for an OPTIONS request.
>>>
>>> Cheers,
>>> Daniel
>>>
>>>
>>> On 14/01/16 17:19, Nelson Migliaro wrote:
>>>
>>> Yes, I manage all devices, even the internet router but it does not
>>> allow static pat.
>>>
>>> 2016-01-14 16:07 GMT+01:00 Daniel-Constantin Mierla <miconda at gmail.com>:
>>>
>>>> Do you control the Asterisk? If yes, depending on Asterisk capabilities
>>>> of building replies, you may be able to do some automation to detect the
>>>> external port.
>>>>
>>>> Cheers,
>>>> Daniel
>>>>
>>>> On Thu, Jan 14, 2016 at 3:47 PM, Nelson Migliaro <
>>>> <eng.migliaro at gmail.com>eng.migliaro at gmail.com> wrote:
>>>>
>>>>> There is not a public Kamailio, only one Kamailio behind NAT,
>>>>>
>>>>> Right now the configuration is:
>>>>>
>>>>> Asterisk <-> Kamailio (Private IP + advertise public IP + RTP Proxy  )
>>>>> <-> Internet router (public IP + symmetric na) <-> Internet
>>>>>
>>>>> Regards,
>>>>>
>>>>> 2016-01-14 15:43 GMT+01:00 Daniel-Constantin Mierla <
>>>>> <miconda at gmail.com>miconda at gmail.com>:
>>>>>
>>>>>> Is the kamailio behind nat communicating with another kamailio on a
>>>>>> public IP?
>>>>>>
>>>>>> Cheers,
>>>>>> DAniel
>>>>>>
>>>>>> On Thu, Jan 14, 2016 at 1:33 PM, Nelson Migliaro <
>>>>>> <eng.migliaro at gmail.com>eng.migliaro at gmail.com> wrote:
>>>>>>
>>>>>>> Thank you Daniel for your answer,
>>>>>>>
>>>>>>> As you mention, there is a symmetric nat and router does not allow a
>>>>>>> static NAT.
>>>>>>>
>>>>>>> By sniffing traffic I can see the port is using new but in case it
>>>>>>> change, how can automate the process of advertising the correct port?
>>>>>>>
>>>>>>> Cheers!
>>>>>>>
>>>>>>>
>>>>>>> ---------- Forwarded message ----------
>>>>>>> From: Daniel-Constantin Mierla < <miconda at gmail.com>
>>>>>>> miconda at gmail.com>
>>>>>>> Date: 2016-01-13 23:28 GMT+01:00
>>>>>>> Subject: Re: [SR-Users] Kamailio and NAT
>>>>>>> To: "Kamailio (SER) - Users Mailing List" <
>>>>>>> <sr-users at lists.sip-router.org>sr-users at lists.sip-router.org>
>>>>>>>
>>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> it looks like you have a symmetric nat router, so the allocated port
>>>>>>> is randomly selected.
>>>>>>>
>>>>>>> If you don't control the nat router to set a static forwarding rule
>>>>>>> or it doesn't provide the option to set static forwarding, then you are
>>>>>>> pretty much left with sniffing the traffic to discover the external port
>>>>>>> and advertise it.
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Daniel
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 13/01/16 20:31, Nelson Migliaro wrote:
>>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I finally were able to run my Kamailio behind NAT but in order to
>>>>>>> accomplish that I included:
>>>>>>>
>>>>>>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
>>>>>>>
>>>>>>> 52548 is the port my internet router change when doing NAT
>>>>>>> (5060->52548). I found this port sniffing traffic
>>>>>>>
>>>>>>> Conclusions at this point are:
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------1--------------------------------------------------------------------------------------------------
>>>>>>> If I use this line:
>>>>>>>
>>>>>>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:5060 it does not work
>>>>>>> :(
>>>>>>>
>>>>>>> When I dial a call, INVITE / ACK / Trying / OK goes fine because
>>>>>>> they are part of the same transaction
>>>>>>> When remote party disconnects the call, BYE goes to PUBLIC-IP port
>>>>>>> 5060 and router blocks de request. I assume vendor sends BYE to 5060
>>>>>>> because it is a new transaction
>>>>>>>
>>>>>>> -----------------------------------------------2--------------------------------------------------------------------------------------------------
>>>>>>>
>>>>>>> If I use this line:
>>>>>>>
>>>>>>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548 it work !!!!!!
>>>>>>>
>>>>>>> When I dial a call, INVITE / ACK / Trying / OK goes fine because
>>>>>>> they are part of the same transaction
>>>>>>> When remote party disconnects the call, BYE goes to PUBLIC-IP port
>>>>>>> 52548 and router forward the request to Kamailio. Since there is an open
>>>>>>> connection.
>>>>>>>
>>>>>>> I need to find the way to find the way to advertise the public port
>>>>>>> internet router is doing NAT (PAT).
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------------------------------------------------------------------------------------------------------
>>>>>>> This trace is a call that worked fine because I included line:
>>>>>>>
>>>>>>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
>>>>>>>
>>>>>>>
>>>>>>> This trace is an INVITE with this line: listen=udp:SOURCE-IP:5060
>>>>>>> advertise PUBLIC-IP:52548
>>>>>>> 2016/01/13 20:10:15.793568 PRIVATE-IP-KAMAILIO:5060 -> VENDOR-IP:5060
>>>>>>> INVITE sip:NUM-DESTINATION at VENDOR-IP SIP/2.0
>>>>>>> Record-Route: <
>>>>>>> sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tB
>>>>>>> A-;nat=yes>
>>>>>>> Via: SIP/2.0/UDP
>>>>>>> PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.0
>>>>>>> Via: SIP/2.0/UDP
>>>>>>> PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
>>>>>>> Max-Forwards: 69
>>>>>>> From: NUM-SOURCE <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
>>>>>>> To: <sip:NUM-DESTINATION at sip.VENDOR-IP>
>>>>>>> Contact:
>>>>>>> <sip:NUM-SOURCE at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1>
>>>>>>> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
>>>>>>> CSeq: 102 INVITE
>>>>>>> User-Agent: Kamailio
>>>>>>> Date: Wed, 13 Jan 2016 19:10:15 GMT
>>>>>>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY,
>>>>>>> INFO, PUBLISH, MESSAGE
>>>>>>> Supported: replaces, timer
>>>>>>> Content-Type: application/sdp
>>>>>>> Content-Length: 255
>>>>>>>
>>>>>>>
>>>>>>> Trying.....
>>>>>>>
>>>>>>> 2016/01/13 20:10:15.842055 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
>>>>>>> SIP/2.0 100 trying -- your call is important to us
>>>>>>> Via: SIP/2.0/UDP
>>>>>>> PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.1;rport=52548
>>>>>>> Via: SIP/2.0/UDP
>>>>>>> PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
>>>>>>> From: NUM-SOURCE <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
>>>>>>> To: <sip:NUM-DESTINATION at VENDOR-IP>
>>>>>>> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
>>>>>>> CSeq: 102 INVITE
>>>>>>> Server: kamailio
>>>>>>> Content-Length: 0
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> And finally a BYE
>>>>>>>
>>>>>>> 2016/01/13 20:10:28.545526 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
>>>>>>> BYE sip:34982298000 at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1
>>>>>>> SIP/2.0
>>>>>>> Via: SIP/2.0/UDP
>>>>>>> VENDOR-IP;branch=z9hG4bK26d8.847e6e14eef37e2cfc8b5e81d33de73d.0
>>>>>>> From: <sip:675896262 at PRIVATE-IP-KAMAILIO>;tag=gK0293ed93
>>>>>>> To: "NUM-SOURCE" <sip:NUM-SOURCE at VENDOR-IP>;tag=as3b72a453
>>>>>>> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
>>>>>>> CSeq: 28731 BYE
>>>>>>> Max-Forwards: 69
>>>>>>> Route: <
>>>>>>> sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tBMzA-;na
>>>>>>> yes>
>>>>>>> Reason: Q.850;cause=16
>>>>>>> Content-Length: 0
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>>>>>>
>>>>>>> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>>>>>>
>>>>>>> Finally, It is finally working because I hardcoded NAT´d port.
>>>>>>> I would like to find a way to avoid setting the port in "hard".
>>>>>>>
>>>>>>> Thank you
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>>>>>>> Book: SIP Routing With Kamailio - http://www.asipto.comhttp://miconda.eu
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
>>>>>>> list
>>>>>>> <sr-users at lists.sip-router.org>sr-users at lists.sip-router.org
>>>>>>> <http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users>
>>>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
>>>>>>> list
>>>>>>> <sr-users at lists.sip-router.org>sr-users at lists.sip-router.org
>>>>>>> <http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users>
>>>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Daniel-Constantin Mierla - <http://www.asipto.com>
>>>>>> http://www.asipto.com
>>>>>> <http://twitter.com/#%21/miconda>http://twitter.com/#!/miconda -
>>>>>> <http://www.linkedin.com/in/miconda>http://www.linkedin.com/in/micond
>>>>>>
>>>>>> _______________________________________________
>>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
>>>>>> list
>>>>>> sr-users at lists.sip-router.org
>>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>>> sr-users at lists.sip-router.org
>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Daniel-Constantin Mierla - <http://www.asipto.com>http://www.asipto.com
>>>> http://twitter.com/#!/miconda - http://www.linkedin.com/in/micond
>>>> <http://www.linkedin.com/in/miconda>
>>>>
>>>> _______________________________________________
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>> sr-users at lists.sip-router.org
>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing listsr-users at lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>>
>>> --
>>> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>>> Book: SIP Routing With Kamailio - http://www.asipto.comhttp://miconda.eu
>>>
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users at lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>>
>>
>> --
>> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>> Book: SIP Routing With Kamailio - http://www.asipto.comhttp://miconda.eu
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160119/31dae0ad/attachment.html>

More information about the sr-users mailing list