[SR-Users] Issue with INVITE to NATed client

Iskren Hadzhinedev iskren.hadzhinedev at ikiji.com
Fri May 5 18:32:35 CEST 2017


Hello Sammy,
The default kamailio.cfg was quite intimidating for me while trying to 
read it, so I got a simpler one that just proxies all requests to a 
backend PBX and started from there.
Here's my current configuration file (Public IP masked):
#!KAMAILIO

#!define IPADDRESS "X.X.X.X"

#!define FLAG_FROM_SWITCH 1
#!define FLAG_FROM_USER 2

#!define NODE_FAILURE 100
mpath = "/usr/lib/x86_64-linux-gnu/kamailio/modules"
listen = "X.X.X.X"

# ------------------ module loading ----------------------------------
loadmodule "mi_fifo.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "pv.so"
loadmodule "sl.so"
loadmodule "maxfwd.so"
loadmodule "nathelper.so"
loadmodule "textops.so"
loadmodule "sdpops.so"
loadmodule "siputils.so"
loadmodule "xlog.so"
loadmodule "sanity.so"
loadmodule "path.so"
loadmodule "dispatcher.so"
loadmodule "usrloc.so"

# ----------------- setting module-specific parameters ---------------
modparam("mi_fifo", "fifo_name", "/var/run/kamailio/kamailio_fifo")
modparam("nathelper|registrar", "received_avp", "$avp(s:rcv)")
modparam("dispatcher", "dst_avp", "$avp(AVP_DST)")
modparam("dispatcher", "grp_avp", "$avp(GRP_DST)")
modparam("dispatcher", "cnt_avp", "$avp(CNT_DST)")
modparam("dispatcher", "ds_ping_method", "OPTIONS")
modparam("dispatcher", "ds_ping_interval", 3)
modparam("dispatcher", "ds_probing_threshhold", 1)
modparam("dispatcher", "ds_probing_mode", 1)
# -------------------------  request routing logic -------------------
# main routing logic

route {
         # Handle insane requests
         route(SANITY_CHECK);

         # CANCEL processing
         if (is_method("CANCEL")) {
                 if (t_check_trans()) {
                         t_relay();
                 }
                 exit;
         }

         # Determine where the requests are coming from
         route(CHECK_SOURCE_IP);

         # Handle NAT
         route(NAT_DETECT);

         # Handle existing SIP dialogs
         route(WITHINDLG);

         # Process new SIP dialogs below
         if (is_method("INVITE|REFER")) {
                 record_route();
         }

         if (is_method("REGISTER")) {
             add_path();
         }

         if (isflagset(FLAG_FROM_SWITCH)) {
                 # don't send INVITE from SWITCH back to SWITCH, set 
reply route to handle NAT and forward them along
                 t_on_reply("EXTERNAL_REPLY");
         } else {
                 # Route to one of the switches
                 #route(TO_SWITCH_NODE);
                if(!ds_select_dst("1", "1")) {
                    sl_send_reply("503", "No route available");
                    exit;
                }
         }

         route(RELAY);
}

# Failover gracefully
route[TO_SWITCH_NODE] {
     ds_select_dst("1", "1");
     t_on_failure(NODE_FAILURE);
     t_relay();
     exit();
}

failure_route[NODE_FAILURE] {
     ds_mark_dst("p");
     ds_next_dst();
     t_on_failure(NODE_FAILURE);
     t_relay();
}

route[SANITY_CHECK]
{
         if (!sanity_check()) {
                 exit;
         }

         if (!mf_process_maxfwd_header("10")) {
                 send_reply("483", "Too Many Hops");
                 exit;
         }

         if ($ua == "friendly-scanner" ||
                 $ua == "sundayddr" ||
                 $ua =~ "sipcli" ) {
                 exit;
         }

         if ($si == IPADDRESS) {
                 exit;
         }

}


route[CHECK_SOURCE_IP]
{
         if (ds_is_from_list("1")) {
                 setflag(FLAG_FROM_SWITCH);
         } else {
                 setflag(FLAG_FROM_USER);
         }
}

# Handle requests within SIP dialogs
route[WITHINDLG]
{
         if (has_totag()) {
                 # sequential request withing a dialog should
                 # take the path determined by record-routing
                 #lookup("location");
                 if (loose_route()) {
                         route(RELAY);
                 } else {
                         if (is_method("NOTIFY")) {
                                 route(RELAY);
                         }
                         if (is_method("SUBSCRIBE") && uri == myself) {
                                 # in-dialog subscribe requests
                                 exit;
                         }
                         if (is_method("ACK")) {
                                 if (t_check_trans()) {
                                         # no loose-route, but stateful ACK;
                                         # must be an ACK after a 487
                                         # or e.g. 404 from upstream server
                                         t_relay();
                                         exit;
                                 } else {
                                         # ACK without matching 
transaction ... ignore and discard
                                         exit;
                                 }
                         }
                         sl_send_reply("404","Not here");
                 }
                 exit;
         }
}

onreply_route[EXTERNAL_REPLY]
{
         route(NAT_TEST_AND_CORRECT);
}


route[NAT_TEST_AND_CORRECT]
{
         if (nat_uac_test("19")) {
                 if (is_method("REGISTER")) {
                         fix_nated_register();
                 } else {
                         fix_nated_contact();
                 }
                 force_rport();
         }
         if (has_body("application/sdp") && nat_uac_test("8")) {
                 fix_nated_sdp("10");
         }
}

route[RELAY]
{
         if (!t_relay()) {
             xlog("L_WARN", "RELAY failed!\n");
                 sl_reply_error();
         }
         exit;
}

route[NAT_DETECT] {
     force_rport();
     if(nat_uac_test("19")) {
         if(is_method("REGISTER")) {
             fix_nated_register();
             add_path_received();
             #save("location");
         } else {
             # Disabled, maybe unnecessary
#           if(is_first_hop())
#               set_contact_alias();
             fix_nated_contact();
         }

         if (sdp_content()) {
             fix_nated_sdp("10");
         }
     }
     return;
}

Regards,
Iskren

On 05/05/17 16:36, SamyGo wrote:
> Hi,
> Can you share the config file. Seems you've made changes to 
> configuration file. Using save("location") w/o any authentication 
> above it will result in anyone getting 200OK for a REGISTER.
>
> Looking at the config will help point you to the right way.
>
> Regards,
> Sammy
>
>
> On Fri, May 5, 2017 at 10:56 AM, Iskren Hadzhinedev 
> <iskren.hadzhinedev at ikiji.com <mailto:iskren.hadzhinedev at ikiji.com>> 
> wrote:
>
>     Hi list!
>
>     I'm using kamailio 4.2 for load-balancing and failover via
>     dispatcher, but I'm having some NAT related issues and I was
>     hoping that someone might point me in the right direction.
>     My setup is the following:
>
>     PSTN - PBX - kamailio - NAT - client
>
>     Calls from the NATed client to PSTN and/or PBX features (e.g.
>     voicemail) work just fine.
>     However, when a call comes from PSTN to the client, kamailio sends
>     the INVITE to the client's RFC1918 IP and I can't figure out how
>     to send it to the correct destination. I tried loading the
>     registrar and usrloc modules and used save("location") during
>     REGISTER and lookup("location") just before loose_route(), but the
>     end result was that kamailio replied to REGISTERs with any
>     username/password with a 200 OK and the endpoints never registered
>     with the PBX.
>     I can attach the config file if that will help.
>
>     Thanks for all input in advance!
>
>     Regards,
>     Iskren
>
>     _______________________________________________
>     Kamailio (SER) - Users Mailing List
>     sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>     https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>     <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>
>
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20170505/cc20ee2f/attachment.html>


More information about the sr-users mailing list