[SR-Users] How to detect NAT during authenticated registration of clients which adjust the headers
Awal Junanto
a.junanto at gmail.com
Fri Feb 28 13:01:23 CET 2020
Hi,
We are building a service where we need to detect NAT when the clients
register to our server. We are struggling in analyzing NAT status of some
clients which modify their IP addresses/ports in the headers according to
the value of "received" parameter sent during "401 Unauthorized" response.
Here's the flow:
Client->Server
REGISTER sip:...
Via: SIP/2.0/TLS 192.168.0.1:41157
;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;alias
Contact: <sip:user at 192.168.0.1:42251;transport=TLS;ob>
...
Server->Client
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS 192.168.0.1:41157
;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;alias;received=1.2.3.4
WWW-Authenticate: ...
...
Client->Server
REGISTER sip:...
Via: SIP/2.0/TLS 1.2.3.4:6201
;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;alias
Contact: <sip:user@ 1.2.3.4:6201;transport=TLS;ob>
Authorization: ...
...
By the time the client is authenticated, there is no way to detect whether
the request was coming from a natted device or not by just analysing the
Via or Contact headers.
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200228/a145e197/attachment.html>
More information about the sr-users
mailing list