[SR-Users] How to detect NAT during authenticated registration of clients which adjust the headers
Awal Junanto
a.junanto at gmail.com
Fri Feb 28 15:48:27 CET 2020
I added a call to add_uri_param("nat=yes") before auth_challenge("$fd",
"0"), but couldn't see any difference in the actual SIP messages. The
challenge (and the response) didn't contain that newly added keyword. Or am
I missing something here?
On Fri, 28 Feb 2020 at 13:58, David Villasmil <
david.villasmil.work at gmail.com> wrote:
> There probably is a better way of doing this, but maybe you can store the
> fact that the first register came from a natted device in the locations
> table (or a hash).
>
> Or maybe add a parameter when challenging where you state the client is
> natting?
>
> Something like this
>
> https://kamailio.org/docs/modules/3.1.x/modules_k/siputils.html#id2769802
>
>
> Hope that helps
>
> David
>
> On Fri, 28 Feb 2020 at 12:03, Awal Junanto <a.junanto at gmail.com> wrote:
>
>> Hi,
>>
>> We are building a service where we need to detect NAT when the clients
>> register to our server. We are struggling in analyzing NAT status of some
>> clients which modify their IP addresses/ports in the headers according to
>> the value of "received" parameter sent during "401 Unauthorized" response.
>>
>> Here's the flow:
>>
>> Client->Server
>> REGISTER sip:...
>> Via: SIP/2.0/TLS 192.168.0.1:41157
>> ;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;alias
>> Contact: <sip:user at 192.168.0.1:42251;transport=TLS;ob>
>> ...
>> Server->Client
>> SIP/2.0 401 Unauthorized
>> Via: SIP/2.0/TLS 192.168.0.1:41157
>> ;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;alias;received=1.2.3.4
>> WWW-Authenticate: ...
>> ...
>>
>> Client->Server
>> REGISTER sip:...
>> Via: SIP/2.0/TLS 1.2.3.4:6201
>> ;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;alias
>> Contact: <sip:user@ 1.2.3.4:6201;transport=TLS;ob>
>> Authorization: ...
>> ...
>>
>> By the time the client is authenticated, there is no way to detect
>> whether the request was coming from a natted device or not by just
>> analysing the Via or Contact headers.
>>
>> Thanks in advance.
>>
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> --
> Regards,
>
> David Villasmil
> email: david.villasmil.work at gmail.com
> phone: +34669448337
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
--
Best Regards,
Awal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200228/a31c6a88/attachment.html>
More information about the sr-users
mailing list