[SR-Users] How to detect NAT during authenticated registration of clients which adjust the headers
Yuriy Gorlichenko
ovoshlook at gmail.com
Fri Feb 28 19:03:30 CET 2020
But why it becomes a problem? It looks like client reloves NAT issue on his
side. So during the call of this user you will send request to the proper
destination address anyway.
On Fri, 28 Feb 2020, 18:03 David Villasmil, <david.villasmil.work at gmail.com>
wrote:
> Can you paste the challenge and responses?
>
> On Fri, 28 Feb 2020 at 14:50, Awal Junanto <a.junanto at gmail.com> wrote:
>
>> I added a call to add_uri_param("nat=yes") before auth_challenge("$fd",
>> "0"), but couldn't see any difference in the actual SIP messages. The
>> challenge (and the response) didn't contain that newly added keyword. Or am
>> I missing something here?
>>
>> On Fri, 28 Feb 2020 at 13:58, David Villasmil <
>> david.villasmil.work at gmail.com> wrote:
>>
>>> There probably is a better way of doing this, but maybe you can store
>>> the fact that the first register came from a natted device in the locations
>>> table (or a hash).
>>>
>>> Or maybe add a parameter when challenging where you state the client is
>>> natting?
>>>
>>> Something like this
>>>
>>> https://kamailio.org/docs/modules/3.1.x/modules_k/siputils.html#id2769802
>>>
>>>
>>> Hope that helps
>>>
>>> David
>>>
>>> On Fri, 28 Feb 2020 at 12:03, Awal Junanto <a.junanto at gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> We are building a service where we need to detect NAT when the clients
>>>> register to our server. We are struggling in analyzing NAT status of some
>>>> clients which modify their IP addresses/ports in the headers according to
>>>> the value of "received" parameter sent during "401 Unauthorized" response.
>>>>
>>>> Here's the flow:
>>>>
>>>> Client->Server
>>>> REGISTER sip:...
>>>> Via: SIP/2.0/TLS 192.168.0.1:41157
>>>> ;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;alias
>>>> Contact: <sip:user at 192.168.0.1:42251;transport=TLS;ob>
>>>> ...
>>>> Server->Client
>>>> SIP/2.0 401 Unauthorized
>>>> Via: SIP/2.0/TLS 192.168.0.1:41157
>>>> ;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;alias;received=1.2.3.4
>>>> WWW-Authenticate: ...
>>>> ...
>>>>
>>>> Client->Server
>>>> REGISTER sip:...
>>>> Via: SIP/2.0/TLS 1.2.3.4:6201
>>>> ;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;alias
>>>> Contact: <sip:user@ 1.2.3.4:6201;transport=TLS;ob>
>>>> Authorization: ...
>>>> ...
>>>>
>>>> By the time the client is authenticated, there is no way to detect
>>>> whether the request was coming from a natted device or not by just
>>>> analysing the Via or Contact headers.
>>>>
>>>> Thanks in advance.
>>>>
>>>>
>>>> _______________________________________________
>>>> Kamailio (SER) - Users Mailing List
>>>> sr-users at lists.kamailio.org
>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>> --
>>> Regards,
>>>
>>> David Villasmil
>>> email: david.villasmil.work at gmail.com
>>> phone: +34669448337
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users at lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>
>>
>> --
>> Best Regards,
>> Awal
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> --
> Regards,
>
> David Villasmil
> email: david.villasmil.work at gmail.com
> phone: +34669448337
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200228/35c31d3b/attachment.html>
More information about the sr-users
mailing list