[SR-Users] about kamailio.cfg NAT test
Daniel-Constantin Mierla
miconda at gmail.com
Tue Mar 24 15:00:43 CET 2020
Hello,
this is the test to detect devices behind NAT that use STUN, so they
discover properly the public IP of the NAT router, but the port
allocation is different for STUN and SIP traffic.
If you have an asymmetric signalling client, then this test is not
useful -- actually nat traversal cannot be done for asymmetric
signalling (when client sends from one address (ip+port) and expects
traffic back to another address). You haven't included the contact
address, but anyhow probably the reply is not expected on port 44717 as
it is indicated in Via. The phone expects some natted environment, as it
requested "rport" handling (send back the reply to the port from where
the request was received). If it wanted asymmetric signalling, then
rport is not needed. If it knew it sends and receives to the same port,
also rport would not be needed.
Maybe this is just baresip approach not to detect local port of the tcp
connection, putting a random value in Via and setting rport parameter.
You can tune the test for your specific environment/client apps, but for
the vast majority of the cases I encountered over the years, this test
is the best one to detect clients behind nat that are using stun.
Cheers,
Daniel
On 24.03.20 13:01, Juha Heinanen wrote:
> In kamailio/etc/kamailio.cfg NAT test is based on nat_uac_test("19").
> 19 includes test 16:
>
> 16 - Test if the source port is different from the port in the “Via”
> header. If the “Via” header contains no port, it uses the default SIP
> port 5060
>
> Based on a couple of tests using baresip, looks like that results in
> false positive when UA connects to SIP proxy via TCP.
>
> An example:
>
> T 2020/03/24 13:57:12.685441 192.26.134.10:38940 -> 192.26.134.1:5060 [AP] #127
> REGISTER sip:test.tutpro.com SIP/2.0.
> Via: SIP/2.0/TCP 192.26.134.10:44717;branch=z9hG4bK5b6aa423104ef942;rport.
>
> Does someone know why test 16 is included?
>
> -- Juha
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
More information about the sr-users
mailing list