[SR-Users] Client behind nat without stun and kamailio behind NAT

Алексей Якимкин ayakimkin at gmail.com
Fri Jul 8 16:26:50 CEST 2022


Hello,

I hope somebody could help me.

This is my scheme.
User-agent is behind NAT1. Kamailio and pbx are behind NAT2
[Client ip-phone 192.168.89.213 without stun] - LAN1 - NAT1(46.0.0.30) -
(internet) - (51.0.0.60)NAT2 - Local2 - (10.130.0.23:5060)kamailio(
10.130.0.23:5070) - pbx

*Questions*:
*1*. The VIA header (with 10.130.0.23 and 51.0.0.60) wasn't included in SIP
packets. Why? For example 200OK reply. It came from pbx through kamailio.
Which setting could break it?

Session Initiation Protocol (200)
    Status-Line: SIP/2.0 200 OK
    Message Header
        Via: SIP/2.0/UDP 192.168.89.213:5060
;rport=9570;received=46.0.0.30;branch=z9hG4bK2480172053
        Record-Route: <sip:c172.19.19.111.8348.call.cgatepro;lr>
        Record-Route: <sip:172.19.19.111:5060;lr>
        Record-Route: <sip:10.130.0.23:5070
;r2=on;lr;ftag=4268683942;nat=yes>,<sip:51.0.0.60;r2=on;lr;ftag=4268683942;nat=yes>
        From: "Aleksey" <sip:a.yakimkin at mail.domain.ru:5060>;tag=4268683942
        To: <sip:2961 at mail.domain.ru:5060
>;tag=A03E2397-404246-FA7543E4_jizmelr-582D
        Call-ID: 6_1903330087 at 192.168.89.213
        [Generated Call-ID: 6_1903330087 at 192.168.89.213]
        CSeq: 2 INVITE
        Contact: <sip:signode-404246-FA7543E4_jizmelr-582D at 172.19.19.111
;alias=51.0.0.60~5060~1>
        Supported: 100rel,timer,replaces,histinfo,precondition
        Allow: INVITE,BYE,CANCEL,ACK,OPTIONS,INFO,MESSAGE,PRACK,UPDATE,REFER
        Session-Expires: 1800;refresher=uas
        Content-Type: application/sdp
        Content-Length: 1170
    Message Body


*2*. About Registrar, Path and $du.
Phone set Register with headers:
         Via: SIP/2.0/UDP 192.168.89.213:5060;branch=z9hG4bK2691182696
        From: "Aleksey" <sip:a.yakimkin at mail.domain.ru:5060>;tag=3926879477
        To: "Aleksey" <sip:a.yakimkin at mail.domain.ru:5060>
        Contact: <sip:a.yakimkin at 192.168.89.213:5060>
Kamailio respond
        Via: SIP/2.0/UDP 192.168.89.213:5060
;rport=9570;received=46.0.0.30;branch=z9hG4bK617463686
        Path: <sip:10.130.0.23:5070
;lr;received=46.0.0.30~9570~1;r2=on>,<sip:51.0.0.60;lr;received=46.0.0.30~9570~1;r2=on>
        From: "Aleksey" <sip:a.yakimkin at mail.domain.ru:5060>;tag=3926879477
        To: "Aleksey" <sip:a.yakimkin at mail.domain.ru:5060>;tag=194ED16D
        Contact: <sip:a.yakimkin at 192.168.89.213:5060>;expires=360
        Contact: <sip:2447 at 192.168.89.221:5060>;expires=247
        Contact: <sip:2447 at 192.168.9.16:5060>;expires=2116

I try to make a call from pbx to ip phone.
pbx inserts in Invite header Route: <sip:10.130.0.23:5070
;lr;received=46.0.0.30~9570~1;r2=on>
But kamailio relayed Invite direct to 192.168.89.213. (There is network
connectivity  between ip-phone and kamailio  through vpn). The code below
helps me to solve my issue. I saw mail-list with similar trouble. But no
setting could get kamailio to relay Invite to "Route-received" ip.


        $var(the_route) = $hdr(Route);
        $var(route0) = $(var(the_route){s.select,0,,});
        $var(new_host) = $(var(route0){param.value,received}{s.select,0,~});
        $var(new_port) = $(var(route0){param.value,received}{s.select,1,~});
        if (!strempty($var(new_host)) && !strempty($var(new_port)) ) {
                $du = "sip:" + $var(new_host) + ":" + $var(new_port);
        }

*Kamailio settings:*
I have such listeners
listen=udp:10.130.0.23:5070 # to local network
listen=udp:10.130.0.23:5060 advertise 51.0.0.60:5060 # to internet

#MODULE SETTING
#---
# ----- jsonrpcs params -----
modparam("jsonrpcs", "pretty_format", 1)
/* set the path to RPC fifo control file */
# modparam("jsonrpcs", "fifo_name", "/var/run/kamailio/kamailio_rpc.fifo")
/* set the path to RPC unix socket control file */
# modparam("jsonrpcs", "dgram_socket",
"/var/run/kamailio/kamailio_rpc.sock")

modparam("path", "use_received", 1)
modparam("path", "enable_r2", 1)
modparam("path", "received_format", 1)

# ----- ctl params -----
/* set the path to RPC unix socket control file */
# modparam("ctl", "binrpc", "unix:/var/run/kamailio/kamailio_ctl")

# ----- tm params -----
# auto-discard branches from previous serial forking leg
modparam("tm", "failure_reply_mode", 3)
# default retransmission timeout: 30sec
modparam("tm", "fr_timer", 30000)
# default invite retransmission timeout after 1xx: 120sec
modparam("tm", "fr_inv_timer", 120000)
modparam("tm", "auto_inv_100_reason", "Trying")

# ----- rr params -----
# set next param to 1 to add value to ;lr param (helps with some UAs)
modparam("rr", "enable_full_lr", 0)
# do not append from tag to the RR (no need for this script)
modparam("rr", "append_fromtag", 1)
modparam("rr", "enable_double_rr", 2)
modparam("rr", "force_send_socket", 1)

# ----- registrar params -----
modparam("registrar", "method_filtering", 1)
/* uncomment the next line to disable parallel forking via location */
# modparam("registrar", "append_branches", 0)
/* uncomment the next line not to allow more than 10 contacts per AOR */
# modparam("registrar", "max_contacts", 10)
/* max value for expires of registrations */
modparam("registrar", "max_expires", 3600)
/* set it to 1 to enable GRUU */
modparam("registrar", "gruu_enabled", 0)

modparam("registrar", "use_path", 1)
modparam("registrar", "path_use_received", 1)
modparam("registrar", "path_mode", 0)
#---

For register I use this code
route[REGISTRAR] {
...
add_path_received();
set_send_socket("udp:10.130.0.23:5070");
route(DISPATCH);
...
}
route[RELAY] {
...
        if ($Ru eq "sip:10.130.0.23:5070") {
                $fs = "udp:10.130.0.23:5060";
        } else {
                $fs = "udp:10.130.0.23:5070";
        }
...
}
route[NATMANAGE] {
#!ifdef WITH_NAT
        if (is_request()) {
                if(has_totag()) {
                        if(check_route_param("nat=yes")) {
                                setbflag(FLB_NATB);
                        }
                }
        }
        if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB))) return;

        #send INVITE to IP:PROT from Route:...;received=
        $var(the_route) = $hdr(Route);
        $var(route0) = $(var(the_route){s.select,0,,});
        $var(new_host) = $(var(route0){param.value,received}{s.select,0,~});
        $var(new_port) = $(var(route0){param.value,received}{s.select,1,~});
        if (!strempty($var(new_host)) && !strempty($var(new_port)) ) {
                $du = "sip:" + $var(new_host) + ":" + $var(new_port);
        }
        if (client_nat_test("3")) {

                if(nat_uac_test("18")) {
                        if ($Ru == "sip:10.130.0.23:5070") {
                                rtpproxy_manage("co", "51.0.0.60"); #
fix_nated_sdp
                        } else {
                                rtpproxy_manage("co");
                        }

                        if (is_method("REGISTER")) {
                                #if ($Ru == "sip:10.130.0.23:5070") {
                                #       fix_nated_contact();
                                #} else {
                                #       set_contact_alias();
                                #}
                                set_contact_alias();
                        } else {
                                if(is_first_hop()) {
                                        set_contact_alias();
                                } else {
                                        add_contact_alias("51.0.0.60",
"5060", "udp");
                                        #fix_nated_contact();
                                }
                        }
                } else {
                        if ($Ru == "sip:10.130.0.23:5070") {
                                rtpproxy_manage("cor", "51.0.0.60"); #
fix_nated_sdp
                        } else {
                                rtpproxy_manage("cor");
                        }
                }
        } else {
                rtpproxy_manage("co");
        }
        if (is_request()) {
                if (!has_totag()) {
                        if(t_is_branch_route()) {
                                add_rr_param(";nat=yes");
                                #fix_contact();
                        }
                }
        }
        if (is_reply()) {
                if(isbflagset(FLB_NATB)) {
                        if(is_first_hop())
                                set_contact_alias();
                        #} else {
                                #fix_contact();
                        #}
                }
        }
#!endif
        return;
}

Thank you.

-- 
Best regards,
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220708/458a4a5f/attachment.htm>


More information about the sr-users mailing list