[SR-Users] Client behind nat without stun and kamailio behind NAT
Алексей Якимкин
ayakimkin at gmail.com
Fri Jul 8 16:26:50 CEST 2022
Hello,
I hope somebody could help me.
This is my scheme.
User-agent is behind NAT1. Kamailio and pbx are behind NAT2
[Client ip-phone 192.168.89.213 without stun] - LAN1 - NAT1(46.0.0.30) -
(internet) - (51.0.0.60)NAT2 - Local2 - (10.130.0.23:5060)kamailio(
10.130.0.23:5070) - pbx
*Questions*:
*1*. The VIA header (with 10.130.0.23 and 51.0.0.60) wasn't included in SIP
packets. Why? For example 200OK reply. It came from pbx through kamailio.
Which setting could break it?
Session Initiation Protocol (200)
Status-Line: SIP/2.0 200 OK
Message Header
Via: SIP/2.0/UDP 192.168.89.213:5060
;rport=9570;received=46.0.0.30;branch=z9hG4bK2480172053
Record-Route: <sip:c172.19.19.111.8348.call.cgatepro;lr>
Record-Route: <sip:172.19.19.111:5060;lr>
Record-Route: <sip:10.130.0.23:5070
;r2=on;lr;ftag=4268683942;nat=yes>,<sip:51.0.0.60;r2=on;lr;ftag=4268683942;nat=yes>
From: "Aleksey" <sip:a.yakimkin at mail.domain.ru:5060>;tag=4268683942
To: <sip:2961 at mail.domain.ru:5060
>;tag=A03E2397-404246-FA7543E4_jizmelr-582D
Call-ID: 6_1903330087 at 192.168.89.213
[Generated Call-ID: 6_1903330087 at 192.168.89.213]
CSeq: 2 INVITE
Contact: <sip:signode-404246-FA7543E4_jizmelr-582D at 172.19.19.111
;alias=51.0.0.60~5060~1>
Supported: 100rel,timer,replaces,histinfo,precondition
Allow: INVITE,BYE,CANCEL,ACK,OPTIONS,INFO,MESSAGE,PRACK,UPDATE,REFER
Session-Expires: 1800;refresher=uas
Content-Type: application/sdp
Content-Length: 1170
Message Body
*2*. About Registrar, Path and $du.
Phone set Register with headers:
Via: SIP/2.0/UDP 192.168.89.213:5060;branch=z9hG4bK2691182696
From: "Aleksey" <sip:a.yakimkin at mail.domain.ru:5060>;tag=3926879477
To: "Aleksey" <sip:a.yakimkin at mail.domain.ru:5060>
Contact: <sip:a.yakimkin at 192.168.89.213:5060>
Kamailio respond
Via: SIP/2.0/UDP 192.168.89.213:5060
;rport=9570;received=46.0.0.30;branch=z9hG4bK617463686
Path: <sip:10.130.0.23:5070
;lr;received=46.0.0.30~9570~1;r2=on>,<sip:51.0.0.60;lr;received=46.0.0.30~9570~1;r2=on>
From: "Aleksey" <sip:a.yakimkin at mail.domain.ru:5060>;tag=3926879477
To: "Aleksey" <sip:a.yakimkin at mail.domain.ru:5060>;tag=194ED16D
Contact: <sip:a.yakimkin at 192.168.89.213:5060>;expires=360
Contact: <sip:2447 at 192.168.89.221:5060>;expires=247
Contact: <sip:2447 at 192.168.9.16:5060>;expires=2116
I try to make a call from pbx to ip phone.
pbx inserts in Invite header Route: <sip:10.130.0.23:5070
;lr;received=46.0.0.30~9570~1;r2=on>
But kamailio relayed Invite direct to 192.168.89.213. (There is network
connectivity between ip-phone and kamailio through vpn). The code below
helps me to solve my issue. I saw mail-list with similar trouble. But no
setting could get kamailio to relay Invite to "Route-received" ip.
$var(the_route) = $hdr(Route);
$var(route0) = $(var(the_route){s.select,0,,});
$var(new_host) = $(var(route0){param.value,received}{s.select,0,~});
$var(new_port) = $(var(route0){param.value,received}{s.select,1,~});
if (!strempty($var(new_host)) && !strempty($var(new_port)) ) {
$du = "sip:" + $var(new_host) + ":" + $var(new_port);
}
*Kamailio settings:*
I have such listeners
listen=udp:10.130.0.23:5070 # to local network
listen=udp:10.130.0.23:5060 advertise 51.0.0.60:5060 # to internet
#MODULE SETTING
#---
# ----- jsonrpcs params -----
modparam("jsonrpcs", "pretty_format", 1)
/* set the path to RPC fifo control file */
# modparam("jsonrpcs", "fifo_name", "/var/run/kamailio/kamailio_rpc.fifo")
/* set the path to RPC unix socket control file */
# modparam("jsonrpcs", "dgram_socket",
"/var/run/kamailio/kamailio_rpc.sock")
modparam("path", "use_received", 1)
modparam("path", "enable_r2", 1)
modparam("path", "received_format", 1)
# ----- ctl params -----
/* set the path to RPC unix socket control file */
# modparam("ctl", "binrpc", "unix:/var/run/kamailio/kamailio_ctl")
# ----- tm params -----
# auto-discard branches from previous serial forking leg
modparam("tm", "failure_reply_mode", 3)
# default retransmission timeout: 30sec
modparam("tm", "fr_timer", 30000)
# default invite retransmission timeout after 1xx: 120sec
modparam("tm", "fr_inv_timer", 120000)
modparam("tm", "auto_inv_100_reason", "Trying")
# ----- rr params -----
# set next param to 1 to add value to ;lr param (helps with some UAs)
modparam("rr", "enable_full_lr", 0)
# do not append from tag to the RR (no need for this script)
modparam("rr", "append_fromtag", 1)
modparam("rr", "enable_double_rr", 2)
modparam("rr", "force_send_socket", 1)
# ----- registrar params -----
modparam("registrar", "method_filtering", 1)
/* uncomment the next line to disable parallel forking via location */
# modparam("registrar", "append_branches", 0)
/* uncomment the next line not to allow more than 10 contacts per AOR */
# modparam("registrar", "max_contacts", 10)
/* max value for expires of registrations */
modparam("registrar", "max_expires", 3600)
/* set it to 1 to enable GRUU */
modparam("registrar", "gruu_enabled", 0)
modparam("registrar", "use_path", 1)
modparam("registrar", "path_use_received", 1)
modparam("registrar", "path_mode", 0)
#---
For register I use this code
route[REGISTRAR] {
...
add_path_received();
set_send_socket("udp:10.130.0.23:5070");
route(DISPATCH);
...
}
route[RELAY] {
...
if ($Ru eq "sip:10.130.0.23:5070") {
$fs = "udp:10.130.0.23:5060";
} else {
$fs = "udp:10.130.0.23:5070";
}
...
}
route[NATMANAGE] {
#!ifdef WITH_NAT
if (is_request()) {
if(has_totag()) {
if(check_route_param("nat=yes")) {
setbflag(FLB_NATB);
}
}
}
if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB))) return;
#send INVITE to IP:PROT from Route:...;received=
$var(the_route) = $hdr(Route);
$var(route0) = $(var(the_route){s.select,0,,});
$var(new_host) = $(var(route0){param.value,received}{s.select,0,~});
$var(new_port) = $(var(route0){param.value,received}{s.select,1,~});
if (!strempty($var(new_host)) && !strempty($var(new_port)) ) {
$du = "sip:" + $var(new_host) + ":" + $var(new_port);
}
if (client_nat_test("3")) {
if(nat_uac_test("18")) {
if ($Ru == "sip:10.130.0.23:5070") {
rtpproxy_manage("co", "51.0.0.60"); #
fix_nated_sdp
} else {
rtpproxy_manage("co");
}
if (is_method("REGISTER")) {
#if ($Ru == "sip:10.130.0.23:5070") {
# fix_nated_contact();
#} else {
# set_contact_alias();
#}
set_contact_alias();
} else {
if(is_first_hop()) {
set_contact_alias();
} else {
add_contact_alias("51.0.0.60",
"5060", "udp");
#fix_nated_contact();
}
}
} else {
if ($Ru == "sip:10.130.0.23:5070") {
rtpproxy_manage("cor", "51.0.0.60"); #
fix_nated_sdp
} else {
rtpproxy_manage("cor");
}
}
} else {
rtpproxy_manage("co");
}
if (is_request()) {
if (!has_totag()) {
if(t_is_branch_route()) {
add_rr_param(";nat=yes");
#fix_contact();
}
}
}
if (is_reply()) {
if(isbflagset(FLB_NATB)) {
if(is_first_hop())
set_contact_alias();
#} else {
#fix_contact();
#}
}
}
#!endif
return;
}
Thank you.
--
Best regards,
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220708/458a4a5f/attachment.htm>
More information about the sr-users
mailing list