[SR-Users] Client behind nat without stun and kamailio behind NAT

Sergiu Pojoga pojogas at gmail.com
Fri Jul 8 18:59:04 CEST 2022


Can't tell what exactly is wrong with the whole logic of your script, most
likely a couple of things, without spending an entire day troubleshooting
it. Instead, can highlight a few things that may help:

   1. do yourself a big favor and put Kamailio on a public IP or dst_nat
   SIP to it, unless you plan on running a VoIP business off a home internet
   or something
   2. for REGISTER, if you final Registrar supports *PATH*, you don't need
   to also *set_contact_alias()* on top of *add_path_received()*. You
   either do one approach or the other.
   3. Invites and others originating from the PBX, having the preset *Route*,
   must simply be handled by *loose_route() *in combination with
*modparam("path",
   "use_received", 1)*. All that convoluted *$du* manipulation that you are
   doing trying to compile it from the Route header is totally unnecessary.

Keep trying, you aren't far from figuring it out.

Regards,
--Sergiu

On Fri, Jul 8, 2022 at 10:30 AM Алексей Якимкин <ayakimkin at gmail.com> wrote:

> Hello,
>
> I hope somebody could help me.
>
> This is my scheme.
> User-agent is behind NAT1. Kamailio and pbx are behind NAT2
> [Client ip-phone 192.168.89.213 without stun] - LAN1 - NAT1(46.0.0.30) -
> (internet) - (51.0.0.60)NAT2 - Local2 - (10.130.0.23:5060)kamailio(
> 10.130.0.23:5070) - pbx
>
> *Questions*:
> *1*. The VIA header (with 10.130.0.23 and 51.0.0.60) wasn't included in
> SIP packets. Why? For example 200OK reply. It came from pbx through
> kamailio. Which setting could break it?
>
> Session Initiation Protocol (200)
>     Status-Line: SIP/2.0 200 OK
>     Message Header
>         Via: SIP/2.0/UDP 192.168.89.213:5060
> ;rport=9570;received=46.0.0.30;branch=z9hG4bK2480172053
>         Record-Route: <sip:c172.19.19.111.8348.call.cgatepro;lr>
>         Record-Route: <sip:172.19.19.111:5060;lr>
>         Record-Route: <sip:10.130.0.23:5070
> ;r2=on;lr;ftag=4268683942;nat=yes>,<sip:51.0.0.60;r2=on;lr;ftag=4268683942;nat=yes>
>         From: "Aleksey" <sip:a.yakimkin at mail.domain.ru:5060
> >;tag=4268683942
>         To: <sip:2961 at mail.domain.ru:5060
> >;tag=A03E2397-404246-FA7543E4_jizmelr-582D
>         Call-ID: 6_1903330087 at 192.168.89.213
>         [Generated Call-ID: 6_1903330087 at 192.168.89.213]
>         CSeq: 2 INVITE
>         Contact: <sip:signode-404246-FA7543E4_jizmelr-582D at 172.19.19.111
> ;alias=51.0.0.60~5060~1>
>         Supported: 100rel,timer,replaces,histinfo,precondition
>         Allow:
> INVITE,BYE,CANCEL,ACK,OPTIONS,INFO,MESSAGE,PRACK,UPDATE,REFER
>         Session-Expires: 1800;refresher=uas
>         Content-Type: application/sdp
>         Content-Length: 1170
>     Message Body
>
>
> *2*. About Registrar, Path and $du.
> Phone set Register with headers:
>          Via: SIP/2.0/UDP 192.168.89.213:5060;branch=z9hG4bK2691182696
>         From: "Aleksey" <sip:a.yakimkin at mail.domain.ru:5060
> >;tag=3926879477
>         To: "Aleksey" <sip:a.yakimkin at mail.domain.ru:5060>
>         Contact: <sip:a.yakimkin at 192.168.89.213:5060>
> Kamailio respond
>         Via: SIP/2.0/UDP 192.168.89.213:5060
> ;rport=9570;received=46.0.0.30;branch=z9hG4bK617463686
>         Path: <sip:10.130.0.23:5070
> ;lr;received=46.0.0.30~9570~1;r2=on>,<sip:51.0.0.60;lr;received=46.0.0.30~9570~1;r2=on>
>         From: "Aleksey" <sip:a.yakimkin at mail.domain.ru:5060
> >;tag=3926879477
>         To: "Aleksey" <sip:a.yakimkin at mail.domain.ru:5060>;tag=194ED16D
>         Contact: <sip:a.yakimkin at 192.168.89.213:5060>;expires=360
>         Contact: <sip:2447 at 192.168.89.221:5060>;expires=247
>         Contact: <sip:2447 at 192.168.9.16:5060>;expires=2116
>
> I try to make a call from pbx to ip phone.
> pbx inserts in Invite header Route: <sip:10.130.0.23:5070
> ;lr;received=46.0.0.30~9570~1;r2=on>
> But kamailio relayed Invite direct to 192.168.89.213. (There is network
> connectivity  between ip-phone and kamailio  through vpn). The code below
> helps me to solve my issue. I saw mail-list with similar trouble. But no
> setting could get kamailio to relay Invite to "Route-received" ip.
>
>
>         $var(the_route) = $hdr(Route);
>         $var(route0) = $(var(the_route){s.select,0,,});
>         $var(new_host) =
> $(var(route0){param.value,received}{s.select,0,~});
>         $var(new_port) =
> $(var(route0){param.value,received}{s.select,1,~});
>         if (!strempty($var(new_host)) && !strempty($var(new_port)) ) {
>                 $du = "sip:" + $var(new_host) + ":" + $var(new_port);
>         }
>
> *Kamailio settings:*
> I have such listeners
> listen=udp:10.130.0.23:5070 # to local network
> listen=udp:10.130.0.23:5060 advertise 51.0.0.60:5060 # to internet
>
> #MODULE SETTING
> #---
> # ----- jsonrpcs params -----
> modparam("jsonrpcs", "pretty_format", 1)
> /* set the path to RPC fifo control file */
> # modparam("jsonrpcs", "fifo_name", "/var/run/kamailio/kamailio_rpc.fifo")
> /* set the path to RPC unix socket control file */
> # modparam("jsonrpcs", "dgram_socket",
> "/var/run/kamailio/kamailio_rpc.sock")
>
> modparam("path", "use_received", 1)
> modparam("path", "enable_r2", 1)
> modparam("path", "received_format", 1)
>
> # ----- ctl params -----
> /* set the path to RPC unix socket control file */
> # modparam("ctl", "binrpc", "unix:/var/run/kamailio/kamailio_ctl")
>
> # ----- tm params -----
> # auto-discard branches from previous serial forking leg
> modparam("tm", "failure_reply_mode", 3)
> # default retransmission timeout: 30sec
> modparam("tm", "fr_timer", 30000)
> # default invite retransmission timeout after 1xx: 120sec
> modparam("tm", "fr_inv_timer", 120000)
> modparam("tm", "auto_inv_100_reason", "Trying")
>
> # ----- rr params -----
> # set next param to 1 to add value to ;lr param (helps with some UAs)
> modparam("rr", "enable_full_lr", 0)
> # do not append from tag to the RR (no need for this script)
> modparam("rr", "append_fromtag", 1)
> modparam("rr", "enable_double_rr", 2)
> modparam("rr", "force_send_socket", 1)
>
> # ----- registrar params -----
> modparam("registrar", "method_filtering", 1)
> /* uncomment the next line to disable parallel forking via location */
> # modparam("registrar", "append_branches", 0)
> /* uncomment the next line not to allow more than 10 contacts per AOR */
> # modparam("registrar", "max_contacts", 10)
> /* max value for expires of registrations */
> modparam("registrar", "max_expires", 3600)
> /* set it to 1 to enable GRUU */
> modparam("registrar", "gruu_enabled", 0)
>
> modparam("registrar", "use_path", 1)
> modparam("registrar", "path_use_received", 1)
> modparam("registrar", "path_mode", 0)
> #---
>
> For register I use this code
> route[REGISTRAR] {
> ...
> add_path_received();
> set_send_socket("udp:10.130.0.23:5070");
> route(DISPATCH);
> ...
> }
> route[RELAY] {
> ...
>         if ($Ru eq "sip:10.130.0.23:5070") {
>                 $fs = "udp:10.130.0.23:5060";
>         } else {
>                 $fs = "udp:10.130.0.23:5070";
>         }
> ...
> }
> route[NATMANAGE] {
> #!ifdef WITH_NAT
>         if (is_request()) {
>                 if(has_totag()) {
>                         if(check_route_param("nat=yes")) {
>                                 setbflag(FLB_NATB);
>                         }
>                 }
>         }
>         if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB))) return;
>
>         #send INVITE to IP:PROT from Route:...;received=
>         $var(the_route) = $hdr(Route);
>         $var(route0) = $(var(the_route){s.select,0,,});
>         $var(new_host) =
> $(var(route0){param.value,received}{s.select,0,~});
>         $var(new_port) =
> $(var(route0){param.value,received}{s.select,1,~});
>         if (!strempty($var(new_host)) && !strempty($var(new_port)) ) {
>                 $du = "sip:" + $var(new_host) + ":" + $var(new_port);
>         }
>         if (client_nat_test("3")) {
>
>                 if(nat_uac_test("18")) {
>                         if ($Ru == "sip:10.130.0.23:5070") {
>                                 rtpproxy_manage("co", "51.0.0.60"); #
> fix_nated_sdp
>                         } else {
>                                 rtpproxy_manage("co");
>                         }
>
>                         if (is_method("REGISTER")) {
>                                 #if ($Ru == "sip:10.130.0.23:5070") {
>                                 #       fix_nated_contact();
>                                 #} else {
>                                 #       set_contact_alias();
>                                 #}
>                                 set_contact_alias();
>                         } else {
>                                 if(is_first_hop()) {
>                                         set_contact_alias();
>                                 } else {
>                                         add_contact_alias("51.0.0.60",
> "5060", "udp");
>                                         #fix_nated_contact();
>                                 }
>                         }
>                 } else {
>                         if ($Ru == "sip:10.130.0.23:5070") {
>                                 rtpproxy_manage("cor", "51.0.0.60"); #
> fix_nated_sdp
>                         } else {
>                                 rtpproxy_manage("cor");
>                         }
>                 }
>         } else {
>                 rtpproxy_manage("co");
>         }
>         if (is_request()) {
>                 if (!has_totag()) {
>                         if(t_is_branch_route()) {
>                                 add_rr_param(";nat=yes");
>                                 #fix_contact();
>                         }
>                 }
>         }
>         if (is_reply()) {
>                 if(isbflagset(FLB_NATB)) {
>                         if(is_first_hop())
>                                 set_contact_alias();
>                         #} else {
>                                 #fix_contact();
>                         #}
>                 }
>         }
> #!endif
>         return;
> }
>
> Thank you.
>
> --
> Best regards,
> Alex
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
>   * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220708/c1e21653/attachment.htm>


More information about the sr-users mailing list