[OpenSER-Users] NAT + STUN
Marc LEURENT
lftsy at free.fr
Thu Aug 2 12:25:07 CEST 2007
Hello evrybody, I need a piece of advice if you have time.... Thanks
I have some trouble with my configuration file, I'm trying to set a SIP network working through NAT using STUN.
REGISTRATION is working, INVITE are working, I can set a communication with 2 working phones
but sip pings an BYE messages are not forwared...
Any idea??
Thanks
#
U 88.191.45.91:5060 -> 82.127.0.79:1312
OPTIONS sip:82.127.0.79:1312 SIP/2.0.
Via: SIP/2.0/UDP 88.191.45.91:5060;branch=0.
From: sip:pinger at sip.leurent.eu;tag=804466c1.
To: sip:82.127.0.79:1312.
Call-ID: 23ce8297-c09c8eb7-a at 88.191.45.91.
CSeq: 1 OPTIONS.
Content-Length: 0.
.
#
U 82.127.0.79:1312 -> 88.191.45.91:5060
SIP/2.0 481 CallLeg/Transaction Does Not Exist.
Via: SIP/2.0/UDP 88.191.45.91:5060;branch=0.
From: <sip:pinger at sip.leurent.eu>;tag=804466c1.
To: <sip:82.127.0.79:1312>;tag=c0a80101-4bf1d8.
Call-ID: 23ce8297-c09c8eb7-a at 88.191.45.91.
CSeq: 1 OPTIONS.
Content-Length: 0.
.
#
U 82.127.0.79:1312 -> 88.191.45.91:5060
BYE sip:103 at 82.127.0.79:1027 SIP/2.0.
Via: SIP/2.0/UDP 82.127.0.79:1313;branch=z9hG4bK8030359792092547043.
From: "101"<sip:101 at sip.leurent.eu:5060;user=phone>;tag=c0a80101-4c5eed.
To: <sip:103 at sip.leurent.eu:5060;user=phone>;tag=c0a80101-1d0bb0d.
Call-ID: 66464a0-c0a80101-0-1f at 192.168.95.4.
CSeq: 2 BYE.
Max-Forwards: 70.
Route: <sip:88.191.45.91:5060;lr=on;ftag=c0a80101-4c5eed>.
User-Agent: THOMSON ST2030 hw0 fw1.50 00-0E-50-4E-AF-AE.
Content-Length: 0.
.
#
# $Id: openser.cfg 1827 2007-03-12 15:22:53Z bogdan_iancu $
#
# simple quick-start config script
# Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php
# for a explanation of possible statements, functions and parameters.
#
# ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd)
fork=no
log_stderror=yes # (cmd line: -E)
children=4
#alias=sip.leurent.eu
port=5060
#server_signature=yes
#tos=IPTOS_LOWDELAY
avp_aliases="day=i:101;time=i:102;can_uri=i:800;s_ip=i:801;billing_party=i:802;from_header=i:803;sip_proxy_ip=i:804"
#;pstnuser=i:805;pstnpassword=i:806:pstnrealm=i:807"
# ------------------ module loading ----------------------------------
#set module path
mpath="/usr/lib/openser/modules/"
# Uncomment this if you want to use SQL database
loadmodule "mysql.so"
loadmodule "sl.so" # Stateless Module
loadmodule "tm.so" # Transaction Module
loadmodule "rr.so" # Record-Route and Route Module
loadmodule "maxfwd.so" # Max-Forward processor Module
loadmodule "usrloc.so" # User Location Implementation Module
loadmodule "registrar.so" # SIP Registrat Implementation Module (need usrloc)
loadmodule "textops.so" # Text Operation Module
loadmodule "mi_fifo.so" # FIFO transport layer implementation for Management Interface
loadmodule "acc.so" # Accounting Module
loadmodule "avpops.so" # AVP Operation Module (user preference)
loadmodule "uri.so" # Generic URI operation Module
loadmodule "auth.so" # Authentification Module
#loadmodule "auth_db.so" # Database-backend Authentication mMdule
loadmodule "auth_radius.so" # RADIUS-backend Authentication Module
loadmodule "group_radius.so" # User-groups Module with RADIUS-backend
#loadmodule "avp_radius.so" # RADIUS-backend for AVP loading Module
#loadmodule "presence.so" # Presence server Module
#loadmodule "pua.so" # Common API for presence user agent client
loadmodule "options.so" # OPTIONS server replier Module
loadmodule "xlog.so" # Advanced Logger Module
loadmodule "nathelper.so" # NAT Traversal Helper Module
#loadmodule "dispatcher.so" # Dispatcher (load-balancer) Module
loadmodule "uac.so" # User Agent Client
loadmodule "siptrace.so" # SipTrace module (storage of SIP requests)
#loadmodule "exec.so" # Allows to start an external command from a OpenSER script
# ----------------- setting module-specific parameters ---------------
# -- maxfwd params --
modparam("maxfwd", "max_limit", 10) # Default is 256 | 10 in the functions
# -- sl params --
#modparam("sl", "enable_stats", 1)
# -- mi_fifo params --
modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
# -- usrloc params --
# Uncomment this if you want to use SQL database
modparam("usrloc", "db_mode", 1) # Write instantaneously in the DB
modparam("usrloc", "db_url", "mysql://openser:test@127.0.0.1/openser")
modparam("usrloc", "timer_interval", 10)
modparam("usrloc", "nat_bflag" , 3)
# -- rr params --
modparam("rr", "enable_full_lr", 1) # add value to ;lr param to make some broken UAs happy
# -- siptrace params --
modparam("siptrace", "db_url", "mysql://openser:test@127.0.0.1/openser")
modparam("siptrace", "table", "sip_trace") # Default value "sip_trace"
modparam("siptrace", "trace_on", 1)
# -- registrar params --
modparam("registrar", "default_expires", 1800)
modparam("registrar", "received_avp", "$avp(i:42)")
# -- nathelper params --
modparam("nathelper", "rtpproxy_disable", 1)
modparam("nathelper", "sipping_bflag", 5)
modparam("nathelper", "natping_interval", 10)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "sipping_method", "OPTIONS")
modparam("nathelper", "received_avp", "$avp(i:42)") # Same Value as the registrar module
modparam("nathelper", "sipping_from", "sip:pinger at sip.leurent.eu")
# -- auth params --
#modparam("auth", "secret", "johndoessecretphrase") # Default is random => don't set it
#modparam("auth", "nonce_expire", 300) # Time before nounce expiration
modparam("auth_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
# -- group_radius params --
modparam("group_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
modparam("group_radius", "use_domain", 1) # username at domain will be used for lookup
# -- avp_radius parameter --
#modparam("avp_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
# -- acc params (with radius )--
modparam("acc", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
modparam("acc", "radius_flag", 1)
modparam("acc", "radius_missed_flag", 2)
modparam("acc", "early_media", 1)
modparam("acc", "report_cancels", 1)
#modparam("acc", "report_ack", 0)
modparam("acc", "detect_direction", 1)
#modparam("acc", "log_flag", 1) # number of the flag which will be used to mark messages for accounting
#modparam("acc", "log_level", 1) # Set the reporting log level
#modparam("acc", "log_missed_flag", 2) #
#modparam("acc", "failed_transaction_flag", 2)
modparam("acc", "service_type", 15) # Radius service type used for accounting : 15 = (SIP)
#modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp")
# ATTENTION: DO NOT PUT ; at the end of the radius_extra attribute
modparam("acc", "radius_extra", "Sip-Src-IP=$si;
Sip-Src-Port=$sp;
Canonical-URI=$avp(can_uri);
Billing-Party=$avp(billing_party);
SIP-Proxy-IP=$avp(sip_proxy_ip);
User-Agent=$ua
")
#Billing-Party=$avp(billing_party)
#From-Header=$hdr(from);
#User-Name=$fU;
#From-Header=$avp(from_header);
#Digest-Realm=$fd
#Sip-From-Tag=$avp(from_header);
#SIP-Method=$rm;
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# NAT detection
route(2);
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER") {
record_route();
};
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) { # mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
if(is_method("BYE")) { # log it all the time
acc_rad_request("200 ok");
acc_log_request("200 ok");
}
route(1);
};
# Set the acc flags
if(is_method("INVITE") && !has_totag()) {
xlog("L_INFO", "I AM SETTING THE FLAGS FOR RADIUS \r\n");
$avp(can_uri) = $ru; # SIP Request's URI
$avp(billing_party) = $fu; # From URI
$avp(from_header) = $fU; # From URI username
$avp(sip_proxy_ip) = $Ri; # Received IP address
setflag(1); # radius_flag
setflag(2); # radius_missed_flag
};
# Functions when calling other domains
if (!uri==myself) {
# check if user is allowed to do voip calls to other domains
# if(is_method("INVITE|MESSAGE")) {
# if (radius_is_user_in("From", "voip")) {
# sl_send_reply("403", "Forbidden VoIP");
# exit;
# };
# };
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
sip_trace();
xlog("L_INFO", "$fU IS TRYING TO REGISTER \r\n");
if (!radius_www_authorize("sip.leurent.eu")) {
www_challenge("sip.leurent.eu", "0"); # qop set to 1
xlog("L_INFO", "WWW_CHALLENGE of $si FAILED \r\n");
exit;
};
#if (isflagset(5)) {
if (isbflagset(3)) {
#setflag(6);
# if you want OPTIONS natpings uncomment next
# setflag(7); # Deprecated
setbflag(5); # Set Flag for SIP PINGING
};
save("location");
xlog("L_INFO", "SAVE LOCATION OF $si \r\n");
exit;
};
if (!lookup("location")) {
# log to acc as missed call
acc_rad_request("404 Not Found");
acc_log_request("404 Not Found");
xlog("L_DBG", "ACC RADIUS: 404 NOT FOUND FOR $si \r\n");
sl_send_reply("404", "Not Found");
exit;
};
append_hf("P-hint: usrloc applied\r\n");
};
route(1);
}
## Generic Forward
route[1] {
if (subst_uri('/(sip:.*);nat=yes/\1/')){
#setflag(6); # Deprecated, for version 1.1
setbflag(3);
};
#if (isflagset(5)||isflagset(6)) {
if (isbflagset(3)) {
route(3);
}
if (!t_relay()) {
sl_reply_error();
};
exit;
}
# NAT Detection
route[2]{
force_rport();
if (nat_uac_test("19")) {
xlog("!!!!!!!!! NAT UAC TEST 19 SUCEDEED \r\n");
if (method=="REGISTER") {
fix_nated_register();
} else {
fix_nated_contact();
};
#setflag(5); Deprecated
setbflag(3);
};
}
## Route for natted contact
route[3] {
if (is_method("BYE|CANCEL")) {
# Ajout Maison
acc_rad_request("200 ok");
acc_log_request("200 ok");
#unforce_rtp_proxy();
} else if (is_method("INVITE")){
#force_rtp_proxy();
t_on_failure("1");
};
#if (isflagset(5))
if (isbflagset(3)){
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
}
t_on_reply("1");
}
## Failure Route 1
failure_route[1] {
xlog("!!!!!!!!! ON FAILURE ROUTE \r\n");
#if (isflagset(6) || isflagset(5)) {
if (isbflagset(3)) {
#unforce_rtp_proxy();
}
}
## Reply route
onreply_route[1] {
xlog("!!!!!!!!! ON REPLY ROUTE \r\n");
#if ((isflagset(5) || isflagset(6)) && status=~"(183)|(2[0-9][0-9])") {
if (isbflagset(3) && status=~"(183)|(2[0-9][0-9])") {
#force_rtp_proxy();
}
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
#if (isflagset(6)) {
if (isbflagset(3)) {
xlog("!!!!!!!!! ON REPLY ROUTE / FIX NATED CONTACT \r\n");
fix_nated_contact();
}
exit;
}
More information about the Users
mailing list