[OpenSER-Users] NAT + STUN
Marc LEURENT
lftsy at free.fr
Thu Aug 2 14:40:45 CEST 2007
According to what I said, it is not a problem that the phones answered with a SIP/2.0 481 CallLeg/Transaction Does Not Exist.
to SIP pings. What is important is that is will maintain the path through NAT
My only problem is with BYE requests that are not forwarded by OpenSER to the second user
Is there something wrong in my openser.cfg???
#
# $Id: openser.cfg 1827 2007-03-12 15:22:53Z bogdan_iancu $
#
# simple quick-start config script
# Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php
# for a explanation of possible statements, functions and parameters.
#
# ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd)
fork=no
log_stderror=yes # (cmd line: -E)
children=4
#alias=sd-7501.dedibox.fr
port=5060
#server_signature=yes
#tos=IPTOS_LOWDELAY
avp_aliases="day=i:101;time=i:102;can_uri=i:800;s_ip=i:801;billing_party=i:802;from_header=i:803;sip_proxy_ip=i:804"
#;pstnuser=i:805;pstnpassword=i:806:pstnrealm=i:807"
# ------------------ module loading ----------------------------------
#set module path
mpath="/usr/lib/openser/modules/"
# Uncomment this if you want to use SQL database
loadmodule "mysql.so"
loadmodule "sl.so" # Stateless Module
loadmodule "tm.so" # Transaction Module
loadmodule "rr.so" # Record-Route and Route Module
loadmodule "maxfwd.so" # Max-Forward processor Module
loadmodule "usrloc.so" # User Location Implementation Module
loadmodule "registrar.so" # SIP Registrat Implementation Module (need usrloc)
loadmodule "textops.so" # Text Operation Module
loadmodule "mi_fifo.so" # FIFO transport layer implementation for Management Interface
loadmodule "acc.so" # Accounting Module
loadmodule "avpops.so" # AVP Operation Module (user preference)
loadmodule "uri.so" # Generic URI operation Module
loadmodule "auth.so" # Authentification Module
#loadmodule "auth_db.so" # Database-backend Authentication mMdule
loadmodule "auth_radius.so" # RADIUS-backend Authentication Module
loadmodule "group_radius.so" # User-groups Module with RADIUS-backend
#loadmodule "avp_radius.so" # RADIUS-backend for AVP loading Module
#loadmodule "presence.so" # Presence server Module
#loadmodule "pua.so" # Common API for presence user agent client
loadmodule "options.so" # OPTIONS server replier Module
loadmodule "xlog.so" # Advanced Logger Module
loadmodule "nathelper.so" # NAT Traversal Helper Module
#loadmodule "dispatcher.so" # Dispatcher (load-balancer) Module
loadmodule "uac.so" # User Agent Client
loadmodule "siptrace.so" # SipTrace module (storage of SIP requests)
#loadmodule "exec.so" # Allows to start an external command from a OpenSER script
# ----------------- setting module-specific parameters ---------------
# -- maxfwd params --
modparam("maxfwd", "max_limit", 10) # Default is 256 | 10 in the functions
# -- sl params --
#modparam("sl", "enable_stats", 1)
# -- mi_fifo params --
modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
# -- usrloc params --
# Uncomment this if you want to use SQL database
modparam("usrloc", "db_mode", 1) # Write instantaneously in the DB
modparam("usrloc", "db_url", "mysql://openser:test@127.0.0.1/openser")
modparam("usrloc", "timer_interval", 10)
modparam("usrloc", "nat_bflag" , 3)
# -- rr params --
modparam("rr", "enable_full_lr", 1) # add value to ;lr param to make some broken UAs happy
# -- siptrace params --
modparam("siptrace", "db_url", "mysql://openser:test@127.0.0.1/openser")
modparam("siptrace", "table", "sip_trace") # Default value "sip_trace"
modparam("siptrace", "trace_on", 1)
# -- registrar params --
modparam("registrar", "default_expires", 1800)
modparam("registrar", "received_avp", "$avp(i:42)")
# -- nathelper params --
modparam("nathelper", "rtpproxy_disable", 1)
modparam("nathelper", "sipping_bflag", 5)
modparam("nathelper", "natping_interval", 10)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "sipping_method", "OPTIONS")
modparam("nathelper", "received_avp", "$avp(i:42)") # Same Value as the registrar module
modparam("nathelper", "sipping_from", "sip:pinger at sd-7501.dedibox.fr")
# -- auth params --
#modparam("auth", "secret", "johndoessecretphrase") # Default is random => don't set it
#modparam("auth", "nonce_expire", 300) # Time before nounce expiration
modparam("auth_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
# -- group_radius params --
modparam("group_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
modparam("group_radius", "use_domain", 1) # username at domain will be used for lookup
# -- avp_radius parameter --
#modparam("avp_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
# -- acc params (with radius )--
modparam("acc", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
modparam("acc", "radius_flag", 1)
modparam("acc", "radius_missed_flag", 2)
modparam("acc", "early_media", 1)
modparam("acc", "report_cancels", 1)
#modparam("acc", "report_ack", 0)
modparam("acc", "detect_direction", 1)
#modparam("acc", "log_flag", 1) # number of the flag which will be used to mark messages for accounting
#modparam("acc", "log_level", 1) # Set the reporting log level
#modparam("acc", "log_missed_flag", 2) #
#modparam("acc", "failed_transaction_flag", 2)
modparam("acc", "service_type", 15) # Radius service type used for accounting : 15 = (SIP)
#modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp")
# ATTENTION: DO NOT PUT ; at the end of the radius_extra attribute
modparam("acc", "radius_extra", "Sip-Src-IP=$si;
Sip-Src-Port=$sp;
Canonical-URI=$avp(can_uri);
Billing-Party=$avp(billing_party);
SIP-Proxy-IP=$avp(sip_proxy_ip);
User-Agent=$ua
")
#Billing-Party=$avp(billing_party)
#From-Header=$hdr(from);
#User-Name=$fU;
#From-Header=$avp(from_header);
#Digest-Realm=$fd
#Sip-From-Tag=$avp(from_header);
#SIP-Method=$rm;
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# NAT detection
route(2);
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER") {
record_route();
};
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) { # mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
if(is_method("BYE")) { # log it all the time
acc_rad_request("200 ok");
acc_log_request("200 ok");
}
route(1);
};
# Set the acc flags
if(is_method("INVITE") && !has_totag()) {
xlog("L_INFO", "I AM SETTING THE FLAGS FOR RADIUS \r\n");
$avp(can_uri) = $ru; # SIP Request's URI
$avp(billing_party) = $fu; # From URI
$avp(from_header) = $fU; # From URI username
$avp(sip_proxy_ip) = $Ri; # Received IP address
setflag(1); # radius_flag
setflag(2); # radius_missed_flag
};
# Functions when calling other domains
if (!uri==myself) {
# check if user is allowed to do voip calls to other domains
# if(is_method("INVITE|MESSAGE")) {
# if (radius_is_user_in("From", "voip")) {
# sl_send_reply("403", "Forbidden VoIP");
# exit;
# };
# };
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
sip_trace();
xlog("L_INFO", "$fU IS TRYING TO REGISTER \r\n");
if (!radius_www_authorize("sd-7501.dedibox.fr")) {
www_challenge("sd-7501.dedibox.fr", "0"); # qop set to 1
xlog("L_INFO", "WWW_CHALLENGE of $si FAILED \r\n");
exit;
};
#if (isflagset(5)) {
if (isbflagset(3)) {
#setflag(6);
# if you want OPTIONS natpings uncomment next
# setflag(7); # Deprecated
setbflag(5); # Set Flag for SIP PINGING
};
save("location");
xlog("L_INFO", "SAVE LOCATION OF $si \r\n");
exit;
};
if (!lookup("location")) {
# log to acc as missed call
acc_rad_request("404 Not Found");
acc_log_request("404 Not Found");
xlog("L_DBG", "ACC RADIUS: 404 NOT FOUND FOR $si \r\n");
sl_send_reply("404", "Not Found");
exit;
};
append_hf("P-hint: usrloc applied\r\n");
};
route(1);
}
## Generic Forward
route[1] {
if (subst_uri('/(sip:.*);nat=yes/\1/')){
#setflag(6); # Deprecated, for version 1.1
setbflag(3);
};
#if (isflagset(5)||isflagset(6)) {
if (isbflagset(3)) {
route(3);
}
if (!t_relay()) {
sl_reply_error();
};
exit;
}
# NAT Detection
route[2]{
force_rport();
if (nat_uac_test("19")) {
xlog("!!!!!!!!! NAT UAC TEST 19 SUCEDEED \r\n");
if (method=="REGISTER") {
fix_nated_register();
} else {
fix_nated_contact();
};
#setflag(5); Deprecated
setbflag(3);
};
}
## Route for natted contact
route[3] {
if (is_method("BYE|CANCEL")) {
# Ajout Maison
acc_rad_request("200 ok");
acc_log_request("200 ok");
#unforce_rtp_proxy();
} else if (is_method("INVITE")){
#force_rtp_proxy();
t_on_failure("1");
};
#if (isflagset(5))
if (isbflagset(3)){
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
}
t_on_reply("1");
}
## Failure Route 1
failure_route[1] {
xlog("!!!!!!!!! ON FAILURE ROUTE \r\n");
#if (isflagset(6) || isflagset(5)) {
if (isbflagset(3)) {
#unforce_rtp_proxy();
}
}
## Reply route
onreply_route[1] {
xlog("!!!!!!!!! ON REPLY ROUTE \r\n");
#if ((isflagset(5) || isflagset(6)) && status=~"(183)|(2[0-9][0-9])") {
if (isbflagset(3) && status=~"(183)|(2[0-9][0-9])") {
#force_rtp_proxy();
}
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
#if (isflagset(6)) {
if (isbflagset(3)) {
xlog("!!!!!!!!! ON REPLY ROUTE / FIX NATED CONTACT \r\n");
fix_nated_contact();
}
exit;
}
Dan-Cristian Bogos a écrit :
> Hi Marc,
>
> it will help more if u will post full dialog from INVITE to BYE coming
> in and out from the server. It is important to check whether openser
> forwards the BYEs and if the end party listens on that port.
>
> Cheers,
> DanB
>
> On 8/2/07, Marc LEURENT <lftsy at free.fr> wrote:
>> STUN seems to be working
>>
>> In openserctl ul show, I have:
>> AOR:: 103 Contact:: sip:103 at 82.127.0.79:1028;user=phone Q=
>> AOR:: 101 Contact:: sip:101 at 82.127.0.79:1313;user=phone Q=
>>
>>
>> And tcpdump -i eth0 -n port 5060 returns:
>> 13:47:44.375374 IP 88.191.45.91.5060 > 82.127.0.79.1027: SIP, length: 241
>> 13:47:44.375396 IP 88.191.45.91.5060 > 82.127.0.79.1312: SIP, length: 241
>> 13:47:44.422471 IP 82.127.0.79.1027 > 88.191.45.91.5060: SIP, length: 276
>> 13:47:44.426415 IP 82.127.0.79.1312 > 88.191.45.91.5060: SIP, length: 275
>>
>>
>> And my ngrep returns
>>
>>
>> #
>> U 88.191.45.91:5060 -> 82.127.0.79:1027
>> OPTIONS sip:82.127.0.79:1027 SIP/2.0.
>> Via: SIP/2.0/UDP 88.191.45.91:5060;branch=0.
>> From: sip:pinger at sd-7501.dedibox.fr;tag=7ad21f92.
>> To: sip:82.127.0.79:1027.
>> Call-ID: 90f2eea1-5c41f342-a91 at 88.191.45.91.
>> CSeq: 1 OPTIONS.
>> Content-Length: 0.
>> .
>>
>> #
>> U 88.191.45.91:5060 -> 82.127.0.79:1312
>> OPTIONS sip:82.127.0.79:1312 SIP/2.0.
>> Via: SIP/2.0/UDP 88.191.45.91:5060;branch=0.
>> From: sip:pinger at sd-7501.dedibox.fr;tag=8ad21f92.
>> To: sip:82.127.0.79:1312.
>> Call-ID: 90f2eea1-6c41f342-a91 at 88.191.45.91.
>> CSeq: 1 OPTIONS.
>> Content-Length: 0.
>> .
>>
>> #
>> U 82.127.0.79:1027 -> 88.191.45.91:5060
>> SIP/2.0 481 CallLeg/Transaction Does Not Exist.
>> Via: SIP/2.0/UDP 88.191.45.91:5060;branch=0.
>> From: <sip:pinger at sd-7501.dedibox.fr>;tag=7ad21f92.
>> To: <sip:82.127.0.79:1027>;tag=c0a80101-1db9be2.
>> Call-ID: 90f2eea1-5c41f342-a91 at 88.191.45.91.
>> CSeq: 1 OPTIONS.
>> Content-Length: 0.
>> .
>>
>> #
>> U 82.127.0.79:1312 -> 88.191.45.91:5060
>> SIP/2.0 481 CallLeg/Transaction Does Not Exist.
>> Via: SIP/2.0/UDP 88.191.45.91:5060;branch=0.
>> From: <sip:pinger at sd-7501.dedibox.fr>;tag=8ad21f92.
>> To: <sip:82.127.0.79:1312>;tag=c0a80101-573ff0.
>> Call-ID: 90f2eea1-6c41f342-a91 at 88.191.45.91.
>> CSeq: 1 OPTIONS.
>> Content-Length: 0.
>>
>>
>>
>>
>>
>>
>> Iñaki Baz Castillo a écrit :
>>> El Thursday 02 August 2007 12:25:07 Marc LEURENT escribió:
>>>> #
>>>> U 82.127.0.79:1312 -> 88.191.45.91:5060
>>>> BYE sip:103 at 82.127.0.79:1027 SIP/2.0.
>>>> Via: SIP/2.0/UDP 82.127.0.79:1313;branch=z9hG4bK8030359792092547043.
>>>> From: "101"<sip:101 at sip.leurent.eu:5060;user=phone>;tag=c0a80101-4c5eed.
>>>> To: <sip:103 at sip.leurent.eu:5060;user=phone>;tag=c0a80101-1d0bb0d.
>>>> Call-ID: 66464a0-c0a80101-0-1f at 192.168.95.4.
>>>> CSeq: 2 BYE.
>>>> Max-Forwards: 70.
>>>> Route: <sip:88.191.45.91:5060;lr=on;ftag=c0a80101-4c5eed>.
>>>> User-Agent: THOMSON ST2030 hw0 fw1.50 00-0E-50-4E-AF-AE.
>>>> Content-Length: 0.
>>> What more is after this message?
>>> Did you try tcpdump to monitorize to with IP:port are the messages sent?
>>>
>> _______________________________________________
>> Users mailing list
>> Users at openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/users
>>
More information about the Users
mailing list