[Users] Re: openser behind nat UAs behind NAT

asahin abdsahin at gmail.com
Sat Mar 31 01:01:06 CEST 2007


hi all;
i am now able to register my client with the openserver server.

i used STUN server option of x-lite and stun.voipuser.org as the stun server
i also set/exported SIP_DOMAIN variable to my public openser server ip address.

i wonder do i have to use a stun server ?




  ----- Original Message ----- 
  From: asahin 
  To: users at openser.org 
  Sent: Friday, March 30, 2007 10:26 PM
  Subject: openser behind nat UAs behind NAT


  hi;
  i installed and tested openser on the internal network, it was working.
  i tried to test it behind NAT with x-lite sip client, but it failed.

  i defined a port mapping on the adsl modem for udp/tcp 5060 ports to forward the packets to the openser installed machine.
  when i try to register to openser i received a 408 request timeout message.

  i guess its due to external ip of the openser server. i think i should define external ip of the modem to the openser as if it's its own ip, but dont where to define it.

  here is the ngrep dump at the server.
  U external_ip_of_ua:23975 -> 192.168.200.2:5060  REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport..Max-Forwards: 70..Contact: <sip:apo at external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo at external_ip_of_openser>..From: "apo"<sip:apo at external_ip_of_ua;tag=da6a3851..Call-ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER..  Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0....#U 192.168.200.2:5060 -> external_ip_of_openser:5060
    REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP 192.168.200.2;branch=z9hG4bKd734.53940821.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport=23975..Max-Forwards: 69..Contact: <sip:apo at external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo at external_ip_of_openser>..From: "apo"<sip:apo at external_ip_of_ua;tag=da6a3851..Call-  ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER..Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, B  YE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0..P-hint: out  bound....


  my openser.cfg file is the initial openser openser.cfg file i didnt change it.
  -------------
  #

  # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $

  #

  # simple quick-start config script

  # Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php

  # for a explanation of possible statements, functions and parameters.

  #

  # ----------- global configuration parameters ------------------------

  debug=3 # debug level (cmd line: -dddddddddd)

  fork=yes

  log_stderror=no # (cmd line: -E)

  children=4

  # Uncomment these lines to enter debugging mode 

  #fork=no

  #log_stderror=yes

  #

  port=5060

  # uncomment the following lines for TLS support

  #disable_tls = 0

  #listen = tls:your_IP:5061

  #tls_verify_server = 1

  #tls_verify_client = 1

  #tls_require_client_certificate = 0

  #tls_method = TLSv1

  #tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"

  #tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"

  #tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"

  # ------------------ module loading ----------------------------------

  #set module path

  mpath="/usr/local/lib64/openser/modules/"

  # Uncomment this if you want to use SQL database

  #loadmodule "mysql.so"

  loadmodule "sl.so"

  loadmodule "tm.so"

  loadmodule "rr.so"

  loadmodule "maxfwd.so"

  loadmodule "usrloc.so"

  loadmodule "registrar.so"

  loadmodule "textops.so"

  loadmodule "mi_fifo.so"

  # Uncomment this if you want digest authentication

  # mysql.so must be loaded !

  #loadmodule "auth.so"

  #loadmodule "auth_db.so"

  # ----------------- setting module-specific parameters ---------------

  # -- mi_fifo params --

  modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")

  # -- usrloc params --

  modparam("usrloc", "db_mode", 0)

  # Uncomment this if you want to use SQL database 

  # for persistent storage and comment the previous line

  #modparam("usrloc", "db_mode", 2)

  # -- auth params --

  # Uncomment if you are using auth module

  #

  #modparam("auth_db", "calculate_ha1", yes)

  #

  # If you set "calculate_ha1" parameter to yes (which true in this config), 

  # uncomment also the following parameter)

  #

  #modparam("auth_db", "password_column", "password")

  # -- rr params --

  # add value to ;lr param to make some broken UAs happy

  modparam("rr", "enable_full_lr", 1)

  # ------------------------- request routing logic -------------------

  # main routing logic

  route{

  # initial sanity checks -- messages with

  # max_forwards==0, or excessively long requests

  if (!mf_process_maxfwd_header("10")) {

  sl_send_reply("483","Too Many Hops");

  exit;

  };

  if (msg:len >= 2048 ) {

  sl_send_reply("513", "Message too big");

  exit;

  };

  # we record-route all messages -- to make sure that

  # subsequent messages will go through our proxy; that's

  # particularly good if upstream and downstream entities

  # use different transport protocol

  if (!method=="REGISTER")

  record_route();

  # subsequent messages withing a dialog should take the

  # path determined by record-routing

  if (loose_route()) {

  # mark routing logic in request

  append_hf("P-hint: rr-enforced\r\n"); 

  route(1);

  };

  if (!uri==myself) {

  # mark routing logic in request

  append_hf("P-hint: outbound\r\n"); 

  # if you have some interdomain connections via TLS

  #if(uri=~"@tls_domain1.net") {

  # t_relay("tls:domain1.net");

  # exit;

  #} else if(uri=~"@tls_domain2.net") {

  # t_relay("tls:domain2.net");

  # exit;

  #}

  route(1);

  };

  # if the request is for other domain use UsrLoc

  # (in case, it does not work, use the following command

  # with proper names and addresses in it)

  if (uri==myself) {

  if (method=="REGISTER") {

  # Uncomment this if you want to use digest authentication

  #if (!www_authorize("openser.org", "subscriber")) {

  # www_challenge("openser.org", "0");

  # exit;

  #};

  save("location");

  exit;

  };

  lookup("aliases");

  if (!uri==myself) {

  append_hf("P-hint: outbound alias\r\n"); 

  route(1);

  };

  # native SIP destinations are handled using our USRLOC DB

  if (!lookup("location")) {

  sl_send_reply("404", "Not Found");

  exit;

  };

  append_hf("P-hint: usrloc applied\r\n"); 

  };

  route(1);

  }



  route[1] {

  # send it out now; use stateful forwarding as it works reliably

  # even for UDP2TCP

  if (!t_relay()) {

  sl_reply_error();

  };

  exit;

  }




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kamailio.org/pipermail/users/attachments/20070331/f0deaa91/attachment.htm 


More information about the Users mailing list