[OpenSER-Users] Help with this mediaproxy + Openser nat problem... thankssss

Mario Bedialauneta mbedial at gmail.com
Thu Jan 17 20:12:47 CET 2008 

Hi everybody,

I'm working with Openser + Mediaproxy 1.9.0 and it seems that everything is
working when the calls are establised between users attached to the same
proxy server, even with different kind of NATs.

However It doen't work in 2 different scenarios, and the result is exactly
the same , the video and audio is only sent in one way.

Scenario 1

========

User A attached to the SIP proxy xxx.xxx.xxx.13 (Public IP) calls to a GW
xxx.xxx.xxx.11 (Public IP) with several users internally associated. In this
case the user A can see the video and audio sent by the GW, but the GW
doesn't receive any RTSP stream. It seems that the mediaproxy doesn't do
anything, why? maybe because the GW blongs to other domain (xxx.xxx.xxx.11)
? What can I do?

If the GW calls to user A, it works fine (I can see the session in the
mediaproxy with sessions.py)



Scenario 2

========

In this case, I have another GW with Public IP address xxx.xxx.xxx.14, but
it doesn't include in the INVITE message the SDP body. The GW calls to the
same user attached to the SIP proxy xxx.xxx.xxx.13 , and the behaviour is
exactly the same as scenario 1, the calling site can sse the video and audio
but the called can't.

Unlike the previous scenario, the signalling is:

INVITE without SDP --> 200 OK (SDP) -- > ACK (SDP)

In theory, Mediaproxy 1.9.0 should support this procedure since it's a SIP
standard mechanism, however the called party doesn't receive RTP stream. In
my opinion, the problem could be related to scenario 1, I mean , the calling
party is not attached to the SIP proxy (belongs to other domain) and when
the 200 OK (SDP) message arrives to the SIP proxy, the mediaproxy doesn't do
anything

Sorry for the complex explanation. I've waste a lot of time trying to solve
this solution and honestly I don't know what to do. Please, could somebody
help??

I attach my openser.conf. I hope it helps.

Andreti





debug=5 # debug level (cmd line: -dddddddddd)

#fork=yes

#log_stderror=no # (cmd line: -E)

log_facility=LOG_LOCAL0

# Uncomment these lines to enter debugging mode

#fork=no

log_stderror=yes

listen=xxx.xxx.10.12

check_via=no # (cmd. line: -v)

dns=no # (cmd. line: -r)

rev_dns=no # (cmd. line: -R)

#port=5060

#children=4

fifo="/tmp/openser_fifo"

fifo_db_url="mysql://openser:openserrw@localhost/openser"

# ------------------ module loading ----------------------------------

mpath = "/usr/local/lib/openser/modules/"

# Uncomment this if you want to use SQL database

loadmodule "mysql.so"

loadmodule "domain.so"

loadmodule "mediaproxy.so"

loadmodule "uri_db.so"

loadmodule "sl.so"

loadmodule "tm.so"

loadmodule "rr.so"

loadmodule "maxfwd.so"

loadmodule "usrloc.so"

loadmodule "registrar.so"

loadmodule "textops.so"

loadmodule "avpops.so"

loadmodule "uri.so"

loadmodule "xlog.so"

loadmodule "acc.so"

loadmodule "auth_radius.so"

loadmodule "group_radius.so"

loadmodule "avp_radius.so"

loadmodule "nathelper.so"



# Uncomment this if you want digest authentication

# mysql.so must be loaded !

loadmodule "auth.so"

loadmodule "auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

#modparam("usrloc", "db_mode", 0)

# Uncomment this if you want to use SQL database

# for persistent storage and comment the previous line

modparam("usrloc", "db_mode", 2)

modparam("usrloc", "timer_interval", 20)

# -- auth params --

# Uncomment if you are using auth module

#

modparam("auth_db", "calculate_ha1", yes)

#

# If you set "calculate_ha1" parameter to yes (which true in this config),

# uncomment also the following parameter)

#

modparam("auth_db", "password_column", "password")

# -- acc params --

modparam("acc", "radius_flag", 1)

modparam("acc", "radius_missed_flag", 1)

#cambio 16_04_07 modparam("acc", "radius_missed_flag", 2)

modparam("acc", "log_flag", 1)

modparam("acc", "log_missed_flag", 1)

modparam("acc", "service_type", 15)

modparam("acc|auth_radius|group_radius|avp_radius", "radius_config",

"/usr/local/etc/radiusclient-ng/radiusclient.conf")

#modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp")

#puesto para el CDRTool

modparam("acc", "failed_transaction_flag", 1)

modparam("acc", "report_cancels", 0)

modparam("acc", "report_ack", 0)

modparam("acc", "early_media", 0)

modparam("acc", "log_level", 1)

#modparam("acc", "radius_config", "/etc/openser/radius/client.conf")

modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp;\

Sip-RPid=$avp(s:rpid); \

Source-IP=$si; \

Source-Port=$sp; \

Canonical-URI=$avp($can_uri); \

Billing-Party=$avp($billing_party); \

Divert-Reason=$avp(s:divert_reason); \

X-RTP-Stat=$avp(s:rtp_statistics); \

From-Header=$hdr(from); \

User-Agent=$hdr(user-agent); \

Contact=$hdr(contact); \

Event=$hdr(event)")

# SIP-Proxy-IP=$avp(s:sip_proxy_ip)")





# -- group_radius params --

modparam("group_radius", "use_domain", 1)

# -- avpops params --

#modparam("avpops", "avp_aliases", "day=i:101;time=i:102")

modparam("avpops","avp_aliases","can_uri=i:34")

modparam("avpops","avp_aliases","billing_party=i:1")



# -- rr params --

# add value to ;lr param to make some broken UAs happy

modparam("rr", "enable_full_lr", 1)

modparam("mediaproxy", "natping_interval", 60)

modparam("registrar", "nat_flag", 2)

# ------------------------- request routing logic -------------------

# main routing logic

route{

# initial sanity checks -- messages with

# max_forwards==0, or excessively long requests

if (!mf_process_maxfwd_header("10")) {

sl_send_reply("483","Too Many Hops");

exit;

};

if (msg:len >= 2048 ) {

sl_send_reply("513", "Message too big");

exit;

};

 # setflag(ACCOUNTING_FLAG);

# avp_write("SER_IP","$avp(s:sip-proxy)");

# avp_write("$ru", "$avp(can_uri)");

# we record-route all messages -- to make sure that

# subsequent messages will go through our proxy; that's

# particularly good if upstream and downstream entities

# use different transport protocol

if (!method=="REGISTER") record_route();

# subsequent messages withing a dialog should take the

# path determined by record-routing

if (loose_route()) {

# mark routing logic in request

append_hf("P-hint: rr-enforced\r\n");

if(is_method("BYE"))

{ # log it all the time

acc_rad_request("200 ok");

acc_log_request("200 ok");

setflag(1);

}

route(1);

};

if (src_ip==193.36.177.227) {

fix_nated_sdp("2");

};

if(is_method("INVITE") && !has_totag())

{ # set the acc flags

setflag(1);

setflag(2);

};

if (method=="MESSAGE") {

setflag(1);

};

if (!uri==myself) {

# mark routing logic in request

append_hf("P-hint: outbound\r\n");

route(1);

};

# if the request is for other domain use UsrLoc

# (in case, it does not work, use the following command

# with proper names and addresses in it)

if (uri==myself) {

if (method=="REGISTER") {

# Uncomment this if you want to use digest authentication

# if (!www_authorize("sip.com", "subscriber")) {

# www_challenge("sip.com", "0");

# exit;

# };

if (!radius_www_authorize(""))

{

www_challenge("","1");

exit;

}

if (client_nat_test("3")) {

setflag(2);

force_rport();

fix_contact();

};

save("location");

exit;

};

lookup("aliases");

if (!uri==myself) {

append_hf("P-hint: outbound alias\r\n");

route(1);

};

# native SIP destinations are handled using our USRLOC DB

if (!lookup("location")) {

# log to acc as missed call

acc_rad_request("404 Not Found");

acc_log_request("404 Not Found");

sl_send_reply("404", "Not Found");

exit;

};

};

if (method=="INVITE") {

t_on_failure("1");

} else if (method == "BYE" || method == "CANCEL") {

end_media_session();

};

if (loose_route()) {

if (method=="INVITE" || method=="ACK") {

use_media_proxy();

};

#if ((method=="INVITE" || method=="ACK") && !to_uri=="
sip:frog1 at xxx.xxx.10.12") {

# use_media_proxy();

#};

t_relay();

return;

};

if (client_nat_test("3") && !search("^Record-Route:")) {

# Mark as NAT'ed

force_rport();

fix_contact();

};

if (method=="INVITE") {

t_on_reply("1");

};

if (method=="INVITE" || method=="ACK") {

use_media_proxy();

};

#if ((method=="INVITE" || method=="ACK") && !to_uri=="
sip:frog1 at xxx.xxx.10.12") {

# use_media_proxy();

#};

if (!t_relay()) {

if (method=="INVITE" || method=="ACK") {

end_media_session();

};

sl_reply_error();

};

append_hf("P-hint: usrloc applied\r\n");

# route(1);

}

route[1]

{

# send it out now; use stateful forwarding as it works reliably

# even for UDP2TCP

if (!t_relay()) {

sl_reply_error();

};

exit;

}

failure_route[1] {

end_media_session();

}

onreply_route[1] {

if (status=~"(183)|(2[0-9][0-9])") {

if (client_nat_test("1")) {

fix_contact();

};

use_media_proxy();

};

}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kamailio.org/pipermail/users/attachments/20080117/da817e7a/attachment.htm

More information about the Users mailing list