[OpenSER-Users] NAT + STUN

Hello evrybody, I need a piece of advice if you have time.... Thanks I have some trouble with my configuration file, I'm trying to set a SIP network working through NAT using STUN. REGISTRATION is working, INVITE are working, I can set a communication with 2 working phones but sip pings an BYE messages are not forwared... Any idea?? Thanks # U 88.191.45.91:5060 -> 82.127.0.79:1312 OPTIONS sip:82.127.0.79:1312 SIP/2.0. Via: SIP/2.0/UDP 88.191.45.91:5060;branch=0. From: sip:pinger@sip.leurent.eu;tag=804466c1. To: sip:82.127.0.79:1312. Call-ID: 23ce8297-c09c8eb7-a(a)88.191.45.91. CSeq: 1 OPTIONS. Content-Length: 0. . # U 82.127.0.79:1312 -> 88.191.45.91:5060 SIP/2.0 481 CallLeg/Transaction Does Not Exist. Via: SIP/2.0/UDP 88.191.45.91:5060;branch=0. From: <sip:pinger@sip.leurent.eu>;tag=804466c1. To: <sip:82.127.0.79:1312>;tag=c0a80101-4bf1d8. Call-ID: 23ce8297-c09c8eb7-a(a)88.191.45.91. CSeq: 1 OPTIONS. Content-Length: 0. . # U 82.127.0.79:1312 -> 88.191.45.91:5060 BYE sip:103@82.127.0.79:1027 SIP/2.0. Via: SIP/2.0/UDP 82.127.0.79:1313;branch=z9hG4bK8030359792092547043. From: "101"<sip:101@sip.leurent.eu:5060;user=phone>;tag=c0a80101-4c5eed. To: <sip:103@sip.leurent.eu:5060;user=phone>;tag=c0a80101-1d0bb0d. Call-ID: 66464a0-c0a80101-0-1f(a)192.168.95.4. CSeq: 2 BYE. Max-Forwards: 70. Route: <sip:88.191.45.91:5060;lr=on;ftag=c0a80101-4c5eed>. User-Agent: THOMSON ST2030 hw0 fw1.50 00-0E-50-4E-AF-AE. Content-Length: 0. . # # $Id: openser.cfg 1827 2007-03-12 15:22:53Z bogdan_iancu $ # # simple quick-start config script # Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php # for a explanation of possible statements, functions and parameters. # # ----------- global configuration parameters ------------------------ debug=7 # debug level (cmd line: -dddddddddd) fork=no log_stderror=yes # (cmd line: -E) children=4 #alias=sip.leurent.eu port=5060 #server_signature=yes #tos=IPTOS_LOWDELAY avp_aliases="day=i:101;time=i:102;can_uri=i:800;s_ip=i:801;billing_party=i:802;from_header=i:803;sip_proxy_ip=i:804" #;pstnuser=i:805;pstnpassword=i:806:pstnrealm=i:807" # ------------------ module loading ---------------------------------- #set module path mpath="/usr/lib/openser/modules/" # Uncomment this if you want to use SQL database loadmodule "mysql.so" loadmodule "sl.so" # Stateless Module loadmodule "tm.so" # Transaction Module loadmodule "rr.so" # Record-Route and Route Module loadmodule "maxfwd.so" # Max-Forward processor Module loadmodule "usrloc.so" # User Location Implementation Module loadmodule "registrar.so" # SIP Registrat Implementation Module (need usrloc) loadmodule "textops.so" # Text Operation Module loadmodule "mi_fifo.so" # FIFO transport layer implementation for Management Interface loadmodule "acc.so" # Accounting Module loadmodule "avpops.so" # AVP Operation Module (user preference) loadmodule "uri.so" # Generic URI operation Module loadmodule "auth.so" # Authentification Module #loadmodule "auth_db.so" # Database-backend Authentication mMdule loadmodule "auth_radius.so" # RADIUS-backend Authentication Module loadmodule "group_radius.so" # User-groups Module with RADIUS-backend #loadmodule "avp_radius.so" # RADIUS-backend for AVP loading Module #loadmodule "presence.so" # Presence server Module #loadmodule "pua.so" # Common API for presence user agent client loadmodule "options.so" # OPTIONS server replier Module loadmodule "xlog.so" # Advanced Logger Module loadmodule "nathelper.so" # NAT Traversal Helper Module #loadmodule "dispatcher.so" # Dispatcher (load-balancer) Module loadmodule "uac.so" # User Agent Client loadmodule "siptrace.so" # SipTrace module (storage of SIP requests) #loadmodule "exec.so" # Allows to start an external command from a OpenSER script # ----------------- setting module-specific parameters --------------- # -- maxfwd params -- modparam("maxfwd", "max_limit", 10) # Default is 256 | 10 in the functions # -- sl params -- #modparam("sl", "enable_stats", 1) # -- mi_fifo params -- modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo") # -- usrloc params -- # Uncomment this if you want to use SQL database modparam("usrloc", "db_mode", 1) # Write instantaneously in the DB modparam("usrloc", "db_url", "mysql://openser:test@127.0.0.1/openser") modparam("usrloc", "timer_interval", 10) modparam("usrloc", "nat_bflag" , 3) # -- rr params -- modparam("rr", "enable_full_lr", 1) # add value to ;lr param to make some broken UAs happy # -- siptrace params -- modparam("siptrace", "db_url", "mysql://openser:test@127.0.0.1/openser") modparam("siptrace", "table", "sip_trace") # Default value "sip_trace" modparam("siptrace", "trace_on", 1) # -- registrar params -- modparam("registrar", "default_expires", 1800) modparam("registrar", "received_avp", "$avp(i:42)") # -- nathelper params -- modparam("nathelper", "rtpproxy_disable", 1) modparam("nathelper", "sipping_bflag", 5) modparam("nathelper", "natping_interval", 10) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "sipping_method", "OPTIONS") modparam("nathelper", "received_avp", "$avp(i:42)") # Same Value as the registrar module modparam("nathelper", "sipping_from", "sip:pinger@sip.leurent.eu") # -- auth params -- #modparam("auth", "secret", "johndoessecretphrase") # Default is random => don't set it #modparam("auth", "nonce_expire", 300) # Time before nounce expiration modparam("auth_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf") # -- group_radius params -- modparam("group_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf") modparam("group_radius", "use_domain", 1) # username@domain will be used for lookup # -- avp_radius parameter -- #modparam("avp_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf") # -- acc params (with radius )-- modparam("acc", "radius_config", "/etc/radiusclient-ng/radiusclient.conf") modparam("acc", "radius_flag", 1) modparam("acc", "radius_missed_flag", 2) modparam("acc", "early_media", 1) modparam("acc", "report_cancels", 1) #modparam("acc", "report_ack", 0) modparam("acc", "detect_direction", 1) #modparam("acc", "log_flag", 1) # number of the flag which will be used to mark messages for accounting #modparam("acc", "log_level", 1) # Set the reporting log level #modparam("acc", "log_missed_flag", 2) # #modparam("acc", "failed_transaction_flag", 2) modparam("acc", "service_type", 15) # Radius service type used for accounting : 15 = (SIP) #modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp") # ATTENTION: DO NOT PUT ; at the end of the radius_extra attribute modparam("acc", "radius_extra", "Sip-Src-IP=$si; Sip-Src-Port=$sp; Canonical-URI=$avp(can_uri); Billing-Party=$avp(billing_party); SIP-Proxy-IP=$avp(sip_proxy_ip); User-Agent=$ua ") #Billing-Party=$avp(billing_party) #From-Header=$hdr(from); #User-Name=$fU; #From-Header=$avp(from_header); #Digest-Realm=$fd #Sip-From-Tag=$avp(from_header); #SIP-Method=$rm; # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; # NAT detection route(2); # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") { record_route(); }; # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); if(is_method("BYE")) { # log it all the time acc_rad_request("200 ok"); acc_log_request("200 ok"); } route(1); }; # Set the acc flags if(is_method("INVITE") && !has_totag()) { xlog("L_INFO", "I AM SETTING THE FLAGS FOR RADIUS \r\n"); $avp(can_uri) = $ru; # SIP Request's URI $avp(billing_party) = $fu; # From URI $avp(from_header) = $fU; # From URI username $avp(sip_proxy_ip) = $Ri; # Received IP address setflag(1); # radius_flag setflag(2); # radius_missed_flag }; # Functions when calling other domains if (!uri==myself) { # check if user is allowed to do voip calls to other domains # if(is_method("INVITE|MESSAGE")) { # if (radius_is_user_in("From", "voip")) { # sl_send_reply("403", "Forbidden VoIP"); # exit; # }; # }; # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") { sip_trace(); xlog("L_INFO", "$fU IS TRYING TO REGISTER \r\n"); if (!radius_www_authorize("sip.leurent.eu")) { www_challenge("sip.leurent.eu", "0"); # qop set to 1 xlog("L_INFO", "WWW_CHALLENGE of $si FAILED \r\n"); exit; }; #if (isflagset(5)) { if (isbflagset(3)) { #setflag(6); # if you want OPTIONS natpings uncomment next # setflag(7); # Deprecated setbflag(5); # Set Flag for SIP PINGING }; save("location"); xlog("L_INFO", "SAVE LOCATION OF $si \r\n"); exit; }; if (!lookup("location")) { # log to acc as missed call acc_rad_request("404 Not Found"); acc_log_request("404 Not Found"); xlog("L_DBG", "ACC RADIUS: 404 NOT FOUND FOR $si \r\n"); sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); }; route(1); } ## Generic Forward route[1] { if (subst_uri('/(sip:.*);nat=yes/\1/')){ #setflag(6); # Deprecated, for version 1.1 setbflag(3); }; #if (isflagset(5)||isflagset(6)) { if (isbflagset(3)) { route(3); } if (!t_relay()) { sl_reply_error(); }; exit; } # NAT Detection route[2]{ force_rport(); if (nat_uac_test("19")) { xlog("!!!!!!!!! NAT UAC TEST 19 SUCEDEED \r\n"); if (method=="REGISTER") { fix_nated_register(); } else { fix_nated_contact(); }; #setflag(5); Deprecated setbflag(3); }; } ## Route for natted contact route[3] { if (is_method("BYE|CANCEL")) { # Ajout Maison acc_rad_request("200 ok"); acc_log_request("200 ok"); #unforce_rtp_proxy(); } else if (is_method("INVITE")){ #force_rtp_proxy(); t_on_failure("1"); }; #if (isflagset(5)) if (isbflagset(3)){ search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes'); } t_on_reply("1"); } ## Failure Route 1 failure_route[1] { xlog("!!!!!!!!! ON FAILURE ROUTE \r\n"); #if (isflagset(6) || isflagset(5)) { if (isbflagset(3)) { #unforce_rtp_proxy(); } } ## Reply route onreply_route[1] { xlog("!!!!!!!!! ON REPLY ROUTE \r\n"); #if ((isflagset(5) || isflagset(6)) && status=~"(183)|(2[0-9][0-9])") { if (isbflagset(3) && status=~"(183)|(2[0-9][0-9])") { #force_rtp_proxy(); } search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes'); #if (isflagset(6)) { if (isbflagset(3)) { xlog("!!!!!!!!! ON REPLY ROUTE / FIX NATED CONTACT \r\n"); fix_nated_contact(); } exit; }