Re: [OpenSER-Users] NAT + STUN

According to what I said, it is not a problem that the phones answered with a SIP/2.0 481 CallLeg/Transaction Does Not Exist. to SIP pings. What is important is that is will maintain the path through NAT My only problem is with BYE requests that are not forwarded by OpenSER to the second user Is there something wrong in my openser.cfg??? # # $Id: openser.cfg 1827 2007-03-12 15:22:53Z bogdan_iancu $ # # simple quick-start config script # Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php # for a explanation of possible statements, functions and parameters. # # ----------- global configuration parameters ------------------------ debug=7 # debug level (cmd line: -dddddddddd) fork=no log_stderror=yes # (cmd line: -E) children=4 #alias=sd-7501.dedibox.fr port=5060 #server_signature=yes #tos=IPTOS_LOWDELAY avp_aliases="day=i:101;time=i:102;can_uri=i:800;s_ip=i:801;billing_party=i:802;from_header=i:803;sip_proxy_ip=i:804" #;pstnuser=i:805;pstnpassword=i:806:pstnrealm=i:807" # ------------------ module loading ---------------------------------- #set module path mpath="/usr/lib/openser/modules/" # Uncomment this if you want to use SQL database loadmodule "mysql.so" loadmodule "sl.so" # Stateless Module loadmodule "tm.so" # Transaction Module loadmodule "rr.so" # Record-Route and Route Module loadmodule "maxfwd.so" # Max-Forward processor Module loadmodule "usrloc.so" # User Location Implementation Module loadmodule "registrar.so" # SIP Registrat Implementation Module (need usrloc) loadmodule "textops.so" # Text Operation Module loadmodule "mi_fifo.so" # FIFO transport layer implementation for Management Interface loadmodule "acc.so" # Accounting Module loadmodule "avpops.so" # AVP Operation Module (user preference) loadmodule "uri.so" # Generic URI operation Module loadmodule "auth.so" # Authentification Module #loadmodule "auth_db.so" # Database-backend Authentication mMdule loadmodule "auth_radius.so" # RADIUS-backend Authentication Module loadmodule "group_radius.so" # User-groups Module with RADIUS-backend #loadmodule "avp_radius.so" # RADIUS-backend for AVP loading Module #loadmodule "presence.so" # Presence server Module #loadmodule "pua.so" # Common API for presence user agent client loadmodule "options.so" # OPTIONS server replier Module loadmodule "xlog.so" # Advanced Logger Module loadmodule "nathelper.so" # NAT Traversal Helper Module #loadmodule "dispatcher.so" # Dispatcher (load-balancer) Module loadmodule "uac.so" # User Agent Client loadmodule "siptrace.so" # SipTrace module (storage of SIP requests) #loadmodule "exec.so" # Allows to start an external command from a OpenSER script # ----------------- setting module-specific parameters --------------- # -- maxfwd params -- modparam("maxfwd", "max_limit", 10) # Default is 256 | 10 in the functions # -- sl params -- #modparam("sl", "enable_stats", 1) # -- mi_fifo params -- modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo") # -- usrloc params -- # Uncomment this if you want to use SQL database modparam("usrloc", "db_mode", 1) # Write instantaneously in the DB modparam("usrloc", "db_url", "mysql://openser:test@127.0.0.1/openser") modparam("usrloc", "timer_interval", 10) modparam("usrloc", "nat_bflag" , 3) # -- rr params -- modparam("rr", "enable_full_lr", 1) # add value to ;lr param to make some broken UAs happy # -- siptrace params -- modparam("siptrace", "db_url", "mysql://openser:test@127.0.0.1/openser") modparam("siptrace", "table", "sip_trace") # Default value "sip_trace" modparam("siptrace", "trace_on", 1) # -- registrar params -- modparam("registrar", "default_expires", 1800) modparam("registrar", "received_avp", "$avp(i:42)") # -- nathelper params -- modparam("nathelper", "rtpproxy_disable", 1) modparam("nathelper", "sipping_bflag", 5) modparam("nathelper", "natping_interval", 10) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "sipping_method", "OPTIONS") modparam("nathelper", "received_avp", "$avp(i:42)") # Same Value as the registrar module modparam("nathelper", "sipping_from", "sip:pinger@sd-7501.dedibox.fr") # -- auth params -- #modparam("auth", "secret", "johndoessecretphrase") # Default is random => don't set it #modparam("auth", "nonce_expire", 300) # Time before nounce expiration modparam("auth_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf") # -- group_radius params -- modparam("group_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf") modparam("group_radius", "use_domain", 1) # username@domain will be used for lookup # -- avp_radius parameter -- #modparam("avp_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf") # -- acc params (with radius )-- modparam("acc", "radius_config", "/etc/radiusclient-ng/radiusclient.conf") modparam("acc", "radius_flag", 1) modparam("acc", "radius_missed_flag", 2) modparam("acc", "early_media", 1) modparam("acc", "report_cancels", 1) #modparam("acc", "report_ack", 0) modparam("acc", "detect_direction", 1) #modparam("acc", "log_flag", 1) # number of the flag which will be used to mark messages for accounting #modparam("acc", "log_level", 1) # Set the reporting log level #modparam("acc", "log_missed_flag", 2) # #modparam("acc", "failed_transaction_flag", 2) modparam("acc", "service_type", 15) # Radius service type used for accounting : 15 = (SIP) #modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp") # ATTENTION: DO NOT PUT ; at the end of the radius_extra attribute modparam("acc", "radius_extra", "Sip-Src-IP=$si; Sip-Src-Port=$sp; Canonical-URI=$avp(can_uri); Billing-Party=$avp(billing_party); SIP-Proxy-IP=$avp(sip_proxy_ip); User-Agent=$ua ") #Billing-Party=$avp(billing_party) #From-Header=$hdr(from); #User-Name=$fU; #From-Header=$avp(from_header); #Digest-Realm=$fd #Sip-From-Tag=$avp(from_header); #SIP-Method=$rm; # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; # NAT detection route(2); # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") { record_route(); }; # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); if(is_method("BYE")) { # log it all the time acc_rad_request("200 ok"); acc_log_request("200 ok"); } route(1); }; # Set the acc flags if(is_method("INVITE") && !has_totag()) { xlog("L_INFO", "I AM SETTING THE FLAGS FOR RADIUS \r\n"); $avp(can_uri) = $ru; # SIP Request's URI $avp(billing_party) = $fu; # From URI $avp(from_header) = $fU; # From URI username $avp(sip_proxy_ip) = $Ri; # Received IP address setflag(1); # radius_flag setflag(2); # radius_missed_flag }; # Functions when calling other domains if (!uri==myself) { # check if user is allowed to do voip calls to other domains # if(is_method("INVITE|MESSAGE")) { # if (radius_is_user_in("From", "voip")) { # sl_send_reply("403", "Forbidden VoIP"); # exit; # }; # }; # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") { sip_trace(); xlog("L_INFO", "$fU IS TRYING TO REGISTER \r\n"); if (!radius_www_authorize("sd-7501.dedibox.fr")) { www_challenge("sd-7501.dedibox.fr", "0"); # qop set to 1 xlog("L_INFO", "WWW_CHALLENGE of $si FAILED \r\n"); exit; }; #if (isflagset(5)) { if (isbflagset(3)) { #setflag(6); # if you want OPTIONS natpings uncomment next # setflag(7); # Deprecated setbflag(5); # Set Flag for SIP PINGING }; save("location"); xlog("L_INFO", "SAVE LOCATION OF $si \r\n"); exit; }; if (!lookup("location")) { # log to acc as missed call acc_rad_request("404 Not Found"); acc_log_request("404 Not Found"); xlog("L_DBG", "ACC RADIUS: 404 NOT FOUND FOR $si \r\n"); sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); }; route(1); } ## Generic Forward route[1] { if (subst_uri('/(sip:.*);nat=yes/\1/')){ #setflag(6); # Deprecated, for version 1.1 setbflag(3); }; #if (isflagset(5)||isflagset(6)) { if (isbflagset(3)) { route(3); } if (!t_relay()) { sl_reply_error(); }; exit; } # NAT Detection route[2]{ force_rport(); if (nat_uac_test("19")) { xlog("!!!!!!!!! NAT UAC TEST 19 SUCEDEED \r\n"); if (method=="REGISTER") { fix_nated_register(); } else { fix_nated_contact(); }; #setflag(5); Deprecated setbflag(3); }; } ## Route for natted contact route[3] { if (is_method("BYE|CANCEL")) { # Ajout Maison acc_rad_request("200 ok"); acc_log_request("200 ok"); #unforce_rtp_proxy(); } else if (is_method("INVITE")){ #force_rtp_proxy(); t_on_failure("1"); }; #if (isflagset(5)) if (isbflagset(3)){ search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes'); } t_on_reply("1"); } ## Failure Route 1 failure_route[1] { xlog("!!!!!!!!! ON FAILURE ROUTE \r\n"); #if (isflagset(6) || isflagset(5)) { if (isbflagset(3)) { #unforce_rtp_proxy(); } } ## Reply route onreply_route[1] { xlog("!!!!!!!!! ON REPLY ROUTE \r\n"); #if ((isflagset(5) || isflagset(6)) && status=~"(183)|(2[0-9][0-9])") { if (isbflagset(3) && status=~"(183)|(2[0-9][0-9])") { #force_rtp_proxy(); } search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes'); #if (isflagset(6)) { if (isbflagset(3)) { xlog("!!!!!!!!! ON REPLY ROUTE / FIX NATED CONTACT \r\n"); fix_nated_contact(); } exit; } Dan-Cristian Bogos a écrit :