Hi,
I am running ser-0.8.14 with rtpproxy and
nathelper. I have also enabled STUN on the same server.
My SIP UA supports STUN, but my PSTN
gateway does not.
If I don't enable STUN on SIP UA, I can route
the call to PSTN gateway successfully using rtpproxy.
If I enable STUN on SIP UA, I cannot route the
call out to PSTN gateway. On ringing sound is heard on callie, but no voice
passing through.
I use t_relay_to_udp to forward the call to
PSTN gateway. It seems that if STUN is supported on SIP UA, the call cannot
be routed to PSTN gateway.
Hope someone could fix this
problem.
Best wishes,
Thomas
My ser.cfg is as follows:
# ----------- global
configuration parameters
------------------------
debug=7
# debug level (cmd line:
-dddddddddd)
fork=yes
log_stderror=yes
# (cmd line: -E)
/* Uncomment these lines to enter debugging mode
fork=no
log_stderror=yes
*/
check_via=no
# (cmd. line:
-v)
dns=no #
(cmd. line: -r)
rev_dns=no # (cmd. line:
-R)
port=5060
children=4
fifo="/tmp/ser_fifo"
#
------------------ module loading ----------------------------------
#
Uncomment this if you want to use SQL database
#loadmodule
"/usr/local/lib/ser/modules/mysql.so"
loadmodule
"/usr/lib/ser/modules/sl.so"
loadmodule
"/usr/lib/ser/modules/tm.so"
loadmodule
"/usr/lib/ser/modules/rr.so"
loadmodule
"/usr/lib/ser/modules/maxfwd.so"
loadmodule
"/usr/lib/ser/modules/usrloc.so"
loadmodule
"/usr/lib/ser/modules/registrar.so"
loadmodule
"/usr/lib/ser/modules/textops.so"
# Uncomment this if you want digest
authentication
# mysql.so must be loaded !
#loadmodule
"/usr/lib/ser/modules/auth.so"
#loadmodule
"/usr/lib/ser/modules/auth_db.so"
# !! Nathelper
loadmodule
"/usr/lib/ser/modules/nathelper.so"
# ----------------- setting
module-specific parameters ---------------
# -- usrloc params
--
modparam("usrloc", "db_mode", 0)
# Uncomment this
if you want to use SQL database
# for persistent storage and comment the
previous line
#modparam("usrloc", "db_mode", 2)
# -- auth params
--
# Uncomment if you are using auth module
#
#modparam("auth_db",
"calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes
(which true in this config),
# uncomment also the following
parameter)
#
#modparam("auth_db", "password_column", "password")
#
-- rr params --
# add value to ;lr param to make some broken UAs
happy
modparam("rr", "enable_full_lr", 1)
# !!
Nathelper
modparam("registrar", "nat_flag", 6)
modparam("nathelper",
"natping_interval", 30) # Ping interval 30 s
#modparam("nathelper",
"ping_nated_only", 1) # Ping only clients behind NAT
#
------------------------- request routing logic
-------------------
# main routing
logic
route{
# initial
sanity checks -- messages with
#
max_forwards==0, or excessively long
requests
if
(!mf_process_maxfwd_header("10"))
{
sl_send_reply("483","Too Many
Hops");
break;
};
if (msg:len >= max_len
)
{
sl_send_reply("513", "Message too
big");
break;
};
# !!
Nathelper
# Special handling for
NATed clients; first, NAT test is
# executed: it looks for via!=received and RFC1918
addresses
# in Contact (may fail
if line-folding is used); also,
#
the received test should, if completed, should check
all
# vias for rpesence of
received
#if (nat_uac_test("3"))
{
# Allow RR-ed requests, as these may indicate
that
# a NAT-enabled proxy takes care of it; unless it
is
# a
REGISTER
if (method == "REGISTER" || ! search("^Record-Route:"))
{
log("LOG: Someone trying to register from private IP,
rewriting\n");
# This will work only for user agents that support
symmetric
# communication. We tested quite many of them and majority
is
# smart enough to be symmetric. In some phones it takes a
configuration
# option. With Cisco 7960, it is called NAT_Enable=Yes,
with kphone it
is
# called "symmetric media" and "symmetric
signalling".
fix_nated_contact(); # Rewrite contact with source IP of
signalling
if (method == "INVITE")
{
fix_nated_sdp("1"); # Add direction=active to
SDP
};
force_rport(); # Add rport parameter to topmost
Via
setflag(6); # Mark as
NATed
};
#};
# we record-route all
messages -- to make sure that
#
subsequent messages will go through our proxy;
that's
# particularly good if
upstream and downstream entities
#
use different transport protocol
if (!method=="REGISTER")
record_route();
# subsequent messages withing
a dialog should take the
# path
determined by record-routing
if
(loose_route())
{
# mark routing logic in
request
append_hf("P-hint: rr-enforced\r\n");
route(1);
break;
};
if (!uri==myself)
{
# mark routing logic in
request
append_hf("P-hint: outbound\r\n");
route(1);
break;
};
# if the request is for
other domain use UsrLoc
# (in
case, it does not work, use the following
command
# with proper names and
addresses in it)
if (uri==myself)
{
if (method=="REGISTER")
{
# Uncomment this if you want to use digest
authentication
#
if (!www_authorize("iptel.org", "subscriber"))
{
#
www_challenge("iptel.org",
"0");
#
break;
#
};
save("location");
break;
};
lookup("aliases");
if (!uri==myself)
{
append_hf("P-hint: outbound alias\r\n");
route(1);
break;
};
# native SIP destinations are handled using our USRLOC
DB
if (!lookup("location"))
{
sl_send_reply("404", "Not
Found");
break;
};
};
append_hf("P-hint: usrloc
applied\r\n");
route(1);
}
route[1]
{
# !!
Nathelper
if
(uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" &&
!
search("^Route:")){
sl_send_reply("479", "We don't forward to private IP
addresses");
break;
};
# if client or server know to be
behind a NAT, enable relay
if
(isflagset(6))
{
force_rtp_proxy();
};
# NAT processing of
replies; apply to all transactions (for
example,
# re-INVITEs from public
to private UA are hard to identify
as
# NATed at the moment of
request processing); look at
replies
t_on_reply("1");
# send it out
now; use stateful forwarding as it works
reliably
# even for
UDP2TCP
if (!t_relay())
{
sl_reply_error();
};
}
#
!! Nathelper
onreply_route[1] {
# NATed transaction
?
if (isflagset(6) && status =~
"(183)|2[0-9][0-9]") {
fix_nated_contact();
force_rtp_proxy();
# otherwise, is it a transaction behind
a NAT and we did not
# know at time of request processing
? (RFC1918 contacts)
} else
{
fix_nated_contact();
};
}