When you have LAN/WAN setups, you need to turn on mhome (multihoming) if
your SER server has one LAN and one WAN interface. If not, you don't
need that switch. However, you need to make sure that calls between UAs
on the LAN don't get proxied and that contact and SDP fixup are done
correctly. The
files are meant for a public SER server where
ALL NATed UAs are proxied. This means that it will work if you set your
server on a public address and proxies also all calls between UAs on
your LAN (and your firewall has to support hairpinning, i.e. "turn in
the firewall"). Having SER on a non-public address opens up some issues
(you need to set advertised address and port in your ser.cfg and). Also,
your mediaproxy/rtpproxy must be on a public address. Rtpproxy has some
options (see readme file) that you can use to tell rtpproxy in which
direction LAN/WAN the message is going.
Of course, if somebody has a working config, you would be better off if
that somebody could post the config to the list. :-)
g-)
Americania .it wrote:
Hi,
I've tried a lot of examples and config. files but still I can't hear
any voice when a call is enstablished between users (Nat) outside the
Lan where ser in installed (local pc IP 10.0.0.133; LAn router Public
IP 80.105.2.110). Tried also from one user outside behind Nat and one
in my Lan .
I've enclosed trace.log with this case.
I've forwarded every ports I think that are needed to 10.0.0.133
(ports 5060 ; udp from 5060 - 5070; 35000 to 35020 ).
I've recompiled rtpproxy to use the range of ports 35000-35020.
I've also tried the config file from
onsip.org for rtpproxy and the
one for mediaproxy (with mediaproxy instead of rtpproxy). Whit that
config file I've also problems enstablishing the call from outside to
inside the Lan.
With the ser.cfg that is attached here I can enstablish tha call but
no voice (but I can see that 3cx Phone reports packets to be
transmitted from both the clients but no packets are received on them).
Can someone help me?
Thanks
ser.cfg :
# $Id: ser.cfg,v 1.25.2.1 2005/02/18 14:30:44 andrei Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
debug=4 # debug level (cmd line: -dddddddddd)
/* Uncomment these lines to enter debugging mode */
fork=no
log_stderror=yes
listen=10.0.0.133
alias=80.105.2.110
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://ser:heslo@localhost/ser"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
#loadmodule "/usr/lib/ser/modules/group.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
loadmodule "/usr/lib/ser/modules/uri.so"
loadmodule "/usr/lib/ser/modules/uri_db.so"
loadmodule "/usr/lib/ser/modules/nathelper.so"
loadmodule "/usr/lib/ser/modules/textops.so"
# ----------------- setting module-specific parameters ---------------
modparam("usrloc", "db_mode", 2)
modparam("auth_db|uri_db|usrloc",
"db_url","mysql://ser:heslo@localhost/ser")
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
# !! Nathelper
modparam("nathelper", "natping_interval", 30) # Ping interval 30 s
modparam("nathelper", "ping_nated_only", 1) # Ping only clients
behind NAT
modparam("registrar", "nat_flag", 6)
# -- rr params --
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
break;
};
# !! Nathelper
# Special handling for NATed clients; first, NAT test is
# executed: it looks for via!=received and RFC1918 addresses
# in Contact (may fail if line-folding is used); also,
# the received test should, if completed, should check all
# vias for rpesence of received
if (nat_uac_test("3")) {
# Allow RR-ed requests, as these may indicate that
# a NAT-enabled proxy takes care of it; unless it is
# a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:")) {
log("LOG: Someone trying to register from private IP,
rewriting\n");
# This will work only for user agents that support symmetric
# communication. We tested quite many of them and majority is
# smart enough to be symmetric. In some phones it takes a
configuration
# option. With Cisco 7960, it is called NAT_Enable=Yes,
with kphone it
is
# called "symmetric media" and "symmetric signalling".
fix_nated_contact(); # Rewrite contact with source IP of
signalling
if (method == "INVITE") {
fix_nated_sdp("1"); # Add direction=active to SDP
};
force_rport(); # Add rport parameter to topmost Via
setflag(6); # Mark as NATed
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER") record_route();
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
break;
};
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!www_authorize("80.105.2.110", "subscriber")) {
www_challenge("80.105.2.110", "0");
break;
};
save("location");
break;
};
lookup("aliases");
if (!uri==myself) {
append_hf("P-hint: outbound alias\r\n");
route(1);
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
append_hf("P-hint: usrloc applied\r\n");
route(1);
}
route[1]
{
# !! Nathelper
# if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)"
&& !search("^Route:")){
# sl_send_reply("479", "We don't forward to private IP
addresses");
# break;
# };
# if client or server know to be behind a NAT, enable relay
if (isflagset(6)) {
force_rtp_proxy();
};
# NAT processing of replies; apply to all transactions (for example,
# re-INVITEs from public to private UA are hard to identify as
# NATed at the moment of request processing); look at replies
t_on_reply("1");
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
}
# !! Nathelper
onreply_route[1] {
# NATed transaction ?
if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
fix_nated_contact();
force_rtp_proxy();
# otherwise, is it a transaction behind a NAT and we did not
# know at time of request processing ? (RFC1918 contacts)
} else if (nat_uac_test("1")) {
fix_nated_contact();
};
}
------------------------------------------------------------------------
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers