Hi. I've been trying to fix this issue by myself for about a month but definitely needs your help. I use SER 0.8.14 from CVS sources with RTPProxy V 1.19 and can't have RTP stream working through NAT (the phone rings -- SIP is OK). SER and RTPProxy run on the same server. RTPProxy is up and running, and I set 777 rights to the socket: [root@servername rtpproxy]# ll /var/run/rtpproxy.sock srwxrwxrwx 1 root root 0 Nov 8 16:22 /var/run/rtpproxy.sock= I use as a client X-Lite V2.0 on each side. Please find below the log (call initiated from Internet to a callee on our LAN) and the excellent ser.cfg file I found in the Serusers Archives. Thank you in advance for your help. Francois. ===================================================================================================================== LOG: ===================================================================================================================== Maxfwd module- initializing 0(28184) mod_init(): Database connection opened successfuly textops - initializing 0(0) INFO: udp_init: SO_RCVBUF is initially 65535 0(0) INFO: udp_init: SO_RCVBUF is finally 131070 1(28186) rtpp_test: RTP proxy found, support for it enabled 5(28195) INFO: fifo process starting: 28195 2(28187) rtpp_test: RTP proxy found, support for it enabled 3(28188) rtpp_test: RTP proxy found, support for it enabled 4(28194) rtpp_test: RTP proxy found, support for it enabled 5(28195) rtpp_test: RTP proxy found, support for it enabled 5(28195) SER: open_uac_fifo: fifo server up at /tmp/ser_fifo... 8(28208) rtpp_test: RTP proxy found, support for it enabled 6(28206) rtpp_test: RTP proxy found, support for it enabled 10(28213) rtpp_test: RTP proxy found, support for it enabled 7(28207) rtpp_test: RTP proxy found, support for it enabled 11(28214) rtpp_test: RTP proxy found, support for it enabled 9(28209) rtpp_test: RTP proxy found, support for it enabled 0(28184) rtpp_test: RTP proxy found, support for it enabled 4(28194) ------------------------------------------- 4(28194) entering main loop 4(28194) src address different than via header->NAT detected 4(28194) force_rport and fix_nated_contact and setflag(5) 4(28194) INVITE message received 4(28194) ------------------------------------------- 4(28194) entering route[1] - relaying SIP message 4(28194) at least one of the participants is NATed->record_route 4(28194) -->setting up reply processing ->onreply_route[1] 4(28194) INVITE request-->force_rtp_proxy, set NATED-INVITE flag(7) 4(28194) relaying message ... 3(28188) ------------------------------------------- 3(28188) onreply_route[1] entered 3(28188) status 100 received 4(28194) ------------------------------------------- 4(28194) onreply_route[1] entered 4(28194) status 180 received 2(28187) ------------------------------------------- 2(28187) onreply_route[1] entered 2(28187) status 2xx or 183 2(28187) marked(7) as NATED-INVITE -> force_rtp_proxy 2(28187) ERROR: send_rtpp_command: can't read reply from a RTP proxy 2(28187) ------------------------------------------- 2(28187) onreply_route[1] entered 2(28187) status 2xx or 183 2(28187) marked(7) as NATED-INVITE -> force_rtp_proxy 2(28187) ERROR: send_rtpp_command: can't connect to RTP proxy 3(28188) ------------------------------------------- 3(28188) entering main loop 3(28188) BYE message received 3(28188) ------------------------------------------- ======================================================================================================================== SER.CFG ======================================================================================================================== # # $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $ # # simple quick-start config script # # ----------- global configuration parameters ------------------------ debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=yes # (cmd line: -E) listen=<ip address in the DMZ> #listen=127.0.0.1 # hostname matching an alias will satisfy the condition uri==myself". alias=servername.mycompany.com alias=mycompany.com localhost # Uncomment these lines to enter debugging mode #debug=7 #fork=no #log_stderror=yes check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" # ------------------ module loading ---------------------------------- loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/textops.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" # load the voicemail module #loadmodule "/usr/local/lib/ser/modules/vm.so" # load the enum module loadmodule "/usr/local/lib/ser/modules/enum.so" # load the group module, to verify if a user forwards to voicemail loadmodule "/usr/local/lib/ser/modules/group.so" # load the nathelper module loadmodule "/usr/local/lib/ser/modules/nathelper.so" # ----------------- setting module-specific parameters --------------- # -- registrar parameter # special NAT flag indicates that a registered client is behind NAT modparam("registrar", "nat_flag", 6) # -- usrloc params -- #modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2) #modparam("usrloc", "db_url", "mysql://login:password@localhost/ser") modparam("usrloc|auth_db|acc|group|msilo|uri","db_url","mysql://login:password@localhost/ser") # -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password") #modparam("auth_db", "db_url", "mysql://login:password@localhost/ser") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # -- voicemail params -- #modparam("voicemail", "db_url","mysql://login:password@localhost/ser") # -- voicemail params -- #modparam("group", "db_url","mysql://login:password@localhost/ser") # -- nathelper params -- modparam("nathelper", "natping_interval", 60) modparam("nathelper", "ping_nated_only", 1) modparam("tm", "fr_inv_timer", 30 ) #modparam("tm", "fr_inv_timer", 8 ) #Explicitly set the socket used by rtpproxy #modparam("nathelpler", "rtpproxy_sock", "/var/run/rtpproxy.sock") # ------------------------- request routing logic ------------------- # main routing logic route{ log(1, "-------------------------------------------\n"); log(1, "entering main loop\n"); if (nat_uac_test("2")) { log(1, "src address different than via header->NAT detected\n"); log(1, "force_rport and fix_nated_contact and setflag(5)\n"); #try NAT traversal, works only if the client is symmetrical force_rport(); fix_nated_contact(); append_hf("P-hint: fixed NAT contact for request\r\n"); # flag 5 indicates that incoming request is from NATed client setflag(5); }; if (method=="REGISTER") log(1, "REGISTER message received\n"); if (method=="INVITE") log(1, "INVITE message received\n"); if (method=="ACK") log(1, "ACK message received\n"); if (method=="BYE") log(1, "BYE message received\n"); if (method=="CANCEL") log(1, "CANCEL message received\n"); if (method=="SUBSCRIBE") log(1, "SUBSCRIBE message received\n"); if (method=="NOTIFY") log(1, "NOTIFY message received\n"); if (method=="OPTIONS") log(1, "OPTIONS message received\n"); if (method=="INFO") log(1, "INFO message received\n"); if (method=="MESSAGE") log(1, "MESSAGE message received\n"); if (method=="REFER") log(1, "REFER message received\n"); # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (msg:len > max_len) { #if (len_gt( max_len )) { sl_send_reply("513", "Message too big"); break; }; # loose-route processing if (loose_route()) { log(1, "loose_route processing\n"); t_relay(); break; }; # create transaction state; abort if error occured # if ( !t_newtran()) { # sl_reply_error(); # break; # }; #new # now check if it's about PSTN destinations through our gateway; # note that 8.... is exempted for numerical non-gw destinations if (uri=~"^sip:0[0-9]*@.*") { route(3); break; }; # # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") { log(1, "analyzing REGISTER request\n"); # Uncomment this if you want to use digest authentication if (!www_authorize("servername.mycompany.com", "subscriber")) { www_challenge("servername.mycompany.com", "0"); break; }; if (isflagset(5)) { #register from nated client, save nat_flag=6 #in location table setflag(6); }; if (!save("location")) { log(1, "save location error\n"); sl_reply_error(); }; break; }; lookup("aliases"); #mark transaction for voicemail if (is_user_in("Request-URI", "voicemail\n")) { log(1, "requested user is in voicemail group"); setflag(4); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { # handle user which was not found log(1, "requested user not found\n"); route(4); break; }; }; #add failure route which should be performed if response code >=300 if (method=="INVITE" && isflagset(4)) { log(1, "invite for voicemail user->initiate failureroute[1]\n"); t_on_failure("1"); }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP route(1); } route[1]{ log(1, "-------------------------------------------\n"); log(1, "entering route[1] - relaying SIP message\n"); if ((isflagset(5)) || (isflagset(6))) { log(1, "at least one of the participants is NATed->record_route\n"); record_route(); log(1, " -->setting up reply processing ->onreply_route[1]"); t_on_reply("1"); if (method=="INVITE") { log(1, " INVITE request-->force_rtp_proxy, set NATED-INVITE flag(7)"); force_rtp_proxy(); append_hf("P-hint: request forced to rtp proxy\r\n"); setflag(7); }; }; log(1, "relaying message ...\n"); if (!t_relay()) { log(1, "t_relay error occured\n"); sl_reply_error(); }; } # all incoming replies for t_onrepli-ed transactions enter here onreply_route[1] { log(1, "-------------------------------------------\n"); log(1, "onreply_route[1] entered\n"); if (isflagset(6)) { log(1, "transaction was sent to a NATED client -> fix nated contact\n"); fix_nated_contact(); append_hf("P-hint: fixed NAT contact for response\r\n"); } if ( (status=~"100") ) { log(1, "status 100 received\n"); }; if ( (status=~"180") ) { log(1, "status 180 received\n"); }; if ( (status=~"202") ) { log(1, "status 202 received\n"); }; if ( (status=~"200" || status=~"183") ) { log(1, "status 2xx or 183"); if ( isflagset(7) ) { log(1, "marked(7) as NATED-INVITE -> force_rtp_proxy \n"); force_rtp_proxy(); append_hf("P-hint: response forced to rtp proxy\r\n"); }; }; } #new # logic for calls to the PSTN route[3] { # turn accounting on setflag(1); /* require all who call PSTN to be members of the "int" group; apply ACLs only to INVITEs -- we don't need to protect other requests, as they don't imply charges; also it could cause troubles when a call comes in via PSTN and goes to a party that can't authenticate (voicemail, other domain) -- BYEs would fail then; exempt Cisco gateway from authentication by IP address -- it does not support digest */ if (method=="INVITE" && (!src_ip==WhateverIP)) { if (!proxy_authorize( "servername.mycompany.com" /* realm */, "subscriber" /* table name */)) { proxy_challenge( "servername.mycompany.com" /* realm */, "0" /* no qop */ ); break; }; # let's check from=id ... avoids accounting confusion if(!is_user_in("credentials", "int")) { sl_send_reply("403", "NO PSTN Privileges..."); break; }; consume_credentials(); }; # INVITE to authorized PSTN # if you have passed through all the checks, let your call go to GW! force_rtp_proxy(); record_route(); t_on_reply("1"); # snom conditioner if (method=="INVITE" && search("User-Agent: snom")) { replace("100rel, ", ""); }; append_hf("P-hint: GATEWAY\r\n"); # use UDP to guarantee well-known sender port (TCP ephemeral) t_relay_to_udp("212.17.35.184","5060"); } route[4]{ log(1, "-------------------------------------------\n"); log(1, "entering route[4] = requested user not online\n"); # non-Voip -- just send "off-line" if (!(method == "INVITE" || method == "ACK" || method == "CANCEL" || method == "REFER" || method == "BYE")) { log(1, "no invite,ack,cancel,refer->return 404\n"); sl_send_reply("404", "Not Found"); break; }; # not voicemail subscriber and no echo/conference call if ( isflagset(4)) { log(1, "flag(4) active\n"); }; if (uri =~ "conference") { log(1, "conference call\n"); }; if (uri =~ "echo") { log(1, "echo call\n"); }; if ( !( isflagset(4) || (uri =~ "conference") || (uri =~ "echo") ) ) { log(1, "no voicemail subscriber->return 404"); sl_send_reply("404", "Not Found and no voicemail turned on"); break; }; if ( isflagset(5) ) { log(1, "caller is NATed->record_route\n"); record_route(); log(1, " -->setting up reply processing ->onreply_route[1]"); t_on_reply("1"); if (method=="INVITE") { log(1, " INVITE request-->force_rtp_proxy"); force_rtp_proxy(); }; }; # forward to voicemail now ² rewritehostport("WhateverIP:5060"); log(1, "forward to voicemail\n"); t_relay_to_udp("WhateverIP", "5060"); } failure_route[1] { /* XX: note: unsafe if preloaded routes without username used */ log(1, "-------------------------------------------\n"); log(1, "failureroute[1] entered\"); revert_uri(); rewritehostport("WhateverIP:5060"); append_branch(); t_relay_to_udp("WhateverIP", "5060"); } ************************ ADSL ILLIMITE TISCALI + TELEPHONE GRATUIT ************************ Surfez 40 fois plus vite pour 30EUR/mois seulement ! Et téléphonez partout en France gratuitement, vers les postes fixes (hors numéros spéciaux). Tarifs très avantageux vers les mobiles et l'international ! Pour profiter de cette offre exceptionnelle, cliquez ici : http://register.tiscali.fr/adsl (voir conditions sur le site)