I would greatly appreciate knowing whether the following is possible with
openser and rtpproxy/nathelper.
1) I have a linksys router, NAT enabled with a SIP UA
2) I have an Openser/nathelper/rtpproxy server in the public internet space
(redhat as 3)
3) I have a SIP UA connected in a non nated environment
Running openser and rtpproxy with the enclosed configuration results in call
setup but no audio forwarded by openser from the NATED SIP UA to the non
nated SIP UA.
The non nated SIP UA initiates the call.
Stopping the rtpproxy results in receipt of audio from the nated SIP UA but
no audio is received from the non nated SIP UA.
Having spent numerous hours on this, I wonder if this is even possible.
The common questions answered below:
1) rtpproxy source was downloaded from the berilos CVS server and built
locally
2) the openser version is 1.0.0 downloaded the rpm from
openser.org
Openser.cfg
------------------------
#
# $Id: openser.cfg,v 1.4 2005/10/27 19:58:01 bogdan_iancu Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=yes # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/openser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
#loadmodule "/usr/lib/openser/modules/mysql.so"
loadmodule "/usr/lib/openser/modules/sl.so"
loadmodule "/usr/lib/openser/modules/tm.so"
loadmodule "/usr/lib/openser/modules/rr.so"
loadmodule "/usr/lib/openser/modules/maxfwd.so"
loadmodule "/usr/lib/openser/modules/usrloc.so"
loadmodule "/usr/lib/openser/modules/registrar.so"
loadmodule "/usr/lib/openser/modules/textops.so"
#--NatHelper
loadmodule "/usr/lib/openser/modules/nathelper.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
#loadmodule "/usr/lib/openser/modules/auth.so"
#loadmodule "/usr/lib/openser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# -- NATHelper --
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "rtpproxy_sock",
"/var/run/rtpproxy.sock")
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if(nat_uac_test("3")) {
if (method == "REGISTER" || !search("^Record-Route:")) {
log("LOG: Someone trying to register from private IP\n");
fix_nated_contact();
if (method == "INVITE") {
log("LOG: Fix nated sdp - INVITE \n");
fix_nated_sdp("1");
# record_route();
# force_rtp_proxy();
# t_on_reply("1");
# t_relay();
};
force_rport();
setflag(6);
};
};
if (!method=="REGISTER") {
record_route();
log("LOG: Someone trying to register from private IP\n");
# fix_nated_contact();
};
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
t_relay();
setflag(1);
return;
};
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
#if (!www_authorize("openser.org", "subscriber")) {
# www_challenge("openser.org", "0");
# exit;
#};
log("LOG: Caught NAT Register sFlag 6 forcing rtp proxy\n");
setflag(6);
# force_rport();
save("location");
exit;
};
lookup("aliases");
if (!uri==myself) {
append_hf("P-hint: outbound alias\r\n");
route(1);
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
exit;
};
append_hf("P-hint: usrloc applied\r\n");
};
route(1);
}
# Was
#route[1] {
# # send it out now; use stateful forwarding as it works reliably
# # even for UDP2TCP
# if (!t_relay()) {
# sl_reply_error();
# };
# exit;
#}
route[1] {
# !! Nathelper
#if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" &&
!search("^Route:")){
# sl_send_reply("479", "no forwarding to private IP");
# return;
# };
if (isflagset(6)) {
log("LOG: Caught NAT Flag 6 forcing rtp proxy\n");
force_rtp_proxy();
};
t_on_reply("1");
if (!t_relay()) {
sl_reply_error();
};
}
# ! Nathelper
onreply_route[1] {
# if (isflagset(2) && status =~"(183)|2[0-9][0-9]") {
if (status =~"(183)|2[0-9][0-9]") {
fix_nated_contact();
force_rtp_proxy();
} else if (nat_uac_test("1")) {
fix_nated_contact();
};
}