Hi I think I am very close to solve this issue, based on suggestions of Tavis and Klaus for openser in: http://openser.org/dokuwiki/doku.php?id=how_to_set_up_nathelper_rtpproxy_wh… I´ve been able to disable rtpproxy in this case but I have a problem with accounting, if the callee hungup first appears an error and no cdr for BYE is generated until caller hungup the call, bellow the errors and config. thanks for any help rafael error when callee hungup tha call: 2(21685) entering main loop 2(21685) BYE - STOP ACCOUNTING 2(21685) ERROR: udp_send: sendto(sock,0x4051ea70,588,0,0x4051f27c,16): Operation not permitted(1) 2(21685) msg_send: ERROR: udp_send failed 2(21685) ERROR:tm:t_forward_nonack: sending request failed more detailed (debug=6) ::: 4(22193) ------------------------------------------- 4(22193) entering main loop 4(22193) parse_headers: flags=100 4(22193) DEBUG: add_param: tag=1184914029 4(22193) DEBUG:parse_to:end of header reached, state=29 4(22193) DEBUG: get_hdr_field: <To> [56]; uri=[sip:6606060@mydomain.com.pe] 4(22193) DEBUG: to body [Rafo <sip:6606060@mydomain.com.pe>] 4(22193) get_hdr_field: cseq <CSeq>: <54121> <BYE> 4(22193) DEBUG:maxfwd:is_maxfwd_present: value = 70 4(22193) BYE - STOP ACCOUNTING 4(22193) DEBUG: add_param: tag=3658302912 4(22193) DEBUG:parse_to:end of header reached, state=29 4(22193) parse_headers: flags=40 4(22193) parse_headers: flags=200 4(22193) is_preloaded: No 4(22193) grep_sock_info - checking if host==us: 13==13 && [192.168.1.205] == [10.0.2.130] 4(22193) grep_sock_info - checking if port 5060 matches port 5060 4(22193) grep_sock_info - checking if host==us: 13==9 && [192.168.1.205] == [127.0.0.1] 4(22193) grep_sock_info - checking if port 5060 matches port 5060 4(22193) grep_sock_info - checking if host==us: 13==13 && [192.168.1.205] == [10.0.2.130] 4(22193) grep_sock_info - checking if port 5060 matches port 5060 4(22193) grep_sock_info - checking if host==us: 13==9 && [192.168.1.205] == [127.0.0.1] 4(22193) grep_sock_info - checking if port 5060 matches port 5060 4(22193) check_self: host != me 4(22193) grep_sock_info - checking if host==us: 13==13 && [10.0.2.130] == [10.0.2.130] 4(22193) grep_sock_info - checking if port 5060 matches port 5060 4(22193) after_loose: Topmost route URI: 'sip:10.0.2.130;ftag=1184914029;lr=on' is me 4(22193) parse_headers: flags=200 4(22193) DEBUG: get_hdr_body : content_length=0 4(22193) found end of header 4(22193) find_next_route: No next Route HF found 4(22193) after_loose: No next URI found 4(22193) DEBUG: has_totag: totag found 4(22193) DEBUG: t_newtran: msg id=12 , global msg id=5 , T on entrance=0xffffffff 4(22193) parse_headers: flags=ffffffffffffffff 4(22193) parse_headers: flags=78 4(22193) t_lookup_request: start searching: hash=46346, isACK=0 4(22193) DEBUG: RFC3261 transaction matching failed 4(22193) DEBUG: t_lookup_request: no transaction found 4(22193) DBG: trans=0x4051f1b0, callback type 1, id 0 entered 4(22193) parse_headers: flags=58 4(22193) DEBUG: mk_proxy: doing DNS lookup... 4(22193) check_via_address(10.0.1.25, 192.168.1.100, 0) 4(22193) ERROR: udp_send: sendto(sock,0x4051e800,588,0,0x4051f2ac,16): Operation not permitted(1) 4(22193) msg_send: ERROR: udp_send failed 4(22193) ERROR:tm:t_forward_nonack: sending request failed 4(22193) DEBUG: add_to_tail_of_timer[4]: 0x4051f2cc 4(22193) DEBUG: add_to_tail_of_timer[0]: 0x4051f2dc 4(22193) ERROR:tm:t_relay_to: t_forward_nonack returned error 4(22193) parse_headers: flags=ffffffffffffffff 4(22193) check_via_address(10.0.1.25, 192.168.1.100, 0) 4(22193) WARNING:vqm_resize: resize(0) called 4(22193) DBG: trans=0x4051f1b0, callback type 128, id 0 entered 4(22193) DEBUG: cleanup_uac_timers: RETR/FR timers reset 4(22193) DEBUG: add_to_tail_of_timer[2]: 0x4051f1f8 4(22193) DEBUG:tm:_reply_light: reply sent out. buf=0x8136738: SIP/2.0 4..., shmem=0x40520728: SIP/2.0 4 4(22193) DEBUG:tm:_reply_light: finished 4(22193) ERROR: generation of a stateful reply on error succeeded 4(22193) DEBUG:destroy_avp_list: destroying list (nil) 4(22193) receive_msg: cleaning up 2(22191) udp_rcv_loop: probing packet received from 10.0.1.25 54330 10(22199) DEBUG: timer routine:0,tl=0x4051f2dc next=(nil) 10(22199) DEBUG: timer routine:4,tl=0x4051f2cc next=(nil) 4(22193) SIP Request: 4(22193) method: <REGISTER> 4(22193) uri: <sip:mydomain.com.pe> 4(22193) version: <SIP/2.0> 4(22193) parse_headers: flags=2 4(22193) Found param type 232, <branch> = <z9hG4bK08ac1f39>; state=6 4(22193) Found param type 235, <rport> = <n/a>; state=17 4(22193) end of header reached, state=5 4(22193) parse_headers: Via found, flags=2 4(22193) parse_headers: this is the first via 4(22193) After parse_msg... 4(22193) preparing to run routing scripts... 4(22193) ------------------------------------------- # ----------- global configuration parameters ------------------------ #/* Uncomment these lines to enter debugging mode debug=6 fork=yes log_stderror=yes #*/ listen=10.0.2.130 listen=127.0.0.1 port=5060 # hostname matching an alias will satisfy the condition uri==myself". alias=mydomain.com.pe alias=10.0.2.130 alias=127.0.0.1 check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) children=4 fifo="/tmp/openser_fifo" fifo_mode=0666 # Fifo permissions can be changes from here. # sip_warning - Should replies include extensive warnings? # By default yes, it is good for trouble-shooting. sip_warning=yes # ------------------ module loading ---------------------------------- loadmodule "/usr/local/lib/openser/modules/domain.so" loadmodule "/usr/local/lib/openser/modules/avpops.so" loadmodule "/usr/local/lib/openser/modules/mysql.so" loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule "/usr/local/lib/openser/modules/tm.so" loadmodule "/usr/local/lib/openser/modules/rr.so" loadmodule "/usr/local/lib/openser/modules/maxfwd.so" loadmodule "/usr/local/lib/openser/modules/usrloc.so" loadmodule "/usr/local/lib/openser/modules/registrar.so" loadmodule "/usr/local/lib/openser/modules/group.so" loadmodule "/usr/local/lib/openser/modules/uri.so" loadmodule "/usr/local/lib/openser/modules/uri_db.so" loadmodule "/usr/local/lib/openser/modules/acc.so" loadmodule "/usr/local/lib/openser/modules/textops.so" loadmodule "/usr/local/lib/openser/modules/xlog.so" # digest authentication loadmodule "/usr/local/lib/openser/modules/auth.so" loadmodule "/usr/local/lib/openser/modules/auth_db.so" # !! Nathelper loadmodule "/usr/local/lib/openser/modules/nathelper.so" # ----------------- setting module-specific parameters --------------- modparam("usrloc", "db_mode", 2) # minimize write back window - default is 60 seconds modparam("usrloc", "timer_interval", 10) # database location modparam("usrloc", "db_url", "mysql://admin:heslo@localhost/openser") modparam("usrloc", "use_domain", 1) modparam("auth_db", "use_domain", 1) modparam("domain", "db_mode", 1) modparam("domain", "domain_table", "domain") modparam("domain", "domain_col", "domain") # ------------- Mysql Accounting parameters modparam("acc", "log_flag", 1) modparam("acc", "log_level", 2) modparam("acc", "db_flag", 1) modparam("acc", "db_missed_flag", 3) modparam("acc", "log_missed_flag", 3) modparam("acc", "db_url", "mysql://admin:heslo@localhost/openser") modparam("acc", "report_ack", 0) modparam("acc", "log_fmt", "miocfsputdr") modparam("tm", "fr_timer", 20 ) modparam("tm", "fr_inv_timer", 40 ) # Timer which hits if no final reply for an INVITE modparam("tm", "wt_timer", 20 ) # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) modparam("group", "db_url", "mysql://seradmin:heslo@localhost/openser") modparam("uri_db", "db_url", "mysql://seradmin:heslo@localhost/openser") # ------------- registration parameters modparam("registrar", "nat_flag", 6) modparam("registrar", "min_expires", 60) modparam("registrar", "max_expires", 86400) modparam("registrar", "default_expires", 3600) modparam("registrar", "desc_time_order", 1) modparam("registrar", "append_branches", 1) modparam("registrar", "use_domain", 1) # !! Nathelper # modparam("registrar", "nat_flag", 6) modparam("nathelper", "natping_interval", 30) # Ping interval 30 s modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT # -------------------------- request routing logic -------------------------- route { log(1, "-------------------------------------------\n"); log(1, "entering main loop\n"); # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); return; }; if ( msg:len >= max_len ) { sl_send_reply("513", "Message too big"); return; }; # set flag for Radius Accounting: if (!method=="OPTIONS") setflag(3); if (method=="INVITE") { log(1, "INVITE MESSAGE RECEIVED - START ACC\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ }; if (method=="BYE") { log (1, "BYE - STOP ACCOUNTING\n"); setflag(1); }; if (method=="CANCEL") { log (1, "CANCEL - STOP ACCOUNTING\n"); setflag(1); }; if (method=="ACK") log(1, "ACK message received\n"); if (method=="SUBSCRIBE") log(1, "SUBSCRIBE message received\n"); if (method=="NOTIFY") log(1, "NOTIFY message received\n"); if (method=="OPTIONS") log(1, "OPTIONS MESSAGE RECEIVED\n"); if (method=="INFO") log(1, "INFO message received\n"); if (method=="MESSAGE") log(1, "MESSAGE message received\n"); if (method=="REFER") log(1, "REFER message received\n"); # ----------------------------------------------------------------- # Record Route Section # ----------------------------------------------------------------- # record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route(); if (method=="BYE" || method=="CANCEL") { unforce_rtp_proxy(); }; # ----------------------------------------------------------------- # Loose Route Section # ----------------------------------------------------------------- if (loose_route() && (!src_ip==10.0.2.130 && !src_port==5070)) { if (has_totag() && (method=="INVITE" || method=="ACK")) { if (nat_uac_test("19")) { setflag(7); force_rport(); fix_nated_contact(); }; force_rtp_proxy("l"); }; route(2); return; }; # ----------------------------------------------------------------- # Call Type Processing Section # ----------------------------------------------------------------- if (!uri==myself && (!src_ip==10.0.2.130 && !src_port==5070)) { route(1); return; }; if (method=="CANCEL") { route(2); return; }; if (method == "REGISTER") { if (!search("^Contact:[ ]*\*") && nat_uac_test("19")) { setflag(6); fix_nated_register(); force_rport(); }; sl_send_reply("100", "Trying"); log(1, "ANALYZING REGISTER REQUEST\n"); # ... to use digest authentication if (is_user_in("Request-URI", "desactivado")) { sl_send_reply("402", "Su cuenta fue desactivada por falta de pago"); return; }; if (!www_authorize("", "subscriber")) { log(1," ----- Fails to Register \n"); www_challenge("", "0"); return; }; # only signed users are allowed if (!check_to()) { log(1, "LOG: Hijack!!!--> unsigned user registration attempt\n"); sl_send_reply("403", "hijack attempt!!!! Only signed users are allowed"); return; }; consume_credentials(); log(1," Registered!!! \n"); if (!save("location")) { sl_reply_error(); }; return; }; # INVITE ? First check the source of the call #******************************************** # If the call comes from the gateways, no authentication is required. if (method == "INVITE" && (src_ip==10.0.2.145 || src_ip==10.0.2.132|| src_ip== 10.0.2.131)) { log(1,"Call from pstn|*, no authentication is required. \n"); # If the call comes from B2BUA, no authentication is required. # The first leg of the call has already been authenticated. } else if (src_ip==10.0.2.130 && src_port==5070) { log(1,"Call from B2BUA, no authentication is required. \n"); } else { log(1, "ANALYZING INVITE REQUESTs\n"); if (method == "INVITE" && !src_ip==10.0.2.130 && !src_port==5070){ if (!proxy_authorize("", "subscriber")) { proxy_challenge("", "0"); return; } else { if (!check_from()) { sl_send_reply("403", "Only registered users are allowed"); log(1," ----> Only registered users are allowed \n"); return; }; consume_credentials(); if (nat_uac_test("19")) { setflag(7); }; }; # Not all the users are PREPAID, so we check the database # to see if the call will be routed through B2BUA. # If every call is to be routed through B2BUA the "is_user_in" # conditional is not required. # Do not use b2bua for local calls (660++++) if (is_user_in("From", "prepaidb") && uri=~"^sip:00") { log(1," ----> Usuario PREPAGO!!! enviando a b2bua... \n"); rewritehostport("10.0.2.130:5070"); t_relay_to_udp("10.0.2.130", "5070"); return; }; }; }; # End of if (method == "INVITE" |... /* *********** Dial out to Local and PSTN logic ********* */ if(uri=~"^sip:001"){ log(1,"00N match - Larga Distancia Internacional a USA \n"); if (!is_user_in("from", "ldiusa")) { log(1,"No permission for international calls to USA \n"); sl_send_reply("403", "No permission for international calls to USA"); acc_db_request("403 Forbidden", "missed_calls"); return; }; rewritehostport("10.0.2.131:5070"); strip(2); route(1); return; }; if(uri=~"^sip:00"){ log(1,"00N match - Larga Distancia Internacional \n"); if (!is_user_in("from", "ldix")) { log(1,"No permission for international calls \n"); sl_send_reply("403", "No permission for international calls"); acc_db_request("403 Forbidden", "missed_calls"); return; }; rewritehostport("10.0.2.131:5070"); strip(2); route(1); return; }; /* ******************************************************************** */ lookup("aliases"); if (uri!=myself) { route(1); return; }; # does the user wish redirection on no availability? (i.e., is he # in the voicemail group?) -- determine it now and store it in # flag 4, before we rewrite the flag using UsrLoc if (is_user_in("Request-URI", "voicemail")) { log(1, "requested user is in voicemail group \n"); setflag(4); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { log(1,"unable to locate user X ... sending to route(4)! \n"); # handle user which was not found route(4); return; }; ### if UAS are behind the same NAT system: ### if (isflagset(6) && isflagset(7)){ log(2, "Both Clients are behind NAT"); # Store the destination domain into an AVP avp_printf("i:450", "$dd"); if (avp_check("i:450", "eq/$src_ip/g")){ log(3, "Detected Two Clients Behind the Same NAT - Disabling Mediaproxy"); # Do not use media-proxy as the clients seem to be behind the same NAT resetflag(6); resetflag(7); route(2); return; }; }; route(1); # if user is on-line and is in Voicemail group, enable redirection if (method == "INVITE" && isflagset(4)) { log(1, "invite for voicemail user->initiate failureroute[1]\n"); t_on_failure("1"); }; } ### ##### ####### ########## ########### ############### ################# ##################### route[1] { # if client or server know to be behind a NAT, enable relay if (isflagset(6) || isflagset(7)) { force_rport(); fix_nated_contact(); force_rtp_proxy(); }; # NAT processing of replies; apply to all transactions (for example, # re-INVITEs from public to private UA are hard to identify as # NATed at the moment of request processing); look at replies t_on_reply("1"); # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { if (method=="INVITE" && (isflagset(6) || isflagset(7))) { unforce_rtp_proxy(); }; sl_reply_error(); }; log(1, "Route[1]: Send it out now!!!\n"); } # !! Nathelper onreply_route[1] { # NATed transaction ? # Not all 2xx messages have a content body so here we # make sure our Content-Length > 0 to avoid a parse error if ((isflagset(6) || isflagset(7)) && status =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); if (!search("^Content-Length:\ 0")) { force_rtp_proxy(); log(1, "onreply_route1: force rtp proxy!!!\n"); }; # otherwise, is it a transaction behind a NAT and we did not # know at time of request processing ? (RFC1918 contacts) } else if (nat_uac_test("1")) { fix_nated_contact(); }; } # -------------- Default Message Handler --------------------- route[2]{ # ---------------------------------------------------- # Default Message Handler # ---------------------------------------------------- t_on_reply("1"); if (!t_relay()) { if (method=="INVITE" && isflagset(7)) { unforce_rtp_proxy(); }; sl_reply_error(); }; } # --------------- Handling of Unavailable user ---------------- route[4] { # non-Voip -- just send "off-line" if (!(method=="INVITE" || method=="ACK" || method=="CANCEL" || method=="BYE" || method=="OPTIONS")) { sl_send_reply("404", "Not Found"); acc_db_request("404 Not Found", "missed_calls"); log(1, "acc 404 Not Found 1 \n"); return; }; # not voicemail subscriber if (!isflagset(4) && !method=="OPTIONS" && !method=="ACK" && !method=="BYE") { sl_send_reply("404", "Not Found and no voicemail turned on !! "); acc_db_request("404 Not Found", "missed_calls"); log(1, " acc 404 Not Found and no voicemail \n"); return; }; # forward to voicemail adding prefix to simplify asterisk " extension.conf" :: # exten => _vmXXXXXXX,1,SetLanguage(es) # exten => _vmXXXXXXX,2,Voicemail(u${EXTEN:2}) # exten => _vmXXXXXXX,3,Hangup prefix("vm"); acc_db_request("404 Not Found -> Vm", "missed_calls"); rewritehostport("10.0.2.131:5070"); t_relay_to_udp("10.0.2.131", "5070"); } # If forwarding downstream did not succeed, try voicemail running at Asterisk failure_route[1]{ if (t_check_status("408")){ # revert_uri (); back to the original URI, makes me loose all lookup/rewrite stuff prefix("vm"); rewritehostport ("10.0.2.131:5070"); acc_db_request("408 Timeout -> Vm", "missed_calls"); append_branch(); t_relay(); return; } else if (t_check_status("486")){ # revert_uri (); back to the original URI, makes me loose all lookup/rewrite stuff prefix("vm"); rewritehostport ("10.0.2.131:5070"); acc_db_request("486 Busy -> Vm", "missed_calls"); append_branch(); t_relay(); return; } }