Hello,
That is my first post here :)
I am playing around with NAT traversal and mediaproxy on opensips
1.6.3. (media-dispatcher 2.4.3, media-relay 2.4.3, python 2.6)
I've just encounterd a problem with my configuration that really worries me.
Here is my script:
# main request routing logic
route {
# -----------------------------------------------------------------
# Sanity Check Section
# -----------------------------------------------------------------
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483", "Too Many Hops");
exit;
};
if (msg:len > max_len) {
sl_send_reply("513", "Message Overflow");
exit;
};
# -----------------------------------------------------------------
# Record Route Section
# -----------------------------------------------------------------
if (method=="INVITE" && nat_uac_test("3")) {
record_route_preset("xx.yy.zz.vv:5060;nat=yes");
} else if (method!="REGISTER") {
record_route();
};
# -----------------------------------------------------------------
# Call Tear Down Section
# -----------------------------------------------------------------
if (method=="BYE" || method=="CANCEL") {
end_media_session();
};
# -----------------------------------------------------------------
# Loose Route Section
# -----------------------------------------------------------------
if (loose_route()) {
if ((method=="INVITE" || method=="REFER") && !has_totag()) {
sl_send_reply("403", "Forbidden");
exit;
};
if (method=="INVITE") {
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","0");
exit;
} else if (!db_check_from()) {
sl_send_reply("403", "Use From=ID");
exit;
};
consume_credentials();
if (nat_uac_test("3") || search("^Route:.*;nat=yes")) {
setflag(6);
use_media_proxy();
};
};
route(1);
exit;
};
# -----------------------------------------------------------------
# Call Type Processing Section
# -----------------------------------------------------------------
if (uri!=myself) {
route(4);
route(1);
exit;
};
if (method=="ACK") {
route(1);
exit;
} else if (method=="CANCEL") {
route(1);
exit;
} else if (method=="INVITE") {
route(3);
exit;
} else if (method=="REGISTER") {
route(2);
exit;
};
lookup("aliases");
if (uri!=myself) {
route(4);
route(1);
exit;
};
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
exit;
};
route(1);
}
route[1] {
# -----------------------------------------------------------------
# Default Message Handler
# -----------------------------------------------------------------
t_on_reply("1");
if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
end_media_session();
};
sl_reply_error();
};
}
route[2] {
# -----------------------------------------------------------------
# REGISTER Message Handler
# ----------------------------------------------------------------
sl_send_reply("100", "Trying");
if (!search("^Contact:[ ]*\*") && nat_uac_test("31")) {
setflag(6);
fix_nated_register();
force_rport();
};
if (!www_authorize("","subscriber")) {
www_challenge("","0");
exit;
};
if (!db_check_to()) {
sl_send_reply("401", "Unauthorized");
exit;
};
consume_credentials();
if (!save("location")) {
sl_reply_error();
};
}
route[3] {
# -----------------------------------------------------------------
# INVITE Message Handler
# -----------------------------------------------------------------
if (nat_uac_test("3")) {
setflag(7);
force_rport();
fix_nated_contact();
};
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","0");
exit;
} else if (!db_check_from()) {
sl_send_reply("403", "Use From=ID");
exit;
};
consume_credentials();
lookup("aliases");
if (uri!=myself) {
route(4);
route(1);
exit;
};
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
exit;
};
route(4);
route(1);
}
route[4] {
# -----------------------------------------------------------------
# NAT Traversal Section
# -----------------------------------------------------------------
if (isflagset(6) || isflagset(7)) {
if (!isflagset(8)) {
setflag(8);
use_media_proxy();
};
};
}
onreply_route[1] {
if ((isflagset(6) || isflagset(7)) && (status=~"(180)|(183)|2[0-9][0-9]")) {
if (!search("^Content-Length:[ ]*0")) {
$avp(s:media_relay) = "xx.yy.zz.vv";
use_media_proxy();
};
};
if (nat_uac_test("1")) {
fix_nated_contact();
};
}
Here is my call flow:
UA1(behindNAT)-------Opensips,mediaproxy----------Asterisk(publicip)----UA2(behind
NAT)
If the call is originated from UA1 side, there is a both-ways audio.
The problem occurs in opposite scenario, if UA2 is calling UA1.
In db there are following entries:
| 101 | UA1number | NULL |
sip:[email protected]:5070;transport=udp | sip:publicIPofNAT1:5070
(received PUBLIC_IP address)
| 100 | UA2number | NULL | sip:888000...@publicip | NULL (received NULL)
What is more in the moment of registration UA1 got proper OK with
fixed contact header.
SIP/2.0 200 OK.
Via: SIP/2.0/UDP
192.168.1.3:5070;branch=z9hG4bK7D96184AEFB2EED63B82FD3A45BBE48F;rport=5070;received=publicIPofNAT1.
From: "888000111"
<sip:[email protected]>;tag=2BB8EBF2B8EB6C2C37E49E57CCBE64F0.
To: "888000111"
<sip:[email protected]>;tag=c97b4d1cb1f3d0da549e06a8d482ef63.64ed.
Call-ID: [email protected].
CSeq: 2 REGISTER.
Contact:
<sip:[email protected]:5070;transport=udp>;expires=180;received="sip:publicIPofNAT1:5070".
Server: OpenSIPS (1.6.3-notls (i386/linux)).
Content-Length: 0.
And now two scenarios:
1) UA1 is calling UA2 - no problem occured. RTP stream traverse
between publicIPofNAT1 --- mediaproxy --- Asterisk publicIP
2) UA2 i s calling UA1 - one-way audio (no audio on UA1 side)
As i can see from SDP, RTP stream is set up between 192.168.1.3 and
Asterisk publicIP which is totaly wrong, because UA1 is behind the
nat.
Could anybody help me to tune the script i am using.
Is there any data i should paste here.
Thx in advance
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
