1. Yes my proxy is behind a NAT, and my public ip address is mydomain.com, i created a rule in my router to bind 5060 ports of my nat ip address. 2. Yes i'm using rtp proxy. I do not understand the rest of the question. RTP proxy is in the same machine of opensips. And I created the rule of a set of ports to bind the public ip and the nat ip.
2012/8/7 Ali Pey <[email protected]> > Ignacio, > > Your configuration script heavily depends on your network setup: > > 1- Is your proxy server behind a nat? If so, do you know your public IP > address? > 2- Are you using rtp proxy? What's the path for your rtp - through what > devices with what IPs? > > > On Tue, Aug 7, 2012 at 2:53 PM, Ignacio Gonzalez <[email protected]>wrote: > >> Hi Ali, I use this configuration script to start my opensips proxy and it >> start, I only want to know, Do you see something wrong? >> I put in bold the modifications a made to add the nat_traversal module >> and the advertised_address parameter. >> >> In the documentation it says that nat_traversal is straight forward when >> using a single proxy, ( that is my case ). >> >> "In this case the usage is straight forward. The nat_keepalive() function >> needs to be called before save_location() for REGISTER requests, before >> handle_subscribe() for SUBSCRIBE requests and before t_relay() for the >> first INVITE of a dialog. " >> >> I do not configure any subscription, and I did not find the save_location >> function, I assumed that save("location") is a newer version of this >> function. >> >> #CONFIG FILE >> >> debug=3 >> log_stderror=no >> log_facility=LOG_LOCAL1 >> >> fork=yes >> children=4 >> >> #debug=6 >> #fork=no >> #log_stderror=yes >> >> #disable_dns_blacklist=no >> >> #dns_try_ipv6=yes >> >> auto_aliases=no >> >> *advertised_address="mydomain.com"* >> >> listen=udp:192.168.1.220:5060 # CUSTOMIZE ME >> >> disable_tcp=no >> listen=tcp:192.168.1.220:5060 # CUSTOMIZE ME >> >> disable_tls=yes >> >> mpath="/home/syrium/opensips_proxy/lib/opensips/modules/" >> >> loadmodule "signaling.so" >> >> loadmodule "sl.so" >> >> loadmodule "tm.so" >> modparam("tm", "fr_timer", 5) >> modparam("tm", "fr_inv_timer", 30) >> modparam("tm", "restart_fr_on_each_reply", 0) >> modparam("tm", "onreply_avp_mode", 1) >> >> loadmodule "rr.so" >> modparam("rr", "append_fromtag", 0) >> >> loadmodule "maxfwd.so" >> >> loadmodule "sipmsgops.so" >> >> loadmodule "mi_fifo.so" >> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo") >> modparam("mi_fifo", "fifo_mode", 0666) >> >> loadmodule "uri.so" >> modparam("uri", "use_uri_table", 0) >> modparam("uri", "db_url", "mysql://opensips:opensipsrw@localhost/opensips") >> # CUSTOMIZE ME >> >> loadmodule "db_mysql.so" >> >> loadmodule "usrloc.so" >> modparam("usrloc", "nat_bflag", 10) >> modparam("usrloc", "db_mode", 2) >> modparam("usrloc", "db_url", >> "mysql://opensips:opensipsrw@localhost/opensips") >> # CUSTOMIZE ME >> >> loadmodule "registrar.so" >> modparam("registrar", "tcp_persistent_flag", 7) >> modparam("registrar", "received_avp", "$avp(received_nh)") >> #modparam("registrar", "max_contacts", 10) >> >> loadmodule "acc.so" >> modparam("acc", "early_media", 0) >> modparam("acc", "report_cancels", 0) >> modparam("acc", "detect_direction", 0) >> modparam("acc", "failed_transaction_flag", 3) >> modparam("acc", "db_flag", 1) >> modparam("acc", "db_missed_flag", 2) >> modparam("acc", "db_url", "mysql://opensips:opensipsrw@localhost/opensips") >> # CUSTOMIZE ME >> >> loadmodule "auth.so" >> loadmodule "auth_db.so" >> modparam("auth_db", "calculate_ha1", yes) >> modparam("auth_db", "password_column", "password") >> modparam("auth_db", "db_url", >> "mysql://opensips:opensipsrw@localhost/opensips") >> # CUSTOMIZE ME >> modparam("auth_db", "load_credentials", "") >> >> loadmodule "domain.so" >> modparam("domain", "db_url", >> "mysql://opensips:opensipsrw@localhost/opensips") >> # CUSTOMIZE ME >> modparam("domain", "db_mode", 1) # Use caching >> modparam("auth_db|usrloc|uri", "use_domain", 1) >> >> loadmodule "dialog.so" >> modparam("dialog", "dlg_match_mode", 1) >> modparam("dialog", "default_timeout", 21600) # 6 hours timeout >> modparam("dialog", "db_mode", 2) >> modparam("dialog", "db_url", >> "mysql://opensips:opensipsrw@localhost/opensips") >> # CUSTOMIZE ME >> >> *loadmodule "nat_traversal.so"* >> >> loadmodule "nathelper.so" >> modparam("nathelper", "natping_interval", 10) >> modparam("nathelper", "ping_nated_only", 1) >> modparam("nathelper", "received_avp", "$avp(received_nh)") >> >> loadmodule "rtpproxy.so" >> modparam("rtpproxy", "rtpproxy_sock", "udp:localhost:12221") # CUSTOMIZE >> ME >> >> ####### Routing Logic ######## >> >> route{ >> force_rport(); >> if (nat_uac_test("23")) { >> if (is_method("REGISTER")) { >> fix_nated_register(); >> setbflag(10); >> } else { >> fix_nated_contact(); >> setflag(10); >> } >> } >> >> >> if (!mf_process_maxfwd_header("10")) { >> sl_send_reply("483","Too Many Hops"); >> exit; >> } >> >> if (has_totag()) { >> # sequential request withing a dialog should >> # take the path determined by record-routing >> if (loose_route()) { >> >> # validate the sequential request against dialog >> if ( $DLG_status!=NULL && !validate_dialog() ) { >> xlog("In-Dialog $rm from $si (callid=$ci) is not valid >> according to dialog\n"); >> ## exit; >> } >> >> if (is_method("BYE")) { >> setflag(1); # do accounting ... >> setflag(3); # ... even if the transaction fails >> } else if (is_method("INVITE")) { >> # even if in most of the cases is useless, do RR for >> # re-INVITEs alos, as some buggy clients do change route >> set >> # during the dialog. >> record_route(); >> } >> >> if (check_route_param("nat=yes")) >> setflag(10); >> >> # route it out to whatever destination was set by >> loose_route() >> # in $du (destination URI). >> route(1); >> } else { >> >> if ( is_method("ACK") ) { >> if ( t_check_trans() ) { >> # non loose-route, but stateful ACK; must be an ACK >> after >> # a 487 or e.g. 404 from upstream server >> t_relay(); >> exit; >> } else { >> # ACK without matching transaction -> >> # ignore and discard >> exit; >> } >> } >> sl_send_reply("404","Not here"); >> } >> exit; >> } >> >> # CANCEL processing >> if (is_method("CANCEL")) >> { >> if (t_check_trans()) >> t_relay(); >> exit; >> } >> >> t_check_trans(); >> >> if ( !(is_method("REGISTER") ) ) { >> >> if (is_from_local()) >> { >> >> # authenticate if from local subscriber >> # authenticate all initial non-REGISTER request that pretend >> to be >> # generated by local subscriber (domain from FROM URI is >> local) >> if (!proxy_authorize("", "subscriber")) { >> proxy_challenge("", "0"); >> exit; >> } >> if (!db_check_from()) { >> sl_send_reply("403","Forbidden auth ID"); >> exit; >> } >> >> consume_credentials(); >> # caller authenticated >> >> } else { >> # if caller is not local, then called number must be local >> >> if (!is_uri_host_local()) { >> send_reply("403","Rely forbidden"); >> exit; >> } >> } >> >> } >> >> # preloaded route checking >> if (loose_route()) { >> xlog("L_ERR", "Attempt to route with preloaded Route's >> [$fu/$tu/$ru/$ci]"); >> if (!is_method("ACK")) >> sl_send_reply("403","Preload Route denied"); >> exit; >> } >> >> # record routing >> if (!is_method("REGISTER|MESSAGE")) >> record_route(); >> >> # account only INVITEs >> if (is_method("INVITE")) { >> >> # create dialog with timeout >> if ( !create_dialog("B") ) { >> send_reply("500","Internal Server Error"); >> exit; >> } >> >> setflag(1); # do accounting >> } >> >> >> if (!is_uri_host_local()) { >> append_hf("P-hint: outbound\r\n"); >> >> route(1); >> } >> >> # requests for my domain >> >> if (is_method("PUBLISH|SUBSCRIBE")) >> { >> sl_send_reply("503", "Service Unavailable"); >> exit; >> } >> >> if (is_method("REGISTER")) >> { >> >> # authenticate the REGISTER requests >> if (!www_authorize("", "subscriber")) >> { >> www_challenge("", "0"); >> exit; >> } >> >> if (!db_check_to()) >> { >> sl_send_reply("403","Forbidden auth ID"); >> exit; >> } >> >> if ( proto==TCP || 0 ) >> setflag(7); >> >> *if ( client_nat_test("3") ) { >> nat_keepalive(); >> }* >> >> if (!save("location")) >> sl_reply_error(); >> >> exit; >> } >> >> if ($rU==NULL) { >> # request with no Username in RURI >> sl_send_reply("484","Address Incomplete"); >> exit; >> } >> >> # do lookup with method filtering >> if (!lookup("location","m")) { >> if (!db_does_uri_exist()) { >> send_reply("420","Bad Extension"); >> exit; >> } >> >> t_newtran(); >> t_reply("404", "Not Found"); >> exit; >> } >> >> if ( isbflagset(10) ) >> setflag(10); >> >> # when routing via usrloc, log the missed calls also >> setflag(2); >> route(1); >> } >> >> >> route[1] { >> # for INVITEs enable some additional helper routes >> if (is_method("INVITE")) { >> >> if (isflagset(10)) { >> rtpproxy_offer("ro"); >> } >> >> t_on_branch("2"); >> t_on_reply("2"); >> t_on_failure("1"); >> >> *if ( client_nat_test("3") ) { >> nat_keepalive(); >> }* >> >> } >> >> if (isflagset(10)) { >> add_rr_param(";nat=yes"); >> } >> >> >> >> if (!t_relay()) { >> send_reply("500","Internal Error"); >> }; >> exit; >> } >> >> branch_route[2] { >> xlog("new branch at $ru\n"); >> } >> >> onreply_route[2] { >> if ( nat_uac_test("1") ) >> fix_nated_contact(); >> if ( isflagset(10) ) >> rtpproxy_answer("ro"); >> xlog("incoming reply\n"); >> } >> >> failure_route[1] { >> if ( t_was_cancelled() ) { >> exit; >> } >> } >> >> local_route { >> if (is_method("BYE") && $DLG_dir=="UPSTREAM") { >> >> acc_db_request("200 Dialog Timeout", "acc"); >> >> } >> } >> >> Thanks for your time Ali. >> >> >> 2012/8/7 Ignacio Gonzalez <[email protected]> >> >>> Ok aly, I will read more, i have created the configuration script >>> already with opensips-cp, I created a residential script and I selected the >>> NAT option but that option just install nathelper module, and this why I >>> asked you if nathelper and nat traversal module were mutually exclusive. I >>> will add nat traversal to my configuration script. >>> >>> Another question, where can I read about the differences between >>> residential and trunking scripts? >>> >>> >>> 2012/8/7 Ali Pey <[email protected]> >>> >>>> Ignacio, >>>> >>>> You need to implement nat traversal in your routing script - >>>> opensips.cfg. IMO, forget about the opensips-cp until you get it to work. >>>> Once you know how it works, then you know how you can do with the config >>>> tool. Sounds like you need lots more reading/testing :) >>>> >>>> Regards, >>>> Ali Pey >>>> >>>> >>>> On Mon, Aug 6, 2012 at 1:38 PM, Ignacio Gonzalez <[email protected]>wrote: >>>> >>>>> Ok, i red the NAT_TRAVERSAL module, i don't know how to configure >>>>> using the configuration tool, do I have to configure it manual? The >>>>> NAT_TRAVERSAL module and the NATHELPER module are mutually exclusive? >>>>> >>>>> >>>>> 2012/8/5 Ali Pey <[email protected]> >>>>> >>>>>> Hello Ignacio, >>>>>> >>>>>> Yes, you can handle nat and you don't need stun, turn or ICE. In >>>>>> fact, it's always better to turn off any nat traversal feature on the >>>>>> phone >>>>>> when you are using a proxy server such as OpenSIPS. >>>>>> >>>>>> Check out the nat traveral module and advertized_ip. How you >>>>>> implement it depends on your network setup: >>>>>> http://www.opensips.org/html/docs/modules/1.8.x/nat_traversal.html >>>>>> >>>>>> Regards, >>>>>> Ali Pey >>>>>> >>>>>> On Sat, Aug 4, 2012 at 5:31 PM, Ignacio Gonzalez >>>>>> <[email protected]>wrote: >>>>>> >>>>>>> Hello everybody, I have configured my opensips proxy with >>>>>>> NAT_TRAVERSAL support using the new tool for configuration. I developed >>>>>>> a >>>>>>> softphone using JAIN-SIP, I think JAIN-SIP does not implements STUN, >>>>>>> TURN >>>>>>> and ICE for NAT Traversal ( RFC 6314), is any way to do nat traversal >>>>>>> without making a new softphone with another library? >>>>>>> >>>>>>> I also have tested this softphone with Inphonex, and this company >>>>>>> use openSER in its proxy and the softphone works fine, but i don't know >>>>>>> how >>>>>>> they do that, so I thought to ask if is something I can do in the >>>>>>> configuration file of my proxy or they use something else to solve this >>>>>>> problem. >>>>>>> >>>>>>> Thanks for all. >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Users mailing list >>>>>>> [email protected] >>>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Users mailing list >>>>>> [email protected] >>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Users mailing list >>>>> [email protected] >>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> [email protected] >>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>> >>>> >>> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > >
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
