I am finally making some progress on this. I now have SER passing off PSTN calls to * OK. Calls are being connected, however, I don't hear anything on the SIP end, and asterisk gives the following error:
WARNING[9226]: chan_sip.c:457 __sip_xmit: sip_xmit of 0x80e2dec (len 642) to 212.17.32.215 returned -1: Operation not permitted Below is the context of this. I am using nathelper on SER, but I am not at all confident of my config file (it being a patchwork of bits from different examples. I attach my SER conf at the end of this message. Should * be talking directly with the SIP UA, or should it be talking to SER? Any help would be appreciated! Even better would be a sample ser.cfg which supports nathelper and using * for VM and PSTN!! to 212.17.32.215:3568 Apr 22 12:31:38 WARNING[9226]: chan_sip.c:457 __sip_xmit: sip_xmit of 0x80e2dec (len 642) to 212.17.32.215 returned -1: Operation not permitted Retransmitting #2 (no NAT): INVITE sip:[EMAIL PROTECTED]:3568 SIP/2.0 Via: SIP/2.0/UDP 212.17.35.184:5060;branch=z9hG4bK4c8263f2 From: <sip:[EMAIL PROTECTED];user=phone>;tag=as4e38a4ab To: "Ray Naughton" <sip:[EMAIL PROTECTED];user=phone>;tag=e64bcbbe63564744 Contact: <sip:[EMAIL PROTECTED]> Call-ID: [EMAIL PROTECTED] CSeq: 103 INVITE User-Agent: Asterisk PBX Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER Content-Type: application/sdp Content-Length: 164 v=0 o=root 21443 21445 IN IP4 213.137.65.251 s=session c=IN IP4 213.137.65.251 t=0 0 m=audio 16670 RTP/AVP 0 a=rtpmap:0 PCMU/8000 a=silenceSupp:off - - - - to 212.17.32.215:3568 Apr 22 12:31:39 WARNING[9226]: chan_sip.c:457 __sip_xmit: sip_xmit of 0x80e2dec (len 642) to 212.17.32.215 returned -1: Operation not permitted zeppelin*CLI> ===== ser.cfg ==== # # $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $ # # simple quick-start config script # # ----------- global configuration parameters ------------------------ debug=7 # debug level (cmd line: -dddddddddd) fork=no log_stderror=yes # (cmd line: -E) listen=213.159.144.8 #listen=127.0.0.1 # hostname matching an alias will satisfy the condition uri==myself". alias=voip.edo.ie alias=avmx.edo.ie # Uncomment these lines to enter debugging mode /* debug=7 fork=no log_stderror=yes */ check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" alias=voip.edo.ie avmx.edo.ie localhost # ------------------ module loading ---------------------------------- # Uncomment this if you want to use SQL database loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/textops.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" # load the voicemail module #loadmodule "/usr/local/lib/ser/modules/vm.so" # load the enum module loadmodule "/usr/local/lib/ser/modules/enum.so" # load the group module, to verify if a user forwards to voicemail loadmodule "/usr/local/lib/ser/modules/group.so" # load the nathelper module loadmodule "/usr/local/lib/ser/modules/nathelper.so" # ----------------- setting module-specific parameters --------------- # -- registrar parameter # special NAT flag indicates that a registered client is behind NAT modparam("registrar", "nat_flag", 6) # -- usrloc params -- #modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2) #modparam("usrloc", "db_url", "mysql://ser:[EMAIL PROTECTED]/ser") modparam("usrloc|auth_db|acc|group|msilo|uri","db_url","mysql://ser:[EMAIL PROTECTED]/ser") # -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password") #modparam("auth_db", "db_url", "mysql://ser:[EMAIL PROTECTED]/ser") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # -- voicemail params -- #modparam("voicemail", "db_url","mysql://ser:[EMAIL PROTECTED]/ser") # -- voicemail params -- #modparam("group", "db_url","mysql://serro:[EMAIL PROTECTED]/ser") # -- nathelper params -- modparam("nathelper", "natping_interval", 60) modparam("nathelper", "ping_nated_only", 1) modparam("tm", "fr_inv_timer", 30 ) #modparam("tm", "fr_inv_timer", 8 ) # ------------------------- request routing logic ------------------- # main routing logic route{ log(1, "-------------------------------------------\n"); log(1, "entering main loop\n"); if (nat_uac_test("2")) { log(1, "src address different than via header->NAT detected\n"); log(1, "force_rport and fix_nated_contact and setflag(5)\n"); #try NAT traversal, works only if the client is symmetrical force_rport(); fix_nated_contact(); append_hf("P-hint: fixed NAT contact for request\r\n"); # flag 5 indicates that incoming request is from NATed client setflag(5); }; if (method=="REGISTER") log(1, "REGISTER message received\n"); if (method=="INVITE") log(1, "INVITE message received\n"); if (method=="ACK") log(1, "ACK message received\n"); if (method=="BYE") log(1, "BYE message received\n"); if (method=="CANCEL") log(1, "CANCEL message received\n"); if (method=="SUBSCRIBE") log(1, "SUBSCRIBE message received\n"); if (method=="NOTIFY") log(1, "NOTIFY message received\n"); if (method=="OPTIONS") log(1, "OPTIONS message received\n"); if (method=="INFO") log(1, "INFO message received\n"); if (method=="MESSAGE") log(1, "MESSAGE message received\n"); if (method=="REFER") log(1, "REFER message received\n"); # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (msg:len > max_len) { #if (len_gt( max_len )) { sl_send_reply("513", "Message too big"); break; }; # loose-route processing if (loose_route()) { log(1, "loose_route processing\n"); t_relay(); break; }; # create transaction state; abort if error occured # if ( !t_newtran()) { # sl_reply_error(); # break; # }; #new # now check if it's about PSTN destinations through our gateway; # note that 8.... is exempted for numerical non-gw destinations if (uri=~"sip:[EMAIL PROTECTED]") { route(3); break; }; # # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") { log(1, "analyzing REGISTER request\n"); # Uncomment this if you want to use digest authentication if (!www_authorize("voip.edo.ie", "subscriber")) { www_challenge("voip.edo.ie", "0"); break; }; if (isflagset(5)) { #register from nated client, save nat_flag=6 #in location table setflag(6); }; if (!save("location")) { log(1, "save location error\n"); sl_reply_error(); }; break; }; lookup("aliases"); #mark transaction for voicemail if (is_user_in("Request-URI", "voicemail\n")) { log(1, "requested user is in voicemail group"); setflag(4); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { # handle user which was not found log(1, "requested user not found\n"); route(4); break; }; }; #add failure route which should be performed if response code >=300 if (method=="INVITE" && isflagset(4)) { log(1, "invite for voicemail user->initiate failureroute[1]\n"); t_on_failure("1"); }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP route(1); } route[1]{ log(1, "-------------------------------------------\n"); log(1, "entering route[1] - relaying SIP message\n"); if ((isflagset(5)) || (isflagset(6))) { log(1, "at least one of the participants is NATed->record_route\n"); record_route(); log(1, " -->setting up reply processing ->onreply_route[1]"); t_on_reply("1"); if (method=="INVITE") { log(1, " INVITE request-->force_rtp_proxy, set NATED-INVITE flag(7)"); force_rtp_proxy(); append_hf("P-hint: request forced to rtp proxy\r\n"); setflag(7); }; }; log(1, "relaying message ...\n"); if (!t_relay()) { log(1, "t_relay error occured\n"); sl_reply_error(); }; } # all incoming replies for t_onrepli-ed transactions enter here onreply_route[1] { log(1, "-------------------------------------------\n"); log(1, "onreply_route[1] entered\n"); if (isflagset(6)) { log(1, "transaction was sent to a NATED client -> fix nated contact\n"); fix_nated_contact(); append_hf("P-hint: fixed NAT contact for response\r\n"); } if ( (status=~"100") ) { log(1, "status 100 received\n"); }; if ( (status=~"180") ) { log(1, "status 180 received\n"); }; if ( (status=~"202") ) { log(1, "status 202 received\n"); }; if ( (status=~"200" || status=~"183") ) { log(1, "status 2xx or 183"); if ( isflagset(7) ) { log(1, "marked(7) as NATED-INVITE -> force_rtp_proxy \n"); force_rtp_proxy(); append_hf("P-hint: response forced to rtp proxy\r\n"); }; }; } #new # logic for calls to the PSTN route[3] { # turn accounting on setflag(1); /* require all who call PSTN to be members of the "int" group; apply ACLs only to INVITEs -- we don't need to protect other requests, as they don't imply charges; also it could cause troubles when a call comes in via PSTN and goes to a party that can't authenticate (voicemail, other domain) -- BYEs would fail then; exempt Cisco gateway from authentication by IP address -- it does not support digest */ if (method=="INVITE" && (!src_ip==212.17.35.184)) { if (!proxy_authorize( "voip.edo.ie" /* realm */, "subscriber" /* table name */)) { proxy_challenge( "voip.edo.ie" /* realm */, "0" /* no qop */ ); break; }; # let's check from=id ... avoids accounting confusion if(!is_user_in("credentials", "int")) { sl_send_reply("403", "NO PSTN Privileges..."); break; }; consume_credentials(); }; # INVITE to authorized PSTN # if you have passed through all the checks, let your call go to GW! force_rtp_proxy(); record_route(); t_on_reply("1"); # snom conditioner if (method=="INVITE" && search("User-Agent: snom")) { replace("100rel, ", ""); }; append_hf("P-hint: GATEWAY\r\n"); # use UDP to guarantee well-known sender port (TCP ephemeral) t_relay_to_udp("212.17.35.184","5060"); } route[4]{ log(1, "-------------------------------------------\n"); log(1, "entering route[4] = requested user not online\n"); # non-Voip -- just send "off-line" if (!(method == "INVITE" || method == "ACK" || method == "CANCEL" || method == "REFER" || method == "BYE")) { log(1, "no invite,ack,cancel,refer->return 404\n"); sl_send_reply("404", "Not Found"); break; }; # not voicemail subscriber and no echo/conference call if ( isflagset(4)) { log(1, "flag(4) active\n"); }; if (uri =~ "conference") { log(1, "conference call\n"); }; if (uri =~ "echo") { log(1, "echo call\n"); }; if ( !( isflagset(4) || (uri =~ "conference") || (uri =~ "echo") ) ) { log(1, "no voicemail subscriber->return 404"); sl_send_reply("404", "Not Found and no voicemail turned on"); break; }; if ( isflagset(5) ) { log(1, "caller is NATed->record_route\n"); record_route(); log(1, " -->setting up reply processing ->onreply_route[1]"); t_on_reply("1"); if (method=="INVITE") { log(1, " INVITE request-->force_rtp_proxy"); force_rtp_proxy(); }; }; # forward to voicemail now rewritehostport("212.17.35.184:5060"); log(1, "forward to voicemail\n"); t_relay_to_udp("212.17.35.184", "5060"); } failure_route[1] { /* XX: note: unsafe if preloaded routes without username used */ log(1, "-------------------------------------------\n"); log(1, "failureroute[1] entered\"); revert_uri(); rewritehostport("212.17.35.184:5060"); append_branch(); t_relay_to_udp("212.17.35.184", "5060"); } -- -Barry Flanagan _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users