[SR-Users] Kamailio with CGNAT

2018-08-26 Thread Amar Tinawi 
Hello
Although my question it's not related to Kamailio directly, but i think
someone could help in this strange behavior

in our tests, we have some clients under private networks, where the
provider of those networks implements CGNAT (NAT444) for it's customers to
reach internet
(Client Private IP) --->(Home router: Private to Private NAT)--->(FW with
CGNAT)>(Kamailio Proxy Public IP)


Registration is performing fine, but making calls from this client had
strange problem as follow:

Client -INVITE--> Proxy
Proxy -Trying>Client
Proxy--INVITE-> Called Party

The called party should send Ringing msg, but the massage get lost
somewhere and didn't reach to the Proxy. Although all the IP's in sip
massages are public
i tried with STUN/TURN and NAThelper module solutions, but didn't help

is there any way to slove CGNAT with SIP in Kamailio?


Thanks in Advance
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Kamailio with CGNAT

2018-08-26 Thread Joel Serrano 
Can you send the INVITE that proxy sends to called party?

On Sun, Aug 26, 2018 at 02:05 Amar Tinawi  wrote:

> Hello
> Although my question it's not related to Kamailio directly, but i think
> someone could help in this strange behavior
>
> in our tests, we have some clients under private networks, where the
> provider of those networks implements CGNAT (NAT444) for it's customers to
> reach internet
> (Client Private IP) --->(Home router: Private to Private NAT)--->(FW with
> CGNAT)>(Kamailio Proxy Public IP)
>
>
> Registration is performing fine, but making calls from this client had
> strange problem as follow:
>
> Client -INVITE--> Proxy
> Proxy -Trying>Client
> Proxy--INVITE-> Called Party
>
> The called party should send Ringing msg, but the massage get lost
> somewhere and didn't reach to the Proxy. Although all the IP's in sip
> massages are public
> i tried with STUN/TURN and NAThelper module solutions, but didn't help
>
> is there any way to slove CGNAT with SIP in Kamailio?
>
>
> Thanks in Advance
>
>
>
>
>
>
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Kamailio with CGNAT

2018-08-26 Thread Joel Serrano 
Also, if the client is not behind CGNAT do you get the Ringing from called
party?

Is called party the same in both cases?



On Sun, Aug 26, 2018 at 09:54 Joel Serrano  wrote:

> Can you send the INVITE that proxy sends to called party?
>
> On Sun, Aug 26, 2018 at 02:05 Amar Tinawi  wrote:
>
>> Hello
>> Although my question it's not related to Kamailio directly, but i think
>> someone could help in this strange behavior
>>
>> in our tests, we have some clients under private networks, where the
>> provider of those networks implements CGNAT (NAT444) for it's customers to
>> reach internet
>> (Client Private IP) --->(Home router: Private to Private NAT)--->(FW with
>> CGNAT)>(Kamailio Proxy Public IP)
>>
>>
>> Registration is performing fine, but making calls from this client had
>> strange problem as follow:
>>
>> Client -INVITE--> Proxy
>> Proxy -Trying>Client
>> Proxy--INVITE-> Called Party
>>
>> The called party should send Ringing msg, but the massage get lost
>> somewhere and didn't reach to the Proxy. Although all the IP's in sip
>> massages are public
>> i tried with STUN/TURN and NAThelper module solutions, but didn't help
>>
>> is there any way to slove CGNAT with SIP in Kamailio?
>>
>>
>> Thanks in Advance
>>
>>
>>
>>
>>
>>
>>
>> ___
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Kamailio with CGNAT

2018-08-26 Thread Amar Tinawi 
Thanks Joel For reply

when any user (Not Nated or behind Normal NAT)  is trying to reach a client
behind CGNAT, the INVITE delivered and the client is start to ringing, but
when answering, the answer is not delivered to the proxy, so not delivered
to the calling client result to the call started in the CGNATED client and
still in establishing in the calling one.

The call is established successfully when the CGNATED send the INVITE to
Not Nated client and two way audio.

CGNATED to CGNATED not working as well .



On Sun, Aug 26, 2018 at 7:57 PM Joel Serrano  wrote:

> Also, if the client is not behind CGNAT do you get the Ringing from called
> party?
>
> Is called party the same in both cases?
>
>
>
> On Sun, Aug 26, 2018 at 09:54 Joel Serrano  wrote:
>
>> Can you send the INVITE that proxy sends to called party?
>>
>> On Sun, Aug 26, 2018 at 02:05 Amar Tinawi  wrote:
>>
>>> Hello
>>> Although my question it's not related to Kamailio directly, but i think
>>> someone could help in this strange behavior
>>>
>>> in our tests, we have some clients under private networks, where the
>>> provider of those networks implements CGNAT (NAT444) for it's customers to
>>> reach internet
>>> (Client Private IP) --->(Home router: Private to Private NAT)--->(FW
>>> with CGNAT)>(Kamailio Proxy Public IP)
>>>
>>>
>>> Registration is performing fine, but making calls from this client had
>>> strange problem as follow:
>>>
>>> Client -INVITE--> Proxy
>>> Proxy -Trying>Client
>>> Proxy--INVITE-> Called Party
>>>
>>> The called party should send Ringing msg, but the massage get lost
>>> somewhere and didn't reach to the Proxy. Although all the IP's in sip
>>> massages are public
>>> i tried with STUN/TURN and NAThelper module solutions, but didn't help
>>>
>>> is there any way to slove CGNAT with SIP in Kamailio?
>>>
>>>
>>> Thanks in Advance
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ___
>>> Kamailio (SER) - Users Mailing List
>>> sr-users@lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Kamailio with CGNAT

2018-08-26 Thread Joel Serrano 
It would definitely be useful to see sip traces of the different scenarios
to try and find what the problem is.

Can you give some details of what your setup looks like? Is kamailio acting
as a signaling proxy only or is it also handling RTP with
rtpengine/rtpproxy?

On Sun, Aug 26, 2018 at 13:30 Amar Tinawi  wrote:

> Thanks Joel For reply
>
> when any user (Not Nated or behind Normal NAT)  is trying to reach a
> client behind CGNAT, the INVITE delivered and the client is start to
> ringing, but when answering, the answer is not delivered to the proxy, so
> not delivered to the calling client result to the call started in the
> CGNATED client and still in establishing in the calling one.
>
> The call is established successfully when the CGNATED send the INVITE to
> Not Nated client and two way audio.
>
> CGNATED to CGNATED not working as well .
>
>
>
> On Sun, Aug 26, 2018 at 7:57 PM Joel Serrano  wrote:
>
>> Also, if the client is not behind CGNAT do you get the Ringing from
>> called party?
>>
>> Is called party the same in both cases?
>>
>>
>>
>> On Sun, Aug 26, 2018 at 09:54 Joel Serrano  wrote:
>>
>>> Can you send the INVITE that proxy sends to called party?
>>>
>>> On Sun, Aug 26, 2018 at 02:05 Amar Tinawi  wrote:
>>>
 Hello
 Although my question it's not related to Kamailio directly, but i think
 someone could help in this strange behavior

 in our tests, we have some clients under private networks, where the
 provider of those networks implements CGNAT (NAT444) for it's customers to
 reach internet
 (Client Private IP) --->(Home router: Private to Private NAT)--->(FW
 with CGNAT)>(Kamailio Proxy Public IP)


 Registration is performing fine, but making calls from this client had
 strange problem as follow:

 Client -INVITE--> Proxy
 Proxy -Trying>Client
 Proxy--INVITE-> Called Party

 The called party should send Ringing msg, but the massage get lost
 somewhere and didn't reach to the Proxy. Although all the IP's in sip
 massages are public
 i tried with STUN/TURN and NAThelper module solutions, but didn't help

 is there any way to slove CGNAT with SIP in Kamailio?


 Thanks in Advance







 ___
 Kamailio (SER) - Users Mailing List
 sr-users@lists.kamailio.org
 https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

>>> ___
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] Using SEMS in IMS-ZTE Network

2018-08-26 Thread Mojtaba 
Hello,
I am working with IMS (ZTE vendor), I want to use SBC in front of IMS
network for some security policy (Hide Topology),
I used SEMS as SBC in this regards, (like what  we have in IMS/SEMS in
kamailio by Mr Carsten Bock).
When the Sebscriber want to register, The Register request received by
sems and the forward to IMS(ZTE), But the "503 Service Unavailable" is
received from IMS.
I enable "enable_reg_caching=yes" in register.sbcprofile''s
configuration file in sems.
If i use kamailio, instead of SEMS, The Registration request is done
successfully.In Kamailio i just forward the Register request to
IMS.like this:
route {
if (is_method("REGISTER")) {
$du = "sip:172.23.1.1:5080";
route(RELAY);
}
}
Let me know do the issue is from myself or from IMS(ZTE)?
In the fillowing, I paste all SIP Register signalling. First in
kamailio, second with SEMS.
Kamailio==
172.23.1.252.4080 > 172.23.1.1.5080: [bad udp cksum 0x5e58 ->
0x4193!] UDP, length 787
E../@.]...^XREGISTER sip:r-kh.com SIP/2.0
Via: SIP/2.0/UDP
172.23.1.252:4080;branch=z9hG4bK018b.e091260b1b7395975a2ff1be0b9bec60.0
Via: SIP/2.0/UDP
192.168.122.1:64407;branch=z9hG4bK-d8754z-7c208b9d587de818-1---d8754z-
Max-Forwards: 69
Contact: 

From: ;tag=5aef0541
Call-ID: ZWYxMzUzNTQzN2I2MTRiMjE2NWZjMzUzMDFmMDhkOWY.
CSeq: 1 REGISTER
Expires: 3600
Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS,
INFO, SUBSCRIBE
Supported: replaces, norefersub, extended-refer, timer, X-cisco-serviceuri
User-Agent: Z 3.3.25608 r25552
Allow-Events: presence, kpml
Content-Length: 0


08:20:53.114198 IP (tos 0x0, ttl 255, id 25839, offset 0, flags
[none], proto UDP (17), length 685)
172.23.1.1.5080 > 172.23.1.252.4080: [udp sum ok] UDP, length 657
E...d..$..l.SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP
172.23.1.252:4080;branch=z9hG4bK018b.e091260b1b7395975a2ff1be0b9bec60.0
Via: SIP/2.0/UDP
192.168.122.1:64407;branch=z9hG4bK-d8754z-7c208b9d587de818-1---d8754z-
To: 
;tag=ztesipTR9m3KdZ*3-5-16648*daei.3
From: ;tag=5aef0541
Call-ID: ZWYxMzUzNTQzN2I2MTRiMjE2NWZjMzUzMDFmMDhkOWY.
CSeq: 1 REGISTER
Content-Length: 0
WWW-Authenticate: Digest
realm="r-kh.com",domain="sip:scscf1.r-kh.com",nonce="f42b36e39bdbb33b51599924b304445a",opaque="aW1zLmNvbS5jbg==",stale=TRUE,algorithm=MD5,qop="auth"


08:20:53.120142 IP (tos 0x10, ttl 64, id 48874, offset 0, flags
[none], proto UDP (17), length 1137)
172.23.1.252.4080 > 172.23.1.1.5080: [bad udp cksum 0x5f9a ->
0xcc62!] UDP, length 1109
E..q@.\V.]_.REGISTER sip:r-kh.com SIP/2.0
Via: SIP/2.0/UDP
172.23.1.252:4080;branch=z9hG4bKd08b.4d2858f41d496b471c01a28e76190390.0
Via: SIP/2.0/UDP
192.168.122.1:64407;branch=z9hG4bK-d8754z-a4d19146375d56f6-1---d8754z-
Max-Forwards: 69
Contact: 

To: 
From: ;tag=5aef0541
Call-ID: ZWYxMzUzNTQzN2I2MTRiMjE2NWZjMzUzMDFmMDhkOWY.
CSeq: 2 REGISTER
Expires: 3600
Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS,
INFO, SUBSCRIBE
Supported: replaces, norefersub, extended-refer, timer, X-cisco-serviceuri
User-Agent: Z 3.3.25608 r25552
Authorization: Digest
username="+985137054...@r-kh.com",realm="r-kh.com",nonce="f42b36e39bdbb33b51599924b304445a",uri="sip:r-kh.com;transport=UDP",response="9469852a06c01efeabf3a7a5dd1a9f3b",cnonce="79d36600575648a1cc7221d8e1b5d53d",nc=0001,qop=auth,algorithm=MD5,opaque="aW1zLmNvbS5jbg=="
Allow-Events: presence, kpml
Content-Length: 0


08:20:53.203871 IP (tos 0x0, ttl 255, id 25842, offset 0, flags
[none], proto UDP (17), length 1118)
172.23.1.1.5080 > 172.23.1.252.4080: [udp sum ok] UDP, length 1090
E..^d..p.J.5SIP/2.0 200 OK
Via: SIP/2.0/UDP
172.23.1.252:4080;branch=z9hG4bKd08b.4d2858f41d496b471c01a28e76190390.0
Via: SIP/2.0/UDP
192.168.122.1:64407;branch=z9hG4bK-d8754z-a4d19146375d56f6-1---d8754z-
To: 
;tag=ztesipjRydzgMa*3-5-16648*daej.3
From: ;tag=5aef0541
Call-ID: ZWYxMzUzNTQzN2I2MTRiMjE2NWZjMzUzMDFmMDhkOWY.
CSeq: 2 REGISTER
Contact: 
;expires=1800
Contact: 
;expires=1800;+sip.instance="";reg-id=1
P-Associated-URI: 
P-Associated-URI: 
Date: Sat, 25 Aug 2018 12:25:17 GMT
Authentication-Info:
nextnonce="00cfbd64b136c12a4e27b67fd28d19fb",qop=auth,rspauth="91ca956c5eb6ee9f1934e2e770750077",cnonce="79d36600575648a1cc7221d8e1b5d53d",nc=0001
Content-Length: 0
SEMS
172.23.1.252.5080 > 172.23.1.1.5080: [bad udp cksum 0x5e16 ->
0xe11e!] UDP, length 721
E...C.@.@.^.

REGISTER sip:r-kh.com SIP/2.0
Via: SIP/2.0/UDP 172.23.1.252:5080;branch=z9hG4bK~0uk0ahN;rport
From: 
;tag=34384541-5B814A44000AE296-4B5F5700
To: 
CSeq: 10 REGISTER
Call-ID: 37B52BC0-5B814A44000AE592-4B5F5700
Route: 
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS,
INFO, SUBSCRIBE
Supported: replaces, norefersub, extended-refer, timer, X-cisco-serviceuri
User-Agent: Z 3.3.25608 r25552
Allow-Events: presence, kpml
Contact: 
;expires=3600
Content-Length: 0


08:23:32.7