You did not provide many details but I suspect you trying to run a SIP phone on a typical home LAN with Linux box having a public IP address. Siproxd is a simple solution which of course does not have the flexibility of openser. I have used it with multiple phones on the LAN. The main reason I no longer use it is that it will not fork a call and I wanted more than one phone sharing a user ID.
On Tuesday 22 July 2008, Joris Dobbelsteen wrote: > Robert Dyck wrote: > > I understand that the iptables SIP ALG has been much revised this year > > although I have not tested it myself. I believe you need at least linux > > 2.6.25. > > The unfortunate situtions is that I currently run Debian, which has the > 2.6.18 kernel. Futhermore the box runs Xen and the latest kernel does > not support Xen yet. So I'm out of luck in this department in many ways. > > Can't I get OpenSER to work, or any (maybe simpler) SIP proxy? Maybe > another solutions is more suited for the problem I have? > > - Joris > > > On Monday 21 July 2008, Joris Dobbelsteen wrote: > >> Neill Wilkinson wrote: > >>> If you are using IPtables and are familiar with how to add modules - > >>> there is a sip connection tracking module that might help: > >>> > >>> http://people.netfilter.org/chentschel/docs/sip-conntrack-nat.html > >>> > >>> Neill...;o) > >>> > >>> Neill Wilkinson > >>> Principal Consultant > >>> > >>> Aeonvista Ltd - opening up new ideas > >> > >> I have that installed, but to the outside the SIP packets still carry > >> the LAN IP address. I'm currently missing audio (at least inbound is > >> nowhere to be seen) and it doesn't really work reliable at this moment. > >> That is a real problem currently and must be solved reliably. > >> > >> The ZyXEL modem I have was intended to be the NAT router for the > >> network, but its configured differently in my case, so I can't make that > >> thing to play nicely with NAT. > >> > >> lsmod on the firewall: > >> ip_nat_sip 8832 0 > >> ip_conntrack_sip 13392 1 ip_nat_sip > >> > >> Thanks so far, > >> > >> - Joris > >> > >>> -----Original Message----- > >>> From: [EMAIL PROTECTED] > >>> [mailto:[EMAIL PROTECTED] On Behalf Of Joris Dobbelsteen > >>> Sent: 21 July 2008 21:10 > >>> To: [email protected] > >>> Subject: [OpenSER-Users] OpenSER as NAT traversal proxy HELP! > >>> > >>> Dear, > >>> > >>> I'm really trying to use OpenSER as a NAT traversal SIP proxy, since my > >>> home phone keeps breaking voice channels (the box was not intended > >>> behind NAT and I'm, of course, using a configuration that no so well > >>> supported). > >>> > >>> What is the idea: > >>> > >>> SIP transactions should travel this way: > >>> ZyXEL UA <-> SIP Proxy <-> NAT Firewall (iptables) <-> {Internet} > >>> > >>> RTP should travel this way: > >>> ZyXEL UA <-> NAT Firewall & RTPProxy <-> {Internet} > >>> > >>> > >>> My current test is using X-Lite with voipbuster, but that doesn't > >>> really work. It seems that registers are functioning, at least X-Lite > >>> reports itself being registered. > >>> Voice calls always end up in timeouts, so something is really going > >>> wrong here, it might be authentication problems? > >>> > >>> An added problem is that I have just sufficient knowledge of SIP to see > >>> what it is doing, without really knowing what to expect exactly. > >>> Furthermore I have virtually no knowledge of OpenSER. I've quite a hard > >>> time even grasping the configuration I typed in. This is not really > >>> helpful > >>> > >>> What I do know: > >>> * SIP Proxy traffic is flowing. > >>> * SIP INVITES don't work at all. > >>> * SIP to RTP is communication, but I don't know if RTP is actually > >>> flowing. > >>> > >>> I stole most of the configuration from the "04 NAT Traversal" slides of > >>> the "Italy 2007 Admin course", to which there is link on the > >>> documentation site. I adapted it to make it work with the debian > >>> supplied OpenSER 1.1. > >>> > >>> How do I get this all working? > >>> What am I getting wrong? > >>> > >>> I really really appeciate any help I can get to get it working! > >>> > >>> - Joris > >>> > >>> > >>> Config is this: > >>> # ----------- global configuration parameters ------------------------ > >>> > >>> debug=4 # debug level (cmd line: -dddddddddd) > >>> fork=yes # Set to no to enter debugging mode > >>> log_stderror=no # (cmd line: -E) Set to yes to enter debugging mode > >>> > >>> check_via=no # (cmd. line: -v) > >>> dns=no # (cmd. line: -r) > >>> rev_dns=no # (cmd. line: -R) > >>> advertised_address="82.168.191.xx" > >>> advertised_port=5060 > >>> port=5060 > >>> children=4 > >>> fifo="/tmp/openser_fifo" > >>> > >>> # > >>> # ------------------ module loading ---------------------------------- > >>> > >>> # Uncomment this if you want to use SQL database > >>> mpath="/usr/lib/openser/modules/" > >>> loadmodule "mysql.so" > >>> loadmodule "sl.so" > >>> loadmodule "tm.so" > >>> loadmodule "rr.so" > >>> loadmodule "maxfwd.so" > >>> loadmodule "usrloc.so" > >>> loadmodule "registrar.so" > >>> loadmodule "textops.so" > >>> loadmodule "nathelper.so" > >>> > >>> # Uncomment this if you want digest authentication > >>> # mysql.so must be loaded ! > >>> loadmodule "auth.so" > >>> loadmodule "auth_db.so" > >>> > >>> # ----------------- setting module-specific parameters --------------- > >>> > >>> # -- usrloc params -- > >>> > >>> modparam("usrloc", "db_mode", 0) > >>> > >>> # Uncomment this if you want to use SQL database > >>> # for persistent storage and comment the previous line > >>> #modparam("usrloc", "db_mode", 2) > >>> > >>> # -- auth params -- > >>> # Uncomment if you are using auth module > >>> # > >>> modparam("auth_db", "calculate_ha1", yes) > >>> # > >>> # If you set "calculate_ha1" parameter to yes (which true in this > >>> config), # uncomment also the following parameter) > >>> # > >>> modparam("auth_db", "password_column", "password") > >>> > >>> # -- rr params -- > >>> # add value to ;lr param to make some broken UAs happy > >>> modparam("rr", "enable_full_lr", 1) > >>> > >>> # -- nathelper params --- > >>> modparam("nathelper", "rtpproxy_sock", "udp:192.168.10.6:22222") > >>> modparam("nathelper", "natping_interval", 30) > >>> modparam("nathelper", "ping_nated_only", 1) > >>> #modparam("nathelper", "sipping_bflag", 7) > >>> modparam("nathelper", "sipping_from", "sip:[EMAIL PROTECTED]") > >>> > >>> # ------------------------- request routing logic ------------------- > >>> > >>> # main routing logic > >>> > >>> route{ > >>> > >>> # initial sanity checks -- messages with > >>> # max_forwards==0, or excessively long requests > >>> if (!mf_process_maxfwd_header("10")) { > >>> sl_send_reply("483","Too Many Hops"); > >>> exit; > >>> }; > >>> > >>> if (msg:len >= 2048 ) { > >>> sl_send_reply("513", "Message too big"); > >>> exit; > >>> }; > >>> > >>> # NAT detection > >>> route(2); > >>> > >>> # we record-route all messages -- to make sure that > >>> # subsequent messages will go through our proxy; that's > >>> # particularly good if upstream and downstream entities > >>> # use different transport protocol > >>> if (!method=="REGISTER") > >>> record_route(); > >>> > >>> # subsequent messages withing a dialog should take the > >>> # path determined by record-routing > >>> if (loose_route()) { > >>> # mark routing logic in request > >>> append_hf("P-hint: rr-enforced\r\n"); > >>> route(1); > >>> }; > >>> > >>> if (!uri==myself) { > >>> # mark routing logic in request > >>> append_hf("P-hint: outbound\r\n"); > >>> # if you have some interdomain connections via TLS > >>> #if(uri=~"@tls_domain1.net") { > >>> # t_relay("tls:domain1.net"); > >>> # exit; > >>> #} else if(uri=~"@tls_domain2.net") { > >>> # t_relay("tls:domain2.net"); > >>> # exit; > >>> #} > >>> route(1); > >>> }; > >>> > >>> # if the request is for other domain use UsrLoc > >>> # (in case, it does not work, use the following command > >>> # with proper names and addresses in it) > >>> if (uri==myself) { > >>> > >>> if (method=="REGISTER") { > >>> > >>> # Uncomment this if you want to use digest > >>> authentication > >>> if > >>> (!www_authorize("sip.familiedobbelsteen.nl", "subscriber")) { > >>> > >>> www_challenge("sip.familiedobbelsteen.nl", "0"); > >>> exit; > >>> }; > >>> > >>> if (isflagset(5)) { > >>> # set branch flag -- when someone will > >>> call this user > >>> # INVITE will have branch flag 6 set > >>> after loopup("location") > >>> setflag(6); > >>> # if you want OPTIONS natpings > >>> uncomment next > >>> # setflag(7); > >>> }; > >>> > >>> save("location"); > >>> exit; > >>> }; > >>> > >>> lookup("aliases"); > >>> if (!uri==myself) { > >>> append_hf("P-hint: outbound alias\r\n"); > >>> route(1); > >>> }; > >>> > >>> # native SIP destinations are handled using our USRLOC > >>> DB if (!lookup("location")) { > >>> sl_send_reply("404", "Not Found"); > >>> exit; > >>> }; > >>> append_hf("P-hint: usrloc applied\r\n"); > >>> }; > >>> > >>> route(1); > >>> } > >>> > >>> > >>> route[1] { > >>> # send it out now; use stateful forwarding as it works > >>> reliably # even for UDP2TCP > >>> if (subst_uri('/(sip:.*);nat=yes/\1/i')) { > >>> setflag(6); > >>> }; > >>> > >>> if (isflagset(5) || isflagset(6)) { > >>> route(3); > >>> }; > >>> > >>> if (!t_relay()) { > >>> sl_reply_error(); > >>> }; > >>> exit; > >>> } > >>> > >>> route[2] { > >>> force_rport(); > >>> if(nat_uac_test("19")) { > >>> if (method=="REGISTER") { > >>> fix_nated_register(); > >>> } else { > >>> fix_nated_contact(); > >>> }; > >>> setflag(5); > >>> }; > >>> } > >>> > >>> route[3] { > >>> if (is_method("BYE")) { > >>> unforce_rtp_proxy(); > >>> } else if (is_method("INVITE")) { > >>> force_rtp_proxy("", "82.168.191.xx"); > >>> t_on_failure("2"); > >>> }; > >>> if (isflagset(5)) > >>> search_append('Contact:.*sip:[^>[:cntrl:]]*', > >>> ';nat=yes'); t_on_reply("1"); > >>> } > >>> > >>> failure_route[2] { > >>> if (isflagset(6)||isflagset(5)) { > >>> unforce_rtp_proxy(); > >>> }; > >>> } > >>> > >>> onreply_route[1] { > >>> if ((isflagset(5) || isflagset(6)) && status =~ > >>> "(183)|(2[0-9][0-9])") { > >>> force_rtp_proxy(); > >>> }; > >>> search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes'); > >>> > >>> if (isflagset(6)) { > >>> fix_nated_contact(); > >>> }; > >>> exit; > >>> } > >>> > >>> _______________________________________________ > >>> Users mailing list > >>> [email protected] > >>> http://lists.openser.org/cgi-bin/mailman/listinfo/users > >> > >> _______________________________________________ > >> Users mailing list > >> [email protected] > >> http://lists.openser.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.openser.org/cgi-bin/mailman/listinfo/users
