Hi Juan, I need to see the request part also to figure out if the flow through the NAT is ok or not.
As a side note - could you check if the device behind the nat is actually receiving the 200 OK?. Because a typical reason for a missing ACK is a missing 200 OK. Another question - the device placing the call (from behind the nat) is registered or not? what is the estimated setup time in this case (time between invite and 200 OK) ? Regards, Bogdan Juan Backson wrote: > Hi, > > I am having problem with configuring opensips to work with NATed > clients. In my configuration, I am using a B2BUA and Opensips as the > sip proxy. > > The problem I am having is that when the B2BUA(233.32.345.5:5800) > sends out 200 OK, Opensips (192.168.1.101:5060)is able to proxy it to > the NATed client ( 116.24.163.21:2751 <http://116.24.163.21:2751>), > but the NATed client is not sending back any ACK, so the B2BUA hangs > up after 30 second. > > Could someone give me any suggestion on what may be wrong in my config? > > Thanks in advance for all the help. > > > U 233.32.345.5:5800 -> 192.168.1.101:5060 <http://192.168.1.101:5060> > SIP/2.0 200 OK. > Via: SIP/2.0/UDP 192.168.1.101 > <http://192.168.1.101>;branch=z9hG4bK3ab5.9b17c4a1.0;received=233.32.345.5. > Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21 > <http://116.24.163.21>;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751. > Record-Route: <sip:192.168.1.101 > <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>. > From: "1000" <sip:[EMAIL PROTECTED]:5060>;tag=b81a6b5e. > To: "0" <sip:[EMAIL PROTECTED]:5060>;tag=Sy7K9eUFg61tB. > Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA.. > CSeq: 2 INVITE. > Contact: <sip:[EMAIL PROTECTED]:5800;transport=udp>. > User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M. > Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, > NOTIFY, REFER, UPDATE, REGISTER, INFO. > Supported: timer, precondition, path, replaces. > Allow-Events: talk. > Session-Expires: 120;refresher=uas. > Min-SE: 120. > Content-Type: application/sdp. > Content-Disposition: session. > Content-Length: 269. > . > v=0. > o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5. > s=FreeSWITCH. > c=IN IP4 233.32.345.5. > t=0 0. > m=audio 10272 RTP/AVP 0 101. > a=rtpmap:0 PCMU/8000. > a=rtpmap:101 telephone-event/8000. > a=fmtp:101 0-16. > a=silenceSupp:off - - - -. > a=ptime:20. > > > U 192.168.1.101:5060 <http://192.168.1.101:5060> -> 116.24.163.21:2751 > <http://116.24.163.21:2751> > SIP/2.0 200 OK. > Via: SIP/2.0/UDP 192.168.1.100:26682;received=116.24.163.21 > <http://116.24.163.21>;branch=z9hG4bK-d87543-1a09c008b901bc5c-1--d87543-;rport=2751. > Record-Route: <sip:192.168.1.101 > <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>. > From: "1000" <sip:[EMAIL PROTECTED]:5060>;tag=b81a6b5e. > To: "0" <sip:[EMAIL PROTECTED]:5060>;tag=Sy7K9eUFg61tB. > Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA.. > CSeq: 2 INVITE. > Contact: <sip:[EMAIL PROTECTED]:5800;transport=udp>. > User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M. > Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, > NOTIFY, REFER, UPDATE, REGISTER, INFO. > Supported: timer, precondition, path, replaces. > Allow-Events: talk. > Session-Expires: 120;refresher=uas. > Min-SE: 120. > Content-Type: application/sdp. > Content-Disposition: session. > Content-Length: 269. > . > v=0. > o=FreeSWITCH 5494423604621376967 2638962022927722250 IN IP4 233.32.345.5. > s=FreeSWITCH. > c=IN IP4 233.32.345.5. > t=0 0. > m=audio 10272 RTP/AVP 0 101. > a=rtpmap:0 PCMU/8000. > a=rtpmap:101 telephone-event/8000. > a=fmtp:101 0-16. > a=silenceSupp:off - - - -. > a=ptime:20. > > > U 192.168.1.101:5800 <http://192.168.1.101:5800> -> 233.32.345.5:5060 > BYE sip:[EMAIL PROTECTED]:2751 <http://sip:[EMAIL PROTECTED]:2751> > SIP/2.0. > Via: SIP/2.0/UDP 233.32.345.5:5800;rport;branch=z9hG4bK01H0jSevQ2Nmc. > Route: <sip:192.168.1.101 > <http://192.168.1.101>;lr=on;ftag=b81a6b5e;nat=yes>. > Max-Forwards: 70. > From: "0" <sip:[EMAIL PROTECTED]:5060>;tag=Sy7K9eUFg61tB. > To: "1000" <sip:[EMAIL PROTECTED]:5060>;tag=b81a6b5e. > Call-ID: ODRiMGUzMGFiZDg2OGU0OGNiYmE0MWY5OWRkMTMxOTA.. > CSeq: 107702524 BYE. > Contact: <sip:[EMAIL PROTECTED]:5800;transport=udp>. > User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10454M. > Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, > NOTIFY, REFER, UPDATE, REGISTER, INFO. > Supported: timer, precondition, path, replaces. > Reason: SIP;cause=408;text="ACK Timeout". > Content-Length: 0. > . > > > > > # > # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $ > # > #simple quick-start config script > #Please refer to the Core CookBook at > http://www.openser.org/dokuwiki/doku.php > #for a explanation of possible statements, functions and parameters. > # > # ----------- global configuration parameters ------------------------ > debug=3 # debug level (cmd line: -dddddddddd) > fork=no > log_stderror=yes # (cmd line: -E) > children=4 > port=5060 > mpath="/usr/local/lib64/opensips/modules/" > loadmodule "db_mysql.so" > loadmodule "sl.so" > loadmodule "tm.so" > loadmodule "rr.so" > loadmodule "maxfwd.so" > loadmodule "usrloc.so" > loadmodule "registrar.so" > loadmodule "textops.so" > loadmodule "mi_fifo.so" > loadmodule "uri.so" > loadmodule "uri_db.so" > loadmodule "domain.so" > loadmodule "xlog.so" > loadmodule "permissions.so" > loadmodule "auth.so" > loadmodule "auth_db.so" > loadmodule "dispatcher.so" > loadmodule "nathelper.so" > loadmodule "mediaproxy.so" > > > > > > > > > > modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo") > modparam("usrloc", "db_mode", 2) > > > > modparam("rr", "enable_full_lr", 1) > > modparam("auth_db|usrloc|domain|uri_db|permissions|dispatcher","db_url","mysql://root:[EMAIL > PROTECTED]/app > <http://root:[EMAIL PROTECTED]/app>") > modparam("auth_db","calculate_ha1",yes) > modparam("auth_db","password_column","password") > modparam("auth_db","user_column","sip_user") > modparam("auth_db","load_credentials","agent_id") > > modparam("uri_db","db_table","agent") > modparam("uri_db","user_column","sip_user") > modparam("uri_db","use_uri_table",0) > modparam("auth_db","use_domain",0) > > modparam("permissions", "db_mode", 1) > modparam("permissions", "trusted_table", "server") > modparam("permissions","source_col","server_ip") > modparam("permissions","proto_col","transport") > modparam("permissions","from_col","from_pattern") > modparam("permissions","tag_col","peer_tag") > > modparam("dispatcher","table_name","dispatcher") > modparam("dispatcher","setid_col","setid") > modparam("dispatcher","destination_col","destination") > modparam("dispatcher","flags_col","flags") > modparam("dispatcher","flags",3) > > modparam("auth_db","load_credentials","enable") > > > modparam("nathelper","received_avp", "$avp(i:42)") > > modparam("nathelper","received_avp", "$avp(i:42)") > modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7890 > <http://127.0.0.1:7890>") > modparam("nathelper", "natping_interval", 30) > modparam("nathelper", "ping_nated_only", 0) > modparam("nathelper", "sipping_bflag", 7) > modparam("nathelper", "sipping_from", "sip:[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>") > > > > listen=udp:192.168.1.101:5060 <http://192.168.1.101:5060> > listen=tcp:192.168.1.101:5060 <http://192.168.1.101:5060> > listen=udp:233.32.345.5:5060 > listen=tcp:233.32.345.5:5060 > > > # ------------------------- request routing logic ------------------- > # main routing logic > route{ > > xlog("method <$rm> from-header <$fu>\n"); > # initial sanity checks -- messages with > # max_forwards==0, or excessively long requests > if (!mf_process_maxfwd_header("10")) { > sl_send_reply("483","Too Many Hops"); > exit; > }; > if (msg:len >= 2048 ) { > sl_send_reply("513", "Message too big"); > exit; > }; > # we record-route all messages -- to make sure that > # subsequent messages will go through our proxy; that's > # particularly good if upstream and downstream entities > # use different transport protocol > > > ## NAT Detection > # > force_rport(); > if (nat_uac_test("19")) { > if (method=="REGISTER") { > fix_nated_register(); > } else { > fix_nated_contact(); > }; > setflag(5); > }; > > > if(!is_method("REGISTER")){ > if(nat_uac_test("19")){ > record_route(";nat=yes"); > } else { > record_route(); > }; > }; > > > > if (has_totag()) { > if (loose_route()) { > > if(method=="INVITE" && (!allow_trusted())) { > if (!proxy_authorize("","auth")) { > > proxy_challenge("","0"); > exit; > } else if (!check_from()) { > > sl_send_reply("403", "Forbidden, use > From=ID"); > exit; > }; > > if ($avp(s:enable)=="0") { > sl_send_reply("403", "Forbidden, use From=ID"); > > exit; > > > } > }; > > route(1); > } else { > sl_send_reply("404","Not here"); > } > route(1); > exit; > } > > > > > if (is_method("CANCEL")) { > if (t_check_trans()) > t_relay(); > exit; > } > if (method=="REGISTER") { > route(2); > } else { > route(3); > }; > > } > route[1] { > > > # send it out now; use stateful forwarding as it works > # reliably even for UDP2TCP > > t_on_reply("1"); > t_on_failure("1"); > > if (!t_relay()) { > sl_reply_error(); > }; > exit; > } > > route[2] { > # > # -- Register request handler -- > # > if (is_uri_host_local()) { > > if (!www_authorize("", "auth")) { > > > www_challenge("", "0"); > > exit; > > }; > > if (!check_to()) { > > sl_send_reply("403", "Forbidden"); > exit; > }; > > if ($avp(s:enable)=="0") { > sl_send_reply("403", > "Forbidden, use From=ID"); > > exit; > } > > save("location"); > exit; > } else if { > > sl_send_reply("403", "Forbidden"); > }; > } > > route[3] { > > > if (is_from_local()){ > # From an internal domain -> check the credentials and the > FROM > > if (!proxy_authorize("","auth")) { > proxy_challenge("","0"); > > exit; > } else if (!check_from()) { > > sl_send_reply("403", "Forbidden, use From=ID"); > exit; > }; > > consume_credentials(); > # Verify aliases > > if (is_uri_host_local()) { > # -- Inbound to Inbound > route(10); > } else { > # -- Inbound to outbound > route(11); > }; > } else { > > if (is_uri_host_local()) { > #-- Outbound to inbound > route(12); > } else { > # -- Outbound to outbound > route(13); > }; > }; > } > > > route[4] { > revert_uri(); > rewritehostport("233.32.345.5:5800"); > route(1); > > > > > } > > > > route[6] { > if (is_method("BYE")) { > > } else if ((is_method("INVITE"))){ > > append_hf("P-hint: Route[6]: Rtpproxy \r\n"); > t_on_failure("3"); > }; > } > > > route[10] { > append_hf("P-hint: inbound->inbound \r\n"); > route(4); > > } > route[11] { > append_hf("P-hint: inbound->outbound \r\n"); > route(1); > } > route[12] { > lookup("aliases"); > if (!lookup("location")) { > sl_send_reply("404", "Not Found"); > exit; > }; > route(1); > } > route[13] { > append_hf("P-hint: outbound->inbound \r\n"); > sl_send_reply("403", "Forbidden"); > exit; > } > > > onreply_route[1] { > xlog("L_INFO", "Reply - S=$rs D=$rr F=$fu T=$tu IP=$si ID=$ci\n"); > search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes'); > fix_nated_contact(); > exit; > > > } > failure_route[1] { > append_hf("P-hint: (4)passed thru failure_route[1]\r\n"); > > > > > > > if (t_was_cancelled()) { > exit; > }; > if (t_check_status("486")) { > revert_uri(); > prefix("b"); > xlog("L_ERR","Stepped into the 486 ruri=<$ru>"); > #ds_select_dst("2", "4"); > rewritehostport("233.32.345.5:5800"); > append_branch(); > route(1); > exit; > }; > if (t_check_status("408") || t_check_status("480")) { > revert_uri(); > prefix("u"); > xlog("L_ERR","Stepped into the 480 ruri=<$ru>"); > #ds_select_dst("2", "4"); > rewritehostport("233.32.345.5:5800"); > append_branch(); > route(1); > exit; > }; > > > > } > > > failure_route[3] { > if (isbflagset(6) || isflagset(5)) { > > } > > } > > ------------------------------------------------------------------------ > > _______________________________________________ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > _______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users