Kamailio 1.5.0 and NAT

View: New views

2 Messages — Rating Filter: Alert me

Kamailio 1.5.0 and NAT

by Denis Putyato :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Some parts of this message have been removed. Learn more about Nabble's security policy.

Hello everybody

I have such problem with kamailio and client which behind NAT

This is REGISTER message which came from client. This message came from public IP (for example, 1.1.1.1) and source port 44197. (This information I got from sip_trace)

From: <sip:xxxxxxx@...:5060>;tag=a82eda3-13c4-47798948-1a1296-5259a46

To: <sip:xxxxxxx@...:5060>

Call-ID: a82eda3-13c4-47798948-1a1296-9641c88@...

CSeq: 446229198 REGISTER

Via: SIP/2.0/UDP 10.130.237.163:5060;branch=z9hG4bK-47799e27-6b9841-84448db

Max-Forwards: 70

Supported: timer

Contact: <sip:xxxxxxx@...:5060;transport=UDP>

Expires: 60

Content-Length: 0

This is Unauthorized message was sent by kamailio to 1.1.1.1 and… destination port not 44197 (as I expected) but 5060!!!

SIP/2.0 401 Unauthorized

From: <sip:xxxxxxx@...:5060>;tag=a82eda3-13c4-47798948-1a1296-5259a46

To: <sip:xxxxxxx@...:5060>;tag=fdc454a3cdd8f9e5718382b74f33aeed.3b81

Call-ID: a82eda3-13c4-47798948-1a1296-9641c88@...

CSeq: 446229198 REGISTER

Via: SIP/2.0/UDP 10.130.237.163:5060;branch=z9hG4bK-47799e27-6b9841-84448db;received=1.1.1.1

WWW-Authenticate: Digest realm="domain name", nonce="4af0129b000000047c1020258f9f0efc4de1b76663dd2ab4"

Server: Kamailio (1.5.0-notls (i386/linux))

Content-Length: 0

And as you understand 401 reply, which was sent to 1.1.1.1:5060 can’t reach client’s equipment.

A piece of kamailio.cfg relating to REGISTER processing:

route(0) {

….

if (!is_method("INVITE")) route(8);

….

if (is_method("REGISTER")) {

route(11);

exit;

}

…..

}

route(8) {

if (nat_uac_test("5")) {

if (method=="REGISTER") {

fix_nated_register();

} else {

fix_nated_contact();

}

setflag(5);

}

return;

}

route(11) {

if (!www_authorize("", "subscriber")) {

www_challenge("", "0");

exit;

}

if ($au!=$tU) {

sl_send_reply("403","Forbidden auth ID");

exit;

}

if (isflagset(5)) setbflag(6);

if (!save("location")) {

sl_reply_error();

exit;

}

Hearty thanks for any help.

_______________________________________________
Kamailio (OpenSER) - Users mailing list
Users@...
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
http://lists.openser-project.org/cgi-bin/mailman/listinfo/users

Re: Kamailio 1.5.0 and NAT

by Klaus Darilion-2 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

force_rport();
http://www.kamailio.org/dokuwiki/doku.php/core-cookbook:1.5.x#force_rport

regards
klaus

Путято Денис schrieb:

> Hello everybody
>
>
>
> I have such problem with kamailio and client which behind NAT
>
>
>
> This is REGISTER message which came from client. This message came from
> public IP (for example, 1.1.1.1) and source port 44197. (This
> information I got from sip_trace)
>
>
>
> REGISTER sip:sip.ptl.ru:5060;transport=UDP SIP/2.0
>
> From: <sip:xxxxxxx@...:5060>;tag=a82eda3-13c4-47798948-1a1296-5259a46
>
> To: <sip:xxxxxxx@...:5060>
>
> Call-ID: a82eda3-13c4-47798948-1a1296-9641c88@...
>
> CSeq: 446229198 REGISTER
>
> Via: SIP/2.0/UDP 10.130.237.163:5060;branch=z9hG4bK-47799e27-6b9841-84448db
>
> Max-Forwards: 70
>
> Supported: timer
>
> Contact: <sip:xxxxxxx@...:5060;transport=UDP>
>
> Expires: 60
>
> Content-Length: 0
>
>
>
> This is Unauthorized message was sent by kamailio to 1.1.1.1 and…
> destination port not 44197 (as I expected) but 5060!!!
>
>
>
> SIP/2.0 401 Unauthorized
>
> From: <sip:xxxxxxx@...:5060>;tag=a82eda3-13c4-47798948-1a1296-5259a46
>
> To: <sip:xxxxxxx@...:5060>;tag=fdc454a3cdd8f9e5718382b74f33aeed.3b81
>
> Call-ID: a82eda3-13c4-47798948-1a1296-9641c88@...
>
> CSeq: 446229198 REGISTER
>
> Via: SIP/2.0/UDP
> 10.130.237.163:5060;branch=z9hG4bK-47799e27-6b9841-84448db;received=1.1.1.1
>
> WWW-Authenticate: Digest realm="domain name",
> nonce="4af0129b000000047c1020258f9f0efc4de1b76663dd2ab4"
>
> Server: Kamailio (1.5.0-notls (i386/linux))
>
> Content-Length: 0
>
>
>
> And as you understand 401 reply, which was sent to 1.1.1.1:5060 can’t
> reach client’s equipment.
>
>
>
> A piece of kamailio.cfg relating to REGISTER processing:
>
> route(0) {
>
> ….
>
> if (!is_method("INVITE")) route(8);
>
> ….
>
> if (is_method("REGISTER")) {
>
> route(11);
>
> exit;
>
> }
>
> …..
>
> }
>
> route(8) {
>
> if (nat_uac_test("5")) {
>
> if (method=="REGISTER") {
>
> fix_nated_register();
>
> } else {
>
> fix_nated_contact();
>
> }
>
> setflag(5);
>
> }
>
> return;
>
> }
>
> route(11) {
>
> if (!www_authorize("", "subscriber")) {
>
> www_challenge("", "0");
>
> exit;
>
> }
>
> if ($au!=$tU) {
>
> sl_send_reply("403","Forbidden auth ID");
>
> exit;
>
> }
>
> if (isflagset(5)) setbflag(6);
>
> if (!save("location")) {
>
> sl_reply_error();
>
> exit;
>
> }
>
> }
>
>
>
> Hearty thanks for any help.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Kamailio (OpenSER) - Users mailing list
> Users@...
> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
> http://lists.openser-project.org/cgi-bin/mailman/listinfo/users