[asterisk-bugs] [JIRA] (ASTERISK-25007) Notify packet to private IP endpoint behind nat with pjsip tls transport
Joshua Colp (JIRA)
noreply at issues.asterisk.org
Fri Apr 24 05:32:33 CDT 2015
[ https://issues.asterisk.org/jira/browse/ASTERISK-25007?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joshua Colp closed ASTERISK-25007.
----------------------------------
Resolution: Duplicate
> Notify packet to private IP endpoint behind nat with pjsip tls transport
> -------------------------------------------------------------------------
>
> Key: ASTERISK-25007
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-25007
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_pjsip
> Affects Versions: 13.3.2
> Environment: Debian 7, Asterisk 13.3.2, Kernel 3.2, pjsip 2.3
> Reporter: Fco Javier
>
> test scenario:
> - two endpoints behind nat (yealink and jitsi)
> - Asterisk 13.3.2 behind firewall
> - pjsip 2.3 configured with tls transport
> The endpoints register correctly and i can make calls.
> After register the phone, when asterisk sends a notify packet when the state change on another endpoint, this packet goes out with private ip of endpoint.
> This is the transport configuration:
> [transport-tls-nat]
> type=transport
> protocol=tls
> bind=0.0.0.0:5071
> local_net=192.168.1.0/24
> external_media_address=222.222.222.222
> external_signaling_address=222.222.222.222
> ;TLS
> cert_file=/var/lib/asterisk/keys/asterisk.crt
> priv_key_file=/var/lib/asterisk/keys/asterisk.key
> ca_list_file=/var/lib/asterisk/keys/ca.crt
> method=tlsv1
> require_client_cert=yes
> verify_client=yes
> verify_server=yes
> and this is the endpiont configuration:
> [508]
> type=endpoint
> rtp_symmetric=yes
> force_rport=yes
> rewrite_contact=yes
> device_state_busy_at=1
> allow_subscribe=yes
> sub_min_expiry=30
> aggregate_mwi=yes
> media_encryption=sdes
> direct_media=no
> disallow=all
> allow=alaw
> message_context=messages
> context=pbx-incoming
> language=es
> call_group=1
> pickup_group=1
> callerid=EXT 508<508>
> mailboxes=508 at default
> mwi_from_user=508
> aors=508
> auth=508
> This is the register for endpoint 508:
> <--- Received SIP request (563 bytes) from TLS:79.168.115.36:17193 --->
> REGISTER sip:222.222.222.222:5071 SIP/2.0
> Via: SIP/2.0/TLS 10.0.0.24:17193;branch=z9hG4bK1569966680
> From: "508" <sip:508 at 222.222.222.222:5071>;tag=1202817422
> To: "508" <sip:508 at 222.222.222.222:5071>
> Call-ID: 1904297113 at 10.0.0.24
> CSeq: 1 REGISTER
> Contact: <sip:508 at 10.0.0.24:17193;transport=TLS>
> Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE
> Max-Forwards: 70
> User-Agent: Yealink SIP-T28P 2.72.0.80
> Expires: 3600
> Allow-Events: talk,hold,conference,refer,check-sync
> Content-Length: 0
> <--- Transmitting SIP response (476 bytes) to TLS:79.168.115.36:17193 --->
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/TLS 10.0.0.24:17193;rport=17193;received=79.168.115.36;branch=z9hG4bK1569966680
> Call-ID: 1904297113 at 10.0.0.24
> From: "508" <sip:508 at 222.222.222.222>;tag=1202817422
> To: "508" <sip:508 at 222.222.222.222>;tag=z9hG4bK1569966680
> CSeq: 1 REGISTER
> WWW-Authenticate: Digest realm="asterisk",nonce="1429863879/3c64b644dddf290b142711576e38cb78",opaque="20ffa10f43871d4c",algorithm=md5,qop="auth"
> Server: Asterisk PBX 13.3.2
> Content-Length: 0
> <--- Received SIP request (844 bytes) from TLS:79.168.115.36:17193 --->
> REGISTER sip:222.222.222.222:5071 SIP/2.0
> Via: SIP/2.0/TLS 10.0.0.24:17193;branch=z9hG4bK1919829619
> From: "508" <sip:508 at 222.222.222.222:5071>;tag=1202817422
> To: "508" <sip:508 at 222.222.222.222:5071>
> Call-ID: 1904297113 at 10.0.0.24
> CSeq: 2 REGISTER
> Contact: <sip:508 at 10.0.0.24:17193;transport=TLS>
> Authorization: Digest username="pepito", realm="asterisk", nonce="1429863879/3c64b644dddf290b142711576e38cb78", uri="sip:222.222.222.222:5071", response="abd906a13f910b1d9365a6dd6de9a7fe", algorithm=MD5, cnonce="0a4f113b", opaque="20ffa10f43871d4c", qop=auth, nc=00000001
> Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE
> Max-Forwards: 70
> User-Agent: Yealink SIP-T28P 2.72.0.80
> Expires: 3600
> Allow-Events: talk,hold,conference,refer,check-sync
> Content-Length: 0
> -- Added contact 'sip:508 at 79.168.115.36:17193;transport=TLS' to AOR '508' with expiration of 3600 seconds
> <--- Transmitting SIP response (438 bytes) to TLS:79.168.115.36:17193 --->
> SIP/2.0 200 OK
> Via: SIP/2.0/TLS 10.0.0.24:17193;rport=17193;received=79.168.115.36;branch=z9hG4bK1919829619
> Call-ID: 1904297113 at 10.0.0.24
> From: "508" <sip:508 at 222.222.222.222>;tag=1202817422
> To: "508" <sip:508 at 222.222.222.222>;tag=z9hG4bK1919829619
> CSeq: 2 REGISTER
> Date: Fri, 24 Apr 2015 08:24:39 GMT
> Contact: <sip:508 at 79.168.115.36:17193;transport=TLS>;expires=3599
> Expires: 3600
> Server: Asterisk PBX 13.3.2
> Content-Length: 0
> <--- Received SIP request (444 bytes) from TLS:79.168.115.36:17193 --->
> SUBSCRIBE sip:503 at 222.222.222.222:5071 SIP/2.0
> Via: SIP/2.0/TLS 10.0.0.24:17193;branch=z9hG4bK1940910600
> From: "508" <sip:508 at 222.222.222.222:5071>;tag=744674526
> To: <sip:503 at 222.222.222.222:5071>
> Call-ID: 1232464291 at 10.0.0.24
> CSeq: 1 SUBSCRIBE
> Contact: <sip:508 at 10.0.0.24:17193;transport=TLS>
> Accept: application/dialog-info+xml
> Max-Forwards: 70
> User-Agent: Yealink SIP-T28P 2.72.0.80
> Expires: 1800
> Event: dialog
> Content-Length: 0
> <--- Transmitting SIP response (470 bytes) to TLS:79.168.115.36:17193 --->
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/TLS 10.0.0.24:17193;rport=17193;received=79.168.115.36;branch=z9hG4bK1940910600
> Call-ID: 1232464291 at 10.0.0.24
> From: "508" <sip:508 at 222.222.222.222>;tag=744674526
> To: <sip:503 at 222.222.222.222>;tag=z9hG4bK1940910600
> CSeq: 1 SUBSCRIBE
> WWW-Authenticate: Digest realm="asterisk",nonce="1429863879/3c64b644dddf290b142711576e38cb78",opaque="17d8f99064c34a01",algorithm=md5,qop="auth"
> Server: Asterisk PBX 13.3.2
> Content-Length: 0
> <--- Received SIP request (465 bytes) from TLS:79.168.115.36:17193 --->
> SUBSCRIBE sip:508 at 222.222.222.222:5071 SIP/2.0
> Via: SIP/2.0/TLS 10.0.0.24:17193;branch=z9hG4bK925409121
> From: "508" <sip:508 at 222.222.222.222:5071>;tag=521164520
> To: "508" <sip:508 at 222.222.222.222:5071>
> Call-ID: 1245340423 at 10.0.0.24
> CSeq: 1 SUBSCRIBE
> Contact: <sip:508 at 10.0.0.24:17193;transport=TLS>
> Accept: application/simple-message-summary
> Max-Forwards: 70
> User-Agent: Yealink SIP-T28P 2.72.0.80
> Expires: 3600
> Event: message-summary
> Content-Length: 0
> <--- Transmitting SIP response (474 bytes) to TLS:79.168.115.36:17193 --->
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/TLS 10.0.0.24:17193;rport=17193;received=79.168.115.36;branch=z9hG4bK925409121
> Call-ID: 1245340423 at 10.0.0.24
> From: "508" <sip:508 at 222.222.222.222>;tag=521164520
> To: "508" <sip:508 at 222.222.222.222>;tag=z9hG4bK925409121
> CSeq: 1 SUBSCRIBE
> WWW-Authenticate: Digest realm="asterisk",nonce="1429863879/3c64b644dddf290b142711576e38cb78",opaque="2271d35939c4549c",algorithm=md5,qop="auth"
> Server: Asterisk PBX 13.3.2
> Content-Length: 0
> <--- Received SIP request (751 bytes) from TLS:79.168.115.36:17193 --->
> SUBSCRIBE sip:508 at 222.222.222.222:5071 SIP/2.0
> Via: SIP/2.0/TLS 10.0.0.24:17193;branch=z9hG4bK1689103066
> From: "508" <sip:508 at 222.222.222.222:5071>;tag=521164520
> To: "508" <sip:508 at 222.222.222.222:5071>
> Call-ID: 1245340423 at 10.0.0.24
> CSeq: 2 SUBSCRIBE
> Contact: <sip:508 at 10.0.0.24:17193;transport=TLS>
> Authorization: Digest username="pepito", realm="asterisk", nonce="1429863879/3c64b644dddf290b142711576e38cb78", uri="sip:508 at 222.222.222.222:5071", response="29e7d48d8f867288a8f7011c220c173b", algorithm=MD5, cnonce="0a4f113b", opaque="2271d35939c4549c", qop=auth, nc=00000001
> Accept: application/simple-message-summary
> Max-Forwards: 70
> User-Agent: Yealink SIP-T28P 2.72.0.80
> Expires: 3600
> Event: message-summary
> Content-Length: 0
> <--- Transmitting SIP response (562 bytes) to TLS:79.168.115.36:17193 --->
> SIP/2.0 200 OK
> Via: SIP/2.0/TLS 10.0.0.24:17193;rport=17193;received=79.168.115.36;branch=z9hG4bK1689103066
> Call-ID: 1245340423 at 10.0.0.24
> From: "508" <sip:508 at 222.222.222.222>;tag=521164520
> To: "508" <sip:508 at 222.222.222.222>;tag=baa993ec-dc26-46fc-bd1a-6c2db441d988
> CSeq: 2 SUBSCRIBE
> Expires: 3600
> Contact: <sip:222.222.222.222:5071;transport=TLS>
> Allow: OPTIONS, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REGISTER, REFER
> Supported: 100rel, timer, replaces, norefersub
> Server: Asterisk PBX 13.3.2
> Content-Length: 0
> <--- Transmitting SIP request (684 bytes) to TLS:79.168.115.36:17193 --->
> NOTIFY sip:508 at 79.168.115.36:17193;transport=TLS SIP/2.0
> Via: SIP/2.0/TLS 222.222.222.222:5071;rport;branch=z9hG4bKPjfc2ca8c2-b94e-4dac-805c-060495d28633;alias
> From: "508" <sip:508 at 222.222.222.222>;tag=baa993ec-dc26-46fc-bd1a-6c2db441d988
> To: "508" <sip:508 at 222.222.222.222>;tag=521164520
> Contact: <sip:222.222.222.222:5071;transport=TLS>
> Call-ID: 1245340423 at 10.0.0.24
> CSeq: 28883 NOTIFY
> Event: message-summary
> Subscription-State: active;expires=3599
> Allow-Events: message-summary, presence, dialog, refer
> Max-Forwards: 70
> User-Agent: Asterisk PBX 13.3.2
> Content-Type: application/simple-message-summary
> Content-Length: 48
> Messages-Waiting: no
> Voice-Message: 0/0 (0/0)
> <--- Received SIP request (728 bytes) from TLS:79.168.115.36:17193 --->
> SUBSCRIBE sip:503 at 222.222.222.222:5071 SIP/2.0
> Via: SIP/2.0/TLS 10.0.0.24:17193;branch=z9hG4bK766939248
> From: "508" <sip:508 at 222.222.222.222:5071>;tag=744674526
> To: <sip:503 at 222.222.222.222:5071>
> Call-ID: 1232464291 at 10.0.0.24
> CSeq: 2 SUBSCRIBE
> Contact: <sip:508 at 10.0.0.24:17193;transport=TLS>
> Authorization: Digest username="pepito", realm="asterisk", nonce="1429863879/3c64b644dddf290b142711576e38cb78", uri="sip:503 at 222.222.222.222:5071", response="01c1e7ab670f410eed0dc2a51a42279c", algorithm=MD5, cnonce="0a4f113b", opaque="17d8f99064c34a01", qop=auth, nc=00000001
> Accept: application/dialog-info+xml
> Max-Forwards: 70
> User-Agent: Yealink SIP-T28P 2.72.0.80
> Expires: 1800
> Event: dialog
> Content-Length: 0
> <--- Transmitting SIP response (555 bytes) to TLS:79.168.115.36:17193 --->
> SIP/2.0 200 OK
> Via: SIP/2.0/TLS 10.0.0.24:17193;rport=17193;received=79.168.115.36;branch=z9hG4bK766939248
> Call-ID: 1232464291 at 10.0.0.24
> From: "508" <sip:508 at 222.222.222.222>;tag=744674526
> To: <sip:503 at 222.222.222.222>;tag=af671a2f-0001-42af-96cf-0f86e3d85c10
> CSeq: 2 SUBSCRIBE
> Expires: 1800
> Contact: <sip:222.222.222.222:5071;transport=TLS>
> Allow: OPTIONS, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REGISTER, REFER
> Supported: 100rel, timer, replaces, norefersub
> Server: Asterisk PBX 13.3.2
> Content-Length: 0
> <--- Transmitting SIP request (856 bytes) to TLS:79.168.115.36:17193 --->
> NOTIFY sip:508 at 79.168.115.36:17193;transport=TLS SIP/2.0
> Via: SIP/2.0/TLS 222.222.222.222:5071;rport;branch=z9hG4bKPjb4b191b0-df38-41e9-bd93-11bf763f8106;alias
> From: <sip:503 at 222.222.222.222>;tag=af671a2f-0001-42af-96cf-0f86e3d85c10
> To: "508" <sip:508 at 222.222.222.222>;tag=744674526
> Contact: <sip:222.222.222.222:5071;transport=TLS>
> Call-ID: 1232464291 at 10.0.0.24
> CSeq: 8461 NOTIFY
> Event: dialog
> Subscription-State: active;expires=1799
> Allow-Events: message-summary, presence, dialog, refer
> Max-Forwards: 70
> User-Agent: Asterisk PBX 13.3.2
> Content-Type: application/dialog-info+xml
> Content-Length: 243
> <?xml version="1.0" encoding="UTF-8"?>
> <dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" version="0" state="full" entity="sip:503 at 192.168.1.6:5071;transport=TLS">
> <dialog id="503">
> <state>terminated</state>
> </dialog>
> </dialog-info>
> <--- Received SIP response (408 bytes) from TLS:79.168.115.36:17193 --->
> SIP/2.0 200 OK
> Via: SIP/2.0/TLS 222.222.222.222:5071;rport;branch=z9hG4bKPjfc2ca8c2-b94e-4dac-805c-060495d28633;alias
> From: "508" <sip:508 at 222.222.222.222>;tag=baa993ec-dc26-46fc-bd1a-6c2db441d988
> To: "508" <sip:508 at 222.222.222.222>;tag=521164520
> Call-ID: 1245340423 at 10.0.0.24
> CSeq: 28883 NOTIFY
> Contact: <sip:508 at 10.0.0.24:17193;transport=TLS>
> User-Agent: Yealink SIP-T28P 2.72.0.80
> Content-Length: 0
> <--- Received SIP response (401 bytes) from TLS:79.168.115.36:17193 --->
> SIP/2.0 200 OK
> Via: SIP/2.0/TLS 222.222.222.222:5071;rport;branch=z9hG4bKPjb4b191b0-df38-41e9-bd93-11bf763f8106;alias
> From: <sip:503 at 222.222.222.222>;tag=af671a2f-0001-42af-96cf-0f86e3d85c10
> To: "508" <sip:508 at 222.222.222.222>;tag=744674526
> Call-ID: 1232464291 at 10.0.0.24
> CSeq: 8461 NOTIFY
> Contact: <sip:508 at 10.0.0.24:17193;transport=TLS>
> User-Agent: Yealink SIP-T28P 2.72.0.80
> Content-Length: 0
> And this is the asterisk nofity packet sent to endpoint 508 when 503 is busy:
> <--- Transmitting SIP request (848 bytes) to TLS:10.0.0.24:17193 --->
> NOTIFY sip:508 at 10.0.0.24:17193;transport=TLS SIP/2.0
> Via: SIP/2.0/TLS 192.168.1.6:58575;rport;branch=z9hG4bKPjad44ff79-019d-45c5-8134-4c1b85385f8b;alias
> From: <sip:503 at 222.222.222.222>;tag=af671a2f-0001-42af-96cf-0f86e3d85c10
> To: "508" <sip:508 at 222.222.222.222>;tag=744674526
> Contact: <sip:192.168.1.6:58575;transport=TLS>
> Call-ID: 1232464291 at 10.0.0.24
> CSeq: 8462 NOTIFY
> Event: dialog
> Subscription-State: active;expires=1603
> Allow-Events: message-summary, presence, dialog, refer
> Max-Forwards: 70
> User-Agent: Asterisk PBX 13.3.2
> Content-Type: application/dialog-info+xml
> Content-Length: 243
> <?xml version="1.0" encoding="UTF-8"?>
> <dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" version="1" state="full" entity="sip:503 at 192.168.1.6:5071;transport=TLS">
> <dialog id="503">
> <state>terminated</state>
> </dialog>
> </dialog-info>
> [Apr 24 10:27:55] ERROR[10900]: pjsip:0 <?>: tlsc0x38004b8 TLS connect() error: No route to host [code=120113]
> [Apr 24 10:27:55] WARNING[10900]: pjsip:0 <?>: tsx0x3b868d8 Failed to send Request msg NOTIFY/cseq=8462 (tdta0x3f70160)! err=120113 (No route to host)
> Thanks for your help.
> Regards
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list