[Asterisk-Users] Asterisk + SER and NAT

Laurent Foulonneau foulonneau at canl.net
Mon May 9 23:01:44 MST 2005


Hi,

We are testing a SIP solution * + ser solution for a large implementation.
All the clients are nated.
When a client is dialing outside the domain (to a FWD sip account for 
example) all is perfect ! ;-)
But ,when a call is done to a sip account, the client is ringing, then the 
caller can hear the nated client very well, but the nated client does'nt 
hear anything. RTP issue no ?
I've follow the SER, Asterisk and Lucent TNT by Michael 
Shuler  (http://www.voip-info.org/wiki-Asterisk+at+large ), but I think 
I've missed something.
The * and ser are using public ip, no nat for them.
I've tried different config, with and without rtpproxy, with forward 
instead of t_relay, but same or more problems.

If someone could help me please.

Here are my conf files :

extensions.conf:
============

[ser]

exten => 0870441067,1,Dial(SIP/${EXTEN}@ser,20,t)
exten => 0870441067,2,Congestion
exten => 0870441067,3,Hangup

exten => 0870441111,1,Dial(SIP/${EXTEN}@ser,20,t)
exten => 0870441111,2,Congestion
exten => 0870441111,3,Hangup

exten => _X.,1,Dial(SIP/${EXTEN}@ser,20,t)
exten => _X.,2,Playback(vm-nobodyavail)
exten => _X.,3,Voicemail(${EXTEN}@astcc)
exten => _X.,4,Hangup

exten => *,1,Answer
exten => *,2,VoiceMailMain(${CALLERIDNUM}@astcc)
exten => *,3,Hangup

sip.conf
======
[general]
realm=my.domain
recordhistory=yes
pedantic=no
bindport=5060
disallow=all
allow=g729
allow=ilbc
maxexpirey=180
defaultexpirey=160
tos=reliability
rtcachefriends=yes
rtnoupdate=no
rtautoclear=2000
qualify=2000
dtmfmode=rfc2833
context=ser
autocreatepeer=yes
nat = yes

[ser]
type=friend
context=ser
dtmfmode=rfc2833
disallow=all
allow=g729
allow=ilbc
nat=no
canreinvite=no
host=192.168.0.146


ser.cfg:
======
#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#

# ----------- global configuration parameters ------------------------


debug=3         # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)

/*
# Uncomment these lines to enter debugging mode
  debug=7
  fork=no
  log_stderror=yes
*/

listen=192.168.0.146

sip_warning=no

alias="domain"
alias="sip.domain.com"
alias="domain.com"

advertised_address=192.168.0.146

reply_to_via=no
check_via=no    # (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
port=5060
children=4

fifo="/tmp/ser_fifo"

# if changing fifo mode to a more restrictive value, put
# decimal value in there, e.g. dec(rw|rw|rw)=dec(666)=438
#fifo_mode=438

# user | uid - uid to be used by the server. 99 = nobody.
#uid="nobody"

# group | gid - gid to be used by the server. 99 = nobody.
#gid="nobody"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so"

loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/xlog.so"

# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --
# Flush every 60 sec
modparam("usrloc", "db_mode", 1)
modparam("usrloc", "db_url","sql://user:passwd@192.168.0.145/astcc")

# -- auth params --
modparam("auth_db", "db_url","sql://user:passwd@192.168.0.145/astcc")
modparam("auth_db", "user_column", "name")
modparam("auth_db", "domain_column", "domain")
modparam("auth_db", "calculate_ha1", 1)

modparam("auth_db", "password_column", "secret")

# -- replication auth param --
modparam("auth", "secret", "secret")

# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)

# ------------- registrar parameters

modparam("registrar",  "nat_flag", 2)

# ------------- nathelper parameters

modparam("nathelper", "natping_interval", 60)
modparam("nathelper", "ping_nated_only", 1)

# -------------------------  request routing logic -------------------

# main routing logic

route{

         # initial sanity checks -- messages with
         # max_forwards==0, or excessively long requests
         if (!mf_process_maxfwd_header("10")) {
                 sl_send_reply("483","Too Many Hops");
                 break;
         };
         if ( msg:len > max_len ) {
                 sl_send_reply("513", "Message too big");
                 break;
         };

         # if(method != "REGISTER")
         # {
         #       xlog("L_INFO", "Got a %rm (URI = %ru) from %is");
         # };

         # By default we are already responding to the learned IP:PORT that 
the message came from.
         # This will properly fix the contact header.  Asterisk will fix 
the SDP (actually it learns it).

         force_rport();
         fix_nated_contact();

         # 
------------------------------------------------------------------------------------------------

         # if the request is for other domain use UsrLoc
         # (in case, it does not work, use the following command
         # with proper names and addresses in it)
         if(uri == myself || src_ip == 192.168.0.146)
         {
                 if(method == "REGISTER")
                 {
                         # Make sure they are a valid user on our proxy
                         if(!www_authorize("domain", "sipfriends"))
                         {
                                 # xlog("L_INFO", "Req Auth For %ct, URI = 
%ru");
                                 www_challenge("domain", "1");
                                 break;
                         };

                         # xlog("L_INFO", "Registered Contact %ct,  URI = 
%ru");
                         save("location");

                         break;
                 };
         };


         #------------------------------------------------------------------------------------------------

         # we record-route all messages -- to make sure that
         # subsequent messages will go through our proxy; that's
         # particularly good if upstream and downstream entities
         # use different transport protocol
         record_route();

         # This will make the return path the VIRTUAL IP on a L4 switch 
instead of our REAL IP
#        record_route_preset("192.168.0.146:5060");

         #------------------------------------------------------------------------------------------------

         # loose-route processing
         if(loose_route())
         {
                 xlog("L_INFO", "loose_route(): Looking up %rm URI %ru from 
%is");
                 lookup("location");
                 xlog("L_INFO", "loose_route(): t_relay() %rm to URI %ru");
                 t_relay();
                 break;
         };


         #------------------------------------------------------------------------------------------------

         # We only need to do load balancing on the INVITE.
         # After the dest IP has been put in the message the servers will 
follow it on their own.
         if(method == "INVITE")
         {

                 # If it came from Asterisk send it to a Quintum for final 
routing if it can't be looked up
                 # As of now its ast0 and ast1 which are 222.222.222.222 
and 333.333.333.333 which fall within this subnet
                 if(src_ip == 192.168.0.145)
                 {
                         xlog("L_INFO", "%rm came from Asterisk server %is, 
URI = %ru");

                         # native SIP destinations are handled using our 
USRLOC DB
                         if(lookup("location"))
                         {
                                 # Found a match, this is going to a VoIP phone
                                 xlog("L_INFO", "Sending %rm (URI = %ru) to 
Contact (%ct)");
                         }
                         else
                         {
                                 # Lookup failed, assume that this is a 
phone number URL until I setup pattern matching
                                 # Send to the Quintum
                                 xlog("L_INFO", "Sending URI (%ru) to 
Quintum");
                                 rewritehostport("192.168.0.147:5060");

                         };
                 }


                 # NOTE: I could have combine the following "else if" and 
"else" but I wanted to seperate them for debug purpo
                 # If it came from a Quintum send it to an Asterisk box for 
final routing
                 # As of now Quintum is 192.168.0.147 which falls within 
this subnet
                 else if(src_ip == 192.168.0.147)
                 {
                         xlog("L_INFO", "%rm came from Quintum (%is), 
sending to Asterisk (URI = %ru)");
                         rewritehostport("192.168.0.145:5060");
                         # I cheated here because I made ast.mycompany.com 
a DNS round robing with a 5 sec experation.  It's n
                 }

                 # Assume it came from one of our VoIP phones, all routing 
is done by Asterisk
                 else
                 {
                         xlog("L_INFO", "%rm came from a VoIP phone (%is), 
attempting to authorize %fu");

                         # Make sure they are a valid user on our proxy
                         if (!www_authorize("domain", "sipfriends"))
                         {
                                 www_challenge("domain", "0");
                                 xlog("L_INFO", "Failed to authorize 
%fu(%is)");
                                 break;
                         };

                         # Found a match, this is going to a VoIP phone
                         xlog("L_INFO", "Auth OK, sending URI %ru to 
Asterisk for routing");
                         rewritehostport("192.168.0.145:5060");
                 };

                 xlog("L_INFO", "INVITE New URI = %ru, t_relay()ing now");
                 t_relay();
#                forward(uri:host,uri:port);
                 break;
         };

         #------------------------------------------------------------------------------------------------



         # forward to current uri now; use stateful forwarding; that
         # works reliably even if we forward from TCP to UDP
         lookup("location");
         xlog("L_INFO", "Default t_relay() (method = %rm, URI = %ru, >From 
= %is)");
         if(!t_relay())
         {
                 xlog("L_INFO", "Failed sending requesting %rm URI (%ru)");
                 sl_reply_error();
         };
}




More information about the asterisk-users mailing list