[Asterisk-Users] Asterisk + SER and NAT
Laurent Foulonneau
foulonneau at canl.net
Mon May 9 23:01:44 MST 2005
Hi,
We are testing a SIP solution * + ser solution for a large implementation.
All the clients are nated.
When a client is dialing outside the domain (to a FWD sip account for
example) all is perfect ! ;-)
But ,when a call is done to a sip account, the client is ringing, then the
caller can hear the nated client very well, but the nated client does'nt
hear anything. RTP issue no ?
I've follow the SER, Asterisk and Lucent TNT by Michael
Shuler (http://www.voip-info.org/wiki-Asterisk+at+large ), but I think
I've missed something.
The * and ser are using public ip, no nat for them.
I've tried different config, with and without rtpproxy, with forward
instead of t_relay, but same or more problems.
If someone could help me please.
Here are my conf files :
extensions.conf:
============
[ser]
exten => 0870441067,1,Dial(SIP/${EXTEN}@ser,20,t)
exten => 0870441067,2,Congestion
exten => 0870441067,3,Hangup
exten => 0870441111,1,Dial(SIP/${EXTEN}@ser,20,t)
exten => 0870441111,2,Congestion
exten => 0870441111,3,Hangup
exten => _X.,1,Dial(SIP/${EXTEN}@ser,20,t)
exten => _X.,2,Playback(vm-nobodyavail)
exten => _X.,3,Voicemail(${EXTEN}@astcc)
exten => _X.,4,Hangup
exten => *,1,Answer
exten => *,2,VoiceMailMain(${CALLERIDNUM}@astcc)
exten => *,3,Hangup
sip.conf
======
[general]
realm=my.domain
recordhistory=yes
pedantic=no
bindport=5060
disallow=all
allow=g729
allow=ilbc
maxexpirey=180
defaultexpirey=160
tos=reliability
rtcachefriends=yes
rtnoupdate=no
rtautoclear=2000
qualify=2000
dtmfmode=rfc2833
context=ser
autocreatepeer=yes
nat = yes
[ser]
type=friend
context=ser
dtmfmode=rfc2833
disallow=all
allow=g729
allow=ilbc
nat=no
canreinvite=no
host=192.168.0.146
ser.cfg:
======
#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)
/*
# Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
listen=192.168.0.146
sip_warning=no
alias="domain"
alias="sip.domain.com"
alias="domain.com"
advertised_address=192.168.0.146
reply_to_via=no
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
# if changing fifo mode to a more restrictive value, put
# decimal value in there, e.g. dec(rw|rw|rw)=dec(666)=438
#fifo_mode=438
# user | uid - uid to be used by the server. 99 = nobody.
#uid="nobody"
# group | gid - gid to be used by the server. 99 = nobody.
#gid="nobody"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/xlog.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
# Flush every 60 sec
modparam("usrloc", "db_mode", 1)
modparam("usrloc", "db_url","sql://user:passwd@192.168.0.145/astcc")
# -- auth params --
modparam("auth_db", "db_url","sql://user:passwd@192.168.0.145/astcc")
modparam("auth_db", "user_column", "name")
modparam("auth_db", "domain_column", "domain")
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "secret")
# -- replication auth param --
modparam("auth", "secret", "secret")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------- registrar parameters
modparam("registrar", "nat_flag", 2)
# ------------- nathelper parameters
modparam("nathelper", "natping_interval", 60)
modparam("nathelper", "ping_nated_only", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# if(method != "REGISTER")
# {
# xlog("L_INFO", "Got a %rm (URI = %ru) from %is");
# };
# By default we are already responding to the learned IP:PORT that
the message came from.
# This will properly fix the contact header. Asterisk will fix
the SDP (actually it learns it).
force_rport();
fix_nated_contact();
#
------------------------------------------------------------------------------------------------
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if(uri == myself || src_ip == 192.168.0.146)
{
if(method == "REGISTER")
{
# Make sure they are a valid user on our proxy
if(!www_authorize("domain", "sipfriends"))
{
# xlog("L_INFO", "Req Auth For %ct, URI =
%ru");
www_challenge("domain", "1");
break;
};
# xlog("L_INFO", "Registered Contact %ct, URI =
%ru");
save("location");
break;
};
};
#------------------------------------------------------------------------------------------------
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# This will make the return path the VIRTUAL IP on a L4 switch
instead of our REAL IP
# record_route_preset("192.168.0.146:5060");
#------------------------------------------------------------------------------------------------
# loose-route processing
if(loose_route())
{
xlog("L_INFO", "loose_route(): Looking up %rm URI %ru from
%is");
lookup("location");
xlog("L_INFO", "loose_route(): t_relay() %rm to URI %ru");
t_relay();
break;
};
#------------------------------------------------------------------------------------------------
# We only need to do load balancing on the INVITE.
# After the dest IP has been put in the message the servers will
follow it on their own.
if(method == "INVITE")
{
# If it came from Asterisk send it to a Quintum for final
routing if it can't be looked up
# As of now its ast0 and ast1 which are 222.222.222.222
and 333.333.333.333 which fall within this subnet
if(src_ip == 192.168.0.145)
{
xlog("L_INFO", "%rm came from Asterisk server %is,
URI = %ru");
# native SIP destinations are handled using our
USRLOC DB
if(lookup("location"))
{
# Found a match, this is going to a VoIP phone
xlog("L_INFO", "Sending %rm (URI = %ru) to
Contact (%ct)");
}
else
{
# Lookup failed, assume that this is a
phone number URL until I setup pattern matching
# Send to the Quintum
xlog("L_INFO", "Sending URI (%ru) to
Quintum");
rewritehostport("192.168.0.147:5060");
};
}
# NOTE: I could have combine the following "else if" and
"else" but I wanted to seperate them for debug purpo
# If it came from a Quintum send it to an Asterisk box for
final routing
# As of now Quintum is 192.168.0.147 which falls within
this subnet
else if(src_ip == 192.168.0.147)
{
xlog("L_INFO", "%rm came from Quintum (%is),
sending to Asterisk (URI = %ru)");
rewritehostport("192.168.0.145:5060");
# I cheated here because I made ast.mycompany.com
a DNS round robing with a 5 sec experation. It's n
}
# Assume it came from one of our VoIP phones, all routing
is done by Asterisk
else
{
xlog("L_INFO", "%rm came from a VoIP phone (%is),
attempting to authorize %fu");
# Make sure they are a valid user on our proxy
if (!www_authorize("domain", "sipfriends"))
{
www_challenge("domain", "0");
xlog("L_INFO", "Failed to authorize
%fu(%is)");
break;
};
# Found a match, this is going to a VoIP phone
xlog("L_INFO", "Auth OK, sending URI %ru to
Asterisk for routing");
rewritehostport("192.168.0.145:5060");
};
xlog("L_INFO", "INVITE New URI = %ru, t_relay()ing now");
t_relay();
# forward(uri:host,uri:port);
break;
};
#------------------------------------------------------------------------------------------------
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
lookup("location");
xlog("L_INFO", "Default t_relay() (method = %rm, URI = %ru, >From
= %is)");
if(!t_relay())
{
xlog("L_INFO", "Failed sending requesting %rm URI (%ru)");
sl_reply_error();
};
}
More information about the asterisk-users
mailing list