[Serusers] could not pass the audio through NAT for the SIP client.
C.K
ckng128 at yahoo.com
Tue Aug 10 15:48:57 CEST 2004
Hello,
I have try to identify this problem for long time but
still do not have any idea where is the problem, could
some one point it out here please.
I have the asterisk and SER behind a NAT (at office)
and both UA are also behind another NAT (at home), I
could hear the echo test from asterisk when I am using
the port farwading BUT doesn't have any audio when I
disable the port forwading..please help..
My Sip.cfg and sip.conf are as follow:
# ------------------- global configuration parameters
------------------------
#debug=3 # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no # (cmd line: -E)
#debug=7
#fork=no
#log_stderror=yes
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
alias=detone
alias=detone.ghl.com
alias=202.129.171.223
# ------------------- module loading
------------------
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/exec.so"
loadmodule "/usr/local/lib/ser/modules/xlog.so"
#loadmodule "/usr/local/lib/ser/modules/mysql.so"
#loadmodule "/usr/local/lib/ser/modules/auth.so"
#loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
# ----------------- setting module-specific parameters
---------------
modparam("usrloc", "db_mode", 0)
#modparam("auth_db", "calculate_ha1", yes)
#modparam("auth_db", "password_column", "password")
modparam("rr", "enable_full_lr", 1)
# ------------------ NAThelper ----------------
modparam("registrar", "nat_flag", 6)
modparam("nathelper", "natping_interval", 30) # Ping
interval 30 s
modparam("nathelper", "ping_nated_only", 1) # Ping
only clients behind NAT
# ------------------------- request routing logic
-------------------
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long
requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too
big");
break;
};
# Special handling for NATed clients; first, NAT test
is
# executed: it looks for via!=received and
RFC1918 addresses
# in Contact (may fail if line-folding is
used); also,
# the received test should, if completed,
should check all
# vias for rpesence of received
xlog("L_NOTICE", "Checking...behind the NAT ?\n");
if (nat_uac_test("1")) {
xlog("L_NOTICE", "nat_uac_test=1\n");
}
if (nat_uac_test("2")) {
xlog("L_NOTICE", "nat_uac_test=2\n");
}
if (nat_uac_test("3")) {
xlog("L_NOTICE", "nat_uac_test == 3\n");
# Allow RR-ed requests, as these may
indicate that
# a NAT-enabled proxy takes care of
it; unless it is
# a REGISTER
if (method == "REGISTER" || !
search("^Record-Route:")) {
xlog("L_NOTICE", "Someone trying
to register from private IP, rewriting\n");
# This will work only for user
agents that support symmetric
# communication. We tested quite
many of them and majority is
# smart enough to be symmetric. In
some phones it takes a configuration
# option. With Cisco 7960, it is
called NAT_Enable=Yes, with kphone it is
# called "symmetric media" and
"symmetric signalling".
fix_nated_contact(); # Rewrite
contact with source IP of signalling
if (method == "INVITE") {
xlog("L_NOTICE", "invite behind NAT.\n");
fix_nated_sdp("1"); # Add
direction=active to SDP
};
force_rport(); # Add rport
parameter to topmost Via
setflag(6); # Mark as NATed
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our
proxy; that's
# particularly good if upstream and downstream
entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
xlog("L_NOTICE", "loose route.\n");
# append_hf("P-hint: rr-enforced\r\n");
t_relay();
break;
};
/*
if
(uri=~"^sip:[0-9][0-9][0-9]*@202.129.171.223") {
xlog("L_NOTICE", "forward to asterisk.\n");
forward(10.38.38.14, 5070);
break;
};
*/
if (uri =~ "sip:[0-9][0-9][0-9]*@*"){
xlog("L_NOTICE", "Forwarding to
Asterisk\n");
rewritehostport("10.38.38.14:5070");
t_relay();
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the
following command
# with proper names and addresses in it)
xlog("L_NOTICE", "uri==myself?\n");
if (uri==myself){
if (method=="REGISTER") {
xlog("L_NOTICE", "register but no NAT.\n");
sl_send_reply("200", "ok");
save("location");
break;
};
# native SIP destinations are handled
using our USRLOC DB
xlog("L_NOTICE", "lookup for USRLOC.\n");
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
# break;
};
};
xlog("L_NOTICE", "checking....INVITE\n");
if (method == "INVITE") {
xlog("L_NOTICE", "Invite from not NAT.\n");
record_route();
if (isflagset(4) && isflagset(5)) {
xlog("L_NOTICE", "UA behind different NAT
devices, forcing rtpproxy\n");
force_rtp_proxy();
t_on_reply("2");
} else {
xlog("L_NOTICE", "UAs behind same NAT
devicea\n");
t_on_reply("3");
}
# for other conditions route here...
}
# forward to current uri now; use stateful
forwarding; that
# works reliably even if we forward from TCP
to UDP
if (!t_relay()) {
sl_reply_error();
};
}
onreply_route[1] {
if (status =~ "[12][0-9][0-9]"){
fix_nated_contact();
force_rtp_proxy();
}
}
onreply_route[2] {
if (status == "200" || status == "183"){
if (isflagset(5)) {
fix_nated_contact();
};
force_rtp_proxy();
}
}
onreply_route[3] {
if (status == "200" || status == "183"){
if (isflagset(5)) {
fix_nated_contact();
};
force_rtp_proxy();
}
}
************************* end of ser.cfg
;
; SIP Configuration for Asterisk
;
; Syntax for specifying a SIP device in
extensions.conf is
; SIP/devicename where devicename is defined in a
section below.
;
; You may also use
; SIP/username at domain to call any SIP user on the
Internet
; (Don't forget to enable DNS SRV records if you want
to use this)
;
; If you define a SIP proxy as a peer below, you may
call
; SIP/proxyhostname/user or SIP/user at proxyhostname
; where the proxyhostname is defined in a section
below
;
; Useful CLI commands to check peers/users:
; sip show peers Show all SIP peers (including
friends)
; sip show users Show all SIP users (including
friends)
; sip show registry Show status of hosts we
register with
;
; sip debug Show all SIP messages
;
[general]
context=default ; Default context for incoming calls
;recordhistory=yes ; Record SIP history by default
; (see sip history / sip no history)
;realm=mydomain.tld ; Realm for digest authentication
; defaults to "asterisk"
; Realms MUST be globally unique according to RFC
3261
; Set this to your host name or domain name
port=5070 ; UDP Port to bind to (SIP standard port
is 5060)
bindaddr=0.0.0.0 ; IP address to bind to (0.0.0.0
binds to all)
srvlookup=yes ; Enable DNS SRV lookups on outbound
calls
; Note: Asterisk only uses the first host
; in SRV records
; Disabling DNS SRV lookups disables the
; ability to place SIP calls based on domain
; names to some other SIP users on the Internet
;pedantic=yes ; Enable slow, pedantic checking for
Pingtel
; and multiline formatted headers for strict
; SIP compatibility (defaults to "no")
;tos=184 ; Set IP QoS to either
a keyword or numeric val
;tos=lowdelay ;
lowdelay,throughput,reliability,mincost,none
;maxexpirey=3600 ; Max length of incoming
registration we allow
;defaultexpirey=120 ; Default length of
incoming/outoing registration
;notifymimetype=text/plain ; Allow overriding of mime
type in MWI NOTIFY
;videosupport=yes ; Turn on support for SIP video
;disallow=all ; First disallow all codecs
;allow=ulaw ; Allow codecs in order of preference
;allow=ilbc ; Note: codec order is respected only in
[general]
;musicclass=default ; Sets the default music on hold
class for all SIP calls
; This may also be set for individual users/peers
;language=en ; Default language setting for all
users/peers
; This may also be set for individual users/peers
;relaxdtmf=yes ; Relax dtmf handling
;rtptimeout=60 ; Terminate call if 60 seconds of no
RTP activity
; when we're not on hold
;rtpholdtimeout=300 ; Terminate call if 300 seconds
of no RTP activity
; when we're on hold (must be > rtptimeout)
;trustrpid = no ; If Remote-Party-ID should be
trusted
;progressinband=no ; If we should generate in-band
ringing always
;useragent=Asterisk PBX ; Allows you to change the
user agent string
;nat=no ; NAT settings
; yes = Always ignore
info and assume NAT
; no = Use NAT mode
only according to RFC3581
; never = Never
attempt NAT mode or RFC3581 support
;promiscredir = no ; If yes, allows 302 or REDIR
to non-local SIP address
; Asterisk can register as a SIP user agent to a SIP
proxy (provider)
; Format for the register statement is:
; register =>
user[:secret[:authuser]]@host[:port][/extension]
;
; If no extension is given, the 's' extension is used.
The extension
; needs to be defined in extensions.conf to be able to
accept calls
; from this SIP proxy (provider)
;
; host is either a host name defined in DNS or the
name of a
; section defined below.
;
; Examples:
;
;register => 1234:password at mysipprovider.com
;
; This will pass incoming calls to the 's'
extension
;
;
;register => 2345:password at sip_proxy/1234
;
; Register 2345 at sip provider 'sip_proxy'. Calls
from this provider connect to local
; extension 1234 in extensions.conf default
context, unless you define
; unless you configure a [sip_proxy] section below,
and configure a context.
; Tip 1: Avoid assigning hostname to a sip.conf
section like [provider.com]
; Tip 2: Use separate type=peer and type=user
sections for SIP providers
; (instead of type=friend) if you
have calls in both directions
;externip = 200.201.202.203 ; Address that we're going
to put in outbound SIP messages
; if we're behind a NAT
; The externip and localnet is used
; when registering and communicating with other
proxies
; that we're registered with
; You may add multiple local networks. A
reasonable set of defaults
; are:
;localnet=192.168.0.0/255.255.0.0; All RFC 1918
addresses are local networks
;localnet=10.0.0.0/255.0.0.0 ; Also RFC1918
;localnet=172.16.0.0/12 ; Another RFC1918 with CIDR
notation
;localnet=169.254.0.0/255.255.0.0 ;Zero conf local
network
;-----------------------------------------------------------------------------------
; Users and peers have different settings available.
Friends have all settings,
; since a friend is both a peer and a user
;
; User config options: Peer configuration:
; -------------------- -------------------
; context context
; permit permit
; deny deny
; auth auth
; secret secret
; md5secret md5secret
; dtmfmode dtmfmode
; canreinvite canreinvite
; nat nat
; callgroup callgroup
; pickupgroup pickupgroup
; language language
; allow allow
; disallow disallow
; insecure insecure
; trustrpid trustrpid
; progressinband progressinband
; promiscredir promiscredir
; callerid
; accountcode
; amaflags
; incominglimit
; restrictcid
; mailbox
; username
; template
; fromdomain
; fromuser
; host
; mask
; port
; qualify
; defaultip
; rtptimeout
; rtpholdtimeout
;[sip_proxy]
; For incoming calls only. Example: FWD (Free World
Dialup)
;type=user
;context=from-fwd
;[sip_proxy-out]
;type=peer ; we only want to call out, not
be called
;secret=guessit
;username=yourusername ; Authentication user for
outbound proxies
;fromuser=yourusername ; Many SIP providers require
this!
;host=box.provider.com
;[grandstream1]
;type=friend ; either "friend" (peer+user), "peer"
or "user"
;context=from-sip
;fromuser=grandstream1 ; overrides the callerid, e.g.
required by FWD
;callerid=John Doe <1234>
;host=192.168.0.23 ; we have a static but private IP
address
;nat=no ; there is not NAT between phone and
Asterisk
;canreinvite=yes ; allow RTP voice traffic to bypass
Asterisk
;dtmfmode=info ; either RFC2833 or INFO for the
BudgeTone
;incominglimit=1 ; permit only 1 outgoing call at a
time
; from the phone to asterisk
[1008]
type=friend
username=1008
transfer=yes
context=default
fromuser=1008
callerid=
host=dynamic
nat=yes
canreinvite=yes
dtmfmode=info
;incominglimit=1
[1068]
type=friend
username=1068
transfer=yes
context=default
fromuser=1018
callerid=
host=dynamic
nat=yes
canreinvite=no
;dtmfmode=info
;incominglimit=1
mailbox=1234 at default ; mailbox 1234 in voicemail
context "default"
disallow=all ; need to disallow=all before we can
use allow=
allow=ulaw ; Note: In user sections the order of
codecs
; listed with allow= does NOT matter!
allow=alaw
allow=g723.1 ; Asterisk only supports g723.1
pass-thru!
allow=g729 ; Pass-thru only unless g729 license
obtained
;[xlite1]
;Turn off silence suppression in X-Lite ("Transmit
Silence"=YES)!
;Note that Xlite sends NAT keep-alive packets, so
qualify=yes is not needed
;type=friend
;username=xlite1
;callerid="Jane Smith" <5678>
;host=dynamic
;nat=yes ; X-Lite is behind a
NAT router
;canreinvite=no ; Typically set to NO
if behind NAT
;disallow=all
;allow=gsm ; GSM consumes far less
bandwidth than ulaw
;allow=ulaw
;allow=alaw
;[snom]
;type=friend ; Friends place calls and receive calls
;context=from-sip ; Context for incoming calls from
this user
;secret=blah
;language=de ; Use German prompts for this user
;host=dynamic ; This peer register with us
;dtmfmode=inband ; Choices are inband, rfc2833, or
info
;defaultip=192.168.0.59 ; IP used until peer
registers
;username=snom ; Username to use in INVITE until
peer registers
;mailbox=1234,2345 ; Mailboxes for message waiting
indicator
;restrictcid=yes ; To have the callerid restriced ->
sent as ANI
;disallow=all
;allow=ulaw ; dtmfmode=inband only
works with ulaw or alaw!
;mailbox=1234 at context,2345 ; Mailbox(-es) for
message waiting indicator
;[pingtel]
;type=friend
;username=pingtel
;secret=blah
;host=dynamic
;insecure=yes ; To match a peer based by IP address
only and not peer
;insecure=very ; To allow registered hosts to call
without re-authenticating
;qualify=1000 ; Consider it down if it's 1 second to
reply
; Helps with NAT session
; qualify=yes uses default value
;callgroup=1,3-4 ; We are in caller groups 1,3,4
;pickupgroup=1,3-5 ; We can do call pick-p for call
group 1,3,4,5
;defaultip=192.168.0.60 ; IP address to use if peer
has not registred
;[cisco1]
;type=friend
;username=cisco1
;secret=blah
;qualify=200 ; Qualify peer is no more than 200ms
away
;nat=yes ; This phone may be natted
; Send SIP and RTP to IP address that packet is
; received from instead of trusting SIP headers
;host=dynamic ; This device registers with us
;canreinvite=no ; Asterisk by default tries to
redirect the
; RTP media stream (audio) to go directly from
; the caller to the callee. Some devices do not
; support this (especially if one of them is
; behind a NAT).
;defaultip=192.168.0.4
;[cisco2]
;type=friend
;username=cisco2
;fromuser=markster ; Specify user to put in "from"
instead of callerid
;fromdomain=yourdomain.com ; Specify domain to put in
"from" instead of callerid
; fromuser and fromdomain are used when Asterisk
; places calls to this account. It is not used
for
; calls from this account.
;secret=blah
;host=dynamic
;defaultip=192.168.0.4
;amaflags=default ; Choices are default, omit,
billing, documentation
;accountcode=markster ; Users may be associated with
an accountcode to ease billing
More information about the sr-users
mailing list