[Serusers] OptiPoint420 behind a NAT device
hiSIPatH
hisipath at gmail.com
Fri Nov 24 15:04:54 CET 2006
Hi all,
as suggested by Bogdan, i try to fix my issue with OptiPoint, using
the "force_rport()" statement in my ser.cfg. I have tried several
changes but have still the same result.
I am able to register the OptiPoint...
optipoint------[Request REGISTER]------>SER
optipoint<----[ 100 Trying ]--------SER
optipoint<----[ 401 Unauthorized ]--------SER
optipoint------[Request REGISTER]------>SER
optipoint<----[ 100 Trying ]--------SER
optipoint<----[ 200 OK ]--------SER
but the when the OptiPoint sends an INVITE, the response from ser is sent to Src
Port: 5060 (5060), Dst Port: 5060 (5060) instead of the NATed port.
I use the nat-rtpproxy.5.0.cfg from the GettingStarted. Is there some
thing more i have to change in the ser.cfg.
suggestions are wellcome.
thx in advance!!!
On 11/20/06, hiSIPatH <hisipath at gmail.com> wrote:
> Hi Bogdan,
>
> you are right. There is no rport in the VIA header field for the
> INVITE from the Optipoint.
>
> Via: SIP/2.0/UDP 192.168.204.5:5060;branch=z9hG4bK416072b30
>
> But for other UA you can notice this VIA header (received and rport
> parameter)...
> Via: SIP/2.0/UDP
> 192.168.204.2:26010;received=89.xxx.xxx.xxx;branch=z9hG4bK-d87543-fb641a689c2c295f-1--d87543-;rport=64365.
>
> i will try to use the "force_rport()" to fix this issue...
>
> thx again for the hint.
>
>
>
>
> On 11/19/06, Bogdan Pintea <pintea at iptego.de> wrote:
> > Your OptiPoint might not add the "rport" Via parameter (unfortunately,
> > your net trace is not too relevant), probably unlike your other Snom and
> > Xlite clients.
> >
> > In this case, check if you have a "force_rport();" statement in you SER
> > cfg. See a NAT handling SER sample script otherwise, for how to add it,
> > if missing; or try tune the UA to add it, at least in REGISTERs.
> >
> > Hth,
> > Bogdan.
> >
> > hiSIPatH wrote:
> > > Hi Michal,
> > >
> > > Thx for the reply. It seems that there isn't such an option in the
> > > OptiPoint.
> > > But to be honest i am a little confused, because i am able to register
> > > my OptiPoint. So NAT seems to work with the REGISTER but doesn't with
> > > the INVITE.
> > >
> > >
> > >
> > > On 11/16/06, Michal Matyska <michal at iptel.org> wrote:
> > >> Check whether there is configuration option "symetric signalling" (e.g.
> > >> use the same port for sending requests and receiveng replies) in your
> > >> OptiPoint UEa and check that to be used.
> > >>
> > >> The asymetric signaling does not work when the UE is behind NAT, the
> > >> port is not open for replies.
> > >>
> > >> The same applies to RTP streams, you have to setup the RTP to be
> > >> symetric.
> > >>
> > >> Michal
> > >>
> > >> On Thu, 2006-11-16 at 13:19 +0100, hiSIPatH wrote:
> > >> > Hi all,
> > >> >
> > >> > i have a ser setup (CentOS 4.4/ser 0.9.6) with several ip phones
> > >> > (SNOM320 and Xlite30) and every thing seems to work fine. The ser
> > >> > server has a public ip address 89.xxx.xxx.xxx and the ua are behind a
> > >> > NAT device (corporate FW).
> > >> >
> > >> > I want now to add some OptiPoint420 SIP but was unable to get them
> > >> > working. That means that the registration is ok and calls to the
> > >> > Optipoints from other ua (xlite or Snom) work but i was unable to
> > >> > place a call from Optipoint to other ua.
> > >> >
> > >> > In the trace you can notice that the INVITE is sent to ser with Src
> > >> > Port 38625 and Dst Port 5060. But the response from ser is sent to Src
> > >> > Port: 5060 (5060), Dst Port: 5060 (5060). The result is of couse ICMP
> > >> > Destination unreachable (Port unreachable).
> > >> >
> > >> > I have rtp proxy and ser running on the same server and my ser.cfg
> > >> > looks like the one from the SER GettingStarted
> > >> > http://siprouter.onsip.org/doc/gettingstarted/ch08s02.html). I read
> > >> > the doc about "handling of NAT using RTP Proxy" but was unable to
> > >> > change the config to get this scenario with OptiPoint working. Has
> > >> > anyone managed to get OptiPoint to work with ser?
> > >> >
> > >> > thx in advance?
> > >> >
> > >> > No. Time Source Destination
> > >> Protocol Info
> > >> > 14 8.907171 89.xxx.xxx.xxx 89.xxx.xxx.xxx
> > >> > SIP/SDP Request: INVITE
> > >> > sip:8001 at registrar.mydomaine.com;transport=udp, with session
> > >> > description
> > >> >
> > >> > Frame 14 (972 bytes on wire, 972 bytes captured)
> > >> > Ethernet II, Src: AminoCom_02:02:02 (00:02:02:02:02:02), Dst:
> > >> > AcerTech_9c:00:8d (00:00:e2:9c:00:8d)
> > >> > Internet Protocol, Src: 89.xxx.xxx.xxx (89.xxx.xxx.xxx), Dst:
> > >> > 89.xxx.xxx.xxx (89.xxx.xxx.xxx)
> > >> > User Datagram Protocol, Src Port: 38625 (38625), Dst Port: 5060 (5060)
> > >> > Session Initiation Protocol
> > >> >
> > >> > No. Time Source Destination
> > >> Protocol Info
> > >> > 15 8.907394 89.xxx.xxx.xxx 89.xxx.xxx.xxx SIP
> > >> > Status: 407 Proxy Authentication Required
> > >> >
> > >> > Frame 15 (772 bytes on wire, 772 bytes captured)
> > >> > Ethernet II, Src: AcerTech_9c:00:8d (00:00:e2:9c:00:8d), Dst:
> > >> > AminoCom_02:02:02 (00:02:02:02:02:02)
> > >> > Internet Protocol, Src: 89.xxx.xxx.xxx (89.xxx.xxx.xxx), Dst:
> > >> > 89.xxx.xxx.xxx (89.xxx.xxx.xxx)
> > >> > User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 5060 (5060)
> > >> > Session Initiation Protocol
> > >> > _______________________________________________
> > >> > Serusers mailing list
> > >> > Serusers at lists.iptel.org
> > >> > http://lists.iptel.org/mailman/listinfo/serusers
> > >>
> > >> _______________________________________________
> > >> Serusers mailing list
> > >> Serusers at lists.iptel.org
> > >> http://lists.iptel.org/mailman/listinfo/serusers
> > >>
> > > _______________________________________________
> > > Serusers mailing list
> > > Serusers at lists.iptel.org
> > > http://lists.iptel.org/mailman/listinfo/serusers
> > >
> >
> >
> > --
> > Bogdan Pintea
> >
> > iptego GmbH - VoIP Security
> > http://www.iptego.de
> >
> >
>
More information about the sr-users
mailing list