[SR-Users] Fwd: Kamailio and NAT
Daniel-Constantin Mierla
miconda at gmail.com
Thu Jan 14 18:32:23 CET 2016
Not really up to date with all Asterisk features -- do you know if you
can append a custom header to a SIP response that is going to be
generated by Asterisk? Eventually the reply for an OPTIONS request.
Cheers,
Daniel
On 14/01/16 17:19, Nelson Migliaro wrote:
> Yes, I manage all devices, even the internet router but it does not
> allow static pat.
>
> 2016-01-14 16:07 GMT+01:00 Daniel-Constantin Mierla <miconda at gmail.com
> <mailto:miconda at gmail.com>>:
>
> Do you control the Asterisk? If yes, depending on Asterisk
> capabilities of building replies, you may be able to do some
> automation to detect the external port.
>
> Cheers,
> Daniel
>
> On Thu, Jan 14, 2016 at 3:47 PM, Nelson Migliaro
> <eng.migliaro at gmail.com <mailto:eng.migliaro at gmail.com>> wrote:
>
> There is not a public Kamailio, only one Kamailio behind NAT,
>
> Right now the configuration is:
>
> Asterisk <-> Kamailio (Private IP + advertise public IP + RTP
> Proxy ) <-> Internet router (public IP + symmetric na) <->
> Internet
>
> Regards,
>
> 2016-01-14 15:43 GMT+01:00 Daniel-Constantin Mierla
> <miconda at gmail.com <mailto:miconda at gmail.com>>:
>
> Is the kamailio behind nat communicating with another
> kamailio on a public IP?
>
> Cheers,
> DAniel
>
> On Thu, Jan 14, 2016 at 1:33 PM, Nelson Migliaro
> <eng.migliaro at gmail.com <mailto:eng.migliaro at gmail.com>>
> wrote:
>
> Thank you Daniel for your answer,
>
> As you mention, there is a symmetric nat and router
> does not allow a static NAT.
>
> By sniffing traffic I can see the port is using new
> but in case it change, how can automate the process of
> advertising the correct port?
>
> Cheers!
>
>
> ---------- Forwarded message ----------
> From: *Daniel-Constantin Mierla* <miconda at gmail.com
> <mailto:miconda at gmail.com>>
> Date: 2016-01-13 23:28 GMT+01:00
> Subject: Re: [SR-Users] Kamailio and NAT
> To: "Kamailio (SER) - Users Mailing List"
> <sr-users at lists.sip-router.org
> <mailto:sr-users at lists.sip-router.org>>
>
>
> Hello,
>
> it looks like you have a symmetric nat router, so the
> allocated port is randomly selected.
>
> If you don't control the nat router to set a static
> forwarding rule or it doesn't provide the option to
> set static forwarding, then you are pretty much left
> with sniffing the traffic to discover the external
> port and advertise it.
>
> Cheers,
> Daniel
>
>
>
>
> On 13/01/16 20:31, Nelson Migliaro wrote:
>> Hello,
>>
>> I finally were able to run my Kamailio behind NAT but
>> in order to accomplish that I included:
>>
>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
>>
>> 52548 is the port my internet router change when
>> doing NAT (5060->52548). I found this port sniffing
>> traffic
>>
>> Conclusions at this point are:
>>
>> ---------------------------------------------1--------------------------------------------------------------------------------------------------
>> If I use this line:
>>
>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:5060 it
>> does not work :(
>>
>> When I dial a call, INVITE / ACK / Trying / OK goes
>> fine because they are part of the same transaction
>> When remote party disconnects the call, BYE goes to
>> PUBLIC-IP port 5060 and router blocks de request. I
>> assume vendor sends BYE to 5060 because it is a new
>> transaction
>>
>> -----------------------------------------------2--------------------------------------------------------------------------------------------------
>>
>> If I use this line:
>>
>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
>> it work !!!!!!
>>
>> When I dial a call, INVITE / ACK / Trying / OK goes
>> fine because they are part of the same transaction
>> When remote party disconnects the call, BYE goes to
>> PUBLIC-IP port 52548 and router forward the request
>> to Kamailio. Since there is an open connection.
>>
>> I need to find the way to find the way to advertise
>> the public port internet router is doing NAT (PAT).
>>
>> ---------------------------------------------------------------------------------------------------------------------------------------------------
>> This trace is a call that worked fine because I
>> included line:
>>
>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
>>
>>
>> This trace is an INVITE with this line:
>> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
>> 2016/01/13 20:10:15.793568 PRIVATE-IP-KAMAILIO:5060
>> -> VENDOR-IP:5060
>> INVITE sip:NUM-DESTINATION at VENDOR-IP SIP/2.0
>> Record-Route:
>> <sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tB
>> A-;nat=yes>
>> Via: SIP/2.0/UDP
>> PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.0
>> Via: SIP/2.0/UDP
>> PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
>> Max-Forwards: 69
>> From: NUM-SOURCE
>> <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
>> To: <sip:NUM-DESTINATION at sip.VENDOR-IP>
>> Contact:
>> <sip:NUM-SOURCE at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1>
>> Call-ID:
>> 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
>> CSeq: 102 INVITE
>> User-Agent: Kamailio
>> Date: Wed, 13 Jan 2016 19:10:15 GMT
>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER,
>> SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
>> Supported: replaces, timer
>> Content-Type: application/sdp
>> Content-Length: 255
>>
>>
>> Trying.....
>>
>> 2016/01/13 20:10:15.842055 VENDOR-IP:5060 ->
>> PRIVATE-IP-KAMAILIO:5060
>> SIP/2.0 100 trying -- your call is important to us
>> Via: SIP/2.0/UDP
>> PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.1;rport=52548
>> Via: SIP/2.0/UDP
>> PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
>> From: NUM-SOURCE
>> <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
>> To: <sip:NUM-DESTINATION at VENDOR-IP>
>> Call-ID:
>> 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
>> CSeq: 102 INVITE
>> Server: kamailio
>> Content-Length: 0
>>
>>
>>
>>
>> And finally a BYE
>>
>> 2016/01/13 20:10:28.545526 VENDOR-IP:5060 ->
>> PRIVATE-IP-KAMAILIO:5060
>> BYE
>> sip:34982298000 at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1
>> SIP/2.0
>> Via: SIP/2.0/UDP
>> VENDOR-IP;branch=z9hG4bK26d8.847e6e14eef37e2cfc8b5e81d33de73d.0
>> From: <sip:675896262 at PRIVATE-IP-KAMAILIO>;tag=gK0293ed93
>> To: "NUM-SOURCE" <sip:NUM-SOURCE@
>> <mailto:sip%3ANUM-SOURCE at norvoz.es>VENDOR-IP>;tag=as3b72a453
>> Call-ID:
>> 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
>> CSeq: 28731 BYE
>> Max-Forwards: 69
>> Route:
>> <sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tBMzA-;na
>> yes>
>> Reason: Q.850;cause=16
>> Content-Length: 0
>>
>>
>>
>> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>> Finally, It is finally working because I hardcoded
>> NAT´d port.
>> I would like to find a way to avoid setting the port
>> in "hard".
>>
>> Thank you
>>
>>
>>
>>
>
> --
> Daniel-Constantin Mierla
> http://twitter.com/#!/miconda
> <http://twitter.com/#%21/miconda> - http://www.linkedin.com/in/miconda
> Book: SIP Routing With Kamailio - http://www.asipto.com
> http://miconda.eu
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) -
> sr-users mailing list
> sr-users at lists.sip-router.org
> <mailto:sr-users at lists.sip-router.org>
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) -
> sr-users mailing list
> sr-users at lists.sip-router.org
> <mailto:sr-users at lists.sip-router.org>
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
>
> --
> Daniel-Constantin Mierla - http://www.asipto.com
> http://twitter.com/#!/miconda
> <http://twitter.com/#%21/miconda> -
> http://www.linkedin.com/in/micond
> <http://www.linkedin.com/in/miconda>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users
> mailing list
> sr-users at lists.sip-router.org
> <mailto:sr-users at lists.sip-router.org>
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users
> mailing list
> sr-users at lists.sip-router.org
> <mailto:sr-users at lists.sip-router.org>
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
>
> --
> Daniel-Constantin Mierla - http://www.asipto.com
> http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> -
> http://www.linkedin.com/in/micond <http://www.linkedin.com/in/miconda>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
> list
> sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org>
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
http://miconda.eu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160114/e4214a1d/attachment.html>
More information about the sr-users
mailing list