[SR-Users] Determine correct port in record-route if kamailio is behind NAT

Michal Popovic michal.popovic at cloudtalk.io
Tue May 12 11:39:05 CEST 2020 

Hi Daniel,

thank you for your help.

I have found out that reason for this behaviour was that kamailio relay UDP connection to TCP connection and tm module adds two record-routes.
This is correct behaviour, but I am not sure if it is correct that first record-route advertised port 5060 if kamailio opens random port for the connection.
Shouldn't there be a port that was used for outgoing connection?

Record-Route: <sip:xx.xx.xx.xx:5060;transport=tcp;r2=on;lr=on;ftag=as1f9ba470>
Record-Route: <sipxx.xx.xx.xx;r2=on;lr=on;ftag=as1f9ba470>

Bye,
Michal


> On 11 May 2020, at 13:39, Daniel-Constantin Mierla <miconda at gmail.com> wrote:
> 
> Hello,
> 
> the nature of tcp protocol makes local ports on connect (as well
> accepted connection ports) ephemeral. Kamailio has for that reason
> "connection aliases", so the matching is also done based on advertised
> attributes, not only on connection source ip/port. The interconnect
> provider should do it also for tcp/tls. I am not sure now, but I think
> there is also in the RFC specs something about.
> 
> Then, the alternative, with the latest kernels and kamailio, you can try
> to reuse the tcp port:
> 
>   * https://www.kamailio.org/wiki/cookbooks/5.3.x/core#tcp_reuse_port
> 
> On the other hand, the firewall may associate a different extern port
> for connections originated from the same source ip/port, you will have
> to test and see what happens.
> 
> Cheers,
> Daniel
> 
> On 11.05.20 12:23, Michal Popovic wrote:
>> Hello,
>> 
>> so it looks like kamailio used random port for opening connections to our partners but did not updates record-route port properly. AWS has symmetric NAT and that works fine.
>> 
>> Is there any way how to identify port and rewrite record-route?
>> 
>> Thanks.
>> 
>> Bye,
>> Michal
>> 
>>> On 7 May 2020, at 17:25, Michal Popovic <michal.popovic at cloudtalk.io> wrote:
>>> 
>>> Hello,
>>> 
>>> our kamailio used for sip trunk interconnections is behind NAT and our cloud provider opens random outgoing ports for outbound connections.
>>> Our record-route is set to our external address and port 5060, that is probably incorrect, but we did not had any issues.
>>> One of our partners suddenly begin sending BYEs to the port advertised in record-route instead of port from where he received call.
>>> 
>>> What is a correct approach here if we are not able to determine open port behind NAT?
>>> 
>>> Bye,
>>> Michal
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users at lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>> 
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> 
> -- 
> Daniel-Constantin Mierla -- www.asipto.com
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Funding: https://www.paypal.me/dcmierla
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200512/8eb1f773/attachment.html>

More information about the sr-users mailing list