<div dir="ltr">Do you control the Asterisk? If yes, depending on Asterisk capabilities of building replies, you may be able to do some automation to detect the external port.<div><br></div><div>Cheers,</div><div>Daniel</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 14, 2016 at 3:47 PM, Nelson Migliaro <span dir="ltr"><<a href="mailto:eng.migliaro@gmail.com" target="_blank">eng.migliaro@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>There is not a public Kamailio, only one Kamailio behind NAT,<br></div><div><br>Right now the configuration is:<br><br></div>Asterisk <-> Kamailio (Private IP + advertise public IP + RTP Proxy ) <-> Internet router (public IP + symmetric na) <-> Internet<br><br></div>Regards,<br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">2016-01-14 15:43 GMT+01:00 Daniel-Constantin Mierla <span dir="ltr"><<a href="mailto:miconda@gmail.com" target="_blank">miconda@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Is the kamailio behind nat communicating with another kamailio on a public IP?<div><br></div><div>Cheers,</div><div>DAniel</div></div><div class="gmail_extra"><div><div><br><div class="gmail_quote">On Thu, Jan 14, 2016 at 1:33 PM, Nelson Migliaro <span dir="ltr"><<a href="mailto:eng.migliaro@gmail.com" target="_blank">eng.migliaro@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Thank you Daniel for your answer,<br><br></div>As you mention, there is a symmetric nat and router does not allow a static NAT.<br><br></div>By sniffing traffic I can see the port is using new but in case it change, how can automate the process of advertising the correct port?<br><br></div>Cheers!<br><div><div><div><div><div><br><br><div class="gmail_quote"><div><div>---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Daniel-Constantin Mierla</b> <span dir="ltr"><<a href="mailto:miconda@gmail.com" target="_blank">miconda@gmail.com</a>></span><br>Date: 2016-01-13 23:28 GMT+01:00<br>Subject: Re: [SR-Users] Kamailio and NAT<br>To: "Kamailio (SER) - Users Mailing List" <<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a>><br><br><br>
</div></div><div bgcolor="#FFFFFF" text="#000000"><div><div>
Hello,<br>
<br>
it looks like you have a symmetric nat router, so the allocated port
is randomly selected.<br>
<br>
If you don't control the nat router to set a static forwarding rule
or it doesn't provide the option to set static forwarding, then you
are pretty much left with sniffing the traffic to discover the
external port and advertise it.<br>
<br>
Cheers,<br>
Daniel</div></div><div><div><div><div><br>
<br>
<br>
<br>
<div>On 13/01/16 20:31, Nelson Migliaro
wrote:<br>
</div>
</div></div><blockquote type="cite">
<div dir="ltr"><div><div>
<div>
<div>
<div>
<div>
<div>Hello,<br>
<br>
</div>
I finally were able to run my Kamailio behind NAT but in
order to accomplish that I included:<br>
<br>
listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548<br>
<br>
</div>
52548 is the port my internet router change when doing NAT
(5060->52548). I found this port sniffing traffic<br>
</div>
<br>
</div>
Conclusions at this point are:<br>
<br>
---------------------------------------------1--------------------------------------------------------------------------------------------------<br>
</div>
<div>If I use this line:<br>
<br>
listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:5060 it does not
work :(<br>
</div>
<br>
When I dial a call, INVITE / ACK / Trying / OK goes fine because
they are part of the same transaction<br>
</div></div><div>
<div><div><div>
<div>When remote party disconnects the call, BYE goes to
PUBLIC-IP port 5060 and router blocks de request. I assume
vendor sends BYE to 5060 because it is a new transaction<br>
<br>
-----------------------------------------------2--------------------------------------------------------------------------------------------------
<div>If I use this line:<br>
<br>
listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548 it
work !!!!!!<br>
</div>
<br>
When I dial a call, INVITE / ACK / Trying / OK goes fine
because they are part of the same transaction<br>
When remote party disconnects the call, BYE goes to
PUBLIC-IP port 52548 and router forward the request to
Kamailio. Since there is an open connection.<br>
<br>
</div>
<div>I need to find the way to find the way to advertise the
public port internet router is doing NAT (PAT).<br>
<br>
---------------------------------------------------------------------------------------------------------------------------------------------------<br>
</div>
<div>This trace is a call that worked fine because I
included line: <br>
<br>
</div>
<div>listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548<br>
<br>
<br>
</div>
This trace is an INVITE with this line:
listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548<br>
2016/01/13 20:10:15.793568 PRIVATE-IP-KAMAILIO:5060 ->
VENDOR-IP:5060<br>
INVITE <a>sip:NUM-DESTINATION@VENDOR-IP</a> SIP/2.0<br>
Record-Route:
<<a>sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tB</a><br>
A-;nat=yes><br>
Via: SIP/2.0/UDP
PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.0<br>
Via: SIP/2.0/UDP
PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060<br>
Max-Forwards: 69<br>
From: NUM-SOURCE
<a><sip:NUM-SOURCE@PRIVATE-IP-KAMAILIO></a>;tag=as3b72a453<br>
To: <a><sip:NUM-DESTINATION@sip.VENDOR-IP></a><br>
Contact:
<a><sip:NUM-SOURCE@PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1></a><br>
Call-ID:
329950447629810f7bdeaeed0cc034e1@PRIVATE-IP-SOFTPHONE:5060<br>
CSeq: 102 INVITE<br>
User-Agent: Kamailio<br>
Date: Wed, 13 Jan 2016 19:10:15 GMT<br>
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE,
NOTIFY, INFO, PUBLISH, MESSAGE<br>
Supported: replaces, timer<br>
Content-Type: application/sdp<br>
Content-Length: 255<br>
<br>
<br>
Trying.....<br>
<br>
2016/01/13 20:10:15.842055 VENDOR-IP:5060 ->
PRIVATE-IP-KAMAILIO:5060<br>
SIP/2.0 100 trying -- your call is important to us<br>
Via: SIP/2.0/UDP
PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.1;rport=52548<br>
Via: SIP/2.0/UDP
PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060<br>
From: NUM-SOURCE
<a><sip:NUM-SOURCE@PRIVATE-IP-KAMAILIO></a>;tag=as3b72a453<br>
To: <a><sip:NUM-DESTINATION@VENDOR-IP></a><br>
Call-ID:
329950447629810f7bdeaeed0cc034e1@PRIVATE-IP-SOFTPHONE:5060<br>
CSeq: 102 INVITE<br>
Server: kamailio<br>
Content-Length: 0<br>
<br>
<br>
<br>
<br>
And finally a BYE<br>
<br>
2016/01/13 20:10:28.545526 VENDOR-IP:5060 ->
PRIVATE-IP-KAMAILIO:5060<br>
BYE
<a>sip:34982298000@PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1</a>
SIP/2.0<br>
Via: SIP/2.0/UDP
VENDOR-IP;branch=z9hG4bK26d8.847e6e14eef37e2cfc8b5e81d33de73d.0<br>
From:
<a><sip:675896262@PRIVATE-IP-KAMAILIO></a>;tag=gK0293ed93<br></div></div>
To: "NUM-SOURCE" <<a href="mailto:sip%3ANUM-SOURCE@norvoz.es" target="_blank">sip:NUM-SOURCE@</a><a>VENDOR-IP</a>>;tag=as3b72a453<span><br>
Call-ID:
329950447629810f7bdeaeed0cc034e1@PRIVATE-IP-SOFTPHONE:5060<br>
CSeq: 28731 BYE<br>
Max-Forwards: 69<br>
Route:
<<a>sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tBMzA-;na</a><br>
yes><br>
Reason: Q.850;cause=16<br>
Content-Length: 0<br>
<br>
<br>
<br>
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
<div>-----------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
<br>
</div>
<div>Finally, It is finally working because I hardcoded
NAT´d port.<br>
</div>
<div>I would like to find a way to avoid setting the port in
"hard".<br>
<br>
</div>
<div>Thank you<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</span></div>
</div>
</div>
</blockquote>
<br>
</div></div><span><span><pre cols="72">--
Daniel-Constantin Mierla
<a href="http://twitter.com/#!/miconda" target="_blank">http://twitter.com/#!/miconda</a> - <a href="http://www.linkedin.com/in/miconda" target="_blank">http://www.linkedin.com/in/miconda</a>
Book: SIP Routing With Kamailio - <a href="http://www.asipto.com" target="_blank">http://www.asipto.com</a>
<a href="http://miconda.eu" target="_blank">http://miconda.eu</a></pre>
</span></span></div>
<br><span>_______________________________________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br></span></div><br></div></div></div></div></div></div>
<br>_______________________________________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div></div></div><span><font color="#888888">-- <br><div><div dir="ltr"><div>Daniel-Constantin Mierla - <a href="http://www.asipto.com" target="_blank">http://www.asipto.com</a></div><div><a href="http://twitter.com/#!/miconda" target="_blank">http://twitter.com/#!/miconda</a> - <a href="http://www.linkedin.com/in/miconda" target="_blank">http://www.linkedin.com/in/micond</a></div></div></div>
</font></span></div>
<br>_______________________________________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div>Daniel-Constantin Mierla - <a href="http://www.asipto.com" target="_blank">http://www.asipto.com</a></div><div><a href="http://twitter.com/#!/miconda" target="_blank">http://twitter.com/#!/miconda</a> - <a href="http://www.linkedin.com/in/miconda" target="_blank">http://www.linkedin.com/in/micond</a></div></div></div>
</div>