[Freeswitch-users] Help!!! -OPTIONS sent to the private IP for Natted registeration users

fieldpeak fieldpeak at gmail.com
Sun Nov 6 14:04:39 MSK 2011


i fixed it by disable below param, cheers!

"NDLB-received-in-nat-reg-contact"

2011/11/5 fieldpeak <fieldpeak at gmail.com>

> Hi friends,
>
> my FS implemnt has only a public IP not behind NAT, and there are some
> registed users behind NAT, below is configure for internal profile, to keep
> the NAT mapping in remote router device, i open the keep live from FS to
> remote users (<param name="all-reg-options-ping" value="true"/>), howerver,
> i found the OPTIONS (from FS) sent to the private IP address of the remote
> users, it should send to the public IP of users external IP (router public
> IP), can we modify the configure to fix it?
>
> additionaly, i make a test, change configuration to "<!-- <param
> name="all-reg-options-ping" value="true"/> -->   <param
> name="nat-options-ping" value="true"/>", that is enable OPTIONS only sent
> to the NATted device,
>     it did send the OPTIONS to the Natted device's public ip correctly
> that FS dectected, however, some device was not dected  as a Natted device
> while it is behind NAT like below status, both of them are behind NAT,
> below is two registeration messages, the first one was detect as NAtted
> device, but the second was not, what is the mechanism for FS detect if a
> remote user behind NAT or not? Could anybody help to address this problem,
> thanks a lot!
>
>     9065       Registered(UDP-NAT)(unknown) exp(2011-11-05 18:30:30)
> expsecs(3611)
>      1026       Registered(UDP)(unknown) exp(2011-11-05 17:33:33)
> expsecs(194)
>
>
>    ------------------------------------------------------------------------
> recv 823 bytes from udp/[183.37.75.168]:9066 at 09:09:32.335911:
>    ------------------------------------------------------------------------
>    REGISTER sip:124.193.106.104 SIP/2.0
>    Via: SIP/2.0/UDP 192.168.1.86:9066
> ;branch=z9hG4bK-d87543-ac6cfe2f736efb21-1--d87543-;rport
>    Max-Forwards: 70
>    Contact: <sip:13580358068 at 192.168.1.86:9066
> ;rinstance=730e3f0e44ed8142>;expires=0
>    To: "13580358068"<sip:13580358068 at 124.193.106.104>
>    From: "13580358068"<sip:13580358068 at 124.193.106.104>;tag=636eb146
>    Call-ID: 3c29a86eff650823 at bXlwYw..
>    CSeq: 4 REGISTER
>    Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
> SUBSCRIBE, INFO
>    Supported: eventlist
>    User-Agent: eyeBeam release 3015c stamp 27107
>    Authorization: Digest
> username="13580358068",realm="124.193.106.104",nonce="a6eb2963-21fa-4875-aa62-11e67d956f64",uri="sip:124.193.106.104",response="5083e7fe5eb078ca091279d7b1b9389f",cnonce="8b9c85686cc356e7",nc=00000001,qop=auth,algorithm=MD5
>    Content-Length: 0
>
>    **************
>    recv 638 bytes from udp/[124.193.106.98]:1026 at 09:12:43.891159:
>    ------------------------------------------------------------------------
>    REGISTER sip:124.193.106.104 SIP/2.0
>    Via: SIP/2.0/UDP 192.168.2.4:8060
> ;rport;branch=z9hG4bK3089092136;xxx-nat-type=prcone
>    Route: <sip:124.193.106.104:5060;lr>
>    From: <sip:15130351737 at 124.193.106.104>;tag=181867095
>    To: <sip:15130351737 at 124.193.106.104>
>    Call-ID: 1197657332 at 192.168.2.4
>    CSeq: 308 REGISTER
>    Contact: <sip:15130351737 at 192.168.2.4:8060>
>    Authorization: Digest username="15130351737", realm="124.193.106.104",
> nonce="03d8e8b2-19b5-4aa5-910f-196951870bc3", uri="sip:124.193.106.104",
> response="c30374736da747eb33dc719def41ed08", algorithm=MD5
>    Max-Forwards: 70
>    User-Agent: YT-2.11.926.8
>    Expires: 200
>    Content-Length: 0
>
>    *******************
>
>
> Profile internal content:
>
> <!-- this profile serves local user -->
>
> <profile name="internal">
>   <aliases>
>     <alias name="internal"/>
>   </aliases>
>
>   <gateways>
>     <X-PRE-PROCESS cmd="include" data="internal/*.xml"/>
>   </gateways>
>
>   <domains>
>     <domain name="all" alias="true" parse="false"/>
>   </domains>
>
>   <settings>
>
>     <param name="context" value="default"/>
>
>     <!-- SIP listen port for this profile -->
>     <param name="sip-port" value="5060"/>
>
>     <!-- local IP address for this profile -->
>     <param name="rtp-ip" value="$${local_ip_v4}"/>
>     <param name="sip-ip" value="$${local_ip_v4}"/>
>
>     <!-- external IP address serving remote NATted users, usually it is
> public IP adress for DMZ -->
>     <!--
>     <param name="ext-rtp-ip" value="auto-nat"/>
>     <param name="ext-sip-ip" value="auto-nat"/> -->
>
>     <param name="ext-rtp-ip" value="$${local_ip_v4}"/>
>     <param name="ext-sip-ip" value="$${local_ip_v4}"/>
>
>     <!-- the IP addresses or IP address segments of remote unauthorized
> SIP UA, e.g. MS Mediation Server -->
>     <param name="apply-inbound-acl" value="172.28.0.0/16"/>
>     <!-- <param name="apply-inbound-acl" value="172.28.0.0/16"/> -->
>     <!-- <param name="apply-inbound-acl" value="192.168.200.0/24"/> -->
>
>     <!-- if RTP bypass SIP Server -->
>     <!-- to use IP-PBX supplementary services, e.g. call pickup, transfer
> etc. must set this to false -->
>     <param name="inbound-bypass-media" value="false"/>
>
>     <!-- if act as RTP transparent proxy without transcoding which allows
> unknown VoIP coder -->
>     <!-- to use IP-PBX supplementary services, e.g. call pickup, transfer
> etc. must set this to false -->
>     <param name="inbound-proxy-media" value="true"/>
>
>     <!-- enable NAT traversal -->
>     <param name="NDLB-received-in-nat-reg-contact" value="true"/>
>     <param name="NDLB-force-rport" value="true"/>
>     <!-- <param name="NDLB-connectile-dysfunction" value="true"/> -->
>
>
>     <!-- in case VSwitch using pure public IP address(not DMZ), uncomment
> this to resolve no voice for inter-extenions call  -->
>     <!-- <param name="NDLB-sendrecv-in-session" value="true"/> -->
>
>     <!-- no need set this for common case -->
>     <!-- <param name="disable-rtp-auto-adjust" value="false"/> -->
>
>     <!--
> ***************************************************************         -->
>     <!-- do not change below parameters if not necessary -->
>     <param name="user-agent-string" value="FreeSWITCH"/>
>     <param name="debug" value="0"/>
>     <param name="sip-trace" value="no"/>
>     <param name="watchdog-enabled" value="no"/>
>     <param name="watchdog-step-timeout" value="30000"/>
>     <param name="watchdog-event-timeout" value="30000"/>
>
>     <param name="log-auth-failures" value="true"/>
>     <param name="forward-unsolicited-mwi-notify" value="false"/>
>
>     <!-- DTMF type: info, rfc2833, none -->
>     <!-- <param name="dtmf-type" value="rfc2833"/> -->
>     <param name="rfc2833-pt" value="101"/>
>     <param name="dtmf-duration" value="2000"/>
>
>     <param name="dialplan" value="XML"/>
>
>      <param name="inbound-codec-prefs" value="PCMA,PCMU,G722,GSM"/>
>     <param name="outbound-codec-prefs" value="PCMA,PCMU,G722,GSM"/>
>
>     <param name="rtp-timer-name" value="soft"/>
>
>     <param name="hold-music" value="$${hold_music}"/>
>     <param name="apply-nat-acl" value="nat.auto"/>
>
>     <!--
>     This defines your local network, by default we detect your local
> network
>     and create this localnet.auto ACL for this.
>     -->
>     <param name="local-network-acl" value="localnet.auto"/>
>     <!--<param name="apply-register-acl" value="domains"/>-->
>
>     <param name="record-path" value="$${recordings_dir}"/>
>     <param name="record-template"
> value="${caller_id_number}.${target_domain}.${strftime(%Y-%m-%d-%H-%M-%S)}.wav"/>
>
>     <!--enable to use presence -->
>     <param name="manage-presence" value="false"/>
>
>     <param name="inbound-codec-negotiation" value="generous"/>
>
>     <!-- TLS: disabled by default, set to "true" to enable -->
>     <param name="tls" value="$${internal_ssl_enable}"/>
>     <!-- additional bind parameters for TLS -->
>     <param name="tls-bind-params" value="transport=tls"/>
>     <!-- Port to listen on for TLS requests. (5061 will be used if
> unspecified) -->
>     <param name="tls-sip-port" value="$${internal_tls_port}"/>
>     <!-- Location of the agent.pem and cafile.pem ssl certificates (needed
> for TLS server) -->
>     <param name="tls-cert-dir" value="$${internal_ssl_dir}"/>
>     <!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not
> work with TLSv1 -->
>     <param name="tls-version" value="$${sip_tls_version}"/>
>
>     <!--TTL for nonce in sip auth-->
>     <param name="nonce-ttl" value="60"/>
>
>     <param name="auth-calls" value="$${internal_auth_calls}"/>
>     <!-- Force the user and auth-user to match. -->
>     <param name="inbound-reg-force-matching-username" value="true"/>
>     <!-- on authed calls, authenticate *all* the packets not just invite
> -->
>     <param name="auth-all-packets" value="false"/>
>
>     <!-- rtp inactivity timeout -->
>     <param name="rtp-timeout-sec" value="300"/>
>     <param name="rtp-hold-timeout-sec" value="1800"/>
>
>     <!--all inbound reg will look in this domain for the users -->
>     <param name="force-register-domain" value="$${domain}"/>
>     <!--force the domain in subscriptions to this value -->
>     <param name="force-subscription-domain" value="$${domain}"/>
>     <!--all inbound reg will stored in the db using this domain -->
>     <param name="force-register-db-domain" value="$${domain}"/>
>
>     <param name="challenge-realm" value="auto_from"/>
>
>     <param name="send-message-query-on-register" value="false"/>
>
>     <param name="all-reg-options-ping" value="true"/>
>     <!-- <param name="nat-options-ping" value="true"/> -->
>
>   </settings>
> </profile>
>
>
>
> --
> Regards,
> Charles
>
>


-- 
Regards,
Charles
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20111106/7161f985/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list