Hi friends,<br><br>my FS implemnt has only a public IP not behind NAT, and there are some registed users behind NAT, below is configure for internal profile, to keep the NAT mapping in remote router device, i open the keep live from FS to remote users (<param name="all-reg-options-ping" value="true"/>), howerver, i found the OPTIONS (from FS) sent to the private IP address of the remote users, it should send to the public IP of users external IP (router public IP), can we modify the configure to fix it?<br>
<br>additionaly, i make a test, change configuration to "<!-- <param name="all-reg-options-ping" value="true"/> --> <param name="nat-options-ping" value="true"/>", that is enable OPTIONS only sent to the NATted device, <br>
it did send the OPTIONS to the Natted device's public ip correctly that FS dectected, however, some device was not dected as a Natted device while it is behind NAT like below status, both of them are behind NAT, below is two registeration messages, the first one was detect as NAtted device, but the second was not, what is the mechanism for FS detect if a remote user behind NAT or not? Could anybody help to address this problem, thanks a lot!<br>
<br> 9065 Registered(<span style="background-color: rgb(51, 255, 51);">UDP-NAT</span>)(unknown) exp(2011-11-05 18:30:30) expsecs(3611) <br> 1026 Registered<span style="background-color: rgb(255, 102, 102);">(UDP</span>)(unknown) exp(2011-11-05 17:33:33) expsecs(194) <br>
<br> <br> ------------------------------------------------------------------------<br>recv 823 bytes from udp/[183.37.75.168]:9066 at 09:09:32.335911:<br> ------------------------------------------------------------------------<br>
REGISTER sip:124.193.106.104 SIP/2.0<br> Via: SIP/2.0/UDP 192.168.1.86:9066;branch=z9hG4bK-d87543-ac6cfe2f736efb21-1--d87543-;rport<br> Max-Forwards: 70<br> Contact: <sip:13580358068@192.168.1.86:9066;rinstance=730e3f0e44ed8142>;expires=0<br>
To: "13580358068"<<a href="mailto:sip%3A13580358068@124.193.106.104">sip:13580358068@124.193.106.104</a>><br> From: "13580358068"<<a href="mailto:sip%3A13580358068@124.193.106.104">sip:13580358068@124.193.106.104</a>>;tag=636eb146<br>
Call-ID: 3c29a86eff650823@bXlwYw..<br> CSeq: 4 REGISTER<br> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO<br> Supported: eventlist<br> User-Agent: eyeBeam release 3015c stamp 27107<br>
Authorization: Digest username="13580358068",realm="124.193.106.104",nonce="a6eb2963-21fa-4875-aa62-11e67d956f64",uri="sip:124.193.106.104",response="5083e7fe5eb078ca091279d7b1b9389f",cnonce="8b9c85686cc356e7",nc=00000001,qop=auth,algorithm=MD5<br>
Content-Length: 0<br> <br> **************<br> recv 638 bytes from udp/[124.193.106.98]:1026 at 09:12:43.891159:<br> ------------------------------------------------------------------------<br> REGISTER sip:124.193.106.104 SIP/2.0<br>
Via: SIP/2.0/UDP 192.168.2.4:8060;rport;branch=z9hG4bK3089092136;xxx-nat-type=prcone<br> Route: <sip:124.193.106.104:5060;lr><br> From: <<a href="mailto:sip%3A15130351737@124.193.106.104">sip:15130351737@124.193.106.104</a>>;tag=181867095<br>
To: <<a href="mailto:sip%3A15130351737@124.193.106.104">sip:15130351737@124.193.106.104</a>><br> Call-ID: <a href="mailto:1197657332@192.168.2.4">1197657332@192.168.2.4</a><br> CSeq: 308 REGISTER<br> Contact: <<a href="http://sip:15130351737@192.168.2.4:8060">sip:15130351737@192.168.2.4:8060</a>><br>
Authorization: Digest username="15130351737", realm="124.193.106.104", nonce="03d8e8b2-19b5-4aa5-910f-196951870bc3", uri="sip:124.193.106.104", response="c30374736da747eb33dc719def41ed08", algorithm=MD5<br>
Max-Forwards: 70<br> User-Agent: YT-2.11.926.8<br> Expires: 200<br> Content-Length: 0<br> <br> *******************<br><br><br>Profile internal content:<br><br><!-- this profile serves local user --><br>
<br><profile name="internal"><br> <aliases><br> <alias name="internal"/><br> </aliases><br> <br> <gateways><br> <X-PRE-PROCESS cmd="include" data="internal/*.xml"/><br>
</gateways><br> <br> <domains><br> <domain name="all" alias="true" parse="false"/> <br> </domains><br> <br> <settings><br> <br> <param name="context" value="default"/><br>
<br> <!-- SIP listen port for this profile --><br> <param name="sip-port" value="5060"/><br> <br> <!-- local IP address for this profile --><br> <param name="rtp-ip" value="$${local_ip_v4}"/><br>
<param name="sip-ip" value="$${local_ip_v4}"/><br> <br> <!-- external IP address serving remote NATted users, usually it is public IP adress for DMZ --><br> <!-- <br> <param name="ext-rtp-ip" value="auto-nat"/><br>
<param name="ext-sip-ip" value="auto-nat"/> --><br> <br> <param name="ext-rtp-ip" value="$${local_ip_v4}"/><br> <param name="ext-sip-ip" value="$${local_ip_v4}"/><br>
<br> <!-- the IP addresses or IP address segments of remote unauthorized SIP UA, e.g. MS Mediation Server --><br> <param name="apply-inbound-acl" value="<a href="http://172.28.0.0/16">172.28.0.0/16</a>"/><br>
<!-- <param name="apply-inbound-acl" value="<a href="http://172.28.0.0/16">172.28.0.0/16</a>"/> --><br> <!-- <param name="apply-inbound-acl" value="<a href="http://192.168.200.0/24">192.168.200.0/24</a>"/> --><br>
<br> <!-- if RTP bypass SIP Server --><br> <!-- to use IP-PBX supplementary services, e.g. call pickup, transfer etc. must set this to false --><br> <param name="inbound-bypass-media" value="false"/><br>
<br> <!-- if act as RTP transparent proxy without transcoding which allows unknown VoIP coder --><br> <!-- to use IP-PBX supplementary services, e.g. call pickup, transfer etc. must set this to false --><br>
<param name="inbound-proxy-media" value="true"/><br> <br> <!-- enable NAT traversal --><br> <param name="NDLB-received-in-nat-reg-contact" value="true"/><br>
<param name="NDLB-force-rport" value="true"/><br> <!-- <param name="NDLB-connectile-dysfunction" value="true"/> --><br> <br> <br> <!-- in case VSwitch using pure public IP address(not DMZ), uncomment this to resolve no voice for inter-extenions call --><br>
<!-- <param name="NDLB-sendrecv-in-session" value="true"/> --><br> <br> <!-- no need set this for common case --><br> <!-- <param name="disable-rtp-auto-adjust" value="false"/> --><br>
<br> <!-- *************************************************************** --><br> <!-- do not change below parameters if not necessary --><br> <param name="user-agent-string" value="FreeSWITCH"/><br>
<param name="debug" value="0"/><br> <param name="sip-trace" value="no"/><br> <param name="watchdog-enabled" value="no"/><br> <param name="watchdog-step-timeout" value="30000"/><br>
<param name="watchdog-event-timeout" value="30000"/><br><br> <param name="log-auth-failures" value="true"/><br> <param name="forward-unsolicited-mwi-notify" value="false"/><br>
<br> <!-- DTMF type: info, rfc2833, none --><br> <!-- <param name="dtmf-type" value="rfc2833"/> --><br> <param name="rfc2833-pt" value="101"/><br>
<param name="dtmf-duration" value="2000"/><br> <br> <param name="dialplan" value="XML"/><br><br> <param name="inbound-codec-prefs" value="PCMA,PCMU,G722,GSM"/><br>
<param name="outbound-codec-prefs" value="PCMA,PCMU,G722,GSM"/><br> <br> <param name="rtp-timer-name" value="soft"/><br> <br> <param name="hold-music" value="$${hold_music}"/><br>
<param name="apply-nat-acl" value="nat.auto"/><br> <br> <!--<br> This defines your local network, by default we detect your local network<br> and create this localnet.auto ACL for this.<br>
--><br> <param name="local-network-acl" value="localnet.auto"/><br> <!--<param name="apply-register-acl" value="domains"/>--><br><br> <param name="record-path" value="$${recordings_dir}"/><br>
<param name="record-template" value="${caller_id_number}.${target_domain}.${strftime(%Y-%m-%d-%H-%M-%S)}.wav"/><br> <br> <!--enable to use presence --><br> <param name="manage-presence" value="false"/><br>
<br> <param name="inbound-codec-negotiation" value="generous"/><br><br> <!-- TLS: disabled by default, set to "true" to enable --><br> <param name="tls" value="$${internal_ssl_enable}"/><br>
<!-- additional bind parameters for TLS --><br> <param name="tls-bind-params" value="transport=tls"/><br> <!-- Port to listen on for TLS requests. (5061 will be used if unspecified) --><br>
<param name="tls-sip-port" value="$${internal_tls_port}"/><br> <!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) --><br> <param name="tls-cert-dir" value="$${internal_ssl_dir}"/><br>
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 --><br> <param name="tls-version" value="$${sip_tls_version}"/><br> <br> <!--TTL for nonce in sip auth--><br>
<param name="nonce-ttl" value="60"/><br> <br> <param name="auth-calls" value="$${internal_auth_calls}"/><br> <!-- Force the user and auth-user to match. --><br>
<param name="inbound-reg-force-matching-username" value="true"/><br> <!-- on authed calls, authenticate *all* the packets not just invite --><br> <param name="auth-all-packets" value="false"/><br>
<br> <!-- rtp inactivity timeout --><br> <param name="rtp-timeout-sec" value="300"/><br> <param name="rtp-hold-timeout-sec" value="1800"/><br><br> <!--all inbound reg will look in this domain for the users --><br>
<param name="force-register-domain" value="$${domain}"/><br> <!--force the domain in subscriptions to this value --><br> <param name="force-subscription-domain" value="$${domain}"/><br>
<!--all inbound reg will stored in the db using this domain --><br> <param name="force-register-db-domain" value="$${domain}"/><br><br> <param name="challenge-realm" value="auto_from"/><br>
<br> <param name="send-message-query-on-register" value="false"/><br> <br> <param name="all-reg-options-ping" value="true"/><br> <!-- <param name="nat-options-ping" value="true"/> --><br>
<br> </settings><br></profile><br><br><br clear="all"><br>-- <br>Regards,<br>Charles<br><br>