[Spce-user] NAT problems

Wed Apr 1 10:55:49 EDT 2015

Hi,
They are discarding Record-Route headers information on purpose so they
are not compliant to rfc3261 on purpose because of security reasons ? no
comment.

They are not compliant because probably cirpack is not or they don't
know how to configure.

-- 
Meet us @ ANGACOM: Hall 10.1/booth N10
Exhibition and Congress for Broadband, Cable & Satellite: 9-11 June
2015, Cologne
--

Daniel Grotti
VoIP Engineer

Phone: +43(0)1 301 2032
Email: dgrotti at sipwise.com
Website: www.sipwise.com

Particulars according Austrian Companies Code paragraph 14
"Sipwise GmbH“ - Europaring F15 – 2345 Brunn am Gebirge
FN:305595f, Commercial Court Vienna, ATU64002206

On 04/01/2015 04:24 PM, stefanormc wrote:
> this the official reply from digitel after some testing on their end
> 
> basically they are not compliant on purpose… Is there a workaround to
> the problem?
> 
> thanks
> 
> ciao
> 
> 
> stefano
> 
> 
> 
> 
> 
>> On 07 Mar 2015, at 14:25, stefanormc <stefanormc at gmail.com
>> <mailto:stefanormc at gmail.com>> wrote:
>>
>> hi
>>
>> I tried the audiocode workaround but got the same result
>>
>> audio in and out working ok for 30 sec while getting
>>
>> Mar  7 14:19:46 centrale proxy[30917]: NOTICE: <script>: Dropping
>> mis-routed request - R=sip:192.168.2.2:5080;prxroute=1
>> ID=03852-RX-012acaf4-213165de5 at voip.digitelitalia.it
>> <mailto:ID=03852-RX-012acaf4-213165de5 at voip.digitelitalia.it>
>>
>>
>> Disappointingly I still haven’t got a reply from cirpak/digitel
>>
>> thanks
>>
>> stefano
>>
>>
>>
>>
>>> On 24 Feb 2015, at 17:25, Daniel Grotti <dgrotti at sipwise.com
>>> <mailto:dgrotti at sipwise.com>> wrote:
>>>
>>> Well,
>>> I would ask for, I mean that's a Cirpack issue, which are not following
>>> RFC here.
>>>
>>> Daniel
>>>
>>>
>>> On 02/24/2015 05:07 PM, Daniel Grotti wrote:
>>>> This is out of SIP RFC, but I saw this problem before.
>>>> You can ask them why they are not setting, probably they can reply that
>>>> they do not like the 127.0.0.1 in the Via/Record-route headers.
>>>>
>>>> If this is the issue, please follow this:
>>>> https://www.sipwise.com/doc/mr3.7.1/spce/ar01s05.html#_audiocodes_devices_workaround
>>>>
>>>>
>>>> some softswitches, like Audiocodes have issue with that.
>>>> Don't know if Circpack has the same, probably. But please ask them
>>>> first.
>>>>
>>>>
>>>> Daniel
>>>>
>>>>
>>>> On 02/24/2015 04:42 PM, Daniel Grotti wrote:
>>>>> Hi Stefano,
>>>>> The problem here is that the ACK from Cirpack is not setting the Route
>>>>> headers:
>>>>>
>>>>> ACK
>>>>> sip:ngcp-lb at 192.168.252.155:5060;ngcpct=7369703a3132372e302e302e313a353038303b707278726f7574653d31
>>>>> SIP/2.0
>>>>> Call-ID: 18288-RU-00221b20-0aba21985 at voip.digitelitalia.it
>>>>> Contact: <sip:109.238.17.166:5060>
>>>>> CSeq: 2057622 ACK
>>>>> From: "3355416588"
>>>>> <sip:3355416588 at voip.digitelitalia.it;user=phone>;tag=18288-ZM-00221b21-2ac08e736
>>>>> Max-Forwards: 28
>>>>> To:
>>>>> <sip:011013338 at 127.0.0.1;user=phone>;tag=5A56F94D-54EB3F51000A5A27-16A20700
>>>>> Via: SIP/2.0/UDP
>>>>> 109.238.17.166:5060;branch=z9hG4bK-RNFE-66710c29-4050198a
>>>>> User-Agent: Cirpack/v4.58 (gw_sip)
>>>>> Content-Length: 0
>>>>>
>>>>>
>>>>>
>>>>> They must take from the 200 OK the Record-Route headers and set Route
>>>>> headers in the ACK/BYE in the reverse order.
>>>>>
>>>>> This is an issue of your provider.
>>>>>
>>>>> Daniel
>>>>>
>>>>>
>>>>>
>>>>> On 02/24/2015 04:28 PM, stefanormc wrote:
>>>>>> Please find attached the pcap file. I can’t seem to find a solution.
>>>>>>
>>>>>> thanks
>>>>>>
>>>>>> ciao
>>>>>>
>>>>>> stefano
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On 24 Feb 2015, at 11:04, stefanormc <stefanormc at gmail.com
>>>>>>> <mailto:stefanormc at gmail.com>> wrote:
>>>>>>>
>>>>>>>
>>>>>>>> On 15 Feb 2015, at 23:57, stefano Rogna Manassero di Costigliole
>>>>>>>> <stefanormc at gmail.com <mailto:stefanormc at gmail.com>> wrote:
>>>>>>>>
>>>>>>>> It's  a  wholesale service provided on a per line account base,
>>>>>>>>  it's
>>>>>>>> not a trunk. I just configured the peer server and put auth details
>>>>>>>> on each subscriber details.
>>>>>>>>
>>>>>>>> ------------------------------------------------------------------------
>>>>>>>> Da: Jeremy Ward
>>>>>>>> Inviato: 15/02/2015 22:43
>>>>>>>> A: stefanormc
>>>>>>>> Cc: Daniel Grotti; Spce-user
>>>>>>>> Oggetto: Re: [Spce-user] NAT problems
>>>>>>>>
>>>>>>>> Just out of curiosity, are you subscribed to this provider's SIP
>>>>>>>> trunking services, or are you subscribed to their retail SIP
>>>>>>>> services, as in the type intended for an individual end-user device?
>>>>>>>>
>>>>>>>> Jeremy D. Ward, CWNE
>>>>>>>> (954) 661-4965
>>>>>>>>
>>>>>>>> On Feb 15, 2015 12:04 PM, "stefanormc" <stefanormc at gmail.com
>>>>>>>> <mailto:stefanormc at gmail.com>> wrote:
>>>>>>>>
>>>>>>>>    could it be overrun in any other way (the missing route header)?
>>>>>>>>
>>>>>>>>    because I’m beginning to think I will never get a reply from the
>>>>>>>>    provider…
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On 15 Feb 2015, at 11:53, Daniel Grotti <dgrotti at sipwise.com
>>>>>>>>    <mailto:dgrotti at sipwise.com>> wrote:
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>> Nat traversal is done out of the box on ngcp.
>>>>>>>>> You need to disable other nat traversal features on client
>>>>>>>>    side, like stun for example.
>>>>>>>>>
>>>>>>>>> What I noticed though was a missing route headers in the ACK.
>>>>>>>>    This doesn't look have relationship with nat.
>>>>>>>>>
>>>>>>>>> DanielOn 15 Feb 2015 11:38, stefanormc <stefanormc at gmail.com
>>>>>>>>    <mailto:stefanormc at gmail.com>> wrote:
>>>>>>>>>>
>>>>>>>>>> changes in the nat section of the server?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> On 15 Feb 2015, at 10:56, stefanormc <stefanormc at gmail.com
>>>>>>>>    <mailto:stefanormc at gmail.com>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> hello again
>>>>>>>>>>>
>>>>>>>>>>> still no reply from the provider; any other possible solutions?
>>>>>>>>>>>
>>>>>>>>>>> thanks
>>>>>>>>>>>
>>>>>>>>>>> ciao
>>>>>>>>>>>
>>>>>>>>>>> setfano
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> On 07 Feb 2015, at 16:50, stefanormc <stefanormc at gmail.com
>>>>>>>>    <mailto:stefanormc at gmail.com>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> enabling ICE on the client side seems to solve the problem
>>>>>>>>    on X-Lite and on a Snom 190. No luck with a Gigaset 510IP
>>>>>>>>>>>>
>>>>>>>>>>>> I sent a request to the provider. I’ll post the reply
>>>>>>>>>>>>
>>>>>>>>>>>> thanks for now
>>>>>>>>>>>>
>>>>>>>>>>>> helpful as always
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> On 07 Feb 2015, at 13:42, Daniel Grotti
>>>>>>>>    <dgrotti at sipwise.com <mailto:dgrotti at sipwise.com>> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> The ACK from cirpack doesn't contain route headers. They
>>>>>>>>    must be there.
>>>>>>>>>>>>> Please check this with them.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Daniel
>>>>>>>>>>>>> On 7 Feb 2015 13:09, stefanormc <stefanormc at gmail.com
>>>>>>>>    <mailto:stefanormc at gmail.com>> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> hi
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> way too technical…
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> how do I do that? Or is it something the provider should do?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On 07 Feb 2015, at 11:39, Daniel Grotti
>>>>>>>>    <dgrotti at sipwise.com <mailto:dgrotti at sipwise.com>> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>> Looks like an ACK issue here.
>>>>>>>>>>>>>>> ACK seems is not containing Route headers.
>>>>>>>>>>>>>>> ACK must contains route headers taken from the
>>>>>>>>    record-route headers in the 200ok and put it in the reverse
>>>>>>>> order.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Daniel
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On 7 Feb 2015 10:42, stefanormc <stefanormc at gmail.com
>>>>>>>>    <mailto:stefanormc at gmail.com>> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> hello again,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> with help from the community I managed to get the phones
>>>>>>>>    ringing on incoming calls, but now I get a NAT problem of
>>>>>>>>    Dropping mi-routed request only on incoming calls, outbound calls
>>>>>>>>    work fine.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Any suggestion please?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Feb  7 10:30:08 centrale proxy[4109]: NOTICE: <script>:
>>>>>>>>    Forcing request via B2BUA 'sip:127.0.0.1:5080
>>>>>>>>    <http://127.0.0.1:5080/>' - R=sip:0110133249 at 87.253.112.141:5060
>>>>>>>>    <http://sip:0110133249@87.253.112.141:5060/>
>>>>>>>>    ID=19046-VT-0353f94d-23d801696 at voip.digitelitalia.it
>>>>>>>>    <mailto:19046-VT-0353f94d-23d801696 at voip.digitelitalia.it>
>>>>>>>>>>>>>>>> Feb  7 10:30:08 centrale proxy[4109]: NOTICE: <script>:
>>>>>>>>    Request leaving server, D-URI='sip:127.0.0.1:5080
>>>>>>>>    <http://127.0.0.1:5080/>' - R=sip:0110133249 at 87.253.112.141:5060
>>>>>>>>    <http://sip:0110133249@87.253.112.141:5060/>
>>>>>>>>    ID=19046-VT-0353f94d-23d801696 at voip.digitelitalia.it
>>>>>>>>    <mailto:19046-VT-0353f94d-23d801696 at voip.digitelitalia.it>
>>>>>>>>>>>>>>>> Feb  7 10:30:08 centrale proxy[4100]: NOTICE: <script>:
>>>>>>>>    NAT-Reply - S=100 - Connecting M=INVITE IP=109.238.17.166:5060
>>>>>>>>    <http://109.238.17.166:5060/> (127.0.0.1:5080
>>>>>>>>    <http://127.0.0.1:5080/>)
>>>>>>>>    ID=19046-VT-0353f94d-23d801696 at voip.digitelitalia.it
>>>>>>>>    <mailto:19046-VT-0353f94d-23d801696 at voip.digitelitalia.it>
>>>>>>>>>>>>>>>> Feb  7 10:30:09 centrale proxy[4091]: NOTICE: <script>:
>>>>>>>>    NAT-Reply - S=180 - Ringing M=INVITE IP=109.238.17.166:5060
>>>>>>>>    <http://109.238.17.166:5060/> (127.0.0.1:5080
>>>>>>>>    <http://127.0.0.1:5080/>)
>>>>>>>>    ID=19046-VT-0353f94d-23d801696 at voip.digitelitalia.it
>>>>>>>>    <mailto:19046-VT-0353f94d-23d801696 at voip.digitelitalia.it>
>>>>>>>>>>>>>>>> Feb  7 10:30:11 centrale proxy[4104]: NOTICE: <script>:
>>>>>>>>    NAT-Reply - S=200 - OK M=INVITE IP=109.238.17.166:5060
>>>>>>>>    <http://109.238.17.166:5060/> (127.0.0.1:5080
>>>>>>>>    <http://127.0.0.1:5080/>)
>>>>>>>>    ID=19046-VT-0353f94d-23d801696 at voip.digitelitalia.it
>>>>>>>>    <mailto:19046-VT-0353f94d-23d801696 at voip.digitelitalia.it>
>>>>>>>>>>>>>>>> Feb  7 10:30:11 centrale proxy[4097]: NOTICE: <script>:
>>>>>>>>    New request on proxy - M=ACK R=sip:127.0.0.1:5080;prxroute=1
>>>>>>>>    F=sip:3355416588 at voip.digitelitalia.it
>>>>>>>>    <mailto:sip%3A3355416588 at voip.digitelitalia.it>;user=phone
>>>>>>>>    T=sip:0110133249 at 127.0.0.1
>>>>>>>>    <mailto:sip%3A0110133249 at 127.0.0.1>;user=phone
>>>>>>>>    IP=109.238.17.166:5060 <http://109.238.17.166:5060/>
>>>>>>>>    (127.0.0.1:5060 <http://127.0.0.1:5060/>)
>>>>>>>>    ID=19046-VT-0353f94d-23d801696 at voip.digitelitalia.it
>>>>>>>>    <mailto:19046-VT-0353f94d-23d801696 at voip.digitelitalia.it>
>>>>>>>>>>>>>>>> Feb  7 10:30:11 centrale proxy[4097]: NOTICE: <script>:
>>>>>>>>    Dropping mis-routed request - R=sip:127.0.0.1:5080;prxroute=1
>>>>>>>>    ID=19046-VT-0353f94d-23d801696 at voip.digitelitalia.it
>>>>>>>>    <mailto:19046-VT-0353f94d-23d801696 at voip.digitelitalia.it>
>>>>>>>>>>>>>>>> Feb  7 10:30:11 centrale proxy[4114]: NOTICE: <script>:
>>>>>>>>    NAT-Reply - S=200 - OK M=INVITE IP=109.238.17.166:5060
>>>>>>>>    <http://109.238.17.166:5060/> (127.0.0.1:5080
>>>>>>>>    <http://127.0.0.1:5080/>)
>>>>>>>>    ID=19046-VT-0353f94d-23d801696 at voip.digitelitalia.it
>>>>>>>>    <mailto:19046-VT-0353f94d-23d801696 at voip.digitelitalia.it>
>>>>>>>>>>>>>>>> Feb  7 10:30:11 centrale proxy[4094]: NOTICE: <script>:
>>>>>>>>    New request on proxy - M=ACK R=sip:127.0.0.1:5080;prxroute=1
>>>>>>>>    F=sip:3355416588 at voip.digitelitalia.it
>>>>>>>>    <mailto:sip%3A3355416588 at voip.digitelitalia.it>;user=phone
>>>>>>>>    T=sip:0110133249 at 127.0.0.1
>>>>>>>>    <mailto:sip%3A0110133249 at 127.0.0.1>;user=phone
>>>>>>>>    IP=109.238.17.166:5060 <http://109.238.17.166:5060/>
>>>>>>>>    (127.0.0.1:5060 <http://127.0.0.1:5060/>)
>>>>>>>>    ID=19046-VT-0353f94d-23d801696 at voip.digitelitalia.it
>>>>>>>>    <mailto:19046-VT-0353f94d-23d801696 at voip.digitelitalia.it>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>    _______________________________________________
>>>>>>>>    Spce-user mailing list
>>>>>>>>    Spce-user at lists.sipwise.com <mailto:Spce-user at lists.sipwise.com>
>>>>>>>>    https://lists.sipwise.com/listinfo/spce-user
>>>>>>>>
>>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> Spce-user mailing list
>>>>> Spce-user at lists.sipwise.com
>>>>> https://lists.sipwise.com/listinfo/spce-user
>>>>>
>>>> _______________________________________________
>>>> Spce-user mailing list
>>>> Spce-user at lists.sipwise.com
>>>> https://lists.sipwise.com/listinfo/spce-user
>>>>
>>> _______________________________________________
>>> Spce-user mailing list
>>> Spce-user at lists.sipwise.com <mailto:Spce-user at lists.sipwise.com>
>>> https://lists.sipwise.com/listinfo/spce-user
>>
> 