Hi Alain, The issue I face is registration could not be performed under NAT. The registration is OK if I use a connection without NAT. The registration request is sent many times without any response. I suspect this is because of the invalid mapping obtained by STUN. this is wired, if the test was performed on different machines and at the > *same* time. > The router lease time can be short therefor the keep-alive mechanism. > The two instances were run on the same time. Taking the STUN mapping alone into account, the mapped addresses are same. Don't get your question, why would the same router has more that one level > of NAT/NAPT? > I think i understood incorrectly from you, that the NAT is "full cone" as viewed by the STUN server/client and "port restricted" from the inside. I thought you meant there could be different levels of NAT within the same router ;) Can you please send the related PCAP/log_files to us, so that we can check > what is going on? > Please find attached the log captured from the console when running pjsua. I use pjsip version 1.10. BTW can you please try this, on both instances of PJSUA running on > different machines, register an account and check the addresses in the Via > Header and the one in the Contact header? > Sorry, I cannot try it as the registration is failing. Thanks, Sundar On Tue, Feb 7, 2012 at 1:17 PM, Alain Totouom <alain.totouom at gmx.de> wrote: > Hi Sundar, > > > On 07-Feb-12 06:16, Sundar Subramaniyan wrote: > >> Hi Alain, >> >> I tested the scenario with two machines under the router running pjsua >> with >> same configuration. >> The two instances declare the mapped ports to be same. RTP/RTCP ports from >> 4000 to 4007 and SIP UDP port to be 5060. >> >> > this is wired, if the test was performed on different machines and at the > *same* time. > The router lease time can be short therefor the keep-alive mechanism. > > Can you please send the related PCAP/log_files to us, so that we can check > what is going on? > > > Per RFC 3489, referring to section 5 (Types of NAT), I believe that the >> router does "port Restricted NAT" and this is what is discovered by pjnath >> STUN client. >> > > If PJNATH says, it's "Port Restricted NAT" you can take it to the bank ;o) > > > Per section 14 (limitations of STUN), there is no mention of port mapping >> issues when only one instance of STUN client runs behind NAT. >> >> So if there is more than one level of NAT/NAPT in the same router, will >> the >> mapping fail? >> >> > Don't get your question, why would the same router has more that one level > of NAT/NAPT? > > BTW can you please try this, on both instances of PJSUA running on > different machines, register an account and check the addresses in the Via > Header and the one in the Contact header? > Alternative call an account on the public internet and check the logs > (Address used). > > Cheers, > Alain > > > On Thu, Feb 2, 2012 at 4:31 PM, Alain Totouom<alain.totouom at gmx.de> >> wrote: >> >> Hi Sundar, >>> >>> >>> On 31-Jan-12 09:56, Sundar Subramaniyan wrote: >>> >>> Hi all, >>>> >>>> The question is about the pjsua application, used with STUN (using host >>>> stun.pjsip.org) >>>> >>>> The public IP address reported is correct, however the mapped ports look >>>> the same as their original source ports. i.e. 5060 (SIP UDP port), and >>>> 4000-4007 (RTP/RTCP ports) >>>> It seemed to be valid to me initially since some home routers may >>>> perform >>>> address translation alone. >>>> But I checked if these ports are open from online port scanners, and >>>> they >>>> seem to be closed from the outside. >>>> >>>> I've tried the application behind two different routers configured with >>>> NAT. The behavior seems to be same. I didn't get a different port mapped >>>> to >>>> the source ports. >>>> The NAT types detected were "port restricted" and "restricted" when >>>> using >>>> different routers. >>>> >>>> I've only used the --stun-srv option without TURN/ICE. >>>> >>>> Is there any configuration I need to do to get the mapped ports apart >>>> from >>>> specifying stun-srv? >>>> >>>> >>>> both routers do have *full cone NAT*, thus will try to map the same >>> internal ip:port to the same external ip:port. >>> >>> The online port scanner fails because of the underlying *restricted cone* >>> and *Port Restricted Cone* NAT. Both are full cone NAT with additional >>> restrictions. May be you wanna check RFC #3489. >>> >>> To get the mapped port apart, run two different instances of pjsua behind >>> the same router ;o) >>> >>> Cheers, >>> Alain >>> >>> >>> Thanks in advance, >>> >>>> Sundar >>>> >>>> >>> -- >>> "" >>> (o)(o) >>> _____o00o__(__)__o00o_____ >>> 3072D/146D10DE 2011-09-29 Alain Totouom<totouom at gmx.de> >>> PGP Fingerprint 39A4F092 FFA7C746 CC305CB0 69091911 146D10DE >>> >>> ______________________________****_________________ >>> >>> Visit our blog: http://blog.pjsip.org >>> >>> pjsip mailing list >>> pjsip at lists.pjsip.org >>> http://lists.pjsip.org/****mailman/listinfo/pjsip_lists.****pjsip.org<http://lists.pjsip.org/**mailman/listinfo/pjsip_lists.**pjsip.org> >>> <http://lists.pjsip.**org/mailman/listinfo/pjsip_**lists.pjsip.org<http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org> >>> > >>> >>> >> > -- > "" > (o)(o) > _____o00o__(__)__o00o_____ > 3072D/146D10DE 2011-09-29 Alain Totouom <totouom at gmx.de> > PGP Fingerprint 39A4F092 FFA7C746 CC305CB0 69091911 146D10DE > > ______________________________**_________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org > http://lists.pjsip.org/**mailman/listinfo/pjsip_lists.**pjsip.org<http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org> > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20120207/6b282d4a/attachment-0001.html> -------------- next part -------------- sundar at sundar-desktop:~/pjproject-1.10/pjsip-apps/bin$ ./pjsua-linux-gnu --config-file=acc_config 13:44:32.884 os_core_unix.c pjlib 1.10.0 for POSIX initialized 13:44:32.948 sip_endpoint.c Creating endpoint instance... 13:44:33.004 pjlib select() I/O Queue created (0x1425290) 13:44:33.004 sip_endpoint.c Module "mod-msg-print" registered 13:44:33.004 sip_transport. Transport manager created. 13:44:33.014 sip_endpoint.c Module "mod-pjsua-log" registered 13:44:33.014 sip_endpoint.c Module "mod-tsx-layer" registered 13:44:33.014 sip_endpoint.c Module "mod-stateful-util" registered 13:44:33.015 sip_endpoint.c Module "mod-ua" registered 13:44:33.015 sip_endpoint.c Module "mod-100rel" registered 13:44:33.015 sip_endpoint.c Module "mod-pjsua" registered 13:44:33.015 sip_endpoint.c Module "mod-invite" registered 13:44:33.015 pjsua_core.c Trying STUN server stun.pjsip.org (1 of 1).. 13:44:33.934 pa_dev.c PortAudio sound library initialized, status=0 13:44:33.934 pa_dev.c PortAudio host api count=0 13:44:33.934 pa_dev.c Sound device count=0 13:44:33.934 pjlib select() I/O Queue created (0x14361c8) 13:44:33.947 sip_endpoint.c Module "mod-evsub" registered 13:44:33.947 sip_endpoint.c Module "mod-presence" registered 13:44:33.947 sip_endpoint.c Module "mod-mwi" registered 13:44:33.947 sip_endpoint.c Module "mod-refer" registered 13:44:33.947 sip_endpoint.c Module "mod-pjsua-pres" registered 13:44:33.947 sip_endpoint.c Module "mod-pjsua-im" registered 13:44:33.947 sip_endpoint.c Module "mod-pjsua-options" registered 13:44:33.947 pjsua_core.c 1 SIP worker threads created 13:44:33.947 pjsua_core.c pjsua version 1.10.0 for Linux-2.6.38.8/x86_64/glibc-2.13 initialized 13:44:33.947 sip_endpoint.c Module "mod-default-handler" registered 13:44:34.236 stunresolve STUN mapped address found/changed: xxx.xxx.xxx.xxx:56361 13:44:34.236 pjsua_core.c STUN resolution success, using stun.pjsip.org, address is 208.109.222.137:3478 13:44:35.049 pjsua_core.c SIP UDP socket reachable at xxx.xxx.xxx.xxx:5060 13:44:35.049 udp0x1434630 SIP UDP transport started, published address is xxx.xxx.xxx.xxx:5060 13:44:35.049 pjsua_acc.c Account <sip:xxx.xxx.xxx.xxx:5060> added with id 0 13:44:35.050 tcplis:5060 SIP TCP listener ready for incoming connections at 192.168.0.23:5060 13:44:35.050 pjsua_acc.c Account <sip:192.168.0.23:5060;transport=TCP> added with id 1 13:44:35.050 pjsua_acc.c Account sip:sundar2 at iptel.org added with id 2 13:44:35.051 pjsua_core.c TX 540 bytes Request msg REGISTER/cseq=52414 (tdta0x144b800) to UDP 217.9.36.145:5060: REGISTER sip:iptel.org SIP/2.0 Via: SIP/2.0/UDP xxx.xxx.xxx.xxx:5060;rport;branch=z9hG4bKPj.vrgl9xQQ3Nl7-J5lIj6CHki7PJOlK0C Max-Forwards: 70 From: <sip:sundar2@xxxxxxxxx>;tag=YRs6FDBn38oY-TxAn7878cHUruuIOO8. To: <sip:sundar2 at iptel.org> Call-ID: P7cU5NKjECoAMpgoqxpd.TRviiGgTaG9 CSeq: 52414 REGISTER User-Agent: PJSUA v1.10.0 Linux-2.6.38.8/x86_64/glibc-2.13 Contact: <sip:sundar2 at xxx.xxx.xxx.xxx:5060;ob> Expires: 300 Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS Content-Length: 0 --end msg-- 13:44:35.051 pjsua_acc.c Registration sent 13:44:35.372 pjsua_media.c RTP socket reachable at xxx.xxx.xxx.xxx:4000 13:44:35.372 pjsua_media.c RTCP socket reachable at xxx.xxx.xxx.xxx:4001 13:44:35.551 pjsua_core.c TX 540 bytes Request msg REGISTER/cseq=52414 (tdta0x144b800) to UDP 217.9.36.145:5060: REGISTER sip:iptel.org SIP/2.0 Via: SIP/2.0/UDP xxx.xxx.xxx.xxx:5060;rport;branch=z9hG4bKPj.vrgl9xQQ3Nl7-J5lIj6CHki7PJOlK0C Max-Forwards: 70 From: <sip:sundar2@xxxxxxxxx>;tag=YRs6FDBn38oY-TxAn7878cHUruuIOO8. To: <sip:sundar2 at iptel.org> Call-ID: P7cU5NKjECoAMpgoqxpd.TRviiGgTaG9 CSeq: 52414 REGISTER User-Agent: PJSUA v1.10.0 Linux-2.6.38.8/x86_64/glibc-2.13 Contact: <sip:sundar2 at xxx.xxx.xxx.xxx:5060;ob> Expires: 300 Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS Content-Length: 0 --end msg-- 13:44:35.700 pjsua_media.c RTP socket reachable at xxx.xxx.xxx.xxx:4002 13:44:35.700 pjsua_media.c RTCP socket reachable at xxx.xxx.xxx.xxx:4003 13:44:36.018 pjsua_media.c RTP socket reachable at xxx.xxx.xxx.xxx:4004 13:44:36.018 pjsua_media.c RTCP socket reachable at xxx.xxx.xxx.xxx:4005 13:44:36.349 pjsua_media.c RTP socket reachable at xxx.xxx.xxx.xxx:4006 13:44:36.349 pjsua_media.c RTCP socket reachable at xxx.xxx.xxx.xxx:4007 13:44:36.349 pjsua_media.c Opening null sound device.. 13:44:36.349 sip_endpoint.c Module "mod-unsolicited-mwi" registered >>>> Account list: [ 0] <sip:xxx.xxx.xxx.xxx:5060>: does not register Online status: Online [ 1] <sip:192.168.0.23:5060;transport=TCP>: does not register Online status: Online *[ 2] sip:sundar2 at iptel.org: 100/In Progress (expires=0) Online status: Online Buddy list: -none- +=============================================================================+ | Call Commands: | Buddy, IM & Presence: | Account: | | | | | | m Make new call | +b Add new buddy .| +a Add new accnt | | M Make multiple calls | -b Delete buddy | -a Delete accnt. | | a Answer call | i Send IM | !a Modify accnt. | | h Hangup call (ha=all) | s Subscribe presence | rr (Re-)register | | H Hold call | u Unsubscribe presence | ru Unregister | | v re-inVite (release hold) | t ToGgle Online status | > Cycle next ac.| | U send UPDATE | T Set online status | < Cycle prev ac.| | ],[ Select next/prev call +--------------------------+-------------------+ | x Xfer call | Media Commands: | Status & Config: | | X Xfer with Replaces | | | | # Send RFC 2833 DTMF | cl List ports | d Dump status | | * Send DTMF with INFO | cc Connect port | dd Dump detailed | | dq Dump curr. call quality | cd Disconnect port | dc Dump config | | | V Adjust audio Volume | f Save config | | S Send arbitrary REQUEST | Cp Codec priorities | f Save config | +------------------------------+--------------------------+-------------------+ | q QUIT L ReLoad sleep MS echo [0|1|txt] n: detect NAT type | +=============================================================================+ You have 0 active call >>> 13:44:36.551 pjsua_core.c TX 540 bytes Request msg REGISTER/cseq=52414 (tdta0x144b800) to UDP 217.9.36.145:5060: REGISTER sip:iptel.org SIP/2.0 Via: SIP/2.0/UDP xxx.xxx.xxx.xxx:5060;rport;branch=z9hG4bKPj.vrgl9xQQ3Nl7-J5lIj6CHki7PJOlK0C Max-Forwards: 70 From: <sip:sundar2@xxxxxxxxx>;tag=YRs6FDBn38oY-TxAn7878cHUruuIOO8. To: <sip:sundar2 at iptel.org> Call-ID: P7cU5NKjECoAMpgoqxpd.TRviiGgTaG9 CSeq: 52414 REGISTER User-Agent: PJSUA v1.10.0 Linux-2.6.38.8/x86_64/glibc-2.13 Contact: <sip:sundar2 at xxx.xxx.xxx.xxx:5060;ob> Expires: 300 Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS Content-Length: 0 --end msg-- 13:44:38.551 pjsua_core.c TX 540 bytes Request msg REGISTER/cseq=52414 (tdta0x144b800) to UDP 217.9.36.145:5060: REGISTER sip:iptel.org SIP/2.0 Via: SIP/2.0/UDP xxx.xxx.xxx.xxx:5060;rport;branch=z9hG4bKPj.vrgl9xQQ3Nl7-J5lIj6CHki7PJOlK0C Max-Forwards: 70 From: <sip:sundar2@xxxxxxxxx>;tag=YRs6FDBn38oY-TxAn7878cHUruuIOO8. To: <sip:sundar2 at iptel.org> Call-ID: P7cU5NKjECoAMpgoqxpd.TRviiGgTaG9 CSeq: 52414 REGISTER User-Agent: PJSUA v1.10.0 Linux-2.6.38.8/x86_64/glibc-2.13 Contact: <sip:sundar2 at xxx.xxx.xxx.xxx:5060;ob> Expires: 300 Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS Content-Length: 0 --end msg-- 13:44:42.551 pjsua_core.c TX 540 bytes Request msg REGISTER/cseq=52414 (tdta0x144b800) to UDP 217.9.36.145:5060: REGISTER sip:iptel.org SIP/2.0 Via: SIP/2.0/UDP xxx.xxx.xxx.xxx:5060;rport;branch=z9hG4bKPj.vrgl9xQQ3Nl7-J5lIj6CHki7PJOlK0C Max-Forwards: 70 From: <sip:sundar2@xxxxxxxxx>;tag=YRs6FDBn38oY-TxAn7878cHUruuIOO8. To: <sip:sundar2 at iptel.org> Call-ID: P7cU5NKjECoAMpgoqxpd.TRviiGgTaG9 CSeq: 52414 REGISTER User-Agent: PJSUA v1.10.0 Linux-2.6.38.8/x86_64/glibc-2.13 Contact: <sip:sundar2 at xxx.xxx.xxx.xxx:5060;ob> Expires: 300 Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS Content-Length: 0 --end msg-- 13:44:44.299 stuntsx0x145e1 STUN timeout waiting for response 13:44:44.351 stuntsx0x145e9 STUN timeout waiting for response 13:44:44.614 pjsua_app.c NAT detected as Port Restricted 13:44:46.551 pjsua_core.c TX 540 bytes Request msg REGISTER/cseq=52414 (tdta0x144b800) to UDP 217.9.36.145:5060: REGISTER sip:iptel.org SIP/2.0 Via: SIP/2.0/UDP xxx.xxx.xxx.xxx:5060;rport;branch=z9hG4bKPj.vrgl9xQQ3Nl7-J5lIj6CHki7PJOlK0C Max-Forwards: 70 From: <sip:sundar2@xxxxxxxxx>;tag=YRs6FDBn38oY-TxAn7878cHUruuIOO8. To: <sip:sundar2 at iptel.org> Call-ID: P7cU5NKjECoAMpgoqxpd.TRviiGgTaG9 CSeq: 52414 REGISTER User-Agent: PJSUA v1.10.0 Linux-2.6.38.8/x86_64/glibc-2.13 Contact: <sip:sundar2 at xxx.xxx.xxx.xxx:5060;ob> Expires: 300 Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS Content-Length: 0 --end msg--
