Re: Fwd: Re: [redhat.com #1263208] Linphone on the internal RH SIP

Hi Matej,

This bug with linphone and VPN was fixed on the subversion repository 
|(||svn://svn.sv.gnu.org/linphone) |by Simon Morlat (revision 463 May 
6). Unfortunately this changes have not been still released to a new 
Linphone version (last release 3.1.2 is dated May 5).

Regards,
Enrique

Matěj Cepl escribió:
> Hi, this is the result of my dialog with our SIP support guys. 
> Apparently, linphone gets confused and offers my internal LAN address 
> (192.168.1.*) instead of VPN one. The result is that it the 
> registration to the internal SIP server fails (Not Found) and when 
> calling the contact inside of RH VPN I get "Service Unavailable". It 
> doesn't matter whether I use an internal STUN server or use my IP 
> address directly (this VPN connection is not NATed).
>
> This is the only showstopper for using linphone as my main SIP client 
> (the only other working SIP client for me is Twinkle, and I really 
> don't like KDE apps on my machine). There are some other problems 
> (e.g., for many users STUN/direct IP/etc. setting should be 
> per-account, not per-program preference, many UI glitches), but 
> fortunately non other is a showstopper for me.
>
> What do you think?
>
> Matěj
>

Re: Fwd: Re: [redhat.com #1263208] Linphone on the internal RH SIP

Indeed.
Thank you Enrique. The modification I did was that the hostname/ipaddress given 
as firewall address is used within SIP messages (before it was only used in 
SDP).
Note that this should not be necessary to do all that if the SIP proxy is NAT-
capable. If using openser and its clones, you have to use a configuration that 
uses "nat_helper". I can provide one if needed.

Simon

PS: I'd like to make a new release. There have been lots of change and 
improvements, especially in the UI.

Le mardi 1 septembre 2009 08:36:02, Enrique Otero a écrit :
> Hi Matej,
>
> This bug with linphone and VPN was fixed on the subversion repository
>
> |(||svn://svn.sv.gnu.org/linphone) |by Simon Morlat (revision 463 May
>
> 6). Unfortunately this changes have not been still released to a new
> Linphone version (last release 3.1.2 is dated May 5).
>
> Regards,
> Enrique
>
> Matěj Cepl escribió:
> > Hi, this is the result of my dialog with our SIP support guys.
> > Apparently, linphone gets confused and offers my internal LAN address
> > (192.168.1.*) instead of VPN one. The result is that it the

Re: Fwd: Re: [redhat.com #1263208] Linphone on the internal RH SIP

Dne 1.9.2009 09:52, Simon Morlat napsal(a):
> Thank you Enrique. The modification I did was that the hostname/ipaddress given
> as firewall address is used within SIP messages (before it was only used in
> SDP).
> Note that this should not be necessary to do all that if the SIP proxy is NAT-
> capable. If using openser and its clones, you have to use a configuration that
> uses "nat_helper". I can provide one if needed.
>    
Just to emphasize ... I have been able to reproduce this with my 
computer NOT being behind NAT (in VPN).

I am going to build a test package and check.

Matěj

_______________________________________________
Linphone-users mailing list
Linphone-users <at> nongnu.org
http://lists.nongnu.org/mailman/listinfo/linphone-users

Re: Fwd: Re: [redhat.com #1263208] Linphone on the internal RH SIP

Le mardi 1 septembre 2009 10:17:31, Matěj Cepl a écrit :
> Dne 1.9.2009 09:52, Simon Morlat napsal(a):
> > Thank you Enrique. The modification I did was that the hostname/ipaddress
> > given as firewall address is used within SIP messages (before it was only
> > used in SDP).
> > Note that this should not be necessary to do all that if the SIP proxy is
> > NAT- capable. If using openser and its clones, you have to use a
> > configuration that uses "nat_helper". I can provide one if needed.
>
> Just to emphasize ... I have been able to reproduce this with my
> computer NOT being behind NAT (in VPN).
Understood. Actually setting the nat address in linphone is a way to override 
the address used in SIP and SDP messages. The fact that is a real nat address 
or local vpn address has no importance.

Simon

Re: Fwd: Re: [redhat.com #1263208] Linphone on the internal RH SIP

Dne 1.9.2009 09:52, Simon Morlat napsal(a):
> Indeed.
> Thank you Enrique. The modification I did was that the hostname/ipaddress given
> as firewall address is used within SIP messages (before it was only used in
> SDP).
> Note that this should not be necessary to do all that if the SIP proxy is NAT-
> capable. If using openser and its clones, you have to use a configuration that
> uses "nat_helper". I can provide one if needed.
>    
I am sorry, but I tried with the today's git checkout 
(6b23aeb56f16a39d6a0c960a0dc3242b0c06c2a8, that's svn 615 if I 
understand the URL correctly) and the result is exactly the same (both 
with and without STUN). Not found for registration and service not 
available for calling, and linphone seems to suggest that it is actually 
on 192.168.1.*. See attached logs.

Best,

Matěj

(linphone-3:21193): libglade-WARNING **: Radio button group video_item could not be found
ALSA lib conf.c:3952:(snd_config_expand) Unknown parameters 0
ALSA lib control.c:909:(snd_ctl_open_noupdate) Invalid CTL default:0
ALSA lib conf.c:3952:(snd_config_expand) Unknown parameters 0
ALSA lib pcm.c:2211:(snd_pcm_open_noupdate) Unknown PCM default:0
ALSA lib conf.c:3952:(snd_config_expand) Unknown parameters 0
ALSA lib pcm.c:2211:(snd_pcm_open_noupdate) Unknown PCM default:0
linphone-message : Registering all filters...

Re: Fwd: Re: [redhat.com #1263208] Linphone on the internal RH SIP

Hi,

this sounds like the problem I have too with linphone. I posted it 
around 7/19 to this list ('Problem with private IP address and picky 
registrars').
The problem seems to be that some registrars don't like the private IP 
address that gets transmitted to them along with the public one. For me 
this is also a show-stopper when using linphone from behind a NAT 
router. In this scenario I also have to switch to twinkle which seems to 
be the only SIP client under Linux that doesn't send the private IP 
address (Ekiga actually sends it too).
Beside that, I really like Linphone. It's stable and reliable. It would 
be great if some workaround for those registrars could be implemented, 
e.g. a second connection attempt in case the first wasn't successful, 
without transmitting the private address.

Chris

Matěj Cepl wrote:
> Hi, this is the result of my dialog with our SIP support guys. 
> Apparently, linphone gets confused and offers my internal LAN address 
> (192.168.1.*) instead of VPN one. The result is that it the registration 
> to the internal SIP server fails (Not Found) and when calling the 
> contact inside of RH VPN I get "Service Unavailable". It doesn't matter 
> whether I use an internal STUN server or use my IP address directly 
> (this VPN connection is not NATed).
> 
> This is the only showstopper for using linphone as my main SIP client 
> (the only other working SIP client for me is Twinkle, and I really don't 
> like KDE apps on my machine). There are some other problems (e.g., for 

Re: Fwd: Re: [redhat.com #1263208] Linphone on the internal RH SIP

>
> I am sorry, but I tried with the today's git checkout
> (6b23aeb56f16a39d6a0c960a0dc3242b0c06c2a8, that's svn 615 if I
> understand the URL correctly) and the result is exactly the same (both
> with and without STUN). Not found for registration and service not
> available for calling, and linphone seems to suggest that it is actually
> on 192.168.1.*. See attached logs.

Don't confuse STUN and setting the gateway address.
If you use STUN, then stun is used to discover the RTP ports, not the SIP 
port.
If you choose the second option (specify nat address), then you force linphone 
to claim it is reachable using the supplied address inconditionnaly. Stun is 
not used at all.

Simon

>
> Best,
>
> Matěj

Re: Fwd: Re: [redhat.com #1263208] Linphone on the internal RH SIP

I just pushed to svn and git a possible workaround: it restarts the register 
with the real local address as seen by the server, after the 404 failure.
So the expected behaviour should be first the same 404 error, then a second 
register going to the server, but this time with correct contact information.

Unfortunately I have no server on my hands to test with for this use case. At 
least I could verify this patch does not break the behaviour for the main 
case.

Can you do the test and send me back the log in case of failure again ?
Thanks

Simon

Le mardi 1 septembre 2009 15:32:21, Matěj Cepl a écrit :
> Dne 1.9.2009 09:52, Simon Morlat napsal(a):
> > Indeed.
> > Thank you Enrique. The modification I did was that the hostname/ipaddress
> > given as firewall address is used within SIP messages (before it was only
> > used in SDP).
> > Note that this should not be necessary to do all that if the SIP proxy is
> > NAT- capable. If using openser and its clones, you have to use a
> > configuration that uses "nat_helper". I can provide one if needed.
>
> I am sorry, but I tried with the today's git checkout
> (6b23aeb56f16a39d6a0c960a0dc3242b0c06c2a8, that's svn 615 if I
> understand the URL correctly) and the result is exactly the same (both
> with and without STUN). Not found for registration and service not
> available for calling, and linphone seems to suggest that it is actually
> on 192.168.1.*. See attached logs.

Re: Fwd: Re: [redhat.com #1263208] Linphone on the internal RH SIP

Hi Christian,

If the registrar sends back an error ( 4xx response, not remain silent) , then 
the bugfix I just commited (see the email to Matej) should solve your problem.

Simon

Le mardi 1 septembre 2009 15:46:04, Christian Schäfer a écrit :
> Hi,
>
> this sounds like the problem I have too with linphone. I posted it
> around 7/19 to this list ('Problem with private IP address and picky
> registrars').
> The problem seems to be that some registrars don't like the private IP
> address that gets transmitted to them along with the public one. For me
> this is also a show-stopper when using linphone from behind a NAT
> router. In this scenario I also have to switch to twinkle which seems to
> be the only SIP client under Linux that doesn't send the private IP
> address (Ekiga actually sends it too).
> Beside that, I really like Linphone. It's stable and reliable. It would
> be great if some workaround for those registrars could be implemented,
> e.g. a second connection attempt in case the first wasn't successful,
> without transmitting the private address.
>
> Chris
>
> Matěj Cepl wrote:
> > Hi, this is the result of my dialog with our SIP support guys.
> > Apparently, linphone gets confused and offers my internal LAN address
> > (192.168.1.*) instead of VPN one. The result is that it the registration

Re: Fwd: Re: [redhat.com #1263208] Linphone on the internal RH SIP

Hi Simon,

it sends:

SIP/2.0 479 Please don't use private IP addresses

so your bugfix should work. I'll give it a try as soon as you'll release 
the next version.

Chris

Simon Morlat wrote:
> Hi Christian,
> 
> If the registrar sends back an error ( 4xx response, not remain silent) , then 
> the bugfix I just commited (see the email to Matej) should solve your problem.
> 
> Simon
> 
> Le mardi 1 septembre 2009 15:46:04, Christian Schäfer a écrit :
>> Hi,
>>
>> this sounds like the problem I have too with linphone. I posted it
>> around 7/19 to this list ('Problem with private IP address and picky
>> registrars').
>> The problem seems to be that some registrars don't like the private IP
>> address that gets transmitted to them along with the public one. For me
>> this is also a show-stopper when using linphone from behind a NAT
>> router. In this scenario I also have to switch to twinkle which seems to
>> be the only SIP client under Linux that doesn't send the private IP