Skip to content

Nethvoice Proxy: SIP Options not relayed causes inbound call failures #7624

New issue
New issue
Closed
Bug
Closed
Nethvoice Proxy: SIP Options not relayed causes inbound call failures#7624
Bug
Labels
nethvoiceBug or features releted to the NethVoice project
Milestone
NethVoice 1.5
@Amygos

Description

@Amygos
Amygos
opened on Sep 10, 2025

A problem occurs when the Nethvoice proxy (using Kamailio) does not forward SIP Options requests to the upstream firewall. This behavior results in the firewall prematurely closing UDP connection tracking, causing inbound SIP calls to fail after 180 seconds unless outbound traffic occurs. The issue is more apparent when the SIP trunk registration expire time is set high (e.g., 3600s).

Steps to reproduce

  1. Configure a SIP trunk on NethVoice behind a firewall (like NethSecurity 8) with a registration expire time (e.g., 300s or 3600s) and Options interval (e.g., 60s).
  2. Ensure the firewall has the default UDP conntrack timeout (180s).
  3. Observe that SIP Options requests are processed by the proxy but not forwarded to the firewall.
  4. After registration, wait for more than 180 seconds without outbound SIP traffic.
  5. Attempt to receive an inbound call.

Expected behavior
SIP Options requests should be relayed by the Nethvoice proxy to the provider and pass through to the firewall, maintaining the UDP session and preventing premature conntrack expiration. Inbound calls should work throughout the trunk's registration period.

Actual behavior
The proxy handles SIP Options internally and does not forward them to the firewall, leading to UDP conntrack expiration after 180 seconds. Inbound calls only work for up to 180 seconds after registration, after which the trunk may be rejected and registration does not occur until outbound traffic resumes.

Components
NethServer 8, Nethvoice-proxy (Kamailio)

See also
SIP Options flow diagram and packet details:
Image

Kamailio log excerpt:

Aug 21 14:20:32 ns8 kamailio[5175]: 47(55) WARNING: <script>: [DEV] - ad8af4d9-814e-47e4-8bec-661150cab57c OPTIONS-30575 - in dialog and direction OUT, doing RELAY
Aug 21 14:20:32 ns8 kamailio[5175]: 47(55) WARNING: <script>: [DEV] - ad8af4d9-814e-47e4-8bec-661150cab57c OPTIONS-30575 - in RELAY route
Aug 21 14:20:32 ns8 kamailio[5175]: 47(55) WARNING: <script>: [DEV] - ad8af4d9-814e-47e4-8bec-661150cab57c OPTIONS-30575 - direction: out / out (<null>)
Aug 21 14:20:32 ns8 kamailio[5175]: 47(55) WARNING: <script>: [DEV] - ad8af4d9-814e-47e4-8bec-661150cab57c OPTIONS-30575 - in SET_SOCKET route
Aug 21 14:20:32 ns8 kamailio[5175]: 47(55) WARNING: <script>: [DEV] - ad8af4d9-814e-47e4-8bec-661150cab57c OPTIONS-30575 - destination ip: 10.5.4.1
Aug 21 14:20:32 ns8 kamailio[5175]: 47(55) WARNING: <script>: [DEV] - [NATMANAGE] - FLT_NATS and FLB_NATB not set

Helpdesk Ticket: https://helpdesk.nethesis.it/a/tickets/192710
Mattermost chat: https://mattermost.nethesis.it/nethesis/pl/883k93kemibnfgew59posbhoah
Evoseed Ticket: https://odoo.evoseed.it/helpdesk/ticket/104

Acknowledgements
Thanks to Marco and Mario for reporting and providing detailed diagnostics.

Metadata

Metadata

Assignees

No one assigned

    Labels

    nethvoiceBug or features releted to the NethVoice project

    Type

    Bug

    Projects

    NethVoice

    Status

    Done

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions