Hello Thomas.
I think you're missing a few important things. First i don't see any checks
for NAT'd endpoints, you need to do something like this:
if (nat_uac_test(1))
setflag(1);
force_rport();
fix_nated_contact();
then in the INVITE:
if (method=="INVITE") {
record_route();
if (isflagset(1))
fix_nated_sdp("3");
};
/* set up reply processing */
t_on_reply("1");
};
I'm using mediaproxy, so i am not sure about this, maybe somone that's using
the nathelper module can help you better... you can check the example
configuration file in the /modules/nathelper directory, that could give you
some clues.
+
Cheers.
Ricardo
-----Mensaje original-----
De: support [mailto:support@cybertel.biz]
Enviado el: Miércoles, 15 de Diciembre de 2004 4:38
Para: serusers(a)lists.iptel.org
Asunto: [Serusers] rtpproxy + nathelper problem
Hi,
I have installed the latest rtpproxy and run it with ser-0.8-14. I have
also include nathelper modules. When I try to register a siprua gateway
with SER, the IP is still 192.168.1.xx. It cannot be translated to NAT
public IP.
Why is that so?
Thanks.
Thomas
Appendix: my ser.cfg
--------------------------------------------------
#
# $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
alias=mydomain.dyndns.org
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (len_gt( max_len )) {
sl_send_reply("513", "Message too big");
break;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
#inserted by klaus
if (method=="INVITE") {
record_route();
force_rtp_proxy();
/* set up reply processing */
t_on_reply("1");
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
#inserted by klaus
# all incoming replies for t_onrepli-ed transactions enter here
onreply_route[1] {
if (status=~"[12][0-9][0-9]")
force_rtp_proxy();
}
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
I am having the following strange error - SER is on
public IP and Asterisk is on a private IP - My x.lite
is on a public IP and registers fine with SER.
Mediaproxy is running on SER too. When I make a call,
SER forwards the call to Asterisk but the mediaproxy
gives me the following error:
-----
Dec 15 15:18:57 linux-ser mediaproxy[2360]: Traceback
(most recent call last): File
"/usr/local/etc/ser/mediaproxy/modules/rtphandler.py",
line 819, in __findRTPSlot dsock.bind((proxyIP,
port)) File "<string>", line 1, in bind error: (99,
'Cannot assign requested address')
Dec 15 15:18:57 linux-ser mediaproxy[2360]: error:
cannot create session for
'DB740095-C810-4628-8DE6-9D9DF74E0E74(a)X.Y.X.X': cannot
find enough free ports for the media streams
Dec 15 15:18:57 linux-ser mediaproxy[2360]: command
execution time: 79.39 ms
Dec 15 15:18:57 linux-ser proxydispatcher[2363]:
forwarding to mediaproxy on /var/run/mediaproxy.sock:
got: ''
Dec 15 15:18:57 linux-ser proxydispatcher[2363]:
command execution time: 442.78 ms
Dec 15 15:18:57 linux-ser /usr/local/sbin/ser[2763]:
error: use_media_proxy(): empty response from
mediaproxy
------
Any ideas what the bind error is? I assume mediaproxy
is already "binded" to the port it listens on?
Any pointers will be greatly appreciated.
__________________________________
Do you Yahoo!?
All your favorites on one personal page � Try My Yahoo!
http://my.yahoo.com
hi,
I am new is this list and also in ser, sorry is the problem has a stupid solution.
I am configuring a ser sip server with the following features:
- Nat support with nathelper
- Multidomain support with domain module.
modparam("usrloc", "use_domain", 1)
modparam("registrar", "use_domain", 1)
All my uas are behind a nat box without sip support, therefore I fix_nated_contact in order to have a valid contact in location dadabase. The registration procedure works fine, and i can start a call with INVITE, the problem is when the caller send the ACK because in the request field get the contact in the user@ip_address:port way. The proxy is answering with "Not found" (because modparam("usrloc", "use_domain", 1), I guess.....), and from this point everything fail is the dialog.
Any idea?
Thanks very much for your help
Antonio Higuera.
Hello List.
I have two questions.
First. I wan to know how this configuration works.
if (method=="INVITE") {
if ( !radius_proxy_authorize("")) {
proxy_challenge("", "1");
log (1, "LOG: Llamada no AUTORIZADA\n");
break;
};
When a endpoint is unahutorized to make a call, and my radius server answer
with "Authentication Reject", i don't see my log messsage in the standard
out, ("LLamada no AUTORIZADA"), even with log level = 3. I was trying to
see how this authorization works. For example i see in my debugs something
like this :
--> INVITE sip:7515960@mydomain.com SIP/2.0.
<-- SIP/2.0 407 Proxy Authentication Required.
--> ACK sip:7515960@sipvoiss.desarrollo.redvoiss.net SIP/2.0.
--> INVITE sip:7515960@sipvoiss.desarrollo.redvoiss.net SIP/2.0.
w/Digest
<-- SIP/2.0 407 Proxy Authentication Required.
--> ACK sip:7515960@sipvoiss.desarrollo.redvoiss.net SIP/2.0.
--> INVITE sip:7515960@sipvoiss.desarrollo.redvoiss.net SIP/2.0.
w/Digest
<-- SIP/2.0 407 Proxy Authentication Required.
--> ACK sip:7515960@sipvoiss.desarrollo.redvoiss.net SIP/2.0.
At any time i see a "Unauthorized message" coming from my SER, i don't even
see my log message. Is there a way to answer with a message like this?
SIP/2.0 404 Unauthorized - LLAMADA NO AUTORIZADA EN ESTE SERVER.
Hope that someone can help me here.
Second Question.
I was trying to restrict the domains that i can serve in my SER.
I'm doing this with the alias=domain1.com , etc and the uri=myself.
Is this a secure way to do this?. And what happend when someone try
to reach me with my own IP server address?. For example a INVITE
message with
INVITE sip:7515960@ip.of.my.ser.server SIP/2.0.
By default the uri=myself permits this IP?
Thanks in advance
Best Regards.
Ricardo Martinez.-
Hi!
IŽm trying to make a dialing plan with ser. So i have configurated the
ser.cfg in order to route for some especific destinations to other SIP
proxies. But some of them need digest authentication and I need to do it on
the ser. The scenario would be like this:
1- A sip client, which is registered in my ser proxy, tries to make a call
to a destination that doesnŽt belong to my network.
2- So ser should route this call to a third party proxy, which provides call
termination (I have an account in this third party proxy).
3- When ser routes the call to that proxy, this response with challenge for
authentication.
The question would be: How do I reply to that challenge with ser ? Is it
posible to do this with ser ?
Thanks a lot !
Regards,
Gabriel
>From what I understand (Anybody, please feel free to correct me if I'm
wrong) SER doesn't care whether the packet is SIP-T or SIP. It will relay
it to the destination regardless. We used SIP-T for 3 months with SER and
had no issues.
Tip: Just don't try to use SIP-T with Asterisk. Unless they have made some
changes recently for SIP-T support, asterisk does not like SIP-T.
Darren
> -----Original Message-----
> From: Danny Moghnie [mailto:danny@ivoicelynx.com]
> Sent: Wednesday, December 15, 2004 2:42 AM
> To: serusers(a)lists.iptel.org
> Subject: [Serusers] SIP-T Support
>
> Does SER support SIP-T
>
> Danny Moghnie,
>
> iVoiceLynx
>
>
> _______________________________________________
> Serusers mailing list
> serusers(a)lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
First off, make sure your sipura has NAT mapping enabled, this must be
done in the "Advanced" options under the lineX menu. Second, it sounds
like your getting stuck in the register (not the invite?). Here is a
snippet of my config, I took it from (Java?) the list and modified it to
suit my needs.
This should go near the top of your routing. It's my understand that all
NAT clients get tagged before any other info is passed, else it may not
get there. This should at least get your registering. good luck!
if (nat_uac_test("3")) {
# Allow RR-ed requests, as these may indicate that
# a NAT-enabled proxy takes care of it; unless it is
# a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:"))
{
log(1, "LOG: Someone trying to register from private
IP, rewriting\n");
# This will work only for user agents that support
symmetric
# communication. We tested quite many of them and
majority is
# smart enough to be symmetric. In some phones it
takes a configuration
# option. With Cisco 7960, it is called
NAT_Enable=Yes, with kphone it is
# called "symmetric media" and "symmetric
signalling".
if (!search("(c|Contact): .*(a)xxx.xxx.xxx.xxx" )) {
log(1, "NOT LEVEL 3, FIXXING NATTED CONTACT\n");
fix_nated_contact(); # Rewrite contact with source
IP of signalling
}
if (method == "INVITE") {
fix_nated_sdp("1"); # Add direction=active to
SDP
};
force_rport(); # Add rport parameter to topmost Via
setflag(6); # Mark as NATed
};
};
-----Original Message-----
From: support [mailto:support@cybertel.biz]
Sent: Wednesday, December 15, 2004 2:38 AM
To: serusers(a)lists.iptel.org
Subject: [Serusers] rtpproxy + nathelper problem
Hi,
I have installed the latest rtpproxy and run it with ser-0.8-14. I have
also include nathelper modules. When I try to register a siprua gateway
with SER, the IP is still 192.168.1.xx. It cannot be translated to NAT
public IP.
Why is that so?
Thanks.
Thomas
Appendix: my ser.cfg
--------------------------------------------------
#
# $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters
------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
alias=mydomain.dyndns.org
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (len_gt( max_len )) {
sl_send_reply("513", "Message too big");
break;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
save("location");
break;
};
# native SIP destinations are handled using our USRLOC
DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
#inserted by klaus
if (method=="INVITE") {
record_route();
force_rtp_proxy();
/* set up reply processing */
t_on_reply("1");
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
#inserted by klaus
# all incoming replies for t_onrepli-ed transactions enter here
onreply_route[1] {
if (status=~"[12][0-9][0-9]")
force_rtp_proxy();
}
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hello all,
I've just installed the serweb interface in a running
ser environment.
In spite of changing the access mode of the ser_fifo
(stored in /tmp) to allow php scripts for reading and
writing, php scripts send the following error message
to my web browser "sorry -- cannot open write fifo".
Since the ser_fifo file location is under the /tmp
directory, I didn't change the value of the
fifo_server parameter in the config.php script.
The question is: is the value path of the ser_fifo
relative to the running script (functions.php) or
absolute?
Best regard,
=====
Al-Hezmi, Adel
----------------------------------------------------------------------------------
Home page: www.cs.tu-berlin.de/~adelhazm
___________________________________________________________
Gesendet von Yahoo! Mail - Jetzt mit 250MB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de
Hi!
How to configure a iconnecthere account on SER for all out going calls?
Did somebody configured iconnect account as a static routing for forwarding calls
Thanks & Regards
Ritesh Jalan