I have been trying to use the pdt module, and the idea seems excellent.
I have the database up and running, and can enter codes. Things seem to
be translated correctly, but the INVITE request is not complete, and the
call always fails. Compare the following from the log file:
ACC: transaction answered: method=INVITE,
i-uri=sip:839503018@sip.dev.inmarsat.com, o-uri=sip:3018@sip.prodec.tv
ACC: transaction answered: method=INVITE, i-uri=sip:3018@sip.prodec.tv,
o-uri=sip:3018@sip.prodec.tv,
call_id=9C912086-C197-484D-8AD2-E261F1A3234A(a)161.30.94.150, from=Dave
Bath <sip:admin@sip.dev.inmarsat.com>;tag=2122510239, code=487
The first is dialing using the pdt module, with my code 8+395+0+<number>
the second is directly dialing the full external domain address. The
first fails, and I eventually get a timeout, the second connects no
problem.
Excerpts from the ser.cfg are:
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# label all transaction for accounting
setflag(1);
# Make sure we check the prefix tables
prefix2domain();
before the if (uri==myself) statement.
I have been bashing my head around and around for so long now, do you
have any ideas?!
Many many thanks in advance,
Dave
-------------------------------------
Dave Bath
Inmarsat LTD
Global Satellite Communications
www.inmarsat.com <http://www.inmarsat.com/>
Regional BGAN Engineer
07736 232085
NOTE: The information contained in this email is intended for the named
recipients only, it may be privileged and confidential. If you are not
the intended recipient, you must not copy distribute or take any action
in reliance upon it. No warranties or assurances are made in relation to
the safety and content of this email and any attachments. No liability
is accepted for any consequences arising from it
We are planning to roll out services to our customers with the Sipura
3000 FXO gateway. The idea is that customers will be able to have their
own personal PSTN gateway wherever they want.
In order to provide security, the SPA3000 allows you to configure digest
authentication. The idea is that an incoming INVITE will get challenged
via a 401 response and then end device will generate that INVITE again
with the proper credentials. The idea here would be to fill in the same
username/password details on the customer's FXO gateway as the ones we
have on SER (where his other UA registers and places calls). Something
like:
UA1 ------>SER------>FXO1
We would expect that the UA1 sends the INVITE to SER, it gets challenges
and autheticated properly, then that INVITE is routed to the FXO1, which
challeneges it as well with a 401. That 401 should be relayed back to
UA1 so that it can generate the proper credentials again (this time for
the FXO1).
Unfortunatelly the 401 that the FXO1 sends back gets ACKed by SER but
never relayed back to UA1.
Is this doable, or should we switch to another means of authenticating
that call on the FXO1?
Thanks,
--
Andres
Network Admin
http://www.telesip.net
I believe the 401 being swallowed by SER is a limitation of ser... i seem to remember from an ealier post in a different thread that this is why ser cannot reliably by used as a UA to register to external services... ser can send an invite, but it can't respond to 401s and resend digest invites. It seems the same logic would apply if you want it to pass on digest invite requests to the sipura device. I dont know if it's on the roadmap anywhere!...
Not sure if i'm right, sure someone at iptel can tell us.. .but hope it helped a little...
Dave
________________________________
From: serusers-bounces(a)lists.iptel.org on behalf of Andres
Sent: Mon 09/08/2004 22:42
To: Greg Fausak
Cc: serusers(a)lists.iptel.org; Juha Heinanen
Subject: Re: [Serusers] SER and the SPA3000
Greg Fausak wrote:
> This is an interesting problem.
> I would venture to say that if you did NOT authenticate
> for those calls that you pass to a spa-3000, then that would work...
> that is, if your SERPROXY doesn't authenticate.
I'll give this a try and let you know.
>
> is it possible that the problem is trying to authorize
> twice...once for your UAC<->SERPROXY and then the
> UAC<->SERPROXY<->UAS(SPA3000)
>
Could be, but I am unsure if this would be a SER limitation or SIP
limitation.
> Can you have multiple credentials in the same SIP packet?
> Seems like it should work...
>
> Sorry, not much help I know. Do you have a packet trace?
>
The packet trace reveals that the SPA3000 challenge is being swallowed
by SER. What I mean is, this 401 is not being sent back to UA1 so there
is nothing to see in this part of the leg. The 401 being sent back by
the SPA3000 looks as normal as a 401 being sent back by SER to a user
upon an INVITE. I can certainly grab these traces again tonight and
send them to you.
> ---greg
>
--
Andres
Network Admin
http://www.telesip.net
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
Hello,
The following is my configuration.
UA1 -> NAT1 -> INTERNET -> NAT2 -> asterisk -> NAT2 ->
INTERNET -> NAT1/3 -> UA2.
When I run it with the following configuration, the
nat_uac_test doesn't detect that I am behind the NAT,
could any help ?
# ------------------- global configuration parameters
------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)
#debug=7
#fork=no
#log_stderror=yes
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
alias=detone
alias=detone.ghl.com
alias=202.129.171.223
# ------------------- module loading
------------------
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/exec.so"
loadmodule "/usr/local/lib/ser/modules/xlog.so"
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
# ----------------- setting module-specific parameters
---------------
modparam("usrloc", "db_mode", 2)
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("usrloc", "db_mode", 0)
modparam("rr", "enable_full_lr", 1)
# ------------------ NAThelper ----------------
modparam("registrar", "nat_flag", 6)
modparam("nathelper", "natping_interval", 30) # Ping
interval 30 s
modparam("nathelper", "ping_nated_only", 1) # Ping
only clients behind NAT
# ------------------------- request routing logic
-------------------
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long
requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too
big");
break;
};
# Special handling for NATed clients; first, NAT test
is
# executed: it looks for via!=received and
RFC1918 addresses
# in Contact (may fail if line-folding is
used); also,
# the received test should, if completed,
should check all
# vias for rpesence of received
xlog("L_NOTICE", "Checking...behind the NAT ?\n");
if (nat_uac_test("1")) {
xlog("L_NOTICE", "nat_uac_test=1\n");
}
if (nat_uac_test("2")) {
xlog("L_NOTICE", "nat_uac_test=2\n");
}
if (nat_uac_test("3")) {
xlog("L_NOTICE", "nat_uac_test == 3\n");
# Allow RR-ed requests, as these may
indicate that
# a NAT-enabled proxy takes care of
it; unless it is
# a REGISTER
if (method == "REGISTER" || !
search("^Record-Route:")) {
xlog("L_NOTICE", "Someone trying
to register from private IP, rewriting\n");
# This will work only for user
agents that support symmetric
# communication. We tested quite
many of them and majority is
# smart enough to be symmetric. In
some phones it takes a configuration
# option. With Cisco 7960, it is
called NAT_Enable=Yes, with kphone it is
# called "symmetric media" and
"symmetric signalling".
fix_nated_contact(); # Rewrite
contact with source IP of signalling
if (method == "INVITE") {
xlog("L_NOTICE", "invite behind NAT.\n");
fix_nated_sdp("1"); # Add
direction=active to SDP
};
force_rport(); # Add rport
parameter to topmost Via
setflag(6); # Mark as NATed
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our
proxy; that's
# particularly good if upstream and downstream
entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
xlog("L_NOTICE", "loose route.\n");
# append_hf("P-hint: rr-enforced\r\n");
t_relay();
break;
};
if
(uri=~"^sip:[0-9][0-9][0-9]*@202.129.171.223") {
xlog("L_NOTICE", "forward to asterisk.\n");
forward(10.38.38.14, 5070);
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the
following command
# with proper names and addresses in it)
xlog("L_NOTICE", "uri==myself?\n");
if (uri==myself){
if (method=="REGISTER") {
xlog("L_NOTICE", "register but no NAT.\n");
sl_send_reply("200", "ok");
save("location");
break;
};
# native SIP destinations are handled
using our USRLOC DB
xlog("L_NOTICE", "lookup for USRLOC.\n");
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
xlog("L_NOTICE", "checking....INVITE\n");
if (method == "INVITE") {
xlog("L_NOTICE", "Invite from not NAT.\n");
record_route();
if (isflagset(4) && isflagset(5)) {
xlog("L_NOTICE", "UA behind different NAT
devices, forcing rtpproxy\n");
force_rtp_proxy();
t_on_reply("2");
} else {
xlog("L_NOTICE", "UAs behind same NAT
devicea\n");
t_on_reply("3");
}
# for other conditions route here...
}
# forward to current uri now; use stateful
forwarding; that
# works reliably even if we forward from TCP
to UDP
if (!t_relay()) {
sl_reply_error();
};
}
onreply_route[1] {
if (status =~ "[12][0-9][0-9]"){
fix_nated_contact();
force_rtp_proxy();
}
}
onreply_route[2] {
if (status == "200" || status == "183"){
if (isflagset(5)) {
fix_nated_contact();
};
force_rtp_proxy();
}
}
onreply_route[3] {
if (status == "200" || status == "183"){
if (isflagset(5)) {
fix_nated_contact();
};
force_rtp_proxy();
}
}
Hi all,
Is there any method to reduce the number of waiting calls? As there are more
users dial concurrently to my SER, the waiting time increases to an
unacceptable level sometimes (Around 5-10 seconds). I suspect this would
relate to my ser.cfg since when I type "serctl ps", I got the following :
0 1521 stand-alone receiver @ 202.83.X.X:5060
1 1549 timer
2 1553 fifo server
3 0
4 0
5 0
6 0
7 0
Is the above related to the media proxy? Or any parameters in config.h would
improve the situation? Any reply would be much appreciated!
Best Regards,
Kenny Lam
SIP Application Engineer
Deltapath Commerce & Technology Limited
---------------------------------------
SIP By Deltapath!
www.deltapath.com
Hi,
I could now configure 2 messanger clients to register
with IPTEL. It shows me logged in.
But if I add one to the other's friend list, I can't
see him online.
Still using default configurations.
Following are the traces of ser, which i suspect the
problem area is, but I am not too sure.
<code>
From: "jawad@jawad1"
<sip:jawad@jawad1>;tag=2ecc03533fd6475ea0d5eeb302f6d2ae;epid=9992fe8cf1
To:
<sip:hamid@jawad1>;tag=381e5c7199ec4f9e9bca8f611512cf31
Call-ID: 5579a373f4294835bd5ea4908e83fab8(a)192.168.0.98
CSeq: 1 SUBSCRIBE
Record-Route:
<sip:hamid@192.168.0.102;transport=tcp;ftag=2ecc03533fd6475ea0d5eeb302f6d2ae;lr=on>
Contact:
<sip:hamid@jawad1:10441;maddr=192.168.0.169;transport=tcp>
User-Agent: RTC/1.2
Expires: 3600
Content-Length: 0
21(11243) WARNING:vqm_resize: resize(0) called
21(11243) tcp_send: tcp connection found (0x422c92e0),
acquiring fd
21(11243) tcp_send, c= 0x422c92e0, n=8
27(11249) tcp_main_loop: read response= 422b90e0, 1
from 20 (11242)
27(11249) tcp_main_loop: read response= 422c92e0, 1
from 21 (11243)
20(11242) tcp_send: after receive_fd: c= 0x422b90e0
n=4 fd=32
20(11242) tcp_send: sending...
20(11242) tcp_send: after write: c= 0x422b90e0 n=409
fd=32
20(11242) tcp_send: buf=
SIP/2.0 477 Unfortunately error on sending to next hop
occured (477/TM)
Via: SIP/2.0/TCP 192.168.0.169:10441
From:
<sip:hamid@jawad1>;tag=381e5c7199ec4f9e9bca8f611512cf31
To: "jawad@jawad1"
<sip:jawad@jawad1>;tag=2ecc03533fd6475ea0d5eeb302f6d2ae;epid=9992fe8cf1
Call-ID: 5579a373f4294835bd5ea4908e83fab8(a)192.168.0.98
CSeq: 1 NOTIFY
Server: Sip EXpress router (0.8.14 (i386/linux))
Content-Length: 0
20(11242) DEBUG: reply sent out. buf=0x80c47b8:
SIP/2.0 4..., shmem=0x422ecc18: SIP/2.0 4
20(11242) DEBUG: t_reply: finished
20(11242) ERROR: generation of a stateful reply on
error succeeded
20(11242) DEBUG:destroy_avp_list: destroing list (nil)
20(11242) receive_msg: cleaning up
21(11243) tcp_send: after receive_fd: c= 0x422c92e0
n=4 fd=34
21(11243) tcp_send: sending...
21(11243) tcp_send: after write: c= 0x422c92e0 n=508
fd=34
21(11243) tcp_send: buf=
SIP/2.0 200 OK
</code>
Thanks in anticipation.
Jawad
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
Any news on the new LCR functionality for SER ?
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.736 / Virus Database: 490 - Release Date: 8/9/2004
Hello:
This is a question for the entire list. We are trying to use SER/SEMS
to replace Centrex service with an Octel voice mail system. Therefore
we need to deal with Centrex user expectations. One of their expectations
is how many rings a caller should expect to hear before an unanswered
call goes to voicemail. Here is the problem.
If we set fr_timer and fr_inv_timer sufficiently large enough to handle
the various outbound calling scenarios then the inbound calls have
a ring-count-to-voicemail count of about 8. Large enough to disorient
callers who are use to the Centrex service behavior.
I have not found a way to balance outbound call setup delays as high
as 26 seconds without also increasing the ring-count-to-voicemail count
beyond a "reasonable", user acceptable level.
It seems that we are running into a user expectation problem but it is a
real problem for which I need to find an answer. Does anyone have any
experience dealing with this type of issue? If so how did you address it?
Thanks,Steve
Hello,
I have 2 simple questions:
1. What is the difference between www_authorize and
proxy_authorize functions?
2. Why is common to use 2 databases when using
voicemail? I think that is more logical to use one
(standard ser database) because it has all
informations we need.
Thank you in advance,
Milivoje
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
