sr-users October 2005

sr-users@lists.kamailio.org

214 participants
457 discussions

by Alex

Hi all I would like to explain some problem. When my UAC initiates INVITE the server response with 100 trying After receiving 100 trying the UAC sending again INVITE. ( HERE is the problem). RFC - 3261 ("After receiving a 1xx response, any retransmissions cease altogether "); Any help on that will be appreciated. In addition if there any way to extend the timeout between the INVITES. Thanks

18 years, 8 months

[Serusers] Have some INVITE problems

by Alex

18 years, 8 months

[Users] [Fwd: [Sip-implementors] TLS certificate question]

by Klaus Darilion

Hi! I asked a question on the sip-implementors list. As nobody answered I post it here again, as it is also related to ser/openser. thanks klaus -------- Original Message -------- Subject: [Sip-implementors] TLS certificate question Date: Wed, 05 Oct 2005 09:10:05 +0200 From: Klaus Darilion <klaus.mailinglists(a)pernau.at> To: SIP Implementors <sip-implementors(a)cs.columbia.edu> Hi! I'm trying to figure out how to make a certificate for a SIP proxy. RFC3262, section 4.1 states: For NAPTR records with SIPS protocol fields, (if the server is using a site certificate), the domain name in the query and the domain name in the replacement field MUST both be valid based on the site certificate handed out by the server in the TLS exchange. Similarly, the domain name in the SRV query and the domain name in the target in the SRV record MUST both be valid based on the same site certificate. Otherwise, an attacker could modify the DNS records to contain replacement values in a different domain, and the client could not validate that this was the desired behavior or the result of an attack. I'm not sure what the phrase "...MUST both be valid based on the site certificate" means. Does it mean that all possible domains must be present in the certificate? now imagine the follwing DNS lookups: sip:user@example.com ; order pref flags service regexp replacement IN NAPTR 50 50 "s" "SIPS+D2T" "" _sips._tcp.example.com. IN NAPTR 90 50 "s" "SIP+D2T" "" _sip._tcp.example.com IN NAPTR 100 50 "s" "SIP+D2U" "" _sip._udp.example.com. _sips._tcp.example.com. That lookup would return: ;; Priority Weight Port Target IN SRV 0 1 5061 server1.example.com IN SRV 0 2 5061 server2.example.com _sip._tcp.example.com. That lookup would return: ;; Priority Weight Port Target IN SRV 0 1 5060 server1.example.com IN SRV 0 2 5060 server2.example.com _sip._udp.example.com. That lookup would return: ;; Priority Weight Port Target IN SRV 0 1 5060 server1.example.com IN SRV 0 2 5060 server2.example.com Finally, a TLS connection is made with server1.example.com. IF I understand RFC3263 correct, all of the above domains must be present in the certificate, but how to do this? 1. Should I put CN=example.com into the Subject and all other domains into the Subject Alternative Name? DNS=_sips._tcp.example.com. DNS=_sip._tcp.example.com DNS=_sip._udp.example.com. DNS=server1.example.com DNS=server2.example.com 2. Should I leave the Subject empty and put all domains into the Subject Alternative Name? 3. Why is it not sufficient to use only the domain "example.com" in the certificate (putting it into the subject field)? 4. Which SIP URIs should be used to check against the domains in the certificate (mutual proxy-proxy scenario)? Is it correct to check the domain in the request URI against the certificate of the receiving proxy, and check the domain in the From: URI against the certificate of the originating proxy? Thanks for any clarifications Klaus _______________________________________________ Sip-implementors mailing list Sip-implementors(a)cs.columbia.edu http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors

18 years, 8 months

[Serusers] help:I can't build auth_radius module

by shikun.wang

hi, I have install radiusclient-0.3.2,and comment the related exclude modules in the main Makefile.But when I build the whole SER,it outputs something as follows: ... make[1]: Entering directory `/usr/local/src/ser-0.9.3/modules/auth_radius' make[1]: Leaving directory `/usr/local/src/ser-0.9.3/modules/auth_radius' make[1]: Entering directory `/usr/local/src/ser-0.9.3/modules/auth_radius' gcc -fPIC -DPIC -g -O9 -funroll-loops -Wcast-align -Wall -minline-all-stringops -malign-double -falign-loops -mcpu=athlon -DNAME='"ser"' -DVERSION='"0.9.3"' -DARCH='"i386"' -DOS='"linux"' -DCOMPILER='"gcc 3.2"' -D__CPU_i386 -D__OS_linux -DCFG_DIR='"/usr/local/etc/ser/"' -DPKG_MALLOC -DSHM_MEM -DSHM_MMAP -DDNS_IP_HACK -DUSE_IPV6 -DUSE_MCAST -DUSE_TCP -DDISABLE_NAGLE -DFAST_LOCK -DADAPTIVE_WAIT -DADAPTIVE_WAIT_LOOPS=1024 -DHAVE_GETHOSTBYNAME2 -DHAVE_UNION_SEMUN -DHAVE_SCHED_YIELD -DHAVE_MSG_NOSIGNAL -DHAVE_MSGHDR_MSG_CONTROL -DHAVE_ALLOCA_H -I/usr/local/include -c authorize.c -o authorize.o gcc -fPIC -DPIC -g -O9 -funroll-loops -Wcast-align -Wall -minline-all-stringops -malign-double -falign-loops -mcpu=athlon -DNAME='"ser"' -DVERSION='"0.9.3"' -DARCH='"i386"' -DOS='"linux"' -DCOMPILER='"gcc 3.2"' -D__CPU_i386 -D__OS_linux -DCFG_DIR='"/usr/local/etc/ser/"' -DPKG_MALLOC -DSHM_MEM -DSHM_MMAP -DDNS_IP_HACK -DUSE_IPV6 -DUSE_MCAST -DUSE_TCP -DDISABLE_NAGLE -DFAST_LOCK -DADAPTIVE_WAIT -DADAPTIVE_WAIT_LOOPS=1024 -DHAVE_GETHOSTBYNAME2 -DHAVE_UNION_SEMUN -DHAVE_SCHED_YIELD -DHAVE_MSG_NOSIGNAL -DHAVE_MSGHDR_MSG_CONTROL -DHAVE_ALLOCA_H -I/usr/local/include -c authrad_mod.c -o authrad_mod.o make[1]: Leaving directory `/usr/local/src/ser-0.9.3/modules/auth_radius' ... It does NOT create an auth_radius.so file. Can anyone help me with some instructions?Thank you.

18 years, 8 months

[Serusers] msilo configuration

by Teemu Harju

Hi, I've been configuring msilo for offline messaging and I've faced few problems. First... I use Xten (or now Counterpath) Eyebeam and each time user starts to type an instant message it sends a SIP MESSAGE with Content-Type: application/im-iscomposing+xml and msilo naturally stores this message also. I tried to prevent this with the following configuration but it didn't work.. if (search("Content-Type: application/im-iscomposing+xml")) { # # Do not store composing MESSAGEs # } else { # # Store offline message # } Or course this is done only for method=="MESSAGE"... Can you see why this is not working? Second... Is there a way to make the reply to the offline message appear to be coming from the user that it was sent to? I mean you can configure msilo to reply for example with user registrar(a)myserproxy.com, but that opens a new IM window for the user so it's not that good. Thanks in advance... -- Teemu Harju http://www.teemuharju.net

18 years, 8 months

[Serusers] Radius authentication and accounting issues

by deepak.chandrasekaran＠wipro.com

Hi all, I am trying to provide radius authentication and accounting in ser. I am using freeradius. Everytime I try to start ser, it crashes. Can anybody suggest some possible reasons as to why this happens? I followed radius how-to doc to configure radius server and radiusclient-ng library. I hv attached herewith my ser.cfg file. Any help would be greatly appreciated. Thanks in advance. Regards, Deepak Ser.cfg: # ----------- global configuration parameters ------------------------ #debug=3 # debug level (cmd line: -dddddddddd) #fork=no #log_stderror=yes # (cmd line: -E) /* Uncomment these lines to enter debugging mode fork=no log_stderror=yes */ check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 #children=4 fifo="/tmp/ser_fifo" # ------------------ module loading ---------------------------------- # Uncomment this if you want to use SQL database #loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/textops.so" # RADIUS support #loadmodule "/usr/local/lib/ser/modules/acc.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib/ser/modules/auth.so" #loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- modparam("usrloc", "db_mode", 0) # -- acc params -- #modparam("acc", "radius_config","/usr/local/etc/radiusclient-ng/radiusclient.conf") #modparam("acc", "radius_missed_flag", 2) #modparam("acc", "radius_flag", 1) # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # -- auth_radius params -- modparam("auth_radius", "radius_config","/usr/local/etc/radiusclient-ng/radiusclient.conf") modparam("auth_radius", "service_type", 15) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route(); # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); break; }; if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); break; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") { # log(1, "REGISTER: Authenticating user\n"); # Uncomment this if you want to use digest authentication # if (!www_authorize("nerd.vngncoe.wipro.com", "subscriber")) { if (!radius_www_authorize("")) { log(1, "REGISTER: challenging user\n"); www_challenge("", "0"); break; }; save("location"); break; }; lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); break; }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; }; append_hf("P-hint: usrloc applied\r\n"); route(1); } route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; } Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or Mailadmin(a)wipro.com immediately and destroy all copies of this message and any attachments.

18 years, 8 months

[Serusers] how to add the auth_radius module into SER

by shikun.wang

Hi,all I want to make my ser support radius accounting,so I add: loadmodule "/usr/local/lib/ser/modules/auth_radius.so" loadmodule "/usr/local/lib/ser/modules/acc.so" into my ser.cfg,and uncomment DEFS+=-DRAD_ACC LIBS=-L$(LOCALBASE)/lib -lradiusclient in modules/acc/Makefile. But after I make the whole SER and find no auth_radius.so file under /usr/local/lib/ser/modules,neither can I start the SER for it can't load this module. Is there any thing I have not set? Any ideas?Thank you.:)

18 years, 8 months

[Serusers] CDRTool

by Cameron Beattie

I have been testing CDRTool and get the following message in the log files when browsing to www.example.com/scripts/ratingEngine.php: Cannot instantiate non-existent class: ratingtables in /var/www/CDRTool/scripts/ratingEngine.php Is this because the non commercial version of CDRTool does not provide rating or is it something I have done wrong in the setup? Any advice would be appreciated. Regards Cameron

18 years, 8 months

Re: [Serusers] denying call based on country codes

by Nhadie

Thank you for your reply. Unfortunately I send all pstn traffic to a single gateway provider. So what I really need is for ser to check if this user is in the 36countries group, and it dialled a number outside of the 36 countries then denied. I was thinking of using multiple if URI but i don't want to define a lot IF statements. Hope someone here can share something that they were able to do. > > > > > > > > > > > > > > > > > Sure... it's possible and actually pretty easy, dependent on how things > are set up. Assuming, for the sake of argument, that you have two servers > that handle PSTN calls and one handles calls to anywhere and one handles > calls to only 36 countries: > > > > I'd use the grp table for this sort of thing (although some people would > use AVPops). I'd just add the users to a particular kind of group for all > access.... > > > > In MySQL, you'd want to do something like: > > > > insert into grp > values('&lt;username&gt;','&lt;domainname&gt;','fullaccess',now()); > > > > > > > > Then, set a flag if the user is in that group... > > > > if(is_user_in(&quot;Request-URI&quot;, &quot;fullaccess&quot;)) > > { > > setflag(19); > > }; > > > > > > Then... somewhere in an INVITE check block (or wherever, really), check > for the URI and the flag. > > > > if (uri =~ &quot;^sip:00*&quot;) > > { > > if(isflagset(19)) > > { > > log(1, &quot;request for alternate 800 provider > receivedn&quot;); > > rewritehostport(&quot;10.1.1.1:5060&quot;); # PSTN for ALL > numbers > > forward(uri:host, uri:port); > > route(1); > > break; > > } > > else > > { > > log(1, &quot;request for alternate 800 provider > receivedn&quot;); > > > > rewritehostport(&quot;10.1.1.2:5060&quot;); # PSTN for only > 36 countries > > > > forward(uri:host, uri:port); > > > > route(1); > > > > break; > > }; > > > > }; > > > > > > > > Now, the trick comes when you DON'T have PSTN server separate for > different countries... > > > > THEN you might have to do some very in-depth rules based on the format of > the URI to the 36 countries in question which really isn't THAT bad, but > dependent on their numeric format for numbers, it could get annoying to > specify each one (especially if they have differing formats for land line > and mobile numbers). It's not undoable, though. > > > > N. > > > > > > On Mon, 10 Oct 2005 20:17:50 +0800, Nhadie wrote > > &gt; Hi All, > > &gt; > > &gt; I'd like to setup to groups, one that can call only around 36 > > countries and one that can call anywhere. Currently, when I see that the > URI > > starts with 00 i'll check if it belongs to the world-pstn group then it > can > > dial-out if not it's blocked. Is what I'm thinking > > possible? > > &gt; > > &gt; TIA > > &gt; > > &gt; Regards, > > &gt; Nhadie > > > > > > > > > > > > > > > > > > > > > > > > >

18 years, 8 months

RE: [Serusers] SER Calls Per Second

by Martin, Peter

Let's say, just sip proxy... Regards, Peter Martin -----Original Message----- From: Daryl Sanders [mailto:daryl.sanders@gmail.com] Sent: Monday, October 10, 2005 3:35 PM To: Martin, Peter Subject: Re: [Serusers] SER Calls Per Second This depends on if you will be proxying the media stream or if you are just handling call setup with SER. If you plan to carry the media you will need to use rtpproxy or mediaproxy along with SER. It will also matter if you are using SER as the registrar on the same box or just routing calls. In addition, the specs of the box/boxes you'll be using will have a huge effect on the number of calls. - Daryl On 10/10/05, Martin, Peter <Peter.Martin(a)ipc.com> wrote: > > > Anyone know what is the most calls per second that has been tested > > and verified using SER? > > > > Peter Martin > > > _______________________________________________ > Serusers mailing list > serusers(a)lists.iptel.org > http://lists.iptel.org/mailman/listinfo/serusers > > >

18 years, 8 months

← Newer
1
...
30
31
32
33
34
35
36
...
46
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users October 2005