sr-users October 2005

sr-users@lists.kamailio.org

214 participants
457 discussions

by Bogdan-Andrei Iancu

Hi everybody, finally the TLS proxy is up and running - just to remember what was about -> http://www.openser.org/pipermail/users/2005-September/000953.html The configuration is quite a simple one - it accepts exclusively requests over TLS and does relay based on RURI (keeping the TLS protocol). server info: openser.org port 5061 - SRV record is also present. The idea is to interconnect several domains via this TLS relay. If one of the interconnected servers has to deliver a request to another domain via TLS, it has just to relay it to the TLS proxy. Note that the proxy denies any local requests. How to do the redirect from your script? Before doing t_relay(), you may add something like: if ( uri=~".*(a)domain1.com" || uri=~".*(a)domain2.com") { avp_write("sip:openser.org;transport=tls","i:11"); avp_pushto("$duri","i:11"); } via DST_URI, the TLS protocol will be forced without affecting the RURI. Normally this logic should be totally transparent via NAPTR lookup, but we do not have it in OpenSER yet. Now, about the TLS part. The TLS proxy has both tls_verify and tls_require_certificate enabled. For certificates there are two ways: 1) generate your own root CA and certificate and set the CA to me to added to the proxy (tools available on CVS in tls/tools) 2) ask and I will provide a certificate signed with the proxy root CA. TLS configuration on your side: tls_certificate="path/cert.pem" tls_private_key="path/privkey.pem" tls_ca_list="path/calist.pem" tls_verify=on tls_require_certificate=on listen=tls:xxx.xxx.xxx.xxx tls_port_no=5061 For any other additional hints about TLS, please see the tutorial http://www.openser.org/docs/tls People interested in interconnection, please join (just let me know which way you prefer for certificates). First domain connected to the proxy is siphub.net - it's a local platform we are using. regards, bogdan PS: if there are people interested in testing SIP UA with TLS, let me know and I can add registrar support. Also, if somebody has ideas how to enhance the proxy config, feel free....

18 years, 8 months

RE: [Serusers] RPM's of recent SER versions

by Elad Dotan

Try from this site: http://yum.sip-router.org/fedora-4/ Elad. -----Original Message----- From: serusers-bounces(a)lists.iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Yair Hakak Sent: Monday, October 10, 2005 10:27 PM To: serusers(a)lists.iptel.org Subject: [Serusers] RPM's of recent SER versions hello ser users list, where can i get RPM's for recent versions of SER? on berlios the last SER to have RPM's is 0.8.12. thanks, yair

18 years, 8 months

[Serusers] RPM's of recent SER versions

by Yair Hakak

hello ser users list, where can i get RPM's for recent versions of SER? on berlios the last SER to have RPM's is 0.8.12. thanks, yair

18 years, 8 months

[Serusers] SER Calls Per Second

by Martin, Peter

Anyone know what is the most calls per second that has been tested and verified using SER? Peter Martin

18 years, 8 months

[Users] tls_require_certificate

by Alexander Ph. Lintenhofer

Hi there, I have a question concerning TLS in openser: By switching tls_require_certificate to "on", the peer is forced to send his certificate for means of mutual authentication. My problem is, that the peer may be another proxy server whom I want to authenticate with its cert - but the peer might also be an user agent. In my situation I use a Snom 360 which has not the possibility to import an own user-certificate (only a CA-cert for verifying server-certs). ----------- ---------- --------- | snom 360 | <------ TLS -------> | outbound | <----- TLS -----> | inbound | ----------- server sends cert ---------- mutual AUTH --------- But when I activate tls_require_certificate=on in the openser.cfg of the outbound proxy, the snom360 can't register, because it has no user-cert. On the other hand, when I disable tls_require_certificate, the snom can register, but the security between the proxies is weak. Is there an appropriate solution for this problem ?? Maybe I didn't understand the sample configuration at all.... Thanks in advance and regards, Philipp

18 years, 8 months

[Serusers] Calling other SIP users

by Voipers Portugal

Hi, I have my SER working when i try to talk to other SIP servers. However, i cannot make calls inside my own network. I am using LDAP to authenticate my users, and I have sipldap script that circulates in the web. Everything works fine until there, i get the following output when the user exists: sip:username@host isn´t this what was supposed to happen? When i then try to (!lookup("location")) { if (!exec_dset("/etc/ser/sipldap")) { sl_send_reply("404", "Not Found"); break; } else { log(1," sipldap call"); }; }; #!lookup I get the Not Found message. But if i call the following way: username@username_IP the call works fine.. any ideia? Jose Simoes

18 years, 8 months

[Serusers] check_from

by Jason Mohler

I have a spoofed call that keeps coming in with the ANI of 000000000. How can I use check_from() and is it comes in as 000000000 to just drop the call so it does not take up my resources. Is below a reliable synatx for this? if (method==INVITE) && (!check_from()){ break; };

18 years, 8 months

[Users] Have openser make changes based on message header

by Brandon Price

First I want to thank everyone thats helped me. Here is what I am working on today. I have a set of sipura 2002, and linkys pap2 sip ata's. When you dial *67 (cid block) it tells the adapter to return a dialtone and modify the sip message header in such a way the SIP Display info is changed to "Anonymous". This doesn't set the privacy=full flag in the rpid and thus the cid is passed to the terminating end. I have tried having openser perform an action based on if from_uri =~ Anonymous but that apparently only matches to the SIP from address: not, SIP Display info. Below I have a sample bit of sip messaging.... My question is, is there any way to have openser look inside the packet and do something based on "SIP Display info"? Can I do this w / AVP's have it pull that var form the sip messaging so I can work with it later? Or heck does anyone have a solution to make the ata's pass the privacy=full flag? Message Header Via: SIP/2.0/UDP 216.120.224.163:5060;branch=z9hG4bK-f4bd2420 From: Anonymous <sip: 15184782406(a)ser1.manhattan.vtnoc.net>;tag=d5d92a6937d9f838o0 SIP Display info: Anonymous SIP from address: sip:15184782406@ser1.manhattan.vtnoc.net SIP tag: d5d92a6937d9f838o0 To: <sip:13143212222@ser1.manhattan.vtnoc.net> SIP to address: sip:13143212222@ser1.manhattan.vtnoc.net Call-ID: bae3e6fd-a92244b4@localhost CSeq: 101 INVITE Max-Forwards: 70

18 years, 8 months

[Serusers] ser replying at udp source port instead of via-port

by Atif Rasheed

Hello all, I am using ser 0.9.4 + rtpproxy. now when our SSW INVITEs SER, SER sends 100-trying to the udp-source-port where SER should reply with connection information in via or contact headers. (probably via header) Please comment. Thank you -- Atif

18 years, 8 months

[Serusers] SIp auto dialer

by Iqbal

Hi Does anyone have any recommendations, linux one is better, and would sipsak do this. All I want is a number to be dialled, and then handup once answered, no voice required. This is not for spam, just to allow me to dial up random numbers worldwide, from which I want to plot a time to completion graph, from where I can then hopfully automatically change my GW in lcr, for best route. Iqbal

18 years, 8 months

← Newer
1
...
31
32
33
34
35
36
37
...
46
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users October 2005