Hello
I m trying to implement an OpenSER with TLS, and I think the idea is
very good and very well explained in the manual (
http://openser.org/docs/tls.html#AEN50 ).
But can the OpenSER servers negotiate the certificates in real time? Can
this trusting scheme be dynamic? or every server needs to have a list of
domains?
The list of domains is supposed to be centralized, like a rootCA? Then
all our SIP servers must use the same rootCA?
Thanks
Joao Pereira
I am trying to force the ACK and BYE messages to go through SER. However, I seem to have a problem with record_route(). The record route field appears to be mangled (i.e., missing â;â and a couple of characters after the IP address).
Here is what the Record-Route field as sent from SER:
Record-Route: <sip:24.5.167.173ag=9612000026130000;lr=on>
What do I need to do to get the ACK and BYE messages to go through SER? Thanks,
Tuan
---------------------------------------------
Hereâs my ser.cfg file:
#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)
alias=24.5.167.173
port=5060
children=4
dns=no
rev_dns=no
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://ser:heslo@localhost/ser"
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/uri_db.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
modparam("auth_db|usrloc", "db_url", "mysql://ser:heslo@localhost/ser")
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("usrloc", "db_mode", 2)
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
if (!www_authorize("", "subscriber")) {
www_challenge("", "0");
break;
};
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
---------------------------------
New Yahoo! Messenger with Voice. Call regular phones from your PC for low, low rates.
Dear All,
I am new in SER and B2BUA, and I have a problem now
UA1----SER----B2BUA----Freeradius
|
|
UA2
if i use the configure in b2bua-cfg.xml
<Billing_Server>
<Address>radius.xxx.com</Address>
<Authentication_Port>1813</Authentication_Port>
<Accounting_Port>1813</Accounting_Port>
<Password>password</Password>
</Billing_Server>
it will show the log in the radius server, when UA1 called to UA2
rad_recv: Access-Request packet from host 140.110.20.55:1024, id=0, length=68
Authentication-Request sent to a non-authentication port from client b2bua:1024 - ID 0 : IGNORED
so , i change the configure in b2bua-cfg.xml
<Billing_Server>
<Address>radius.xxx.com</Address>
<Authentication_Port>1812</Authentication_Port>
<Accounting_Port>1813</Accounting_Port>
<Password>password</Password>
</Billing_Server>
when UA1 called to UA2 , caller show the log "Number does not exist Call rejected : 404 not found"
Can anyone help me?
John Hsu
---------- Forwarded message ----------
From: alex wood <kingofthemods(a)gmail.com>
Date: Mar 25, 2006 8:26 PM
Subject: mysql
To: serusers(a)lists.iptel.org
im useing cent os server ed i loaded ser 0.9.6 via the unraring method then
i installed mysql by this commmand
yum install mysql-server it did that with no problems and then i did this
ser_mysql.sh create
no pass was entered the doamin i used was admin and again no pass
i then went to the ser config file then i un comented the mysql modual and
the 2 auth modsulas
then i comented that first modparam
and uncomented the 4 under that
then i changed all the uri==myself to uri==localhost
then i uncometed the digest authenticationn block ang changed all the
iptel.org to localhost
then i saved it
i started ser with checking
ser -c and i got this
load_module: could not open module </usr/local/lib/ser/modules/mysql.so>:
libmysqlclient.so.12: cannot open file or directery
i think this is because im missing something from my mysql install but i
have no idea what it is so if you know what it is please say.
sorry if this email sounds a little inpersonal but im just about to leave
and im kinda ima rush that also expalins my typos.
thanks
regards, Alex Wood
Sorry to bother everyone with the last post, the problem was my mistake.
One more though.. When compiling with:
gmake include_modules="mysql jabber"
gmake install
The mysql.so module is not installed, anyone else seeing this ?
tnx
-kim
--
w8hdkim(a)gmail.com
Seeing this on FreeBSD for ser-0.9.7-pre1:
db/db_fifo.o lex.yy.o cfg.tab.o -lfl -o ser
forward.o(.text+0x511): In function `get_send_socket':
/usr/local/src/ser/ser-0.9.7-pre1/forward.c:207: undefined reference
to `sendipv6_tls'
forward.o(.text+0x692):/usr/local/src/ser/ser-0.9.7-pre1/forward.c:204:
undefined reference to `sendipv4_tls'
forward.o(.text+0x762): In function `msg_send':
/usr/local/src/ser/ser-0.9.7-pre1/forward.h:120: undefined reference
to `tls_disable'
Any help here is greatly appreciated.
-kim
--
w8hdkim(a)gmail.com
im useing cent os server ed i loaded ser 0.9.6 via the unraring method then
i installed mysql by this commmand
yum install mysql-server it did that with no problems and then i did this
ser_mysql.sh create
no pass was entered the doamin i used was admin and again no pass
i then went to the ser config file then i un comented the mysql modual and
the 2 auth modsulas
then i comented that first modparam
and uncomented the 4 under that
then i changed all the uri==myself to uri==localhost
then i uncometed the digest authenticationn block ang changed all the
iptel.org to localhost
then i saved it
i started ser with checking
ser -c and i got this
load_module: could not open module </usr/local/lib/ser/modules/mysql.so>:
libmysqlclient.so.12: cannot open file or directery
i think this is because im missing something from my mysql install but i
have no idea what it is so if you know what it is please say.
sorry if this email sounds a little inpersonal but im just about to leave
and im kinda ima rush that also expalins my typos.
thanks
regards, Alex Wood
Hi guys. Last week I compiled ser CVS-HEAD and went through the mailing
list archives to determine what needed changing in ser.cfg to move from
v0.9.6. However, starting ser fails with this error:
nick@customer-dev3:~> /usr/bin/sudo /usr/local/sbin/ser \
-P /var/run/ser/ser.pid -u ser -g ser -E -f /etc/ser/ser.cfg
0(12670) parse error (139,22-23): unknown command, missing loadmodule?
ERROR: bad config file (1 errors)
nick@customer-dev3:~>
Lines 138 and 139 are:
lookup_user("Request-URI");
if (is_user_in("$t.uid", "disabled")) {
which according to this snippet from a mailing list email, is correct:
http://rafb.net/paste/results/CeCcPy17.html
I've posted my ser.cfg in case that can be of any help in solving this.
http://rafb.net/paste/results/QXZYtn88.html
If you have any suggestions, I'm all ears!
-- Nick
e: nick.hoffman(a)altcall.com
p: +61 7 5591 3588
f: +61 7 5591 6588
If you receive this email by mistake, please notify us and do not make any
use of the email. We do not waive any privilege, confidentiality or
copyright associated with it.
Dear Group,
A few years ago I successfully configured SER. My UA's were both sitting
behind Firewall FVS318 and I was able to use X-Ten lite and a public
STUN server and hold conversations with various people across the NET.
I have tried to recreate the same environment and I'm running into
difficulties. I have provided as much information as possible so that
someone may be able to add some ideas to help me resolve this problem.
My SER server
-------------
192.168.0.1 || LINUX FIRWALL NAT || 65.X.Y.64 (public IP Address)
I have mapped UDP/TCP 5060 from 65.X.Y.64 to 192.168.0.1
UA1
---
192.168.0.10 || FVS318 FIREWALL ||84.X.Y.Z (Public IP Address)
UA2
---
192.168.1.12|| Nortel 221 Firewal||84.X.Y.A
My first test is always to try and call myself!
I have placed a packet sniffer outside of my FVS318, on on the UA LAN
and I'm running an ethereal capture on the SER server.
Here is what I see;
UA1 FVS318 LINUX FIREWALL SER
------------------------------------------------------------
INVITE-->
SRC Port 5060 SRC Port 18564 SRC Port 18564 SRC Port 5060
DST Port 5060 DST Port 5060 DST Port 5060 DST Port 5060
<--TRYING
SRC Port 5060 SRC 5060 SRC port 5060 SRC Port 5060
DST Port 5060 DST Port 5060 DST Port 5060 DST Port 5060
<--INVITE
SRC Port 5060 SRC Port
5060
DENY DST Port 5060 SRC Port
5060
<--INVITE
SRC Port 5060 SRC Port
5060
DENY DST Port 5060 SRC Port
5060
<--INVITE
SRC Port 5060 SRC Port
5060
DENY DST Port 5060 SRC Port
5060
etc... until we time out.
Here is the sip digest (email continues after the digest :);
SIP MESSAGE 1 84.X.Y.Z:18425() -> 192.168.0.1:5060()
UDP Frame 538 24/Mar/06 10:26:48.2393
TimeFromPreviousSipFrame=20.2531 TimeFromStart=20.2531
INVITE sip:shad@65.X.Y.642 SIP/2.0
Via: SIP/2.0/UDP
84.X.Y.Z:5060;rport;branch=z9hG4bKAC3E8656BB4A11DAAE75000393A75010
From: Shad <sip:Shad@65.X.Y.642>;tag=2118835080
To: <sip:shad@65.X.Y.642>
Contact: <sip:Shad@84.X.Y.Z:5060>
Call-ID: AB162664-BB4A-11DA-AE75-000393A75010(a)192.168.0.3
CSeq: 40569 INVITE
Max-Forwards: 70
Content-Type: application/sdp
User-Agent: X-Lite release 1105x
Content-Length: 282
v=0
o=Shad 194756629 194756693 IN IP4 84.X.Y.Z
s=X-Lite
c=IN IP4 84.X.Y.Z
t=0 0
m=audio 8000 RTP/AVP 0 8 98 97 101
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:98 iLBC/8000
a=rtpmap:97 speex/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
========================================================================
====
SIP MESSAGE 2 192.168.0.1:5060() -> 84.X.Y.Z:18425()
UDP Frame 539 24/Mar/06 10:26:48.2514
TimeFromPreviousSipFrame=0.0121 TimeFromStart=20.2652
SIP/2.0 100 trying -- your call is important to us
Via: SIP/2.0/UDP
84.X.Y.Z:5060;rport=18425;branch=z9hG4bKAC3E8656BB4A11DAAE75000393A75010
From: Shad <sip:Shad@65.X.Y.642>;tag=2118835080
To: <sip:shad@65.X.Y.642>
Call-ID: AB162664-BB4A-11DA-AE75-000393A75010(a)192.168.0.3
CSeq: 40569 INVITE
Server: Sip EXpress router (0.8.12 (i386/linux))
Content-Length: 0
Warning: 392 192.168.0.1:5060 "Noisy feedback tells: pid=30110
req_src_ip=84.X.Y.Z req_src_port=18425 in_uri=sip:shad@65.X.Y.642
out_uri=sip:Shad@84.X.Y.Z:5060 via_cnt==1"
========================================================================
====
SIP MESSAGE 3 192.168.0.1:5060() -> 84.X.Y.Z:5060()
UDP Frame 540 24/Mar/06 10:26:48.2592
TimeFromPreviousSipFrame=0.0078 TimeFromStart=20.2730
INVITE sip:Shad@84.X.Y.Z:5060 SIP/2.0
Record-Route: <sip:shad@192.168.0.1;ftag=2118835080;lr=on>
Via: SIP/2.0/UDP 192.168.0.1;branch=z9hG4bK00fc.855877d1.0
Via: SIP/2.0/UDP
84.X.Y.Z:5060;rport=18425;branch=z9hG4bKAC3E8656BB4A11DAAE75000393A75010
From: Shad <sip:Shad@65.X.Y.642>;tag=2118835080
To: <sip:shad@65.X.Y.642>
Contact: <sip:Shad@84.X.Y.Z:5060>
Call-ID: AB162664-BB4A-11DA-AE75-000393A75010(a)192.168.0.3
CSeq: 40569 INVITE
Max-Forwards: 69
Content-Type: application/sdp
User-Agent: X-Lite release 1105x
Content-Length: 282
v=0
o=Shad 194756629 194756693 IN IP4 84.X.Y.Z
s=X-Lite
c=IN IP4 84.X.Y.Z
t=0 0
m=audio 8000 RTP/AVP 0 8 98 97 101
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:98 iLBC/8000
a=rtpmap:97 speex/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
========================================================================
====
SIP MESSAGE 4 192.168.0.1:5060() -> 84.X.Y.Z:5060()
UDP Frame 596 24/Mar/06 10:26:49.1709
TimeFromPreviousSipFrame=0.9117 TimeFromStart=21.1847
INVITE sip:Shad@84.X.Y.Z:5060 SIP/2.0
Record-Route: <sip:shad@192.168.0.1;ftag=2118835080;lr=on>
Via: SIP/2.0/UDP 192.168.0.1;branch=z9hG4bK00fc.855877d1.0
Via: SIP/2.0/UDP
84.X.Y.Z:5060;rport=18425;branch=z9hG4bKAC3E8656BB4A11DAAE75000393A75010
From: Shad <sip:Shad@65.X.Y.642>;tag=2118835080
To: <sip:shad@65.X.Y.642>
Contact: <sip:Shad@84.X.Y.Z:5060>
Call-ID: AB162664-BB4A-11DA-AE75-000393A75010(a)192.168.0.3
CSeq: 40569 INVITE
Max-Forwards: 69
Content-Type: application/sdp
User-Agent: X-Lite release 1105x
Content-Length: 282
v=0
o=Shad 194756629 194756693 IN IP4 84.X.Y.Z
s=X-Lite
c=IN IP4 84.X.Y.Z
t=0 0
m=audio 8000 RTP/AVP 0 8 98 97 101
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:98 iLBC/8000
a=rtpmap:97 speex/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
========================================================================
====
Obviously if the INVITE from the SER Server goes through on Port 5060
this is going to break !
I see the same thing if I try and call from UA2 to UA1 (More Email after
the digest :))
========================================================================
====
SIP MESSAGE 1 84.X.Y.A:24575() -> 192.168.0.1:5060()
UDP Frame 103 24/Mar/06 11:40:14.4074
TimeFromPreviousSipFrame=1.7003 TimeFromStart=1.7003
OPTIONS sip:65.X.Y.64:5060 SIP/2.0
Via: SIP/2.0/UDP
192.168.6.50;rport;branch=z9hG4bKc0a8063200000010442420ee0000369900000f1
b
Content-Length: 0
Call-ID: CE4F0254-4004-4129-9E4B-51CE8AAEE198(a)192.168.6.50
CSeq: 61 OPTIONS
From: <sip:bart@65.X.Y.64:5060>;tag=2925878122169
Max-Forwards: 70
To: <sip:65.X.Y.64:5060>
========================================================================
====
SIP MESSAGE 2 192.168.0.1:5060() -> 84.X.Y.A:24575()
UDP Frame 104 24/Mar/06 11:40:14.4078
TimeFromPreviousSipFrame=0.0004 TimeFromStart=1.7007
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP
192.168.6.50;rport=24575;branch=z9hG4bKc0a8063200000010442420ee000036990
0000f1b;received=84.X.Y.A
Call-ID: CE4F0254-4004-4129-9E4B-51CE8AAEE198(a)192.168.6.50
CSeq: 61 OPTIONS
From: <sip:bart@65.X.Y.64:5060>;tag=2925878122169
To: <sip:65.X.Y.64:5060>;tag=b27e1a1d33761e85846fc98f5f3a7e58.c661
Server: Sip EXpress router (0.8.12 (i386/linux))
Content-Length: 0
Warning: 392 192.168.0.1:5060 "Noisy feedback tells: pid=30107
req_src_ip=84.X.Y.A req_src_port=24575 in_uri=sip:65.X.Y.64:5060
out_uri=sip:65.X.Y.64:5060 via_cnt==1"
========================================================================
====
SIP MESSAGE 3 84.X.Y.A:24575() -> 192.168.0.1:5060()
UDP Frame 699 24/Mar/06 11:40:29.5842
TimeFromPreviousSipFrame=15.1763 TimeFromStart=16.8771
INVITE sip:shad@65.X.Y.64:5060 SIP/2.0
Via: SIP/2.0/UDP
192.168.6.50;rport;branch=z9hG4bKc0a8063200000225442420fd0000740600000f1
d
Content-Length: 264
Contact: <sip:bart@84.X.Y.A:5060>
Call-ID: 27CA29B7-302C-4FA1-BD57-AA2C4ADD5C69(a)192.168.6.50
Content-Type: application/sdp
CSeq: 1 INVITE
From: "unknown"<sip:bart@65.X.Y.64:5060>;tag=292738906749
Max-Forwards: 70
To: <sip:shad@65.X.Y.64:5060>
User-Agent: SJphone/1.60.289a (SJ Labs)
v=0
o=- 3352207229 3352207229 IN IP4 84.X.Y.A
s=SJphone
c=IN IP4 84.X.Y.A
t=0 0
a=direction:active
m=audio 49180 RTP/AVP 3 0 8 101
a=rtpmap:3 GSM/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-11,16
========================================================================
====
SIP MESSAGE 4 192.168.0.1:5060() -> 84.X.Y.A:24575()
UDP Frame 701 24/Mar/06 11:40:29.6111
TimeFromPreviousSipFrame=0.0270 TimeFromStart=16.9040
SIP/2.0 100 trying -- your call is important to us
Via: SIP/2.0/UDP
192.168.6.50;rport=24575;branch=z9hG4bKc0a8063200000225442420fd000074060
0000f1d;received=84.X.Y.A
Call-ID: 27CA29B7-302C-4FA1-BD57-AA2C4ADD5C69(a)192.168.6.50
CSeq: 1 INVITE
From: "unknown"<sip:bart@65.X.Y.64:5060>;tag=292738906749
To: <sip:shad@65.X.Y.64:5060>
Server: Sip EXpress router (0.8.12 (i386/linux))
Content-Length: 0
Warning: 392 192.168.0.1:5060 "Noisy feedback tells: pid=30097
req_src_ip=84.X.Y.A req_src_port=24575 in_uri=sip:shad@65.X.Y.64:5060
out_uri=sip:Shad@84.X.Y.Z:5060 via_cnt==1"
========================================================================
====
SIP MESSAGE 5 192.168.0.1:5060() -> 84.X.Y.Z:5060()
UDP Frame 702 24/Mar/06 11:40:29.6114
TimeFromPreviousSipFrame=0.0003 TimeFromStart=16.9043
INVITE sip:Shad@84.X.Y.Z:5060 SIP/2.0
Record-Route: <sip:shad@192.168.0.1;ftag=292738906749;lr=on>
Via: SIP/2.0/UDP 192.168.0.1;branch=z9hG4bK779f.4d153ff7.0
Via: SIP/2.0/UDP
192.168.6.50;received=84.X.Y.A;rport=24575;branch=z9hG4bKc0a806320000022
5442420fd0000740600000f1d
Content-Length: 264
Contact: <sip:bart@84.X.Y.A:5060>
Call-ID: 27CA29B7-302C-4FA1-BD57-AA2C4ADD5C69(a)192.168.6.50
Content-Type: application/sdp
CSeq: 1 INVITE
From: "unknown"<sip:bart@65.X.Y.64:5060>;tag=292738906749
Max-Forwards: 69
To: <sip:shad@65.X.Y.64:5060>
User-Agent: SJphone/1.60.289a (SJ Labs)
v=0
o=- 3352207229 3352207229 IN IP4 84.X.Y.A
s=SJphone
c=IN IP4 84.X.Y.A
t=0 0
a=direction:active
m=audio 49180 RTP/AVP 3 0 8 101
a=rtpmap:3 GSM/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-11,16
========================================================================
====
I see STUN packets being sent to the public STUN server, I see UDP
packets keeping the firewall ports open, the problem is unless the
INVITE from the ser server is initiated on on open port this is never
going to work !
As a final test if I R-NAT UDP 5060 on the FVS318 it obviously work.
This is great if I have only one user that needs to use the service?
however what happens when I want to have 2 or 3?
I would appreciate some help.
Thanks and Regards
Shad Mortazavi
------------------------------------------------------
Nexus Group Technical Manager
n|m Nexus Management Inc
Hi
I am able to make call using openser now the problem is
1. From the messages flow openser is acting as stateful proxy. How to
make openser to behave as stateless ?
2. when cpl-c module gets loaded the error occurs saying the module
cannot be loaded.
3. It asks for auth_db module when it is loaded it generates other errors.
regards,
Prateep.K
Bogdan-Andrei Iancu wrote:
> Hi,
>
> most probably the sever and clients are not properly configured. best
> way to go is to look on network level to see where the SIP packages
> are sent.
>
> for more questions please do not hesitate to use the users(a)openser.org
> mailing list.
>
> regards,
> bogdan
>
>
> Prateep K wrote:
>
>> Hi
>>
>> I prateep.K facing a problem in openser.
>> 1. After Installing I trying to make a call using xlite UA but the
>> xlite will say logging in and later show login time out error.
>> 2. Some times it will connect , when receiver receives a call he
>> gets connected in his UA but at the source ua still indicates trying
>> message.
>> 3. What parameters to be set in /usr/local/etc/openser/openser.cfg
>>
>> Thanks,
>> Prateep.K
>>
>>
>>
>> _______________________________________________
>> Team mailing list
>> Team(a)openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/team
>>
>