Marc,
your configuration looks good except calling two times radius accounting for BYEs (once in loose_routing and the second one in route(3) right after proxying the request out (I assume that your request will be detected as being generated from behind NAT due to test flag 2 used in nat_uac_test(). I don't know whether this can influence message processing, but in the case of failure I am not sure that BYE will be sent out. Can u check that once? Your radius server should tell u more about that. Simplest way should be disabling accounting in both cases just for tests. Also, could be good if u would try to see whether the BYE follows loose_route or goes out in if (!uri==myself) block. (xlog should help u finding that out).
Cheers, DanB
On 8/2/07, Marc LEURENT lftsy@free.fr wrote:
According to what I said, it is not a problem that the phones answered with a SIP/2.0 481 CallLeg/Transaction Does Not Exist. to SIP pings. What is important is that is will maintain the path through NAT
My only problem is with BYE requests that are not forwarded by OpenSER to the second user Is there something wrong in my openser.cfg???
# # $Id: openser.cfg 1827 2007-03-12 15:22:53Z bogdan_iancu $ # # simple quick-start config script # Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php # for a explanation of possible statements, functions and parameters. #
# ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd) fork=no log_stderror=yes # (cmd line: -E) children=4
#alias=sd-7501.dedibox.fr port=5060 #server_signature=yes #tos=IPTOS_LOWDELAY
avp_aliases="day=i:101;time=i:102;can_uri=i:800;s_ip=i:801;billing_party=i:802;from_header=i:803;sip_proxy_ip=i:804" #;pstnuser=i:805;pstnpassword=i:806:pstnrealm=i:807"
# ------------------ module loading ----------------------------------
#set module path mpath="/usr/lib/openser/modules/"
# Uncomment this if you want to use SQL database loadmodule "mysql.so"
loadmodule "sl.so" # Stateless Module loadmodule "tm.so" # Transaction Module loadmodule "rr.so" # Record-Route and Route Module loadmodule "maxfwd.so" # Max-Forward processor Module loadmodule "usrloc.so" # User Location Implementation Module loadmodule "registrar.so" # SIP Registrat Implementation Module (need usrloc) loadmodule "textops.so" # Text Operation Module loadmodule "mi_fifo.so" # FIFO transport layer implementation for Management Interface
loadmodule "acc.so" # Accounting Module loadmodule "avpops.so" # AVP Operation Module (user preference) loadmodule "uri.so" # Generic URI operation Module
loadmodule "auth.so" # Authentification Module #loadmodule "auth_db.so" # Database-backend Authentication mMdule loadmodule "auth_radius.so" # RADIUS-backend Authentication Module loadmodule "group_radius.so" # User-groups Module with RADIUS-backend #loadmodule "avp_radius.so" # RADIUS-backend for AVP loading Module
#loadmodule "presence.so" # Presence server Module #loadmodule "pua.so" # Common API for presence user agent client
loadmodule "options.so" # OPTIONS server replier Module loadmodule "xlog.so" # Advanced Logger Module
loadmodule "nathelper.so" # NAT Traversal Helper Module #loadmodule "dispatcher.so" # Dispatcher (load-balancer) Module
loadmodule "uac.so" # User Agent Client loadmodule "siptrace.so" # SipTrace module (storage of SIP requests) #loadmodule "exec.so" # Allows to start an external command from a OpenSER script
# ----------------- setting module-specific parameters ---------------
# -- maxfwd params -- modparam("maxfwd", "max_limit", 10) # Default is 256 | 10 in the functions
# -- sl params -- #modparam("sl", "enable_stats", 1)
# -- mi_fifo params -- modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
# -- usrloc params -- # Uncomment this if you want to use SQL database modparam("usrloc", "db_mode", 1) # Write instantaneously in the DB modparam("usrloc", "db_url", "mysql://openser:test@127.0.0.1/openser") modparam("usrloc", "timer_interval", 10) modparam("usrloc", "nat_bflag" , 3)
# -- rr params -- modparam("rr", "enable_full_lr", 1) # add value to ;lr param to make some broken UAs happy
# -- siptrace params -- modparam("siptrace", "db_url", "mysql://openser:test@127.0.0.1/openser") modparam("siptrace", "table", "sip_trace") # Default value "sip_trace" modparam("siptrace", "trace_on", 1)
# -- registrar params -- modparam("registrar", "default_expires", 1800) modparam("registrar", "received_avp", "$avp(i:42)")
# -- nathelper params -- modparam("nathelper", "rtpproxy_disable", 1) modparam("nathelper", "sipping_bflag", 5) modparam("nathelper", "natping_interval", 10) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "sipping_method", "OPTIONS") modparam("nathelper", "received_avp", "$avp(i:42)") # Same Value as the registrar module modparam("nathelper", "sipping_from", "sip:pinger@sd-7501.dedibox.fr")
# -- auth params -- #modparam("auth", "secret", "johndoessecretphrase") # Default is random => don't set it #modparam("auth", "nonce_expire", 300) # Time before nounce expiration modparam("auth_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
# -- group_radius params -- modparam("group_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf") modparam("group_radius", "use_domain", 1) # username@domain will be used for lookup
# -- avp_radius parameter -- #modparam("avp_radius", "radius_config", "/etc/radiusclient-ng/radiusclient.conf")
# -- acc params (with radius )-- modparam("acc", "radius_config", "/etc/radiusclient-ng/radiusclient.conf") modparam("acc", "radius_flag", 1) modparam("acc", "radius_missed_flag", 2)
modparam("acc", "early_media", 1) modparam("acc", "report_cancels", 1) #modparam("acc", "report_ack", 0) modparam("acc", "detect_direction", 1) #modparam("acc", "log_flag", 1) # number of the flag which will be used to mark messages for accounting #modparam("acc", "log_level", 1) # Set the reporting log level #modparam("acc", "log_missed_flag", 2) # #modparam("acc", "failed_transaction_flag", 2) modparam("acc", "service_type", 15) # Radius service type used for accounting : 15 = (SIP) #modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp") # ATTENTION: DO NOT PUT ; at the end of the radius_extra attribute modparam("acc", "radius_extra", "Sip-Src-IP=$si; Sip-Src-Port=$sp; Canonical-URI=$avp(can_uri); Billing-Party=$avp(billing_party); SIP-Proxy-IP=$avp(sip_proxy_ip); User-Agent=$ua ") #Billing-Party=$avp(billing_party) #From-Header=$hdr(from); #User-Name=$fU; #From-Header=$avp(from_header); #Digest-Realm=$fd #Sip-From-Tag=$avp(from_header); #SIP-Method=$rm;
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; # NAT detection route(2); # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") { record_route(); }; # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); if(is_method("BYE")) { # log it all the time acc_rad_request("200 ok"); acc_log_request("200 ok"); } route(1); }; # Set the acc flags if(is_method("INVITE") && !has_totag()) { xlog("L_INFO", "I AM SETTING THE FLAGS FOR RADIUS \r\n"); $avp(can_uri) = $ru; # SIP Request's URI $avp(billing_party) = $fu; # From URI $avp(from_header) = $fU; # From URI username $avp(sip_proxy_ip) = $Ri; # Received IP address setflag(1); # radius_flag setflag(2); # radius_missed_flag }; # Functions when calling other domains if (!uri==myself) { # check if user is allowed to do voip calls to other domains# if(is_method("INVITE|MESSAGE")) { # if (radius_is_user_in("From", "voip")) { # sl_send_reply("403", "Forbidden VoIP"); # exit; # }; # }; # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); };
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") { sip_trace(); xlog("L_INFO", "$fU IS TRYING TO REGISTER \r\n"); if (!radius_www_authorize("sd-7501.dedibox.fr")) { www_challenge("sd-7501.dedibox.fr", "0"); # qop set to 1 xlog("L_INFO", "WWW_CHALLENGE of $si FAILED \r\n"); exit; }; #if (isflagset(5)) { if (isbflagset(3)) { #setflag(6); # if you want OPTIONS natpings uncomment next # setflag(7); # Deprecated setbflag(5); # Set Flag for SIP PINGING }; save("location"); xlog("L_INFO", "SAVE LOCATION OF $si \r\n"); exit; }; if (!lookup("location")) { # log to acc as missed call acc_rad_request("404 Not Found"); acc_log_request("404 Not Found"); xlog("L_DBG", "ACC RADIUS: 404 NOT FOUND FOR $si \r\n"); sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); }; route(1);}
## Generic Forward route[1] { if (subst_uri('/(sip:.*);nat=yes/\1/')){ #setflag(6); # Deprecated, for version 1.1 setbflag(3); };
#if (isflagset(5)||isflagset(6)) { if (isbflagset(3)) { route(3); } if (!t_relay()) { sl_reply_error(); }; exit;}
# NAT Detection route[2]{ force_rport(); if (nat_uac_test("19")) { xlog("!!!!!!!!! NAT UAC TEST 19 SUCEDEED \r\n"); if (method=="REGISTER") { fix_nated_register(); } else { fix_nated_contact(); }; #setflag(5); Deprecated setbflag(3); }; }
## Route for natted contact route[3] { if (is_method("BYE|CANCEL")) { # Ajout Maison acc_rad_request("200 ok"); acc_log_request("200 ok");
#unforce_rtp_proxy(); } else if (is_method("INVITE")){ #force_rtp_proxy(); t_on_failure("1"); }; #if (isflagset(5)) if (isbflagset(3)){ search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes'); } t_on_reply("1");}
## Failure Route 1 failure_route[1] { xlog("!!!!!!!!! ON FAILURE ROUTE \r\n"); #if (isflagset(6) || isflagset(5)) { if (isbflagset(3)) { #unforce_rtp_proxy(); } }
## Reply route onreply_route[1] { xlog("!!!!!!!!! ON REPLY ROUTE \r\n"); #if ((isflagset(5) || isflagset(6)) && status=~"(183)|(2[0-9][0-9])") { if (isbflagset(3) && status=~"(183)|(2[0-9][0-9])") { #force_rtp_proxy(); } search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
#if (isflagset(6)) { if (isbflagset(3)) { xlog("!!!!!!!!! ON REPLY ROUTE / FIX NATED CONTACT \r\n"); fix_nated_contact(); } exit;}
Dan-Cristian Bogos a écrit :
Hi Marc,
it will help more if u will post full dialog from INVITE to BYE coming in and out from the server. It is important to check whether openser forwards the BYEs and if the end party listens on that port.
Cheers, DanB
On 8/2/07, Marc LEURENT lftsy@free.fr wrote:
STUN seems to be working
In openserctl ul show, I have: AOR:: 103 Contact:: sip:103@82.127.0.79:1028;user=phone Q= AOR:: 101 Contact:: sip:101@82.127.0.79:1313;user=phone Q=
And tcpdump -i eth0 -n port 5060 returns: 13:47:44.375374 IP 88.191.45.91.5060 > 82.127.0.79.1027: SIP, length: 241 13:47:44.375396 IP 88.191.45.91.5060 > 82.127.0.79.1312: SIP, length: 241 13:47:44.422471 IP 82.127.0.79.1027 > 88.191.45.91.5060: SIP, length: 276 13:47:44.426415 IP 82.127.0.79.1312 > 88.191.45.91.5060: SIP, length: 275
And my ngrep returns
# U 88.191.45.91:5060 -> 82.127.0.79:1027 OPTIONS sip:82.127.0.79:1027 SIP/2.0. Via: SIP/2.0/UDP 88.191.45.91:5060;branch=0. From: sip:pinger@sd-7501.dedibox.fr;tag=7ad21f92. To: sip:82.127.0.79:1027. Call-ID: 90f2eea1-5c41f342-a91@88.191.45.91. CSeq: 1 OPTIONS. Content-Length: 0. .
# U 88.191.45.91:5060 -> 82.127.0.79:1312 OPTIONS sip:82.127.0.79:1312 SIP/2.0. Via: SIP/2.0/UDP 88.191.45.91:5060;branch=0. From: sip:pinger@sd-7501.dedibox.fr;tag=8ad21f92. To: sip:82.127.0.79:1312. Call-ID: 90f2eea1-6c41f342-a91@88.191.45.91. CSeq: 1 OPTIONS. Content-Length: 0. .
# U 82.127.0.79:1027 -> 88.191.45.91:5060 SIP/2.0 481 CallLeg/Transaction Does Not Exist. Via: SIP/2.0/UDP 88.191.45.91:5060;branch=0. From: sip:pinger@sd-7501.dedibox.fr;tag=7ad21f92. To: sip:82.127.0.79:1027;tag=c0a80101-1db9be2. Call-ID: 90f2eea1-5c41f342-a91@88.191.45.91. CSeq: 1 OPTIONS. Content-Length: 0. .
# U 82.127.0.79:1312 -> 88.191.45.91:5060 SIP/2.0 481 CallLeg/Transaction Does Not Exist. Via: SIP/2.0/UDP 88.191.45.91:5060;branch=0. From: sip:pinger@sd-7501.dedibox.fr;tag=8ad21f92. To: sip:82.127.0.79:1312;tag=c0a80101-573ff0. Call-ID: 90f2eea1-6c41f342-a91@88.191.45.91. CSeq: 1 OPTIONS. Content-Length: 0.
Iñaki Baz Castillo a écrit :
El Thursday 02 August 2007 12:25:07 Marc LEURENT escribió:
# U 82.127.0.79:1312 -> 88.191.45.91:5060 BYE sip:103@82.127.0.79:1027 SIP/2.0. Via: SIP/2.0/UDP 82.127.0.79:1313;branch=z9hG4bK8030359792092547043. From: "101"sip:101@sip.leurent.eu:5060;user=phone;tag=c0a80101-4c5eed. To: sip:103@sip.leurent.eu:5060;user=phone;tag=c0a80101-1d0bb0d. Call-ID: 66464a0-c0a80101-0-1f@192.168.95.4. CSeq: 2 BYE. Max-Forwards: 70. Route: sip:88.191.45.91:5060;lr=on;ftag=c0a80101-4c5eed. User-Agent: THOMSON ST2030 hw0 fw1.50 00-0E-50-4E-AF-AE. Content-Length: 0.
What more is after this message? Did you try tcpdump to monitorize to with IP:port are the messages sent?
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users