Re: [Serusers] problem getting calls to my gateway

Hi everyone, thank you for your responses. Here is the latest copy of my ngrep. I seem to have the ATA box trying to register with both ports (uid0 Rick and uid1 6044844000) however when ser tries to forward to my gateway, I get the Method not allowed. I also noticed that no numbers I try to dial ever get passed to the gateway, is that because it's failing initial auth? I have registered the user Rick using serctl and placed the uid into the free-pstn and local groups...

I'm including my ser.cfg as I may have changed things since last time....

thanks again, Rick

## U 64.189.165.2065060 -> 64.189.165.2055060REGISTER sip:64.189.165.205 SIP/2.0..Via SIP/2.0/UDP 64.189.165.2065060..From sip:Rick@64.189.165.205;tag=3484959312..To sip:Rick@64.189.165.205..Call-ID 3859574384@64.189.165.206..CSeq 3 REGISTER..Contact <sip:Rick@ 64.189.165.2065060;transport=udp>;expires=3600..User-Agent Cisco ATA 186 v2.16.2 ata18x (030909a)..Content-Length 0.... # U 64.189.165.2055060 -> 65.189.155.1015060 REGISTER sip:64.189.165.205 SIP/2.0..Max-Forwards 10..Via SIP/2.0/UDP 64.189.165.205;branch=0..Via SIP/2.0/UDP 64.189.165.2065060..From sip:Rick@64.189.165.205;tag=3484959312..To sip:Rick@64.189.165.205..Call-ID 3859574384@64.189.165.206..CSeq 3REGISTER..Contact<sip:Rick@64.189.165.2065060; transport=udp>;expires=3600..User-Agent Cisco ATA 186 v2.16.2 ata18x (030909a)..Content-Length 0....

# U 65.189.155.1015060 -> 64.189.165.2055060SIP/2.0 405 Method Not Allowed..Via SIP/2.0/UDP 64.189.165.205;branch=0,SIP/2.0/UDP 64.189.165.2065060..From sip:Rick@64.189.165.205;tag=3484959312..To sip:Rick@64.189.165.205..Call-ID 3859574384@64.189.165.206..CSeq 3 REGISTER..Allow INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO..Content-Length 0.... # U 64.189.165.2055060 -> 64.189.165.2065060 SIP/2.0 405 Method Not Allowed..Via SIP/2.0/UDP 64.189.165.2065060..From sip:Rick@64.189.165.205;tag=3484959312..To sip:Rick@ 64.189.165.205..Call-ID 3859574384@64.189.165.206..CSeq 3 REGISTER..Allow INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO..Content-Length0....

# U 64.189.165.2065060 -> 64.189.165.2055060REGISTER sip:64.189.165.205 SIP/2.0..Via SIP/2.0/UDP 64.189.165.2065060..From sip:6044844000@64.189.165.205;user=phone;tag=4073070426..To sip:6044844000@64.189.165.205;user=phone..Call-ID 3464081553@64.189.165.206..CSeq 3 REGISTER..Contact <sip:6044844000@64.189.165.2065060;user=phone; transport=udp>;expires=3600..User-Agent Cisco ATA 186 v2.16.2 ata18x (030909a)..Content-Length 0....

# U 64.189.165.2055060 -> 65.189.155.1015060REGISTER sip64.189.165.205 SIP/2.0..Max-Forwards 10..Via SIP/2.0/UDP 64.189.165.205;branch=0..Via SIP/2.0/UDP 64.189.165.206 5060..Fromsip:6044844000@64.189.165.205;user=phone; tag=4073070426..To sip:6044844000@64.189.165.205;user=phone..Call-ID 3464081553@64.189.165.206..CSeq 3 REGISTER..Contact sip:6044844000@64.189.165.2065060;user=phone;transport=udp;expires=3600..User-Agent Cisco ATA 186 v2.16.2 ata18x (030909a)..Content-Length 0.... # U 65.189.155.1015060 -> 64.189.165.2055060 SIP/2.0 405 Method Not Allowed..Via SIP/2.0/UDP 64.189.165.205;branch=0,SIP/2.0/UDP 64.189.165.2065060..From sip:6044844000@64.189.165.205;user=phone;tag=4073070426..To<sip:6044844000@64.189.165.205;user= phone>..Call-ID 3464081553@64.189.165.206..CSeq 3 REGISTER..Allow INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO..Content-Length 0.... # U 64.189.165.2055060 -> 64.189.165.2065060 SIP/2.0 405 Method Not Allowed..Via SIP/2.0/UDP 64.189.165.2065060..From sip:6044844000@64.189.165.205;user=phone;tag=4073070426..To sip:6044844000@64.189.165.205;user=phone..Call-ID 3464081553@64.189.165.206..CSeq 3 REGISTER..Allow INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO..Content-Length 0....

# ----------- global configuration parameters ------------------------

debug=7 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=yes # (cmd line: -E)

#/* Uncomment these lines to enter debugging mode #fork=no #log_stderror=yes #*/

check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo"

# # $Id: pstn.cfg,v 1.2 2003/06/03 03:18:12 jiri Exp $ # #

# ------------------ module loading ---------------------------------- loadmodule "/usr/lib/ser/modules/tm.so" loadmodule "/usr/lib/ser/modules/sl.so" loadmodule "/usr/lib/ser/modules/acc.so" loadmodule "/usr/lib/ser/modules/rr.so" loadmodule "/usr/lib/ser/modules/usrloc.so" loadmodule "/usr/lib/ser/modules/uri.so" loadmodule "/usr/lib/ser/modules/registrar.so" loadmodule "/usr/lib/ser/modules/maxfwd.so" loadmodule "/usr/lib/ser/modules/mysql.so" loadmodule "/usr/lib/ser/modules/auth.so" loadmodule "/usr/lib/ser/modules/auth_db.so" loadmodule "/usr/lib/ser/modules/textops.so" loadmodule "/usr/lib/ser/modules/group.so" modparam("auth_db", "db_url","sql://ser:secret@localhost/ser") modparam("usrloc", "db_url", "sql://ser:secret@localhost/ser")

# ----------------- setting module-specific parameters ---------------

modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password") modparam("usrloc", "db_mode", 2) # -- acc params -- # modparam("acc", "log_level", 1) # that is the flag for which we will account -- don't forget to # set the same one :-) # modparam("acc", "log_flag", 1 )

# ------------------------- request routing logic -------------------

# main routing logic

route{

/* ********* ROUTINE CHECKS ********************************** */

# filter too old messages if (!mf_process_maxfwd_header("10")) { log("LOG: Too many hops\n"); sl_send_reply("483","Too Many Hops"); break; }; if (msg:len >= max_len ) { sl_send_reply("513", "Message too big"); break; }; /* ********* RR ********************************** */

/* grant Route routing if route headers present */ if (loose_route()) { t_relay(); break; };

/* record-route INVITEs -- all subsequent requests must visit us */ if (method=="INVITE") { record_route(); };

# now check if it really is a PSTN destination which should be handled # by our gateway; if not, and the request is an invitation, drop it -- # we cannot terminate it in PSTN; relay non-INVITE requests -- it may # be for example BYEs sent by gateway to call originator if (!uri=~"sip:+?[0-9]+@.*") { if (method=="INVITE") { sl_send_reply("403", "Call cannot be served here"); } else { # forward(uri:host, uri:port); forward(65.189.155.101, 5060); }; break; };

# account completed transactions via syslog setflag(1);

# free call destinations ... no authentication needed if ( is_user_in("Request-URI", "free-pstn") /* free destinations */ # | uri=~"sip:[79][0-9][0-9][0-9]@.*" /* local PBX */ | uri=~"sip:[9][0-9][0-9][0-9]@.*" /* local PBX */ | uri=~"sip:98[0-9][0-9][0-9][0-9]") { log("free call");

} else if (src_ip==65.189.155.101) { # our gateway doesn't support digest authentication; # verify that a request is coming from it by source # address log("gateway-originated request"); } else { # in all other cases, we need to check the request against # access control lists; first of all, verify request # originator's identity

if (!proxy_authorize( "gateway" /* realm */, "subscriber" /* table name */)) { proxy_challenge( "gateway" /* realm */, "0" /* no qop */ ); break; };

# authorize only for INVITEs -- RR/Contact may result in weird # things showing up in d-uri that would break our logic; our # major concern is INVITE which causes PSTN costs

if (method=="INVITE") {

# does the authenticated user have a permission for local # calls (destinations beginning with a single zero)? # (i.e., is he in the "local" group?) if (uri=~"sip:0[1-9][0-9]+@.*") { if (!is_user_in("credentials", "local")) { sl_send_reply("403", "No permission for local calls"); break; }; # the same for long-distance (destinations begin with two zeros") } else if (uri=~"sip:00[1-9][0-9]+@.*") { if (!is_user_in("credentials", "ld")) { sl_send_reply("403", " no permission for LD "); break; }; # the same for international calls (three zeros) } else if (uri=~"sip:000[1-9][0-9]+@.*") { if (!is_user_in("credentials", "int")) { sl_send_reply("403", "International permissions needed"); break; }; # everything else (e.g., interplanetary calls) is denied } else { sl_send_reply("403", "Forbidden"); break; };

}; # INVITE to authorized PSTN

}; # authorized PSTN

# if you have passed through all the checks, let your call go to GW!

rewritehostport("65.189.155.101:5060");

# forward the request now if (!t_relay()) { sl_reply_error(); break; }; if (uri=~"^sip:[0-9]*@.*") { log("Forwarding to PSTN\n"); t_relay_to_udp ("65.189.155.101","5060"); t_relay_to_tcp ("65.189.155.101","5060"); break; }; }