Hi,
Is it possible to run kamailio without database support (even dbtext)? Where can I find minimal configuration example with minimal modules set only for forwarding any requests/responses from one ip address to another one?
Is it possible to run kamailio without database support (even dbtext)?
Yes, minimal stub may be looks like:
loadmodule "mi_fifo.so" loadmodule "kex.so" loadmodule "sl.so"
modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
route { sl_send_reply("503", "Server is not configured"); }
Which module/function need I use to simple forward any request/responce to another sip server?
Which module/function need I use to simple forward any request/responce to another sip server?
Is forward function enought for me - http://www.kamailio.org/wiki/cookbooks/4.1.x/core#forward ? I tried to use:
route { $du = "sip:10.10.10.50:5060;transport=udp"; forward(); }
but I can't see any outgoing sip requests in tcpdump :(
On 26/08/14 08:55, Eugene Prokopiev wrote:
Which module/function need I use to simple forward any request/responce to another sip server?
Is forward function enought for me - http://www.kamailio.org/wiki/cookbooks/4.1.x/core#forward ? I tried to use:
route { $du = "sip:10.10.10.50:5060;transport=udp"; forward(); }
but I can't see any outgoing sip requests in tcpdump :(
The above config should work, but you need to load pv module.
If the IP is the same as the server, then watch also the loopback interface.
If doesn't work, add debug=3 as parameter to config and send the log messages here (they are in syslog file).
Cheers, Daniel
Now I need to hide local topology: rewrite public ip addresses in sip/sdp headers with internal kamailio address (10.10.10.7) for incoming requests, rewrite internal softswitch address with public kamailio ip address (10.7.7.7) and forward rtp packets. So, I have rtpproxy running:
$ ps aux | grep rtpproxy rtpproxy 12568 97.8 0.0 98588 988 ? Ssl 13:57 14:02 /usr/bin/rtpproxy -p /var/run/rtpproxy.pid -u rtpproxy -F -s udp:127.0.0.1 22222 -l 10.7.7.7 10.10.10.7 -d DBUG LOG_LOCAL0 -u rtpproxy
My kamailio configuration looks like:
loadmodule "mi_fifo.so" loadmodule "kex.so" loadmodule "tm.so" loadmodule "sl.so" loadmodule "pv.so" loadmodule "nathelper.so" loadmodule "rtpproxy.so"
modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
modparam("nathelper", "received_avp", "$avp(RECEIVED)")
modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:22222")
route { force_rport(); if (nat_uac_test("19")) { if (method=="REGISTER") { fix_nated_register(); } else { fix_nated_contact(); } } rtpproxy_manage("cwei"); $du = "sip:10.10.10.50:5060;transport=udp"; forward(); }
onreply_route { rtpproxy_manage("cwie"); fix_nated_contact(); return(1); }
I see additional Via header with internal kamailio address in forwarded REGISTER, but all other headers contains public ip addresses.
What is wrong in my configuration and how to fix it?
Each hop in the path of a SIP request has to add a Via header with its own address.
If you want a different ip address in VIA than the local socket of kamailio, then look at set_advertise_address() from core cookbook.
Cheers, Daniel
On 26/08/14 12:31, Eugene Prokopiev wrote:
Now I need to hide local topology: rewrite public ip addresses in sip/sdp headers with internal kamailio address (10.10.10.7) for incoming requests, rewrite internal softswitch address with public kamailio ip address (10.7.7.7) and forward rtp packets. So, I have rtpproxy running:
$ ps aux | grep rtpproxy rtpproxy 12568 97.8 0.0 98588 988 ? Ssl 13:57 14:02 /usr/bin/rtpproxy -p /var/run/rtpproxy.pid -u rtpproxy -F -s udp:127.0.0.1 22222 -l 10.7.7.7 10.10.10.7 -d DBUG LOG_LOCAL0 -u rtpproxy
My kamailio configuration looks like:
loadmodule "mi_fifo.so" loadmodule "kex.so" loadmodule "tm.so" loadmodule "sl.so" loadmodule "pv.so" loadmodule "nathelper.so" loadmodule "rtpproxy.so"
modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
modparam("nathelper", "received_avp", "$avp(RECEIVED)")
modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:22222")
route { force_rport(); if (nat_uac_test("19")) { if (method=="REGISTER") { fix_nated_register(); } else { fix_nated_contact(); } } rtpproxy_manage("cwei"); $du = "sip:10.10.10.50:5060;transport=udp"; forward(); }
onreply_route { rtpproxy_manage("cwie"); fix_nated_contact(); return(1); }
I see additional Via header with internal kamailio address in forwarded REGISTER, but all other headers contains public ip addresses.
What is wrong in my configuration and how to fix it?
If you want a different ip address in VIA than the local socket of kamailio, then look at set_advertise_address() from core cookbook.
No, it is more important to rewrite To and From headers to source interface ip address for proxied requests and responses. What is the right way to do it? Where can I find simple example to proxy requests from public network to private one?
Is it possible at all to do double topology hiding with Kamailio? SIP devices with public ip addresses must not know private softswitch address and softswitch must not know any public ip address. Softswitch must work only with Kamailio private address.
Apart from topoh module (an experimental hack in my opinion), basically no. It's a proxy. Proxies are highly transparent. Logical call leg A in, logical call leg A out. There's no topology to hide, really.
On 26 August 2014 09:46:29 GMT-04:00, Eugene Prokopiev enp@itx.ru wrote:
Is it possible at all to do double topology hiding with Kamailio? SIP devices with public ip addresses must not know private softswitch address and softswitch must not know any public ip address. Softswitch must work only with Kamailio private address.
-- Sent from my mobile, and thus lacking in the refinement one might expect from a fully fledged keyboard.
Alex Balashov - Principal Evariste Systems LLC 235 E Ponce de Leon Ave Suite 106 Decatur, GA 30030 United States Tel: +1-678-954-0671 Web: http://www.evaristesys.com/, http://www.alexbalashov.com
On 26/08/14 15:48, Alex Balashov wrote:
Apart from topoh module (an experimental hack in my opinion)
Why experimental? It is used in production in many places.
Daniel
, basically no. It's a proxy. Proxies are highly transparent. Logical call leg A in, logical call leg A out. There's no topology to hide, really.
On 26 August 2014 09:46:29 GMT-04:00, Eugene Prokopiev enp@itx.ru wrote:
Is it possible at all to do double topology hiding with Kamailio? SIP devices with public ip addresses must not know private softswitch address and softswitch must not know any public ip address. Softswitch must work only with Kamailio private address.
-- Sent from my mobile, and thus lacking in the refinement one might expect from a fully fledged keyboard.
Alex Balashov - Principal Evariste Systems LLC 235 E Ponce de Leon Ave Suite 106 Decatur, GA 30030 United States Tel: +1-678-954-0671 Web: http://www.evaristesys.com/, http://www.alexbalashov.com
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
On 26 August 2014 09:52:59 GMT-04:00, Daniel-Constantin Mierla miconda@gmail.com wrote:
On 26/08/14 15:48, Alex Balashov wrote:
Apart from topoh module (an experimental hack in my opinion)
Why experimental? It is used in production in many places.
Does it still have the bug where the IP of the bound interface cannot be used as the topoh spoof address?
-- Sent from my mobile, and thus lacking in the refinement one might expect from a fully fledged keyboard.
Alex Balashov - Principal Evariste Systems LLC 235 E Ponce de Leon Ave Suite 106 Decatur, GA 30030 United States Tel: +1-678-954-0671 Web: http://www.evaristesys.com/, http://www.alexbalashov.com
On 26/08/14 15:54, Alex Balashov wrote:
On 26 August 2014 09:52:59 GMT-04:00, Daniel-Constantin Mierla miconda@gmail.com wrote:
On 26/08/14 15:48, Alex Balashov wrote:
Apart from topoh module (an experimental hack in my opinion)
Why experimental? It is used in production in many places.
Does it still have the bug where the IP of the bound interface cannot be used as the topoh spoof address?
That was from the initial design. It is also like you cannot use the IP of caller or callee. You can use 127.0.0.2 without issues, for example, or other 'non-existent' ip.
Daniel
-- Sent from my mobile, and thus lacking in the refinement one might expect from a fully fledged keyboard.
Alex Balashov - Principal Evariste Systems LLC 235 E Ponce de Leon Ave Suite 106 Decatur, GA 30030 United States Tel: +1-678-954-0671 Web: http://www.evaristesys.com/, http://www.alexbalashov.com
Apart from topoh module (an experimental hack in my opinion)
Why experimental? It is used in production in many places.
How it can be used? Mask IP must be different than SIP server local IP, so it looks like impossible to rewrite public IP address to server local IP address :(
On 26/08/14 18:41, Eugene Prokopiev wrote:
Apart from topoh module (an experimental hack in my opinion)
Why experimental? It is used in production in many places.
How it can be used? Mask IP must be different than SIP server local IP, so it looks like impossible to rewrite public IP address to server local IP address :(
The module is not for hiding/changing the ip address of kamailio server. That is known (and must stay there for routing) by both sides of the call.
The module is to hide the IP addresses of the other nodes in the path of the call, so, when A is calling B, none of them know the real ip of the other. But obviously A and B must know the ip of kamailio.
The way it works with topoh: it replaces the ips of A and B with a 'fake' IP -- the fake IP just have to conform with the IP address format and not to be server IP. It can be a non-public-routable IP, because it is used just as a place holder in the SIP headers, to stay conformant with SIP grammar. Therefore you can use there an IP such as 127.0.0.44 (which is not allocated anywhere and not routable). Daniel
I've read your article about Kamailio as an SBC and found uac module description with uac_restore_from() and uac_restore_to(). It looks like suitable for me, so I'll try to use it.
uac_restore_from() and uac_restore_to() works fine, but next I need to modify ip address in SDP headers in responce - so it will be more suitable to use SEMS or FreeSWITCH.
On 26 Aug 2014, at 15:46, Eugene Prokopiev enp@itx.ru wrote:
Is it possible at all to do double topology hiding with Kamailio? SIP devices with public ip addresses must not know private softswitch address and softswitch must not know any public ip address. Softswitch must work only with Kamailio private address.
GRUU?
/O
On Aug 26, 2014, at 9:46 AM, Eugene Prokopiev enp@itx.ru wrote:
Is it possible at all to do double topology hiding with Kamailio? SIP devices with public ip addresses must not know private softswitch address and softswitch must not know any public ip address. Softswitch must work only with Kamailio private address.
You are describing a b2bua, back to back user agent. Freeswitch is what I use. There is SEMS and of course asterisk. I don't recommend asterisk.
--FC
You are describing a b2bua, back to back user agent. Freeswitch is what I use. There is SEMS and of course asterisk. I don't recommend asterisk.
I have some experience with FreeSWITCH but have no one with SEMS. Have SEMS any advantages over FreeSWITCH for topology hiding?
On 08/26/2014 12:45 PM, Eugene Prokopiev wrote:
I have some experience with FreeSWITCH but have no one with SEMS. Have SEMS any advantages over FreeSWITCH for topology hiding?
More narrow and specialised use-cases, so you don't have to deal with stripping it of PBX and miscellaneous application features. It's more of a dedicated B2BUA (with its sbc module), in this case.
Have SEMS any advantages over FreeSWITCH for topology hiding?
More narrow and specialised use-cases, so you don't have to deal with stripping it of PBX and miscellaneous application features. It's more of a dedicated B2BUA (with its sbc module), in this case.
I tried to use SEMS but I've got error, which was reported about 2 years ago without any decision - http://lists.iptel.org/pipermail/sems/2014-August/004451.html
On Aug 27, 2014, at 5:48 AM, Eugene Prokopiev enp@itx.ru wrote:
Have SEMS any advantages over FreeSWITCH for topology hiding?
More narrow and specialised use-cases, so you don't have to deal with stripping it of PBX and miscellaneous application features. It's more of a dedicated B2BUA (with its sbc module), in this case.
I tried to use SEMS but I've got error, which was reported about 2 years ago without any decision - http://lists.iptel.org/pipermail/sems/2014-August/004451.html
You will have no problem doing this on Freeswitch. Stripping down FS from it's default config is not hard. I like to rewrite the entire config organizing it for the intended purpose. Thinking through what you want to do, write it down and then rewrite the config. Just because FS has lots of features doesn't mean you need to use them. It's not hard to disable them.
--FC
-
Alex Balashov -
Daniel-Constantin Mierla -
Eugene Prokopiev -
Frank Carmickle -
Olle E. Johansson