Hi I am migrating OpenSER v1.0.9 to v1.1.0 using the config file I send below that works perfect in 1.0.9 and I modified to run in 1.1.x , I´ve just needed to change naming schema in parameter given to exported functions of avpops module to run without errors in this new version but when running can´t see basic logs and can´t register any client even if I install DB schema and create subscriber using its openserctl , ngrep just show me a 'forbidden' message but dont know why, please someone send me some advice. thanks rafael

# ----------------- global configuration parameters --------------------

debug=4 fork=yes log_stderror=yes

listen=192.168.2.136 # OPENSER IP ADDRESS HERE port=5060

# Hostname matching an alias will satisfy the condition uri==myself". # alias=mydomain.com.pe:5060 # alias=mydomain.com.pe alias=192.168.2.136:5060 alias=192.168.2.136

check_via=yes # (cmd. line: -v) children=4 dns=no rev_dns=no fifo="/tmp/openser_fifo" # fifo="FIFO" fifo_mode=0666 # Fifo permissions can be changes from here. fifo_db_url="mysql://dbuser:dbpass@dbt2.mydomain.com.pe/openser"

# -----------------------------------------------------------------------

loadmodule "/usr/local/lib/openser/modules/mysql.so" loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule "/usr/local/lib/openser/modules/tm.so" loadmodule "/usr/local/lib/openser/modules/rr.so" loadmodule "/usr/local/lib/openser/modules/maxfwd.so" loadmodule "/usr/local/lib/openser/modules/usrloc.so" loadmodule "/usr/local/lib/openser/modules/registrar.so" loadmodule "/usr/local/lib/openser/modules/group.so" loadmodule "/usr/local/lib/openser/modules/auth.so" loadmodule "/usr/local/lib/openser/modules/auth_db.so" loadmodule "/usr/local/lib/openser/modules/uri.so" loadmodule "/usr/local/lib/openser/modules/uri_db.so" ## loadmodule "/usr/local/lib/openser/modules/mediaproxy.so" loadmodule "/usr/local/lib/openser/modules/nathelper.so" loadmodule "/usr/local/lib/openser/modules/textops.so" loadmodule "/usr/local/lib/openser/modules/avpops.so" loadmodule "/usr/local/lib/openser/modules/domain.so" loadmodule "/usr/local/lib/openser/modules/permissions.so" loadmodule "/usr/local/lib/openser/modules/acc.so" loadmodule "/usr/local/lib/openser/modules/uac_redirect.so" loadmodule "/usr/local/lib/openser/modules/diversion.so" # -----------------------------------------------------------------------

modparam("auth_db|permissions|group|uri_db|usrloc", "db_url", "mysql://dbuser:dbpass@dbt2.mydomain.com.pe/openser") modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password")

modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock")

modparam("usrloc", "db_mode", 2)

modparam("registrar", "nat_flag", 6)

modparam("rr", "enable_full_lr", 1)

modparam("tm", "fr_inv_timer", 27)

modparam("permissions", "db_mode", 1) modparam("permissions", "trusted_table", "trusted")

modparam("avpops", "avp_url", "mysql://dbuser:dbpass@dbt2.mydomain.com.pe/openser") modparam("avpops", "avp_table", "usr_preferences")

# ------------- Mysql Accounting parameters

modparam("acc", "log_flag", 1) modparam("acc", "log_level", 2) modparam("acc", "db_flag", 1) modparam("acc", "db_missed_flag", 3) modparam("acc", "log_missed_flag", 3) modparam("acc", "db_url", "mysql://dbuser:dbpass@dbt2.mydomain.com.pe/openser") modparam("acc", "report_ack", 0) # 1 reporta dos starts en acc (para INVITE y ACK)

modparam("acc", "log_fmt", "miocfsputdr") modparam("acc", "detect_direction", 1) # only in 1.1.x or cvs modparam("acc", "multi_leg_enabled", 1) modparam("acc", "src_leg_avp_id", 110) modparam("acc", "dst_leg_avp_id", 111)

# ------------- Domain parameters

modparam("usrloc", "use_domain", 1) modparam("auth_db", "use_domain", 1) modparam("registrar", "use_domain", 1) modparam("domain", "db_mode", 1) modparam("domain", "domain_table", "domain") modparam("domain", "domain_col", "domain")

# -------------------------------------------------------------------------

route {

# log(1, "-------------------------------------------------------\n"); # log(1, "entering main loop\n");

## populate the avps (for Multi call leg accounting): if (!method=="REGISTER" && !method=="NOTIFY") { avp_write("$from/username", "$avp(i:110)"); avp_write("$ruri/username", "$avp(i:111)"); };

# set flag for Missed calls for Accounting: if (!method=="OPTIONS") setflag(3);

if (method=="INVITE") { log(1, " INVITE MESSAGE RECEIVED - START ACC\n"); };

if (method=="BYE") { log (1, " BYE MESSAGE RECEIVED - STOP ACCOUNTING\n"); };

if (method=="CANCEL") { log (1, " CANCEL MESSAGE RECEIVED - STOP ACCOUNTING\n"); };

if (method=="OPTIONS") { log(1, " OPTIONS MESSAGE RECEIVED\n"); return; #Do Nothing for 'Options' };

# ----------------------------------------------------------------- # Sanity Check Section # ----------------------------------------------------------------- if (!mf_process_maxfwd_header("10")) { sl_send_reply("483", "Too Many Hops"); return; };

if (msg:len > max_len) { sl_send_reply("513", "Message Overflow"); return; };

# ----------------------------------------------------------------- # Handle NOTIFY requests from Sipura's to keep-alive NAT # ----------------------------------------------------------------- if ((is_method("NOTIFY")) && (! uri=~"sip:.*[@]+.*")) { sl_send_reply("200", "OK keep-alive"); log(1, " OK keep-alive\n"); return; };

# ----------------------------------------------------------------- # Only allow known sip messages # ----------------------------------------------------------------- if (!is_method("INVITE|REGISTER|BYE|NOTIFY|ACK|CANCEL|REFER|SUBSCRIBE")) { sl_send_reply("501", "Not implemented here"); log(1, " 501 - Not implemented here\n"); return; };

# ----------------------------------------------------------------- # SUBSCRIBE cleanup # ----------------------------------------------------------------- if (is_method("SUBSCRIBE")) { replace(" talk", "talk"); };

# ----------------------------------------------------------------- # Record Route Section # ----------------------------------------------------------------- if (method=="INVITE" && nat_uac_test("19")) {

# OPENSER IP ADDRESS OR DOMAIN HERE: record_route_preset("192.168.2.136:5060;nat=yes"); setflag(1); ## Set Flag 1 for Acc: test from this location!! } else if (method!="REGISTER") { record_route(); };

# ----------------------------------------------------------------- # Call Tear Down Section # ----------------------------------------------------------------- if (method=="BYE" || method=="REFER" || method=="CANCEL") { unforce_rtp_proxy(); setflag(1); ### Set Flag 1 for Acounting };

# ----------------------------------------------------------------- # Loose Route Section # -----------------------------------------------------------------

if (loose_route()) {

if (has_totag() && (method=="INVITE" || method=="ACK")) {

if (nat_uac_test("19")) { setflag(7); force_rport(); fix_nated_contact(); }; force_rtp_proxy("l"); };

route(1); return; };

# ----------------------------------------------------------------- # Call Type Processing Section # -----------------------------------------------------------------

if (!is_uri_host_local()) { if (is_from_local() || allow_trusted()) { route(4); route(1); } else { sl_send_reply("403", "Forbidden"); }; return; };

if (method=="CANCEL") { route(1); return; } else if (method=="INVITE") { setflag(1); # Set Flag for Acounting route(3); return; } else if (method=="REGISTER") { route(2); return; };

lookup("aliases"); if (uri!=myself) { route(4); route(1); return; };

if (!lookup("location") && !method=="ACK") {

if (does_uri_exist()) { log(1, " uri_exist but its Temporarily Unavailable 1 \n"); route(7); # To Voicemail return; } else { log(1, " unable to locate user - User Not Exist 1 \n"); sl_send_reply("404", "User Not Exist"); acc_db_request("404 User Not Exist", "missed_calls"); return; }; };

route(1); }

route[1] {

# ----------------------------------------------------------------- # Default Message Handler # -----------------------------------------------------------------

t_on_reply("1");

if (!t_relay()) {

if (method=="INVITE" || method=="ACK") { unforce_rtp_proxy(); }; sl_reply_error(); }; }

route[2] {

# ----------------------------------------------------------------- # REGISTER Message Handler # -----------------------------------------------------------------

sl_send_reply("100", "Trying");

if (is_user_in("from", "desactivado")) { sl_send_reply("402", "desactivada temporalmente"); log(1," Cta. desactivada temporalmente \n"); return; };

if (!search("^Contact:[ ]**") && nat_uac_test("19")) { setflag(6); fix_nated_register(); force_rport(); };

if (!www_authorize("","subscriber")) { log(1," Fails to Register \n"); www_challenge("","0"); return; };

if (!check_to()) { log(1," Unauthorized registration attempt \n"); sl_send_reply("401", "Unauthorized"); return; };

consume_credentials();

log(1," Registered! \n");

if (!save("location")) { sl_reply_error(); }; }

route[3] {

# ----------------------------------------------------------------- # INVITE Message Handler # ----------------------------------------------------------------- log(1," route[3]---> INVITE Message Handler \n");

if ( allow_trusted() ) log(1, " Call from pstn or *pbx, no authentication is required. \n");

if (!allow_trusted()) {

if (!proxy_authorize("","subscriber")) { proxy_challenge("","0"); return; } else if (!check_from()) { sl_send_reply("403", "Use From=ID"); log(1, " Sorry, only registered users are allowed \n"); return; }; consume_credentials(); }; append_rpid_hf();

# some digits rules here....

lookup("aliases");

if (!is_uri_host_local()) { route(4); route(1); return; };

if (nat_uac_test("19")) { setflag(7); force_rport(); };

# ----------------------------------------------------------------- # to PSTN Routes!!! # -----------------------------------------------------------------

route(6); # To PSTN & LDI Routes block!!!

# -----------------------------------------------------------------

if ( is_uri_host_local() ) {

# (Is he in the voicemail group?) -- determine it now and store it in # flag 4, before we rewrite the flag using UsrLoc: if (is_user_in("Request-URI", "voicemail")) { log(1, " requested user is in voicemail group \n"); setflag(4); };

# if user is on-line and is in Voicemail group, enable redirection # Pendiente: # ver como meter voicemail al avp junto a las otras funciones... if (method == "INVITE" && isflagset(4)) { log(1, " invite for voicemail user->initiate failureroute[1]\n"); t_on_failure("1"); };

# flag 22 determines if we need to call the append_branch() for Blind CallFwd. if (avp_db_load("$ruri/username", "$avp(s:callfwd)")) { setflag(22); avp_pushto("$ruri", "$avp(s:callfwd)"); route(6); return; };

# native SIP destinations are handled using our USRLOC DB: if (!lookup("location") ) {

if (does_uri_exist()) { log(1," uri_exist but its Temporarily Unavailable 2 \n"); route(7); # To Voicemail return; } else { log(1," Unable to locate xcompany user - User Not Exist 2X \n"); prefix("iu"); ## in asterisk: iu: exten => _iu1780XXXX,1,Playback(invalid,noanswer) acc_db_request("404 User Invalid", "missed_calls"); rewritehostport("192.168.2.131:5070"); t_relay(); return; }; };

# t_on_failure() informs SER that we want to perform special handling when a failure condition occurs. # Failure conditions in this context refer to 4xx and 5xx response codes. # By setting t_on_failure(1) before calling t_relay(), oSER will pass control to the failure_route[1]

t_on_failure("1");

route(4); route(1);

}; }

route[4] {

# ----------------------------------------------------------------- # NAT Traversal Section # -----------------------------------------------------------------

### First check and resetflags if UAS are behind the same NAT system: ###

if (isflagset(6) && isflagset(7)){ log(2, " Both Clients are behind NAT"); # Store the destination domain into an AVP avp_printf("$avp(i:450)", "$dd"); if (avp_check("$avp(i:450)", "eq/$src_ip/g")){ log(3, " Detected Two Clients Behind the Same NAT - Disabling Mediaproxy"); # Do not use media-proxy as the clients seem to be behind the same NAT resetflag(6); resetflag(7); }; };

if (isflagset(6) || isflagset(7)) { if (!isflagset(8)) { setflag(8); force_rport(); fix_nated_contact(); force_rtp_proxy(); }; }; }

route[5] {

# ----------------------------------------------------------------- # ILD - PSTN Handler # -----------------------------------------------------------------

# Forward international calls to Asterisk (a SIP LDI Providers):

if(uri=~"^sip:011"){ log(1, " 011N match - Larga Distancia Internacional a USA \n"); if (!is_user_in("from", "ldiusa")) { log(1," No permission for international calls to USA \n"); sl_send_reply("403", "No permission for international calls to USA"); acc_db_request("403 Forbidden", "missed_calls"); return; }; strip(2); };

if(uri=~"^sip:011"){ log(1," 011N match - Larga Distancia Internacional \n"); if (!is_user_in("from", "ldix")) { log(1, " No permission for international calls \n"); sl_send_reply("403", "No permission for international calls"); acc_db_request("403 Forbidden", "missed_calls"); return; }; };

rewritehostport("192.168.2.137:5070"); # Asterisk or PSTN GATEWAY IP ADDRESS

t_on_failure("1"); route(4); route(1); }

route[6] {

# ----------------- Free Calls -------------------

# To Info numbers 102, 104, 123 y 080011236

if(uri=~"^sip:102@" || uri=~"^sip:104@" || uri=~"^sip:123@" || uri=~"^sip:0800123456@"){ log(1," To CallCenter xcompany!! \n"); rewriteuri("sip:123456@mydomain.com.pe"); rewritehostport("callcenter.mydomain.com.pe:5060"); route(4); route(1); return; };

if (is_user_in("from", "restringido")) { sl_send_reply("402", "Restriccion temporal"); log(1," 402 - Restriccion temporal \n"); acc_db_request("402 Restricted", "missed_calls"); return; };

lookup("aliases");

if (!is_uri_host_local()) { if (!isflagset(22)) { append_branch(); }; route(4); route(1); return; };

# -------------------------- Seccion de Rutas a LDI ----------------------------------------

# Forward international calls to Asterisk (To SIP LDI Providers):

if (uri=~"^sip:011[0-9]*@" && !uri=~"^sip:01152*@") { route(5); return; };

if( uri=~"^sip:[2-8][0-9]{6}@" || uri=~"^sip:1[2-8][0-9]{6}@" || uri=~"^sip:01[2-8][0-9]{6}@" ) {

log(1, " A Fijos Mexico PSTN \n");

if (uri=~"^sip:01[2-8][0-9][0-9][0-9][0-9][0-9][0-9]@") { strip(1); };

if (uri=~"^sip:[2-8][0-9][0-9][0-9][0-9][0-9][0-9]@") { prefix("1"); };

if (!is_user_in("from", "fijomexico")) { sl_send_reply("403", "No permission for local fixed calls"); log(1, " 403 - No permission for local fixed calls \n"); acc_db_request("403 Forbidden", "missed_calls"); return; }; rewritehostport("192.168.2.137:5070"); prefix("52"); route(4); route(1); return; };

# no existe? (debe ir al final siempre) if ( uri=~"^sip:[0-9]" && !does_uri_exist() ) { log(1, " Unable to locate route for this dnid - User Not Exist 3X \n"); prefix("mc"); acc_db_request("404 Number Invalid or Incomplete", "missed_calls"); rewritehostport("192.168.2.131:5070"); t_relay(); return; };

}

route[7] {

# ---------------------- Handling of Unavailable user ---------------------- # non-Voip -- just send "off-line" if (!(method=="INVITE" || method=="ACK" || method=="CANCEL" || method=="BYE" || method=="OPTIONS")) { sl_send_reply("404", "Not Found"); acc_db_request("404 Not Found", "missed_calls"); log(1, " 404 Not Found & non-Voip -- just send off-line \n"); return; };

# Not voicemail subscriber: if (!isflagset(4) && !method=="OPTIONS" && !method=="ACK" && !method=="BYE" && !method=="CANCEL") { #sl_send_reply("404", "Not Found and no VMail turned on"); acc_db_request("480 Temporarily Unavailable", "missed_calls"); # A locucion (Usuario temporalmente fuera de servicio 'ss-noservice'); log(1, " 404 Not Found and no voicemail \n"); prefix("fu"); ## su: exten => _su1780XXXX,1,Playback(ss-noservice,noanswer) rewritehostport("192.168.2.131:5070"); t_relay(); return; };

# forward to voicemail adding prefix to simplify asterisk "extension.conf" :: if (isflagset(4) && !method=="OPTIONS" && !method=="ACK" && !method=="BYE" && !method=="CANCEL") { prefix("vm"); acc_db_request("480 Temporarily Unavailable -> Vm", "missed_calls"); rewritehostport ("192.168.2.131:5070"); t_relay(); return; }; }

# --------------------------------------------------------------------------

onreply_route[1] {

if ((isflagset(6) || isflagset(7)) && (status=~"(180)|(183)|2[0-9][0-9]")) { if (!search("^Content-Length:[ ]*0")) { force_rtp_proxy(); }; };

if (nat_uac_test("1")) { fix_nated_contact(); }; }

failure_route[1] {

if (t_check_status("487")) { return; };

if (t_check_status("486")){ prefix("vmb"); acc_db_request("486 Busy -> Vm", "missed_calls"); rewritehostport ("192.168.2.131:5070"); append_branch(); t_relay(); return; };

if (t_check_status("408")){ prefix("vmu"); acc_db_request("408 Timeout -> Vm", "missed_calls"); rewritehostport ("192.168.2.131:5070"); append_branch(); t_relay(); return; };

unforce_rtp_proxy(); }

failure_route[2] {

# handle 302 redirects if (t_check_status("3[0-9][0-9]")) { get_redirects("*"); t_relay(); }; }

### The End ###