Hi Klaus and Alex
Thanx for the information I have fixed your pointers, and when i try to call out i get
Warning: sl_send_reply: I won't send a reply for ACK!!
What I like is to make a call to a PSTN line and To another UA from the internet
NAT 1 NAT 2 UA------|-- ---Iternet------- SER -------- | ---------- Asterisk
If you need more information please let me know.
Sanjay
-----Original Message----- From: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Sent: 8. juni 2004 09:49 To: Sanjayd@Pressis.com Cc: serusers@lists.iptel.org Subject: Re: [Serusers] Ser+RTPproxy+Asterisk
Comments inline!
regards, klaus
Sanjay Duggal wrote:
Hi All
I`m new to this and like to learn how to set up the configure following Ser+RTPproxy+Asterisk
Just to clarify the net settings
My ser is on a public ip net and has a local address to. I will like to make a phone call from a sip phone which is behind NAT to a PSTN.
When I try to call out I get
"479", "We don't forward to private IP addresses"
I don’t`know what i`m doing wrong
Sending a copy of my ser.cfg
alias=" mydomian.com " Alias="192.168.10.100" #ser Alias="192.168.10.120" #Asterisk
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" fifo_mode=0777
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/textops.so"
# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# !! Nathelper loadmodule "/usr/local/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2)
# -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# !! Nathelper modparam("registrar", "nat_flag", 6) modparam("nathelper", "natping_interval", 30) # Ping interval 30 s modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind
NAT
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (msg:len >= max_len ) { sl_send_reply("513", "Message too big"); break; }; # !! Nathelper # Special handling for NATed clients; first, NAT test is # executed: it looks for via!=received and RFC1918 addresses # in Contact (may fail if line-folding is used); also, # the received test should, if completed, should check all # vias for rpesence of received if (nat_uac_test("3")) { # Allow RR-ed requests, as these may indicate that # a NAT-enabled proxy takes care of it; unless it is # a REGISTER if (method == "REGISTER" || ! search("^Record-Route:")) { log("LOG: Someone trying to register from private IP,rewriting\n");
# This will work only for user agents that supportsymmetric # communication. We tested quite many of them and majority is # smart enough to be symmetric. In some phones it
takes
a configuration # option. With Cisco 7960, it is called
NAT_Enable=Yes,
with kphone it is # called "symmetric media" and "symmetric signalling".
fix_nated_contact(); # Rewrite contact with source IP
of
signalling if (method == "INVITE") { fix_nated_sdp("1"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed }; };
# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities if(!method=="REGISTER") record_route();
# subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); break; }; if (uri=~"sip:0[0-9]*@mydomian.com"){ rewritehostport("192.168.120.:5060");
TYPO!!! here you insert an private IP address into the request URI
t_relay(); #break;
here you should "break", otherwise, the INVITE will also be processed by route(1) which detects the private IP!
# forward(192.168.10.120,5060); # Where local asterisk is listening # break; }# if (!uri==myself) { # mark routing logic in request # append_hf("P-hint: outbound\r\n"); # route(1); # break; # };
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") {# Uncomment this if you want to use digest authentication # if (!www_authorize("iptel.org", "subscriber")) { # www_challenge("iptel.org", "0"); # break; # }; save("location"); break; }; lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); break; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; }; append_hf("P-hint: usrloc applied\r\n"); route(1); } route[1] { # !! Nathelper if (uri=~"[@:](192.168.|10.|172.(1[6-9]|2[0-9]|3[0-1]).)" && !search("Route:")){ sl_send_reply("479", "We don't forward to private IP addresses"); break; };
# if client or server know to be behind a NAT, enable relay record_route(); if (isflagset(6)) { fix_nated_sdp("1"); force_rtp_proxy(); t_on_reply("1"); } #if (isflagset(6)) { # force_rtp_proxy(); #}; # NAT processing of replies; apply to all transactions (for
example,
# re-INVITEs from public to private UA are hard to identify as # NATed at the moment of request processing); look at replies t_on_reply("1"); # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); };}
# !! Nathelper onreply_route[1] { # NATed transaction ? if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); fix_nated_sdp("1"); force_rtp_proxy(); # otherwise, is it a transaction behind a NAT and we did not # know at time of request processing ? (RFC1918 contacts)
} else if (nat_uac_test("1")) { fix_nated_contact(); }; }
regards
Sanjay
Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.700 / Virus Database: 457 - Release Date: 06.06.2004
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
--- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.700 / Virus Database: 457 - Release Date: 06.06.2004
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.700 / Virus Database: 457 - Release Date: 06.06.2004
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.700 / Virus Database: 457 - Release Date: 06.06.2004
Sanjay,
1. It looks, from the indentation, like there is a missing close brace at **** below. This would imply (as ser didn't error the configuration file) that there is a missing open-brace too, but I couldn't see it. Try fixing that and check the braces.
2. It would be interesting to know which sl_send_reply() errored. Let's see if it is the sl_send_reply() at the start of route[1]. Can you comment out the if (uri=~ ...) block (i.e. the if statement the sl_send_reply, the break, and the close brace) and see if it makes any difference. I'm not saying it will fix it but it might change the error message. I suspect what is happening here is the loose_route() stuff is activated for subsequent messages within a dialog, and the sl_send_reply (which is really meant to detect a NAT in between it and the IP address to which it is replying) is being falsely activated (as both ser and either the UA, or the "outside" address of the downstream NAT, are in your case on private IPs). That's what I thought would be happening the first time but Klaus picked up a more fundamental error...
Alex
# Uncomment this if you want to use digest authentication # if (!www_authorize("iptel.org", "subscriber")) { # www_challenge("iptel.org", "0"); # break; # }; save("location"); break; }; lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); break;
***** Missing "}"
# native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; };
Alex
Hi
Thanx for the help and now I can make the calls,
From one WM to my Mobile, and from WM my Sip phone.
But I get another problem it's no sound. In other words I'm still doing something wrong.
Sanjay,
1. It looks, from the indentation, like there is a missing close brace at **** below. This would imply (as ser didn't error the configuration file) that there is a missing open-brace too, but I couldn't see it. Try fixing that and check the braces.
2. It would be interesting to know which sl_send_reply() errored. Let's see if it is the sl_send_reply() at the start of route[1]. Can you comment out the if (uri=~ ...) block (i.e. the if statement the sl_send_reply, the break, and the close brace) and see if it makes any difference. I'm not saying it will fix it but it might change the error message. I suspect what is happening here is the loose_route() stuff is activated for subsequent messages within a dialog, and the sl_send_reply (which is really meant to detect a NAT in between it and the IP address to which it is replying) is being falsely activated (as both ser and either the UA, or the "outside" address of the downstream NAT, are in your case on private IPs). That's what I thought would be happening the first time but Klaus picked up a more fundamental error...
Alex
# Uncomment this if you want to use digest authentication # if (!www_authorize("iptel.org", "subscriber")) { # www_challenge("iptel.org", "0"); # break; # }; save("location"); break; }; lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); break;
***** Missing "}"
# native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; };
Alex
--- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.701 / Virus Database: 458 - Release Date: 07.06.2004
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.701 / Virus Database: 458 - Release Date: 07.06.2004
Im also sending my new ser.cfg file
I have started ptpproxy with -l and my outside ip
SD
#d: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script #
# ----------- global configuration parameters ------------------------
#debug=3 # debug level (cmd line: -dddddddddd) #fork=yes #log_stderror=no # (cmd line: -E)
# Uncomment these lines to enter debugging mode debug=9 #fork=no log_stderror=yes
#alias="mydomain.com" alias="mydomain.com" alias="192.168.0.100" alias="192.168.0.200"
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 #children=4 fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/textops.so"
# accounting #loadmodule "/usr/local/lib/ser/modules/acc.so"
# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" #loadmodule "/usr/local/lib/ser/modules/auth_radius.so"
# Nathelper loadmodule "/usr/local/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2)
# -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# -- nathelper params -- modparam("registrar", "nat_flag", 6) modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1)
# -- acc params -- #modparam("acc", "radius_config", #"/usr/local/etc/radiusclient/radiusclient.conf") #modparam("acc", "log_level", 1) #modparam("acc", "radius_flag", 1) #modparam("acc", "report_ack", 0)
# ------------------------- request routing logic -------------------
# main routing logic
route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; };
if (method=="REGISTER") log(1, "REGISTER message received\n");
if (method=="INVITE") log(1, "INVITE message received\n");
if (method=="ACK") log(1, "ACK message received\n");
if (method=="BYE") log(1, "BYE message received\n");
if (method=="CANCEL") log(1, "CANCEL message received\n");
if (method=="SUBSCRIBE") log(1, "SUBSCRIBE message received\n");
if (method=="NOTIFY") log(1, "NOTIFY message received\n");
if (method=="OPTIONS") log(1, "OPTIONS message received\n");
if (method=="INFO") log(1, "INFO message received\n");
if (method=="MESSAGE") log(1, "MESSAGE message received\n");
if (method=="REFER") log(1, "REFER message received\n");
if (nat_uac_test("3")) {
if (method == "REGISTER" || !search("^Record-Route:")) { log("LOG: Kolejny NATowiec...\n"); fix_nated_contact(); if (method == "INVITE") { fix_nated_sdp("1"); }; force_rport(); setflag(6); }; }; record_route(); if (loose_route()) { route(1); #t_relay(); break; }; if (method=="REGISTER") { # if (!radius_www_authorize("xxx.xxx.xxx.xxx")) { # www_challenge("xxx.xxx.xxx.xxx", "0"); # break; # }; save("location"); break; };
if (uri=~"sip:*@my.iptelefoni.no" || uri=~"sip:2153*") { if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; # going to pstn } else { if (search("(f|From): .*3267940@*")) { # fax numbers # forward to fax gw rewritehostport("192.168.0.250:5060"); } else { # forward to voice gw rewritehostport("192.168.0.200:5070"); }; }; setflag(1); route(1); } route[1] { if (isflagset(6)){ force_rtp_proxy(); }; t_on_reply("1"); if (!t_relay()){ sl_reply_error(); }; } onreply_route[1] { # nated ? if (isflagset(6) && status =~ "(183)|2[0-9][0-9]"){ fix_nated_contact(); force_rtp_proxy(); } else if (nat_uac_test("1")) { fix_nated_contact(); }; }
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.701 / Virus Database: 458 - Release Date: 07.06.2004
Hi All
It's something strange with my setup, I can make calls to and from and connect, but it's no sound. I use Ser as my registrar with Rptproxy and Asterisk has my PSTN gateway.
Ser and Rtpproxy is on the same server and has a public ip Asterisk is on a private ip
A friend of mine will like to connect to my network. He is behind NAT and trying to call me from his W2000 Zyxel sip phone. Her I'm enclosing my new ser.cfg file
# $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $ # # simple quick-start config script #
# ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd) fork=no log_stderror=yes # (cmd line: -E)
listen=public ip #listen=127.0.0.1
# hostname matching an alias will satisfy the condition uri==myself". alias=my.domain.com alias=domain.com
# Uncomment these lines to enter debugging mode /* debug=7 fork=no log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" alias=my.domain.com domain.com localhost
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/textops.so"
# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# load the voicemail module #loadmodule "/usr/local/lib/ser/modules/vm.so"
# load the enum module loadmodule "/usr/local/lib/ser/modules/enum.so"
# load the group module, to verify if a user forwards to voicemail loadmodule "/usr/local/lib/ser/modules/group.so"
# load the nathelper module loadmodule "/usr/local/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# -- registrar parameter # special NAT flag indicates that a registered client is behind NAT modparam("registrar", "nat_flag", 6)
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2) #modparam("usrloc", "db_url", "mysql://ser:heslo@localhost/ser") modparam("usrloc|auth_db|acc|group|msilo|uri","db_url","mysql://ser:heslo@lo calhost/ser")
# -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password") #modparam("auth_db", "db_url", "mysql://ser:heslo@localhost/ser")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# -- voicemail params -- #modparam("voicemail", "db_url","mysql://ser:heslo@localhost/ser")
# -- voicemail params -- #modparam("group", "db_url","mysql://serro:heslo@localhost/ser")
# -- nathelper params -- modparam("nathelper", "natping_interval", 60) modparam("nathelper", "ping_nated_only", 1)
modparam("tm", "fr_inv_timer", 30 ) #modparam("tm", "fr_inv_timer", 8 )
# ------------------------- request routing logic -------------------
# main routing logic
route{ log(1, "-------------------------------------------\n"); log(1, "entering main loop\n");
if (nat_uac_test("2")) { log(1, "src address different than via header->NAT detected\n"); log(1, "force_rport and fix_nated_contact and setflag(5)\n"); #try NAT traversal, works only if the client is symmetrical force_rport(); fix_nated_contact(); append_hf("P-hint: fixed NAT contact for request\r\n"); # flag 5 indicates that incoming request is from NATed client setflag(5); };
if (method=="REGISTER") log(1, "REGISTER message received\n");
if (method=="INVITE") log(1, "INVITE message received\n");
if (method=="ACK") log(1, "ACK message received\n");
if (method=="BYE") log(1, "BYE message received\n");
if (method=="CANCEL") log(1, "CANCEL message received\n");
if (method=="SUBSCRIBE") log(1, "SUBSCRIBE message received\n");
if (method=="NOTIFY") log(1, "NOTIFY message received\n");
if (method=="OPTIONS") log(1, "OPTIONS message received\n");
if (method=="INFO") log(1, "INFO message received\n");
if (method=="MESSAGE") log(1, "MESSAGE message received\n");
if (method=="REFER") log(1, "REFER message received\n");
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; };
if (msg:len > max_len) { #if (len_gt( max_len )) { sl_send_reply("513", "Message too big"); break; };
# loose-route processing if (loose_route()) { log(1, "loose_route processing\n"); t_relay(); break; };
# create transaction state; abort if error occured # if ( !t_newtran()) { # sl_reply_error(); # break; # };
#new # now check if it's about PSTN destinations through our gateway; # note that 8.... is exempted for numerical non-gw destinations if (uri=~"sip:+?[0-79][0-9]*@.*") { route(3); break; };
#
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) {
if (method=="REGISTER") { log(1, "analyzing REGISTER request\n"); # Uncomment this if you want to use digest authentication if (!www_authorize("my.domain.com", "subscriber")) { www_challenge("my.domain.com", "0"); break; };
if (isflagset(5)) { #register from nated client, save nat_flag=6 #in location table setflag(6); }; if (!save("location")) { log(1, "save location error\n"); sl_reply_error(); }; break; };
lookup("aliases");
#mark transaction for voicemail if (is_user_in("Request-URI", "voicemail\n")) { log(1, "requested user is in voicemail group"); setflag(4); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { # handle user which was not found log(1, "requested user not found\n"); route(4); break; }; };
#add failure route which should be performed if response code >=300 if (method=="INVITE" && isflagset(4)) { log(1, "invite for voicemail user->initiate failureroute[1]\n"); t_on_failure("1"); };
# forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP
route(1); }
route[1]{ log(1, "-------------------------------------------\n"); log(1, "entering route[1] - relaying SIP message\n"); if ((isflagset(5)) || (isflagset(6))) { log(1, "at least one of the participants is NATed->record_route\n"); record_route(); log(1, " -->setting up reply processing ->onreply_route[1]"); t_on_reply("1"); if (method=="INVITE") { log(1, " INVITE request-->force_rtp_proxy, set NATED-INVITE flag(7)"); force_rtp_proxy(); append_hf("P-hint: request forced to rtp proxy\r\n"); setflag(7); }; };
log(1, "relaying message ...\n"); if (!t_relay()) { log(1, "t_relay error occured\n"); sl_reply_error(); };
}
# all incoming replies for t_onrepli-ed transactions enter here onreply_route[1] { log(1, "-------------------------------------------\n"); log(1, "onreply_route[1] entered\n");
if (isflagset(6)) { log(1, "transaction was sent to a NATED client -> fix nated contact\n"); fix_nated_contact(); append_hf("P-hint: fixed NAT contact for response\r\n"); }
if ( (status=~"100") ) { log(1, "status 100 received\n"); };
if ( (status=~"180") ) { log(1, "status 180 received\n"); };
if ( (status=~"202") ) { log(1, "status 202 received\n"); };
if ( (status=~"200" || status=~"183") ) { log(1, "status 2xx or 183"); if ( isflagset(7) ) { log(1, "marked(7) as NATED-INVITE -> force_rtp_proxy\n"); force_rtp_proxy(); append_hf("P-hint: response forced to rtpproxy\r\n"); }; }; }
#new # logic for calls to the PSTN route[3] { # turn accounting on setflag(1);
/* require all who call PSTN to be members of the "int" group; apply ACLs only to INVITEs -- we don't need to protect other requests, as they don't imply charges; also it could cause troubles when a call comes in via PSTN and goes to a party that can't authenticate (voicemail, other domain) -- BYEs would fail then; exempt Cisco gateway from authentication by IP address -- it does not support digest */ if (method=="INVITE" && (!src_ip==public ip)) { if (!proxy_authorize("my.domain.com" /* realm */,"subscriber" /* table name */)) { proxy_challenge( "my.domain.com" /* realm */, "0" /* no qop */ ); break; }; # let's check from=id ... avoids accounting confusion
if(!is_user_in("credentials", "int")) { sl_send_reply("403", "NO PSTN Privileges..."); break; }; consume_credentials();
}; # INVITE to authorized PSTN
# if you have passed through all the checks, let your call go to GW! force_rtp_proxy(); record_route(); t_on_reply("1"); # snom conditioner if (method=="INVITE" && search("User-Agent: snom")) { replace("100rel, ", ""); };
append_hf("P-hint: GATEWAY\r\n"); # use UDP to guarantee well-known sender port (TCP ephemeral) t_relay_to_udp("192.168.0.200","5060"); }
route[4]{ log(1, "-------------------------------------------\n"); log(1, "entering route[4] = requested user not online\n"); # non-Voip -- just send "off-line" if (!(method == "INVITE" || method == "ACK" || method == "CANCEL" || method == "REFER" || method == "BYE")) { log(1, "no invite,ack,cancel,refer->return 404\n"); sl_send_reply("404", "Not Found"); break; };
# not voicemail subscriber and no echo/conference call if ( isflagset(4)) { log(1, "flag(4) active\n"); }; if (uri =~ "conference") { log(1, "conference call\n"); }; if (uri =~ "echo") { log(1, "echo call\n"); }; if ( !( isflagset(4) || (uri =~ "conference") || (uri =~ "echo") ) ) { log(1, "no voicemail subscriber->return 404"); sl_send_reply("404", "Not Found and no voicemail turned on"); break; };
if ( isflagset(5) ) { log(1, "caller is NATed->record_route\n"); record_route(); log(1, " -->setting up reply processing ->onreply_route[1]"); t_on_reply("1"); if (method=="INVITE") { log(1, " INVITE request-->force_rtp_proxy"); force_rtp_proxy(); }; };
# forward to voicemail now rewritehostport("212.17.35.184:5060"); log(1, "forward to voicemail\n"); t_relay_to_udp("212.17.35.184", "5060");
}
failure_route[1] { /* XX: note: unsafe if preloaded routes without username used */ log(1, "-------------------------------------------\n"); log(1, "failureroute[1] entered"); revert_uri(); rewritehostport("212.17.35.184:5060"); append_branch(); t_relay_to_udp("212.17.35.184", "5060");
}
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.701 / Virus Database: 458 - Release Date: 07.06.2004
-
Alex Bligh -
Sanjay Duggal