Neill Wilkinson wrote:

If you are using IPtables and are familiar with how to add modules - there is a sip connection tracking module that might help:

http://people.netfilter.org/chentschel/docs/sip-conntrack-nat.html

Neill...;o)

Neill Wilkinson Principal Consultant

Aeonvista Ltd - opening up new ideas

I have that installed, but to the outside the SIP packets still carry the LAN IP address. I'm currently missing audio (at least inbound is nowhere to be seen) and it doesn't really work reliable at this moment. That is a real problem currently and must be solved reliably.

The ZyXEL modem I have was intended to be the NAT router for the network, but its configured differently in my case, so I can't make that thing to play nicely with NAT.

lsmod on the firewall: ip_nat_sip 8832 0 ip_conntrack_sip 13392 1 ip_nat_sip

Thanks so far,

- Joris

-----Original Message----- From: users-bounces@lists.openser.org [mailto:users-bounces@lists.openser.org] On Behalf Of Joris Dobbelsteen Sent: 21 July 2008 21:10 To: users@lists.openser.org Subject: [OpenSER-Users] OpenSER as NAT traversal proxy HELP!

Dear,

I'm really trying to use OpenSER as a NAT traversal SIP proxy, since my home phone keeps breaking voice channels (the box was not intended behind NAT and I'm, of course, using a configuration that no so well supported).

What is the idea:

SIP transactions should travel this way: ZyXEL UA <-> SIP Proxy <-> NAT Firewall (iptables) <-> {Internet}

RTP should travel this way: ZyXEL UA <-> NAT Firewall & RTPProxy <-> {Internet}

My current test is using X-Lite with voipbuster, but that doesn't really work. It seems that registers are functioning, at least X-Lite reports itself being registered. Voice calls always end up in timeouts, so something is really going wrong here, it might be authentication problems?

An added problem is that I have just sufficient knowledge of SIP to see what it is doing, without really knowing what to expect exactly. Furthermore I have virtually no knowledge of OpenSER. I've quite a hard time even grasping the configuration I typed in. This is not really helpful

What I do know:

• SIP Proxy traffic is flowing.
• SIP INVITES don't work at all.
• SIP to RTP is communication, but I don't know if RTP is actually flowing.

I stole most of the configuration from the "04 NAT Traversal" slides of the "Italy 2007 Admin course", to which there is link on the documentation site. I adapted it to make it work with the debian supplied OpenSER 1.1.

How do I get this all working? What am I getting wrong?

I really really appeciate any help I can get to get it working!

• Joris

Config is this: # ----------- global configuration parameters ------------------------

debug=4 # debug level (cmd line: -dddddddddd) fork=yes # Set to no to enter debugging mode log_stderror=no # (cmd line: -E) Set to yes to enter debugging mode

check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) advertised_address="82.168.191.xx" advertised_port=5060 port=5060 children=4 fifo="/tmp/openser_fifo"

# # ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database mpath="/usr/lib/openser/modules/" loadmodule "mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "nathelper.so"

# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "auth.so" loadmodule "auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

modparam("usrloc", "db_mode", 0)

# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2)

# -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password")

# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)

# -- nathelper params --- modparam("nathelper", "rtpproxy_sock", "udp:192.168.10.6:22222") modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) #modparam("nathelper", "sipping_bflag", 7) modparam("nathelper", "sipping_from", "sip:pinger@82.168.191.xx")

# ------------------------- request routing logic -------------------

# main routing logic

route{

     # initial sanity checks -- messages with
     # max_forwards==0, or excessively long requests
     if (!mf_process_maxfwd_header("10")) {
             sl_send_reply("483","Too Many Hops");
             exit;
     };

     if (msg:len >=  2048 ) {
             sl_send_reply("513", "Message too big");
             exit;
     };

     # NAT detection
     route(2);

     # we record-route all messages -- to make sure that
     # subsequent messages will go through our proxy; that's
     # particularly good if upstream and downstream entities
     # use different transport protocol
     if (!method=="REGISTER")
             record_route();

     # subsequent messages withing a dialog should take the
     # path determined by record-routing
     if (loose_route()) {
             # mark routing logic in request
             append_hf("P-hint: rr-enforced\r\n");
             route(1);
     };

     if (!uri==myself) {
             # mark routing logic in request
             append_hf("P-hint: outbound\r\n");
             # if you have some interdomain connections via TLS
             #if(uri=~"@tls_domain1.net") {
             #       t_relay("tls:domain1.net");
             #       exit;
             #} else if(uri=~"@tls_domain2.net") {
             #       t_relay("tls:domain2.net");
             #       exit;
             #}
             route(1);
     };

     # if the request is for other domain use UsrLoc
     # (in case, it does not work, use the following command
     # with proper names and addresses in it)
     if (uri==myself) {

             if (method=="REGISTER") {

                     # Uncomment this if you want to use digest 

authentication if (!www_authorize("sip.familiedobbelsteen.nl", "subscriber")) {

www_challenge("sip.familiedobbelsteen.nl", "0"); exit; };

                     if (isflagset(5)) {
                             # set branch flag -- when someone will 

call this user # INVITE will have branch flag 6 set after loopup("location") setflag(6); # if you want OPTIONS natpings uncomment next # setflag(7); };

                     save("location");
                     exit;
             };

             lookup("aliases");
             if (!uri==myself) {
                     append_hf("P-hint: outbound alias\r\n");
                     route(1);
             };

             # native SIP destinations are handled using our USRLOC DB
             if (!lookup("location")) {
                     sl_send_reply("404", "Not Found");
                     exit;
             };
             append_hf("P-hint: usrloc applied\r\n");
     };

     route(1);

}

route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (subst_uri('/(sip:.*);nat=yes/\1/i')) { setflag(6); };

     if (isflagset(5) || isflagset(6)) {
             route(3);
     };

     if (!t_relay()) {
             sl_reply_error();
     };
     exit;

}

route[2] { force_rport(); if(nat_uac_test("19")) { if (method=="REGISTER") { fix_nated_register(); } else { fix_nated_contact(); }; setflag(5); }; }

route[3] { if (is_method("BYE")) { unforce_rtp_proxy(); } else if (is_method("INVITE")) { force_rtp_proxy("", "82.168.191.xx"); t_on_failure("2"); }; if (isflagset(5)) search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes'); t_on_reply("1"); }

failure_route[2] { if (isflagset(6)||isflagset(5)) { unforce_rtp_proxy(); }; }

onreply_route[1] { if ((isflagset(5) || isflagset(6)) && status =~ "(183)|(2[0-9][0-9])") { force_rtp_proxy(); }; search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');

     if (isflagset(6)) {
             fix_nated_contact();
     };
     exit;

}

---

Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users

Robert Dyck wrote:

I understand that the iptables SIP ALG has been much revised this year although I have not tested it myself. I believe you need at least linux 2.6.25.

Really...? That would be a source of immeasurable fascination to me. Do you have a source for this in the changelogs somewhere?

Last time I used the SIP ALG module was a few months ago, during which time I noted that it performs no application protocol-level NAT fixups; all it does is make sure the appropriate ports are mapped to statefully track NAT'd SIP messages. It neither provides for the opening of RTP media ports on session establishment, nor rewrite any SIP headers.

Hi Joris!

This is a normal home user scenario and usually there is no need for an outbound proxy. Either the SIP UA does NAT traversal (e.g. using STUN) or the VoIP Service Provider does the NAT traversal on the proxy. As oyu are using iptables NAT it should work this way (except you have certain unusual iptables rules).

I suggest to install "winstun" (http://sourceforge.net/project/showfiles.php?group_id=47735&package_id=1...) and test your NAT device.

If winstun reports that VoIP should work, then using Xlite should be no problem.

regards klaus

Joris Dobbelsteen schrieb:

Robert Dyck wrote:

...

I understand that the iptables SIP ALG has been much revised this year although I have not tested it myself. I believe you need at least linux 2.6.25.

The unfortunate situtions is that I currently run Debian, which has the 2.6.18 kernel. Futhermore the box runs Xen and the latest kernel does not support Xen yet. So I'm out of luck in this department in many ways.

Can't I get OpenSER to work, or any (maybe simpler) SIP proxy? Maybe another solutions is more suited for the problem I have?

• Joris

...

On Monday 21 July 2008, Joris Dobbelsteen wrote:

...

Neill Wilkinson wrote:

...

If you are using IPtables and are familiar with how to add modules - there is a sip connection tracking module that might help:

http://people.netfilter.org/chentschel/docs/sip-conntrack-nat.html

Neill...;o)

Neill Wilkinson Principal Consultant

Aeonvista Ltd - opening up new ideas

I have that installed, but to the outside the SIP packets still carry the LAN IP address. I'm currently missing audio (at least inbound is nowhere to be seen) and it doesn't really work reliable at this moment. That is a real problem currently and must be solved reliably.

The ZyXEL modem I have was intended to be the NAT router for the network, but its configured differently in my case, so I can't make that thing to play nicely with NAT.

lsmod on the firewall: ip_nat_sip 8832 0 ip_conntrack_sip 13392 1 ip_nat_sip

Thanks so far,

• Joris

...

-----Original Message----- From: users-bounces@lists.openser.org [mailto:users-bounces@lists.openser.org] On Behalf Of Joris Dobbelsteen Sent: 21 July 2008 21:10 To: users@lists.openser.org Subject: [OpenSER-Users] OpenSER as NAT traversal proxy HELP!

Dear,

I'm really trying to use OpenSER as a NAT traversal SIP proxy, since my home phone keeps breaking voice channels (the box was not intended behind NAT and I'm, of course, using a configuration that no so well supported).

What is the idea:

SIP transactions should travel this way: ZyXEL UA <-> SIP Proxy <-> NAT Firewall (iptables) <-> {Internet}

RTP should travel this way: ZyXEL UA <-> NAT Firewall & RTPProxy <-> {Internet}

My current test is using X-Lite with voipbuster, but that doesn't really work. It seems that registers are functioning, at least X-Lite reports itself being registered. Voice calls always end up in timeouts, so something is really going wrong here, it might be authentication problems?

An added problem is that I have just sufficient knowledge of SIP to see what it is doing, without really knowing what to expect exactly. Furthermore I have virtually no knowledge of OpenSER. I've quite a hard time even grasping the configuration I typed in. This is not really helpful

What I do know:

• SIP Proxy traffic is flowing.
• SIP INVITES don't work at all.
• SIP to RTP is communication, but I don't know if RTP is actually

flowing.

I stole most of the configuration from the "04 NAT Traversal" slides of the "Italy 2007 Admin course", to which there is link on the documentation site. I adapted it to make it work with the debian supplied OpenSER 1.1.

How do I get this all working? What am I getting wrong?

I really really appeciate any help I can get to get it working!

• Joris

Config is this: # ----------- global configuration parameters ------------------------

debug=4 # debug level (cmd line: -dddddddddd) fork=yes # Set to no to enter debugging mode log_stderror=no # (cmd line: -E) Set to yes to enter debugging mode

check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) advertised_address="82.168.191.xx" advertised_port=5060 port=5060 children=4 fifo="/tmp/openser_fifo"

# # ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database mpath="/usr/lib/openser/modules/" loadmodule "mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "nathelper.so"

# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "auth.so" loadmodule "auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

modparam("usrloc", "db_mode", 0)

# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2)

# -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password")

# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)

# -- nathelper params --- modparam("nathelper", "rtpproxy_sock", "udp:192.168.10.6:22222") modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) #modparam("nathelper", "sipping_bflag", 7) modparam("nathelper", "sipping_from", "sip:pinger@82.168.191.xx")

# ------------------------- request routing logic -------------------

# main routing logic

route{

     # initial sanity checks -- messages with
     # max_forwards==0, or excessively long requests
     if (!mf_process_maxfwd_header("10")) {
             sl_send_reply("483","Too Many Hops");
             exit;
     };

     if (msg:len >=  2048 ) {
             sl_send_reply("513", "Message too big");
             exit;
     };

     # NAT detection
     route(2);

     # we record-route all messages -- to make sure that
     # subsequent messages will go through our proxy; that's
     # particularly good if upstream and downstream entities
     # use different transport protocol
     if (!method=="REGISTER")
             record_route();

     # subsequent messages withing a dialog should take the
     # path determined by record-routing
     if (loose_route()) {
             # mark routing logic in request
             append_hf("P-hint: rr-enforced\r\n");
             route(1);
     };

     if (!uri==myself) {
             # mark routing logic in request
             append_hf("P-hint: outbound\r\n");
             # if you have some interdomain connections via TLS
             #if(uri=~"@tls_domain1.net") {
             #       t_relay("tls:domain1.net");
             #       exit;
             #} else if(uri=~"@tls_domain2.net") {
             #       t_relay("tls:domain2.net");
             #       exit;
             #}
             route(1);
     };

     # if the request is for other domain use UsrLoc
     # (in case, it does not work, use the following command
     # with proper names and addresses in it)
     if (uri==myself) {

             if (method=="REGISTER") {

                     # Uncomment this if you want to use digest

authentication if (!www_authorize("sip.familiedobbelsteen.nl", "subscriber")) {

www_challenge("sip.familiedobbelsteen.nl", "0"); exit; };

                     if (isflagset(5)) {
                             # set branch flag -- when someone will

call this user # INVITE will have branch flag 6 set after loopup("location") setflag(6); # if you want OPTIONS natpings uncomment next # setflag(7); };

                     save("location");
                     exit;
             };

             lookup("aliases");
             if (!uri==myself) {
                     append_hf("P-hint: outbound alias\r\n");
                     route(1);
             };

             # native SIP destinations are handled using our USRLOC

DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); };

     route(1);

}

route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (subst_uri('/(sip:.*);nat=yes/\1/i')) { setflag(6); };

     if (isflagset(5) || isflagset(6)) {
             route(3);
     };

     if (!t_relay()) {
             sl_reply_error();
     };
     exit;

}

route[2] { force_rport(); if(nat_uac_test("19")) { if (method=="REGISTER") { fix_nated_register(); } else { fix_nated_contact(); }; setflag(5); }; }

route[3] { if (is_method("BYE")) { unforce_rtp_proxy(); } else if (is_method("INVITE")) { force_rtp_proxy("", "82.168.191.xx"); t_on_failure("2"); }; if (isflagset(5)) search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes'); t_on_reply("1"); }

failure_route[2] { if (isflagset(6)||isflagset(5)) { unforce_rtp_proxy(); }; }

onreply_route[1] { if ((isflagset(5) || isflagset(6)) && status =~ "(183)|(2[0-9][0-9])") { force_rtp_proxy(); }; search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');

     if (isflagset(6)) {
             fix_nated_contact();
     };
     exit;

}

---

Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users

---

Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users

---

Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users

Hi Joris!

Testing with XLite I meant to find out if the problem is a problem of the ANT or of the client (zyxel) as Xlite does NAT traversal very well.

If Zyxel does not support NAT traversal and also voipbuster fails to traverse your special NAT, then you yre right and need your own NAT traversal solution e.g. as you tried with openser (multihomed) and rtpproxy in (bridge mode). You could also try http://sourceforge.net/projects/siproxd/

regards klasu

Joris Dobbelsteen schrieb:

Klaus Darilion wrote:

...

Hi Joris!

This is a normal home user scenario and usually there is no need for an outbound proxy. Either the SIP UA does NAT traversal (e.g. using STUN)

The SIP UA does NOT. Its a ZyXEL ADSL+VoIP modem that ASSUMES it has an Internet IP number. In my installation, it does not, as I have quite high demands on the number of NATted connections and some special desires for doing tricky things with the firewall for experimental purposes. These rule out the ZyXEL solution for large part. Its also inherited from my pre-VoIP era installation.

...

or the VoIP Service Provider does the NAT traversal on the proxy. As oyu are using iptables NAT it should work this way (except you have certain unusual iptables rules).

Yeah, it should, but I don't see incoming VoIP traffic flowing. Also the connection worked a bit before, but its not reliable for voice traffic. This is a major problem for me. It has worked somewhat reliable before, but there are occasional problems with the installation, just mostly missing audio.

The problem is that I think (quite certain) that the UA does NOT do NAT, and I cannot control what my ISP is actually doing. Futhermore I don't expect any support from them for my installation. They will assume that the VoIP box has the public IP address and plays nicely on the Internet. That the 'provided' and supported solution they give.

So repeating again, I think the only way to properly guarentee reliable VoIP connection is handling SIP and RTP traffic in such a way that my ISP does not have to make any NAT assumptions/handling.

...

I suggest to install "winstun" (http://sourceforge.net/project/showfiles.php?group_id=47735&package_id=1...) and test your NAT device.

If winstun reports that VoIP should work, then using Xlite should be no problem.

X-Lite is only a test case, as I don't want to mess with the ZyXEL modem yet. Its also a hell of a lot easier to control with X-Lite is actually doing, but its not the solution to be implemented. The ZyXEL modem with attached analog phones is.

I'm passing XLite though the openser and that doesn't work. It has worked plainly over NAT before without problems before. This is however NOT the test case!

...

regards klaus

• Joris

...

Joris Dobbelsteen schrieb:

...

Robert Dyck wrote:

...

I understand that the iptables SIP ALG has been much revised this year although I have not tested it myself. I believe you need at least linux 2.6.25.

The unfortunate situtions is that I currently run Debian, which has the 2.6.18 kernel. Futhermore the box runs Xen and the latest kernel does not support Xen yet. So I'm out of luck in this department in many ways.

Can't I get OpenSER to work, or any (maybe simpler) SIP proxy? Maybe another solutions is more suited for the problem I have?

• Joris

...

On Monday 21 July 2008, Joris Dobbelsteen wrote:

...

Neill Wilkinson wrote:

...

If you are using IPtables and are familiar with how to add modules - there is a sip connection tracking module that might help:

http://people.netfilter.org/chentschel/docs/sip-conntrack-nat.html

Neill...;o)

Neill Wilkinson Principal Consultant

Aeonvista Ltd - opening up new ideas

I have that installed, but to the outside the SIP packets still carry the LAN IP address. I'm currently missing audio (at least inbound is nowhere to be seen) and it doesn't really work reliable at this moment. That is a real problem currently and must be solved reliably.

The ZyXEL modem I have was intended to be the NAT router for the network, but its configured differently in my case, so I can't make that thing to play nicely with NAT.

lsmod on the firewall: ip_nat_sip 8832 0 ip_conntrack_sip 13392 1 ip_nat_sip

Thanks so far,

• Joris

...

-----Original Message----- From: users-bounces@lists.openser.org [mailto:users-bounces@lists.openser.org] On Behalf Of Joris Dobbelsteen Sent: 21 July 2008 21:10 To: users@lists.openser.org Subject: [OpenSER-Users] OpenSER as NAT traversal proxy HELP!

Dear,

I'm really trying to use OpenSER as a NAT traversal SIP proxy, since my home phone keeps breaking voice channels (the box was not intended behind NAT and I'm, of course, using a configuration that no so well supported).

What is the idea:

SIP transactions should travel this way: ZyXEL UA <-> SIP Proxy <-> NAT Firewall (iptables) <-> {Internet}

RTP should travel this way: ZyXEL UA <-> NAT Firewall & RTPProxy <-> {Internet}

My current test is using X-Lite with voipbuster, but that doesn't really work. It seems that registers are functioning, at least X-Lite reports itself being registered. Voice calls always end up in timeouts, so something is really going wrong here, it might be authentication problems?

An added problem is that I have just sufficient knowledge of SIP to see what it is doing, without really knowing what to expect exactly. Furthermore I have virtually no knowledge of OpenSER. I've quite a hard time even grasping the configuration I typed in. This is not really helpful

What I do know:

• SIP Proxy traffic is flowing.
• SIP INVITES don't work at all.
• SIP to RTP is communication, but I don't know if RTP is actually

flowing.

I stole most of the configuration from the "04 NAT Traversal" slides of the "Italy 2007 Admin course", to which there is link on the documentation site. I adapted it to make it work with the debian supplied OpenSER 1.1.

How do I get this all working? What am I getting wrong?

I really really appeciate any help I can get to get it working!

• Joris

Config is this:

# ----------- global configuration parameters

debug=4 # debug level (cmd line: -dddddddddd) fork=yes # Set to no to enter debugging mode log_stderror=no # (cmd line: -E) Set to yes to enter debugging mode

check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) advertised_address="82.168.191.xx" advertised_port=5060 port=5060 children=4 fifo="/tmp/openser_fifo"

#

# ------------------ module loading

# Uncomment this if you want to use SQL database mpath="/usr/lib/openser/modules/" loadmodule "mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "nathelper.so"

# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "auth.so" loadmodule "auth_db.so"

# ----------------- setting module-specific parameters

# -- usrloc params --

modparam("usrloc", "db_mode", 0)

# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2)

# -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password")

# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)

# -- nathelper params --- modparam("nathelper", "rtpproxy_sock", "udp:192.168.10.6:22222") modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) #modparam("nathelper", "sipping_bflag", 7) modparam("nathelper", "sipping_from", "sip:pinger@82.168.191.xx")

# ------------------------- request routing logic

# main routing logic

route{

     # initial sanity checks -- messages with
     # max_forwards==0, or excessively long requests
     if (!mf_process_maxfwd_header("10")) {
             sl_send_reply("483","Too Many Hops");
             exit;
     };

     if (msg:len >=  2048 ) {
             sl_send_reply("513", "Message too big");
             exit;
     };

     # NAT detection
     route(2);

     # we record-route all messages -- to make sure that
     # subsequent messages will go through our proxy; that's
     # particularly good if upstream and downstream entities
     # use different transport protocol
     if (!method=="REGISTER")
             record_route();

     # subsequent messages withing a dialog should take the
     # path determined by record-routing
     if (loose_route()) {
             # mark routing logic in request
             append_hf("P-hint: rr-enforced\r\n");
             route(1);
     };

     if (!uri==myself) {
             # mark routing logic in request
             append_hf("P-hint: outbound\r\n");
             # if you have some interdomain connections via TLS
             #if(uri=~"@tls_domain1.net") {
             #       t_relay("tls:domain1.net");
             #       exit;
             #} else if(uri=~"@tls_domain2.net") {
             #       t_relay("tls:domain2.net");
             #       exit;
             #}
             route(1);
     };

     # if the request is for other domain use UsrLoc
     # (in case, it does not work, use the following command
     # with proper names and addresses in it)
     if (uri==myself) {

             if (method=="REGISTER") {

                     # Uncomment this if you want to use digest

authentication if (!www_authorize("sip.familiedobbelsteen.nl", "subscriber")) {

www_challenge("sip.familiedobbelsteen.nl", "0"); exit; };

                     if (isflagset(5)) {
                             # set branch flag -- when someone 

will call this user # INVITE will have branch flag 6 set after loopup("location") setflag(6); # if you want OPTIONS natpings uncomment next # setflag(7); };

                     save("location");
                     exit;
             };

             lookup("aliases");
             if (!uri==myself) {
                     append_hf("P-hint: outbound alias\r\n");
                     route(1);
             };

             # native SIP destinations are handled using our 

USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); };

     route(1);

}

route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (subst_uri('/(sip:.*);nat=yes/\1/i')) { setflag(6); };

     if (isflagset(5) || isflagset(6)) {
             route(3);
     };

     if (!t_relay()) {
             sl_reply_error();
     };
     exit;

}

route[2] { force_rport(); if(nat_uac_test("19")) { if (method=="REGISTER") { fix_nated_register(); } else { fix_nated_contact(); }; setflag(5); }; }

route[3] { if (is_method("BYE")) { unforce_rtp_proxy(); } else if (is_method("INVITE")) { force_rtp_proxy("", "82.168.191.xx"); t_on_failure("2"); }; if (isflagset(5)) search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes'); t_on_reply("1"); }

failure_route[2] { if (isflagset(6)||isflagset(5)) { unforce_rtp_proxy(); }; }

onreply_route[1] { if ((isflagset(5) || isflagset(6)) && status =~ "(183)|(2[0-9][0-9])") { force_rtp_proxy(); }; search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');

     if (isflagset(6)) {
             fix_nated_contact();
     };
     exit;

}

---

Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users

---

Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users

---

Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users

I have a couple ideas for you if you decide to pursue openser further. It is not necessary for rtpproxy to be in bridge mode to service your LAN. When you configure your UA's, point them at the public address of openser for otg proxy. Secondly the nat travesal functions in openser were not intended for local UA's but rather on some external LAN. They expect the source address to be public. You can use the textops module to do your own mangling with regular expressions ( what a pain ). I have successfully used both ideas but of course your topology is a bit unusual. Also a minor code change in rtpproxy may be all that is needed for you to specify the port range. Good luck

On Friday 25 July 2008, Joris Dobbelsteen wrote:

Klaus Darilion wrote:

...

Hi Joris!

Testing with XLite I meant to find out if the problem is a problem of the ANT or of the client (zyxel) as Xlite does NAT traversal very well.

If Zyxel does not support NAT traversal and also voipbuster fails to traverse your special NAT, then you yre right and need your own NAT traversal solution e.g. as you tried with openser (multihomed) and rtpproxy in (bridge mode). You could also try http://sourceforge.net/projects/siproxd/

I did, and with both I had several problems I have no knowledge of understanding what is going wrong and how to solve it. With siproxd I got to the point that everything should have worked, at least in my opinion. I could see all the traffic flowing and it seemed to be OK and with correct IPs and correct ports. Either incoming or outgoing audio remained to be a problem, so after two and a half day I gave up and reconfigured the ZyXEL (plus other parts on the network) into the ISP intended configuration. This at least solved the VoIP issues I had. Its not what I had intended though, but its a "production" system and it just needs to work. I had other people complaining, because VoIP was down mostly for 2 weeks while I was away. It used to work before with plain NAT (most of the time) but something seems to have changed in the meanwhile (my ISP also had a few days outage on their VoIP service, so its well possible that they made big changes/replaced equipment to get them resolved). I only had problems with jitter at that time and I had resolved these.

Maybe I'll try again at some later date. In any case, OpenSER + rtpproxy don't seem to be really nice for the setup I thought about. NAT seems mostly an afterthought and I seriously miss control over the UTP ports to be used. I like to lock down my firewall as tight as possible, but this just not an option with this software. Its better with siproxd, where you actually can configure the UTP ports to use. Nevertheless, its quite nice to see OpenSER a bit and I got an light impression of what it is capable of. The design allows you to do everything you could think of. The only other disadvantage is its unpolished support for postgresql, especially for someone who values ACID properties and MySQL lacks/violates those mostly. Still I should complement all the people who have designed and implemented this software.

Also thanks for those who tried to help me with my issues. Its at least encouraging for taking another attempt to get it to work at some later date.

Regards,

• Joris

[snip]

Joris,

I also note that you fix the Contact and the Register in Router(2).

You'll also need to fix_nated_sdp too. The media values in the SDP will need to be modified from the private IP Address.

Neill....;o) Neill Wilkinson Principal Consultant   Aeonvista Ltd - opening up new ideas

-----Original Message----- From: Joris Dobbelsteen [mailto:joris@familiedobbelsteen.nl] Sent: 22 July 2008 09:05 To: Robert Dyck Cc: users@lists.openser.org; Neill Wilkinson Subject: Re: [OpenSER-Users] OpenSER as NAT traversal proxy HELP!

Robert Dyck wrote:

I understand that the iptables SIP ALG has been much revised this year although I have not tested it myself. I believe you need at least linux 2.6.25.

The unfortunate situtions is that I currently run Debian, which has the 2.6.18 kernel. Futhermore the box runs Xen and the latest kernel does not support Xen yet. So I'm out of luck in this department in many ways.

Can't I get OpenSER to work, or any (maybe simpler) SIP proxy? Maybe another solutions is more suited for the problem I have?

- Joris

On Monday 21 July 2008, Joris Dobbelsteen wrote:

...

Neill Wilkinson wrote:

...

If you are using IPtables and are familiar with how to add modules - there is a sip connection tracking module that might help:

http://people.netfilter.org/chentschel/docs/sip-conntrack-nat.html

Neill...;o)

Neill Wilkinson Principal Consultant

Aeonvista Ltd - opening up new ideas

I have that installed, but to the outside the SIP packets still carry the LAN IP address. I'm currently missing audio (at least inbound is nowhere to be seen) and it doesn't really work reliable at this moment. That is a real problem currently and must be solved reliably.

The ZyXEL modem I have was intended to be the NAT router for the network, but its configured differently in my case, so I can't make that thing to play nicely with NAT.

lsmod on the firewall: ip_nat_sip 8832 0 ip_conntrack_sip 13392 1 ip_nat_sip

Thanks so far,

• Joris

...

-----Original Message----- From: users-bounces@lists.openser.org [mailto:users-bounces@lists.openser.org] On Behalf Of Joris Dobbelsteen Sent: 21 July 2008 21:10 To: users@lists.openser.org Subject: [OpenSER-Users] OpenSER as NAT traversal proxy HELP!

Dear,

I'm really trying to use OpenSER as a NAT traversal SIP proxy, since my home phone keeps breaking voice channels (the box was not intended behind NAT and I'm, of course, using a configuration that no so well supported).

What is the idea:

SIP transactions should travel this way: ZyXEL UA <-> SIP Proxy <-> NAT Firewall (iptables) <-> {Internet}

RTP should travel this way: ZyXEL UA <-> NAT Firewall & RTPProxy <-> {Internet}

My current test is using X-Lite with voipbuster, but that doesn't really work. It seems that registers are functioning, at least X-Lite reports itself being registered. Voice calls always end up in timeouts, so something is really going wrong here, it might be authentication problems?

An added problem is that I have just sufficient knowledge of SIP to see what it is doing, without really knowing what to expect exactly. Furthermore I have virtually no knowledge of OpenSER. I've quite a hard time even grasping the configuration I typed in. This is not really helpful

What I do know:

• SIP Proxy traffic is flowing.
• SIP INVITES don't work at all.
• SIP to RTP is communication, but I don't know if RTP is actually

flowing.

I stole most of the configuration from the "04 NAT Traversal" slides of the "Italy 2007 Admin course", to which there is link on the documentation site. I adapted it to make it work with the debian supplied OpenSER 1.1.

How do I get this all working? What am I getting wrong?

I really really appeciate any help I can get to get it working!

• Joris

Config is this: # ----------- global configuration parameters ------------------------

debug=4 # debug level (cmd line: -dddddddddd) fork=yes # Set to no to enter debugging mode log_stderror=no # (cmd line: -E) Set to yes to enter debugging mode

check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) advertised_address="82.168.191.xx" advertised_port=5060 port=5060 children=4 fifo="/tmp/openser_fifo"

# # ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database mpath="/usr/lib/openser/modules/" loadmodule "mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "nathelper.so"

# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "auth.so" loadmodule "auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

modparam("usrloc", "db_mode", 0)

# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2)

# -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password")

# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)

# -- nathelper params --- modparam("nathelper", "rtpproxy_sock", "udp:192.168.10.6:22222") modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) #modparam("nathelper", "sipping_bflag", 7) modparam("nathelper", "sipping_from", "sip:pinger@82.168.191.xx")

# ------------------------- request routing logic -------------------

# main routing logic

route{

     # initial sanity checks -- messages with
     # max_forwards==0, or excessively long requests
     if (!mf_process_maxfwd_header("10")) {
             sl_send_reply("483","Too Many Hops");
             exit;
     };

     if (msg:len >=  2048 ) {
             sl_send_reply("513", "Message too big");
             exit;
     };

     # NAT detection
     route(2);

     # we record-route all messages -- to make sure that
     # subsequent messages will go through our proxy; that's
     # particularly good if upstream and downstream entities
     # use different transport protocol
     if (!method=="REGISTER")
             record_route();

     # subsequent messages withing a dialog should take the
     # path determined by record-routing
     if (loose_route()) {
             # mark routing logic in request
             append_hf("P-hint: rr-enforced\r\n");
             route(1);
     };

     if (!uri==myself) {
             # mark routing logic in request
             append_hf("P-hint: outbound\r\n");
             # if you have some interdomain connections via TLS
             #if(uri=~"@tls_domain1.net") {
             #       t_relay("tls:domain1.net");
             #       exit;
             #} else if(uri=~"@tls_domain2.net") {
             #       t_relay("tls:domain2.net");
             #       exit;
             #}
             route(1);
     };

     # if the request is for other domain use UsrLoc
     # (in case, it does not work, use the following command
     # with proper names and addresses in it)
     if (uri==myself) {

             if (method=="REGISTER") {

                     # Uncomment this if you want to use digest

authentication if (!www_authorize("sip.familiedobbelsteen.nl", "subscriber")) {

www_challenge("sip.familiedobbelsteen.nl", "0"); exit; };

                     if (isflagset(5)) {
                             # set branch flag -- when someone will

call this user # INVITE will have branch flag 6 set after loopup("location") setflag(6); # if you want OPTIONS natpings uncomment next # setflag(7); };

                     save("location");
                     exit;
             };

             lookup("aliases");
             if (!uri==myself) {
                     append_hf("P-hint: outbound alias\r\n");
                     route(1);
             };

             # native SIP destinations are handled using our USRLOC

DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); };

     route(1);

}

route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (subst_uri('/(sip:.*);nat=yes/\1/i')) { setflag(6); };

     if (isflagset(5) || isflagset(6)) {
             route(3);
     };

     if (!t_relay()) {
             sl_reply_error();
     };
     exit;

}

route[2] { force_rport(); if(nat_uac_test("19")) { if (method=="REGISTER") { fix_nated_register(); } else { fix_nated_contact(); }; setflag(5); }; }

route[3] { if (is_method("BYE")) { unforce_rtp_proxy(); } else if (is_method("INVITE")) { force_rtp_proxy("", "82.168.191.xx"); t_on_failure("2"); }; if (isflagset(5)) search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes'); t_on_reply("1"); }

failure_route[2] { if (isflagset(6)||isflagset(5)) { unforce_rtp_proxy(); }; }

onreply_route[1] { if ((isflagset(5) || isflagset(6)) && status =~ "(183)|(2[0-9][0-9])") { force_rtp_proxy(); }; search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');

     if (isflagset(6)) {
             fix_nated_contact();
     };
     exit;

}

---

Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users

---

Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users

You did not provide many details but I suspect you trying to run a SIP phone on a typical home LAN with Linux box having a public IP address. Siproxd is a simple solution which of course does not have the flexibility of openser. I have used it with multiple phones on the LAN. The main reason I no longer use it is that it will not fork a call and I wanted more than one phone sharing a user ID.

On Tuesday 22 July 2008, Joris Dobbelsteen wrote:

Robert Dyck wrote:

...

I understand that the iptables SIP ALG has been much revised this year although I have not tested it myself. I believe you need at least linux 2.6.25.

The unfortunate situtions is that I currently run Debian, which has the 2.6.18 kernel. Futhermore the box runs Xen and the latest kernel does not support Xen yet. So I'm out of luck in this department in many ways.

Can't I get OpenSER to work, or any (maybe simpler) SIP proxy? Maybe another solutions is more suited for the problem I have?

• Joris

...

On Monday 21 July 2008, Joris Dobbelsteen wrote:

...

Neill Wilkinson wrote:

...

If you are using IPtables and are familiar with how to add modules - there is a sip connection tracking module that might help:

http://people.netfilter.org/chentschel/docs/sip-conntrack-nat.html

Neill...;o)

Neill Wilkinson Principal Consultant

Aeonvista Ltd - opening up new ideas

I have that installed, but to the outside the SIP packets still carry the LAN IP address. I'm currently missing audio (at least inbound is nowhere to be seen) and it doesn't really work reliable at this moment. That is a real problem currently and must be solved reliably.

The ZyXEL modem I have was intended to be the NAT router for the network, but its configured differently in my case, so I can't make that thing to play nicely with NAT.

lsmod on the firewall: ip_nat_sip 8832 0 ip_conntrack_sip 13392 1 ip_nat_sip

Thanks so far,

• Joris

...

-----Original Message----- From: users-bounces@lists.openser.org [mailto:users-bounces@lists.openser.org] On Behalf Of Joris Dobbelsteen Sent: 21 July 2008 21:10 To: users@lists.openser.org Subject: [OpenSER-Users] OpenSER as NAT traversal proxy HELP!

Dear,

I'm really trying to use OpenSER as a NAT traversal SIP proxy, since my home phone keeps breaking voice channels (the box was not intended behind NAT and I'm, of course, using a configuration that no so well supported).

What is the idea:

SIP transactions should travel this way: ZyXEL UA <-> SIP Proxy <-> NAT Firewall (iptables) <-> {Internet}

RTP should travel this way: ZyXEL UA <-> NAT Firewall & RTPProxy <-> {Internet}

My current test is using X-Lite with voipbuster, but that doesn't really work. It seems that registers are functioning, at least X-Lite reports itself being registered. Voice calls always end up in timeouts, so something is really going wrong here, it might be authentication problems?

An added problem is that I have just sufficient knowledge of SIP to see what it is doing, without really knowing what to expect exactly. Furthermore I have virtually no knowledge of OpenSER. I've quite a hard time even grasping the configuration I typed in. This is not really helpful

What I do know:

• SIP Proxy traffic is flowing.
• SIP INVITES don't work at all.
• SIP to RTP is communication, but I don't know if RTP is actually

flowing.

I stole most of the configuration from the "04 NAT Traversal" slides of the "Italy 2007 Admin course", to which there is link on the documentation site. I adapted it to make it work with the debian supplied OpenSER 1.1.

How do I get this all working? What am I getting wrong?

I really really appeciate any help I can get to get it working!

• Joris

Config is this: # ----------- global configuration parameters ------------------------

debug=4 # debug level (cmd line: -dddddddddd) fork=yes # Set to no to enter debugging mode log_stderror=no # (cmd line: -E) Set to yes to enter debugging mode

check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) advertised_address="82.168.191.xx" advertised_port=5060 port=5060 children=4 fifo="/tmp/openser_fifo"

# # ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database mpath="/usr/lib/openser/modules/" loadmodule "mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "nathelper.so"

# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "auth.so" loadmodule "auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

modparam("usrloc", "db_mode", 0)

# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2)

# -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password")

# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)

# -- nathelper params --- modparam("nathelper", "rtpproxy_sock", "udp:192.168.10.6:22222") modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) #modparam("nathelper", "sipping_bflag", 7) modparam("nathelper", "sipping_from", "sip:pinger@82.168.191.xx")

# ------------------------- request routing logic -------------------

# main routing logic

route{

     # initial sanity checks -- messages with
     # max_forwards==0, or excessively long requests
     if (!mf_process_maxfwd_header("10")) {
             sl_send_reply("483","Too Many Hops");
             exit;
     };

     if (msg:len >=  2048 ) {
             sl_send_reply("513", "Message too big");
             exit;
     };

     # NAT detection
     route(2);

     # we record-route all messages -- to make sure that
     # subsequent messages will go through our proxy; that's
     # particularly good if upstream and downstream entities
     # use different transport protocol
     if (!method=="REGISTER")
             record_route();

     # subsequent messages withing a dialog should take the
     # path determined by record-routing
     if (loose_route()) {
             # mark routing logic in request
             append_hf("P-hint: rr-enforced\r\n");
             route(1);
     };

     if (!uri==myself) {
             # mark routing logic in request
             append_hf("P-hint: outbound\r\n");
             # if you have some interdomain connections via TLS
             #if(uri=~"@tls_domain1.net") {
             #       t_relay("tls:domain1.net");
             #       exit;
             #} else if(uri=~"@tls_domain2.net") {
             #       t_relay("tls:domain2.net");
             #       exit;
             #}
             route(1);
     };

     # if the request is for other domain use UsrLoc
     # (in case, it does not work, use the following command
     # with proper names and addresses in it)
     if (uri==myself) {

             if (method=="REGISTER") {

                     # Uncomment this if you want to use digest

authentication if (!www_authorize("sip.familiedobbelsteen.nl", "subscriber")) {

www_challenge("sip.familiedobbelsteen.nl", "0"); exit; };

                     if (isflagset(5)) {
                             # set branch flag -- when someone will

call this user # INVITE will have branch flag 6 set after loopup("location") setflag(6); # if you want OPTIONS natpings uncomment next # setflag(7); };

                     save("location");
                     exit;
             };

             lookup("aliases");
             if (!uri==myself) {
                     append_hf("P-hint: outbound alias\r\n");
                     route(1);
             };

             # native SIP destinations are handled using our USRLOC

DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); };

     route(1);

}

route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (subst_uri('/(sip:.*);nat=yes/\1/i')) { setflag(6); };

     if (isflagset(5) || isflagset(6)) {
             route(3);
     };

     if (!t_relay()) {
             sl_reply_error();
     };
     exit;

}

route[2] { force_rport(); if(nat_uac_test("19")) { if (method=="REGISTER") { fix_nated_register(); } else { fix_nated_contact(); }; setflag(5); }; }

route[3] { if (is_method("BYE")) { unforce_rtp_proxy(); } else if (is_method("INVITE")) { force_rtp_proxy("", "82.168.191.xx"); t_on_failure("2"); }; if (isflagset(5)) search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes'); t_on_reply("1"); }

failure_route[2] { if (isflagset(6)||isflagset(5)) { unforce_rtp_proxy(); }; }

onreply_route[1] { if ((isflagset(5) || isflagset(6)) && status =~ "(183)|(2[0-9][0-9])") { force_rtp_proxy(); }; search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');

     if (isflagset(6)) {
             fix_nated_contact();
     };
     exit;

}

---

Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users

---

Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users

Joris Dobbelsteen joris@familiedobbelsteen.nl writes:

Can't I get OpenSER to work, or any (maybe simpler) SIP proxy? Maybe another solutions is more suited for the problem I have?

I ended up using a B2BUA (asterisk) for this.

See also the thread "kagoor voiceflow replacement" on the OpenSER-Users mailing list. Message-ID: 424bdbb90804111305l4a86774dhf16f890acdffbcdc@mail.gmail.com

Greetings, Jens