the script didn't fit, here it is:
# # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $ # # simple quick-start config script # Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php # for a explanation of possible statements, functions and parameters. #
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) children=10 port=5060 listen=MY.OPENSER.IP.COM disable_dns_blacklist=true
# ------------------ module loading ---------------------------------- #set module path mpath="//lib/openser/modules/"
# Uncomment this if you want to use SQL database #loadmodule "mysql.so"
loadmodule "mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "uri.so" loadmodule "uri_db.so" loadmodule "domain.so" loadmodule "permissions.so" #loadmodule "group.so" loadmodule "mi_fifo.so" loadmodule "lcr.so" loadmodule "avpops.so" loadmodule "xlog.so" loadmodule "mediaproxy.so" loadmodule "acc.so"
# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "auth.so" loadmodule "auth_db.so"
# ----------------- setting module-specific parameters ---------------
modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
modparam("registrar", "received_avp", "$avp(i:42)")
modparam("usrloc", "db_mode", 2) modparam("usrloc", "nat_bflag", 4)
modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password")
modparam("rr", "enable_full_lr", 1)
#modparam("auth_db|permissions|uri_db|usrloc","db_url","mysql://openser:openserrw@localhost /openser") modparam("auth_db|permissions|usrloc|uri_db|domain|lcr|avpops|avp_url","db_url","mysql://openser:password@localhost /openser")
modparam("permissions", "db_mode", 1) modparam("permissions", "trusted_table", "trusted")
modparam("avpops", "avp_table", "usr_preferences")
modparam("mediaproxy","natping_interval",20) modparam("mediaproxy","mediaproxy_socket", "/var/run/mediaproxy/mediaproxy.sock") modparam("mediaproxy","sip_asymmetrics","/etc/openser/sip-clients") modparam("mediaproxy","rtp_asymmetrics","/ect/openser/rtp-clients")
modparam("lcr", "contact_avp", "$avp(i:711)") modparam("lcr|tm", "fr_inv_timer_avp", "$avp(i:704)") modparam("lcr", "gw_uri_avp", "$avp(i:709)") modparam("^auth$|lcr", "rpid_avp", "$avp(i:302)") modparam("lcr", "ruri_user_avp", "$avp(i:500)") modparam("lcr", "dm_flag", 25)
modparam("acc", "radius_config", "/etc/radiusclient-ng/radiusclient.conf") modparam("acc", "radius_flag", 2) modparam("acc", "radius_missed_flag", 3) modparam("acc", "radius_extra", "User-Name=$Au;Calling-Station-Id=$from;Called-Station-Id=$to;Sip-Translated-Request-URI=$ruri;Sip-RPid=$avp(s:rpid);Source-IP=$si;Source-Port=$sp;Canonical-URI=$avp(s:can_uri);Billing-Party=$avp(s:billing_party);Divert-Reason=$avp(s:divert_reason);X-RTP-Stat=$hdr(X-RTP-Stat);Contact=$hdr(contact);Event=$hdr(event);SIP-Proxy-IP=$avp(s:sip_proxy_ip);ENUM-TLD=$avp(s:enum_tld)") # ------------------------- request routing logic -------------------
# main routing logic
route{
# # -- 1 -- Request Validation # if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; };
if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; };
# # -- 2 -- Routing Preprocessing # ## Record-route all except Register ## Mark packets with nat=yes ## This mark will be used to identify the request in the loose ## route section if(!is_method("REGISTER")){ record_route(";nat=yes"); };
##Loose_route packets if (has_totag()) { #sequential request withing a dialog should # take the path determined by record-routing if (loose_route()) { if(method=="BYE") { #Account BYE transactions setflag(2); };
#Check authentication of re-invites if(method=="INVITE" && (!allow_trusted())) { if (!proxy_authorize("","subscriber")) { proxy_challenge("","1"); exit; } else if (!check_from()) { sl_send_reply("403", "Forbidden, use From=ID"); exit; }; }; if(method=="BYE" || method=="CANCEL") { end_media_session(); };
##Detect requests in the dialog behind NAT and flag with 6 route(1); } else { sl_send_reply("404","Not here"); } exit; }
#CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) { end_media_session(); t_relay(); }; exit; }
t_check_trans(); # # -- 3 -- Determine Request Target # if (method=="REGISTER") { route(2); } else { route(3); }; }
route[1] { # # -- 4 -- Forward request to target # # Forward statefully t_on_reply("1"); t_on_failure("1"); if (!t_relay()) { sl_reply_error(); }; exit; }
route[2] { ## Register request handler if (is_uri_host_local()) { if (!www_authorize("", "subscriber")) { www_challenge("", "1"); exit; };
if (!check_to()) { sl_send_reply("403", "Forbidden"); exit; };
setbflag(6); force_rport(); save("location"); exit;
} else if {
sl_send_reply("403", "Forbidden");
}; }
route[3] { ## Requests handler
if (method=="INVITE") { # Account INVITE packets setflag(2); # Account Missed calls setflag(3); # Radius Extra $avp(s:sip_proxy_ip)="MY.OPENSER.IP.COM"; };
if (is_from_local()){ # From an internal domain -> check the credentials and the FROM if(!allow_trusted()){ if (!proxy_authorize("","subscriber")) { proxy_challenge("","0"); exit; } else if(!check_from()) { sl_send_reply("403", "Forbidden, use From=ID"); exit; }; };
#unconditional call forward if(avp_db_load("$ru/username","$avp(s:callfwd)")) { avp_pushto("$ru", "$avp(s:callfwd)"); route(1); exit; }
consume_credentials();
#verify aliases, if found replace R-URI. lookup("aliases");
if (is_uri_host_local()) { # -- Inbound to Inbound xlog("L_INFO","OPENSER: INBOUND -> INBOUND ($tU)"); route(10); } else { # -- Inbound to outbound xlog("L_INFO","OPENSER: INBOUND -> OUTBOUND ($tU)"); route(11); };
} else {
#From an external domain ->do not check credentials #Verify aliases, if found replace R-URI. lookup("aliases"); if (is_uri_host_local()) { xlog("L_INFO","OPENSER: OUTBOUND -> INBOUND ($tU)"); #-- Outbound to inbound route(12); } else { xlog("L_INFO","OPENSER: OUTBOUND -> OUTBOUND ($tU)"); # -- Outbound to outbound route(13); }; }; }
route[4] { # routing to the public network if (!load_gws()) { sl_send_reply("503", "Unable to load gateways"); exit; }
if(!next_gw()){ sl_send_reply("503", "Unable to find a gateway"); exit; } t_on_failure("2"); if (!t_relay()) { sl_reply_error(); }; exit; }
route[6] { # # -- NAT handling -- # append_hf("P-hint: Route[6]: mediaproxy \r\n"); use_media_proxy(); }
route[10] { #from an internal domain -> inbound #Native SIP destinations are handled using the location table #Gateway destinations are handled by regular expressions append_hf("P-hint: inbound->inbound \r\n");
xlog("L_INFO","LOOKING FOR: $tU"); if (uri=~"^sip:55613") { # ECHO TEST xlog("L_INFO","IN ROUTE 613"); route(6); rewritehostport("fwdnat2.pulver.com:5060"); if (!t_relay()) { sl_reply_error(); }; exit; };
if (uri=~"^sip:301") { # ECHO TEST route(6); rewritehostport("blueface.ie"); if (!t_relay()) { sl_reply_error(); }; exit; };
# # if (uri=~"^sip:1[2-9][0-9]{9}@") { # if (is_user_in("credentials","ld")) { # strip(1); # prefix("+1"); # route(6); # route(4); # exit; # } else { # sl_send_reply("403", "No permissions for long distance"); # exit; # }; # }; # # if (uri=~"^sip:011[0-9]*@") { # if (is_user_in("credentials","int")) { # strip(3); # prefix("+"); # route(6); # route(4); # exit; # } else { # sl_send_reply("403", "No permissions for international calls"); # }; # };
if (!lookup("location")) { if (does_uri_exist()) { ## User not registered at this time. ## Use the IP Address of your e-mail server revert_uri(); prefix("u"); rewritehostport("192.168.1.171"); #Use the IP address of your voicemail server route(6); route(1); } else { sl_send_reply("404", "Not Found"); exit; } sl_send_reply("404", "Not Found"); exit; }; route(6); route(1); }
route[11] { # from an internal domain -> outbound # Simply route the call outbound using DNS search append_hf("P-hint: inbound->outbound \r\n"); route(1); }
route[12] { # From an external domain -> inbound # Verify aliases, if found replace R-URI. lookup("aliases"); if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; route(1); }
route[13] { #From an external domain outbound #we are not accepting these calls append_hf("P-hint: outbound->inbound \r\n"); sl_send_reply("403", "Forbidden"); exit; }
failure_route[1] { ##-- ##-- If cancelled, exit. ##-- if (t_was_cancelled()) { exit; }; ##-- ##-- If busy send to the e-mail server, prefix the "b" ##-- character to indicate busy. ##-- if (t_check_status("486")) { revert_uri(); prefix("b"); rewritehostport("192.168.1.171"); append_branch(); route(1); exit; }; ##-- ##-- If timeout (408) or unavailable temporarily (480), ##-- prefix the uri with the "u"character to indicate ##-- unanswered and send to the e-mail ##-- sever ##-- if (t_check_status("408") || t_check_status("480")) { revert_uri(); prefix("u"); rewritehostport("192.168.1.171"); append_branch(); route(1); exit; }; }
failure_route[2] { if(!next_gw()) { t_reply("503", "Service not available, no more gateways"); exit; }; t_on_failure("2"); t_relay(); }
onreply_route[1] { # #-- On-replay block routing -- # append_hf("P-hint: onreply_route|usemediaproxy \r\n"); use_media_proxy(); exit; }
El Viernes, 13 de Junio de 2008 16:47, David Villasmil escribió:
the script didn't fit, here it is:
Sorry David, I'll not check you config, that's your work, not mine ;-), but a fast reading show that you are not calling use_media_proxy on the right places. Also your flow throught the script seems a little chaotic to me, but eachone have it own way of doing things.
What I have seen on your ngrep capture is that your RTP traffic NEVER hitted your mediaproxy, thats why you receive a timeout, from that point on you must first clarify:
1- Paint your test scenario, with IP's (no matter if they are not the real ones, but with IP's no names please), where you have NAT, etc. 2- Reread you ngrep trace, you will see very strange packets. 3- Came again with specific questions, not with your config file and a "here you have ... solve it"
That was not my intention at all and I'm sorry you got it that way. I did take a look at my script and I thought I should do was eliminate all tests for nats and simply call use_media_proxy when an INVITE comes in, and an on_reply was hit. Also of course end_media_session() n a BYE or a CANCEL... But it is still not working, well it instruct my UAC to send rtps directly to the echo test ip... and this wasn't working.
And because I did not see anything work (I don't have much experience with media-proxy) I thought I'd ask here... my bad. ;-)
Of course I will keeo looking at this, I don't want anyone to do my job... ;-)
Thanks a lot
David
On Fri, Jun 13, 2008 at 6:36 PM, Raúl Alexis Betancor Santana < rabs@dimension-virtual.com> wrote:
El Viernes, 13 de Junio de 2008 16:47, David Villasmil escribió:
the script didn't fit, here it is:
Sorry David, I'll not check you config, that's your work, not mine ;-), but a fast reading show that you are not calling use_media_proxy on the right places. Also your flow throught the script seems a little chaotic to me, but eachone have it own way of doing things.
What I have seen on your ngrep capture is that your RTP traffic NEVER hitted your mediaproxy, thats why you receive a timeout, from that point on you must first clarify:
1- Paint your test scenario, with IP's (no matter if they are not the real ones, but with IP's no names please), where you have NAT, etc. 2- Reread you ngrep trace, you will see very strange packets. 3- Came again with specific questions, not with your config file and a "here you have ... solve it"
-- Saludos.
Raúl Alexis Betancor Santana Dimensión Virtual S.L.
Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users
El Viernes, 13 de Junio de 2008 17:47, David Villasmil escribió:
That was not my intention at all and I'm sorry you got it that way. I did take a look at my script and I thought I should do was eliminate all tests for nats and simply call use_media_proxy when an INVITE comes in, and an on_reply was hit. Also of course end_media_session() n a BYE or a CANCEL... But it is still not working, well it instruct my UAC to send rtps directly to the echo test ip... and this wasn't working.
And because I did not see anything work (I don't have much experience with media-proxy) I thought I'd ask here... my bad. ;-)
Of course I will keeo looking at this, I don't want anyone to do my job... ;-)
Ok, so from that point on ... what it's your test scenario, paint it and we could guide you to the right point.
We do not have a crystal ball ;-)
2008/6/13 David Villasmil david.villasmil.work@gmail.com:
the script didn't fit, here it is:
Have all your users public IP? you don't fix NAT "Contacts" neither add "rport" in any request/response.
2008/6/13 David Villasmil david.villasmil.work@gmail.com:
the script didn't fit, here it is:
Have all your users public IP? you don't fix NAT "Contacts" neither add "rport" in any request/response.
Is there a problem if I do it anyway? I supose it will have some impact on performance, but very little right? I don't know if all my clients have public IPs without NAT. The fact is I pretend to do wholesale on this server, that's why I need mediaproxy to do the rtps all the time.
El Monday 16 June 2008 13:01:36 David Villasmil escribió:
2008/6/13 David Villasmil david.villasmil.work@gmail.com:
the script didn't fit, here it is:
Have all your users public IP? you don't fix NAT "Contacts" neither add "rport" in any request/response.
Is there a problem if I do it anyway? I supose it will have some impact on performance, but very little right? I don't know if all my clients have public IPs without NAT. The fact is I pretend to do wholesale on this server, that's why I need mediaproxy to do the rtps all the time.
If you manage clients behind NAT with no STUN you need to fix NAT in SIP signalling. For that you need managing rport, rewritting "Contact" header and so. Of course, if you are not the responsible of the clients you don't need it. :)
-
David Villasmil -
Iñaki Baz Castillo -
Iñaki Baz Castillo -
Raúl Alexis Betancor Santana