Re: [Serusers] Re: [Users] rfc3264 and nathelper module - sr-users

29 Nov 2005


      On Tue, 29 Nov 2005 14:46:55 +0100 (CET), harry gaillac wrote
...
REGISTER:
    if (!is_from_local()) {
            sl_send_reply("401", "Unauthorized");
            break;
    };
            rewritehostport("nxs.yi.org:5050");
            t_relay_to_udp("nxs.yi.org","5050");

So... you want your users to register both with Asterisk AND with SER? What
for? Why not use some form of SER authorisation to control access to the
Asterisk server? I'm not sure what you're trying to do here...
...
INVITE:
        rewritehostport("nxs.yi.org:5050");
What's the context around this? You want ALL calls to go straight to Asterisk?
It just seems... I don't know... weird. I assume you're doing this because SER
handles presence and Asterisk doesn't... but everything else you want to be
controlled by Asterisk, including user registration, etc, etc.
For your invite, btw, you would need to also have a t_relay_to_udp, or
alternatively, you can do it as:
rewritehostport("nxs.yi.org:5050");
forward(uri:host,uri:port);
break;
...
sip.conf:
[general]
context=local                   ; Default context for
incoming calls
                                ; if asterisk was
compiled with OSP support.
realm=nxs.yi.org                ; Realm for digest
authentication
                                ; defaults to
"asterisk"
                                ; Realms MUST be
globally unique according to RFC 3261
                                ; Set this to your
host name or domain name
bindport=5050                   ; UDP Port to bind to
(SIP standard port is 5060)
bindaddr=nxs.yi.org             ; IP address to bind
to (0.0.0.0 binds to all)
srvlookup=yes                   ; Enable DNS SRV
lookups on outbound calls
tos=lowdelay                    ;
lowdelay,throughput,reliability,mincost,none
maxexpirey=3600                 ; Max length of
incoming registration we allow
defaultexpirey=1000             ; Default length of
incoming/outoing registration
allow=all                       ; First disallow all
codecs
musicclass=default              ; Sets the default
music on hold class for all SIP calls
language=fr                     ; Default language
setting for all users/peers
rtptimeout=60                   ; Terminate call if 60
seconds of no RTP activity
tpholdtimeout=300               ; Terminate call if
300 seconds of no RTP activity
useragent=Asterisk PBX          ; Allows you to change
the user agent string
dtmfmode = rfc2833              ; Set default dtmfmode
for sending DTMF. Default: rfc2833
promiscredir = no               ; If yes, allows 302
or REDIR to non-local SIP address
[84]
type=friend
secret=84
username=84
context=local
host=dynamic
mailbox=84
allow=all
[85]
type=friend
secret=85
username=85
context=local
host=dynamic
mailbox=85
allow=all
In your blocks there, you might want to add
insecure=very
to allow registered hosts to call without reauthenticating -- just to speed
things up a little (optional)
one IMPORTANT thing you want to add to each block just to make sure it's there is:
canreinvite=yes
This allows the RTP traffic to bypass asterisk and just go from UA to UA
without taking up bandwidth.  It will NOT, however, work well for NATted users
without playing around with rewriting the SDP (using something like a
nathelper fix_nated_sdp("3") call)
Rereading your original emails, I now think I understand that this is what you
were asking about before (correct me if I'm wrong)... was the fix_nated_sdp
not working correctly in some way?
N.