[Serusers] problem getting calls to my gateway
Jan Janak
jan at iptel.org
Thu Dec 4 21:15:39 CET 2003
Hello,
unfortunatelly the message dumps do not show anything useful. your ATA
sends an INVITE which is challenged by the server. After that the ATA is
supposed to send a new INVITE, this time including digest credentials.
Jan.
On 04-12 09:31, Rick Gocher wrote:
> Hi everyone,
>
> I have been having lots of problems delivering calls to my companies
> gateway. I have tried several different configs found online however
> nothing seems to work. I am including the ser.cfg and a dump from ngrep in
> hopes a kind person will see what the problem is. I do not know very much
> about sip or ser so any help is greatly needed. Currently our company uses
> a cisco voip solution and I am setting up Ser as a test. Unfortunately our
> admin does not seem very helpful, I'm not sure if he has things setup
> correctly for my calls on the gateway or if it's my ser.cfg file. I was
> hoping from the information I'm sending someone can tell me where the
> problem looks like it's coming from, wether it's his gateway or my config
> file. I'm thinking it's me as I don't see any attempt of passing the call
> to the gateway in the ngrep output.
>
> Also, I have had to alter my ip's listed in this email. I have been warned
> under penalty of pain not to broadcast their ip addresses... :p I hope
> this does not cause a problem.
>
> ATA 64.189.165.206
> Ser Box 64.189.165.205
> Cisco GW 65.189.155.101
> Thank you,
>
> # ----------- global configuration parameters ------------------------
>
> debug=3 # debug level (cmd line -dddddddddd)
> fork=yes
> log_stderror=no # (cmd line -E)
>
> #/* Uncomment these lines to enter debugging mode
> #fork=no
> #log_stderror=yes
> #*/
>
> check_via=no # (cmd. line -v)
> dns=no # (cmd. line -r)
> rev_dns=no # (cmd. line -R)
> port=5060
> children=4
> fifo="/tmp/ser_fifo"
>
> #
> # $Id pstn.cfg,v 1.2 2003/06/03 031812 jiri Exp $
> #
> #
>
> # ------------------ module loading ----------------------------------
> loadmodule "/usr/lib/ser/modules/tm.so"
> loadmodule "/usr/lib/ser/modules/sl.so"
> loadmodule "/usr/lib/ser/modules/acc.so"
> loadmodule "/usr/lib/ser/modules/rr.so"
> loadmodule "/usr/lib/ser/modules/usrloc.so"
> loadmodule "/usr/lib/ser/modules/uri.so"
> loadmodule "/usr/lib/ser/modules/registrar.so"
> loadmodule "/usr/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/lib/ser/modules/mysql.so"
> loadmodule "/usr/lib/ser/modules/auth.so"
> loadmodule "/usr/lib/ser/modules/auth_db.so"
> loadmodule "/usr/lib/ser/modules/textops.so"
> loadmodule "/usr/lib/ser/modules/group.so"
> modparam("auth_db", "db_url","sql//secret at localhost/ser")
> modparam("usrloc", "db_url", "sql//secret at localhost/ser")
>
> # ----------------- setting module-specific parameters ---------------
>
> modparam("auth_db", "calculate_ha1", yes)
> modparam("auth_db", "password_column", "password")
>
> # -- acc params --
> modparam("acc", "log_level", 1)
> # that is the flag for which we will account -- don't forget to
> # set the same one -)
> modparam("acc", "log_flag", 1 )
>
> # ------------------------- request routing logic -------------------
>
> # main routing logic
>
> route{
>
> /* ********* ROUTINE CHECKS ********************************** */
>
> # filter too old messages
> if (!mf_process_maxfwd_header("10")) {
> log("LOG Too many hops\n");
> sl_send_reply("483","Too Many Hops");
> break;
> };
> if (msglen >= max_len ) {
> sl_send_reply("513", "Message too big");
> break;
> };
>
> /* ********* RR ********************************** */
>
> /* grant Route routing if route headers present */
> if (loose_route()) { t_relay(); break; };
>
> /* record-route INVITEs -- all subsequent requests must visit us */
> if (method=="INVITE") {
> record_route();
> };
>
> # now check if it really is a PSTN destination which should be
> handled
> # by our gateway; if not, and the request is an invitation, drop it
> --
> # we cannot terminate it in PSTN; relay non-INVITE requests -- it
> may
> # be for example BYEs sent by gateway to call originator
> if (!uri=~"sip\+?[0-9]+ at .*") {
> if (method=="INVITE") {
> sl_send_reply("403", "Call cannot be served here");
> } else {
> forward(urihost, uriport);
> };
> break;
> };
>
> # account completed transactions via syslog
> setflag(1);
>
> # free call destinations ... no authentication needed
> if ( is_user_in("Request-URI", "free-pstn") /* free destinations */
> | uri=~"sip[7][0-9][0-9][0-9]@.*" /* local PBX */
> | uri=~"sip98[0-9][0-9][0-9][0-9]") {
> log("free call");
> } else if (src_ip==65.189.155.101) {
> # our gateway doesn't support digest authentication;
> # verify that a request is coming from it by source
> # address
> log("gateway-originated request");
> } else {
> # in all other cases, we need to check the request against
> # access control lists; first of all, verify request
> # originator's identity
>
> if (!proxy_authorize( "gateway" /* realm */,
> "subscriber" /* table name */)) {
> proxy_challenge( "gateway" /* realm */, "0" /* no
> qop */ );
> break;
> };
>
> # authorize only for INVITEs -- RR/Contact may result in
> weird
> # things showing up in d-uri that would break our logic; our
> # major concern is INVITE which causes PSTN costs
>
> if (method=="INVITE") {
>
> # does the authenticated user have a permission
> for local
> # calls (destinations beginning with a single zero)?
> # (i.e., is he in the "local" group?)
> if (uri=~"sip0[1-9][0-9]+ at .*") {
> if (!is_user_in("credentials", "local")) {
> sl_send_reply("403", "No
> permission for local calls");
> break;
> };
> # the same for long-distance (destinations begin
> with two zeros")
> } else if (uri=~"sip00[1-9][0-9]+ at .*") {
> if (!is_user_in("credentials", "ld")) {
> sl_send_reply("403", " no
> permission for LD ");
> break;
> };
> # the same for international calls (three zeros)
> } else if (uri=~"sip000[1-9][0-9]+ at .*") {
> if (!is_user_in("credentials", "int")) {
> sl_send_reply("403",
> "International permissions needed");
> break;
> };
> # everything else (e.g., interplanetary calls) is
> denied
> } else {
> sl_send_reply("403", "Forbidden");
> break;
> };
>
> }; # INVITE to authorized PSTN
>
> }; # authorized PSTN
>
> # if you have passed through all the checks, let your call go to GW!
>
> rewritehostport("65.189.155.1015060");
>
> # forward the request now
> if (!t_relay()) {
> sl_reply_error();
> break;
> };
>
> }
>
>
>
> ################ ngrep output#######################
>
> #
> U 64.189.165.2065060 -> 64.189.165.2055060
> INVITE sip776044445556 at 64.189.165.205;user=phone SIP/2.0..Via
> SIP/2.0/UDP 64.189.165.2065060..From <sip6
> 044848235 at 64.189.165.205;user=phone>;tag=409936633..To
> <sip776044445556 at 64.189.165.205;user=phone>..Call-ID
> 2945885252 at 64.189.165.206..CSeq 1 INVITE..Contact
> <sip6044445555 at 64.189.165.2065060;user=phone;transpor
> t=udp>..User-Agent Cisco ATA 186 v2.16.2 ata18x (030909a)..Expires
> 300..Content-Length 257..Content-Typ
> e application/sdp....v=0..o=6044445555 62848 62848 IN IP4
> 64.189.165.206..s=ATA186 Call..c=IN IP4 64.189.165.206..t=0 0..m=audio
> 16384 RTP/AVP 18 8 0 101..a=rtpmap18 G729/8000/1..a=rtpmap8
> PCMA/8000/1..a=rtpmap0PCMU/8000/1..a=rtpmap101
> telephone-event/8000..a=fmtp101 0-15..
> #
> U 64.189.165.2055060 -> 64.189.165.2065060
> SIP/2.0 407 Proxy Authentication Required..Via SIP/2.0/UDP
> 64.189.165.2065060..From
> <sip6044445555 at 64.189.165.205;user=phone>;tag=409936633..To
> <sip776044445556 at 64.189.165.205;user=phone>;tag=b27e1a1d33761e85846fc98f5f3a7e58.0ed0..Call-ID
> 2945885252 at 64.189.165.206..CSeq 1 INVITE..Proxy-Authenticate Digest
> realm="gateway", nonce="3fcf790810cb0daaf030be719aa79e574b96b535"..Server
> Sip EXpress router (0.8.12 (i386/linux)).
> .Content-Length 0..Warning 392 64.189.165.2055060 "Noisy feedback
> tells pid=32407 req_src_ip=64.189.165.206 req_src_port=5060
> in_uri=sip776044445556 at 64.189.165.205;user=phone
> out_uri=sip776044445556 at 64.189.165.205;user=phone via_cnt==1"....
> #
> U 64.189.165.2065060 -> 64.189.165.2055060
> ACK sip776044445556 at 64.189.165.205;user=phone SIP/2.0..Via SIP/2.0/UDP
> 64.189.165.2065060..From <sip6044
> 445555 at 64.189.165.205;user=phone>;tag=409936633..To
> <sip776044445556 at 64.189.165.205;user=phone>;tag=b27e1a1
> d33761e85846fc98f5f3a7e58.0ed0..Call-ID 2945885252 at 64.189.165.206..CSeq
> 1 ACK..User-Agent Cisco ATA 186
> v2.16.2 ata18x (030909a)..Content-Length 0....
>
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list