[Serusers] problem getting calls to my gateway
Jan Janak
jan at iptel.org
Mon Dec 8 19:34:19 CET 2003
The problem is that you do not process REGISTER messages, instead your
proxy server forwards them to the PSTN gateway which replies with
"Method not allowed".
You should do something like:
if (uri==myself) {
if (method=="REGISTER") {
save("location");
break;
};
};
See the default configuration file for more details.
Jan.
On 07-12 16:19, Rick Gocher wrote:
> Hi everyone, thank you for your responses. Here is the latest copy of my
> ngrep. I seem to have the ATA box trying to register with both ports (uid0
> Rick and uid1 6044844000) however when ser tries to forward to my
> gateway, I get the Method not allowed. I also noticed that no numbers I
> try to dial ever get passed to the gateway, is that because it's failing
> initial auth? I have registered the user Rick using serctl and placed the
> uid into the free-pstn and local groups...
>
> I'm including my ser.cfg as I may have changed things since last time....
>
> thanks again,
> Rick
>
> ##
> U 64.189.165.2065060 -> 64.189.165.2055060REGISTER sip:64.189.165.205
> SIP/2.0..Via SIP/2.0/UDP 64.189.165.2065060..From
> sip:Rick at 64.189.165.205;tag=3484959312..To sip:Rick at 64.189.165.205..Call-ID
> 3859574384 at 64.189.165.206..CSeq 3 REGISTER..Contact <sip:Rick@
> 64.189.165.2065060;transport=udp>;expires=3600..User-Agent Cisco ATA
> 186 v2.16.2 ata18x (030909a)..Content-Length
> 0....
> #
> U 64.189.165.2055060 -> 65.189.155.1015060 REGISTER sip:64.189.165.205
> SIP/2.0..Max-Forwards 10..Via SIP/2.0/UDP 64.189.165.205;branch=0..Via
> SIP/2.0/UDP 64.189.165.2065060..From
> sip:Rick at 64.189.165.205;tag=3484959312..To sip:Rick at 64.189.165.205..Call-ID
> 3859574384 at 64.189.165.206..CSeq
> 3REGISTER..Contact<sip:Rick at 64.189.165.2065060;
> transport=udp>;expires=3600..User-Agent Cisco ATA 186 v2.16.2 ata18x
> (030909a)..Content-Length
> 0....
>
> #
> U 65.189.155.1015060 -> 64.189.165.2055060SIP/2.0 405 Method Not
> Allowed..Via SIP/2.0/UDP 64.189.165.205;branch=0,SIP/2.0/UDP
> 64.189.165.2065060..From sip:Rick at 64.189.165.205;tag=3484959312..To
> sip:Rick at 64.189.165.205..Call-ID 3859574384 at 64.189.165.206..CSeq 3
> REGISTER..Allow INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER,
> SUBSCRIBE, NOTIFY, INFO..Content-Length
> 0....
> #
> U 64.189.165.2055060 -> 64.189.165.2065060 SIP/2.0 405 Method Not
> Allowed..Via SIP/2.0/UDP 64.189.165.2065060..From
> sip:Rick at 64.189.165.205;tag=3484959312..To sip:Rick@
> 64.189.165.205..Call-ID 3859574384 at 64.189.165.206..CSeq 3 REGISTER..Allow
> INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY,
> INFO..Content-Length0....
>
> #
> U 64.189.165.2065060 -> 64.189.165.2055060REGISTER sip:64.189.165.205
> SIP/2.0..Via SIP/2.0/UDP 64.189.165.2065060..From
> <sip:6044844000 at 64.189.165.205;user=phone>;tag=4073070426..To
> <sip:6044844000 at 64.189.165.205;user=phone>..Call-ID
> 3464081553 at 64.189.165.206..CSeq 3 REGISTER..Contact
> <sip:6044844000 at 64.189.165.2065060;user=phone;
> transport=udp>;expires=3600..User-Agent Cisco ATA 186 v2.16.2 ata18x
> (030909a)..Content-Length
> 0....
>
> #
> U 64.189.165.2055060 -> 65.189.155.1015060REGISTER sip64.189.165.205
> SIP/2.0..Max-Forwards 10..Via SIP/2.0/UDP 64.189.165.205;branch=0..Via
> SIP/2.0/UDP 64.189.165.206
> 5060..From<sip:6044844000 at 64.189.165.205;user=phone>; tag=4073070426..To
> <sip:6044844000 at 64.189.165.205;user=phone>..Call-ID
> 3464081553 at 64.189.165.206..CSeq 3 REGISTER..Contact
> <sip:6044844000 at 64.189.165.2065060;user=phone;transport=udp>;expires=3600..User-Agent
> Cisco ATA 186 v2.16.2 ata18x
> (030909a)..Content-Length
> 0....
> #
> U 65.189.155.1015060 -> 64.189.165.2055060 SIP/2.0 405 Method Not
> Allowed..Via SIP/2.0/UDP 64.189.165.205;branch=0,SIP/2.0/UDP
> 64.189.165.2065060..From
> <sip:6044844000 at 64.189.165.205;user=phone>;tag=4073070426..To<sip:6044844000 at 64.189.165.205;user=
> phone>..Call-ID 3464081553 at 64.189.165.206..CSeq 3 REGISTER..Allow INVITE,
> OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY,
> INFO..Content-Length 0....
> #
> U 64.189.165.2055060 -> 64.189.165.2065060 SIP/2.0 405 Method Not
> Allowed..Via SIP/2.0/UDP 64.189.165.2065060..From
> <sip:6044844000 at 64.189.165.205;user=phone>;tag=4073070426..To
> <sip:6044844000 at 64.189.165.205;user=phone>..Call-ID
> 3464081553 at 64.189.165.206..CSeq 3 REGISTER..Allow INVITE, OPTIONS, BYE,
> CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO..Content-Length
> 0....
>
> # ----------- global configuration parameters ------------------------
>
> debug=7 # debug level (cmd line: -dddddddddd)
> fork=yes
> log_stderror=yes # (cmd line: -E)
>
> #/* Uncomment these lines to enter debugging mode
> #fork=no
> #log_stderror=yes
> #*/
>
> check_via=no # (cmd. line: -v)
> dns=no # (cmd. line: -r)
> rev_dns=no # (cmd. line: -R)
> port=5060
> children=4
> fifo="/tmp/ser_fifo"
>
> #
> # $Id: pstn.cfg,v 1.2 2003/06/03 03:18:12 jiri Exp $
> #
> #
>
> # ------------------ module loading ----------------------------------
> loadmodule "/usr/lib/ser/modules/tm.so"
> loadmodule "/usr/lib/ser/modules/sl.so"
> loadmodule "/usr/lib/ser/modules/acc.so"
> loadmodule "/usr/lib/ser/modules/rr.so"
> loadmodule "/usr/lib/ser/modules/usrloc.so"
> loadmodule "/usr/lib/ser/modules/uri.so"
> loadmodule "/usr/lib/ser/modules/registrar.so"
> loadmodule "/usr/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/lib/ser/modules/mysql.so"
> loadmodule "/usr/lib/ser/modules/auth.so"
> loadmodule "/usr/lib/ser/modules/auth_db.so"
> loadmodule "/usr/lib/ser/modules/textops.so"
> loadmodule "/usr/lib/ser/modules/group.so"
> modparam("auth_db", "db_url","sql://ser:secret@localhost/ser")
> modparam("usrloc", "db_url", "sql://ser:secret@localhost/ser")
>
> # ----------------- setting module-specific parameters ---------------
>
> modparam("auth_db", "calculate_ha1", yes)
> modparam("auth_db", "password_column", "password")
> modparam("usrloc", "db_mode", 2)
> # -- acc params --
> # modparam("acc", "log_level", 1)
> # that is the flag for which we will account -- don't forget to
> # set the same one :-)
> # modparam("acc", "log_flag", 1 )
>
> # ------------------------- request routing logic -------------------
>
> # main routing logic
>
> route{
>
> /* ********* ROUTINE CHECKS ********************************** */
>
> # filter too old messages
> if (!mf_process_maxfwd_header("10")) {
> log("LOG: Too many hops\n");
> sl_send_reply("483","Too Many Hops");
> break;
> };
> if (msg:len >= max_len ) {
> sl_send_reply("513", "Message too big");
> break;
> };
> /* ********* RR ********************************** */
>
> /* grant Route routing if route headers present */
> if (loose_route()) { t_relay(); break; };
>
> /* record-route INVITEs -- all subsequent requests must visit us */
> if (method=="INVITE") {
> record_route();
> };
>
> # now check if it really is a PSTN destination which should be handled
> # by our gateway; if not, and the request is an invitation, drop it
> --
> # we cannot terminate it in PSTN; relay non-INVITE requests -- it may
> # be for example BYEs sent by gateway to call originator
> if (!uri=~"sip:\+?[0-9]+ at .*") {
> if (method=="INVITE") {
> sl_send_reply("403", "Call cannot be served here");
> } else {
> # forward(uri:host, uri:port);
> forward(65.189.155.101, 5060);
> };
> break;
> };
>
> # account completed transactions via syslog
> setflag(1);
>
> # free call destinations ... no authentication needed
> if ( is_user_in("Request-URI", "free-pstn") /* free destinations */
> # | uri=~"sip:[79][0-9][0-9][0-9]@.*" /* local PBX */
> | uri=~"sip:[9][0-9][0-9][0-9]@.*" /* local PBX */
> | uri=~"sip:98[0-9][0-9][0-9][0-9]") {
> log("free call");
>
> } else if (src_ip==65.189.155.101) {
> # our gateway doesn't support digest authentication;
> # verify that a request is coming from it by source
> # address
> log("gateway-originated request");
> } else {
> # in all other cases, we need to check the request against
> # access control lists; first of all, verify request
> # originator's identity
>
> if (!proxy_authorize( "gateway" /* realm */,
> "subscriber" /* table name */)) {
> proxy_challenge( "gateway" /* realm */, "0" /* no
> qop */ );
> break;
> };
>
> # authorize only for INVITEs -- RR/Contact may result in
> weird
> # things showing up in d-uri that would break our logic; our
> # major concern is INVITE which causes PSTN costs
>
> if (method=="INVITE") {
>
> # does the authenticated user have a permission for
> local
> # calls (destinations beginning with a single zero)?
> # (i.e., is he in the "local" group?)
> if (uri=~"sip:0[1-9][0-9]+ at .*") {
> if (!is_user_in("credentials", "local")) {
> sl_send_reply("403", "No permission
> for local calls");
> break;
> };
> # the same for long-distance (destinations begin
> with two zeros")
> } else if (uri=~"sip:00[1-9][0-9]+ at .*") {
> if (!is_user_in("credentials", "ld")) {
> sl_send_reply("403", " no
> permission for LD ");
> break;
> };
> # the same for international calls (three zeros)
> } else if (uri=~"sip:000[1-9][0-9]+ at .*") {
> if (!is_user_in("credentials", "int")) {
> sl_send_reply("403", "International
> permissions needed");
> break;
> };
> # everything else (e.g., interplanetary calls) is denied
> } else {
> sl_send_reply("403", "Forbidden");
> break;
> };
>
> }; # INVITE to authorized PSTN
>
> }; # authorized PSTN
>
> # if you have passed through all the checks, let your call go to GW!
>
> rewritehostport("65.189.155.101:5060");
>
> # forward the request now
> if (!t_relay()) {
> sl_reply_error();
> break;
> };
> if (uri=~"^sip:[0-9]*@.*") {
> log("Forwarding to PSTN\n");
> t_relay_to_udp ("65.189.155.101","5060");
> t_relay_to_tcp ("65.189.155.101","5060");
> break;
> };
> }
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list