[Serusers] SER/rtpproxy as a SIP proxy on OpenBSD 3.5

Dave Roper cyberdjheffer at hotmail.com
Sat Sep 25 23:09:52 CEST 2004


     I am trying to get SER and rtpproxy to run together on my OpenBSD 3.5 
firewall.  My intention is to have SER act as a SIP proxy for incoming SIP 
calls that reach me by IP address or domain name.  I also have an Asterisk 
PBX behind my firewall.  My problem is that SER can't find a running RTP 
proxy and I am not sure why.  I run rtpproxy without any switches.  SER is 
run as a non-root user and in an chroot directory. My ser.cfg is below:

#
# $Id: ser.cfg,v 1.12 2002/10/21 02:40:06 jiri Exp $
#
# simple quick-start config script
#

# ----------- global configuration parameters ------------------------

debug=3          # debug level (cmd line: -dddddddddd)
fork=no
log_stderror=yes	# (cmd line: -E)
check_via=no	# (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
port=5060
children=2
fifo="/tmp/ser_fifo"
alias="my.domainname.com"
listen=204.118.177.213
#listen=192.168.3.1

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database
#loadmodule "/usr/local/lib/ser/modules/mysql.so"

loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"

# Uncomment this if you want digest authentication
# mysql.so must be loaded !
#loadmodule "/usr/local/lib/ser/modules/auth.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

modparam("usrloc", "db_mode",   0)

# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)

# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth", "secret", "alsdkhglaksdhfkloiwr")
#modparam("auth", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
#modparam("auth", "password_column", "password")

#modparam("rr", "enable_full_lr", 1)

modparam("registrar", "nat_flag", 6)

#nathelper

modparam("nathelper", "natping_interval", 30) # Ping interval 30 s
modparam("nathelper", "ping_nated_only", 1)   # Ping only clients behind NAT

# -------------------------  request routing logic -------------------

# main routing logic

route{

	# compulsory processing of Route header fields and adding RR
	loose_route();

	# ATA's are symmetric but don't advertise it -- force use of rport
	if (search("User-Agent: Cisco ATA.*")) {
		setflag(1); # remember this is ATA
		force_rport();
		fix_nated_contact();
	};

	/* registration (uses rewritten contacts) */
	if (method=="REGISTER") {
		save("my.domainname.com");
		break;
	};

	if (method=="INVITE") {
		record_route();
		if (isflagset(1)) { # ATA ?
			force_rtp_proxy();
		};
		/* set up reply processing */
		t_on_reply("1");
	};

	if (method == "INVITE" || method == "CANCEL") {
		if (!lookup("my.domainname.com")) {
			sl_send_reply("404", "Not Found");
			break;
		};
	};

	/* set up reply processing and forward statefuly */
	t_relay();
}

# all incoming replies for t_onrepli-ed transactions enter here
onreply_route[1] {
	if (status=~"2[0-9][0-9]" && search("Server: Cisco ATA.*"))
		fix_nated_contact();
		force_rtp_proxy();
}





More information about the sr-users mailing list