[Serusers] RE: Test
Steve Blair
blairs at isc.upenn.edu
Wed Jul 6 14:36:30 CEST 2005
If he is getting a proxy authenticate error as his message suggested
then your
ser.cfg has to be modified to allow calls from outside your domain without
those calls being authenticated first.
harry gaillac wrote:
>Thanks Ryan,
>
>Many people can't call me !?
>
>Harry
>
>look at my ser.cfg:
># $Id: ser.cfg,v 1.27 2005/03/10 14:16:25 Exp $
>#
>#
>
># ----------- global configuration parameters
>------------------------
>
>debug=3 # debug level (cmd line: -dddddddddd)
>fork=yes
>log_stderror=no # (cmd line: -E)
>#memlog=5 # memory debug log level
>#log_facility=LOG_LOCAL0 # sets the facility used for
>logging (see syslog(3))
>
>/* Uncomment these lines to enter debugging mode
>#fork=no
>#log_stderror=yes
>*/
>
>check_via=no # (cmd. line: -v)
>dns=no # (cmd. line: -r)
>rev_dns=no # (cmd. line: -R)
>port=5060
>children=4
>fifo="/tmp/ser_fifo"
>fifo_db_url="mysql://ser:heslo@serveur1.home.net/ser"
>user=root
>group=ser
>fifo_user=root # owner of the ser fifo
>fifo_group=ser
>fifo_mode=0660 # fifo's permissions
>#disable_core=yes #disables core dumping
>#open_fd_limit=1024 # sets the open file descriptors
>limit
>#mhomed=yes # usefull for multihomed hosts, small
>performance penalty
>#disable_tcp=yes
>#tcp_accept_aliases=yes # accepts the tcp alias via
>option (see NEWS)
>listen=80.119.9.7
>#
>
># ------------------ module loading
>----------------------------------
>
>loadmodule "/usr/lib/ser/modules/mysql.so"
>loadmodule "/usr/lib/ser/modules/sl.so"
>loadmodule "/usr/lib/ser/modules/tm.so"
>loadmodule "/usr/lib/ser/modules/rr.so"
>loadmodule "/usr/lib/ser/modules/maxfwd.so"
>loadmodule "/usr/lib/ser/modules/usrloc.so"
>loadmodule "/usr/lib/ser/modules/registrar.so"
>loadmodule "/usr/lib/ser/modules/uri.so"
>loadmodule "/usr/lib/ser/modules/uri_db.so"
>loadmodule "/usr/lib/ser/modules/nathelper.so"
>loadmodule "/usr/lib/ser/modules/mediaproxy.so"
>loadmodule "/usr/lib/ser/modules/auth.so"
>loadmodule "/usr/lib/ser/modules/auth_db.so"
>loadmodule "/usr/lib/ser/modules/textops.so"
>loadmodule "/usr/lib/ser/modules/permissions.so"
>loadmodule "/usr/lib/ser/modules/domain.so"
>loadmodule "/usr/lib/ser/modules/group.so"
>loadmodule "/usr/lib/ser/modules/avpops.so"
>
># ----------------- setting module-specific parameters
>---------------
>
># -- usrloc params--
>modparam("usrloc", "db_mode", 2)
>
># -- autdb_params--
>modparam("auth_db", "calculate_ha1", yes)
>modparam("auth_db", "password_column", "password")
>
># -- rr params --
># add value to ;lr param to make some broken UAs happy
>modparam("rr", "enable_full_lr", 1)
>
># -- nathelper params --
>modparam("nathelper", "ping_nated_only", 0)
>modparam("nathelper", "rtpproxy_disable", 1)
>
># mediaproxy params --
>modparam("mediaproxy", "natping_interval", 30)
>modparam("mediaproxy", "mediaproxy_socket",
>"var/run/mediaproxy.sock")
>
># -- registrar params --
>modparam("registrar", "nat_flag", 4)
>
># -- tm params --
>modparam("tm", "fr_inv_timer", 27)
>modparam("tm", "fr_inv_timer_avp", "inv_timeout")
>
># --domain params --
>modparam("domain", "db_url",
>"mysql://ser:heslo@serveur1.home.net/ser")
>modparam("domain", "domain_table", "domain")
>modparam("domain", "db_mode", 1) # Use caching
>
># -- permissions params --
>modparam("permissions", "db_url",
>"mysql://ser:heslo@serveur1.home.net/ser")
>modparam("permissions", "db_mode", 1)
>modparam("permissions", "trusted_table", "trusted")
>modparam("permissions", "default_deny_file",
>"/etc/ser/permissions.deny")
>modparam("permissions", "default_allow_file",
>"/etc/ser/permissions.allow")
>
># ------------------------- request routing logic
>-------------------
>
>
># main routing logic
>
>route{
>
> # initial sanity checks -- messages with
> # max_forwards==0, or excessively long requests
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> break;
> };
> if (msg:len >= max_len ) {
> sl_send_reply("513", "Message too big");
> break;
> };
>
> # we record-route all messages -- to make sure that
> # subsequent messages will go through our proxy;
>that's
> # particularly good if upstream and downstream
>entities
> # use different transport protocol
> if (!method=="REGISTER") {
> record_route();
> };
>
>
> if (method=="CANCEL" || method=="BYE") {
> end_media_session();
> };
>
> # subsequent messages withing a dialog should take
>the
> # path determined by record-routing
> if (loose_route()) {
> if (has_totag() && method=="INVITE" ||
>method=="ACK") {
> if (client_nat_test("3")) {
> setflag(4);
> force_rport();
> fix_contact();
> };
> use_media_proxy();
> };
> route(1);
> break;
> };
>
> # Requests to others domains
> if (!is_uri_host_local()) {
>
> # Checking Authorization
> if (!proxy_authorize("","subscriber")) {
> proxy_challenge("","0");
> sl_send_reply("407", "Proxy Authentication
>Required");
> break;
> };
>
> if (client_nat_test("3")) {
> setflag(4);
> };
>
> if (isflagset(4)) {
> force_rport();
> fix_contact();
> use_media_proxy();
> };
>
>
> # mark routing logic in request
> append_hf("P-hint: outbound\r\n");
> route(1);
> break;
> };
>
> # if the request is for other domain use UsrLoc
> # (in case, it does not work, use the following
>command
> # with proper names and addresses in it)
> if (is_from_local() || src_ip==192.168.0.0/24 &&
>src_port==5050) {
>
> if (method=="CANCEL") {
> route(3);
> break;
> } else if (method=="INVITE") {
> route(3);
> break;
> } else if (method=="REGISTER") {
> route(2);
> break;
> };
>
> };
>}
>
>route[1] {
> ###########################
> # Default Message Handler #
> ###########################
>
> t_on_reply("1");
>
> # send it out now; use stateful forwarding as it
>works reliably
> # even for UDP2TCP
> if (!t_relay()) {
> sl_reply_error();
> };
>}
>
>
>route[2] {
> ############################
> # Register Message Handler #
> ############################
>
> if (client_nat_test("3")) {
> setflag(4);
> force_rport();
> fix_contact();
> };
>
> if (!www_authorize("nxs.yi.org", "subscriber")) {
> www_challenge("nxs.yi.org", "0");
> sl_send_reply("401", "Unauthorized");
> break;
> };
>
> if (!check_to()) {
> sl_send_reply("401", "Unauthorized");
> break;
> };
>
> consume_credentials();
>
> if (!save("location")) {
> sl_reply_error();
> break;
> };
>}
>
>route[3] {
> #############################
> # CANCEL and INVITE handler #
> #############################
>
> # checking our sip agents
> if (client_nat_test("3")) {
> setflag(4);
> };
>
> if (isflagset(4)) {
> force_rport();
> fix_contact();
> use_media_proxy();
> };
>
> # Checking Authorization to use proxy sip
> if (method=="INVITE" && !allow_trusted()) {
>
> if (!proxy_authorize("","subscriber")) {
> proxy_challenge("","0");
> sl_send_reply("407", "Proxy Authentication
>Required");
> break;
> };
>
> };
>
> consume_credentials();
>
> # SIP destinations to PSTN
> if (uri=~"^sip:0[0-9]{4}@.*$" ||
>uri=~"^sip:0[0-9]{10}@.*$" ||
>uri=~"^sip:006[0-9]{8}@.*$") {
> route(4);
> route(1);
> break;
> };
>
> # SIP destinations to IPBX
> if (uri=~"^sip:8[0-3]@.*$") {
> route(5);
> route(1);
> break;
> }
>
> # native SIP destinations are handled using
>our USRLOC DB
> lookup("aliases");
> if (!lookup("location")) {
> sl_send_reply("404", "User Not Found");
> break;
> };
> route(1);
> break;
>
>}
>
>
>route[4] {
> ##########################
> # Outgoing PSTN Handler #
> ##########################
>
> # check ACLs
> if (uri=~"^sip:0[0-9]{4}@.*$") {
> if (!is_user_in("From", "local")) {
> sl_send_reply("403", "Forbidden");
> break;
> };
>
> } else if (uri=~"^sip:0[0-9]{10}@.*$") {
> if (!is_user_in("From", "local")) {
> sl_send_reply("403",
>"Forbidden");
> break;
> };
>
> } else if (uri=~"^sip:006[0-9]{8}@.*$") {
> if (!is_user_in("From", "cellphone"))
>{
> sl_send_reply("403",
>"Forbidden");
> break;
> };
> };
> rewritehostport("192.168.0.50:5050");
>}
>
>route[5] {
> ##########################
> # Asterisk Handler #
> ##########################
>
> if (uri=~"^sip:8[0-3]@.*$") {
> if (!is_user_in("From", "local")) {
> sl_send_reply("403",
>"Forbidden");
> break;
> };
> };
>
> rewritehostport("192.168.0.50:5050");
> # t_relay_to_udp("192.168.0.50","5060");
>}
>
>#route[6] {
> ##########################
> # Sems Handler #
> ##########################
>
> # t_relay_to_udp("192.168.0.50","5060");
>#}
>
>
>
>
>onreply_route[1] {
> ##########################
> # Statefull Handler #
> ##########################
>
> if (client_nat_test("1")) {
> setflag(4);
> };
>
> if (isflagset(4) && status=~"(180) || (183) ||
>2[0-9][0-9]") {
> if(search("^Content-Type: .*$")) {
> use_media_proxy();
> };
> };
>
>}
>
>
>--- Ryan Pagquil <rpagquil at philonline.com> a écrit :
>
>
>
>>i'm trying to connect to you at sip:bob at 80.119.9.7
>>but i get proxy
>>authenticate. can we test our setup and chat for a
>>while.
>>
>>
>>harry gaillac wrote:
>>
>>
>>
>>>>Hi Harry,
>>>> I'am a new user , and would like to
>>>>
>>>>
>>test
>>
>>
>>>>my call over the
>>>>internet, i have an internet connection at home,
>>>>where can i find a publicly available SIP server
>>>>
>>>>
>>to
>>
>>
>>>>route the call to you,
>>>>so that i can test th functionality ?
>>>>
>>>>
>>>>
>>>>
>>>Look at www.ingate.com
>>>
>>>
>>>
>>>
>>>
>>>>please can u suggest a way, or if you are on
>>>>
>>>>
>>Public
>>
>>
>>>>IP, i can use direct
>>>>call, but as you have a domain name,
>>>>i would like the call to be routed using a Public
>>>>running SIP Server ,
>>>>
>>>>
>>>>
>>>>
>>>try sip:bob at nxs.yi.org or sip:bob at 80.119.9.7
>>>
>>>i have somme problems to receive calls !!?
>>>
>>>Regards
>>>Harry
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>___________________________________________________________________________
>>
>>
>>
>>>Appel audio GRATUIT partout dans le monde avec le
>>>
>>>
>>nouveau Yahoo! Messenger
>>
>>
>>>Téléchargez cette version sur
>>>
>>>
>>http://fr.messenger.yahoo.com
>>
>>
>>>_______________________________________________
>>>Serusers mailing list
>>>serusers at lists.iptel.org
>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>
>>>
>>>
>>>
>>>
>>>
>>--
>>Ryan Pagquil
>>Infodyne Inc. - PhilOnline.com
>>3603 Antel Global Corporate Center
>>Doña Julia Vargas Ave.
>>Ortigas Center Pasig City
>>Tel: 687-0715
>>Web: www.philonline.com
>>
>>
>>
>>
>
>
>
>
>
>
>
>___________________________________________________________________________
>Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger
>Téléchargez cette version sur http://fr.messenger.yahoo.com
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
>
>
--
ISC Network Engineering
The University of Pennsylvania
3401 Walnut Street, Suite 221A
Philadelphia, PA 19104
voice: 215-573-8396
215-746-8001
fax: 215-898-9348
sip:blairs at upenn.edu
More information about the sr-users
mailing list