[Serusers] RE: Test
Iqbal
iqbal at gigo.co.uk
Wed Jul 6 14:39:18 CEST 2005
and also make sure if you do allow they are just meant for your internal
users, i.e relays to pstn arent allowed, that is unless u want people to
make "free" pstn calls, :-)
Iqbal
Steve Blair wrote:
>
> If he is getting a proxy authenticate error as his message suggested
> then your
> ser.cfg has to be modified to allow calls from outside your domain
> without
> those calls being authenticated first.
>
> harry gaillac wrote:
>
>> Thanks Ryan,
>>
>> Many people can't call me !?
>>
>> Harry
>>
>> look at my ser.cfg:
>> # $Id: ser.cfg,v 1.27 2005/03/10 14:16:25 Exp $
>> #
>> #
>>
>> # ----------- global configuration parameters
>> ------------------------
>>
>> debug=3 # debug level (cmd line: -dddddddddd)
>> fork=yes
>> log_stderror=no # (cmd line: -E)
>> #memlog=5 # memory debug log level
>> #log_facility=LOG_LOCAL0 # sets the facility used for
>> logging (see syslog(3))
>>
>> /* Uncomment these lines to enter debugging mode #fork=no
>> #log_stderror=yes
>> */
>>
>> check_via=no # (cmd. line: -v)
>> dns=no # (cmd. line: -r)
>> rev_dns=no # (cmd. line: -R)
>> port=5060
>> children=4
>> fifo="/tmp/ser_fifo"
>> fifo_db_url="mysql://ser:heslo@serveur1.home.net/ser"
>> user=root
>> group=ser
>> fifo_user=root # owner of the ser fifo
>> fifo_group=ser
>> fifo_mode=0660 # fifo's permissions
>> #disable_core=yes #disables core dumping
>> #open_fd_limit=1024 # sets the open file descriptors
>> limit
>> #mhomed=yes # usefull for multihomed hosts, small
>> performance penalty
>> #disable_tcp=yes #tcp_accept_aliases=yes # accepts the tcp alias via
>> option (see NEWS)
>> listen=80.119.9.7
>> #
>>
>> # ------------------ module loading
>> ----------------------------------
>>
>> loadmodule "/usr/lib/ser/modules/mysql.so"
>> loadmodule "/usr/lib/ser/modules/sl.so"
>> loadmodule "/usr/lib/ser/modules/tm.so"
>> loadmodule "/usr/lib/ser/modules/rr.so"
>> loadmodule "/usr/lib/ser/modules/maxfwd.so"
>> loadmodule "/usr/lib/ser/modules/usrloc.so"
>> loadmodule "/usr/lib/ser/modules/registrar.so"
>> loadmodule "/usr/lib/ser/modules/uri.so"
>> loadmodule "/usr/lib/ser/modules/uri_db.so"
>> loadmodule "/usr/lib/ser/modules/nathelper.so"
>> loadmodule "/usr/lib/ser/modules/mediaproxy.so"
>> loadmodule "/usr/lib/ser/modules/auth.so"
>> loadmodule "/usr/lib/ser/modules/auth_db.so"
>> loadmodule "/usr/lib/ser/modules/textops.so"
>> loadmodule "/usr/lib/ser/modules/permissions.so"
>> loadmodule "/usr/lib/ser/modules/domain.so"
>> loadmodule "/usr/lib/ser/modules/group.so"
>> loadmodule "/usr/lib/ser/modules/avpops.so"
>>
>> # ----------------- setting module-specific parameters
>> ---------------
>>
>> # -- usrloc params--
>> modparam("usrloc", "db_mode", 2)
>>
>> # -- autdb_params--
>> modparam("auth_db", "calculate_ha1", yes)
>> modparam("auth_db", "password_column", "password")
>>
>> # -- rr params --
>> # add value to ;lr param to make some broken UAs happy
>> modparam("rr", "enable_full_lr", 1)
>>
>> # -- nathelper params --
>> modparam("nathelper", "ping_nated_only", 0)
>> modparam("nathelper", "rtpproxy_disable", 1)
>>
>> # mediaproxy params --
>> modparam("mediaproxy", "natping_interval", 30)
>> modparam("mediaproxy", "mediaproxy_socket",
>> "var/run/mediaproxy.sock")
>>
>> # -- registrar params --
>> modparam("registrar", "nat_flag", 4)
>>
>> # -- tm params --
>> modparam("tm", "fr_inv_timer", 27)
>> modparam("tm", "fr_inv_timer_avp", "inv_timeout")
>>
>> # --domain params --
>> modparam("domain", "db_url",
>> "mysql://ser:heslo@serveur1.home.net/ser") modparam("domain",
>> "domain_table", "domain")
>> modparam("domain", "db_mode", 1) # Use caching
>>
>> # -- permissions params --
>> modparam("permissions", "db_url",
>> "mysql://ser:heslo@serveur1.home.net/ser")
>> modparam("permissions", "db_mode", 1)
>> modparam("permissions", "trusted_table", "trusted")
>> modparam("permissions", "default_deny_file",
>> "/etc/ser/permissions.deny")
>> modparam("permissions", "default_allow_file",
>> "/etc/ser/permissions.allow")
>>
>> # ------------------------- request routing logic
>> -------------------
>>
>>
>> # main routing logic
>>
>> route{
>>
>> # initial sanity checks -- messages with
>> # max_forwards==0, or excessively long requests
>> if (!mf_process_maxfwd_header("10")) {
>> sl_send_reply("483","Too Many Hops");
>> break;
>> };
>> if (msg:len >= max_len ) {
>> sl_send_reply("513", "Message too big");
>> break;
>> };
>>
>> # we record-route all messages -- to make sure that
>> # subsequent messages will go through our proxy;
>> that's
>> # particularly good if upstream and downstream
>> entities
>> # use different transport protocol
>> if (!method=="REGISTER") { record_route();
>> };
>>
>>
>> if (method=="CANCEL" || method=="BYE") {
>> end_media_session();
>> };
>>
>> # subsequent messages withing a dialog should take
>> the
>> # path determined by record-routing
>> if (loose_route()) {
>> if (has_totag() && method=="INVITE" ||
>> method=="ACK") {
>> if (client_nat_test("3")) {
>> setflag(4);
>> force_rport();
>> fix_contact();
>> };
>> use_media_proxy();
>> };
>> route(1);
>> break;
>> };
>>
>> # Requests to others domains
>> if (!is_uri_host_local()) {
>>
>> # Checking Authorization
>> if (!proxy_authorize("","subscriber")) {
>> proxy_challenge("","0");
>> sl_send_reply("407", "Proxy Authentication
>> Required");
>> break;
>> };
>>
>> if (client_nat_test("3")) {
>> setflag(4);
>> };
>>
>> if (isflagset(4)) {
>> force_rport();
>> fix_contact();
>> use_media_proxy();
>> };
>>
>>
>> # mark routing logic in request
>> append_hf("P-hint: outbound\r\n"); route(1);
>> break;
>> };
>>
>> # if the request is for other domain use UsrLoc
>> # (in case, it does not work, use the following
>> command
>> # with proper names and addresses in it)
>> if (is_from_local() || src_ip==192.168.0.0/24 &&
>> src_port==5050) {
>>
>> if (method=="CANCEL") {
>> route(3);
>> break;
>> } else if (method=="INVITE") {
>> route(3);
>> break;
>> } else if (method=="REGISTER") {
>> route(2);
>> break;
>> };
>>
>> };
>> }
>>
>> route[1] { ###########################
>> # Default Message Handler #
>> ###########################
>>
>> t_on_reply("1");
>>
>> # send it out now; use stateful forwarding as it
>> works reliably
>> # even for UDP2TCP
>> if (!t_relay()) {
>> sl_reply_error();
>> };
>> }
>>
>>
>> route[2] {
>> ############################
>> # Register Message Handler #
>> ############################
>>
>> if (client_nat_test("3")) {
>> setflag(4);
>> force_rport();
>> fix_contact();
>> };
>>
>> if (!www_authorize("nxs.yi.org", "subscriber")) {
>> www_challenge("nxs.yi.org", "0");
>> sl_send_reply("401", "Unauthorized");
>> break;
>> };
>>
>> if (!check_to()) {
>> sl_send_reply("401", "Unauthorized");
>> break;
>> };
>>
>> consume_credentials();
>>
>> if (!save("location")) {
>> sl_reply_error();
>> break;
>> };
>> }
>>
>> route[3] {
>> #############################
>> # CANCEL and INVITE handler #
>> #############################
>>
>> # checking our sip agents
>> if (client_nat_test("3")) {
>> setflag(4);
>> };
>>
>> if (isflagset(4)) {
>> force_rport();
>> fix_contact();
>> use_media_proxy();
>> };
>>
>> # Checking Authorization to use proxy sip if
>> (method=="INVITE" && !allow_trusted()) {
>>
>> if (!proxy_authorize("","subscriber")) {
>> proxy_challenge("","0");
>> sl_send_reply("407", "Proxy Authentication
>> Required");
>> break;
>> };
>>
>> };
>>
>> consume_credentials();
>>
>> # SIP destinations to PSTN
>> if (uri=~"^sip:0[0-9]{4}@.*$" ||
>> uri=~"^sip:0[0-9]{10}@.*$" ||
>> uri=~"^sip:006[0-9]{8}@.*$") {
>> route(4); route(1); break;
>> };
>>
>> # SIP destinations to IPBX
>> if (uri=~"^sip:8[0-3]@.*$") {
>> route(5);
>> route(1);
>> break;
>> }
>>
>> # native SIP destinations are handled using
>> our USRLOC DB
>> lookup("aliases");
>> if (!lookup("location")) {
>> sl_send_reply("404", "User Not Found");
>> break;
>> };
>> route(1);
>> break;
>>
>> }
>>
>>
>> route[4] {
>> ##########################
>> # Outgoing PSTN Handler #
>> ##########################
>>
>> # check ACLs
>> if (uri=~"^sip:0[0-9]{4}@.*$") {
>> if (!is_user_in("From", "local")) {
>> sl_send_reply("403", "Forbidden");
>> break;
>> };
>>
>> } else if (uri=~"^sip:0[0-9]{10}@.*$") {
>> if (!is_user_in("From", "local")) {
>> sl_send_reply("403",
>> "Forbidden");
>> break;
>> };
>>
>> } else if (uri=~"^sip:006[0-9]{8}@.*$") {
>> if (!is_user_in("From", "cellphone"))
>> {
>> sl_send_reply("403",
>> "Forbidden");
>> break;
>> };
>> };
>> rewritehostport("192.168.0.50:5050");
>> }
>>
>> route[5] {
>> ##########################
>> # Asterisk Handler #
>> ##########################
>>
>> if (uri=~"^sip:8[0-3]@.*$") {
>> if (!is_user_in("From", "local")) {
>> sl_send_reply("403",
>> "Forbidden");
>> break;
>> };
>> };
>>
>> rewritehostport("192.168.0.50:5050");
>> # t_relay_to_udp("192.168.0.50","5060");
>> }
>>
>> #route[6] {
>> ##########################
>> # Sems Handler #
>> ##########################
>>
>> # t_relay_to_udp("192.168.0.50","5060");
>> #}
>>
>>
>>
>>
>> onreply_route[1] {
>> ##########################
>> # Statefull Handler #
>> ##########################
>>
>> if (client_nat_test("1")) {
>> setflag(4);
>> };
>>
>> if (isflagset(4) && status=~"(180) || (183) ||
>> 2[0-9][0-9]") {
>> if(search("^Content-Type: .*$")) {
>> use_media_proxy();
>> };
>> };
>>
>> }
>>
>>
>> --- Ryan Pagquil <rpagquil at philonline.com> a écrit :
>>
>>
>>
>>> i'm trying to connect to you at sip:bob at 80.119.9.7
>>> but i get proxy authenticate. can we test our setup and chat for a
>>> while.
>>>
>>>
>>> harry gaillac wrote:
>>>
>>>
>>>
>>>>> Hi Harry,
>>>>> I'am a new user , and would like to
>>>>>
>>>>
>>> test
>>>
>>>
>>>>> my call over the
>>>>> internet, i have an internet connection at home,
>>>>> where can i find a publicly available SIP server
>>>>>
>>>>
>>> to
>>>
>>>
>>>>> route the call to you,
>>>>> so that i can test th functionality ?
>>>>>
>>>>>
>>>>
>>>> Look at www.ingate.com
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> please can u suggest a way, or if you are on
>>>>>
>>>>
>>> Public
>>>
>>>
>>>>> IP, i can use direct
>>>>> call, but as you have a domain name,
>>>>> i would like the call to be routed using a Public
>>>>> running SIP Server ,
>>>>>
>>>>>
>>>>
>>>> try sip:bob at nxs.yi.org or sip:bob at 80.119.9.7
>>>>
>>>> i have somme problems to receive calls !!?
>>>>
>>>> Regards
>>>> Harry
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>> ___________________________________________________________________________
>>>
>>>
>>>
>>>
>>>> Appel audio GRATUIT partout dans le monde avec le
>>>>
>>>
>>> nouveau Yahoo! Messenger
>>>
>>>> Téléchargez cette version sur
>>>>
>>>
>>> http://fr.messenger.yahoo.com
>>>
>>>
>>>> _______________________________________________
>>>> Serusers mailing list
>>>> serusers at lists.iptel.org
>>>> http://lists.iptel.org/mailman/listinfo/serusers
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>> --
>>> Ryan Pagquil
>>> Infodyne Inc. - PhilOnline.com
>>> 3603 Antel Global Corporate Center
>>> Doña Julia Vargas Ave.
>>> Ortigas Center Pasig City
>>> Tel: 687-0715
>>> Web: www.philonline.com
>>>
>>>
>>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ___________________________________________________________________________
>> Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo!
>> Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>>
>>
>
More information about the sr-users
mailing list