[Serusers] Ser 0.9.0 + Mediaproxy 1.3.1 - Problems with NATed Clients Authentication
Felipe Martins
fmartins at mundivox.com
Tue May 24 17:12:36 CEST 2005
Hi everybody,
I've configured SER to work with mediaproxy, I also configured mediaproxy.ini. My clients are authenticating normally, but only the clients that has a Public IP (ex. 200.201.145.146), all the cliets that are behind NAT can't REGISTER. What may be wrong ?
Do anyone uses SER 0.9.0 with mysql authentication and Mediaproxy that could give me a hand ?
My ser.cfg and mediaproxy.ini are as follows
================== ser.cfg ======================
debug=3
fork=yes
log_stderror=no
listen=192.0.2.13 # put your server IP address here
port=5060
children=4
dns=no
rev_dns=no
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://ser:heslo@localhost/ser"
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/uri.so"
loadmodule "/usr/local/lib/ser/modules/uri_db.so"
loadmodule "/usr/local/lib/ser/modules/domain.so"
loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
modparam("auth_db|uri_db|usrloc", "db_url", "mysql://ser:heslo@localhost/ser")
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("nathelper", "rtpproxy_disable", 1)
modparam("nathelper", "natping_interval", 0)
modparam("mediaproxy","natping_interval", 30)
modparam("mediaproxy","mediaproxy_socket", "/var/run/mediaproxy.sock")
modparam("mediaproxy","sip_asymmetrics","/usr/local/etc/ser/sip-clients")
modparam("mediaproxy","rtp_asymmetrics","/usr/local/etc/ser/rtp-clients")
modparam("usrloc", "db_mode", 2)
modparam("registrar", "nat_flag", 6)
modparam("rr", "enable_full_lr", 1)
route {
# -----------------------------------------------------------------
# Sanity Check Section
# -----------------------------------------------------------------
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483", "Too Many Hops");
break;
};
if (msg:len > max_len) {
sl_send_reply("513", "Message Overflow");
break;
};
# -----------------------------------------------------------------
# Record Route Section
# -----------------------------------------------------------------
if (method=="INVITE" && client_nat_test("3")) {
# INSERT YOUR IP ADDRESS HERE
record_route_preset("192.0.2.13:5060;nat=yes");
} else if (method!="REGISTER") {
record_route();
};
# -----------------------------------------------------------------
# Call Tear Down Section
# -----------------------------------------------------------------
if (method=="BYE" || method=="CANCEL") {
end_media_session();
};
# -----------------------------------------------------------------
# Loose Route Section
# -----------------------------------------------------------------
if (loose_route()) {
if (has_totag() && (method=="INVITE" || method=="ACK")) {
if (client_nat_test("3") || search("^Route:.*;nat=yes")) {
setflag(6);
use_media_proxy();
};
};
route(1);
break;
};
# -----------------------------------------------------------------
# Call Type Processing Section
# -----------------------------------------------------------------
if (uri!=myself) {
route(1);
break;
};
if (uri==myself) {
if (method=="CANCEL") {
route(3);
break;
} else if (method=="INVITE") {
route(3);
break;
} else if (method=="REGISTER") {
route(2);
break;
};
lookup("aliases");
if (uri!=myself) {
route(1);
break;
};
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
break;
};
};
route(1);
}
route[1] {
# -----------------------------------------------------------------
# Default Message Handler
# -----------------------------------------------------------------
t_on_reply("1");
if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
end_media_session();
};
sl_reply_error();
};
}
route[2] {
# -----------------------------------------------------------------
# REGISTER Message Handler
# ----------------------------------------------------------------
sl_send_reply("100", "Trying");
if (!search("^Contact:\ +\*") && client_nat_test("7")) {
setflag(6);
fix_nated_register();
force_rport();
};
if (!www_authorize("","subscriber")) {
www_challenge("","0");
break;
};
if (!check_to()) {
sl_send_reply("401", "Unauthorized");
break;
};
consume_credentials();
if (!save("location")) {
sl_reply_error();
};
}
route[3] {
# -----------------------------------------------------------------
# CANCEL and INVITE Message Handler
# -----------------------------------------------------------------
if (client_nat_test("3")) {
setflag(7);
force_rport();
fix_nated_contact();
};
lookup("aliases");
if (uri!=myself) {
route(1);
break;
};
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
break;
};
if (method=="CANCEL") {
route(1);
break;
};
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","0");
break;
} else if (!check_from()) {
sl_send_reply("403", "Use From=ID");
break;
};
consume_credentials();
if (isflagset(6) || isflagset(7)) {
use_media_proxy();
};
route(1);
}
onreply_route[1] {
if ((isflagset(6) || isflagset(7)) && (status=~"(180)|(183)|2[0-9][0-9]")) {
if (!search("^Content-Length:\ +0")) {
use_media_proxy();
};
};
if (client_nat_test("1")) {
fix_nated_contact();
};
}
================== End of ser.cfg ======================
=================== mediaproxy.ini ======================
;
; Configuration file for MediaProxy
;
[Dispatcher]
;
; Section for configuring the proxy dispatcher
;
; The following options are available here:
;
; start Boolean value that specifies if to start the dispatcher.
; Default value: Yes
;
; socket Path to the UNIX socket where the dispatcher receives
; commands from SER. This should match the value for
; mediaproxy_socket in ser.cfg
; Default value: /var/run/proxydispatcher.sock
;
; group Put the socket in this group and make it group writable.
; Default value: ser
;
; defaultProxy Default mediaproxy to use in case the From/To domains
; involved in the call don't define any.
; Valid values for this are:
;
; - None
; don't use any default proxies. domains without
; mediaproxy SRV records won't work
; - /path/to/unix/socket
; use a single MediaProxy server identified by the given
; UNIX socket path
; - IP_or_hostname[:port]
; use a single MediaProxy server identified by its network
; address. The network address consists of an IP address
; or a hostname and an optional port number separated by
; a double colon. If port is missing 25060 will be assumed.
; Examples:
; 10.0.0.1 (connect to 10.0.0.1 on port 25060)
; 10.0.0.1:90 (connect to 10.0.0.1 on port 90)
; mp1.mydomain.com
; mp1.mydomain.com:7000
; - domain://domain_name
; Use all MediaProxies defined by domain_name, honoring
; their priority and weight to create a cluster of proxies
; with fallback and load balancing capabilities.
;
; Default value: /var/run/mediaproxy.sock
;
start = yes
socket = /var/run/proxydispatcher.sock
group = ser
defaultProxy = /var/run/mediaproxy.sock
[MediaProxy]
;
; Section for configuring the MediaProxy server
;
; The following options are available here:
;
; start Boolean value that specifies if to start the RTP proxy server.
; Default value: Yes
;
; socket Path to the UNIX socket where MediaProxy receives
; commands from the dispatcher or SER.
; Default value: /var/run/mediaproxy.sock
;
; group Put the socket in this group and make it group writable.
; Default value: ser
;
; listen Network address where MediaProxy receives commands from
; a remote dispatcher.
; Valid values for this are:
;
; - None
; don't listen for network connections at all
; - address[:port]
; listen on the specified address and port
; address can be an IP a hostname or the keyword Any
; (in which case it will listen on 0.0.0.0). If address is
; a hostname, that should map in DNS to an IP address
; present on the machine through an A record.
; If port is missing assume 25060.
;
; Default value: None
;
; allow List of addresses that are allowed to connect to this
; MediaProxy server and send commands.
; They are specified as a comma separated list of entries, with
; each entry being specified in the CIDR network/mask notation
; (ex. 10.0.0.0/8)
;
; In addition simple IP addresses or hostnames are allowed, in
; which case the mask is considered to be 32.
;
; In addition to network ranges/addresses 2 keywords can be used
; for this option:
; None to specify that none is allowed to connect (not very
; useful but this is the default for security reasons)
; Any to specify that anyone is allowed to connect
; (dangerous!)
;
; Example: allow = 10.0.0.0/24, home-pc.mydomain.com, 1.2.3.4
;
; Default value: None
;
; proxyIP IP address to use to talk to the phones. If not specified, the
; first found will be used. However first found usually means
; first defined in /etc/hosts which may not be what you want.
; If you find that the address that's automatically selected is
; not the one you want, you can specify the right one using this
; option. The address must be one that's present on one of the
; host's interfaces.
;
; portRange The range of ports to use for proxying the rtp streams.
; This option is specified as minport:maxport with minport and
; maxport being even numbers in the range 1024-65536
; Default value: 35000:65000
;
; TOS Unless you know what TOS means, leave this option alone.
; The TOS value can be specified either as a decimal number or
; as a hex number in the 0xnn format.
; Default value: 0xb8
;
; idleTimeout Expire idle sessions after this much time.
; Default 60 seconds
;
; holdTimeout Expire calls on hold after this much time.
; Default value is 3600 seconds
;
; forceClose Forcibly close a RTP session after this many seconds even if
; it's still active. If forceClose is 0, then a session is never
; closed no matter how long it lasts.
; Default value: 0
;
start = yes
socket = /var/run/mediaproxy.sock
group = ser
listen = 200.142.103.114
allow = any
;proxyIP = 10.0.0.1
portRange = 35000:36000
;TOS = 0xb8
idleTimeout = 60
holdTimeout = 3600
forceClose = 0
accounting = off
[Accounting]
user = ser
password = heslo
host = any
database = ser
table = ser
#[Accounting]
#user = dbuser
#password = dbpass
#host = dbhost
#database = radius
#table = radacct
=================== End of mediaproxy.ini ======================
--
Felipe Martins
Mundivox Communications
Tecnologia e Projetos
fmartins at mundivox.com
Tel.: +55 +21 +3820 8839
Cel.: +55 +21 +9823 8602
Fax.: +55 +21 +3820 8844
www.mundivox.com
More information about the sr-users
mailing list