[Serusers] Re: [Users] rfc3264 and nathelper module

Tue Nov 29 15:21:49 CET 2005

On Tue, 29 Nov 2005 14:46:55 +0100 (CET), harry gaillac wrote
> 
> REGISTER:
> 
>         if (!is_from_local()) {
>                 sl_send_reply("401", "Unauthorized");
>                 break;
>         };
>                 rewritehostport("nxs.yi.org:5050");
>                 t_relay_to_udp("nxs.yi.org","5050");

So... you want your users to register both with Asterisk AND with SER? What
for? Why not use some form of SER authorisation to control access to the
Asterisk server? I'm not sure what you're trying to do here...

> 
> INVITE:
>         rewritehostport("nxs.yi.org:5050");

What's the context around this? You want ALL calls to go straight to Asterisk? 

It just seems... I don't know... weird. I assume you're doing this because SER
handles presence and Asterisk doesn't... but everything else you want to be
controlled by Asterisk, including user registration, etc, etc.

For your invite, btw, you would need to also have a t_relay_to_udp, or
alternatively, you can do it as:

rewritehostport("nxs.yi.org:5050");
forward(uri:host,uri:port);
break;

> 
> sip.conf:
> [general]
> context=local                   ; Default context for
> incoming calls
>                                 ; if asterisk was
> compiled with OSP support.
> realm=nxs.yi.org                ; Realm for digest
> authentication
>                                 ; defaults to
> "asterisk"
>                                 ; Realms MUST be
> globally unique according to RFC 3261
>                                 ; Set this to your
> host name or domain name
> bindport=5050                   ; UDP Port to bind to
> (SIP standard port is 5060)
> bindaddr=nxs.yi.org             ; IP address to bind
> to (0.0.0.0 binds to all)
> srvlookup=yes                   ; Enable DNS SRV
> lookups on outbound calls
> tos=lowdelay                    ;
> lowdelay,throughput,reliability,mincost,none
> maxexpirey=3600                 ; Max length of
> incoming registration we allow
> defaultexpirey=1000             ; Default length of
> incoming/outoing registration
> allow=all                       ; First disallow all
> codecs
> musicclass=default              ; Sets the default
> music on hold class for all SIP calls
> language=fr                     ; Default language
> setting for all users/peers
> rtptimeout=60                   ; Terminate call if 60
> seconds of no RTP activity
> tpholdtimeout=300               ; Terminate call if
> 300 seconds of no RTP activity
> useragent=Asterisk PBX          ; Allows you to change
> the user agent string
> dtmfmode = rfc2833              ; Set default dtmfmode
> for sending DTMF. Default: rfc2833
> promiscredir = no               ; If yes, allows 302
> or REDIR to non-local SIP address
> 
> [84]
> type=friend
> secret=84
> username=84
> context=local
> host=dynamic
> mailbox=84
> allow=all
> 
> [85]
> type=friend
> secret=85
> username=85
> context=local
> host=dynamic
> mailbox=85
> allow=all
> 

In your blocks there, you might want to add
insecure=very
to allow registered hosts to call without reauthenticating -- just to speed
things up a little (optional)

one IMPORTANT thing you want to add to each block just to make sure it's there is:

canreinvite=yes

This allows the RTP traffic to bypass asterisk and just go from UA to UA
without taking up bandwidth.  It will NOT, however, work well for NATted users
without playing around with rewriting the SDP (using something like a
nathelper fix_nated_sdp("3") call)

Rereading your original emails, I now think I understand that this is what you
were asking about before (correct me if I'm wrong)... was the fix_nated_sdp
not working correctly in some way?

N.