[Serusers] Configure Incoming in SER
Andrey Kuprianov
andrey.kouprianov at gmail.com
Mon May 28 16:06:39 CEST 2007
Well, if you want EVERYONE to be able to call to SER-A, then why need
authentication? Just remove it for INVITE requests :)
On 5/28/07, Arun Kumar <arunvoip at gmail.com> wrote:
> Hi
>
> thanks for your reply. When user from SER -B calls they get Auth. required
> error (call rejected). Actually I don't want to peer two SER server. I want
> any one can call my users on SER -A so I don't know the IP of calling sip
> service so I can't make use of trusted table.
>
> please guide on this scenario.
>
> thanks
> arun
>
>
> On 5/28/07, Andrey Kuprianov <andrey.kouprianov at gmail.com > wrote:
> > You didnt specify, what happens to the call. Does it get rejected?
> Timeout?
> >
> > Usually, if I want to peer 2 SERs, I use permissions module, i.e.
> > allow_trusted() function must be used in order to allow incoming calls
> > from a certain IP. Take a look at Getting Started doc inside the NAT
> > handling section.
> >
> > Anyway, SER-B doesnt use database, which means it does not care about
> > authentication. This is why call from SER-A can go thorugh. On the
> > other hand, SER-A uses database and so it will also use proper
> > authentication methods. As long as SER-B's IP is not present in the
> > 'trusted' table of MySQL, SER-A will keep on rejecting your calls.
> >
> > On 5/28/07, Arun Kumar < arunvoip at gmail.com> wrote:
> > > Hi
> > >
> > > I've configure two ser box in my local network:
> > > 1. one box with mysql auth (SER A)
> > > 2. without any auth (just make install) (SER B)
> > >
> > > in both boxes 2-2 users are registered and they are able to call each
> other.
> > >
> > > my SER A users are able to call SER B user (sip:2001 at SER-B) but SER B
> user
> > > can't call SER A (sip:3001 at SER-A) user. here is my config file for SER A
> > > box:
> > >
> > > ------------------
> > > debug=5
> > > fork=no
> > > log_stderror=yes
> > > listen=176.249.2.69 # INSERT YOUR IP ADDRESS HERE
> > > port=5060
> > > children=4
> > >
> > > dns=no
> > > rev_dns=no
> > > fifo="/tmp/ser_fifo"
> > > fifo_db_url="mysql://ser:heslo@localhost /ser"
> > >
> > > loadmodule "/usr/local/lib/ser/modules/mysql.so"
> > > loadmodule "/usr/local/lib/ser/modules/sl.so"
> > > loadmodule "/usr/local/lib/ser/modules/tm.so"
> > > loadmodule "/usr/local/lib/ser/modules/rr.so"
> > > loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> > > loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> > > loadmodule "/usr/local/lib/ser/modules/registrar.so"
> > > loadmodule "/usr/local/lib/ser/modules/auth.so"
> > > loadmodule "/usr/local/lib/ser/modules/auth_db.so"
> > > loadmodule "/usr/local/lib/ser/modules/uri.so"
> > > loadmodule "/usr/local/lib/ser/modules/uri_db.so"
> > > loadmodule "/usr/local/lib/ser/modules/domain.so"
> > > loadmodule "/usr/local/lib/ser/modules/nathelper.so"
> > > loadmodule "/usr/local/lib/ser/modules/avpops.so"
> > > loadmodule "/usr/local/lib/ser/modules/textops.so"
> > > loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
> > > loadmodule "/usr/local/lib/ser/modules/permissions.so"
> > > loadmodule "/usr/local/lib/ser/modules/acc.so"
> > > loadmodule "/usr/local/lib/ser/modules/xlog.so"
> > >
> > > modparam("auth_db|uri_db|usrloc", "db_url", "
> > > mysql://ser:heslo@localhost/ser")
> > > modparam("auth_db", "calculate_ha1", 1)
> > > modparam("auth_db", "password_column", "password")
> > > modparam("usrloc", "db_mode", 2)
> > > modparam("rr", "enable_full_lr", 1)
> > > route {
> > >
> > > #
> > >
> -----------------------------------------------------------------
> > > # Sanity Check Section
> > > #
> > >
> -----------------------------------------------------------------
> > > if (!mf_process_maxfwd_header("10")) {
> > > sl_send_reply("483", "Too Many Hops");
> > > break;
> > > };
> > >
> > > if (msg:len > max_len) {
> > > sl_send_reply("513", "Message Overflow");
> > > break;
> > > };
> > >
> > > #
> > >
> -----------------------------------------------------------------
> > > # Record Route Section
> > > #
> > >
> -----------------------------------------------------------------
> > > if (method!="REGISTER") {
> > > record_route();
> > > };
> > >
> > > #
> > >
> -----------------------------------------------------------------
> > > # Loose Route Section
> > > #
> > >
> -----------------------------------------------------------------
> > > if (loose_route()) {
> > >
> > > if ((method=="INVITE" || method=="REFER") && !has_totag()) {
> > > sl_send_reply("403", "Forbidden Cant cross 1st bridge");
> > > break;
> > > };
> > >
> > > route(1);
> > > break;
> > > };
> > >
> > > #
> > >
> -----------------------------------------------------------------
> > > # Call Type Processing Section
> > > #
> > >
> -----------------------------------------------------------------
> > > if (uri!=myself) {
> > > route(1);
> > > break;
> > > };
> > >
> > > if (method=="ACK") {
> > > route(1);
> > > break;
> > > } if (method=="INVITE") {
> > > route(3);
> > > break;
> > > } else if (method=="REGISTER") {
> > > route(2);
> > > break;
> > > };
> > >
> > > lookup("aliases");
> > > if (uri!=myself) {
> > > route(1);
> > > break;
> > > };
> > >
> > > if (!lookup("location")) {
> > > sl_send_reply("404", "User Not Found");
> > > break;
> > > };
> > >
> > > route(1);
> > > }
> > >
> > > route[1] {
> > >
> > > #
> > >
> -----------------------------------------------------------------
> > > # Default Message Handler
> > > #
> > >
> -----------------------------------------------------------------
> > > if (!t_relay()) {
> > > sl_reply_error();
> > > };
> > > }
> > >
> > > route[2] {
> > >
> > > #
> > >
> -----------------------------------------------------------------
> > > # REGISTER Message Handler
> > > #
> > >
> ----------------------------------------------------------------
> > > sl_send_reply("100", "Trying");
> > >
> > > if (!www_authorize("","subscriber")) {
> > > www_challenge("","1");
> > > break;
> > > };
> > >
> > > if (!check_to()) {
> > > sl_send_reply("401", "Unauthorized");
> > > break;
> > > };
> > >
> > > consume_credentials();
> > >
> > > if (!save("location")) {
> > > sl_reply_error();
> > > };
> > > }
> > >
> > > route[3] {
> > > #
> > >
> -----------------------------------------------------------------
> > > # INVITE Message Handler
> > > #
> > >
> -----------------------------------------------------------------
> > >
> > > if (!proxy_authorize("","subscriber")) {
> > > proxy_challenge("","1");
> > > break;
> > > } else if (!check_from()) {
> > > sl_send_reply("403", "Use From=ID");
> > > break;
> > > };
> > >
> > > consume_credentials();
> > >
> > > lookup("aliases");
> > > if (uri!=myself) {
> > > route(1);
> > > break;
> > > };
> > >
> > > if (!lookup("location")) {
> > > sl_send_reply("404", "User Not Found");
> > > break;
> > > };
> > >
> > > route(1);
> > > }
> > >
> > >
> > > -------------
> > > please guide me how to do this.
> > >
> > > thanks
> > >
> > > arun
> > >
> > > _______________________________________________
> > > Serusers mailing list
> > > Serusers at lists.iptel.org
> > > http://lists.iptel.org/mailman/listinfo/serusers
> > >
> > >
> > _______________________________________________
> > Serusers mailing list
> > Serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> >
>
>
More information about the sr-users
mailing list