[Kamailio-Users] Need help terminating inbound and outbound calls from PSTN!!!!

carl Lougher c_lougher at yahoo.co.uk
Sat Mar 7 04:35:17 CET 2009


Hi,
I finally managed to get outbound calls working to the PSTN but am struggling with the inbound ones.

Current setup:
Kamailio 1.5
Sip trunk to Trixbox using username and password stored in Kamailio db
PSTN - Gateway only using ip address and no auth.

Questions:
1. Am i using the correct method for terminating outbound calls from the Trunk? Currently using rewritehostport off invite.
2. I've tried using allow trusted for the inbound calls from the PSTN GW but they do not connect to the sip trunk. Although i do see the call coming in using ngrep.
3. How do i pass multiple inbound calls to the trunk when it only has one number associated to it in the db?
4. Is there a better method for terminating calls in and out from asterisk/trixbox on sip trunks?

cfg file:


Last login: Sat Mar  7 14:25:33 2009 from 121-73-118-198.cable.telstraclear.net
[root at zedd ~]# cat /usr/local/etc/kamailio/kam
kamailio.cfg           kamailio.cfg.working   kamailio.cfg.working2  kamctlrc
[root at zedd ~]# cat /usr/local/etc/kamailio/kamailio.cfg
#
# $Id: kamailio.cfg 5652 2009-03-02 11:13:38Z henningw $
#
# Kamailio (OpenSER) SIP Server - basic configuration script
#     - web: http://www.kamailio.org
#     - svn: http://openser.svn.sourceforge.net/viewvc/openser/
#
# Direct your questions about this file to: <users at lists.kamailio.org>
#
# Refer to the Core CookBook at http://www.kamailio.org/dokuwiki/doku.php
# for an explanation of possible statements, functions and parameters.
#
# There are comments showing how to enable different features in th econfig
# file. Such commented code starts with #X# where X is a letter to identify
# a feature. Delete entire #X# if you want to enable that feature. Next are
# sed commands that help you enable such features.
#
# *** To enamble mysql execute:
#     sed -i 's/#m#//g' kamailio.cfg
#
# *** To enamble authentication execute:
#     - enable mysql
#     sed -i 's/#a#//g' kamailio.cfg
#     - add users using 'kamctl'
#
# *** To enamble persistent user location execute:
#     - enable mysql
#     sed -i 's/#u#//g' kamailio.cfg
#
# *** To enamble presence server execute:
#     - enable mysql
#     sed -i 's/#p#//g' kamailio.cfg
#
# *** To enamble nat traversal execute:
#     sed -i 's/#n#//g' kamailio.cfg
#     - install RTPProxy: http://www.rtpproxy.org
#     - start RTPProxy:
#        rtpproxy -l _your_public_ip_ -s udp:localhost:7722
#
# *** To enhance accounting execute:
#     - enable mysql
#     sed -i 's/#c#//g' kamailio.cfg
#     - add following columns to database
# ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
# ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
# ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
# ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
# ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
# ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
# ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
# ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
# ALTER TABLE missed_call ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
# ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
#


####### Global Parameters #########

debug=3
log_stderror=no
log_facility=LOG_LOCAL0

fork=no
children=4

/* uncomment the following lines to enable debugging */
#debug=6
#fork=no
#log_stderror=yes

/* uncomment the next line to disable TCP (default on) */
#disable_tcp=yes

/* uncomment the next line to enable the auto temporary blacklisting of
   not available destinations (default disabled) */
#disable_dns_blacklist=no

/* uncomment the next line to enable IPv6 lookup after IPv4 dns
   lookup failures (default disabled) */
#dns_try_ipv6=yes

/* uncomment the next line to disable the auto discovery of local aliases
   based on revers DNS on IPs (default on) */
#auto_aliases=no

/* uncomment the following lines to enable TLS support  (default off) */
#disable_tls = no
#listen = tls:your_IP:5061
#tls_verify_server = 1
#tls_verify_client = 1
#tls_require_client_certificate = 0
#tls_method = TLSv1
#tls_certificate = "/usr/local/etc/kamailio/tls/user/user-cert.pem"
#tls_private_key = "/usr/local/etc/kamailio/tls/user/user-privkey.pem"
#tls_ca_list     = "/usr/local/etc/kamailio/tls/user/user-calist.pem"


#port=5060

/* uncomment and configure the following line if you want Kamailio to
   bind on a specific interface/port/proto (default bind on all available) */
listen=udp::5060


####### Modules Section ########

#set module path
mpath="/usr/local/lib/kamailio/modules/"

/* uncomment next line for MySQL DB support */
loadmodule "db_mysql.so"
loadmodule "mi_fifo.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "pv.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "uri_db.so"
loadmodule "siputils.so"
loadmodule "xlog.so"
loadmodule "acc.so"
loadmodule "permissions.so"
loadmodule "group.so"
/* uncomment next lines for MySQL based authentication support
   NOTE: a DB (like db_mysql) module must be also loaded */
loadmodule "auth.so"
loadmodule "auth_db.so"
/* uncomment next line for aliases support
   NOTE: a DB (like db_mysql) module must be also loaded */
#loadmodule "alias_db.so"
/* uncomment next line for multi-domain support
   NOTE: a DB (like db_mysql) module must be also loaded
   NOTE: be sure and enable multi-domain support in all used modules
         (see "multi-module params" section ) */
#loadmodule "domain.so"
/* uncomment the next two lines for presence server support
   NOTE: a DB (like db_mysql) module must be also loaded */
#p#loadmodule "presence.so"
#p#loadmodule "presence_xml.so"

#n#loadmodule "nathelper.so"

# ----------------- setting module-specific parameters ---------------


# ----- mi_fifo params -----
modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")


# ----- rr params -----
# add value to ;lr param to cope with most of the UAs
modparam("rr", "enable_full_lr", 1)
# do not append from tag to the RR (no need for this script)
modparam("rr", "append_fromtag", 0)


# ----- rr params -----
modparam("registrar", "method_filtering", 1)
/* uncomment the next line to disable parallel forking via location */
# modparam("registrar", "append_branches", 0)
/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)


# ----- uri_db params -----
/* by default we disable the DB support in the module as we do not need it
   in this configuration */
#modparam("uri_db", "use_uri_table", 0)
#modparam("uri_db", "db_url", "")


# ----- acc params -----
/* what sepcial events should be accounted ? */
modparam("acc", "early_media", 1)
modparam("acc", "report_ack", 1)
modparam("acc", "report_cancels", 1)
/* by default ww do not adjust the direct of the sequential requests.
   if you enable this parameter, be sure the enable "append_fromtag"
   in "rr" module */
modparam("acc", "detect_direction", 0)
/* account triggers (flags) */
modparam("acc", "failed_transaction_flag", 3)
modparam("acc", "log_flag", 1)
modparam("acc", "log_missed_flag", 2)
modparam("acc", "log_extra",
        "src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
/* uncomment the following lines to enable DB accounting also */
#c#modparam("acc", "db_flag", 1)
#c#modparam("acc", "db_missed_flag", 2)
#c#modparam("domain", "db_url",
#c#     "mysql://openser:openserrw@localhost/openser")
#c#modparam("acc", "db_extra",
#c#     "src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")


# ----- usrloc params -----
/* uncomment the following lines if you want to enable DB persistency
   for location entries */
modparam("usrloc", "db_mode",   2)
#modparam("usrloc", "db_url",
#"mysql://openser:openserrw@localhost/openser")

# ----- auth_db params -----
/* uncomment the following lines if you want to enable the DB based
   authentication */
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
#a#modparam("auth_db", "db_url",
#a#     "mysql://openser:openserrw@localhost/openser")
#a#modparam("auth_db", "load_credentials", "")


# ----- alias_db params -----
/* uncomment the following lines if you want to enable the DB based
   aliases */
#modparam("alias_db", "db_url",
#       "mysql://openser:openserrw@localhost/openser")


# ----- domain params -----
/* uncomment the following lines to enable multi-domain detection
   support */
#modparam("domain", "db_url",
#       "mysql://openser:openserrw@localhost/openser")
#modparam("domain", "db_mode", 1)   # Use caching


# ----- multi-module params -----
/* uncomment the following line if you want to enable multi-domain support
   in the modules (dafault off) */
#modparam("alias_db|auth_db|usrloc|uri_db", "use_domain", 1)

# ------permissions-------
modparam("auth_db|permissions|uri_db|usrloc","db_url",
"mysql://openser:openserrw@localhost/openser")
modparam("permissions", "db_mode",1)

# ----- presence params -----
/* uncomment the following lines if you want to enable presence */
#p#modparam("presence|presence_xml", "db_url",
#p#     "mysql://openser:openserrw@localhost/openser")
#p#modparam("presence_xml", "force_active", 1)
#p#modparam("presence", "server_address", "sip:192.168.1.2:5060")

# -- nathelper
#n#modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7722")
#n#modparam("nathelper", "natping_interval", 30)
#n#modparam("nathelper", "ping_nated_only", 1)
#n#modparam("nathelper", "sipping_bflag", 7)
#n#modparam("nathelper", "sipping_from", "sip:pinger at kamailio.org")
#n#modparam("registrar|nathelper", "received_avp", "$avp(i:80)")
#n#modparam("usrloc", "nat_bflag", 6)

####### Routing Logic ########


# main request routing logic

route{

        if (!mf_process_maxfwd_header("10")) {
                sl_send_reply("483","Too Many Hops");
                exit;
        }

        if (has_totag()) {
                # sequential request withing a dialog should
                # take the path determined by record-routing
                if (loose_route()) {
                        if (is_method("BYE")) {
                                setflag(1); # do accounting ...
                                setflag(3); # ... even if the transaction fails
                        }
                        route(1);
                } else {
                        if (is_method("SUBSCRIBE") && uri == myself) {
                                # in-dialog subscribe requests
                                route(2);
                                exit;
                        }
                        if ( is_method("ACK") ) {
                                if ( t_check_trans() ) {
                                        # non loose-route, but stateful ACK; must be an ACK after a 487 or e.g. 404 from upstream server
                                        t_relay();
                                        exit;
                                } else {
                                        # ACK without matching transaction ... ignore and discard.\n");
                                        exit;
                                }
                        }
                        sl_send_reply("404","Not here");
                }
                exit;
        }

        #initial requests

        # CANCEL processing
        if (is_method("CANCEL"))
        {
                if (t_check_trans())
                        t_relay();
                exit;
        }

        t_check_trans();

        # authentication
        route(3);

        # record routing
        if (!is_method("REGISTER|MESSAGE"))
                record_route();

        # account only INVITEs
        if (is_method("INVITE")) {
                setflag(1); # do accounting

        if (uri=~"sip:.*$")  # Here we check the number dialed
  {
   #authorize if a call is going to PSTN
   if(!proxy_authorize("", "subscriber"))
   {
    proxy_challenge("", "0");
    return;
   };

   xlog("L_INFO", "CALL: Call to international number\n");
   rewritehostport("xxx.xx.xx.xx:5060");  # rewriting SIP headers
   route(1);
  }

      if(!allow_trusted()) {
        if (!proxy_authorize("","subscriber")) {
          proxy_challenge("","0");
          exit;
          } else if (!check_from()) {
            sl_send_reply("403","Forbidden, use FROM=ID");
            exit;
    };
   };












        }
        if (!uri==myself)
        /* replace with following line if multi-domain support is used */
        ##if (!is_uri_host_local())
        {
                append_hf("P-hint: outbound\r\n");
                # if you have some interdomain connections via TLS
                ##if($rd=="tls_domain1.net") {
                ##      t_relay("tls:domain1.net");
                ##      exit;
                ##} else if($rd=="tls_domain2.net") {
                ##      t_relay("tls:domain2.net");
                ##      exit;
                ##}
                route(1);
        }

        # requests for my domain

        if( is_method("PUBLISH|SUBSCRIBE"))
                route(2);

        if (is_method("REGISTER"))
        {
                if (!save("location"))
                        sl_reply_error();

                exit;
        }

        if ($rU==NULL) {
                # request with no Username in RURI
                sl_send_reply("484","Address Incomplete");
                exit;
        }

        # apply DB based aliases (uncomment to enable)
        ##alias_db_lookup("dbaliases");

        if (!lookup("location")) {
                switch ($retcode) {
                        case -1:
                        case -3:
                                t_newtran();
                                t_reply("404", "Not Found");
                                exit;
                        case -2:
                                sl_send_reply("405", "Method Not Allowed");
                                exit;
                }
        }

        # when routing via usrloc, log the missed calls also
        setflag(2);

        route(1);
}


route[1] {
#n#     if (check_route_param("nat=yes")) {
#n#             setbflag(6);
#n#     }
#n#     if (isflagset(5) || isbflagset(6)) {
#n#             route(5);
#n#     }

        /* example how to enable some additional event routes */
        if (is_method("INVITE")) {
                #t_on_branch("1");
                t_on_reply("1");
                t_on_failure("1");
        }

        if (!t_relay()) {
                sl_reply_error();
        }
        exit;
}


# Presence route
/* uncomment the whole following route for enabling presence server */
route[2]
{
#p#     if (!t_newtran())
#p#     {
#p#             sl_reply_error();
#p#             exit;
#p#     };
#p#
#p#     if(is_method("PUBLISH"))
#p#     {
#p#             handle_publish();
#p#             t_release();
#p#     }
#p#     else
#p#     if( is_method("SUBSCRIBE"))
#p#     {
#p#             handle_subscribe();
#p#             t_release();
#p#     }
#p#     exit;

        # if presence enabled, this part will not be executed
        if (is_method("PUBLISH") || $rU==null)
        {
                sl_send_reply("404", "Not here");
                exit;
        }
        return;
}

# Authentication route
/* uncomment the whole following route for enabling authentication */
route[3] {
        if (is_method("REGISTER"))
        {
                # authenticate the REGISTER requests (uncomment to enable auth)
                if (!www_authorize("", "subscriber"))
                {
                        www_challenge("", "0");
                        exit;
                }

                if ($au!=$tU)
                {
                        sl_send_reply("403","Forbidden auth ID");
                        exit;
                }
        } else {
                # authenticate if from local subscriber (uncomment to enable auth)
                if (from_uri==myself)
                {
                        if (!proxy_authorize("", "subscriber")) {
                                proxy_challenge("", "0");
                                exit;
                        }
                        # requests for Media server
                        if(is_method("INVITE") && !has_totag() && uri=~"sip:0[0-9]") {
                        route(4);
                        exit;
                        }
                        if (is_method("PUBLISH"))
                        {
                                if ($au!=$tU) {
                                        sl_send_reply("403","Forbidden auth ID");
                                        exit;
                                }
                        } else {
                                if ($au!=$fU) {
                        sl_send_reply("403","Forbidden auth ID");
                                        exit;
                                };
                        }

                        consume_credentials();
                        # caller authenticated
                }
        }
        return;
}

# Caller NAT detection route
/* uncomment the whole following route for enabling Caller NAT Detection */
route[4]{
        # direct to sip provider
        if (uri =~ "sip:0[0-9]" ) {
        # route to Asterisk Media Server
        rewritehostport("xx.xxx.xx.xxx");
        route(1);
}




#       force_rport();
#       if (nat_uac_test("19")) {
#               if (method=="REGISTER") {
#                       fix_nated_register();
#               } else {
#                       fix_nated_contact();
#               }
#               setflag(5);
#       }
#       return;
#}

# RTPProxy control
/* uncomment the whole following route for enabling RTPProxy Control */
#route[5] {
#n#     if (is_method("BYE")) {
#n#             unforce_rtp_proxy();
#n#     } else if (is_method("INVITE")){
#n#             force_rtp_proxy();
#n#     }
#n#     if (!has_totag()) add_rr_param(";nat=yes");
        return;
}

branch_route[1] {
        xdbg("new branch at $ru\n");
}


onreply_route[1] {
        xdbg("incoming reply\n");

#n#     if ((isflagset(5) || isbflagset(6)) && status=~"(183)|(2[0-9][0-9])") {
#n#             force_rtp_proxy();
#n#     }
#n#     if (isbflagset(6)) {
#n#             fix_nated_contact();
#n#     }
}


failure_route[1] {
#n#     if (is_method("INVITE)
#n#                     && (isbflagset(6) || isflagset(5))) {
#n#             unforce_rtp_proxy();
#n#     }

        if (t_was_cancelled()) {
                exit;
        }

        # uncomment the following lines if you want to block client
        # redirect based on 3xx replies.
        ##if (t_check_status("3[0-9][0-9]")) {
        ##t_reply("404","Not found");
        ##      exit;
        ##}

        # uncomment the following lines if you want to redirect the failed
        # calls to a different new destination
        ##if (t_check_status("486|408")) {
        ##      sethostport("192.168.2.100:5060");
        ##      append_branch();
        ##      # do not set the missed call flag again
        ##      t_relay();
        ##}
}



Thanks!!!

Taff.



      




More information about the sr-users mailing list