[SR-Users] OpenIMSCore and Kamalio Integration
"Andrés S. García Ruiz"
asgarcia at um.es
Fri Dec 3 10:56:54 CET 2010
It works now! Thanks a lot!
Regards,
Andrés.
El 30/11/10 21:56, Daniel-Constantin Mierla escribió:
> Hello,
>
> the comments at the beginning of the configuration files tells you
> more about how some features are enabled/disabled. I assume you read
> them as you enabled authenitcation (by default is disabled) -- you
> have #!define WITH_AUTH.
>
> Maybe in your particular case the best solution is to enable IP
> authentication and add the IP address of OpenIMSCore in address table
> with group id 1.
>
> Cheers,
> Daniel
>
> On 11/29/10 3:27 PM, "Andrés S. García Ruiz" wrote:
>>
>> Thanks for your comment,
>>
>> This is my configuration, could you please tell me how to disable
>> authentication?
>>
>> #!KAMAILIO
>> #
>> # Kamailio (OpenSER) SIP Server v3.1 - default configuration script
>> # - web: http://www.kamailio.org
>> # - git: http://sip-router.org
>> #
>> # Direct your questions about this file to:
>> <sr-users at lists.sip-router.org>
>> #
>> # Refer to the Core CookBook at
>> http://www.kamailio.org/dokuwiki/doku.php
>> # for an explanation of possible statements, functions and parameters.
>> #
>> # Several features can be enabled using '#!define WITH_FEATURE'
>> directives:
>> #
>> # *** To run in debug mode:
>> # - define WITH_DEBUG
>> #
>> # *** To enable mysql:
>> # - define WITH_MYSQL
>> #
>> # *** To enable authentication execute:
>> # - enable mysql
>> # - define WITH_AUTH
>> # - add users using 'kamctl'
>> #
>> # *** To enable IP authentication execute:
>> # - enable mysql
>> # - enable authentication
>> # - define WITH_IPAUTH
>> # - add IP addresses with group id '1' to 'address' table
>> #
>> # *** To enable persistent user location execute:
>> # - enable mysql
>> # - define WITH_USRLOCDB
>> #
>> # *** To enable presence server execute:
>> # - enable mysql
>> # - define WITH_PRESENCE
>> #
>> # *** To enable nat traversal execute:
>> # - define WITH_NAT
>> # - install RTPProxy: http://www.rtpproxy.org
>> # - start RTPProxy:
>> # rtpproxy -l _your_public_ip_ -s udp:localhost:7722
>> #
>> # *** To enable PSTN gateway routing execute:
>> # - define WITH_PSTN
>> # - set the value of pstn.gw_ip
>> # - check route[PSTN] for regexp routing condition
>> #
>> # *** To enable database aliases lookup execute:
>> # - enable mysql
>> # - define WITH_ALIASDB
>> #
>> # *** To enable multi-domain support execute:
>> # - enable mysql
>> # - define WITH_MULTIDOMAIN
>> #
>> # *** To enable TLS support execute:
>> # - adjust CFGDIR/tls.cfg as needed
>> # - define WITH_TLS
>> #
>> # *** To enable XMLRPC support execute:
>> # - define WITH_XMLRPC
>> # - adjust route[XMLRPC] for access policy
>> #
>> # *** To enable anti-flood detection execute:
>> # - adjust pike and htable=>ipban settings as needed (default is
>> # block if more than 16 requests in 2 seconds and ban for 300
>> seconds)
>> # - define WITH_ANTIFLOOD
>> #
>> # *** To enhance accounting execute:
>> # - enable mysql
>> # - define WITH_ACCDB
>> # - add following columns to database
>> #!ifdef ACCDB_COMMENT
>> ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
>> ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT
>> '';
>> ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
>> ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
>> ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT
>> '';
>> ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL
>> DEFAULT '';
>> ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT
>> NULL DEFAULT '';
>> ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL
>> DEFAULT '';
>> ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL
>> DEFAULT '';
>> ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT
>> NULL DEFAULT '';
>> #!endif
>>
>> ####### Defined Values #########
>>
>> #!define WITH_DEBUG
>> #!define WITH_AUTH
>> #!define WITH_MYSQL
>> #!define WITH_USRLOCDB
>>
>> # *** Value defines - IDs used later in config
>> #!ifdef WITH_MYSQL
>> # - database URL - used to connect to database server by modules such
>> # as: auth_db, acc, usrloc, a.s.o.
>> #!define DBURL "mysql://openser:openserrw@localhost/openser"
>> #!endif
>> #!ifdef WITH_MULTIDOMAIN
>> # - the value for 'use_domain' parameters
>> #!define MULTIDOMAIN 1
>> #!else
>> #!define MULTIDOMAIN 0
>> #!endif
>>
>> # - flags
>> # FLT_ - per transaction (message) flags
>> # FLB_ - per branch flags
>> #!define FLT_ACC 1
>> #!define FLT_ACCMISSED 2
>> #!define FLT_ACCFAILED 3
>> #!define FLT_NATS 5
>>
>> #!define FLB_NATB 6
>> #!define FLB_NATSIPPING 7
>>
>> ####### Global Parameters #########
>>
>> #!ifdef WITH_DEBUG
>> debug=4
>> log_stderror=yes
>> #!else
>> debug=2
>> log_stderror=no
>> #!endif
>>
>> memdbg=5
>> memlog=5
>>
>> log_facility=LOG_LOCAL0
>>
>> fork=yes
>> children=4
>>
>> /* uncomment the next line to disable TCP (default on) */
>> #disable_tcp=yes
>>
>>
>> /* uncomment the next line to disable the auto discovery of local
>> aliases
>> based on reverse DNS on IPs (default on) */
>> #auto_aliases=no
>>
>> /* add local domain aliases */
>> alias="open-ims.test"
>>
>> /* uncomment and configure the following line if you want Kamailio to
>> bind on a specific interface/port/proto (default bind on all
>> available) */
>> #listen=udp:10.0.0.10:5060
>>
>> /* port to listen to
>> * - can be specified more than once if needed to listen on many
>> ports */
>> port=5060
>>
>> #!ifdef WITH_TLS
>> enable_tls=yes
>> #!endif
>>
>> ####### Custom Parameters #########
>>
>> # These parameters can be modified runtime via RPC interface
>> # - see the documentation of 'cfg_rpc' module.
>> #
>> # Format: group.id = value 'desc' description
>> # Access: $sel(cfg_get.group.id) or @cfg_get.group.id
>> #
>>
>> #!ifdef WITH_PSTN
>> # PSTN GW Routing
>> #
>> # - pstn.gw_ip: valid IP or hostname as string value, example:
>> # pstn.gw_ip = "10.0.0.101" desc "My PSTN GW Address"
>> #
>> # - by default is empty to avoid misrouting
>> pstn.gw_ip = "" desc "PSTN GW Address"
>> #!endif
>>
>>
>> ####### Modules Section ########
>>
>> # set paths to location of modules
>> #!ifdef LOCAL_TEST_RUN
>> mpath="modules_k:modules"
>> #!else
>> mpath="/usr/local/lib/kamailio/modules_k/:/usr/local/lib/kamailio/modules/"
>>
>> #!endif
>>
>> #!ifdef WITH_MYSQL
>> loadmodule "db_mysql.so"
>> #!endif
>>
>> loadmodule "mi_fifo.so"
>> loadmodule "kex.so"
>> loadmodule "tm.so"
>> loadmodule "tmx.so"
>> loadmodule "sl.so"
>> loadmodule "rr.so"
>> loadmodule "pv.so"
>> loadmodule "maxfwd.so"
>> loadmodule "usrloc.so"
>> loadmodule "registrar.so"
>> loadmodule "textops.so"
>> loadmodule "siputils.so"
>> loadmodule "xlog.so"
>> loadmodule "sanity.so"
>> loadmodule "ctl.so"
>> loadmodule "mi_rpc.so"
>> loadmodule "acc.so"
>>
>> #!ifdef WITH_AUTH
>> loadmodule "auth.so"
>> loadmodule "auth_db.so"
>> #!ifdef WITH_IPAUTH
>> loadmodule "permissions.so"
>> #!endif
>> #!endif
>>
>> #!ifdef WITH_ALIASDB
>> loadmodule "alias_db.so"
>> #!endif
>>
>> #!ifdef WITH_MULTIDOMAIN
>> loadmodule "domain.so"
>> #!endif
>>
>> #!ifdef WITH_PRESENCE
>> loadmodule "presence.so"
>> loadmodule "presence_xml.so"
>> #!endif
>>
>> #!ifdef WITH_NAT
>> loadmodule "nathelper.so"
>> loadmodule "rtpproxy.so"
>> #!endif
>>
>> #!ifdef WITH_TLS
>> loadmodule "tls.so"
>> #!endif
>>
>> #!ifdef WITH_ANTIFLOOD
>> loadmodule "htable.so"
>> loadmodule "pike.so"
>> #!endif
>>
>> #!ifdef WITH_XMLRPC
>> loadmodule "xmlrpc.so"
>> #!endif
>>
>> # ----------------- setting module-specific parameters ---------------
>>
>>
>> # ----- mi_fifo params -----
>> modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
>>
>>
>> # ----- tm params -----
>> # auto-discard branches from previous serial forking leg
>> modparam("tm", "failure_reply_mode", 3)
>> # default retransmission timeout: 30sec
>> modparam("tm", "fr_timer", 30000)
>> # default invite retransmission timeout after 1xx: 120sec
>> modparam("tm", "fr_inv_timer", 120000)
>>
>>
>> # ----- rr params -----
>> # add value to ;lr param to cope with most of the UAs
>> modparam("rr", "enable_full_lr", 1)
>> # do not append from tag to the RR (no need for this script)
>> modparam("rr", "append_fromtag", 0)
>>
>>
>> # ----- registrar params -----
>> modparam("registrar", "method_filtering", 1)
>> /* uncomment the next line to disable parallel forking via location */
>> # modparam("registrar", "append_branches", 0)
>> /* uncomment the next line not to allow more than 10 contacts per AOR */
>> #modparam("registrar", "max_contacts", 10)
>>
>>
>> # ----- acc params -----
>> /* what special events should be accounted ? */
>> modparam("acc", "early_media", 0)
>> modparam("acc", "report_ack", 0)
>> modparam("acc", "report_cancels", 0)
>> /* by default ww do not adjust the direct of the sequential requests.
>> if you enable this parameter, be sure the enable "append_fromtag"
>> in "rr" module */
>> modparam("acc", "detect_direction", 0)
>> /* account triggers (flags) */
>> modparam("acc", "log_flag", FLT_ACC)
>> modparam("acc", "log_missed_flag", FLT_ACCMISSED)
>> modparam("acc", "log_extra",
>>
>> "src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
>> modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
>> /* enhanced DB accounting */
>> #!ifdef WITH_ACCDB
>> modparam("acc", "db_flag", FLT_ACC)
>> modparam("acc", "db_missed_flag", FLT_ACCMISSED)
>> modparam("acc", "db_url", DBURL)
>> modparam("acc", "db_extra",
>>
>> "src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
>> #!endif
>>
>>
>> # ----- usrloc params -----
>> /* enable DB persistency for location entries */
>> #!ifdef WITH_USRLOCDB
>> modparam("usrloc", "db_url", DBURL)
>> modparam("usrloc", "db_mode", 2)
>> modparam("usrloc", "use_domain", MULTIDOMAIN)
>> #!endif
>>
>>
>> # ----- auth_db params -----
>> #!ifdef WITH_AUTH
>> modparam("auth_db", "db_url", DBURL)
>> modparam("auth_db", "calculate_ha1", yes)
>> modparam("auth_db", "password_column", "password")
>> modparam("auth_db", "load_credentials", "")
>> modparam("auth_db", "use_domain", MULTIDOMAIN)
>>
>> # ----- permissions params -----
>> #!ifdef WITH_IPAUTH
>> modparam("permissions", "db_url", DBURL)
>> modparam("permissions", "db_mode", 1)
>> #!endif
>>
>> #!endif
>>
>>
>> # ----- alias_db params -----
>> #!ifdef WITH_ALIASDB
>> modparam("alias_db", "db_url", DBURL)
>> modparam("alias_db", "use_domain", MULTIDOMAIN)
>> #!endif
>>
>>
>> # ----- domain params -----
>> #!ifdef WITH_MULTIDOMAIN
>> modparam("domain", "db_url", DBURL)
>> # use caching
>> modparam("domain", "db_mode", 1)
>> # register callback to match myself condition with domains list
>> modparam("domain", "register_myself", 1)
>> #!endif
>>
>>
>> #!ifdef WITH_PRESENCE
>> # ----- presence params -----
>> modparam("presence", "db_url", DBURL)
>>
>> # ----- presence_xml params -----
>> modparam("presence_xml", "db_url", DBURL)
>> modparam("presence_xml", "force_active", 1)
>> #!endif
>>
>>
>> #!ifdef WITH_NAT
>> # ----- rtpproxy params -----
>> modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722")
>>
>> # ----- nathelper params -----
>> modparam("nathelper", "natping_interval", 30)
>> modparam("nathelper", "ping_nated_only", 1)
>> modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
>> modparam("nathelper", "sipping_from", "sip:pinger at kamailio.org")
>>
>> # params needed for NAT traversal in other modules
>> modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
>> modparam("usrloc", "nat_bflag", FLB_NATB)
>> #!endif
>>
>>
>> #!ifdef WITH_TLS
>> # ----- tls params -----
>> modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
>> #!endif
>>
>> #!ifdef WITH_ANTIFLOOD
>> # ----- pike params -----
>> modparam("pike", "sampling_time_unit", 2)
>> modparam("pike", "reqs_density_per_unit", 16)
>> modparam("pike", "remove_latency", 4)
>>
>> # ----- htable params -----
>> # ip ban htable with autoexpire after 5 minutes
>> modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
>> #!endif
>>
>> #!ifdef WITH_XMLRPC
>> # ----- xmlrpc params -----
>> modparam("xmlrpc", "route", "XMLRPC");
>> modparam("xmlrpc", "url_match", "^/RPC")
>> #!endif
>>
>> ####### Routing Logic ########
>>
>>
>> # Main SIP request routing logic
>> # - processing of any incoming SIP request starts with this route
>> route {
>>
>> # per request initial checks
>> route(REQINIT);
>>
>> # NAT detection
>> route(NAT);
>>
>> # handle requests within SIP dialogs
>> route(WITHINDLG);
>>
>> ### only initial requests (no To tag)
>>
>> # CANCEL processing
>> if (is_method("CANCEL"))
>> {
>> if (t_check_trans())
>> t_relay();
>> exit;
>> }
>>
>> t_check_trans();
>>
>> # authentication
>> route(AUTH);
>>
>> # record routing for dialog forming requests (in case they are
>> routed)
>> # - remove preloaded route headers
>> remove_hf("Route");
>> if (is_method("INVITE|SUBSCRIBE"))
>> record_route();
>>
>> # account only INVITEs
>> if (is_method("INVITE"))
>> {
>> setflag(FLT_ACC); # do accounting
>> }
>>
>> # dispatch requests to foreign domains
>> route(SIPOUT);
>>
>> ### requests for my local domains
>>
>> # handle presence related requests
>> route(PRESENCE);
>>
>> # handle registrations
>> route(REGISTRAR);
>>
>> if ($rU==$null)
>> {
>> # request with no Username in RURI
>> sl_send_reply("484","Address Incomplete");
>> exit;
>> }
>>
>> # dispatch destinations to PSTN
>> route(PSTN);
>>
>> # user location service
>> route(LOCATION);
>>
>> route(RELAY);
>> }
>>
>>
>> route[RELAY] {
>> #!ifdef WITH_NAT
>> if (check_route_param("nat=yes")) {
>> setbflag(FLB_NATB);
>> }
>> if (isflagset(FLT_NATS) || isbflagset(FLB_NATB)) {
>> route(RTPPROXY);
>> }
>> #!endif
>>
>> /* example how to enable some additional event routes */
>> if (is_method("INVITE")) {
>> #t_on_branch("BRANCH_ONE");
>> t_on_reply("REPLY_ONE");
>> t_on_failure("FAIL_ONE");
>> }
>>
>> if (!t_relay()) {
>> sl_reply_error();
>> }
>> exit;
>> }
>>
>> # Per SIP request initial checks
>> route[REQINIT] {
>> #!ifdef WITH_ANTIFLOOD
>> # flood dection from same IP and traffic ban for a while
>> # be sure you exclude checking trusted peers, such as pstn gateways
>> # - local host excluded (e.g., loop to self)
>> if(src_ip!=myself)
>> {
>> if($sht(ipban=>$si)!=$null)
>> {
>> # ip is already blocked
>> xdbg("request from blocked IP - $rm from $fu
>> (IP:$si:$sp)\n");
>> exit;
>> }
>> if (!pike_check_req())
>> {
>> xlog("L_ALERT","ALERT: pike blocking $rm from $fu
>> (IP:$si:$sp)\n");
>> $sht(ipban=>$si) = 1;
>> exit;
>> }
>> }
>> #!endif
>>
>> if (!mf_process_maxfwd_header("10")) {
>> sl_send_reply("483","Too Many Hops");
>> exit;
>> }
>>
>> if(!sanity_check("1511", "7"))
>> {
>> xlog("Malformed SIP message from $si:$sp\n");
>> exit;
>> }
>> }
>>
>> # Handle requests within SIP dialogs
>> route[WITHINDLG] {
>> if (has_totag()) {
>> # sequential request withing a dialog should
>> # take the path determined by record-routing
>> if (loose_route()) {
>> if (is_method("BYE")) {
>> setflag(FLT_ACC); # do accounting ...
>> setflag(FLT_ACCFAILED); # ... even if the transaction
>> fails
>> }
>> route(RELAY);
>> } else {
>> if (is_method("SUBSCRIBE") && uri == myself) {
>> # in-dialog subscribe requests
>> route(PRESENCE);
>> exit;
>> }
>> if ( is_method("ACK") ) {
>> if ( t_check_trans() ) {
>> # no loose-route, but stateful ACK;
>> # must be an ACK after a 487
>> # or e.g. 404 from upstream server
>> t_relay();
>> exit;
>> } else {
>> # ACK without matching transaction ... ignore and
>> discard
>> exit;
>> }
>> }
>> sl_send_reply("404","Not here");
>> }
>> exit;
>> }
>> }
>>
>> # Handle SIP registrations
>> route[REGISTRAR] {
>> if (is_method("REGISTER"))
>> {
>> if(isflagset(FLT_NATS))
>> {
>> setbflag(FLB_NATB);
>> # uncomment next line to do SIP NAT pinging
>> ## setbflag(FLB_NATSIPPING);
>> }
>> if (!save("location"))
>> sl_reply_error();
>>
>> exit;
>> }
>> }
>>
>> # USER location service
>> route[LOCATION] {
>>
>> #!ifdef WITH_ALIASDB
>> # search in DB-based aliases
>> alias_db_lookup("dbaliases");
>> #!endif
>>
>> if (!lookup("location")) {
>> switch ($rc) {
>> case -1:
>> case -3:
>> t_newtran();
>> t_reply("404", "Not Found");
>> exit;
>> case -2:
>> sl_send_reply("405", "Method Not Allowed");
>> exit;
>> }
>> }
>>
>> # when routing via usrloc, log the missed calls also
>> if (is_method("INVITE"))
>> {
>> setflag(FLT_ACCMISSED);
>> }
>> }
>>
>> # Presence server route
>> route[PRESENCE] {
>> if(!is_method("PUBLISH|SUBSCRIBE"))
>> return;
>>
>> #!ifdef WITH_PRESENCE
>> if (!t_newtran())
>> {
>> sl_reply_error();
>> exit;
>> };
>>
>> if(is_method("PUBLISH"))
>> {
>> if($hdr(Sender)!= NULL)
>> handle_publish("$hdr(Sender)");
>> else
>> handle_publish("");
>> t_release();
>> }
>> else
>> if( is_method("SUBSCRIBE"))
>> {
>> handle_subscribe();
>> t_release();
>> }
>> exit;
>> #!endif
>>
>> # if presence enabled, this part will not be executed
>> if (is_method("PUBLISH") || $rU==$null)
>> {
>> sl_send_reply("404", "Not here");
>> exit;
>> }
>> return;
>> }
>>
>> # Authentication route
>> route[AUTH] {
>> #!ifdef WITH_AUTH
>> if (is_method("REGISTER"))
>> {
>> # authenticate the REGISTER requests (uncomment to enable auth)
>> if (!www_authorize("$td", "subscriber"))
>> {
>> www_challenge("$td", "0");
>> exit;
>> }
>>
>> if ($au!=$tU)
>> {
>> sl_send_reply("403","Forbidden auth ID");
>> exit;
>> }
>> } else {
>>
>> #!ifdef WITH_IPAUTH
>> if(allow_source_address())
>> {
>> # source IP allowed
>> return;
>> }
>> #!endif
>> # authenticate if from local subscriber
>> if (from_uri==myself)
>> {
>> if (!proxy_authorize("$fd", "subscriber")) {
>> proxy_challenge("$fd", "0");
>> exit;
>> }
>> if (is_method("PUBLISH"))
>> {
>> if ($au!=$tU) {
>> sl_send_reply("403","Forbidden auth ID");
>> exit;
>> }
>> } else {
>> if ($au!=$fU) {
>> sl_send_reply("403","Forbidden auth ID");
>> exit;
>> }
>> }
>>
>> consume_credentials();
>> # caller authenticated
>> } else {
>> # caller is not local subscriber, then check if it calls
>> # a local destination, otherwise deny, not an open relay
>> here
>> if (!uri==myself)
>> {
>> sl_send_reply("403","Not relaying");
>> exit;
>> }
>> }
>> }
>> #!endif
>> return;
>> }
>>
>> # Caller NAT detection route
>> route[NAT] {
>> #!ifdef WITH_NAT
>> force_rport();
>> if (nat_uac_test("19")) {
>> if (method=="REGISTER") {
>> fix_nated_register();
>> } else {
>> fix_nated_contact();
>> }
>> setflag(FLT_NATS);
>> }
>> #!endif
>> return;
>> }
>>
>> # RTPProxy control
>> route[RTPPROXY] {
>> #!ifdef WITH_NAT
>> if (is_method("BYE")) {
>> unforce_rtp_proxy();
>> } else if (is_method("INVITE")){
>> force_rtp_proxy();
>> }
>> if (!has_totag()) add_rr_param(";nat=yes");
>> #!endif
>> return;
>> }
>>
>> # Routing to foreign domains
>> route[SIPOUT] {
>> if (!uri==myself)
>> {
>> append_hf("P-hint: outbound\r\n");
>> route(RELAY);
>> }
>> }
>>
>> # PSTN GW routing
>> route[PSTN] {
>> #!ifdef WITH_PSTN
>> # check if PSTN GW IP is defined
>> if (strempty($sel(cfg_get.pstn.gw_ip))) {
>> xlog("SCRIPT: PSTN rotuing enabled but pstn.gw_ip not
>> defined\n");
>> return;
>> }
>>
>> # route to PSTN dialed numbers starting with '+' or '00'
>> # (international format)
>> # - update the condition to match your dialing rules for PSTN
>> routing
>> if(!($rU=~"^(\+|00)[1-9][0-9]{3,20}$"))
>> return;
>>
>> # only local users allowed to call
>> if(from_uri!=myself) {
>> sl_send_reply("403", "Not Allowed");
>> exit;
>> }
>>
>> $ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip);
>>
>> route(RELAY);
>> exit;
>> #!endif
>>
>> return;
>> }
>>
>> # XMLRPC routing
>> #!ifdef WITH_XMLRPC
>> route[XMLRPC]
>> {
>> # allow XMLRPC from localhost
>> if ((method=="POST" || method=="GET")
>> && (src_ip==127.0.0.1)) {
>> # close connection only for xmlrpclib user agents (there is a
>> bug in
>> # xmlrpclib: it waits for EOF before interpreting the response).
>> if ($hdr(User-Agent) =~ "xmlrpclib")
>> set_reply_close();
>> set_reply_no_connect();
>> dispatch_rpc();
>> exit;
>> }
>> send_reply("403", "Forbidden");
>> exit;
>> }
>> #!endif
>>
>> # Sample branch router
>> branch_route[BRANCH_ONE] {
>> xdbg("new branch at $ru\n");
>> }
>>
>> # Sample onreply route
>> onreply_route[REPLY_ONE] {
>> xdbg("incoming reply\n");
>> #!ifdef WITH_NAT
>> if ((isflagset(FLT_NATS) || isbflagset(FLB_NATB))
>> && status=~"(183)|(2[0-9][0-9])") {
>> force_rtp_proxy();
>> }
>> if (isbflagset("6")) {
>> fix_nated_contact();
>> }
>> #!endif
>> }
>>
>> # Sample failure route
>> failure_route[FAIL_ONE] {
>> #!ifdef WITH_NAT
>> if (is_method("INVITE")
>> && (isbflagset(FLB_NATB) || isflagset(FLT_NATS))) {
>> unforce_rtp_proxy();
>> }
>> #!endif
>>
>> if (t_is_canceled()) {
>> exit;
>> }
>>
>> # uncomment the following lines if you want to block client
>> # redirect based on 3xx replies.
>> ##if (t_check_status("3[0-9][0-9]")) {
>> ##t_reply("404","Not found");
>> ## exit;
>> ##}
>>
>> # uncomment the following lines if you want to redirect the failed
>> # calls to a different new destination
>> ##if (t_check_status("486|408")) {
>> ## sethostport("192.168.2.100:5060");
>> ## append_branch();
>> ## # do not set the missed call flag again
>> ## t_relay();
>> ##}
>> }
>>
>>
>> Thanks a lot,
>> Andrés.
>>
>> El 29/11/2010 15:15, Klaus Darilion escribió:
>>> If you do not want to authenticate the requests then disable
>>> authentication kamailio.cfg
>>>
>>> regards
>>> Klaus
>>>
>>> Am 29.11.2010 12:53, schrieb "Andrés S. García Ruiz":
>>>>
>>>> Hi everybody,
>>>>
>>>> I'm trying to deploy an IMS network with OpenIMSCore and Kamailio.
>>>> Since
>>>> OpenIMSCore has been already tested along with Mobicents, now I want
>>>> substitute Mobicents for Kamailio. I've also successfully installed
>>>> Kamailio. I can run it without any problem, but when SIP Publish
>>>> messages arrive at Kamalio, it answers with "407 Proxy Authentication
>>>> Required". The IMS presentity is already registered against the
>>>> OpenIMSCore. How can I solve that problem?
>>>>
>>>> The publish message sent:
>>>>
>>>> PUBLISH sip:testuser01 at open-ims.test SIP/2.0
>>>> Route: <sip:ciervo.inf.um.es:5060;lr>,
>>>> <sip:iscmark at scscf.open-ims.test:6060;lr;s=1;h=0;d=0;a=7369703a74657374757365723031406f70656e2d696d732e74657374>
>>>>
>>>>
>>>> Call-ID: K28QO9PYAE5vn3RNdYOkIEddMEd6yDiqeAW7DwSt6XV.
>>>> CSeq: 1 PUBLISH
>>>> From: "testuser01" <sip:testuser01 at open-ims.test>;tag=ff123bda
>>>> To: "testuser01" <sip:testuser01 at open-ims.test>
>>>> Via: SIP/2.0/UDP 155.54.210.135:6060;branch=z9hG4bKa31a.6cba1cd2.0
>>>> Via: SIP/2.0/UDP 155.54.210.134:4060;branch=z9hG4bKa31a.71481d13.0;i=1
>>>> Via: SIP/2.0/TCP
>>>> 155.54.190.166:8060;rport=41624;branch=z9hG4bK-d8754z-ce7487ff34be55f9-1---d8754z-
>>>>
>>>>
>>>> Max-Forwards: 15
>>>> Content-Type: application/pidf+xml
>>>> Expires: 30000
>>>> Event: presence
>>>> Contact: <sip:testuser01 at 155.54.190.166:8060>
>>>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
>>>> SUBSCRIBE, INFO
>>>> User-Agent: X-Lite IMS-OSGi-Client 0.1
>>>> CVS-Mon_Nov_29_10-14-33_CET_2010
>>>> Content-Length: 451
>>>> P-Asserted-Identity: <sip:testuser01 at open-ims.test>
>>>> P-Charging-Vector:
>>>> icid-value="P-CSCFabcd000000004cf3708400000002";icid-generated-at=155.54.210.134;orig-ioi="open-ims.test"
>>>>
>>>>
>>>>
>>>> <?xml version='1.0' encoding='UTF-8'?><presence
>>>> xmlns='urn:ietf:params:xml:ns:pidf'
>>>> xmlns:c='urn:ietf:params:xml:ns:pidf:cipid'
>>>> xmlns:dm='urn:ietf:params:xml:ns:pidf:data-model'
>>>> xmlns:rpid='urn:ietf:params:xml:ns:pidf:rpid'
>>>> entity='sip:testuser01 at open-ims.test'><tuple
>>>> id='t6b9a6ab3'><status><basic>open</basic></status></tuple><dm:person
>>>> id='p34b126e5'><rpid:activities><rpid:Online/></rpid:activities><dm:note>Online</dm:note></dm:person></presence>
>>>>
>>>>
>>>>
>>>>
>>>> Kamailio answer:
>>>> SIP/2.0 407 Proxy Authentication Required
>>>> Call-ID: K28QO9PYAE5vn3RNdYOkIEddMEd6yDiqeAW7DwSt6XV.
>>>> CSeq: 1 PUBLISH
>>>> From: "testuser01" <sip:testuser01 at open-ims.test>;tag=ff123bda
>>>> To: "testuser01"
>>>> <sip:testuser01 at open-ims.test>;tag=b27e1a1d33761e85846fc98f5f3a7e58.3d3a
>>>>
>>>> Via: SIP/2.0/UDP 155.54.210.135:6060;branch=z9hG4bKa31a.6cba1cd2.0
>>>> Via: SIP/2.0/UDP 155.54.210.134:4060;branch=z9hG4bKa31a.71481d13.0;i=1
>>>> Via: SIP/2.0/TCP
>>>> 155.54.190.166:8060;rport=41624;branch=z9hG4bK-d8754z-ce7487ff34be55f9-1---d8754z-
>>>>
>>>>
>>>> Proxy-Authenticate: Digest realm="open-ims.test",
>>>> nonce="TPNwMkzzbwZRE1piAM8yHaXGsXvwS16v"
>>>> Server: kamailio (3.1.0 (i386/linux))
>>>> Content-Length: 0
>>>>
>>>>
>>>> Kamailio log:
>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:628]: SIP Request:
>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:630]: method: <PUBLISH>
>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:632]: uri:
>>>> <sip:testuser01 at open-ims.test>
>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:634]: version: <SIP/2.0>
>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:165]: get_hdr_field: cseq
>>>> <CSeq>: <1> <PUBLISH>
>>>> 5(15391) DEBUG: <core> [parser/parse_to.c:803]: end of header reached,
>>>> state=10
>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:185]: DEBUG:
>>>> get_hdr_field:
>>>> <To> [45]; uri=[sip:testuser01 at open-ims.test]
>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:187]: DEBUG: to body
>>>> ["testuser01" <sip:testuser01 at open-ims.test>
>>>> ]
>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type
>>>> 232,
>>>> <branch> = <z9hG4bKa31a.6cba1cd2.0>; state=16
>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:2300]: end of header
>>>> reached,
>>>> state=5
>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:513]: parse_headers: Via
>>>> found, flags=2
>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:515]: parse_headers:
>>>> this is
>>>> the first via
>>>> 5(15391) DEBUG: <core> [receive.c:145]: After parse_msg...
>>>> 5(15391) DEBUG: <core> [receive.c:186]: preparing to run routing
>>>> scripts...
>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type
>>>> 232,
>>>> <branch> = <z9hG4bKa31a.71481d13.0>; state=6
>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type
>>>> 236,
>>>> <i> = <1>; state=16
>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:2300]: end of header
>>>> reached,
>>>> state=5
>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:513]: parse_headers: Via
>>>> found, flags=100
>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:526]: parse_headers:
>>>> this is
>>>> the second via
>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type
>>>> 235,
>>>> <rport> = <41624>; state=6
>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type
>>>> 232,
>>>> <branch> = <z9hG4bK-d8754z-ce7487ff34be55f9-1---d8754z->; state=16
>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:2300]: end of header
>>>> reached,
>>>> state=5
>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:513]: parse_headers: Via
>>>> found, flags=100
>>>> 5(15391) DEBUG: maxfwd [mf_funcs.c:85]: value = 15
>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:199]: DEBUG:
>>>> get_hdr_body :
>>>> content_length=451
>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:101]: found end of header
>>>> 5(15391) DEBUG: <core> [parser/parse_to.c:174]: DEBUG: add_param:
>>>> tag=ff123bda
>>>> 5(15391) DEBUG: <core> [parser/parse_to.c:803]: end of header reached,
>>>> state=29
>>>> 5(15391) DEBUG: sanity [mod_sanity.c:217]: all sanity checks passed
>>>> 5(15391) DEBUG: siputils [checks.c:73]: no totag
>>>> 5(15391) DEBUG: tm [t_lookup.c:1081]: DEBUG: t_check_msg: msg id=1
>>>> global id=0 T start=0xffffffff
>>>> 5(15391) DEBUG: tm [t_lookup.c:528]: t_lookup_request: start
>>>> searching:
>>>> hash=41274, isACK=0
>>>> 5(15391) DEBUG: tm [t_lookup.c:485]: DEBUG: RFC3261 transaction
>>>> matching
>>>> failed
>>>> 5(15391) DEBUG: tm [t_lookup.c:711]: DEBUG: t_lookup_request: no
>>>> transaction found
>>>> 5(15391) DEBUG: tm [t_lookup.c:1150]: DEBUG: t_check_msg: msg id=1
>>>> global id=1 T end=(nil)
>>>> 5(15391) DEBUG: <core> [socket_info.c:501]: grep_sock_info -
>>>> checking if
>>>> host==us: 13==9 && [open-ims.test] == [127.0.0.1]
>>>> 5(15391) DEBUG: <core> [socket_info.c:504]: grep_sock_info -
>>>> checking if
>>>> port 5060 matches port 5060
>>>> 5(15391) DEBUG: <core> [socket_info.c:501]: grep_sock_info -
>>>> checking if
>>>> host==us: 13==14 && [open-ims.test] == [155.54.190.245]
>>>> 5(15391) DEBUG: <core> [socket_info.c:504]: grep_sock_info -
>>>> checking if
>>>> port 5060 matches port 5060
>>>> 5(15391) DEBUG: <core> [socket_info.c:501]: grep_sock_info -
>>>> checking if
>>>> host==us: 13==9 && [open-ims.test] == [127.0.0.1]
>>>> 5(15391) DEBUG: <core> [socket_info.c:504]: grep_sock_info -
>>>> checking if
>>>> port 5060 matches port 5060
>>>> 5(15391) DEBUG: <core> [socket_info.c:501]: grep_sock_info -
>>>> checking if
>>>> host==us: 13==14 && [open-ims.test] == [155.54.190.245]
>>>> 5(15391) DEBUG: <core> [socket_info.c:504]: grep_sock_info -
>>>> checking if
>>>> port 5060 matches port 5060
>>>> 5(15391) DEBUG: auth_db [authorize.c:239]: realm value [open-ims.test]
>>>> 5(15391) DEBUG: auth [api.c:85]: auth:pre_auth: Credentials with realm
>>>> 'open-ims.test' not found
>>>> 5(15391) DEBUG: auth_db [authorize.c:257]: not authenticated
>>>> 5(15391) DEBUG: auth [challenge.c:102]: build_challenge_hf:
>>>> realm='open-ims.test'
>>>> 5(15391) DEBUG: auth [challenge.c:236]: auth: 'Proxy-Authenticate:
>>>> Digest realm="open-ims.test", nonce="TPNwMkzzbwZRE1piAM8yHaXGsXvwS16v"
>>>> '
>>>> 5(15391) DEBUG: sl [sl.c:278]: reply in stateless mode (sl)
>>>> 5(15391) DEBUG: <core> [msg_translator.c:207]:
>>>> check_via_address(155.54.210.135, 155.54.210.135, 0)
>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
>>>> destroying list (nil)
>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
>>>> destroying list (nil)
>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
>>>> destroying list (nil)
>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
>>>> destroying list (nil)
>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
>>>> destroying list (nil)
>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
>>>> destroying list (nil)
>>>> 5(15391) DEBUG: <core> [receive.c:289]: receive_msg: cleaning up
>>>>
>>>>
>>>> Thanks in advance,
>>>> Andrés.
>>>>
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
More information about the sr-users
mailing list