[SR-Users] OpenIMSCore and Kamalio Integration
Carsten Bock
lists at bock.info
Fri Jan 7 11:49:03 CET 2011
Hi,
the current status is following:
=> OpenIMS-Core:
- all OpenIMS module compile using Kamailio
- "make deb" (i have added "deb-lenny" and "deb-squeeze" targets as
well) will build the standard kamailio packages and a new
"kamailio-ims-modules" package
- You need to adapt the configuration of the OpenIMS-P-CSCF a little,
to make it work (basically change some paths); i will add a working
config next week
- so far, i did only test the P-CSCF-setup with Kamailio, tests of the
I-/S-CSCF-modules should will follow in the next days (+ i will add
configurations for those components to the branch)
- we have a testsetup in place, consisting of the "original" OpenIMS
P-/I- and S-CSCF, the Kamailio replacements, a presence/XCAP-server
(to make the setup more interesting, thanks to Daniel for his great
howto on asipto.com) and the FHoSS. All systems run on dedicated
(virtual) machines.
- as soon as there is more progress, i can make our repository for
debian lenny accessible from the outside world (it currently just has
a private IP)
=> OpenHSS.org (as a FHoSS-Replacement):
- a year ago, i started to develop a replacement for Java FHoSS:
openhss.org (which would be a direct port from the FHoSS to C with
CDP)
- due to personal changes (new job, 5 days a week a new city), i
"paused" the development
- But now, there is good news: I found someone, who will finish the
development: Brian "edge" Edginton
(http://www.ng-voice.com/our-team/brian/)
The full roadmap can be found here:
http://www.ng-voice.com/our-solution/roadmap/
(it contains such "ugly" points as add documentation ;-) )
The goal of the project is to create a stable, fast, open-source,
feature-rich IMS implementation based on Kamailio and the
OpenIMS-Core.
For latest updates on our development, please visit our blog:
http://www.ng-voice.com/
Kind regards,
Carsten
2011/1/7 Daniel-Constantin Mierla <miconda at gmail.com>:
> Btw, fyi, Carsten Bock is working on Git branch 'cartenbock/ims' for making
> straightforward usage of openimscore modules with latest kamailio. If you
> are interested in this kind of platform, maybe you should fetch that branch,
> help testing and integration work.
>
> Cheers,
> Daniel
>
> On 12/3/10 10:56 AM, "Andrés S. García Ruiz" wrote:
>>
>>
>> It works now! Thanks a lot!
>>
>> Regards,
>> Andrés.
>>
>> El 30/11/10 21:56, Daniel-Constantin Mierla escribió:
>>>
>>> Hello,
>>>
>>> the comments at the beginning of the configuration files tells you more
>>> about how some features are enabled/disabled. I assume you read them as you
>>> enabled authenitcation (by default is disabled) -- you have #!define
>>> WITH_AUTH.
>>>
>>> Maybe in your particular case the best solution is to enable IP
>>> authentication and add the IP address of OpenIMSCore in address table with
>>> group id 1.
>>>
>>> Cheers,
>>> Daniel
>>>
>>> On 11/29/10 3:27 PM, "Andrés S. García Ruiz" wrote:
>>>>
>>>> Thanks for your comment,
>>>>
>>>> This is my configuration, could you please tell me how to disable
>>>> authentication?
>>>>
>>>> #!KAMAILIO
>>>> #
>>>> # Kamailio (OpenSER) SIP Server v3.1 - default configuration script
>>>> # - web: http://www.kamailio.org
>>>> # - git: http://sip-router.org
>>>> #
>>>> # Direct your questions about this file to:
>>>> <sr-users at lists.sip-router.org>
>>>> #
>>>> # Refer to the Core CookBook at
>>>> http://www.kamailio.org/dokuwiki/doku.php
>>>> # for an explanation of possible statements, functions and parameters.
>>>> #
>>>> # Several features can be enabled using '#!define WITH_FEATURE'
>>>> directives:
>>>> #
>>>> # *** To run in debug mode:
>>>> # - define WITH_DEBUG
>>>> #
>>>> # *** To enable mysql:
>>>> # - define WITH_MYSQL
>>>> #
>>>> # *** To enable authentication execute:
>>>> # - enable mysql
>>>> # - define WITH_AUTH
>>>> # - add users using 'kamctl'
>>>> #
>>>> # *** To enable IP authentication execute:
>>>> # - enable mysql
>>>> # - enable authentication
>>>> # - define WITH_IPAUTH
>>>> # - add IP addresses with group id '1' to 'address' table
>>>> #
>>>> # *** To enable persistent user location execute:
>>>> # - enable mysql
>>>> # - define WITH_USRLOCDB
>>>> #
>>>> # *** To enable presence server execute:
>>>> # - enable mysql
>>>> # - define WITH_PRESENCE
>>>> #
>>>> # *** To enable nat traversal execute:
>>>> # - define WITH_NAT
>>>> # - install RTPProxy: http://www.rtpproxy.org
>>>> # - start RTPProxy:
>>>> # rtpproxy -l _your_public_ip_ -s udp:localhost:7722
>>>> #
>>>> # *** To enable PSTN gateway routing execute:
>>>> # - define WITH_PSTN
>>>> # - set the value of pstn.gw_ip
>>>> # - check route[PSTN] for regexp routing condition
>>>> #
>>>> # *** To enable database aliases lookup execute:
>>>> # - enable mysql
>>>> # - define WITH_ALIASDB
>>>> #
>>>> # *** To enable multi-domain support execute:
>>>> # - enable mysql
>>>> # - define WITH_MULTIDOMAIN
>>>> #
>>>> # *** To enable TLS support execute:
>>>> # - adjust CFGDIR/tls.cfg as needed
>>>> # - define WITH_TLS
>>>> #
>>>> # *** To enable XMLRPC support execute:
>>>> # - define WITH_XMLRPC
>>>> # - adjust route[XMLRPC] for access policy
>>>> #
>>>> # *** To enable anti-flood detection execute:
>>>> # - adjust pike and htable=>ipban settings as needed (default is
>>>> # block if more than 16 requests in 2 seconds and ban for 300
>>>> seconds)
>>>> # - define WITH_ANTIFLOOD
>>>> #
>>>> # *** To enhance accounting execute:
>>>> # - enable mysql
>>>> # - define WITH_ACCDB
>>>> # - add following columns to database
>>>> #!ifdef ACCDB_COMMENT
>>>> ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
>>>> ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
>>>> ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
>>>> ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
>>>> ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
>>>> ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL
>>>> DEFAULT '';
>>>> ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL
>>>> DEFAULT '';
>>>> ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL
>>>> DEFAULT '';
>>>> ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL
>>>> DEFAULT '';
>>>> ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL
>>>> DEFAULT '';
>>>> #!endif
>>>>
>>>> ####### Defined Values #########
>>>>
>>>> #!define WITH_DEBUG
>>>> #!define WITH_AUTH
>>>> #!define WITH_MYSQL
>>>> #!define WITH_USRLOCDB
>>>>
>>>> # *** Value defines - IDs used later in config
>>>> #!ifdef WITH_MYSQL
>>>> # - database URL - used to connect to database server by modules such
>>>> # as: auth_db, acc, usrloc, a.s.o.
>>>> #!define DBURL "mysql://openser:openserrw@localhost/openser"
>>>> #!endif
>>>> #!ifdef WITH_MULTIDOMAIN
>>>> # - the value for 'use_domain' parameters
>>>> #!define MULTIDOMAIN 1
>>>> #!else
>>>> #!define MULTIDOMAIN 0
>>>> #!endif
>>>>
>>>> # - flags
>>>> # FLT_ - per transaction (message) flags
>>>> # FLB_ - per branch flags
>>>> #!define FLT_ACC 1
>>>> #!define FLT_ACCMISSED 2
>>>> #!define FLT_ACCFAILED 3
>>>> #!define FLT_NATS 5
>>>>
>>>> #!define FLB_NATB 6
>>>> #!define FLB_NATSIPPING 7
>>>>
>>>> ####### Global Parameters #########
>>>>
>>>> #!ifdef WITH_DEBUG
>>>> debug=4
>>>> log_stderror=yes
>>>> #!else
>>>> debug=2
>>>> log_stderror=no
>>>> #!endif
>>>>
>>>> memdbg=5
>>>> memlog=5
>>>>
>>>> log_facility=LOG_LOCAL0
>>>>
>>>> fork=yes
>>>> children=4
>>>>
>>>> /* uncomment the next line to disable TCP (default on) */
>>>> #disable_tcp=yes
>>>>
>>>>
>>>> /* uncomment the next line to disable the auto discovery of local
>>>> aliases
>>>> based on reverse DNS on IPs (default on) */
>>>> #auto_aliases=no
>>>>
>>>> /* add local domain aliases */
>>>> alias="open-ims.test"
>>>>
>>>> /* uncomment and configure the following line if you want Kamailio to
>>>> bind on a specific interface/port/proto (default bind on all
>>>> available) */
>>>> #listen=udp:10.0.0.10:5060
>>>>
>>>> /* port to listen to
>>>> * - can be specified more than once if needed to listen on many ports
>>>> */
>>>> port=5060
>>>>
>>>> #!ifdef WITH_TLS
>>>> enable_tls=yes
>>>> #!endif
>>>>
>>>> ####### Custom Parameters #########
>>>>
>>>> # These parameters can be modified runtime via RPC interface
>>>> # - see the documentation of 'cfg_rpc' module.
>>>> #
>>>> # Format: group.id = value 'desc' description
>>>> # Access: $sel(cfg_get.group.id) or @cfg_get.group.id
>>>> #
>>>>
>>>> #!ifdef WITH_PSTN
>>>> # PSTN GW Routing
>>>> #
>>>> # - pstn.gw_ip: valid IP or hostname as string value, example:
>>>> # pstn.gw_ip = "10.0.0.101" desc "My PSTN GW Address"
>>>> #
>>>> # - by default is empty to avoid misrouting
>>>> pstn.gw_ip = "" desc "PSTN GW Address"
>>>> #!endif
>>>>
>>>>
>>>> ####### Modules Section ########
>>>>
>>>> # set paths to location of modules
>>>> #!ifdef LOCAL_TEST_RUN
>>>> mpath="modules_k:modules"
>>>> #!else
>>>>
>>>> mpath="/usr/local/lib/kamailio/modules_k/:/usr/local/lib/kamailio/modules/"
>>>> #!endif
>>>>
>>>> #!ifdef WITH_MYSQL
>>>> loadmodule "db_mysql.so"
>>>> #!endif
>>>>
>>>> loadmodule "mi_fifo.so"
>>>> loadmodule "kex.so"
>>>> loadmodule "tm.so"
>>>> loadmodule "tmx.so"
>>>> loadmodule "sl.so"
>>>> loadmodule "rr.so"
>>>> loadmodule "pv.so"
>>>> loadmodule "maxfwd.so"
>>>> loadmodule "usrloc.so"
>>>> loadmodule "registrar.so"
>>>> loadmodule "textops.so"
>>>> loadmodule "siputils.so"
>>>> loadmodule "xlog.so"
>>>> loadmodule "sanity.so"
>>>> loadmodule "ctl.so"
>>>> loadmodule "mi_rpc.so"
>>>> loadmodule "acc.so"
>>>>
>>>> #!ifdef WITH_AUTH
>>>> loadmodule "auth.so"
>>>> loadmodule "auth_db.so"
>>>> #!ifdef WITH_IPAUTH
>>>> loadmodule "permissions.so"
>>>> #!endif
>>>> #!endif
>>>>
>>>> #!ifdef WITH_ALIASDB
>>>> loadmodule "alias_db.so"
>>>> #!endif
>>>>
>>>> #!ifdef WITH_MULTIDOMAIN
>>>> loadmodule "domain.so"
>>>> #!endif
>>>>
>>>> #!ifdef WITH_PRESENCE
>>>> loadmodule "presence.so"
>>>> loadmodule "presence_xml.so"
>>>> #!endif
>>>>
>>>> #!ifdef WITH_NAT
>>>> loadmodule "nathelper.so"
>>>> loadmodule "rtpproxy.so"
>>>> #!endif
>>>>
>>>> #!ifdef WITH_TLS
>>>> loadmodule "tls.so"
>>>> #!endif
>>>>
>>>> #!ifdef WITH_ANTIFLOOD
>>>> loadmodule "htable.so"
>>>> loadmodule "pike.so"
>>>> #!endif
>>>>
>>>> #!ifdef WITH_XMLRPC
>>>> loadmodule "xmlrpc.so"
>>>> #!endif
>>>>
>>>> # ----------------- setting module-specific parameters ---------------
>>>>
>>>>
>>>> # ----- mi_fifo params -----
>>>> modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
>>>>
>>>>
>>>> # ----- tm params -----
>>>> # auto-discard branches from previous serial forking leg
>>>> modparam("tm", "failure_reply_mode", 3)
>>>> # default retransmission timeout: 30sec
>>>> modparam("tm", "fr_timer", 30000)
>>>> # default invite retransmission timeout after 1xx: 120sec
>>>> modparam("tm", "fr_inv_timer", 120000)
>>>>
>>>>
>>>> # ----- rr params -----
>>>> # add value to ;lr param to cope with most of the UAs
>>>> modparam("rr", "enable_full_lr", 1)
>>>> # do not append from tag to the RR (no need for this script)
>>>> modparam("rr", "append_fromtag", 0)
>>>>
>>>>
>>>> # ----- registrar params -----
>>>> modparam("registrar", "method_filtering", 1)
>>>> /* uncomment the next line to disable parallel forking via location */
>>>> # modparam("registrar", "append_branches", 0)
>>>> /* uncomment the next line not to allow more than 10 contacts per AOR */
>>>> #modparam("registrar", "max_contacts", 10)
>>>>
>>>>
>>>> # ----- acc params -----
>>>> /* what special events should be accounted ? */
>>>> modparam("acc", "early_media", 0)
>>>> modparam("acc", "report_ack", 0)
>>>> modparam("acc", "report_cancels", 0)
>>>> /* by default ww do not adjust the direct of the sequential requests.
>>>> if you enable this parameter, be sure the enable "append_fromtag"
>>>> in "rr" module */
>>>> modparam("acc", "detect_direction", 0)
>>>> /* account triggers (flags) */
>>>> modparam("acc", "log_flag", FLT_ACC)
>>>> modparam("acc", "log_missed_flag", FLT_ACCMISSED)
>>>> modparam("acc", "log_extra",
>>>>
>>>> "src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
>>>> modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
>>>> /* enhanced DB accounting */
>>>> #!ifdef WITH_ACCDB
>>>> modparam("acc", "db_flag", FLT_ACC)
>>>> modparam("acc", "db_missed_flag", FLT_ACCMISSED)
>>>> modparam("acc", "db_url", DBURL)
>>>> modparam("acc", "db_extra",
>>>>
>>>> "src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
>>>> #!endif
>>>>
>>>>
>>>> # ----- usrloc params -----
>>>> /* enable DB persistency for location entries */
>>>> #!ifdef WITH_USRLOCDB
>>>> modparam("usrloc", "db_url", DBURL)
>>>> modparam("usrloc", "db_mode", 2)
>>>> modparam("usrloc", "use_domain", MULTIDOMAIN)
>>>> #!endif
>>>>
>>>>
>>>> # ----- auth_db params -----
>>>> #!ifdef WITH_AUTH
>>>> modparam("auth_db", "db_url", DBURL)
>>>> modparam("auth_db", "calculate_ha1", yes)
>>>> modparam("auth_db", "password_column", "password")
>>>> modparam("auth_db", "load_credentials", "")
>>>> modparam("auth_db", "use_domain", MULTIDOMAIN)
>>>>
>>>> # ----- permissions params -----
>>>> #!ifdef WITH_IPAUTH
>>>> modparam("permissions", "db_url", DBURL)
>>>> modparam("permissions", "db_mode", 1)
>>>> #!endif
>>>>
>>>> #!endif
>>>>
>>>>
>>>> # ----- alias_db params -----
>>>> #!ifdef WITH_ALIASDB
>>>> modparam("alias_db", "db_url", DBURL)
>>>> modparam("alias_db", "use_domain", MULTIDOMAIN)
>>>> #!endif
>>>>
>>>>
>>>> # ----- domain params -----
>>>> #!ifdef WITH_MULTIDOMAIN
>>>> modparam("domain", "db_url", DBURL)
>>>> # use caching
>>>> modparam("domain", "db_mode", 1)
>>>> # register callback to match myself condition with domains list
>>>> modparam("domain", "register_myself", 1)
>>>> #!endif
>>>>
>>>>
>>>> #!ifdef WITH_PRESENCE
>>>> # ----- presence params -----
>>>> modparam("presence", "db_url", DBURL)
>>>>
>>>> # ----- presence_xml params -----
>>>> modparam("presence_xml", "db_url", DBURL)
>>>> modparam("presence_xml", "force_active", 1)
>>>> #!endif
>>>>
>>>>
>>>> #!ifdef WITH_NAT
>>>> # ----- rtpproxy params -----
>>>> modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722")
>>>>
>>>> # ----- nathelper params -----
>>>> modparam("nathelper", "natping_interval", 30)
>>>> modparam("nathelper", "ping_nated_only", 1)
>>>> modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
>>>> modparam("nathelper", "sipping_from", "sip:pinger at kamailio.org")
>>>>
>>>> # params needed for NAT traversal in other modules
>>>> modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
>>>> modparam("usrloc", "nat_bflag", FLB_NATB)
>>>> #!endif
>>>>
>>>>
>>>> #!ifdef WITH_TLS
>>>> # ----- tls params -----
>>>> modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
>>>> #!endif
>>>>
>>>> #!ifdef WITH_ANTIFLOOD
>>>> # ----- pike params -----
>>>> modparam("pike", "sampling_time_unit", 2)
>>>> modparam("pike", "reqs_density_per_unit", 16)
>>>> modparam("pike", "remove_latency", 4)
>>>>
>>>> # ----- htable params -----
>>>> # ip ban htable with autoexpire after 5 minutes
>>>> modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
>>>> #!endif
>>>>
>>>> #!ifdef WITH_XMLRPC
>>>> # ----- xmlrpc params -----
>>>> modparam("xmlrpc", "route", "XMLRPC");
>>>> modparam("xmlrpc", "url_match", "^/RPC")
>>>> #!endif
>>>>
>>>> ####### Routing Logic ########
>>>>
>>>>
>>>> # Main SIP request routing logic
>>>> # - processing of any incoming SIP request starts with this route
>>>> route {
>>>>
>>>> # per request initial checks
>>>> route(REQINIT);
>>>>
>>>> # NAT detection
>>>> route(NAT);
>>>>
>>>> # handle requests within SIP dialogs
>>>> route(WITHINDLG);
>>>>
>>>> ### only initial requests (no To tag)
>>>>
>>>> # CANCEL processing
>>>> if (is_method("CANCEL"))
>>>> {
>>>> if (t_check_trans())
>>>> t_relay();
>>>> exit;
>>>> }
>>>>
>>>> t_check_trans();
>>>>
>>>> # authentication
>>>> route(AUTH);
>>>>
>>>> # record routing for dialog forming requests (in case they are
>>>> routed)
>>>> # - remove preloaded route headers
>>>> remove_hf("Route");
>>>> if (is_method("INVITE|SUBSCRIBE"))
>>>> record_route();
>>>>
>>>> # account only INVITEs
>>>> if (is_method("INVITE"))
>>>> {
>>>> setflag(FLT_ACC); # do accounting
>>>> }
>>>>
>>>> # dispatch requests to foreign domains
>>>> route(SIPOUT);
>>>>
>>>> ### requests for my local domains
>>>>
>>>> # handle presence related requests
>>>> route(PRESENCE);
>>>>
>>>> # handle registrations
>>>> route(REGISTRAR);
>>>>
>>>> if ($rU==$null)
>>>> {
>>>> # request with no Username in RURI
>>>> sl_send_reply("484","Address Incomplete");
>>>> exit;
>>>> }
>>>>
>>>> # dispatch destinations to PSTN
>>>> route(PSTN);
>>>>
>>>> # user location service
>>>> route(LOCATION);
>>>>
>>>> route(RELAY);
>>>> }
>>>>
>>>>
>>>> route[RELAY] {
>>>> #!ifdef WITH_NAT
>>>> if (check_route_param("nat=yes")) {
>>>> setbflag(FLB_NATB);
>>>> }
>>>> if (isflagset(FLT_NATS) || isbflagset(FLB_NATB)) {
>>>> route(RTPPROXY);
>>>> }
>>>> #!endif
>>>>
>>>> /* example how to enable some additional event routes */
>>>> if (is_method("INVITE")) {
>>>> #t_on_branch("BRANCH_ONE");
>>>> t_on_reply("REPLY_ONE");
>>>> t_on_failure("FAIL_ONE");
>>>> }
>>>>
>>>> if (!t_relay()) {
>>>> sl_reply_error();
>>>> }
>>>> exit;
>>>> }
>>>>
>>>> # Per SIP request initial checks
>>>> route[REQINIT] {
>>>> #!ifdef WITH_ANTIFLOOD
>>>> # flood dection from same IP and traffic ban for a while
>>>> # be sure you exclude checking trusted peers, such as pstn gateways
>>>> # - local host excluded (e.g., loop to self)
>>>> if(src_ip!=myself)
>>>> {
>>>> if($sht(ipban=>$si)!=$null)
>>>> {
>>>> # ip is already blocked
>>>> xdbg("request from blocked IP - $rm from $fu
>>>> (IP:$si:$sp)\n");
>>>> exit;
>>>> }
>>>> if (!pike_check_req())
>>>> {
>>>> xlog("L_ALERT","ALERT: pike blocking $rm from $fu
>>>> (IP:$si:$sp)\n");
>>>> $sht(ipban=>$si) = 1;
>>>> exit;
>>>> }
>>>> }
>>>> #!endif
>>>>
>>>> if (!mf_process_maxfwd_header("10")) {
>>>> sl_send_reply("483","Too Many Hops");
>>>> exit;
>>>> }
>>>>
>>>> if(!sanity_check("1511", "7"))
>>>> {
>>>> xlog("Malformed SIP message from $si:$sp\n");
>>>> exit;
>>>> }
>>>> }
>>>>
>>>> # Handle requests within SIP dialogs
>>>> route[WITHINDLG] {
>>>> if (has_totag()) {
>>>> # sequential request withing a dialog should
>>>> # take the path determined by record-routing
>>>> if (loose_route()) {
>>>> if (is_method("BYE")) {
>>>> setflag(FLT_ACC); # do accounting ...
>>>> setflag(FLT_ACCFAILED); # ... even if the transaction
>>>> fails
>>>> }
>>>> route(RELAY);
>>>> } else {
>>>> if (is_method("SUBSCRIBE") && uri == myself) {
>>>> # in-dialog subscribe requests
>>>> route(PRESENCE);
>>>> exit;
>>>> }
>>>> if ( is_method("ACK") ) {
>>>> if ( t_check_trans() ) {
>>>> # no loose-route, but stateful ACK;
>>>> # must be an ACK after a 487
>>>> # or e.g. 404 from upstream server
>>>> t_relay();
>>>> exit;
>>>> } else {
>>>> # ACK without matching transaction ... ignore and
>>>> discard
>>>> exit;
>>>> }
>>>> }
>>>> sl_send_reply("404","Not here");
>>>> }
>>>> exit;
>>>> }
>>>> }
>>>>
>>>> # Handle SIP registrations
>>>> route[REGISTRAR] {
>>>> if (is_method("REGISTER"))
>>>> {
>>>> if(isflagset(FLT_NATS))
>>>> {
>>>> setbflag(FLB_NATB);
>>>> # uncomment next line to do SIP NAT pinging
>>>> ## setbflag(FLB_NATSIPPING);
>>>> }
>>>> if (!save("location"))
>>>> sl_reply_error();
>>>>
>>>> exit;
>>>> }
>>>> }
>>>>
>>>> # USER location service
>>>> route[LOCATION] {
>>>>
>>>> #!ifdef WITH_ALIASDB
>>>> # search in DB-based aliases
>>>> alias_db_lookup("dbaliases");
>>>> #!endif
>>>>
>>>> if (!lookup("location")) {
>>>> switch ($rc) {
>>>> case -1:
>>>> case -3:
>>>> t_newtran();
>>>> t_reply("404", "Not Found");
>>>> exit;
>>>> case -2:
>>>> sl_send_reply("405", "Method Not Allowed");
>>>> exit;
>>>> }
>>>> }
>>>>
>>>> # when routing via usrloc, log the missed calls also
>>>> if (is_method("INVITE"))
>>>> {
>>>> setflag(FLT_ACCMISSED);
>>>> }
>>>> }
>>>>
>>>> # Presence server route
>>>> route[PRESENCE] {
>>>> if(!is_method("PUBLISH|SUBSCRIBE"))
>>>> return;
>>>>
>>>> #!ifdef WITH_PRESENCE
>>>> if (!t_newtran())
>>>> {
>>>> sl_reply_error();
>>>> exit;
>>>> };
>>>>
>>>> if(is_method("PUBLISH"))
>>>> {
>>>> if($hdr(Sender)!= NULL)
>>>> handle_publish("$hdr(Sender)");
>>>> else
>>>> handle_publish("");
>>>> t_release();
>>>> }
>>>> else
>>>> if( is_method("SUBSCRIBE"))
>>>> {
>>>> handle_subscribe();
>>>> t_release();
>>>> }
>>>> exit;
>>>> #!endif
>>>>
>>>> # if presence enabled, this part will not be executed
>>>> if (is_method("PUBLISH") || $rU==$null)
>>>> {
>>>> sl_send_reply("404", "Not here");
>>>> exit;
>>>> }
>>>> return;
>>>> }
>>>>
>>>> # Authentication route
>>>> route[AUTH] {
>>>> #!ifdef WITH_AUTH
>>>> if (is_method("REGISTER"))
>>>> {
>>>> # authenticate the REGISTER requests (uncomment to enable auth)
>>>> if (!www_authorize("$td", "subscriber"))
>>>> {
>>>> www_challenge("$td", "0");
>>>> exit;
>>>> }
>>>>
>>>> if ($au!=$tU)
>>>> {
>>>> sl_send_reply("403","Forbidden auth ID");
>>>> exit;
>>>> }
>>>> } else {
>>>>
>>>> #!ifdef WITH_IPAUTH
>>>> if(allow_source_address())
>>>> {
>>>> # source IP allowed
>>>> return;
>>>> }
>>>> #!endif
>>>> # authenticate if from local subscriber
>>>> if (from_uri==myself)
>>>> {
>>>> if (!proxy_authorize("$fd", "subscriber")) {
>>>> proxy_challenge("$fd", "0");
>>>> exit;
>>>> }
>>>> if (is_method("PUBLISH"))
>>>> {
>>>> if ($au!=$tU) {
>>>> sl_send_reply("403","Forbidden auth ID");
>>>> exit;
>>>> }
>>>> } else {
>>>> if ($au!=$fU) {
>>>> sl_send_reply("403","Forbidden auth ID");
>>>> exit;
>>>> }
>>>> }
>>>>
>>>> consume_credentials();
>>>> # caller authenticated
>>>> } else {
>>>> # caller is not local subscriber, then check if it calls
>>>> # a local destination, otherwise deny, not an open relay here
>>>> if (!uri==myself)
>>>> {
>>>> sl_send_reply("403","Not relaying");
>>>> exit;
>>>> }
>>>> }
>>>> }
>>>> #!endif
>>>> return;
>>>> }
>>>>
>>>> # Caller NAT detection route
>>>> route[NAT] {
>>>> #!ifdef WITH_NAT
>>>> force_rport();
>>>> if (nat_uac_test("19")) {
>>>> if (method=="REGISTER") {
>>>> fix_nated_register();
>>>> } else {
>>>> fix_nated_contact();
>>>> }
>>>> setflag(FLT_NATS);
>>>> }
>>>> #!endif
>>>> return;
>>>> }
>>>>
>>>> # RTPProxy control
>>>> route[RTPPROXY] {
>>>> #!ifdef WITH_NAT
>>>> if (is_method("BYE")) {
>>>> unforce_rtp_proxy();
>>>> } else if (is_method("INVITE")){
>>>> force_rtp_proxy();
>>>> }
>>>> if (!has_totag()) add_rr_param(";nat=yes");
>>>> #!endif
>>>> return;
>>>> }
>>>>
>>>> # Routing to foreign domains
>>>> route[SIPOUT] {
>>>> if (!uri==myself)
>>>> {
>>>> append_hf("P-hint: outbound\r\n");
>>>> route(RELAY);
>>>> }
>>>> }
>>>>
>>>> # PSTN GW routing
>>>> route[PSTN] {
>>>> #!ifdef WITH_PSTN
>>>> # check if PSTN GW IP is defined
>>>> if (strempty($sel(cfg_get.pstn.gw_ip))) {
>>>> xlog("SCRIPT: PSTN rotuing enabled but pstn.gw_ip not
>>>> defined\n");
>>>> return;
>>>> }
>>>>
>>>> # route to PSTN dialed numbers starting with '+' or '00'
>>>> # (international format)
>>>> # - update the condition to match your dialing rules for PSTN routing
>>>> if(!($rU=~"^(\+|00)[1-9][0-9]{3,20}$"))
>>>> return;
>>>>
>>>> # only local users allowed to call
>>>> if(from_uri!=myself) {
>>>> sl_send_reply("403", "Not Allowed");
>>>> exit;
>>>> }
>>>>
>>>> $ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip);
>>>>
>>>> route(RELAY);
>>>> exit;
>>>> #!endif
>>>>
>>>> return;
>>>> }
>>>>
>>>> # XMLRPC routing
>>>> #!ifdef WITH_XMLRPC
>>>> route[XMLRPC]
>>>> {
>>>> # allow XMLRPC from localhost
>>>> if ((method=="POST" || method=="GET")
>>>> && (src_ip==127.0.0.1)) {
>>>> # close connection only for xmlrpclib user agents (there is a bug
>>>> in
>>>> # xmlrpclib: it waits for EOF before interpreting the response).
>>>> if ($hdr(User-Agent) =~ "xmlrpclib")
>>>> set_reply_close();
>>>> set_reply_no_connect();
>>>> dispatch_rpc();
>>>> exit;
>>>> }
>>>> send_reply("403", "Forbidden");
>>>> exit;
>>>> }
>>>> #!endif
>>>>
>>>> # Sample branch router
>>>> branch_route[BRANCH_ONE] {
>>>> xdbg("new branch at $ru\n");
>>>> }
>>>>
>>>> # Sample onreply route
>>>> onreply_route[REPLY_ONE] {
>>>> xdbg("incoming reply\n");
>>>> #!ifdef WITH_NAT
>>>> if ((isflagset(FLT_NATS) || isbflagset(FLB_NATB))
>>>> && status=~"(183)|(2[0-9][0-9])") {
>>>> force_rtp_proxy();
>>>> }
>>>> if (isbflagset("6")) {
>>>> fix_nated_contact();
>>>> }
>>>> #!endif
>>>> }
>>>>
>>>> # Sample failure route
>>>> failure_route[FAIL_ONE] {
>>>> #!ifdef WITH_NAT
>>>> if (is_method("INVITE")
>>>> && (isbflagset(FLB_NATB) || isflagset(FLT_NATS))) {
>>>> unforce_rtp_proxy();
>>>> }
>>>> #!endif
>>>>
>>>> if (t_is_canceled()) {
>>>> exit;
>>>> }
>>>>
>>>> # uncomment the following lines if you want to block client
>>>> # redirect based on 3xx replies.
>>>> ##if (t_check_status("3[0-9][0-9]")) {
>>>> ##t_reply("404","Not found");
>>>> ## exit;
>>>> ##}
>>>>
>>>> # uncomment the following lines if you want to redirect the failed
>>>> # calls to a different new destination
>>>> ##if (t_check_status("486|408")) {
>>>> ## sethostport("192.168.2.100:5060");
>>>> ## append_branch();
>>>> ## # do not set the missed call flag again
>>>> ## t_relay();
>>>> ##}
>>>> }
>>>>
>>>>
>>>> Thanks a lot,
>>>> Andrés.
>>>>
>>>> El 29/11/2010 15:15, Klaus Darilion escribió:
>>>>>
>>>>> If you do not want to authenticate the requests then disable
>>>>> authentication kamailio.cfg
>>>>>
>>>>> regards
>>>>> Klaus
>>>>>
>>>>> Am 29.11.2010 12:53, schrieb "Andrés S. García Ruiz":
>>>>>>
>>>>>> Hi everybody,
>>>>>>
>>>>>> I'm trying to deploy an IMS network with OpenIMSCore and Kamailio.
>>>>>> Since
>>>>>> OpenIMSCore has been already tested along with Mobicents, now I want
>>>>>> substitute Mobicents for Kamailio. I've also successfully installed
>>>>>> Kamailio. I can run it without any problem, but when SIP Publish
>>>>>> messages arrive at Kamalio, it answers with "407 Proxy Authentication
>>>>>> Required". The IMS presentity is already registered against the
>>>>>> OpenIMSCore. How can I solve that problem?
>>>>>>
>>>>>> The publish message sent:
>>>>>>
>>>>>> PUBLISH sip:testuser01 at open-ims.test SIP/2.0
>>>>>> Route: <sip:ciervo.inf.um.es:5060;lr>,
>>>>>>
>>>>>> <sip:iscmark at scscf.open-ims.test:6060;lr;s=1;h=0;d=0;a=7369703a74657374757365723031406f70656e2d696d732e74657374>
>>>>>>
>>>>>> Call-ID: K28QO9PYAE5vn3RNdYOkIEddMEd6yDiqeAW7DwSt6XV.
>>>>>> CSeq: 1 PUBLISH
>>>>>> From: "testuser01" <sip:testuser01 at open-ims.test>;tag=ff123bda
>>>>>> To: "testuser01" <sip:testuser01 at open-ims.test>
>>>>>> Via: SIP/2.0/UDP 155.54.210.135:6060;branch=z9hG4bKa31a.6cba1cd2.0
>>>>>> Via: SIP/2.0/UDP 155.54.210.134:4060;branch=z9hG4bKa31a.71481d13.0;i=1
>>>>>> Via: SIP/2.0/TCP
>>>>>>
>>>>>> 155.54.190.166:8060;rport=41624;branch=z9hG4bK-d8754z-ce7487ff34be55f9-1---d8754z-
>>>>>>
>>>>>> Max-Forwards: 15
>>>>>> Content-Type: application/pidf+xml
>>>>>> Expires: 30000
>>>>>> Event: presence
>>>>>> Contact: <sip:testuser01 at 155.54.190.166:8060>
>>>>>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
>>>>>> SUBSCRIBE, INFO
>>>>>> User-Agent: X-Lite IMS-OSGi-Client 0.1
>>>>>> CVS-Mon_Nov_29_10-14-33_CET_2010
>>>>>> Content-Length: 451
>>>>>> P-Asserted-Identity: <sip:testuser01 at open-ims.test>
>>>>>> P-Charging-Vector:
>>>>>>
>>>>>> icid-value="P-CSCFabcd000000004cf3708400000002";icid-generated-at=155.54.210.134;orig-ioi="open-ims.test"
>>>>>>
>>>>>>
>>>>>> <?xml version='1.0' encoding='UTF-8'?><presence
>>>>>> xmlns='urn:ietf:params:xml:ns:pidf'
>>>>>> xmlns:c='urn:ietf:params:xml:ns:pidf:cipid'
>>>>>> xmlns:dm='urn:ietf:params:xml:ns:pidf:data-model'
>>>>>> xmlns:rpid='urn:ietf:params:xml:ns:pidf:rpid'
>>>>>> entity='sip:testuser01 at open-ims.test'><tuple
>>>>>> id='t6b9a6ab3'><status><basic>open</basic></status></tuple><dm:person
>>>>>>
>>>>>> id='p34b126e5'><rpid:activities><rpid:Online/></rpid:activities><dm:note>Online</dm:note></dm:person></presence>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Kamailio answer:
>>>>>> SIP/2.0 407 Proxy Authentication Required
>>>>>> Call-ID: K28QO9PYAE5vn3RNdYOkIEddMEd6yDiqeAW7DwSt6XV.
>>>>>> CSeq: 1 PUBLISH
>>>>>> From: "testuser01" <sip:testuser01 at open-ims.test>;tag=ff123bda
>>>>>> To: "testuser01"
>>>>>>
>>>>>> <sip:testuser01 at open-ims.test>;tag=b27e1a1d33761e85846fc98f5f3a7e58.3d3a
>>>>>> Via: SIP/2.0/UDP 155.54.210.135:6060;branch=z9hG4bKa31a.6cba1cd2.0
>>>>>> Via: SIP/2.0/UDP 155.54.210.134:4060;branch=z9hG4bKa31a.71481d13.0;i=1
>>>>>> Via: SIP/2.0/TCP
>>>>>>
>>>>>> 155.54.190.166:8060;rport=41624;branch=z9hG4bK-d8754z-ce7487ff34be55f9-1---d8754z-
>>>>>>
>>>>>> Proxy-Authenticate: Digest realm="open-ims.test",
>>>>>> nonce="TPNwMkzzbwZRE1piAM8yHaXGsXvwS16v"
>>>>>> Server: kamailio (3.1.0 (i386/linux))
>>>>>> Content-Length: 0
>>>>>>
>>>>>>
>>>>>> Kamailio log:
>>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:628]: SIP Request:
>>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:630]: method: <PUBLISH>
>>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:632]: uri:
>>>>>> <sip:testuser01 at open-ims.test>
>>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:634]: version: <SIP/2.0>
>>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:165]: get_hdr_field: cseq
>>>>>> <CSeq>: <1> <PUBLISH>
>>>>>> 5(15391) DEBUG: <core> [parser/parse_to.c:803]: end of header reached,
>>>>>> state=10
>>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:185]: DEBUG:
>>>>>> get_hdr_field:
>>>>>> <To> [45]; uri=[sip:testuser01 at open-ims.test]
>>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:187]: DEBUG: to body
>>>>>> ["testuser01" <sip:testuser01 at open-ims.test>
>>>>>> ]
>>>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type
>>>>>> 232,
>>>>>> <branch> = <z9hG4bKa31a.6cba1cd2.0>; state=16
>>>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:2300]: end of header
>>>>>> reached,
>>>>>> state=5
>>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:513]: parse_headers: Via
>>>>>> found, flags=2
>>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:515]: parse_headers: this
>>>>>> is
>>>>>> the first via
>>>>>> 5(15391) DEBUG: <core> [receive.c:145]: After parse_msg...
>>>>>> 5(15391) DEBUG: <core> [receive.c:186]: preparing to run routing
>>>>>> scripts...
>>>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type
>>>>>> 232,
>>>>>> <branch> = <z9hG4bKa31a.71481d13.0>; state=6
>>>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type
>>>>>> 236,
>>>>>> <i> = <1>; state=16
>>>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:2300]: end of header
>>>>>> reached,
>>>>>> state=5
>>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:513]: parse_headers: Via
>>>>>> found, flags=100
>>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:526]: parse_headers: this
>>>>>> is
>>>>>> the second via
>>>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type
>>>>>> 235,
>>>>>> <rport> = <41624>; state=6
>>>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type
>>>>>> 232,
>>>>>> <branch> = <z9hG4bK-d8754z-ce7487ff34be55f9-1---d8754z->; state=16
>>>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:2300]: end of header
>>>>>> reached,
>>>>>> state=5
>>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:513]: parse_headers: Via
>>>>>> found, flags=100
>>>>>> 5(15391) DEBUG: maxfwd [mf_funcs.c:85]: value = 15
>>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:199]: DEBUG: get_hdr_body
>>>>>> :
>>>>>> content_length=451
>>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:101]: found end of header
>>>>>> 5(15391) DEBUG: <core> [parser/parse_to.c:174]: DEBUG: add_param:
>>>>>> tag=ff123bda
>>>>>> 5(15391) DEBUG: <core> [parser/parse_to.c:803]: end of header reached,
>>>>>> state=29
>>>>>> 5(15391) DEBUG: sanity [mod_sanity.c:217]: all sanity checks passed
>>>>>> 5(15391) DEBUG: siputils [checks.c:73]: no totag
>>>>>> 5(15391) DEBUG: tm [t_lookup.c:1081]: DEBUG: t_check_msg: msg id=1
>>>>>> global id=0 T start=0xffffffff
>>>>>> 5(15391) DEBUG: tm [t_lookup.c:528]: t_lookup_request: start
>>>>>> searching:
>>>>>> hash=41274, isACK=0
>>>>>> 5(15391) DEBUG: tm [t_lookup.c:485]: DEBUG: RFC3261 transaction
>>>>>> matching
>>>>>> failed
>>>>>> 5(15391) DEBUG: tm [t_lookup.c:711]: DEBUG: t_lookup_request: no
>>>>>> transaction found
>>>>>> 5(15391) DEBUG: tm [t_lookup.c:1150]: DEBUG: t_check_msg: msg id=1
>>>>>> global id=1 T end=(nil)
>>>>>> 5(15391) DEBUG: <core> [socket_info.c:501]: grep_sock_info - checking
>>>>>> if
>>>>>> host==us: 13==9 && [open-ims.test] == [127.0.0.1]
>>>>>> 5(15391) DEBUG: <core> [socket_info.c:504]: grep_sock_info - checking
>>>>>> if
>>>>>> port 5060 matches port 5060
>>>>>> 5(15391) DEBUG: <core> [socket_info.c:501]: grep_sock_info - checking
>>>>>> if
>>>>>> host==us: 13==14 && [open-ims.test] == [155.54.190.245]
>>>>>> 5(15391) DEBUG: <core> [socket_info.c:504]: grep_sock_info - checking
>>>>>> if
>>>>>> port 5060 matches port 5060
>>>>>> 5(15391) DEBUG: <core> [socket_info.c:501]: grep_sock_info - checking
>>>>>> if
>>>>>> host==us: 13==9 && [open-ims.test] == [127.0.0.1]
>>>>>> 5(15391) DEBUG: <core> [socket_info.c:504]: grep_sock_info - checking
>>>>>> if
>>>>>> port 5060 matches port 5060
>>>>>> 5(15391) DEBUG: <core> [socket_info.c:501]: grep_sock_info - checking
>>>>>> if
>>>>>> host==us: 13==14 && [open-ims.test] == [155.54.190.245]
>>>>>> 5(15391) DEBUG: <core> [socket_info.c:504]: grep_sock_info - checking
>>>>>> if
>>>>>> port 5060 matches port 5060
>>>>>> 5(15391) DEBUG: auth_db [authorize.c:239]: realm value [open-ims.test]
>>>>>> 5(15391) DEBUG: auth [api.c:85]: auth:pre_auth: Credentials with realm
>>>>>> 'open-ims.test' not found
>>>>>> 5(15391) DEBUG: auth_db [authorize.c:257]: not authenticated
>>>>>> 5(15391) DEBUG: auth [challenge.c:102]: build_challenge_hf:
>>>>>> realm='open-ims.test'
>>>>>> 5(15391) DEBUG: auth [challenge.c:236]: auth: 'Proxy-Authenticate:
>>>>>> Digest realm="open-ims.test", nonce="TPNwMkzzbwZRE1piAM8yHaXGsXvwS16v"
>>>>>> '
>>>>>> 5(15391) DEBUG: sl [sl.c:278]: reply in stateless mode (sl)
>>>>>> 5(15391) DEBUG: <core> [msg_translator.c:207]:
>>>>>> check_via_address(155.54.210.135, 155.54.210.135, 0)
>>>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
>>>>>> destroying list (nil)
>>>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
>>>>>> destroying list (nil)
>>>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
>>>>>> destroying list (nil)
>>>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
>>>>>> destroying list (nil)
>>>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
>>>>>> destroying list (nil)
>>>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list:
>>>>>> destroying list (nil)
>>>>>> 5(15391) DEBUG: <core> [receive.c:289]: receive_msg: cleaning up
>>>>>>
>>>>>>
>>>>>> Thanks in advance,
>>>>>> Andrés.
>>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>> sr-users at lists.sip-router.org
>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Daniel-Constantin Mierla
> Kamailio (OpenSER) Advanced Training
> Jan 24-26, 2011, Irvine, CA, USA
> http://www.asipto.com
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
--
Carsten Bock
Schomburgstr. 80
22767 Hamburg
Germany
Mobile +49 179 2021244
Home +49 40 34927217
Büro (Verl) +49 5246 801427
Fax +49 40 34927218
mailto:carsten at bock.info
More information about the sr-users
mailing list