[SR-Users] Kamailio Does NOT Forward Registration Requests To Asterisk.
Mahmoud Ramadan Ali
cisco.and.more.blog at gmail.com
Wed Nov 19 18:13:59 CET 2014
Hi Mohamed,
Thanks again for being patient and helpful in helping me to do the
integration between Kamailio and Asterisk ! but i have two questions for
you friend.
1.What is the $retcode variable and how to make use of it because i read
about it and can NOT get the exact idea about its function ?
2.If we need to insert the $retcode variable to get the error code
generated by the AUTH route to know the root cause of the problem so can i
ask you to do that for me ?! i know it might seem to be ridiculous from
your perspective but NOT from mine ! i do NOT have experience with
scripting.I've attached my configuration file and i will be thankful to you
Mohamed if you changed it by adding the variable so i can test again and
feedback.
Thanks in advance.
On Tue, Nov 18, 2014 at 3:26 PM, Muhammad Shahzad <shaheryarkh at gmail.com>
wrote:
> OK, there are two parts of the setup.
>
> 1. SIP user registers on Kamailio.
> 2. Kamailio registers on Asterisk (using SIP user credentials).
>
> As long as part 1 is not done, part 2 will not work. So lets break down
> the problem, first just forget part 2 and try to register SIP user on
> kamailio. Why it fails? There may be many reason, e.g.
>
> a). bad username,
> b). bad password,
> c). bad realm,
> d). expired or stale nonce
> and so on..
>
> The easiest way to identify what is causing this failure is edit your
> config, go to route[AUTH] block and in inside IF block of auth_check print
> the value of $retcode variable using xlog. After save, exit (config file),
> restart kamailio and attempt to register again, look at kamailio logs in
> syslog facility local0 (/var/log/syslog in debian / ubuntu or
> /var/log/message in centos / redhat). If the value of $retcode variable is
> printed, then compare it with this list of error codes,
>
> http://kamailio.org/docs/modules/4.2.x/modules/auth_db.html#idp89440
>
> This should tell you what is wrong where? Fix that and only after that you
> need to worry about asterisk side.
>
> Thank you.
>
>
> On Tue, Nov 18, 2014 at 3:20 AM, Mahmoud Ramadan Ali <
> cisco.and.more.blog at gmail.com> wrote:
>
>> Hi Mohamed,
>> Thank you for your interest in helping me,I've configured the the
>> auth_db module with the Asterisk DB URL and the SIP username and password
>> table name and verified the MYSQL remote connection from Kamailio to the
>> Asterisk DB and get connected as predicted.
>>
>> I tried to register a phone after applying the changes and Kamailio
>> forwarded the register request to Asterisk only once and without successful
>> authentication ! now i didn't change anything in the configuration file and
>> can NOT get any registration requests forwarded from Kamailio to Asterisk
>> and get only events on Kamailio that it can NOT register the incoming
>> registration request like this.
>>
>> root at debian:/usr/local/etc/kamailio# ngrep -W byline -d eth1 port 5060
>> U 192.168.50.2:50886 -> 192.168.50.1:5060
>> REGISTER sip:192.168.50.1 SIP/2.0.
>> Via: SIP/2.0/UDP 192.168.50.2:50886
>> ;branch=z9hG4bK-d8754z-cb65023b979d0a36-1---d8754z-;rport.
>> Max-Forwards: 70.
>> Contact: <sip:1001 at 192.168.50.2:50886;rinstance=8000799665fa4b54>.
>> To: "Mahmoud Ramadan Ali"<sip:1001 at 192.168.50.1>.
>> From: "Mahmoud Ramadan Ali"<sip:1001 at 192.168.50.1>;tag=9f381b5f.
>> Call-ID: MzcxNzYwMmUyN2E0M2FkMWRmOTI0ZjNkMjJmNWNhYTc.
>> CSeq: 2 REGISTER.
>> Expires: 3600.
>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
>> SUBSCRIBE, INFO.
>> User-Agent: X-Lite 4.7.1 74247--W6.1.
>> Authorization: Digest
>> username="1001",realm="192.168.50.1",nonce="VGqbxVRqmpngschsiE6AuMiOfCS/MIp7",uri="sip:192.168.50.1",response="1788f6b9cfc322b863a93c91f3b623dc",algorithm=MD5.
>> Content-Length: 0.
>> #
>> U 192.168.50.1:5060 -> 192.168.50.2:50886
>> SIP/2.0 401 Unauthorized.
>> Via: SIP/2.0/UDP 192.168.50.2:50886
>> ;branch=z9hG4bK-d8754z-cb65023b979d0a36-1---d8754z-;rport=50886.
>> To: "Mahmoud Ramadan Ali"<sip:1001 at 192.168.50.1
>> >;tag=b27e1a1d33761e85846fc98f5f3a7e58.0bcb.
>> From: "Mahmoud Ramadan Ali"<sip:1001 at 192.168.50.1>;tag=9f381b5f.
>> Call-ID: MzcxNzYwMmUyN2E0M2FkMWRmOTI0ZjNkMjJmNWNhYTc.
>> CSeq: 2 REGISTER.
>> WWW-Authenticate: Digest realm="192.168.50.1",
>> nonce="VGqbxVRqmpngschsiE6AuMiOfCS/MIp7".
>> Server: kamailio (4.1.6 (i386/linux)).
>> Content-Length: 0.
>>
>> But when using the Ngrep command on Asterisk to capture traffic on port
>> 5050 or even 5060 i get no thing ! other troubleshooting steps i followed
>> including :
>> 1.Verfiying the Mysql connection from Kamailio and the account tabe name
>> and SIP username / password column.
>>
>> root at debian:/usr/local/etc/kamailio# mysql -u sipuser -h 192.168.100.10
>> -p
>> Enter password:
>> Welcome to the MySQL monitor. Commands end with ; or \g.
>> Your MySQL connection id is 149
>> Server version: 5.1.73 Source distribution
>>
>> Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights
>> reserved.
>>
>> Oracle is a registered trademark of Oracle Corporation and/or its
>> affiliates. Other names may be trademarks of their respective
>> owners.
>>
>> Type 'help;' or '\h' for help. Type '\c' to clear the current input
>> statement.
>>
>> mysql> use asterisk;
>> Reading table information for completion of table and column names
>> You can turn off this feature to get a quicker startup with -A
>>
>> Database changed
>> mysql> SELECT * FROM sip;
>> +------+------------------+---------------------------------+-------+
>> | id | keyword | data | flags |
>> +------+------------------+---------------------------------+-------+
>> | 1001 | pickupgroup | | 22 |
>> | 1001 | callgroup | | 21 |
>> | 1001 | encryption | no | 20 |
>> | 1001 | icesupport | no | 19 |
>> | 1001 | force_avp | no | 18 |
>> | 1001 | avpf | no | 17 |
>> | 1001 | transport | udp,tcp,tls | 16 |
>> | 1001 | qualifyfreq | 60 | 15 |
>> | 1001 | qualify | yes | 14 |
>> | 1001 | port | 5050 | 13 |
>> | 1001 | nat | no | 12 |
>> | 1001 | type | friend | 11 |
>> | 1001 | sendrpid | no | 10 |
>> | 1001 | trustrpid | yes | 9 |
>> | 1001 | host | dynamic | 8 |
>> | 1001 | context | from-internal | 7 |
>> | 1001 | canreinvite | no | 6 |
>> | 1001 | dtmfmode | rfc2833 | 5 |
>> | 1001 | secret | 1001secret | 4 |
>> | 1001 | secret_origional | 1001secret | 3 |
>> | 1001 | sipdriver | chan_sip | 2 |
>> | 1001 | dial | SIP/1001 | 25 |
>> | 1002 | pickupgroup | | 22 |
>> | 1002 | callgroup | | 21 |
>> | 1002 | encryption | no | 20 |
>> | 1002 | icesupport | no | 19 |
>> | 1002 | force_avp | no | 18 |
>> | 1002 | avpf | no | 17 |
>> | 1002 | transport | udp,tcp,tls | 16 |
>> | 1002 | qualifyfreq | 60 | 15 |
>> | 1002 | qualify | yes | 14 |
>> | 1002 | port | 5060 | 13 |
>> | 1002 | nat | no | 12 |
>> | 1002 | type | friend | 11 |
>> | 1002 | sendrpid | no | 10 |
>> | 1002 | trustrpid | yes | 9 |
>> | 1002 | host | dynamic | 8 |
>> | 1002 | context | from-internal | 7 |
>> | 1002 | canreinvite | no | 6 |
>> | 1002 | dtmfmode | rfc2833 | 5 |
>> | 1002 | secret | 1002secret | 4 |
>> | 1002 | secret_origional | 1002secret | 3 |
>> | 1002 | sipdriver | chan_sip | 2 |
>> | 1002 | dial | SIP/1002 | 25 |
>> | 1002 | disallow | | 23 |
>> | 1002 | allow | | 24 |
>> | 1002 | accountcode | | 26 |
>> | 1002 | mailbox | 1002 at device | 27 |
>> | 1002 | deny | 0.0.0.0/0.0.0.0 | 28 |
>> | 1002 | permit | 0.0.0.0/0.0.0.0 | 29 |
>> | 1002 | account | 1002 | 30 |
>> | 1002 | callerid | Ahmed Ramadan's Device <1002> | 31 |
>> | 1001 | disallow | | 23 |
>> | 1001 | allow | | 24 |
>> | 1001 | accountcode | | 26 |
>> | 1001 | mailbox | 1001 at device | 27 |
>> | 1001 | deny | 0.0.0.0/0.0.0.0 | 28 |
>> | 1001 | permit | 0.0.0.0/0.0.0.0 | 29 |
>> | 1001 | account | 1001 | 30 |
>> | 1001 | callerid | Mahmoud Ramadan's Device <1001> | 31 |
>> +------+------------------+---------------------------------+-------+
>> 60 rows in set (0.00 sec)
>>
>> 2.Verifying that Asterisk can listen at 5050 which is the same Asterisk
>> port configured on Kamailio.
>>
>> [root at Asterisk VM 01 ~]# asterisk -r
>> Asterisk 11.13.1, Copyright (C) 1999 - 2013 Digium, Inc. and others.
>> Created by Mark Spencer <markster at digium.com>
>> Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for
>> details.
>> This is free software, with components licensed under the GNU General
>> Public
>> License version 2 and other licenses; you are welcome to redistribute it
>> under
>> certain conditions. Type 'core show license' for details.
>> =========================================================================
>> Connected to Asterisk 11.13.1 currently running on Asterisk VM 01 (pid =
>> 2456)
>> Asterisk VM 01*CLI> sip show settings
>>
>>
>> Global Settings:
>> ----------------
>> UDP Bindaddress: 0.0.0.0:5050
>>
>> I know it is a long message but i wanted to give you all the INFO you
>> might need also I've attached my configuration file so you can check
>> it.Thank you Mohamed for your assistance.
>>
>> On Sun, Nov 16, 2014 at 8:25 PM, Muhammad Shahzad <shaheryarkh at gmail.com>
>> wrote:
>>
>>> Because both kamailio and asterisk use the same db table for
>>> authentication, see the auth_db module parameters in kamailio config.
>>>
>>> The REGISTER request from sip user is authenticated by kamailio using
>>> auth_db module and upon success kamailio generates REGISTER request back to
>>> asterisk (using the credentials sent by sip user for authentication with
>>> kamailio), this request is now authenticated by asterisk using realtime sip
>>> users interface.
>>>
>>> Thank you.
>>>
>>>
>>>
>>> On Sun, Nov 16, 2014 at 2:53 PM, Mahmoud Ramadan Ali <
>>> cisco.and.more.blog at gmail.com> wrote:
>>>
>>>> Hi Muhammad,
>>>> If the users MUST authenticate to Kamailio first,This means that
>>>> Kamailio should be aware of the SIP users exist in the Asterisk DB to be
>>>> able to authenticate them and NOT receive 401 Unauthorized error message
>>>> from Kamailio.
>>>> My question now might be simple but it a point of confusion to me and
>>>> it is how to tell Kamailio about the SIP users in the Asterisk DB ?!
>>>>
>>>> Best Regards,
>>>>
>>>>
>>>> On Sun, Nov 16, 2014 at 3:01 PM, Muhammad Shahzad <
>>>> shaheryarkh at gmail.com> wrote:
>>>>
>>>>> This seems to be fine. The user MUST authenticate to Kamailio, only
>>>>> then Kamailio will create REGISTER request that is send to asterisk. That's
>>>>> the key security feature behind the idea.
>>>>>
>>>>> Look at the register architecture diagram,
>>>>>
>>>>>
>>>>> http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb#registration
>>>>>
>>>>> Thank you.
>>>>>
>>>>>
>>>>>
>>>>> On Sat, Nov 15, 2014 at 10:31 PM, Mahmoud Ramadan Ali <
>>>>> cisco.and.more.blog at gmail.com> wrote:
>>>>>
>>>>>> Hi Dears,
>>>>>> I'm trying to configure Kamailio as SBC in multi home mode for
>>>>>> Asterisk by authenticating the inbound SIP registration requests,i'm
>>>>>> following this tutorial
>>>>>> http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
>>>>>> to achieve this goal. i have modified the necessary changes like the
>>>>>> Asterisk DB URL and the SIP table name and Username and password column and
>>>>>> verified the connection.
>>>>>>
>>>>>> My topology like this *Asterisk (192.168.100.10)
>>>>>> <----Internal:192.168.100.1---->Kamailio<---External:192.168.50.1-----> SIP
>>>>>> Phone (192.168.50.2)*
>>>>>> But when trying to register a SIP phone Kamailio does NOT forward the
>>>>>> authentication request to Asterisk and sends 401 Unauthorized error
>>>>>> message.I've attached my config file if any one wants to check it and
>>>>>> thanks in advance.
>>>>>> Best Regards
>>>>>>
>>>>>>
>>>>>> U 192.168.50.2:37297 -> 192.168.50.1:5060
>>>>>> REGISTER sip:192.168.50.1;transport=UDP SIP/2.0.
>>>>>> Via: SIP/2.0/UDP 192.168.50.2:37297
>>>>>> ;branch=z9hG4bK-d8754z-a46e0c7c9d98fe52-1---d8754z-;rport;transport=UDP.
>>>>>> Max-Forwards: 70.
>>>>>> Contact: <sip:1001 at 192.168.50.2:37297
>>>>>> ;rinstance=1d7c44dbcb8a7a2f;transport=UDP>.
>>>>>> To: <sip:1001 at 192.168.50.1;transport=UDP>.
>>>>>> From: <sip:1001 at 192.168.50.1;transport=UDP>;tag=1d222e19.
>>>>>> Call-ID: NTc2NDBjMGQ2YWFmZjdmNWI0MzVmN2Y4NzYyODJlMTc..
>>>>>> CSeq: 2 REGISTER.
>>>>>> Expires: 70.
>>>>>> Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS,
>>>>>> INFO, SUBSCRIBE.
>>>>>> Supported: replaces, norefersub, extended-refer, timer,
>>>>>> X-cisco-serviceuri.
>>>>>> User-Agent: Z 3.2.21357 r21367.
>>>>>> Authorization: Digest
>>>>>> username="1001",realm="192.168.50.1",nonce="VGfAuFRnv4wMvoTG7wA9tqYD9fgZDe3D",uri="sip:192.168.50.1;transport=UDP",response="8bbd01d879250585eafee4f510689f73",algorithm=MD5.
>>>>>> Allow-Events: presence, kpml.
>>>>>> Content-Length: 0.
>>>>>> #
>>>>>> U 192.168.50.1:5060 -> 192.168.50.2:37297
>>>>>> SIP/2.0 401 Unauthorized.
>>>>>> Via: SIP/2.0/UDP 192.168.50.2:37297
>>>>>> ;branch=z9hG4bK-d8754z-a46e0c7c9d98fe52-1---d8754z-;rport=37297;transport=UDP.
>>>>>> To: <sip:1001 at 192.168.50.1
>>>>>> ;transport=UDP>;tag=b27e1a1d33761e85846fc98f5f3a7e58.fe8b.
>>>>>> From: <sip:1001 at 192.168.50.1;transport=UDP>;tag=1d222e19.
>>>>>> Call-ID: NTc2NDBjMGQ2YWFmZjdmNWI0MzVmN2Y4NzYyODJlMTc..
>>>>>> CSeq: 2 REGISTER.
>>>>>> WWW-Authenticate: Digest realm="192.168.50.1",
>>>>>> nonce="VGfAuFRnv4wMvoTG7wA9tqYD9fgZDe3D".
>>>>>> Server: kamailio (4.1.6 (i386/linux)).
>>>>>> Content-Length: 0.
>>>>>>
>>>>>> _______________________________________________
>>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
>>>>>> list
>>>>>> sr-users at lists.sip-router.org
>>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>>> sr-users at lists.sip-router.org
>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>> sr-users at lists.sip-router.org
>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>>
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users at lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20141119/efc7d0ba/attachment.html>
-------------- next part --------------
#!KAMAILIO
#!define WITH_MYSQL
#!define WITH_AUTH
#!define WITH_USRLOCDB
#!define WITH_ASTERISK
#
# Kamailio (OpenSER) SIP Server v4.0 - default configuration script
# - web: http://www.kamailio.org
# - git: http://sip-router.org
#
# Direct your questions about this file to: <sr-users at lists.sip-router.org>
#
# Refer to the Core CookBook at http://www.kamailio.org/dokuwiki/doku.php
# for an explanation of possible statements, functions and parameters.
#
# Several features can be enabled using '#!define WITH_FEATURE' directives:
#
# *** To run in debug mode:
# - define WITH_DEBUG
#
# *** To enable mysql:
# - define WITH_MYSQL
#
# *** To enable authentication execute:
# - enable mysql
# - define WITH_AUTH
# - add users using 'kamctl'
#
# *** To enable IP authentication execute:
# - enable mysql
# - enable authentication
# - define WITH_IPAUTH
# - add IP addresses with group id '1' to 'address' table
#
# *** To enable persistent user location execute:
# - enable mysql
# - define WITH_USRLOCDB
#
# *** To enable presence server execute:
# - enable mysql
# - define WITH_PRESENCE
#
# *** To enable nat traversal execute:
# - define WITH_NAT
# - install RTPProxy: http://www.rtpproxy.org
# - start RTPProxy:
# rtpproxy -l _your_public_ip_ -s udp:localhost:7722
#
# *** To enable PSTN gateway routing execute:
# - define WITH_PSTN
# - set the value of pstn.gw_ip
# - check route[PSTN] for regexp routing condition
#
# *** To enable database aliases lookup execute:
# - enable mysql
# - define WITH_ALIASDB
#
# *** To enable speed dial lookup execute:
# - enable mysql
# - define WITH_SPEEDDIAL
#
# *** To enable multi-domain support execute:
# - enable mysql
# - define WITH_MULTIDOMAIN
#
# *** To enable TLS support execute:
# - adjust CFGDIR/tls.cfg as needed
# - define WITH_TLS
#
# *** To enable XMLRPC support execute:
# - define WITH_XMLRPC
# - adjust route[XMLRPC] for access policy
#
# *** To enable anti-flood detection execute:
# - adjust pike and htable=>ipban settings as needed (default is
# block if more than 16 requests in 2 seconds and ban for 300 seconds)
# - define WITH_ANTIFLOOD
#
# *** To block 3XX redirect replies execute:
# - define WITH_BLOCK3XX
#
# *** To enable VoiceMail routing execute:
# - define WITH_VOICEMAIL
# - set the value of voicemail.srv_ip
# - adjust the value of voicemail.srv_port
#
# *** To enhance accounting execute:
# - enable mysql
# - define WITH_ACCDB
# - add following columns to database
#!ifdef ACCDB_COMMENT
ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN src_ip varchar(64) NOT NULL default '';
ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN src_ip varchar(64) NOT NULL default '';
ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
#!endif
####### Defined Values #########
# *** Value defines - IDs used later in config
#!ifdef WITH_MYSQL
# - database URL - used to connect to database server by modules such
# as: auth_db, acc, usrloc, a.s.o.
#!define DBURL "mysql://kamailio:kamailiorw@localhost/kamailio"
#!ifdef WITH_ASTERISK
#!define DBASTURL "mysql://sipuser:sippassword@192.168.100.10/asterisk"
#!endif
#!endif
#!ifdef WITH_MULTIDOMAIN
# - the value for 'use_domain' parameters
#!define MULTIDOMAIN 1
#!else
#!define MULTIDOMAIN 0
#!endif
# - flags
# FLT_ - per transaction (message) flags
# FLB_ - per branch flags
#!define FLT_ACC 1
#!define FLT_ACCMISSED 2
#!define FLT_ACCFAILED 3
#!define FLT_NATS 5
#!define FLB_NATB 6
#!define FLB_NATSIPPING 7
####### Global Parameters #########
#!ifdef WITH_DEBUG
debug=4
log_stderror=yes
#!else
debug=2
log_stderror=no
#!endif
memdbg=5
memlog=5
log_facility=LOG_LOCAL0
fork=yes
children=4
/* uncomment the next line to disable TCP (default on) */
#disable_tcp=yes
/* uncomment the next line to disable the auto discovery of local aliases
based on reverse DNS on IPs (default on) */
#auto_aliases=no
/* add local domain aliases */
#alias="sip.mydomain.com"
/* uncomment and configure the following line if you want Kamailio to
bind on a specific interface/port/proto (default bind on all available) */
#listen=udp:10.0.0.10:5060
/* port to listen to
* - can be specified more than once if needed to listen on many ports */
port=5060
#!ifdef WITH_TLS
enable_tls=yes
#!endif
# life time of TCP connection when there is no traffic
# - a bit higher than registration expires to cope with UA behind NAT
tcp_connection_lifetime=3605
mhomed=1
####### Custom Parameters #########
# These parameters can be modified runtime via RPC interface
# - see the documentation of 'cfg_rpc' module.
#
# Format: group.id = value 'desc' description
# Access: $sel(cfg_get.group.id) or @cfg_get.group.id
#
#!ifdef WITH_PSTN
# PSTN GW Routing
#
# - pstn.gw_ip: valid IP or hostname as string value, example:
# pstn.gw_ip = "10.0.0.101" desc "My PSTN GW Address"
#
# - by default is empty to avoid misrouting
pstn.gw_ip = "" desc "PSTN GW Address"
#!endif
#!ifdef WITH_VOICEMAIL
# VoiceMail Routing on offline, busy or no answer
#
# - by default Voicemail server IP is empty to avoid misrouting
voicemail.srv_ip = "192.168.100.10" desc "VoiceMail IP Address"
voicemail.srv_port = "5050" desc "VoiceMail Port"
#!endif
#!ifdef WITH_ASTERISK
asterisk.bindip = "192.168.100.10" desc "Asterisk IP Address"
asterisk.bindport = "5050" desc "Asterisk Port"
kamailio.bindip = "192.168.100.1" desc "Kamailio IP Address"
kamailio.bindport = "5060" desc "Kamailio Port"
#!endif
####### Modules Section ########
# set paths to location of modules (to sources or installation folders)
#!ifdef WITH_SRCPATH
mpath="modules_k:modules"
#!else
mpath="/usr/local/lib/kamailio/modules_k/:/usr/local/lib/kamailio/modules/"
#!endif
#!ifdef WITH_MYSQL
loadmodule "db_mysql.so"
#!endif
loadmodule "mi_fifo.so"
loadmodule "kex.so"
loadmodule "tm.so"
loadmodule "tmx.so"
loadmodule "sl.so"
loadmodule "rr.so"
loadmodule "pv.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "siputils.so"
loadmodule "xlog.so"
loadmodule "sanity.so"
loadmodule "ctl.so"
loadmodule "cfg_rpc.so"
loadmodule "mi_rpc.so"
loadmodule "acc.so"
#!ifdef WITH_AUTH
loadmodule "auth.so"
loadmodule "auth_db.so"
#!ifdef WITH_IPAUTH
loadmodule "permissions.so"
#!endif
#!endif
#!ifdef WITH_ALIASDB
loadmodule "alias_db.so"
#!endif
#!ifdef WITH_SPEEDDIAL
loadmodule "speeddial.so"
#!endif
#!ifdef WITH_MULTIDOMAIN
loadmodule "domain.so"
#!endif
#!ifdef WITH_PRESENCE
loadmodule "presence.so"
loadmodule "presence_xml.so"
#!endif
#!ifdef WITH_NAT
loadmodule "nathelper.so"
loadmodule "rtpproxy.so"
#!endif
#!ifdef WITH_TLS
loadmodule "tls.so"
#!endif
#!ifdef WITH_ANTIFLOOD
loadmodule "htable.so"
loadmodule "pike.so"
#!endif
#!ifdef WITH_XMLRPC
loadmodule "xmlrpc.so"
#!endif
#!ifdef WITH_DEBUG
loadmodule "debugger.so"
#!endif
#!ifdef WITH_ASTERISK
loadmodule "uac.so"
#!endif
# ----------------- setting module-specific parameters ---------------
# ----- mi_fifo params -----
modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
# ----- tm params -----
# auto-discard branches from previous serial forking leg
modparam("tm", "failure_reply_mode", 3)
# default retransmission timeout: 30sec
modparam("tm", "fr_timer", 30000)
# default invite retransmission timeout after 1xx: 120sec
modparam("tm", "fr_inv_timer", 120000)
# ----- rr params -----
# add value to ;lr param to cope with most of the UAs
modparam("rr", "enable_full_lr", 1)
# do not append from tag to the RR (no need for this script)
#!ifdef WITH_ASTERISK
modparam("rr", "append_fromtag", 1)
#!else
modparam("rr", "append_fromtag", 0)
#!endif
# ----- registrar params -----
modparam("registrar", "method_filtering", 1)
/* uncomment the next line to disable parallel forking via location */
# modparam("registrar", "append_branches", 0)
/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)
# max value for expires of registrations
modparam("registrar", "max_expires", 3600)
# set it to 1 to enable GRUU
modparam("registrar", "gruu_enabled", 0)
# ----- acc params -----
/* what special events should be accounted ? */
modparam("acc", "early_media", 0)
modparam("acc", "report_ack", 0)
modparam("acc", "report_cancels", 0)
/* by default ww do not adjust the direct of the sequential requests.
if you enable this parameter, be sure the enable "append_fromtag"
in "rr" module */
modparam("acc", "detect_direction", 0)
/* account triggers (flags) */
modparam("acc", "log_flag", FLT_ACC)
modparam("acc", "log_missed_flag", FLT_ACCMISSED)
modparam("acc", "log_extra",
"src_user=$fU;src_domain=$fd;src_ip=$si;"
"dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
/* enhanced DB accounting */
#!ifdef WITH_ACCDB
modparam("acc", "db_flag", FLT_ACC)
modparam("acc", "db_missed_flag", FLT_ACCMISSED)
modparam("acc", "db_url", DBURL)
modparam("acc", "db_extra",
"src_user=$fU;src_domain=$fd;src_ip=$si;"
"dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
#!endif
# ----- usrloc params -----
/* enable DB persistency for location entries */
#!ifdef WITH_USRLOCDB
modparam("usrloc", "db_url", DBURL)
modparam("usrloc", "db_mode", 2)
modparam("usrloc", "use_domain", MULTIDOMAIN)
#!endif
# ----- auth_db params -----
#!ifdef WITH_AUTH
modparam("auth_db", "user_column", "account")
modparam("auth_db", "password_column", "secret")
modparam("auth_db", "db_url", "mysql://sipuser:sippassword@192.168.100.10/asterisk")
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "load_credentials", "")
#!ifdef WITH_ASTERISK
modparam("auth_db", "user_column", "account")
modparam("auth_db", "password_column", "secret")
modparam("auth_db", "db_url", "mysql://sipuser:sippassword@192.168.100.10/asterisk")
modparam("auth_db", "version_table", 0)
#!else
modparam("auth_db", "db_url", "db_url","mysql://sipuser:sippassword@192.168.100.10/asterisk")
modparam("auth_db", "password_column", "secret")
modparam("auth_db", "user_column", "account")
modparam("auth_db", "use_domain", MULTIDOMAIN)
#!endif
# ----- permissions params -----
#!ifdef WITH_IPAUTH
modparam("permissions", "db_url", DBURL)
modparam("permissions", "db_mode", 1)
#!endif
#!endif
# ----- alias_db params -----
#!ifdef WITH_ALIASDB
modparam("alias_db", "db_url", DBURL)
modparam("alias_db", "use_domain", MULTIDOMAIN)
#!endif
# ----- speedial params -----
#!ifdef WITH_SPEEDDIAL
modparam("speeddial", "db_url", DBURL)
modparam("speeddial", "use_domain", MULTIDOMAIN)
#!endif
# ----- domain params -----
#!ifdef WITH_MULTIDOMAIN
modparam("domain", "db_url", DBURL)
# register callback to match myself condition with domains list
modparam("domain", "register_myself", 1)
#!endif
#!ifdef WITH_PRESENCE
# ----- presence params -----
modparam("presence", "db_url", DBURL)
# ----- presence_xml params -----
modparam("presence_xml", "db_url", DBURL)
modparam("presence_xml", "force_active", 1)
#!endif
#!ifdef WITH_NAT
# ----- rtpproxy params -----
modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722")
# ----- nathelper params -----
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
modparam("nathelper", "sipping_from", "sip:pinger at kamailio.org")
# params needed for NAT traversal in other modules
modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
modparam("usrloc", "nat_bflag", FLB_NATB)
#!endif
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
#!endif
#!ifdef WITH_ANTIFLOOD
# ----- pike params -----
modparam("pike", "sampling_time_unit", 2)
modparam("pike", "reqs_density_per_unit", 16)
modparam("pike", "remove_latency", 4)
# ----- htable params -----
# ip ban htable with autoexpire after 5 minutes
modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
#!endif
#!ifdef WITH_XMLRPC
# ----- xmlrpc params -----
modparam("xmlrpc", "route", "XMLRPC");
modparam("xmlrpc", "url_match", "^/RPC")
#!endif
#!ifdef WITH_DEBUG
# ----- debugger params -----
modparam("debugger", "cfgtrace", 1)
#!endif
####### Routing Logic ########
# Main SIP request routing logic
# - processing of any incoming SIP request starts with this route
# - note: this is the same as route { ... }
request_route {
# per request initial checks
route(REQINIT);
# NAT detection
route(NATDETECT);
# handle requests within SIP dialogs
route(WITHINDLG);
### only initial requests (no To tag)
# CANCEL processing
if (is_method("CANCEL"))
{
if (t_check_trans())
t_relay();
exit;
}
t_check_trans();
# authentication
route(AUTH);
# record routing for dialog forming requests (in case they are routed)
# - remove preloaded route headers
remove_hf("Route");
if (is_method("INVITE|SUBSCRIBE"))
record_route();
# account only INVITEs
if (is_method("INVITE"))
{
setflag(FLT_ACC); # do accounting
}
# dispatch requests to foreign domains
route(SIPOUT);
### requests for my local domains
# handle presence related requests
route(PRESENCE);
# handle registrations
route(REGISTRAR);
if ($rU==$null)
{
# request with no Username in RURI
sl_send_reply("484","Address Incomplete");
exit;
}
# dispatch destinations to PSTN
route(PSTN);
# user location service
route(LOCATION);
route(RELAY);
}
route[RELAY] {
# enable additional event routes for forwarded requests
# - serial forking, RTP relaying handling, a.s.o.
if (is_method("INVITE|SUBSCRIBE")) {
t_on_branch("MANAGE_BRANCH");
t_on_reply("MANAGE_REPLY");
}
if (is_method("INVITE")) {
t_on_failure("MANAGE_FAILURE");
}
if (!t_relay()) {
sl_reply_error();
}
exit;
}
# Per SIP request initial checks
route[REQINIT] {
#!ifdef WITH_ANTIFLOOD
# flood dection from same IP and traffic ban for a while
# be sure you exclude checking trusted peers, such as pstn gateways
# - local host excluded (e.g., loop to self)
if(src_ip!=myself)
{
if($sht(ipban=>$si)!=$null)
{
# ip is already blocked
xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
exit;
}
if (!pike_check_req())
{
xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
$sht(ipban=>$si) = 1;
exit;
}
}
#!endif
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
}
if(!sanity_check("1511", "7"))
{
xlog("Malformed SIP message from $si:$sp\n");
exit;
}
}
# Handle requests within SIP dialogs
route[WITHINDLG] {
if (has_totag()) {
# sequential request withing a dialog should
# take the path determined by record-routing
if (loose_route()) {
if (is_method("BYE")) {
setflag(FLT_ACC); # do accounting ...
setflag(FLT_ACCFAILED); # ... even if the transaction fails
}
if ( is_method("ACK") ) {
# ACK is forwarded statelessy
route(NATMANAGE);
}
route(RELAY);
} else {
if (is_method("SUBSCRIBE") && uri == myself) {
# in-dialog subscribe requests
route(PRESENCE);
exit;
}
if ( is_method("ACK") ) {
if ( t_check_trans() ) {
# no loose-route, but stateful ACK;
# must be an ACK after a 487
# or e.g. 404 from upstream server
t_relay();
exit;
} else {
# ACK without matching transaction ... ignore and discard
exit;
}
}
sl_send_reply("404","Not here");
}
exit;
}
}
# Handle SIP registrations
route[REGISTRAR] {
if (is_method("REGISTER"))
{
if(isflagset(FLT_NATS))
{
setbflag(FLB_NATB);
# uncomment next line to do SIP NAT pinging
## setbflag(FLB_NATSIPPING);
}
if (!save("location"))
sl_reply_error();
#!ifdef WITH_ASTERISK
route(REGFWD);
#!endif
exit;
}
}
# USER location service
route[LOCATION] {
#!ifdef WITH_SPEEDIAL
# search for short dialing - 2-digit extension
if($rU=~"^[0-9][0-9]$")
if(sd_lookup("speed_dial"))
route(SIPOUT);
#!endif
#!ifdef WITH_ALIASDB
# search in DB-based aliases
if(alias_db_lookup("dbaliases"))
route(SIPOUT);
#!endif
#!ifdef WITH_ASTERISK
if(is_method("INVITE") && (!route(FROMASTERISK))) {
# if new call from out there - send to Asterisk
# - non-INVITE request are routed directly by Kamailio
# - traffic from Asterisk is routed also directy by Kamailio
route(TOASTERISK);
exit;
}
#!endif
$avp(oexten) = $rU;
if (!lookup("location")) {
$var(rc) = $rc;
route(TOVOICEMAIL);
t_newtran();
switch ($var(rc)) {
case -1:
case -3:
send_reply("404", "Not Found");
exit;
case -2:
send_reply("405", "Method Not Allowed");
exit;
}
}
# when routing via usrloc, log the missed calls also
if (is_method("INVITE"))
{
setflag(FLT_ACCMISSED);
}
}
# Presence server route
route[PRESENCE] {
if(!is_method("PUBLISH|SUBSCRIBE"))
return;
#!ifdef WITH_PRESENCE
if (!t_newtran())
{
sl_reply_error();
exit;
};
if(is_method("PUBLISH"))
{
handle_publish();
t_release();
}
else
if( is_method("SUBSCRIBE"))
{
handle_subscribe();
t_release();
}
exit;
#!endif
# if presence enabled, this part will not be executed
if (is_method("PUBLISH") || $rU==$null)
{
sl_send_reply("404", "Not here");
exit;
}
return;
}
# Authentication route
route[AUTH] {
# if caller is not local subscriber, then check if it calls
# a local destination, otherwise deny, not an open relay here
if (from_uri!=myself && uri!=myself)
{
sl_send_reply("403","Not relaying");
exit;
}
#!ifdef WITH_AUTH
#!ifdef WITH_ASTERISK
# do not auth traffic from Asterisk - trusted!
if(route(FROMASTERISK))
return;
#!endif
#!ifdef WITH_IPAUTH
if((!is_method("REGISTER")) && allow_source_address())
{
# source IP allowed
return;
}
#!endif
if (is_method("REGISTER") || from_uri==myself)
{
# authenticate requests
#!ifdef WITH_ASTERISK
if (!auth_check("$fd", "sip", "1")) {
#!else
if (!auth_check("$fd", "sip", "1")) {
#!endif
auth_challenge("$fd", "0");
exit;
}
# user authenticated - remove auth header
if(!is_method("REGISTER|PUBLISH"))
consume_credentials();
}
#!endif
return;
}
# Caller NAT detection route
route[NATDETECT] {
#!ifdef WITH_NAT
force_rport();
if (nat_uac_test("19")) {
if (is_method("REGISTER")) {
fix_nated_register();
} else {
fix_nated_contact();
}
setflag(FLT_NATS);
}
#!endif
return;
}
# RTPProxy control
route[NATMANAGE] {
#!ifdef WITH_NAT
if (is_request()) {
if(has_totag()) {
if(check_route_param("nat=yes")) {
setbflag(FLB_NATB);
}
}
}
if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB)))
return;
rtpproxy_manage();
if (is_request()) {
if (!has_totag()) {
add_rr_param(";nat=yes");
}
}
if (is_reply()) {
if(isbflagset(FLB_NATB)) {
fix_nated_contact();
}
}
#!endif
return;
}
# Routing to foreign domains
route[SIPOUT] {
if (!uri==myself)
{
append_hf("P-hint: outbound\r\n");
route(RELAY);
}
}
# PSTN GW routing
route[PSTN] {
#!ifdef WITH_PSTN
# check if PSTN GW IP is defined
if (strempty($sel(cfg_get.pstn.gw_ip))) {
xlog("SCRIPT: PSTN rotuing enabled but pstn.gw_ip not defined\n");
return;
}
# route to PSTN dialed numbers starting with '+' or '00'
# (international format)
# - update the condition to match your dialing rules for PSTN routing
if(!($rU=~"^(\+|00)[1-9][0-9]{3,20}$"))
return;
# only local users allowed to call
if(from_uri!=myself) {
sl_send_reply("403", "Not Allowed");
exit;
}
$ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip);
route(RELAY);
exit;
#!endif
return;
}
# XMLRPC routing
#!ifdef WITH_XMLRPC
route[XMLRPC] {
# allow XMLRPC from localhost
if ((method=="POST" || method=="GET")
&& (src_ip==127.0.0.1)) {
# close connection only for xmlrpclib user agents (there is a bug in
# xmlrpclib: it waits for EOF before interpreting the response).
if ($hdr(User-Agent) =~ "xmlrpclib")
set_reply_close();
set_reply_no_connect();
dispatch_rpc();
exit;
}
send_reply("403", "Forbidden");
exit;
}
#!endif
# route to voicemail server
route[TOVOICEMAIL] {
#!ifdef WITH_VOICEMAIL
if(!is_method("INVITE"))
return;
# check if VoiceMail server IP is defined
if (strempty($sel(cfg_get.voicemail.srv_ip))) {
xlog("SCRIPT: VoiceMail rotuing enabled but IP not defined\n");
return;
}
if($avp(oexten)==$null)
return;
$ru = "sip:" + $avp(oexten) + "@" + $sel(cfg_get.voicemail.srv_ip)
+ ":" + $sel(cfg_get.voicemail.srv_port);
route(RELAY);
exit;
#!endif
return;
}
# manage outgoing branches
branch_route[MANAGE_BRANCH] {
xdbg("new branch [$T_branch_idx] to $ru\n");
route(NATMANAGE);
}
# manage incoming replies
onreply_route[MANAGE_REPLY] {
xdbg("incoming reply\n");
if(status=~"[12][0-9][0-9]")
route(NATMANAGE);
}
# manage failure routing cases
failure_route[MANAGE_FAILURE] {
route(NATMANAGE);
if (t_is_canceled()) {
exit;
}
#!ifdef WITH_BLOCK3XX
# block call redirect based on 3xx replies.
if (t_check_status("3[0-9][0-9]")) {
t_reply("404","Not found");
exit;
}
#!endif
#!ifdef WITH_VOICEMAIL
# serial forking
# - route to voicemail on busy or no answer (timeout)
if (t_check_status("486|408")) {
route(TOVOICEMAIL);
exit;
}
#!endif
}
#!ifdef WITH_ASTERISK
# Test if coming from Asterisk
route[FROMASTERISK] {
if($si==$sel(cfg_get.asterisk.bindip)
&& $sp==$sel(cfg_get.asterisk.bindport))
return 1;
return -1;
}
# Send to Asterisk
route[TOASTERISK] {
$du = "sip:" + $sel(cfg_get.asterisk.bindip) + ":"
+ $sel(cfg_get.asterisk.bindport);
route(RELAY);
exit;
}
# Forward REGISTER to Asterisk
route[REGFWD] {
if(!is_method("REGISTER"))
{
return;
}
$var(rip) = $sel(cfg_get.asterisk.bindip);
$uac_req(method)="REGISTER";
$uac_req(ruri)="sip:" + $var(rip) + ":" + $sel(cfg_get.asterisk.bindport);
$uac_req(furi)="sip:" + $au + "@" + $var(rip);
$uac_req(turi)="sip:" + $au + "@" + $var(rip);
$uac_req(hdrs)="Contact: <sip:" + $au + "@"
+ $sel(cfg_get.kamailio.bindip)
+ ":" + $sel(cfg_get.kamailio.bindport) + ">\r\n";
if($sel(contact.expires) != $null)
$uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $sel(contact.expires) + "\r\n";
else
$uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $hdr(Expires) + "\r\n";
uac_req_send();
}
#!endif
More information about the sr-users
mailing list