[SR-Users] Kamailio 5.3.8 and RTPengine 9.4.1.1+0~mr9.4.1.1
Sergio Charrua
sergio.charrua at voip.pt
Mon May 24 13:18:10 CEST 2021
Hi Mihai!
RTPEngine should be set on the same server where Kamailio is running.
These are the options I use in RTPEngine on a NATed server,
/etc/sysconfig/rtpengine
# Add extra options here
OPTIONS="--interface eth1/10.19.139.66 --listen-ng 127.0.0.1:60000 -m 10000
-M 20000 -L 7 --log-facility=local1"
where 10.19.139.66 is a local Virutal IP address (handled by Pacemaker +
Corosync). This IP Address receives everything from the router/firewall who
has the public IP address, meaning that for security purposes, the server
has no public IP setup directly on the server, instead the public IP is set
on the router/firewall equipment, who redirects (almost) everything to the
server.
This is pretty standard.
My setup is very similar to yours: all SIP traffic received on Kamailio is
forwarded to 1 of the Asterisk servers available (using dispatcher) who
will process the SIP messages accordingly, including calls which are then
forwarded by Asterisk to SIP Trunks (Telcos) or directly to customers (SIP
extensions or SIP trunks too). So, resuming, we receive calls from inbound
Telcos (or SIP registered partners) to Kamailio then to Asterisk who will
decide (route) calls (to IVR or other destinations) and process transcoding
if required.
Not sure if this is the best approach, but it works. However there is 1
minor issue I have found in this setup: inbound calls need a separate IP
address from outbound calls, that is, Kamailio's public IP address must be
different thant IP Address of the Asterisk servers (all Asterisk servers
share the same public IP for outbound to other networks), so that SIP
messages do not scramble between inbound and outbound calls.
Needless to say that you must keep the same path for a call coming from
Kamailio to Asterisk, so that SIP messages use always the same Asterisk
servers back and forth the endpoints.
Also, check if RTPEngine is initialized in every call that comes from
public network to Kamailio:
- on route[NATMANAGE] there must be a rtpengine_manage() command
- the main route() method must contain the following lines after the
route(WITHINDLG); call:
if (is_method("INVITE|SUBSCRIBE")){
xlog("L_INFO","Recording Route");
record_route();
if (is_method("INVITE")) {
if (has_body("application/sdp")) {
if (rtpengine_offer())
t_on_reply("1");
} else {
t_on_reply("2");
}
}
}
if (is_method("ACK") && has_body("application/sdp"))
rtpengine_answer();
I think it should be enough.
Cheers!
(you still owe me a beer, but now it is 2 😉 ... it this works)
*Sérgio Charrua*
*www.voip.pt <http://www.voip.pt/>*
Tel.: +351 <callto:+351+91+104+12+66>21 130 71 77
Email : *sergio.charrua at voip.pt <sergio.charrua at voip.pt>*
This message and any files or documents attached are strictly confidential
or otherwise legally protected.
It is intended only for the individual or entity named. If you are not the
named addressee or have received this email in error, please inform the
sender immediately, delete it from your system and do not copy or disclose
it or its contents or use it for any purpose. Please also note that
transmission cannot be guaranteed to be secure or error-free.
On Sun, May 23, 2021 at 4:42 PM Mihai Cezar <cezar at mokalife.ro> wrote:
> If my rtpengine is on vm with 1 ip address ( public ) and started in
> the command line with --interface=public/110.20.20.1 --tos=184
> --pidfile=/run/rtpengine.pid
> my direction will be public, corect? Or do I need to start rtpengine
> on the same vm with asterisk where it has 2 interfaces (public and
> private)
>
> Thanks!
>
>
>
> On Sun, May 23, 2021 at 5:11 PM David Villasmil
> <david.villasmil.work at gmail.com> wrote:
> >
> > This might help you, you need to set directions (as suggested)
> >
> >
> https://github.com/davidcsi/kamailio-private-public/blob/master/kamailio.cfg#L1220
> >
> >
> > On Sun, 23 May 2021 at 11:22, M Arqum CH <marqumch at gmail.com> wrote:
> >>
> >> Hi Mehai,
> >>
> >> Bind rtpengine with local ip as well.
> >>
> >> use direction flags in rtpengine_offer function .
> https://kamailio.org/docs/modules/5.2.x/modules/rtpengine.html#rtpengine.f.rtpengine_offer
> >>
> >> From Rtpenigne Doc:
> >>
> >> direction
> >>
> >> Contains a list of two strings and corresponds to the rtpproxy e and i
> flags. Each element must correspond to one of the named logical interfaces
> configured on the command line (through --interface). For example, if there
> is one logical interface named pub and another one named priv, then if side
> A (originator of the message) is considered to be on the private network
> and side B (destination of the message) on the public network, then that
> would be rendered within the dictionary as:
> >>
> >> { ..., "direction": [ "priv", "pub" ], ... }
> >>
> >>
> >> Cheers,
> >>
> >> Arqum
> >>
> >>
> >> On Fri, May 21, 2021 at 10:39 PM Mihai Cezar <cezar at mokalife.ro> wrote:
> >>>
> >>> Hi All,
> >>>
> >>> I've been using Kamailio as a proxy for asterisk (with public ips),
> >>> everything was fine until i've changed the setup to private ips for
> >>> asterisk.
> >>>
> >>> What I did so far:
> >>> - Kamailio and rtpengine are on a box with 1 public IP.
> >>> - Asterisk containers on private ips each asterisk has 2 trunks (
> >>> 1trunk voip provider 1trunk the Proxy).
> >>>
> >>> What works:
> >>> - Proxy registrations and sip signaling works.
> >>>
> >>> What it does not work:
> >>> - On the asterisk I got only on rtp connexion, my guess is that has
> >>> something to do with the SDP, asterisk put the private ip in the SDP
> >>> header.
> >>>
> >>> RTPengine is configured using this guide
> https://github.com/sipwise/rtpengine
> >>>
> >>> Can you have a look at the kamailio config, i think i am missing
> >>> something or do something wrong.
> >>>
> >>> Thank you!
> >>>
> >>> command to start was:
> >>> rtpengine --table=42 --listen-ng=127.0.0.1:2223
> >>> --interface=public/110.20.20.1 --tos=184 --pidfile=/run/rtpengine.pid
> >>> --no-fallback
> >>>
> >>> and the Kamailio cfg is this:
> >>>
> >>> #!KAMAILIO
> >>>
> >>> #!define FLT_ACC 1
> >>> #!define FLT_ACCMISSED 2
> >>> #!define FLT_ACCFAILED 3
> >>> #!define FLT_FS 10
> >>>
> >>> #!define FLT_NATS 5
> >>> #!define FLB_NATB 6
> >>> #!define FLB_NATSIPPING 7
> >>>
> >>> #!define WITH_DEBUG
> >>> #!define WITH_NAT
> >>>
> >>>
> >>> ## This is the main configuration file for our proxy!
> >>>
> >>> ####### Global Parameters #########
> >>>
> >>> #!ifdef WITH_DEBUG
> >>> debug=4
> >>> memdbg=5
> >>> memlog=5
> >>> log_stderror=yes
> >>> disable_core_dump=no
> >>> sip_warning=yes
> >>> #!else
> >>> debug=-0
> >>> log_stderror=no
> >>> sip_warning=no
> >>> disable_core_dump=yes
> >>> #!endif
> >>>
> >>> log_facility=LOG_LOCAL0
> >>>
> >>> fork=yes
> >>> children=8
> >>> auto_aliases=no
> >>> port=5060
> >>> disable_tcp=yes
> >>>
> >>> server_id = 1
> >>> server_signature=yes
> >>> server_header="Server: proxy"
> >>>
> >>> dns_try_ipv6=no
> >>> dns_try_naptr=no
> >>> dns_retr_time=1
> >>> dns_retr_no=1
> >>> rev_dns=no
> >>>
> >>> ####### Modules Section ########
> >>>
> >>> #loadmodule "db_mysql.so"
> >>> loadmodule "jsonrpcs.so"
> >>> loadmodule "kex.so"
> >>> loadmodule "corex.so"
> >>> loadmodule "tm.so"
> >>> loadmodule "tmx.so"
> >>> loadmodule "sl.so"
> >>> loadmodule "rr.so"
> >>> loadmodule "pv.so"
> >>> loadmodule "maxfwd.so"
> >>> loadmodule "usrloc.so"
> >>> loadmodule "registrar.so"
> >>> loadmodule "textops.so"
> >>> loadmodule "siputils.so"
> >>> loadmodule "xlog.so"
> >>> loadmodule "sanity.so"
> >>> loadmodule "ctl.so"
> >>> loadmodule "acc.so"
> >>> loadmodule "dispatcher.so"
> >>> loadmodule "path.so"
> >>> loadmodule "nathelper.so"
> >>> loadmodule "rtpengine.so"
> >>>
> >>>
> >>> ####### Modules Settings
> >>> # ----------------- setting module-specific parameters ---------------
> >>>
> >>> modparam("xlog", "buf_size", 4096)
> >>> modparam("xlog", "prefix", "xlog: ")
> >>> modparam("xlog", "log_facility", "LOG_DAEMON")
> >>> modparam("xlog", "log_colors", "L_ERR=cr")
> >>> modparam("xlog", "log_colors", "L_ERR=cr;L_WARN=px")
> >>>
> >>> # ----- jsonrpcs params -----
> >>> modparam("jsonrpcs", "pretty_format", 1)
> >>>
> >>> # ----- tm params -----
> >>> modparam("tm", "failure_reply_mode", 3)
> >>> modparam("tm", "fr_timer", 30000)
> >>> modparam("tm", "fr_inv_timer", 120000)
> >>>
> >>> # ----- rr params -----
> >>> modparam("rr", "enable_full_lr", 1)
> >>> modparam("rr", "append_fromtag", 0)
> >>>
> >>> #!ifdef WITH_NAT
> >>> modparam("nathelper", "received_avp", "$avp(RECEIVED)")
> >>> modparam("nathelper", "nortpproxy_str", "a=sdpmangled:yes\r\n")
> >>> modparam("nathelper", "natping_interval", 30)
> >>> modparam("nathelper", "ping_nated_only", 1)
> >>> modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
> >>> modparam("nathelper", "sipping_from", "sip:pinger at proxy")
> >>>
> >>> # params needed for NAT traversal in other modules
> >>> modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
> >>> modparam("usrloc", "nat_bflag", FLB_NATB)
> >>>
> >>> modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:2223")
> >>> modparam("rtpengine", "rtpengine_retr", 2)
> >>> modparam("rtpengine", "hash_table_size", 256)
> >>> modparam("rtpengine", "hash_table_tout", 600)
> >>> #!endif
> >>>
> >>> # ----- registrar params -----
> >>> modparam("registrar", "method_filtering", 1)
> >>> modparam("registrar", "append_branches", 0)
> >>> modparam("registrar", "max_expires", 3600)
> >>> modparam("registrar", "gruu_enabled", 1)
> >>>
> >>> # ----- acc params -----
> >>> modparam("acc", "early_media", 0)
> >>> modparam("acc", "report_ack", 0)
> >>> modparam("acc", "report_cancels", 0)
> >>> modparam("acc", "detect_direction", 0)
> >>> modparam("acc", "log_flag", FLT_ACC)
> >>> modparam("acc", "log_missed_flag", FLT_ACCMISSED)
> >>> modparam("acc", "log_extra",
> >>>
> "src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd;src_ip=$si")
> >>> modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
> >>>
> >>> # ----- dispatcher params -----
> >>> modparam("dispatcher", "list_file",
> "/etc/kamailio/plugins/dispatcher.list")
> >>> modparam("dispatcher", "xavp_dst", "_dsdst_")
> >>> modparam("dispatcher", "xavp_ctx", "_dsctx_")
> >>> modparam("dispatcher", "ds_ping_from", "sip:ping at proxy")
> >>> modparam("dispatcher", "ds_probing_mode", 1)
> >>>
> >>> modparam("path", "use_received", 1)
> >>>
> >>>
> >>> ####### Routing Logic ###########
> >>> # main request routing logic
> >>>
> >>> request_route {
> >>>
> >>> # per request initial checks
> >>> route(REQINIT);
> >>>
> >>> # NAT detection
> >>> route(NATDETECT);
> >>>
> >>> if(ds_is_from_list()) {
> >>> setflag(FLT_FS);
> >>> }
> >>>
> >>> # CANCEL processing
> >>> if (is_method("CANCEL")) {
> >>> rtpengine_delete();
> >>> if (t_check_trans()) {
> >>> route(RELAY);
> >>> }
> >>> exit;
> >>> }
> >>>
> >>> # handle retransmissions
> >>> if (!is_method("ACK")) {
> >>> if(t_precheck_trans()) {
> >>> t_check_trans();
> >>> exit;
> >>> }
> >>> t_check_trans();
> >>> }
> >>>
> >>> # handle requests within SIP dialogs
> >>> route(WITHINDLG);
> >>>
> >>> if (isflagset(FLT_FS)) {
> >>> route(FROM_WORLD);
> >>> exit;
> >>> }
> >>>
> >>> ### only initial requests (no To tag)
> >>>
> >>> # record routing for dialog forming requests (in case they are
> routed)
> >>> # - remove preloaded route headers
> >>> remove_hf("Route");
> >>> if (is_method("INVITE|SUBSCRIBE")) {
> >>> record_route();
> >>> }
> >>>
> >>> # account only INVITEs
> >>> if (is_method("INVITE")) {
> >>> setflag(FLT_ACC); # do accounting
> >>> sl_send_reply("100","Trying");
> >>> }
> >>>
> >>> # handle presence related requests
> >>> route(PRESENCE);
> >>>
> >>> # handle registrations
> >>> route(REGISTRAR);
> >>>
> >>> if ($rU==$null) {
> >>> # request with no Username in RURI
> >>> sl_send_reply("484","Address Incomplete");
> >>> exit;
> >>> }
> >>>
> >>> # dispatch destinations
> >>> route(DISPATCH);
> >>> }
> >>>
> >>> route[FROM_WORLD]
> >>> {
> >>> record_route();
> >>> route(RELAY);
> >>> exit;
> >>> }
> >>>
> >>> route[RELAY] {
> >>> if (!t_relay()) {
> >>> sl_reply_error();
> >>> }
> >>>
> >>> if (!add_path()) {
> >>> sl_send_reply("503", "Internal Path Error");
> >>> }
> >>>
> >>> if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) {
> >>> if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH");
> >>> }
> >>> if (is_method("INVITE|SUBSCRIBE|UPDATE")) {
> >>> if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY");
> >>> }
> >>> if (is_method("INVITE")) {
> >>> if(!t_is_set("failure_route")) t_on_failure("MANAGE_FAILURE");
> >>> }
> >>>
> >>> if (has_body("application/sdp")) {
> >>> rtpengine_manage();
> >>> }
> >>>
> >>> append_hf("Supported: path\r\n");
> >>> exit;
> >>> }
> >>>
> >>> # Per SIP request initial checks
> >>> route[REQINIT] {
> >>>
> >>> if (!mf_process_maxfwd_header("10")) {
> >>> sl_send_reply("483","Too Many Hops");
> >>> exit;
> >>> }
> >>>
> >>> if(is_method("OPTIONS") && uri==myself && $rU==$null) {
> >>> sl_send_reply("200","Keepalive");
> >>> exit;
> >>> }
> >>>
> >>> if(!sanity_check("1511", "7")) {
> >>> xlog("L_WARN","Malformed SIP message from $si:$sp\n");
> >>> exit;
> >>> }
> >>> }
> >>>
> >>> # Handle requests within SIP dialogs
> >>> route[WITHINDLG] {
> >>> if (has_totag()) {
> >>> # sequential request withing a dialog should
> >>> # take the path determined by record-routing
> >>> if (loose_route()) {
> >>> if (is_method("BYE")) {
> >>> rtpengine_delete();
> >>> setflag(FLT_ACC); # do accounting ...
> >>> setflag(FLT_ACCFAILED); # ... even if the transaction
> fails
> >>> } else if ( is_method("ACK") ) {
> >>> # ACK is forwarded statelessly
> >>> route(NATMANAGE);
> >>> } else if ( is_method("NOTIFY") ) {
> >>> # Add Record-Route for in-dialog NOTIFY as per RFC
> 6665.
> >>> record_route();
> >>> }
> >>> route(RELAY);
> >>> # exit;
> >>>
> >>> } else {
> >>>
> >>> if (is_method("SUBSCRIBE") && uri == myself) {
> >>> # in-dialog subscribe requests
> >>> route(PRESENCE);
> >>> exit;
> >>> }
> >>> if ( is_method("ACK") ) {
> >>> if ( t_check_trans() ) {
> >>> # non loose-route, but stateful ACK; must be ACK
> >>> after a 487 or e.g. 404 from upstream server
> >>> t_relay();
> >>> exit;
> >>> } else {
> >>> # ACK without matching transaction ... ignore and
> discard.
> >>> exit;
> >>> }
> >>> }
> >>> sl_send_reply("404","Not here");
> >>> }
> >>> exit;
> >>> }
> >>> }
> >>>
> >>> # Handle SIP registrations
> >>> route[REGISTRAR] {
> >>>
> >>> if(!is_method("REGISTER"))
> >>> return;
> >>>
> >>> if(isflagset(FLT_NATS)) {
> >>> setbflag(FLB_NATB);
> >>> }
> >>>
> >>> if (!add_path_received()) {
> >>> sl_send_reply("503", "Internal Path Error");
> >>> };
> >>>
> >>> route(DISPATCH);
> >>> }
> >>>
> >>> # Presence server route
> >>> route[PRESENCE] {
> >>> if(!is_method("PUBLISH|SUBSCRIBE"))
> >>> return;
> >>>
> >>> sl_send_reply("404", "Not found");
> >>> exit;
> >>> }
> >>>
> >>>
> >>> # Dispatch requests
> >>> route[DISPATCH] {
> >>> # to add more servers in k8s
> >>> if (!ds_select_dst("1", "4")) {
> >>> send_reply(503, "Service Unavailable $fd");
> >>> exit;
> >>> }
> >>>
> >>> t_on_failure("RTF_DISPATCH");
> >>> route(RELAY);
> >>> exit;
> >>> }
> >>>
> >>> # Caller NAT detection
> >>> route[NATDETECT] {
> >>> #!ifdef WITH_NAT
> >>> if (nat_uac_test("3")) {
> >>> if (is_method("REGISTER")) {
> >>> xlog("L_WARN", "natdetect
> >>> fix_nated_register ip: $si\n");
> >>> fix_nated_register();
> >>> } else {
> >>> xlog("L_WARN", "natdetect set_contact_alias
> >>> ip: $si\n");
> >>> fix_nated_contact();
> >>> }
> >>> force_rport();
> >>> }
> >>> if (has_body("application/sdp") && nat_uac_test("8")) {
> >>> xlog("L_WARN", "sdp fix ip: $si\n");
> >>> fix_nated_sdp("10");
> >>> }
> >>> #!endif
> >>> return;
> >>> }
> >>>
> >>> # RTPProxy control and signaling updates for NAT traversal
> >>> route[NATMANAGE] {
> >>> #!ifdef WITH_NAT
> >>> if (is_request()) {
> >>> if(has_totag()) {
> >>> if(check_route_param("nat=yes")) {
> >>> setbflag(FLB_NATB);
> >>> }
> >>> }
> >>> }
> >>> if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB))) return;
> >>>
> >>> if(nat_uac_test("8")) {
> >>> xlog("L_WARN", "nat_uac_test 1...");
> >>> rtpengine_manage("replace-origin
> >>> replace-session-connection direction=public ICE=force");
> >>> } else {
> >>> xlog("L_WARN", "nat_uac_test addrtp...");
> >>> rtpengine_manage("codec-strip-all codec-transcode-PCMA
> >>> codec-transcode-PCMU codec-transcode-G729 replace-origin
> >>> replace-session-connection direction=public ICE=force ");
> >>> }
> >>>
> >>> if (is_request()) {
> >>> if (!has_totag()) {
> >>> if(t_is_branch_route()) {
> >>> add_rr_param(";nat=yes");
> >>> }
> >>> }
> >>> }
> >>> if (is_reply()) {
> >>> if(isbflagset(FLB_NATB)) {
> >>> if(is_first_hop())
> >>> set_contact_alias();
> >>> }
> >>> }
> >>> #!endif
> >>> return;
> >>> }
> >>>
> >>> # Manage outgoing branches
> >>> branch_route[MANAGE_BRANCH] {
> >>> xlog("L_WARN", "new branch [$T_branch_idx] to $ru\n");
> >>> route(NATMANAGE);
> >>> }
> >>>
> >>> # Manage incoming replies
> >>> onreply_route[MANAGE_REPLY] {
> >>> xlog("L_WARN", "incoming reply\n");
> >>>
> >>> if(status=~"[12][0-9][0-9]") {
> >>> route(NATMANAGE);
> >>> }
> >>> if (has_body("application/sdp")) {
> >>> rtpengine_manage();
> >>> }
> >>>
> >>> }
> >>>
> >>> onreply_route[REPLY_ROUTE] {
> >>> if(status=~"2[0-9][0-9]") {
> >>> rtpengine_answer("replace-session-connection replace-origin");
> >>> }
> >>> if (has_body("application/sdp")) {
> >>> rtpengine_offer();
> >>> }
> >>> }
> >>>
> >>> # Manage failure routing cases
> >>> failure_route[MANAGE_FAILURE] {
> >>> xlog("L_WARN", "failure route\n");
> >>> route(NATMANAGE);
> >>> if (t_is_canceled()) exit;
> >>> }
> >>>
> >>> # Try next destionations in failure route
> >>> failure_route[RTF_DISPATCH] {
> >>> if (t_is_canceled()) {
> >>> exit;
> >>> }
> >>> # next DST - only for 500 or local timeout
> >>> if (t_check_status("500")
> >>> or (t_branch_timeout() and !t_branch_replied())) {
> >>> if(ds_next_dst()) {
> >>> xlog("Retrying to <$ru> via <$du> (attrs:
> >>> $xavp(_dsdst_=>attrs))\n");
> >>> t_on_failure("RTF_DISPATCH");
> >>> route(RELAY);
> >>> exit;
> >>> }
> >>> }
> >>> }
> >>>
> >>> __________________________________________________________
> >>> Kamailio - Users Mailing List - Non Commercial Discussions
> >>> * sr-users at lists.kamailio.org
> >>> Important: keep the mailing list in the recipients, do not reply only
> to the sender!
> >>> Edit mailing list options or unsubscribe:
> >>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >>
> >>
> >>
> >> --
> >> Regards
> >> M Arqum
> >> __________________________________________________________
> >> Kamailio - Users Mailing List - Non Commercial Discussions
> >> * sr-users at lists.kamailio.org
> >> Important: keep the mailing list in the recipients, do not reply only
> to the sender!
> >> Edit mailing list options or unsubscribe:
> >> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >
> > --
> > Regards,
> >
> > David Villasmil
> > email: david.villasmil.work at gmail.com
> > phone: +34669448337
> > __________________________________________________________
> > Kamailio - Users Mailing List - Non Commercial Discussions
> > * sr-users at lists.kamailio.org
> > Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> > Edit mailing list options or unsubscribe:
> > * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20210524/fb3416cb/attachment.htm>
More information about the sr-users
mailing list