actually you don't need rtpproxy when toalking to gateway.
Just set it up to use symmetric communication. (I suppose
you are using Cisco.)
-jiri
At 01:00 AM 11/19/2003, Stephen Miles wrote:
>Hi Jiri,
>
>We got it working both ways now.
>
>We changed the forward to the PSTN gateway so it rewrites the hostport to gateway_ip:5060, that way the trans matches.
>
>Thanks for your help.
>
>-----Original Message-----
>From: Jiri Kuthan [mailto:jiri@iptel.org]
>Sent: Wednesday, 19 November 2003 11:46 a.m.
>To: Stephen Miles; serusers(a)lists.iptel.org
>Subject: Re: [Serusers] RTP Proxy help
>
>
>At 11:33 PM 11/18/2003, Stephen Miles wrote:
>>Hello all,
>>
>>I am having a bit of a problem with getting RTP Proxy to work the way I need it to with PSTN gateway calling.
>>
>>When I call from the PSTN gateway to the softphone it uses the rtp ptoxy both ways, from ser to the gateway and from ser to the softphone. When I call from the softphone to the PSTN how ever it only proxys from the gateway to ser and not from ser to the softphone.
>>
>>I have tried all sorts of things to force_rtp_proxy for both ends of the call but so far it's a no go.
>>
>>Any help would be great.
>>
>>One thing I did notice is that when I call from the PSTN to the softphone it matches a transaction and the rtp proxy works for both ends, but when calling from the softphone to the PSTN is says failed to match transaction and the rtp proxy only works for one end of the call.
>
>Can you send the network dumps and the logs in question too -- that may be the reason.
>If a reply is constructed in a way that mismatches with original request, no changes
>to rtprpoxy will be applied.
>
>Also, make sure that you are using latest CVS version from HEAD, some of the
>features in the script are based on it.
>
>-jiri
>
>
>
>
>>Thanks in advance,
>>
>>Stephen
>>
>># main routing logic
>>
>>route{
>> # initial sanity checks -- messages with
>> # max_forwards==0, or excessively long requests
>> if (!mf_process_maxfwd_header("10")) {
>> sl_send_reply("483","Too Many Hops");
>> break;
>> };
>> if (msg:len >= max_len ) {
>> sl_send_reply("513", "Message too big");
>> break;
>> };
>>
>> # !! Nathelper
>> # Special handling for NATed clients; first, NAT test is
>> # executed: it looks for via!=received and RFC1918 addresses
>> # in Contact (may fail if line-folding is used); also,
>> # the received test should, if completed, should check all
>> # vias for rpesence of received
>> #if (nat_uac_test("3")) {
>> # Allow RR-ed requests, as these may indicate that
>> # a NAT-enabled proxy takes care of it; unless it is
>> # a REGISTER
>>
>> if (method == "REGISTER" || ! search("^Record-Route:")) {
>> log("LOG: Someone trying to register from private IP, rewriting\n");
>>
>> # This will work only for user agents that support symmetric
>> # communication. We tested quite many of them and majority is
>> # smart enough to be symmetric. In some phones it takes a configuration
>> # option. With Cisco 7960, it is called NAT_Enable=Yes, with kphone it is
>> # called "symmetric media" and "symmetric signalling".
>>
>> fix_nated_contact(); # Rewrite contact with source IP of signalling
>> force_rport(); # Add rport parameter to topmost Via
>> setflag(6); # Mark as NATed
>> };
>> #};
>>
>> if (method == "INVITE") {
>> fix_nated_sdp("1"); # Add direction=active to SDP
>> log("Arse: forcing rtpproxy in invite");
>> force_rtp_proxy();
>> log("Arse: fix_nated_sdp being run");
>> };
>> # we record-route all messages -- to make sure that
>> # subsequent messages will go through our proxy; that's
>> # particularly good if upstream and downstream entities
>> # use different transport protocol
>> #if (!method=="REGISTER") record_route();
>>
>> # subsequent messages withing a dialog should take the
>> # path determined by record-routing
>> if (loose_route()) {
>> # mark routing logic in request
>> append_hf("P-hint: rr-enforced\r\n");
>> route(1);
>> break;
>> };
>>
>> if (!uri==myself) {
>> # mark routing logic in request
>> append_hf("P-hint: outbound\r\n");
>> route(1);
>> break;
>> };
>>
>> # if the request is for other domain use UsrLoc
>> # (in case, it does not work, use the following command
>> # with proper names and addresses in it)
>> if (uri=~"202.180.83.12") {
>> rewritehostport("sipsrv2.tranzpeer.net:5060");
>> };
>> if (uri=~"sipsrv2.tranzpeer.net") {
>>
>> if (method=="REGISTER") {
>>
>># Uncomment this if you want to use digest authentication
>> if (!www_authorize("sipsrv2.tranzpeer.net", "subscriber")) {
>> www_challenge("sipsrv2.tranzpeer.net", "0");
>> break;
>> };
>>
>> save("location");
>> break;
>> };
>>
>> lookup("aliases");
>> if (!uri==myself) {
>> append_hf("P-hint: outbound alias\r\n");
>> route(1);
>> break;
>> };
>>
>> # native SIP destinations are handled using our USRLOC DB
>> if (!lookup("location")) {
>> forward(202.180.125.200,5060);
>># sl_send_reply("404", "Not Found");
>> break;
>> };
>> };
>> append_hf("P-hint: usrloc applied\r\n");
>> route(1);
>>}
>>
>>route[1]
>>{
>> # !! Nathelper
>> if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && !search("^Route:")){
>> sl_send_reply("479", "We don't forward to private IP addresses");
>> break;
>> };
>>
>> # if client or server know to be behind a NAT, enable relay
>> if (isflagset(6)) {
>> log("Arse: force_rtp_proxy\n");
>> force_rtp_proxy();
>> };
>>
>> # NAT processing of replies; apply to all transactions (for example,
>> # re-INVITEs from public to private UA are hard to identify as
>> # NATed at the moment of request processing); look at replies
>> t_on_reply("1");
>>
>> # send it out now; use stateful forwarding as it works reliably
>> # even for UDP2TCP
>> if (!t_relay()) {
>> sl_reply_error();
>> };
>>}
>>
>># !! Nathelper
>>onreply_route[1] {
>> # NATed transaction ?
>> if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
>> fix_nated_contact();
>> force_rtp_proxy();
>> # otherwise, is it a transaction behind a NAT and we did not
>> # know at time of request processing ? (RFC1918 contacts)
>> } else if (nat_uac_test("1")) {
>> fix_nated_contact();
>> };
>>}
>>
>>
>>-----------------------------------------------------------------------------------------------
>>This message and any attachments contain privileged and confidential information. If you are not the intended recipient of this message, you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please notify the sender immediately via email and then destroy this message and any attachments.
>>
>>_______________________________________________
>>Serusers mailing list
>>serusers(a)lists.iptel.org
>>http://lists.iptel.org/mailman/listinfo/serusers
>
>--
>Jiri Kuthan http://iptel.org/~jiri/
--
Jiri Kuthan http://iptel.org/~jiri/
Hi Jiri,
We got it working both ways now.
We changed the forward to the PSTN gateway so it rewrites the hostport to gateway_ip:5060, that way the trans matches.
Thanks for your help.
-----Original Message-----
From: Jiri Kuthan [mailto:jiri@iptel.org]
Sent: Wednesday, 19 November 2003 11:46 a.m.
To: Stephen Miles; serusers(a)lists.iptel.org
Subject: Re: [Serusers] RTP Proxy help
At 11:33 PM 11/18/2003, Stephen Miles wrote:
>Hello all,
>
>I am having a bit of a problem with getting RTP Proxy to work the way I need it to with PSTN gateway calling.
>
>When I call from the PSTN gateway to the softphone it uses the rtp ptoxy both ways, from ser to the gateway and from ser to the softphone. When I call from the softphone to the PSTN how ever it only proxys from the gateway to ser and not from ser to the softphone.
>
>I have tried all sorts of things to force_rtp_proxy for both ends of the call but so far it's a no go.
>
>Any help would be great.
>
>One thing I did notice is that when I call from the PSTN to the softphone it matches a transaction and the rtp proxy works for both ends, but when calling from the softphone to the PSTN is says failed to match transaction and the rtp proxy only works for one end of the call.
Can you send the network dumps and the logs in question too -- that may be the reason.
If a reply is constructed in a way that mismatches with original request, no changes
to rtprpoxy will be applied.
Also, make sure that you are using latest CVS version from HEAD, some of the
features in the script are based on it.
-jiri
>Thanks in advance,
>
>Stephen
>
># main routing logic
>
>route{
> # initial sanity checks -- messages with
> # max_forwards==0, or excessively long requests
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> break;
> };
> if (msg:len >= max_len ) {
> sl_send_reply("513", "Message too big");
> break;
> };
>
> # !! Nathelper
> # Special handling for NATed clients; first, NAT test is
> # executed: it looks for via!=received and RFC1918 addresses
> # in Contact (may fail if line-folding is used); also,
> # the received test should, if completed, should check all
> # vias for rpesence of received
> #if (nat_uac_test("3")) {
> # Allow RR-ed requests, as these may indicate that
> # a NAT-enabled proxy takes care of it; unless it is
> # a REGISTER
>
> if (method == "REGISTER" || ! search("^Record-Route:")) {
> log("LOG: Someone trying to register from private IP, rewriting\n");
>
> # This will work only for user agents that support symmetric
> # communication. We tested quite many of them and majority is
> # smart enough to be symmetric. In some phones it takes a configuration
> # option. With Cisco 7960, it is called NAT_Enable=Yes, with kphone it is
> # called "symmetric media" and "symmetric signalling".
>
> fix_nated_contact(); # Rewrite contact with source IP of signalling
> force_rport(); # Add rport parameter to topmost Via
> setflag(6); # Mark as NATed
> };
> #};
>
> if (method == "INVITE") {
> fix_nated_sdp("1"); # Add direction=active to SDP
> log("Arse: forcing rtpproxy in invite");
> force_rtp_proxy();
> log("Arse: fix_nated_sdp being run");
> };
> # we record-route all messages -- to make sure that
> # subsequent messages will go through our proxy; that's
> # particularly good if upstream and downstream entities
> # use different transport protocol
> #if (!method=="REGISTER") record_route();
>
> # subsequent messages withing a dialog should take the
> # path determined by record-routing
> if (loose_route()) {
> # mark routing logic in request
> append_hf("P-hint: rr-enforced\r\n");
> route(1);
> break;
> };
>
> if (!uri==myself) {
> # mark routing logic in request
> append_hf("P-hint: outbound\r\n");
> route(1);
> break;
> };
>
> # if the request is for other domain use UsrLoc
> # (in case, it does not work, use the following command
> # with proper names and addresses in it)
> if (uri=~"202.180.83.12") {
> rewritehostport("sipsrv2.tranzpeer.net:5060");
> };
> if (uri=~"sipsrv2.tranzpeer.net") {
>
> if (method=="REGISTER") {
>
># Uncomment this if you want to use digest authentication
> if (!www_authorize("sipsrv2.tranzpeer.net", "subscriber")) {
> www_challenge("sipsrv2.tranzpeer.net", "0");
> break;
> };
>
> save("location");
> break;
> };
>
> lookup("aliases");
> if (!uri==myself) {
> append_hf("P-hint: outbound alias\r\n");
> route(1);
> break;
> };
>
> # native SIP destinations are handled using our USRLOC DB
> if (!lookup("location")) {
> forward(202.180.125.200,5060);
># sl_send_reply("404", "Not Found");
> break;
> };
> };
> append_hf("P-hint: usrloc applied\r\n");
> route(1);
>}
>
>route[1]
>{
> # !! Nathelper
> if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && !search("^Route:")){
> sl_send_reply("479", "We don't forward to private IP addresses");
> break;
> };
>
> # if client or server know to be behind a NAT, enable relay
> if (isflagset(6)) {
> log("Arse: force_rtp_proxy\n");
> force_rtp_proxy();
> };
>
> # NAT processing of replies; apply to all transactions (for example,
> # re-INVITEs from public to private UA are hard to identify as
> # NATed at the moment of request processing); look at replies
> t_on_reply("1");
>
> # send it out now; use stateful forwarding as it works reliably
> # even for UDP2TCP
> if (!t_relay()) {
> sl_reply_error();
> };
>}
>
># !! Nathelper
>onreply_route[1] {
> # NATed transaction ?
> if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
> fix_nated_contact();
> force_rtp_proxy();
> # otherwise, is it a transaction behind a NAT and we did not
> # know at time of request processing ? (RFC1918 contacts)
> } else if (nat_uac_test("1")) {
> fix_nated_contact();
> };
>}
>
>
>-----------------------------------------------------------------------------------------------
>This message and any attachments contain privileged and confidential information. If you are not the intended recipient of this message, you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please notify the sender immediately via email and then destroy this message and any attachments.
>
>_______________________________________________
>Serusers mailing list
>serusers(a)lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
--
Jiri Kuthan http://iptel.org/~jiri/
I want to directly add my existing customer database to ser database.
I would like to know how can i do that.
I have seen two colums ha1 & ha1b & confirmation has some value, I dunno
how can i calculate those values. Can you help me pls.
Kannaiyan
Please do not reply personally, always keep the mailing list among
recipient so others can benefit from that.
domain column is matched when you set use_domain parameter in registrar
and usrloc modules to 1.
Jan.
On 18-11 23:46, Kannaiyan Natesan wrote:
> Hi Jan,
>
> thanks for your reply.
>
> Is the domain matched when I use the lookup("domain") ?
>
> Kannaiyan
>
> ----- Original Message -----
> From: "Jan Janak" <jan(a)iptel.org>
> To: "Kannaiyan Natesan" <nkans(a)lycos.co.uk>
> Cc: <serusers(a)lists.iptel.org>
> Sent: Tuesday, November 18, 2003 11:11 PM
> Subject: Re: [Serusers] Cyclic Attack ??
>
>
> > On 18-11 23:03, Kannaiyan Natesan wrote:
> > > Asume we have two domains, A & B Pointed to a single ser server.
> > > If I create a user in Domain A will the ser validate only for domain A
> > > only.
> > > I could not find any domain information in the subscriber table.
> >
> > The table contains "domain" column.
> >
> > Jan.
> >
>
Hi !
I don't know that is a ser problem
but I cannot make a call from ATA-186 ( with analog phone)
to PSTN phone via my gateway.
I receive 400 Bad Request - Invalid IP address
If I call to IP everything is ok.
I don't have this proble when I call from softphone like kphone
to PSTN phone.
Did somebody have similar problem ?
Which version of ATA software do you use ?
Regards
Andrzej
Will Ser handle Cyclic attacks ?
I.
If I have two domains A & B,
When A requests a call forwards to B, & B forwards to A.
Will Ser be able to prevent this cyclic attack? or how to mange this?
II.
Asume we have two domains, A & B Pointed to a single ser server.
If I create a user in Domain A will the ser validate only for domain A
only.
I could not find any domain information in the subscriber table.
Anyone help me pls.
Kannaiyan
Anyone has an idea what's phplib_id filed in table subscriber and how is it
generated?
Tnx in advance.
_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.
http://join.msn.com/?page=features/junkmail
I used the sample config files provided by jiri from
http://iptel.org/~faqomatic/fom-serve/cache/92.html
klaus
> -----Original Message-----
> From: Sesha B [mailto:sesha@iic.com]
> Sent: Tuesday, November 18, 2003 4:10 PM
> To: Klaus Darilion
> Subject: RE: voicemail
>
>
> Hi,
>
> I'm trying to do the redirection to voicemail, but I was not
> able to. Can
> you please do me a favor? Can you please send me the section
> of the code
> that does the redirection to the voicemail? Thank you very much.
>
>
> -----Original Message-----
> From: serusers-bounces(a)iptel.org [mailto:serusers-bounces@lists.iptel.org]On
> Behalf Of Klaus Darilion
> Sent: Tuesday, November 18, 2003 6:01 AM
> To: serusers(a)lists.iptel.org
> Subject: [Serusers] fr_inv_timer problem when using SIPPS
>
>
> Hi!
>
> I tried voicemail with redirect to the vm-proxy if the user
> doesn't pick up
> the phone after 10 seconds. It works fine if I call a kphone
> user, but not
> with SIPPS users. SIPPS sends a 180 Ringing every five seconds which
> probably resets the timer - if I choose timer intervalls
> shorter than 5
> seconds it also works with SIPPS.
>
> Is this a bug?
>
> tried with ser:
> 0.8.12dev-t14
> 0.8.11rc1
> 0.8.11-r1
>
> regards,
> Klaus
>
>
> ----------
> #
> # $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $
> #
> # simple quick-start config script
> #
>
> # ----------- global configuration parameters ------------------------
>
> debug=3 # debug level (cmd line: -dddddddddd)
> fork=yes
> log_stderror=no # (cmd line: -E)
>
> /* Uncomment these lines to enter debugging mode
> debug=7
> fork=no
> log_stderror=yes
> */
>
> check_via=no # (cmd. line: -v)
> dns=no # (cmd. line: -r)
> rev_dns=no # (cmd. line: -R)
> port=5060
> children=4
> fifo="/tmp/ser_fifo"
> alias=obelix.ict.tuwien.ac.at
> # ------------------ module loading ----------------------------------
>
> # Uncomment this if you want to use SQL database
> loadmodule "/usr/local/lib/ser/modules/mysql.so"
>
> loadmodule "/usr/local/lib/ser/modules/sl.so"
> loadmodule "/usr/local/lib/ser/modules/tm.so"
> loadmodule "/usr/local/lib/ser/modules/rr.so"
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
>
> # Uncomment this if you want digest authentication
> # mysql.so must be loaded !
> loadmodule "/usr/local/lib/ser/modules/auth.so"
> loadmodule "/usr/local/lib/ser/modules/auth_db.so"
>
> # load the voicemail module
> #loadmodule "/usr/local/lib/ser/modules/vm.so"
>
> # load the enum module
> loadmodule "/usr/local/lib/ser/modules/enum.so"
>
> # load the group module, to verify if a user forwards to voicemail
> loadmodule "/usr/local/lib/ser/modules/group.so"
>
> # load the nathelper module
> #loadmodule "/usr/local/lib/ser/modules/nathelper.so"
>
> # ----------------- setting module-specific parameters ---------------
>
> # -- usrloc params --
>
> #modparam("usrloc", "db_mode", 0)
>
> # Uncomment this if you want to use SQL database
> # for persistent storage and comment the previous line
> modparam("usrloc", "db_mode", 2)
> modparam("usrloc", "db_url", "sql://ser:ser2000@localhost/ser")
>
> # -- auth params --
> # Uncomment if you are using auth module
> #
> modparam("auth_db", "calculate_ha1", yes)
> #
> # If you set "calculate_ha1" parameter to yes (which true in
> this config),
> # uncomment also the following parameter)
> #
> modparam("auth_db", "password_column", "password")
> modparam("auth_db", "db_url", "sql://ser:ser2000@localhost/ser")
>
> # -- rr params --
> # add value to ;lr param to make some broken UAs happy
> modparam("rr", "enable_full_lr", 1)
>
> # -- voicemail params --
> #modparam("voicemail", "db_url","sql://ser:ser2000@localhost/ser")
>
> # -- voicemail params --
> modparam("group", "db_url","sql://serro:serro2000@localhost/ser")
>
> # -- nathelper params --
> #modparam("nathelper", "natping_interval", 10)
>
> modparam("tm", "fr_inv_timer", 8 )
> modparam("tm", "fr_inv_timer", 8 )
>
> # ------------------------- request routing logic -------------------
>
> # main routing logic
>
> route{
>
> lookup("aliases");
> # initial sanity checks -- messages with
> # max_forwards==0, or excessively long requests
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> break;
> };
> #if (msg:len > max_len) {
> if (len_gt( max_len )) {
> sl_send_reply("513", "Message too big");
> break;
> };
>
> # we record-route all messages -- to make sure that
> # subsequent messages will go through our proxy; that's
> # particularly good if upstream and downstream entities
> # use different transport protocol
>
> #remove record route for dissipate
> #if (!(method=="REGISTER")) record_route();
>
> # loose-route processing
> if (loose_route()) {
> t_relay();
> break;
> };
>
> # if the request is for other domain use UsrLoc
> # (in case, it does not work, use the following command
> # with proper names and addresses in it)
> if (uri==myself) {
>
> if (method=="REGISTER") {
>
> # Uncomment this if you want to use digest authentication
> # if (!www_authorize("obelix.ict.tuwien.ac.at",
> "subscriber")) {
> # www_challenge("obelix.ict.tuwien.ac.at",
> "0");
> # break;
> # };
>
> if (!save("location")) {
> sl_reply_error();
> };
> break;
> };
>
> # check if number beginns with 00, then convert
> it into a +
> if (uri=~"^sip:00[0-9]*@") {
> # strip booth leading "0"
> strip(2);
> prefix("+");
> };
> # check if request uri begins with an internation phone
> number, if yes, try enum to resolve
> if (uri=~"sip:\+?[0-9]+@.*") {
> enum_query("voice");
> };
>
> #mark transaction for voicemail
> if (is_user_in("Request-URI", "voicemail")) {
> setflag(4);
> };
>
> # native SIP destinations are handled using our
> USRLOC DB
> if (!lookup("location")) {
> # handle user which was not found
> route(4);
> break;
> };
> };
>
> #add failure route which should be performed if
> response code >=300
> if (method=="INVITE" && isflagset(4)) {
> t_on_failure("1");
> };
>
> # forward to current uri now; use stateful forwarding; that
> # works reliably even if we forward from TCP to UDP
> if (!t_relay()) {
> sl_reply_error();
> };
>
> }
>
> route[4]{
>
> # non-Voip -- just send "off-line"
> if (!(method == "INVITE" || method == "ACK" || method
> == "CANCEL" ||
> method == "REFER" || method == "BYE")) {
> sl_send_reply("404", "Not Found");
> break;
> };
>
> # not voicemail subscriber
> if (!isflagset(4)) {
> sl_send_reply("404", "Not Found and no voicemail turned
> on");
> break;
> };
>
> # forward to voicemail now
> #rewritehostport("machtnix.ict.tuwien.ac.at:5060");
> t_relay_to_udp("machtnix.ict.tuwien.ac.at", "5060");
>
> #klaus
> #forward(machtnix.ict.tuwien.ac.at, 5060)
> }
>
>
>
> failure_route[1] {
> /* XX: note: unsafe if preloaded routes without username used */
> revert_uri();
> revert_uri();
> #rewritehostport("machtnix.ict.tuwien.ac.at:5060");
> append_branch();
> t_relay_to_udp("machtnix.ict.tuwien.ac.at", "5060");
> }
>
>
> _______________________________________________
> Serusers mailing list
> serusers(a)lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
I'm facing problem with SER when my system reboots or in restart.
It does not start automatically.
I also created /etc/init.d/ser.
Kindly help pls.
Kannaiyan
