Hi.
I've been trying to fix this issue by myself for about a month but definitely needs your help.
I use SER 0.8.14 from CVS sources with RTPProxy V 1.19 and can't have RTP stream working through NAT (the phone rings -- SIP is OK).
SER and RTPProxy run on the same server.
RTPProxy is up and running, and I set 777 rights to the socket:
[root@servername rtpproxy]# ll /var/run/rtpproxy.sock
srwxrwxrwx 1 root root 0 Nov 8 16:22 /var/run/rtpproxy.sock=
I use as a client X-Lite V2.0 on each side.
Please find below the log (call initiated from Internet to a callee on our LAN) and the excellent ser.cfg file I found in the Serusers Archives.
Thank you in advance for your help.
Francois.
=====================================================================================================================
LOG:
=====================================================================================================================
Maxfwd module- initializing
0(28184) mod_init(): Database connection opened successfuly
textops - initializing
0(0) INFO: udp_init: SO_RCVBUF is initially 65535
0(0) INFO: udp_init: SO_RCVBUF is finally 131070
1(28186) rtpp_test: RTP proxy found, support for it enabled
5(28195) INFO: fifo process starting: 28195
2(28187) rtpp_test: RTP proxy found, support for it enabled
3(28188) rtpp_test: RTP proxy found, support for it enabled
4(28194) rtpp_test: RTP proxy found, support for it enabled
5(28195) rtpp_test: RTP proxy found, support for it enabled
5(28195) SER: open_uac_fifo: fifo server up at /tmp/ser_fifo...
8(28208) rtpp_test: RTP proxy found, support for it enabled
6(28206) rtpp_test: RTP proxy found, support for it enabled
10(28213) rtpp_test: RTP proxy found, support for it enabled
7(28207) rtpp_test: RTP proxy found, support for it enabled
11(28214) rtpp_test: RTP proxy found, support for it enabled
9(28209) rtpp_test: RTP proxy found, support for it enabled
0(28184) rtpp_test: RTP proxy found, support for it enabled
4(28194) -------------------------------------------
4(28194) entering main loop
4(28194) src address different than via header->NAT detected
4(28194) force_rport and fix_nated_contact and setflag(5)
4(28194) INVITE message received
4(28194) -------------------------------------------
4(28194) entering route[1] - relaying SIP message
4(28194) at least one of the participants is NATed->record_route
4(28194) -->setting up reply processing ->onreply_route[1] 4(28194) INVITE request-->force_rtp_proxy, set NATED-INVITE flag(7) 4(28194) relaying message ...
3(28188) -------------------------------------------
3(28188) onreply_route[1] entered
3(28188) status 100 received
4(28194) -------------------------------------------
4(28194) onreply_route[1] entered
4(28194) status 180 received
2(28187) -------------------------------------------
2(28187) onreply_route[1] entered
2(28187) status 2xx or 183 2(28187) marked(7) as NATED-INVITE -> force_rtp_proxy
2(28187) ERROR: send_rtpp_command: can't read reply from a RTP proxy
2(28187) -------------------------------------------
2(28187) onreply_route[1] entered
2(28187) status 2xx or 183 2(28187) marked(7) as NATED-INVITE -> force_rtp_proxy
2(28187) ERROR: send_rtpp_command: can't connect to RTP proxy
3(28188) -------------------------------------------
3(28188) entering main loop
3(28188) BYE message received
3(28188) -------------------------------------------
========================================================================================================================
SER.CFG
========================================================================================================================
#
# $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=yes # (cmd line: -E)
listen=<ip address in the DMZ>
#listen=127.0.0.1
# hostname matching an alias will satisfy the condition uri==myself".
alias=servername.mycompany.comalias=mycompany.com localhost
# Uncomment these lines to enter debugging mode
#debug=7
#fork=no
#log_stderror=yes
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# load the voicemail module
#loadmodule "/usr/local/lib/ser/modules/vm.so"
# load the enum module
loadmodule "/usr/local/lib/ser/modules/enum.so"
# load the group module, to verify if a user forwards to voicemail
loadmodule "/usr/local/lib/ser/modules/group.so"
# load the nathelper module
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# -- registrar parameter
# special NAT flag indicates that a registered client is behind NAT
modparam("registrar", "nat_flag", 6)
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
#modparam("usrloc", "db_url", "mysql://login:password@localhost/ser")
modparam("usrloc|auth_db|acc|group|msilo|uri","db_url","mysql://login:password@localhost/ser")
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")
#modparam("auth_db", "db_url", "mysql://login:password@localhost/ser")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# -- voicemail params --
#modparam("voicemail", "db_url","mysql://login:password@localhost/ser")
# -- voicemail params --
#modparam("group", "db_url","mysql://login:password@localhost/ser")
# -- nathelper params --
modparam("nathelper", "natping_interval", 60)
modparam("nathelper", "ping_nated_only", 1)
modparam("tm", "fr_inv_timer", 30 )
#modparam("tm", "fr_inv_timer", 8 )
#Explicitly set the socket used by rtpproxy
#modparam("nathelpler", "rtpproxy_sock", "/var/run/rtpproxy.sock")
# ------------------------- request routing logic -------------------
# main routing logic
route{
log(1, "-------------------------------------------\n");
log(1, "entering main loop\n");
if (nat_uac_test("2")) {
log(1, "src address different than via header->NAT detected\n");
log(1, "force_rport and fix_nated_contact and setflag(5)\n");
#try NAT traversal, works only if the client is symmetrical
force_rport();
fix_nated_contact();
append_hf("P-hint: fixed NAT contact for request\r\n");
# flag 5 indicates that incoming request is from NATed client
setflag(5);
};
if (method=="REGISTER")
log(1, "REGISTER message received\n");
if (method=="INVITE")
log(1, "INVITE message received\n");
if (method=="ACK")
log(1, "ACK message received\n");
if (method=="BYE")
log(1, "BYE message received\n");
if (method=="CANCEL")
log(1, "CANCEL message received\n");
if (method=="SUBSCRIBE")
log(1, "SUBSCRIBE message received\n");
if (method=="NOTIFY")
log(1, "NOTIFY message received\n");
if (method=="OPTIONS")
log(1, "OPTIONS message received\n");
if (method=="INFO")
log(1, "INFO message received\n");
if (method=="MESSAGE")
log(1, "MESSAGE message received\n");
if (method=="REFER")
log(1, "REFER message received\n");
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len > max_len) {
#if (len_gt( max_len )) {
sl_send_reply("513", "Message too big");
break;
};
# loose-route processing
if (loose_route()) {
log(1, "loose_route processing\n");
t_relay();
break;
};
# create transaction state; abort if error occured
# if ( !t_newtran()) {
# sl_reply_error();
# break;
# };
#new
# now check if it's about PSTN destinations through our gateway;
# note that 8.... is exempted for numerical non-gw destinations
if (uri=~"^sip:0[0-9]*@.*") {
route(3);
break;
};
#
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
log(1, "analyzing REGISTER request\n");
# Uncomment this if you want to use digest authentication
if (!www_authorize("servername.mycompany.com", "subscriber")) {
www_challenge("servername.mycompany.com", "0");
break;
};
if (isflagset(5)) {
#register from nated client, save nat_flag=6
#in location table
setflag(6);
};
if (!save("location")) {
log(1, "save location error\n");
sl_reply_error();
};
break;
};
lookup("aliases");
#mark transaction for voicemail
if (is_user_in("Request-URI", "voicemail\n")) {
log(1, "requested user is in voicemail group");
setflag(4);
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
# handle user which was not found
log(1, "requested user not found\n");
route(4);
break;
};
};
#add failure route which should be performed if response code >=300
if (method=="INVITE" && isflagset(4)) {
log(1, "invite for voicemail user->initiate failureroute[1]\n");
t_on_failure("1");
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
route(1);
}
route[1]{
log(1, "-------------------------------------------\n");
log(1, "entering route[1] - relaying SIP message\n");
if ((isflagset(5)) || (isflagset(6))) {
log(1, "at least one of the participants is NATed->record_route\n");
record_route();
log(1, " -->setting up reply processing ->onreply_route[1]");
t_on_reply("1");
if (method=="INVITE") {
log(1, " INVITE request-->force_rtp_proxy, set NATED-INVITE flag(7)");
force_rtp_proxy();
append_hf("P-hint: request forced to rtp proxy\r\n");
setflag(7);
};
};
log(1, "relaying message ...\n");
if (!t_relay()) {
log(1, "t_relay error occured\n");
sl_reply_error();
};
}
# all incoming replies for t_onrepli-ed transactions enter here
onreply_route[1] {
log(1, "-------------------------------------------\n");
log(1, "onreply_route[1] entered\n");
if (isflagset(6)) {
log(1, "transaction was sent to a NATED client -> fix nated contact\n");
fix_nated_contact();
append_hf("P-hint: fixed NAT contact for response\r\n");
}
if ( (status=~"100") ) {
log(1, "status 100 received\n");
};
if ( (status=~"180") ) {
log(1, "status 180 received\n");
};
if ( (status=~"202") ) {
log(1, "status 202 received\n");
};
if ( (status=~"200" || status=~"183") ) {
log(1, "status 2xx or 183");
if ( isflagset(7) ) {
log(1, "marked(7) as NATED-INVITE -> force_rtp_proxy \n");
force_rtp_proxy();
append_hf("P-hint: response forced to rtp proxy\r\n");
};
};
}
#new
# logic for calls to the PSTN
route[3] {
# turn accounting on
setflag(1);
/* require all who call PSTN to be members of the "int" group;
apply ACLs only to INVITEs -- we don't need to protect other requests, as they
don't imply charges; also it could cause troubles when a call comes in via PSTN
and goes to a party that can't authenticate (voicemail, other domain) -- BYEs would
fail then; exempt Cisco gateway from authentication by IP address -- it does not
support digest
*/
if (method=="INVITE" && (!src_ip==WhateverIP)) {
if (!proxy_authorize( "servername.mycompany.com" /* realm */,
"subscriber" /* table name */)) {
proxy_challenge( "servername.mycompany.com" /* realm */, "0" /* no qop */ );
break;
};
# let's check from=id ... avoids accounting confusion
if(!is_user_in("credentials", "int")) {
sl_send_reply("403", "NO PSTN Privileges...");
break;
};
consume_credentials();
}; # INVITE to authorized PSTN
# if you have passed through all the checks, let your call go to GW!
force_rtp_proxy();
record_route();
t_on_reply("1");
# snom conditioner
if (method=="INVITE" && search("User-Agent: snom")) {
replace("100rel, ", "");
};
append_hf("P-hint: GATEWAY\r\n");
# use UDP to guarantee well-known sender port (TCP ephemeral)
t_relay_to_udp("212.17.35.184","5060");
}
route[4]{
log(1, "-------------------------------------------\n");
log(1, "entering route[4] = requested user not online\n");
# non-Voip -- just send "off-line"
if (!(method == "INVITE" || method == "ACK" || method == "CANCEL" || method == "REFER" || method == "BYE")) {
log(1, "no invite,ack,cancel,refer->return 404\n");
sl_send_reply("404", "Not Found");
break;
};
# not voicemail subscriber and no echo/conference call
if ( isflagset(4)) {
log(1, "flag(4) active\n");
};
if (uri =~ "conference") {
log(1, "conference call\n");
};
if (uri =~ "echo") {
log(1, "echo call\n");
};
if ( !( isflagset(4) || (uri =~ "conference") || (uri =~ "echo") ) ) {
log(1, "no voicemail subscriber->return 404");
sl_send_reply("404", "Not Found and no voicemail turned on");
break;
};
if ( isflagset(5) ) {
log(1, "caller is NATed->record_route\n");
record_route();
log(1, " -->setting up reply processing ->onreply_route[1]");
t_on_reply("1");
if (method=="INVITE") {
log(1, " INVITE request-->force_rtp_proxy");
force_rtp_proxy();
};
};
# forward to voicemail now
² rewritehostport("WhateverIP:5060");
log(1, "forward to voicemail\n");
t_relay_to_udp("WhateverIP", "5060");
}
failure_route[1] {
/* XX: note: unsafe if preloaded routes without username used */
log(1, "-------------------------------------------\n");
log(1, "failureroute[1] entered\");
revert_uri();
rewritehostport("WhateverIP:5060");
append_branch();
t_relay_to_udp("WhateverIP", "5060");
}
************************ ADSL ILLIMITE TISCALI + TELEPHONE GRATUIT ************************
Surfez 40 fois plus vite pour 30EUR/mois seulement ! Et téléphonez partout en France gratuitement,
vers les postes fixes (hors numéros spéciaux). Tarifs très avantageux vers les mobiles et l'international !
Pour profiter de cette offre exceptionnelle, cliquez ici : http://register.tiscali.fr/adsl (voir conditions sur le site)
Hello List.
I have a question regarding to the User and Password configured in a
UA. In which part of all the authentication process the password is used by
SER? If i have Radius for authenticate users, this password is "encrypted"
in the nonce parameter? If so, what prevent for some attacker to
"intercept" this packet and obtain this values?.
Thanks in advance
Ricardo Martinez
Hi.
I've been trying to fix this issue by myself for about a month but definitely needs your help.
I use SER 0.8.14 from CVS sources with RTPProxy V 1.19 and can't have RTP stream working through NAT (the phone rings -- SIP is OK).
SER and RTPProxy run on the same server.
RTPProxy is up and running, and I set 777 rights to the socket:
[root@servername rtpproxy]# ll /var/run/rtpproxy.sock
srwxrwxrwx 1 root root 0 Nov 8 16:22 /var/run/rtpproxy.sock=
I use as a client X-Lite V2.0 on each side.
Please find below the log (call initiated from Internet to a callee on our LAN) and the excellent ser.cfg file I found in the Serusers Archives.
Thank you in advance for your help.
Francois.
=====================================================================================================================
LOG:
=====================================================================================================================
Maxfwd module- initializing
0(28184) mod_init(): Database connection opened successfuly
textops - initializing
0(0) INFO: udp_init: SO_RCVBUF is initially 65535
0(0) INFO: udp_init: SO_RCVBUF is finally 131070
1(28186) rtpp_test: RTP proxy found, support for it enabled
5(28195) INFO: fifo process starting: 28195
2(28187) rtpp_test: RTP proxy found, support for it enabled
3(28188) rtpp_test: RTP proxy found, support for it enabled
4(28194) rtpp_test: RTP proxy found, support for it enabled
5(28195) rtpp_test: RTP proxy found, support for it enabled
5(28195) SER: open_uac_fifo: fifo server up at /tmp/ser_fifo...
8(28208) rtpp_test: RTP proxy found, support for it enabled
6(28206) rtpp_test: RTP proxy found, support for it enabled
10(28213) rtpp_test: RTP proxy found, support for it enabled
7(28207) rtpp_test: RTP proxy found, support for it enabled
11(28214) rtpp_test: RTP proxy found, support for it enabled
9(28209) rtpp_test: RTP proxy found, support for it enabled
0(28184) rtpp_test: RTP proxy found, support for it enabled
4(28194) -------------------------------------------
4(28194) entering main loop
4(28194) src address different than via header->NAT detected
4(28194) force_rport and fix_nated_contact and setflag(5)
4(28194) INVITE message received
4(28194) -------------------------------------------
4(28194) entering route[1] - relaying SIP message
4(28194) at least one of the participants is NATed->record_route
4(28194) -->setting up reply processing ->onreply_route[1] 4(28194) INVITE request-->force_rtp_proxy, set NATED-INVITE flag(7) 4(28194) relaying message ...
3(28188) -------------------------------------------
3(28188) onreply_route[1] entered
3(28188) status 100 received
4(28194) -------------------------------------------
4(28194) onreply_route[1] entered
4(28194) status 180 received
2(28187) -------------------------------------------
2(28187) onreply_route[1] entered
2(28187) status 2xx or 183 2(28187) marked(7) as NATED-INVITE -> force_rtp_proxy
2(28187) ERROR: send_rtpp_command: can't read reply from a RTP proxy
2(28187) -------------------------------------------
2(28187) onreply_route[1] entered
2(28187) status 2xx or 183 2(28187) marked(7) as NATED-INVITE -> force_rtp_proxy
2(28187) ERROR: send_rtpp_command: can't connect to RTP proxy
3(28188) -------------------------------------------
3(28188) entering main loop
3(28188) BYE message received
3(28188) -------------------------------------------
========================================================================================================================
SER.CFG
========================================================================================================================
#
# $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=yes # (cmd line: -E)
listen=<ip address in the DMZ>
#listen=127.0.0.1
# hostname matching an alias will satisfy the condition uri==myself".
alias=servername.mycompany.comalias=mycompany.com localhost
# Uncomment these lines to enter debugging mode
#debug=7
#fork=no
#log_stderror=yes
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# load the voicemail module
#loadmodule "/usr/local/lib/ser/modules/vm.so"
# load the enum module
loadmodule "/usr/local/lib/ser/modules/enum.so"
# load the group module, to verify if a user forwards to voicemail
loadmodule "/usr/local/lib/ser/modules/group.so"
# load the nathelper module
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# -- registrar parameter
# special NAT flag indicates that a registered client is behind NAT
modparam("registrar", "nat_flag", 6)
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
#modparam("usrloc", "db_url", "mysql://login:password@localhost/ser")
modparam("usrloc|auth_db|acc|group|msilo|uri","db_url","mysql://login:password@localhost/ser")
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")
#modparam("auth_db", "db_url", "mysql://login:password@localhost/ser")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# -- voicemail params --
#modparam("voicemail", "db_url","mysql://login:password@localhost/ser")
# -- voicemail params --
#modparam("group", "db_url","mysql://login:password@localhost/ser")
# -- nathelper params --
modparam("nathelper", "natping_interval", 60)
modparam("nathelper", "ping_nated_only", 1)
modparam("tm", "fr_inv_timer", 30 )
#modparam("tm", "fr_inv_timer", 8 )
#Explicitly set the socket used by rtpproxy
#modparam("nathelpler", "rtpproxy_sock", "/var/run/rtpproxy.sock")
# ------------------------- request routing logic -------------------
# main routing logic
route{
log(1, "-------------------------------------------\n");
log(1, "entering main loop\n");
if (nat_uac_test("2")) {
log(1, "src address different than via header->NAT detected\n");
log(1, "force_rport and fix_nated_contact and setflag(5)\n");
#try NAT traversal, works only if the client is symmetrical
force_rport();
fix_nated_contact();
append_hf("P-hint: fixed NAT contact for request\r\n");
# flag 5 indicates that incoming request is from NATed client
setflag(5);
};
if (method=="REGISTER")
log(1, "REGISTER message received\n");
if (method=="INVITE")
log(1, "INVITE message received\n");
if (method=="ACK")
log(1, "ACK message received\n");
if (method=="BYE")
log(1, "BYE message received\n");
if (method=="CANCEL")
log(1, "CANCEL message received\n");
if (method=="SUBSCRIBE")
log(1, "SUBSCRIBE message received\n");
if (method=="NOTIFY")
log(1, "NOTIFY message received\n");
if (method=="OPTIONS")
log(1, "OPTIONS message received\n");
if (method=="INFO")
log(1, "INFO message received\n");
if (method=="MESSAGE")
log(1, "MESSAGE message received\n");
if (method=="REFER")
log(1, "REFER message received\n");
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len > max_len) {
#if (len_gt( max_len )) {
sl_send_reply("513", "Message too big");
break;
};
# loose-route processing
if (loose_route()) {
log(1, "loose_route processing\n");
t_relay();
break;
};
# create transaction state; abort if error occured
# if ( !t_newtran()) {
# sl_reply_error();
# break;
# };
#new
# now check if it's about PSTN destinations through our gateway;
# note that 8.... is exempted for numerical non-gw destinations
if (uri=~"^sip:0[0-9]*@.*") {
route(3);
break;
};
#
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
log(1, "analyzing REGISTER request\n");
# Uncomment this if you want to use digest authentication
if (!www_authorize("servername.mycompany.com", "subscriber")) {
www_challenge("servername.mycompany.com", "0");
break;
};
if (isflagset(5)) {
#register from nated client, save nat_flag=6
#in location table
setflag(6);
};
if (!save("location")) {
log(1, "save location error\n");
sl_reply_error();
};
break;
};
lookup("aliases");
#mark transaction for voicemail
if (is_user_in("Request-URI", "voicemail\n")) {
log(1, "requested user is in voicemail group");
setflag(4);
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
# handle user which was not found
log(1, "requested user not found\n");
route(4);
break;
};
};
#add failure route which should be performed if response code >=300
if (method=="INVITE" && isflagset(4)) {
log(1, "invite for voicemail user->initiate failureroute[1]\n");
t_on_failure("1");
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
route(1);
}
route[1]{
log(1, "-------------------------------------------\n");
log(1, "entering route[1] - relaying SIP message\n");
if ((isflagset(5)) || (isflagset(6))) {
log(1, "at least one of the participants is NATed->record_route\n");
record_route();
log(1, " -->setting up reply processing ->onreply_route[1]");
t_on_reply("1");
if (method=="INVITE") {
log(1, " INVITE request-->force_rtp_proxy, set NATED-INVITE flag(7)");
force_rtp_proxy();
append_hf("P-hint: request forced to rtp proxy\r\n");
setflag(7);
};
};
log(1, "relaying message ...\n");
if (!t_relay()) {
log(1, "t_relay error occured\n");
sl_reply_error();
};
}
# all incoming replies for t_onrepli-ed transactions enter here
onreply_route[1] {
log(1, "-------------------------------------------\n");
log(1, "onreply_route[1] entered\n");
if (isflagset(6)) {
log(1, "transaction was sent to a NATED client -> fix nated contact\n");
fix_nated_contact();
append_hf("P-hint: fixed NAT contact for response\r\n");
}
if ( (status=~"100") ) {
log(1, "status 100 received\n");
};
if ( (status=~"180") ) {
log(1, "status 180 received\n");
};
if ( (status=~"202") ) {
log(1, "status 202 received\n");
};
if ( (status=~"200" || status=~"183") ) {
log(1, "status 2xx or 183");
if ( isflagset(7) ) {
log(1, "marked(7) as NATED-INVITE -> force_rtp_proxy \n");
force_rtp_proxy();
append_hf("P-hint: response forced to rtp proxy\r\n");
};
};
}
#new
# logic for calls to the PSTN
route[3] {
# turn accounting on
setflag(1);
/* require all who call PSTN to be members of the "int" group;
apply ACLs only to INVITEs -- we don't need to protect other requests, as they
don't imply charges; also it could cause troubles when a call comes in via PSTN
and goes to a party that can't authenticate (voicemail, other domain) -- BYEs would
fail then; exempt Cisco gateway from authentication by IP address -- it does not
support digest
*/
if (method=="INVITE" && (!src_ip==WhateverIP)) {
if (!proxy_authorize( "servername.mycompany.com" /* realm */,
"subscriber" /* table name */)) {
proxy_challenge( "servername.mycompany.com" /* realm */, "0" /* no qop */ );
break;
};
# let's check from=id ... avoids accounting confusion
if(!is_user_in("credentials", "int")) {
sl_send_reply("403", "NO PSTN Privileges...");
break;
};
consume_credentials();
}; # INVITE to authorized PSTN
# if you have passed through all the checks, let your call go to GW!
force_rtp_proxy();
record_route();
t_on_reply("1");
# snom conditioner
if (method=="INVITE" && search("User-Agent: snom")) {
replace("100rel, ", "");
};
append_hf("P-hint: GATEWAY\r\n");
# use UDP to guarantee well-known sender port (TCP ephemeral)
t_relay_to_udp("212.17.35.184","5060");
}
route[4]{
log(1, "-------------------------------------------\n");
log(1, "entering route[4] = requested user not online\n");
# non-Voip -- just send "off-line"
if (!(method == "INVITE" || method == "ACK" || method == "CANCEL" || method == "REFER" || method == "BYE")) {
log(1, "no invite,ack,cancel,refer->return 404\n");
sl_send_reply("404", "Not Found");
break;
};
# not voicemail subscriber and no echo/conference call
if ( isflagset(4)) {
log(1, "flag(4) active\n");
};
if (uri =~ "conference") {
log(1, "conference call\n");
};
if (uri =~ "echo") {
log(1, "echo call\n");
};
if ( !( isflagset(4) || (uri =~ "conference") || (uri =~ "echo") ) ) {
log(1, "no voicemail subscriber->return 404");
sl_send_reply("404", "Not Found and no voicemail turned on");
break;
};
if ( isflagset(5) ) {
log(1, "caller is NATed->record_route\n");
record_route();
log(1, " -->setting up reply processing ->onreply_route[1]");
t_on_reply("1");
if (method=="INVITE") {
log(1, " INVITE request-->force_rtp_proxy");
force_rtp_proxy();
};
};
# forward to voicemail now
² rewritehostport("WhateverIP:5060");
log(1, "forward to voicemail\n");
t_relay_to_udp("WhateverIP", "5060");
}
failure_route[1] {
/* XX: note: unsafe if preloaded routes without username used */
log(1, "-------------------------------------------\n");
log(1, "failureroute[1] entered\");
revert_uri();
rewritehostport("WhateverIP:5060");
append_branch();
t_relay_to_udp("WhateverIP", "5060");
}
************************ ADSL ILLIMITE TISCALI + TELEPHONE GRATUIT ************************
Surfez 40 fois plus vite pour 30EUR/mois seulement ! Et téléphonez partout en France gratuitement,
vers les postes fixes (hors numéros spéciaux). Tarifs très avantageux vers les mobiles et l'international !
Pour profiter de cette offre exceptionnelle, cliquez ici : http://register.tiscali.fr/adsl (voir conditions sur le site)
Hi.
I've been trying to fix this issue by myself for about a month but definitely needs your help.
I use SER 0.8.14 from CVS sources with RTPProxy V 1.19 and can't have RTP stream working through NAT (the phone rings -- SIP is OK).
SER and RTPProxy run on the same server.
RTPProxy is up and running, and I set 777 rights to the socket:
[root@servername rtpproxy]# ll /var/run/rtpproxy.sock
srwxrwxrwx 1 root root 0 Nov 8 16:22 /var/run/rtpproxy.sock=
I use as a client X-Lite V2.0 on each side.
Please find below the log (call initiated from Internet to a callee on our LAN) and the excellent ser.cfg file I found in the Serusers Archives.
Thank you in advance for your help.
Francois.
=====================================================================================================================
LOG:
=====================================================================================================================
Maxfwd module- initializing
0(28184) mod_init(): Database connection opened successfuly
textops - initializing
0(0) INFO: udp_init: SO_RCVBUF is initially 65535
0(0) INFO: udp_init: SO_RCVBUF is finally 131070
1(28186) rtpp_test: RTP proxy found, support for it enabled
5(28195) INFO: fifo process starting: 28195
2(28187) rtpp_test: RTP proxy found, support for it enabled
3(28188) rtpp_test: RTP proxy found, support for it enabled
4(28194) rtpp_test: RTP proxy found, support for it enabled
5(28195) rtpp_test: RTP proxy found, support for it enabled
5(28195) SER: open_uac_fifo: fifo server up at /tmp/ser_fifo...
8(28208) rtpp_test: RTP proxy found, support for it enabled
6(28206) rtpp_test: RTP proxy found, support for it enabled
10(28213) rtpp_test: RTP proxy found, support for it enabled
7(28207) rtpp_test: RTP proxy found, support for it enabled
11(28214) rtpp_test: RTP proxy found, support for it enabled
9(28209) rtpp_test: RTP proxy found, support for it enabled
0(28184) rtpp_test: RTP proxy found, support for it enabled
4(28194) -------------------------------------------
4(28194) entering main loop
4(28194) src address different than via header->NAT detected
4(28194) force_rport and fix_nated_contact and setflag(5)
4(28194) INVITE message received
4(28194) -------------------------------------------
4(28194) entering route[1] - relaying SIP message
4(28194) at least one of the participants is NATed->record_route
4(28194) -->setting up reply processing ->onreply_route[1] 4(28194) INVITE request-->force_rtp_proxy, set NATED-INVITE flag(7) 4(28194) relaying message ...
3(28188) -------------------------------------------
3(28188) onreply_route[1] entered
3(28188) status 100 received
4(28194) -------------------------------------------
4(28194) onreply_route[1] entered
4(28194) status 180 received
2(28187) -------------------------------------------
2(28187) onreply_route[1] entered
2(28187) status 2xx or 183 2(28187) marked(7) as NATED-INVITE -> force_rtp_proxy
2(28187) ERROR: send_rtpp_command: can't read reply from a RTP proxy
2(28187) -------------------------------------------
2(28187) onreply_route[1] entered
2(28187) status 2xx or 183 2(28187) marked(7) as NATED-INVITE -> force_rtp_proxy
2(28187) ERROR: send_rtpp_command: can't connect to RTP proxy
3(28188) -------------------------------------------
3(28188) entering main loop
3(28188) BYE message received
3(28188) -------------------------------------------
========================================================================================================================
SER.CFG
========================================================================================================================
#
# $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=yes # (cmd line: -E)
listen=<ip address in the DMZ>
#listen=127.0.0.1
# hostname matching an alias will satisfy the condition uri==myself".
alias=servername.mycompany.comalias=mycompany.com localhost
# Uncomment these lines to enter debugging mode
#debug=7
#fork=no
#log_stderror=yes
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# load the voicemail module
#loadmodule "/usr/local/lib/ser/modules/vm.so"
# load the enum module
loadmodule "/usr/local/lib/ser/modules/enum.so"
# load the group module, to verify if a user forwards to voicemail
loadmodule "/usr/local/lib/ser/modules/group.so"
# load the nathelper module
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# -- registrar parameter
# special NAT flag indicates that a registered client is behind NAT
modparam("registrar", "nat_flag", 6)
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
#modparam("usrloc", "db_url", "mysql://login:password@localhost/ser")
modparam("usrloc|auth_db|acc|group|msilo|uri","db_url","mysql://login:password@localhost/ser")
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")
#modparam("auth_db", "db_url", "mysql://login:password@localhost/ser")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# -- voicemail params --
#modparam("voicemail", "db_url","mysql://login:password@localhost/ser")
# -- voicemail params --
#modparam("group", "db_url","mysql://login:password@localhost/ser")
# -- nathelper params --
modparam("nathelper", "natping_interval", 60)
modparam("nathelper", "ping_nated_only", 1)
modparam("tm", "fr_inv_timer", 30 )
#modparam("tm", "fr_inv_timer", 8 )
#Explicitly set the socket used by rtpproxy
#modparam("nathelpler", "rtpproxy_sock", "/var/run/rtpproxy.sock")
# ------------------------- request routing logic -------------------
# main routing logic
route{
log(1, "-------------------------------------------\n");
log(1, "entering main loop\n");
if (nat_uac_test("2")) {
log(1, "src address different than via header->NAT detected\n");
log(1, "force_rport and fix_nated_contact and setflag(5)\n");
#try NAT traversal, works only if the client is symmetrical
force_rport();
fix_nated_contact();
append_hf("P-hint: fixed NAT contact for request\r\n");
# flag 5 indicates that incoming request is from NATed client
setflag(5);
};
if (method=="REGISTER")
log(1, "REGISTER message received\n");
if (method=="INVITE")
log(1, "INVITE message received\n");
if (method=="ACK")
log(1, "ACK message received\n");
if (method=="BYE")
log(1, "BYE message received\n");
if (method=="CANCEL")
log(1, "CANCEL message received\n");
if (method=="SUBSCRIBE")
log(1, "SUBSCRIBE message received\n");
if (method=="NOTIFY")
log(1, "NOTIFY message received\n");
if (method=="OPTIONS")
log(1, "OPTIONS message received\n");
if (method=="INFO")
log(1, "INFO message received\n");
if (method=="MESSAGE")
log(1, "MESSAGE message received\n");
if (method=="REFER")
log(1, "REFER message received\n");
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len > max_len) {
#if (len_gt( max_len )) {
sl_send_reply("513", "Message too big");
break;
};
# loose-route processing
if (loose_route()) {
log(1, "loose_route processing\n");
t_relay();
break;
};
# create transaction state; abort if error occured
# if ( !t_newtran()) {
# sl_reply_error();
# break;
# };
#new
# now check if it's about PSTN destinations through our gateway;
# note that 8.... is exempted for numerical non-gw destinations
if (uri=~"^sip:0[0-9]*@.*") {
route(3);
break;
};
#
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
log(1, "analyzing REGISTER request\n");
# Uncomment this if you want to use digest authentication
if (!www_authorize("servername.mycompany.com", "subscriber")) {
www_challenge("servername.mycompany.com", "0");
break;
};
if (isflagset(5)) {
#register from nated client, save nat_flag=6
#in location table
setflag(6);
};
if (!save("location")) {
log(1, "save location error\n");
sl_reply_error();
};
break;
};
lookup("aliases");
#mark transaction for voicemail
if (is_user_in("Request-URI", "voicemail\n")) {
log(1, "requested user is in voicemail group");
setflag(4);
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
# handle user which was not found
log(1, "requested user not found\n");
route(4);
break;
};
};
#add failure route which should be performed if response code >=300
if (method=="INVITE" && isflagset(4)) {
log(1, "invite for voicemail user->initiate failureroute[1]\n");
t_on_failure("1");
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
route(1);
}
route[1]{
log(1, "-------------------------------------------\n");
log(1, "entering route[1] - relaying SIP message\n");
if ((isflagset(5)) || (isflagset(6))) {
log(1, "at least one of the participants is NATed->record_route\n");
record_route();
log(1, " -->setting up reply processing ->onreply_route[1]");
t_on_reply("1");
if (method=="INVITE") {
log(1, " INVITE request-->force_rtp_proxy, set NATED-INVITE flag(7)");
force_rtp_proxy();
append_hf("P-hint: request forced to rtp proxy\r\n");
setflag(7);
};
};
log(1, "relaying message ...\n");
if (!t_relay()) {
log(1, "t_relay error occured\n");
sl_reply_error();
};
}
# all incoming replies for t_onrepli-ed transactions enter here
onreply_route[1] {
log(1, "-------------------------------------------\n");
log(1, "onreply_route[1] entered\n");
if (isflagset(6)) {
log(1, "transaction was sent to a NATED client -> fix nated contact\n");
fix_nated_contact();
append_hf("P-hint: fixed NAT contact for response\r\n");
}
if ( (status=~"100") ) {
log(1, "status 100 received\n");
};
if ( (status=~"180") ) {
log(1, "status 180 received\n");
};
if ( (status=~"202") ) {
log(1, "status 202 received\n");
};
if ( (status=~"200" || status=~"183") ) {
log(1, "status 2xx or 183");
if ( isflagset(7) ) {
log(1, "marked(7) as NATED-INVITE -> force_rtp_proxy \n");
force_rtp_proxy();
append_hf("P-hint: response forced to rtp proxy\r\n");
};
};
}
#new
# logic for calls to the PSTN
route[3] {
# turn accounting on
setflag(1);
/* require all who call PSTN to be members of the "int" group;
apply ACLs only to INVITEs -- we don't need to protect other requests, as they
don't imply charges; also it could cause troubles when a call comes in via PSTN
and goes to a party that can't authenticate (voicemail, other domain) -- BYEs would
fail then; exempt Cisco gateway from authentication by IP address -- it does not
support digest
*/
if (method=="INVITE" && (!src_ip==WhateverIP)) {
if (!proxy_authorize( "servername.mycompany.com" /* realm */,
"subscriber" /* table name */)) {
proxy_challenge( "servername.mycompany.com" /* realm */, "0" /* no qop */ );
break;
};
# let's check from=id ... avoids accounting confusion
if(!is_user_in("credentials", "int")) {
sl_send_reply("403", "NO PSTN Privileges...");
break;
};
consume_credentials();
}; # INVITE to authorized PSTN
# if you have passed through all the checks, let your call go to GW!
force_rtp_proxy();
record_route();
t_on_reply("1");
# snom conditioner
if (method=="INVITE" && search("User-Agent: snom")) {
replace("100rel, ", "");
};
append_hf("P-hint: GATEWAY\r\n");
# use UDP to guarantee well-known sender port (TCP ephemeral)
t_relay_to_udp("212.17.35.184","5060");
}
route[4]{
log(1, "-------------------------------------------\n");
log(1, "entering route[4] = requested user not online\n");
# non-Voip -- just send "off-line"
if (!(method == "INVITE" || method == "ACK" || method == "CANCEL" || method == "REFER" || method == "BYE")) {
log(1, "no invite,ack,cancel,refer->return 404\n");
sl_send_reply("404", "Not Found");
break;
};
# not voicemail subscriber and no echo/conference call
if ( isflagset(4)) {
log(1, "flag(4) active\n");
};
if (uri =~ "conference") {
log(1, "conference call\n");
};
if (uri =~ "echo") {
log(1, "echo call\n");
};
if ( !( isflagset(4) || (uri =~ "conference") || (uri =~ "echo") ) ) {
log(1, "no voicemail subscriber->return 404");
sl_send_reply("404", "Not Found and no voicemail turned on");
break;
};
if ( isflagset(5) ) {
log(1, "caller is NATed->record_route\n");
record_route();
log(1, " -->setting up reply processing ->onreply_route[1]");
t_on_reply("1");
if (method=="INVITE") {
log(1, " INVITE request-->force_rtp_proxy");
force_rtp_proxy();
};
};
# forward to voicemail now
² rewritehostport("WhateverIP:5060");
log(1, "forward to voicemail\n");
t_relay_to_udp("WhateverIP", "5060");
}
failure_route[1] {
/* XX: note: unsafe if preloaded routes without username used */
log(1, "-------------------------------------------\n");
log(1, "failureroute[1] entered\");
revert_uri();
rewritehostport("WhateverIP:5060");
append_branch();
t_relay_to_udp("WhateverIP", "5060");
}
************************ ADSL ILLIMITE TISCALI + TELEPHONE GRATUIT ************************
Surfez 40 fois plus vite pour 30EUR/mois seulement ! Et téléphonez partout en France gratuitement,
vers les postes fixes (hors numéros spéciaux). Tarifs très avantageux vers les mobiles et l'international !
Pour profiter de cette offre exceptionnelle, cliquez ici : http://register.tiscali.fr/adsl (voir conditions sur le site)
I'm installing SER 8.12 on a Fedora Box with MySQL 4.1.7-0... I've followed
the steps in SER-howto completely until I get to the section down the
middle where it asks to modify the ser.cfg file.. After modifying it for
mysql, digest authentication and changing the uri to uri=~"vinayakk.local"
, the ser restart command comes back with a "error in config file" message
..
Could you let me know how I can find out what is causing this error?
thanks
Hi All,
Could someone please provide some information about the following issue.
To be more specific on the problem, I am using the following network
configuration.
HOST1 XP---FW/NAT---Internet---HOST2 XP
Network Configuraton:
Host1's IP address : 172.16.4.8
FW Internal address: 172.16.4.1
FW external address: 202.125.84.163
Host2's IP address : 202.125.84.164
SER(public server) : 195.37.77.99
FW/NAT has SIP-ALG implementation.
SJPhone is installed on both Host1 and Host2. Now Host1 registers with the
SIP proxy server.
The register request after the NAT(ALG) process has the src port of
55001(IP:202.125.84.163) and
the contact port of 60002(IP:202.125.84.163). Similarly SJphone on Host2 is
also registered with
the proxy server. Now when a call is made to Host1 from Host2 using
SJPhone, the SIP invite
request coming from Host2 is sent to the proxy server, which in turn is
sending it to
202.125.84.163 on port 55001(source port of register). This request is
supposed to come on port
60002(contact port of register).
A month back when i tested in the same configuration, the request from the
external machine was coming on the contact port of the register
request(according to the RFC 3261). But when i tested it yesterday it was
having the mentioned problem behavior. Could someone please let me know if
anything is changed in the proxy server(SER) which is causing this
behavior. Also how this behavior can be avoided.
Thanks in advance.
Best Regards
Mahesh
OK, it’s all installed and running, but when I try to log in it just goes
back to the log in screen, no errors, no warnings, nothing.
I know I’m missing something very basic here.
Any ideas?
Thanks in advance,
Bobby
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.786 / Virus Database: 532 - Release Date: 10/29/2004
Hi everybody,
a new SER release was decided to come out (Christmas is coming ;-)). It
will be based on the current unstable version, so we can say it will
bring radical changes. Probably to get it a stable phase will take some
time and effort.
As a first step we will branch the current CVS head and the commits will
be stopped - excepting bug fixes. Of course, the CVS head will go
further normally.
The branch it will be done on 17th 24:00. So, if there are any pending
commits that should go into release, please do them till 17th.
Once the branch is created, I will try to compile a list with all
important changes and based on this, we will get into testing phase -
any external help will be strongly appreciated.
regards,
bogdan
Hello All,
Can anyone offer an opinion on which PC Linux distribution/hardware
platform works well with SIP Express Router ?
Thanks in advance.
Dana Rossetti
drossetti(a)gmail.com
