sr-users February 2005

sr-users@lists.kamailio.org

215 participants
467 discussions

Re: [Serusers] SER+Asterisk+NAT. Need a working example or need to talk about it.

by Charles Wang

Dear Alexey: Yes, there are almost no document about ser 0.9.0 above. And I am only using the post from Paul's example ser.cfg for 0.9.0 long time ago. I ever study about ser and asterisk at http://www.voip-info.org/wiki-Asterisk+at+large And I also need noanswer and busy forward functions in my scenario. I almost lost hope to do that. Is it necessary to use Radius on ser + asterisk ? I have just a little knowledge about radius, so I am afraid of it. Thank you for your reply and wait for your config files. :-) Charles On Tue, 22 Feb 2005 10:06:26 +0200, Alexey N. Kovyrin @ Home <alexey(a)home.kovyrin.net> wrote: > Charles Wang wrote: > > >I just fininsh mediaproxy+ser, and I also want to do the same plan as you. > >Can you give me some example config (ser.cfg & asterisk's config files)? > > > > > > > Now, I'm cleaning up my configs for more readability... I'll send it to > you for 1-2 days... > But, I can say, this scheme is working now. And it's good. > That's why I really want to participate in "Best practices" initiative - > I've seen, that there si almost no docs about ser... > > -- > /Scoundrel > > _______________________________________________ > Serusers mailing list > serusers(a)lists.iptel.org > http://lists.iptel.org/mailman/listinfo/serusers >

19 years, 9 months

[Serusers] Fax issue

by support

Hi all, Could rtpproxy and ser be allowed to send / receive fax? I don't know how to configure ser in order to send fax. Thank you. Thomas

19 years, 9 months

[Serusers] Prepaid method ???

by Charles Wang

Dear ALL: I want to implement a prepaid (for PSTN) ser sip solution. But there are serveral questions in my mind: 1. Is it possible to force to tear-down the call properly? Can I use asterisk or b2bua only if I don't want to do it on trunk? 2. In mediaproxy+rtpproxy mode, I know there is a sub-project under "ser/sip_router" named "rtpproxy". Does it must be start when I want to implement mediaproxy+rtpproxy? Or does the mediaproxy Python server have its own rtpproxy? 3. Do I must modify the acc module or a new module to write the cdr and billing for this goal? Because acc module only writes INVITE and BYE to acc table, and it will not calculate the call during time. Is there an another method to implement it? Best Regard Charles

19 years, 9 months

[Serusers] Is it possible to be a distributed SER modules system?

by Charles Wang

Dear ALL: I know that I can have many mediaproxies and choose one of them to route via DNS SRV method. And in the implement of vovida, almost all its servers(such as fs, ms, rs) can be put on different locations(sites / servers) and access them via setting correct URLs and their ports. Does SER sip have the same characteristic? I can use the registar or acc module of A and work for ser B?

19 years, 9 months

Re: [Serusers] "Best practice" document, was Warning: sl_send_reply: I won't send a reply for ACK!!

by Java Rockx

Perhaps, but I think we really need to focus on ser-0.9 rather than the unstable cvs code. The exception might be the LCR module because it is an extremely important piece of functionality which can in many cases make a CLEC / VoIP player profitable or not. Anyhow, to remain focused I think we should focus on ser-0.9 only. P On Mon, 21 Feb 2005 22:29:14 -0000, Simon Miles <simon(a)systemsrm.co.uk> wrote: > What I have struggled with recently is the introduction of new modules > into the code - such as avp. Even now I'm not sure if I should be using > it and for what reason. > > So a description of the modules as we have them today would be useful. > > Can we assume that what is in the dev tree at the moment is what will be > released soon? I did see some emails about this topic. > > > Simon > > -----Original Message----- > From: Java Rockx [mailto:javarockx@gmail.com] > Sent: 21 February 2005 19:59 > To: Simon Miles > Cc: Greger V. Teigre > Subject: Re: [Serusers] "Best practice" document,was Warning: > sl_send_reply: I won't send a reply for ACK!! > > Outstanding. > > If you guys give me a few days I'll put together a rough document of my > ser.cfg, Asterisk setup, patches, etc, etc and then we can start > stripping it apart to generate something useful. > > P.S. - have you guys tried gmail? It absoutely kicks ass when dealing > with long threaded conversations such as these. Anyone wants a gmail > invitation just let me know. I have about 200 I can give out. > > On Mon, 21 Feb 2005 19:28:07 -0000, Simon Miles <simon(a)systemsrm.co.uk> > wrote: > > Great - I'll try and knock something together tonight ( in word ! ! ) > > > > > > Simon > > > > -----Original Message----- > > From: Java Rockx [mailto:javarockx@gmail.com] > > Sent: 21 February 2005 18:48 > > To: Simon Miles > > Cc: Greger V. Teigre > > Subject: Re: [Serusers] "Best practice" document,was Warning: > > sl_send_reply: I won't send a reply for ACK!! > > > > I can agree to this. We can tweak our direction as things progress. > > > > As for MS Word --- there's no Windoz here so Open Office will have to > > be good enough. :-) > > > > On Mon, 21 Feb 2005 18:24:17 -0000, Simon Miles > > <simon(a)systemsrm.co.uk> > > wrote: > > > Paul, Greger, > > > > > > I think we are all about on the same page. I do prefer the approach > > > for a 'getting started' document to start simple and lead to a more > > > complex environment. > > > > > > So based upon Greger's ToC, can I suggest the following for the > > > sections > > > :- > > > > > > 1. Getting Started - what is ser and how does it work > > > > > > 2. Reference Design > > > I would like to see here a picture of the complex design > > > that we will > > > build to, but then have a picture that shows the simple > > > design > > > > > of a > > > UA <> NAT <> ser / mediaproxy > > > > > > 3. Ser.cfg > > > A config file with line numbers that describe each section > > > and > > > > > why we have it > > > and what it does. > > > > > > 4. Ser in Action > > > * Based upon the above ser.cfg, describe how it > handles > > > registration / INVITEs > > > * Handling of NAT > > > Describe a brief summary of the options and why we > > > use > > > > > mediaproxy > > > * Basic Call Features > > > * On Failure Handling > > > * Billing / Accounting > > > > > > 5. Adding Multiple Domains > > > Describe how to configure multiple SIP servers > > > > > > 6. Adding Asterisk Support for voice messages > > > > > > 7. Adding RADIUS Support > > > > > > 8. Controlling ser with XML / Web Services / serweb > > > > > > Appendix A The complete ser.cfg > > > > > > Appendix ? Other php etc support files > > > > > > Appendix ? How to download the latest version of ser ( from the > > dev > > > tree ?? ) > > > > > > How does this look. > > > > > > I agree about using Microsoft word format ( I use Office as I > > > haven't bitten the bullet about OpenOffice yet ! ) > > > > > > If we agree I'll start a word document off. > > > > > > > > > Simon > > > -----Original Message----- > > > From: Java Rockx [mailto:javarockx@gmail.com] > > > Sent: 21 February 2005 14:49 > > > To: Greger V. Teigre > > > Cc: Simon Miles > > > Subject: Re: [Serusers] "Best practice" document,was Warning: > > > sl_send_reply: I won't send a reply for ACK!! > > > > > > Hi All. > > > > > > Let me toss out this idea as a way to keep us from loosing site of > > > the > > > > > ultimate outcome - which I believe is this; > > > > > > A novice/newbie must be able to read our documentation and get a > > > complete (and complex) SIP proxy with voicemail and NAT traversal. > > > Not > > > > > to mention call features, etc. > > > > > > So my idea is for us to begin with a complete > > > ser.cfg/Asterisk/mediaproxy SIP proxy and remove parts to get to the > > > > "Getting Started" ser.cfg which is super simple. Then do a step by > > > step guide to reconstruct the full SIP proxy. > > > > > > This way novices/newbies can follow along and we can document > > > features > > > > > as we use additional bits of functionality. > > > > > > We can also postpone the more advanced aspects until later in the > > > documentation. > > > > > > Thoughts?? > > > > > > Paul > > > > > > On Mon, 21 Feb 2005 15:34:32 +0100, Greger V. Teigre > > > <greger(a)teigre.com> > > > wrote: > > > > Simon, > > > > I agree. I suggest that we use Paul's previous email with > > > > components as a starting point. We can also save some time by > > > > starting out with Paul's config and strip it down to where we want > > > > > it. I vote for making > > > > > > > the reference design as simple as possible in the beginning and > > > > then > > > > > > rathe elements one-by-one. > > > > > > > > Diagram suggestion: > > > > > > > > UA > > > > | > > > > NAT > > > > | > > > > ser --- mediaproxy > > > > | > > > > (asterisk) > > > > > > > > I suggest adding asterisk as an addon and not as part of the > > > > initial > > > > > > reference ser.cfg. Getting Paul's asterisk config to work is far > > > > too > > > > > > big a hurdle. > > > > > > > > Rough suggested table of contents: > > > > 1. Getting started, how to read ser.cfg, ser architecture (very > > > > short) > > > > > > > 2. Reference design, functionality overview 3. ser.cfg reference > > > > config file indexed with line numbers and sections 4. Basic > > > > message routing and structure of ser.cfg (incl. record routing and > > > > loose_route) > > > > 5. Registration and INVITE authentication (incl. spoof control, > > > > external > > > > INVITEs) > > > > 6. Handling of NAT > > > > 7. Basic call features (call fwd, etc) > > > > 8. On failure handling > > > > 9. Handling local vs. PSTN calls (forwarding) > > > > Appendices > > > > 1. Voicemail > > > > 2. RADIUS > > > > 3. serweb > > > > > > > > Do we work in word? > > > > g-) > > > > > > > > > > > > Simon Miles wrote: > > > > > Can I suggest that the three of us start this off and produce > > > > > this > > > > > > > Getting Started guide. > > > > > > > > > > I don't think that designing this committee of the masses will > > > > > be a benefit. > > > > > > > > > > So we first need to agree the reference design and then > > > > > construct a ser.cfg to support it. > > > > > > > > > > If this is correct then maybe we should just list the basic > > > > > concepts > > > > > > > > of the design and then draw a diagram that we agree on. > > > > > > > > > > > > > > > Simon > > > > > > > > > > -----Original Message----- > > > > > From: Greger V. Teigre [mailto:greger@teigre.com] > > > > > Sent: 21 February 2005 08:43 > > > > > To: Java Rockx; Simon Miles > > > > > Cc: serusers(a)lists.iptel.org > > > > > Subject: Re: [Serusers] "Best practice" document,was Warning: > > > > > sl_send_reply: I won't send a reply for ACK!! > > > > > > > > > > > > > > > Paul, I fully support the approach: Make one reference design > > > > > with > > > > > > > a > > > > > > > > complete ser.cfg. This will give us a Getting Started. We can > > > > > later add sections on the more advanced stuff like redundancy, > > > > > radius, etc. Thanks for your review of the components in such a > > > > > reference design (I'll > > > relate > > > > > to > > > > > > > > > > those further below). > > > > > > > > > > I believe there are two hurdles to get on top of ser: Get a > > > > > first > > > > > > > > working config up and running and then understanding the > > > > > concepts good enough to start tweaking. Many will not have all > > > > > the components of the full reference system you describe, Paul, > > > > > so a starting point with a minimum system is probably needed. > > > > > I.e. Get > > > > > > > a > > > > > > > > UA registered without auth, etc (I > > > > > see some questions on this too) > > > > > > > > > > I thus see the following things that must be addressed: > > > > > - How to read the basic ser.cfg > > > > > - The basic ser.cfg, what does it do, what is the reference > > > > > design > > > > > > > (is the ser.cfg in cvs appropriate?) > > > > > - A description of the reference design with a "component list" > > > > > - The complete ser.cfg > > > > > - Conceptual explanations of each logical part of the ser.cfg > > > > > - External systems (Asterisk, mediaproxy/nathelper), configs, > > > > > etc > > > > > > > > > > See my inline comments with regards to a reference design. > > > > > > > > > >> My setup uses SER v0.9 and Asterisk-1.0.2. The Asterisk server > > > > >> is > > > > > > >> used > > > > > > > > > >> __ONLY__ for voicemail because - well lets face it, Asterisk > > > > >> sucks as a SIP router because it just isn't designed to be one. > > > > >> > > > > >> So all users are managed by SER and Asterisk only comes into > > > > >> play > > > > > > >> for voicemail and for playing recordings such as "the party you > > > > > >> are > > > > > > > >> calling has blocked your call" when a call block is enabled. > > > > > > > > > > > > > > > We also use 0.9, but does not yet support voicemail. I think we > > > > > > should concentrate on 0.9 capabilities and forget about 0.8.14. > > > > > Most people starting up now will probably use 0.9, at least > > > > > shortly when it is released as stable. > > > > > > > > > > Voicemail adds a layer of complexity in terms of scalability > > > > > and redundancy. IMHO we should leave out voicemail from the > > > > > reference design, not because it is something most people would > > > > > not want, but because it introduces an external component and > > > > > complexity that is better added later in the document (like > > > > > redundancy). That being said, I think we > > > should > > > > > include voicemail and voiceprompts as part of the initial work > > > > > on > > > this > > > > > document, just not leave it as the main reference design. > > > > > Sems is a bit less complex than Asterisk and uses the same > > > > > style config, could it be an alternativ in the reference design? > > > > > > > > > >> We should leave redundancy out of the picture for now because > > > > >> fault > > > > > > > >> tolerant SER is still something many users don't use and it's > > > > >> something that is still maturing in SER. Besides, my opinion on > > > > > >> this matter is that a "ser clustering" should be a product of > > > > >> the > > > > > > >> Linux HA technologies (expect for registration functionality). > > > > > > > > > > Yes, I agree that we should leave redundancy out. Using Linux HA > > > > > > does not necessary make it simpler... Also, in order to get > > > > > network > > > > > > > > redundancy when > > > > > you have distributed users, you need geographic distribution of > > > > > ser servers. But, again, the complex stuff should be left until > > > > > later. > > > > > > > > > >> The ser.cfg we present should also show how to use MySQL for > > > > >> accounting, usrloc, etc. > > > > > > > > > > Agree. We use RADIUS-based authentication and authorization with > > > > > > distributed RADIUS servers. Only usrloc is stored in mysql (we > > > > > use > > > > > > > avp_radius_load), but we do accounting to mysql. I can maybe > > > > > volunteer to do a RADIUS-section > > > > > > > > > > later, covering auth, uri, avps etc, but we should concentre on > > > > > the basics first. > > > > > > > > > >> serweb should be avoided altogether because this is nothing > > > > >> more than a reference implementation that I believe not a > > > > >> primetime offering, again, just my humble opinion. > > > > > > > > > > Agree. But, maybe somebody will volunteer to add an add-on > > > > > section > > > > > > > on serweb? > > > > > > > > > >> Failover PSTN gateways must be covered as well as NAT > > > > >> traversal. The NAT traversal I use is mediaproxy because it > > > > >> seems to just work > > > > > > > >> better, especially in distributed deployments. > > > > > > > > > > NAT Traversal, I agree. Failover PSTN GW is a more advanced > > > > > option. Especially if that means introducing the new lcr module > > > > > from cvs head. > > > > > :-) > > > > > > > > > >> On this NAT note, my ser.cfg only proxies RTP streams when one > > > > >> or > > > > > > >> more > > > > > > > > > >> SIP clients is behind a NAT firewall. The exception to this is > > > > >> when > > > > > > > >> a SIP client needs to hit the Asterisk server. The reason for > > > > >> this is that the Asterisk server is physically a differenet > > > > >> machine that > > > > > > > >> does not have direct access to the internet. Instead I use the > > > > >> SER server with two (2) ethernet interfaces, whereby eth0 is > > > > >> the public > > > > > > > >> interface > > > > > > > > > >> and eth1 is a 10.0.0.0 private network and I use a crossover > > > > >> cable to the Asterisk server, which has only one private > > > > >> 10.0.0.0 > > > > > > >> interface. > > > > > > > > > > We use rtpproxy where ser is located on one server and the > > > > > rtpproxy on another. They communicate across udp (inside an > > > > > ipsec > > > > > > > tunnel). I.e. they are geographically distributed to keep the > > > > > rtpproxy server > > > > > > > > as close as possible to the subscribers. > > > > > Our UAs are configured with STUN and the RTP streams are only > > > > > > run through our proxy server if an UA is behind a symmetric NAT > > > > > and gets an incoming conversation (or both are behind symmetric > > NAT). > > > > > Calls where both UAs are behind the same NAT will always be > > > forced > > > > > through the rtpproxy (to avoid hairpin problem). > > > > > > > > > >> Since almost all serusers seem to be interested in voicemail > > > > >> I'd suggest detail instructions on the Asterisk integration. I > > > > >> use the ast_data patch, which is kindly provided by bwsys > > > > >> because this makes managing Asterisk mailboxes a function of > > > > >> the MySQL database. > > > > > > > >> And the only other real hard part to Asterisk integration is > > > > >> the Message Waiting Indicator, which I have modifed the > > > > >> app_voicemail.c > > > > > > > >> file in Asterisk to handing SUBSCRIBE messages a bit > > > > >> differently and I use sipsak to send NOTIFY messages back to > > > > >> SER, which then proxies the NOTIFY message to registered SIP > > > > >> clients to turn their MWI on or off. > > > > > > > > > > IMHO, this is not a basic reference design, but rather > > > > > advanced... > > > > > ;-) Of course, there are many people who would love to see this > > > > > design described. > > > > > > > > > >> Call features should also be covered in the ser.cfg. Things > > > > >> like call blocking, speed dialing, click2dial, etc. Things like > > > > > >> 3-way calling, call waiting, etc should not be covered because > > > > >> they are > > > > > > >> functions usually implemented as IAD features. > > > > > > > > > > Agree. > > > > > > > > > >> Our company has a full tcp/ip networking patch that we plan to > > > > >> release > > > > > > > > > >> to the ser project. This tcp/ip patch gives us full FIFO > > > > >> functionality > > > > > > > > > >> as a TCP socket, and this is something we hope would be > > > > >> commited to > > > > > > > >> CVS and maintained in the core. As far as we can tell the > > > > >> networking patch is stable, but we need to prove this further. > > > > > > > > > > Good news! You have probably seen Andreas' effort in this same > > > > > direction > > > > > > > > > > using XMLRPC. I guess you have patched the core like Juha > > > > > suggested in the XMLRPC dialogue? This is an area where a lot of > > > > > > parallel work > > > > > > > > can be avoided. > > > > > > > > > >> So in closing, if anyone things we're better off coming up with > > > > > >> a > > > > > > >> ser.cfg in private, then let me know. If everyone things that > > > > >> the > > > > > > >> serusers list is the place to do this then lets start for the > > > > >> benefit of everyone! > > > > > > > > > > If you start out by making an initial draft by dumping in you > > > > > config > > > > > > > > and > > > > > > > > > > making some headers, you can send it to us for adding content. > > > > > If > > > > > > > you submit it on the list with a call to submit suggestions and > > > > > wishes, we can either rotate the document edit privilege or work > > > > > > on different parts of it?! > > > > > > > > > > Best regards, > > > > > g-) aka > > > > > Greger V. Teigre > > > > > AxxessAnywhere, Oslo, Norway > > > > > > > > > > > > > > > > > > > >

19 years, 9 months

[Serusers] 0.8.14 with RADIUS on Debian.

by Rod Bacon

Has anyone had any luck building the latest SER version on Debian stable with RADIUS and SQL enabled? I have replaced all the debian RADIUS libraries with the new RADIUS-NG, and amended all the debian build scripts (as the ones that come with 0.8.14 still refer to the older libraries) but I think I've missed something somewhere, as I have all sorts of library problems. I'd be interested in hearing from anyone who has this combination of SER/RADIUS/DEBIAN. Cheers.

19 years, 9 months

RE: [Serusers] LCR Module Question

by Ricardo Martinez

Sorry to ask. Is the LCR module in the CVS? Thanks! Ricardo.- > -----Mensaje original----- > De: Java Rockx [mailto:javarockx@gmail.com] > Enviado el: Jueves, 17 de Febrero de 2005 15:30 > Para: serusers(a)lists.iptel.org > Asunto: [Serusers] LCR Module Question > > > Hi All. > > I've got a question about the new LCR module that Juha > commited to CVS. > > We're located in the US so this question may pertain only to ser > installations that follow the North American Numbering Plan. > > For us to _really_ perform LCR decisions we need to look at the NPA > and NXX (ie, the first 6 digits of a 10-digit phone number) of the > origination and termination numbers. This this we would decide where > to route the call. > > The reason is that it matters here we get DIDs from (sometimes they're > provided by 3rd party PSTN gateway operators) and where our > softswitch(s) are physically located. > > So at a high level the matrix of routing decisions would look > something like this: > > Orig NPANXX Term NPANXX PSTN Gateway > --------------------- ----------------------- > ----------------------- > 407566 321251 10.10.0.40 > 814332 202442 67.93.11.31 > > So can the LCR module accomodate something like this? > > Regards, > Paul > > _______________________________________________ > Serusers mailing list > serusers(a)lists.iptel.org > http://lists.iptel.org/mailman/listinfo/serusers >

19 years, 9 months

[Serusers] SER rtpproxy/mediaproxy

by Nicolas Ruiz

HI, I want to use SER for stateful proxy server for all VOIP trafics (RTP and SIP request) : To accounting problems. I have seen RTPPROXY, NATHELPER and MEDIAPROXY, which is the good for me ? Thanks a lot Regards Vos Solutions Voix-Data ! Nicolas Ruiz Service Technique Ligne directe : + 33 (0) 1 56 38 39 71 Fax :+ 33 (0) 1 47 24 74 77 nruiz(a)vivaction.com Immeuble Plein Ouest 177 av. Georges Clemenceau 92024 Nanterre - France Tel : 0 811 02 6000 www.vivaction.com ____________________________________________________________________________ ____________________________________________ This e-mail and the information it contains are confidential and legally protected by law. Only access by the intended recipient is authorized. Review, distribution,reproduction, publication or other use of this e-mail is prohibited. Cet e-mail et les informations qu'il contient sont confidentiels et protégés par la loi. L'accès à ce message n'est autorisé qu'au destinataire de celui-ci. Toute modification,distribution, reproduction, publication, ou autre utilisation de cet e-mail est formellement interdite.

19 years, 9 months

Re: [Serusers] SER SDP Port Problem??

by Aisling O'Driscoll

Hi Greger, I only use nat_uac_test("3") as that is what is given in most examples on the mailing list. Is there any way that i can test if I am behind symmetric nat? I have rtpproxy running with ser but not sure if my below ser.cfg script invokes it correctly. Do you know where I could find the rtpproxy debug log? Thanks again, Aisling. ---- Original Message ---- From: greger(a)teigre.com To: ashling.odriscoll(a)cit.ie, serusers(a)iptel.org Subject: Re: [Serusers] SER SDP Port Problem?? Date: Mon, 21 Feb 2005 12:11:15 +0100 >Aisling, >The port is in the m= line. You use nat_uac_test("3"). Any particular >reason >for not using all tests? >Please note that sdp rewriting does not work if the UA is behind a >symmetric >NAT and you are calling in. You must then via an RTP proxy like >mediaproxy >or rtpproxy. >g-) > >Aisling O'Driscoll wrote: >> Hi, >> >> I understand the basic problem behind one way audio is that the >> client behind nat has a private address in the sdp information, >> therefore the voice cannot be delivered to this private address. It >> is necessary to rewrite this sdp info with the nat public address. >> However I have done this in my ser.cfg and I still have one way >> voice. >> >> I have included some of relevant ethereal messages on SER and my >> ser.cfg below. The messages show that the rtp information has been >> changed. Does anyone think the problem is because there is no port >> information in the "c" and "o" fields in the sdp?? If so how can I >> make sure the port is included? >> >> Many Thanks, >> Aisling. >> >> Ethereal messages: >> >> call between private client with public nat address 63.218.54.71 >and >> a public client with address 157.190.183.80. The SER address is >> 157.190.183.70. >> >> REGISTER sip:157.190.183.70 SIP/2.0 >> VIA: SIP/2.0/UDP 63.218.54.71:11987;rport;branch=z9h..... >> FROM: whoever <sip:2008@157.190.183.70>;tag=455.... >> TO: whoever <sip:2008@157.190.183.70> >> CONTACT: "whoever" <sip:2008@63.218.54.71:11987> >> Call-Id: .... >> CSeq: 22227 REGISTER >> Expires; 1800 >> User Agent: X-Lite release 1103m >> Content-Length: 0 >> >> SIP/2.0 200 OK >> VIA: SIP/2.0/UDP 63.218.54.71:11987;rport;branch=z9h..... >> FROM: whoever <sip:2008@157.190.183.70>;tag=455.... >> TO: whoever <sip:2008@157.190.183.70> >> CONTACT: "whoever" <sip:2008@63.218.54.71:11987>;q=0.00 >expires=1800 >> Call-Id: .... >> CSeq: 22227 REGISTER >> Expires; 1800 >> User Agent: X-Lite release 1103m >> Content-Length: 0 >> >> The public client (157.190.183.80 also registers) >> >> Then the private client invites the public client to a voice >> conversation: >> >> INVITE sip:2001@157.190.183.70 SIP/2.0 >> VIA: SIP/2.0/UDP 63.218.54.71:11987;rport;branch=z9h..... >> FROM: whoever <sip:2008@157.190.183.70>;tag=455.... >> TO: whoever <sip:2001@157.190.183.70> >> CONTACT: "whoever" <sip:2008@63.218.54.71:11987> >> Call-Id: .... >> CSeq: 19929 INVITE >> Expires; 1800 >> User Agent: X-Lite release 1103m >> Content-Type=application/sdp >> Content-Length: 290 >> >> Session description Protocol >> Owner/Creator of the Session (o): 2008 245812 272828 IN IP4 >> 63.218.54.71 >> Connection information (c): IN IP4 63.218.54.71 >> >> A 100 Trying is sent back from SER to the private client (i.e. >caller) >> >> The INVITE is forwarded from SER to public client (callee) as show >> below: >> >> INVITE sip:2001@157.190.183.70 SIP/2.0 >> VIA: SIP/2.0/UDP 157.190.183.70;branch=.... >> VIA: SIP/2.0/UDP 63.218.54.71:11987;branch=z9h..... >> FROM: whoever <sip:2008@157.190.183.70>;tag=455.... >> TO: whoever <sip:2001@157.190.183.70> >> CONTACT: "whoever" <sip:2008@63.218.54.71:11987> >> Call-Id: .... >> CSeq: 19929 INVITE >> Expires; 1800 >> User Agent: X-Lite release 1103m >> Content-Type=application/sdp >> Content-Length: 290 >> >> Session description Protocol >> Owner/Creator of the Session (o): 2008 245812 272828 IN IP4 >> 63.218.54.71 >> Connection information (c): IN IP4 63.218.54.71 >> >> 157.190.183.80 157.190.183.70 SIP 100 Trying >> 157.190.183.80 157.190.183.70 SIP 180 Ringing >> 157.190.183.70 63.218.54.71 SIP 180 Ringing >> >> 157.190.183.80 157.190.183.70 SIP/SDP Status: 200OK >> >> SIP/2.0 200 OK >> Via: SIP/2.0/UDP 157.190.183.70;branch=.... >> Via: SIP/2.0/UDP 63.218.54.71:11987;rport=11987;branch=..... >> From: whoever<sip:2008@157.190.183.70>;tag=... >> To: <sip:2001@157.190.183.70>;tag=.... >> CSeq: 19929 INVITE >> User Agent: Grandtsream BT100 1.0.5.18 >> Contact: <sip:2001@157.190.183.80> >> >> Session description protocol >> (c) IN IP4 157.190.183.80 >> >> >> # >> # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ >> # >> # simple quick-start config script >> # >> >> # ----------- global configuration parameters >------------------------ >> >> #debug=3 # debug level (cmd line: -dddddddddd) >> #fork=yes >> #log_stderror=no # (cmd line: -E) >> >> /* Uncomment these lines to enter debugging mode >> debug=7 >> fork=no >> log_stderror=yes >> */ >> >> check_via=no # (cmd. line: -v) >> dns=no # (cmd. line: -r) >> rev_dns=no # (cmd. line: -R) >> #port=5060 >> #children=4 >> fifo="/tmp/ser_fifo" >> >> alias="157.190.183.70:5060" >> >> # ------------------ module loading >---------------------------------- >> >> # Uncomment this if you want to use SQL database >> loadmodule "/usr/lib/ser/modules/mysql.so" >> >> loadmodule "/usr/lib/ser/modules/sl.so" >> loadmodule "/usr/lib/ser/modules/tm.so" >> loadmodule "/usr/lib/ser/modules/rr.so" >> loadmodule "/usr/lib/ser/modules/maxfwd.so" >> loadmodule "/usr/lib/ser/modules/usrloc.so" >> loadmodule "/usr/lib/ser/modules/registrar.so" >> loadmodule "/usr/lib/ser/modules/textops.so" >> loadmodule "/usr/lib/ser/modules/nathelper.so" >> >> # Uncomment this if you want digest authentication >> # mysql.so must be loaded ! >> loadmodule "/usr/lib/ser/modules/auth.so" >> loadmodule "/usr/lib/ser/modules/auth_db.so" >> >> # ----------------- setting module-specific parameters >--------------- >> >> # -- usrloc params -- >> >> #modparam("usrloc", "db_mode", 0) >> >> # Uncomment this if you want to use SQL database >> # for persistent storage and comment the previous line >> modparam("usrloc", "db_mode", 2) >> >> # -- auth params -- >> # Uncomment if you are using auth module >> # >> #modparam("auth_db", "calculate_ha1", yes) >> # >> # If you set "calculate_ha1" parameter to yes (which true in this >> config), >> # uncomment also the following parameter) >> # >> #modparam("auth_db", "password_column", "password") >> >> # -- rr params -- >> # add value to ;lr param to make some broken UAs happy >> #NB Had to up this value from 1 to 11 because reinvites were >> bombarding called phone >> modparam("rr", "enable_full_lr", 11) >> >> #!! Nathelper >> modparam("registrar", "nat_flag", 6) >> modparam("nathelper", "natping_interval", 30) #Ping interval 30 s >> modparam("nathelper", "ping_nated_only", 1) #Ping only clients >> behind NAT >> >> modparam("tm", "fr_inv_timer", 80) >> >> # ------------------------- request routing logic >------------------- >> >> # main routing logic >> >> route{ >> >> # initial sanity checks -- messages with >> # max_forwards==0, or excessively long requests >> if (!mf_process_maxfwd_header("10")) { >> sl_send_reply("483","Too Many Hops"); >> break; >> }; >> if ( msg:len > max_len ) { >> sl_send_reply("513", "Message too big"); >> break; >> }; >> >> #########################added for cit client behind nat >> 09/02/05####################### >> if (nat_uac_test("3")){ >> if (method == "REGISTER" || ! search("^Record-Route:")){ >> log("Log: Someone trying to register from private IP,rewriting\n"); >> fix_nated_contact(); #Rewrite contact with source IP >> if (method == "INVITE"){ >> fix_nated_sdp("1"); #Add direction=active to SDP >> }; >> force_rport(); # Add rport parameter to topmost Via >> setflag(6); # Mark as Nated >> }; >> }; >> >##################################################################### >> ################### >> >> # we record-route all messages -- to make sure that >> # subsequent messages will go through our proxy; that's >> # particularly good if upstream and downstream entities >> # use different transport protocol >> >> if (method =="REGISTER") record_route(); >> >> # loose-route processing >> if (loose_route()) { >> #commented 11/02/05 >> #t_relay(); >> route(1); >> break; >> }; >> >> # if the request is for other domain use UsrLoc >> # (in case, it does not work, use the following command >> # with proper names and addresses in it) >> if (uri==myself) { >> >> log(1,"into loop"); >> if (method=="REGISTER") { >> >> # Uncomment this if you want to use digest authentication >> # if (!www_authorize("157.190.183.70", "subscriber")) { >> # www_challenge("157.190.183.70", "0"); >> # break; >> # }; >> >> save("location"); >> break; >> }; >> >> lookup("aliases"); >> if (!uri==myself) { >> append_hf("P-hint: outbound alias\r\n"); >> route(1); >> break; >> }; >> >> if (method=="INVITE"){ >> log(1,"in invite loop"); >> #break; #no 100 trying >> t_on_failure("1"); >> }; >> >> # native SIP destinations are handled using our USRLOC DB >> if (!lookup("location")) { >> #sl_send_reply("404", "Not Found"); >> route(2); >> break; >> }; >> }; >> >> # forward to current uri now; use stateful forwarding; that >> # works reliably even if we forward from TCP to UDP >> #commented 11/02/05####################### >> if (!t_relay()) { >> sl_reply_error(); >> }; >> >> } >> >> ######################################entered >> >11/02/05############################################################ >> route[1] >> { >> #!!Nathelper >> if(uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && >> !search("^Route:")){ >> sl_send_reply("479", "We don't forward to private IP addresses"); >> break; >> }; >> >> t_on_reply("1"); >> >> if(!t_relay()){ >> sl_reply_error(); >> }; >> } >> ######################################entered >> >11/02/05############################################################ >> #!! Nathelper >> onreply_route[1]{ >> if(isflagset(6) && status =~ "(183)|2[0-9][0-9]"){ >> fix_nated_contact(); >> force_rtp_proxy(); >> } else if (nat_uac_test("1")){ >> fix_nated_contact(); >> }; >> } >> >##################################################################### ># >> ########################################### >> >> # ------------- handling of unavailable user ------------------ >> route[2] { >> >> # non-Voip -- just send "off-line" >> if (!(method == "INVITE" || method == "ACK" || method == >> "CANCEL")) { >> sl_send_reply("404", "Not Found"); >> break; >> }; >> >> # forward to voicemail now >> rewritehostport("157.190.183.70:5062"); >> t_relay_to_udp("157.190.183.70", "5062"); >> } >> >> # if forwarding downstream did not succeed, try voicemail running >> # at 157.190.183.70:5062 >> >> failure_route[1] { >> revert_uri(); >> rewritehostport("157.190.183.70:5062"); >> append_branch(); >> t_relay_to_udp("157.190.183.70", "5062"); >> } >> >> >> >> >> >> -------------------Legal >> Disclaimer--------------------------------------- >> >> The above electronic mail transmission is confidential and intended >> only for the person to whom it is addressed. Its contents may be >> protected by legal and/or professional privilege. Should it be >> received by you in error please contact the sender at the above >> quoted email address. Any unauthorised form of reproduction of this >> message is strictly prohibited. The Institute does not guarantee >the >> security of any information electronically transmitted and is not >> liable if the information contained in this communication is not a >> proper and complete record of the message as transmitted by the >> sender nor for any delay in its receipt. >> >> _______________________________________________ >> Serusers mailing list >> Serusers(a)iptel.org >> http://mail.iptel.org/mailman/listinfo/serusers > > >-------------------Legal >Disclaimer--------------------------------------- > >The above electronic mail transmission is confidential and intended >only for the person to whom it is addressed. Its contents may be >protected by legal and/or professional privilege. Should it be >received by you in error please contact the sender at the above >quoted email address. Any unauthorised form of reproduction of this >message is strictly prohibited. The Institute does not guarantee the >security of any information electronically transmitted and is not >liable if the information contained in this communication is not a >proper and complete record of the message as transmitted by the >sender nor for any delay in its receipt. > -------------------Legal Disclaimer--------------------------------------- The above electronic mail transmission is confidential and intended only for the person to whom it is addressed. Its contents may be protected by legal and/or professional privilege. Should it be received by you in error please contact the sender at the above quoted email address. Any unauthorised form of reproduction of this message is strictly prohibited. The Institute does not guarantee the security of any information electronically transmitted and is not liable if the information contained in this communication is not a proper and complete record of the message as transmitted by the sender nor for any delay in its receipt.

19 years, 9 months

Re: Radius experience... was Re: [Serusers] "Best practice" document

by Greger V. Teigre

Yeah, but the nonce expiry time is included in the reponse to the client, so it will know whether the nonce has expired or not. I believe it is grandstream 100 that has showed this behavior, but only for a certain firmware or combination of settings, haven't been able to nail it down. g-) > Klaus Darilion wrote: >> Greger V. Teigre wrote: >> >>> BTW, makes me recall another thing we have seen: Some UAs >>> actually do two auths against the DB every time a registration >>> arrives. Once for the first INVITE (which receives an "auth >>> required") and then another time with a new nonce. I think it has >>> something to do with the UA including the old credentials in the >>> first INVITE even though the nonce has expired and an auth must be >>> done to verify that the credentials are incorrect. Have you seen >>> this behavior? g-) >> >> Yes, I've seen this once but can't remember which client it was. IMO >> it is a good idea to include the credentials (from the last nonce) in >> all requests. If the nonce is still valid, this avoids the second >> request with the credentials. On the other hand, it increases traffic >> on the authentication servers. Don't know whats better :-) >> >> regards, >> klaus

19 years, 9 months

← Newer
1
...
11
12
13
14
15
16
17
...
47
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users February 2005