sr-users February 2005

sr-users@lists.kamailio.org

215 participants
467 discussions

Radius experience... was Re: [Serusers] "Best practice" document

by Klaus Darilion

Hi Greger! Greger V. Teigre wrote: ... > Agree. We use RADIUS-based authentication and authorization with > distributed RADIUS servers. Only usrloc is stored in mysql (we use I want to ask about your radius experiences. We (www.at43.at) are also using radius authentication. All the radius requests are sent to a local radius proxy which forwards the request to the radius server of the participating groups (universities, schools ...). If one of the remote radius servers is down, we are having problems with ser. Ser's threads are busy, waiting for the radius authorization responses and ser is slowing done. Then, the client starts to retransmit their REGISTER messages and ser is getting busier and busier until all threads are busy with authentication requests. Thus, the complete service will be down only if one of the radius servers is down. We have reduced the proxy load by replying "100...trying" to all REGISTER requests, which reduces retransmissions in case of slow authentication. We also tried to tweak the radius retransmission and timeout settings but could not find a satisfying solution yet. Do you also have problems in your distributed radius setup? Maybe you could post a little about your experience with distributed radius. All other radius users are also welcome to post their radius experiences. regards, klaus PS: I hope Maxim's patch for stateful authentication is going into 0.9.0

19 years, 9 months

Re: [Serusers] error: mediaproxy/sendMediaproxyCommand(): can't connect to MediaProxy

by Charles Wang

Thank you very much. And my log file at /var/log/message lists below: Charles Log Start: ------------------------------------------------------------------------------------------------------------------- Maxfwd module- initializing AVPops - initializing permissions - initializing Default allow file (/usr/local/etc/ser/permissions.allow) not found => empty rule set Default deny file (/usr/local/etc/ser/permissions.deny) not found => empty rule set info: mediaproxy: loaded SIP asymmetric clients file containing 1 entry. info: mediaproxy: loaded RTP asymmetric clients file containing 0 entries. INFO: udp_init: SO_RCVBUF is initially 65535 INFO: udp_init: SO_RCVBUF is finally 262142 INFO: fifo process starting: 3947 SER: open_uac_fifo: fifo server up at /tmp/ser_fifo... PDT:prefix2domain: no prefix found in [1011] Time:[Mon Feb 21 11:12:49 2005] Method:<INVITE> r-uri:<1011(a)ser.xxx.net.tw> IP:<61.229.13.49> From:<sip:1033@ser.xxx.net.tw> To:<sip:1011@ser.xxx.net.tw> <sip:1033@10.18.1.102:1718> SER: BLIND CALL FORWARDING SER: Look aliases SER: Look location SER isflagset (sip) SER: Look aliases SER: Look location SER isflagset (sip) SER: SIP Call On-Net section route(2) PDT:prefix2domain: no prefix found in [1011] Time:[Mon Feb 21 11:12:50 2005] Method:<INVITE> r-uri:<1011(a)ser.xxx.net.tw> IP:<61.229.13.49> From:<sip:1033@ser.xxx.net.tw> To:<sip:1011@ser.xxx.net.tw> <sip:1033@10.18.1.102:1718> SER: BLIND CALL FORWARDING SER: Look aliases SER: Look location SER isflagset (sip) SER: Look aliases SER: Look location SER isflagset (sip) SER: SIP Call On-Net section route(2) error: mediaproxy/sendMediaproxyCommand(): can't connect to MediaProxy error: mediaproxy/sendMediaproxyCommand(): can't connect to MediaProxy SER: SIP Call On-Net section route(2) error: mediaproxy/sendMediaproxyCommand(): can't connect to MediaProxy SER: SIP Call On-Net section route(2) error: mediaproxy/sendMediaproxyCommand(): can't connect to MediaProxy SER: SIP Call On-Net section route(2) error: mediaproxy/sendMediaproxyCommand(): can't connect to MediaProxy SER: SIP Call On-Net section route(2) error: mediaproxy/sendMediaproxyCommand(): can't connect to MediaProxy SER: SIP Call On-Net section route(2) ---------------------------------------------------------------------------------------------------------------- On Sun, 20 Feb 2005 21:58:12 -0500, Java Rockx <javarockx(a)gmail.com> wrote: > Can you include an output of the error messages? > > Regards, > Paul > > > On Mon, 21 Feb 2005 10:12:23 +0800, Charles Wang <lazy.charles(a)gmail.com> wrote: > > Dear ALL: > > > > I start ser 0.9.0. And when I make a sip call or off-net call(to > > PSTN), some error(as Subject) about MediaProxy will display in Log > > file. > > > > Does anybody have the same problem and have any solution to fix it? > > > > My ser.cfg list below: > > -------------------------------------------------------------------------------------------------------- > > debug=10 # debug level (cmd line: -dddddddddd) > > fork=yes > > log_stderror=no # (cmd line: -E) > > > > listen=xxx.xxx.xxx.xxx > > alias=ser.xxx.net.tw > > alias=ser > > alias=xxx.xxx.xxx.xxx > > > > check_via=no # (cmd. line: -v) > > dns=no # (cmd. line: -r) > > rev_dns=no # (cmd. line: -R) > > port=5060 > > children=4 > > fifo_mode=0666 > > fifo="/tmp/ser_fifo" > > fifo_db_url="mysql://ser:heslo@localhost/ser" > > > > # ------------------ module loading ---------------------------------- > > # ----------------- setting module-specific parameters --------------- > > ----------(skip) > > > > # -- mediaproxy params -- > > modparam("mediaproxy", "natping_interval", 30) > > modparam("mediaproxy", "sip_asymmetrics", > > "/usr/local/etc/ser/sip-asymmetric-clients") > > modparam("mediaproxy", "rtp_asymmetrics", > > "/usr/local/etc/ser/rtp-asymmetric-clients") > > > > # -- usrloc params -- > > modparam("usrloc", "db_mode", 1) > > modparam("usrloc", "timer_interval", 60) > > modparam("usrloc", "desc_time_order", 1) > > > > # -- auth params -- > > modparam("auth_db", "calculate_ha1", yes) > > modparam("auth_db", "password_column", "password") > > > > # -- rr params -- > > # add value to ;lr param to make some broken UAs happy > > modparam("rr", "enable_full_lr", 1) > > > > # -- db_url params -- > > modparam("acc|auth_db|domain|group|permissions|speeddial|uri_db|usrloc|pdt", > > "db_url", "mysql://ser:heslo@localhost/ser") > > > > # -- use_domain params -- > > modparam("auth_db|group|registrar|speeddial|uri_db|usrloc", "use_domain", 0) > > > > # -- permissions params -- > > modparam("permissions", "db_mode", 1) > > modparam("permissions", "trusted_table", "trusted") > > > > # -- accounting params -- > > modparam("acc", "db_flag", 1) > > modparam("acc", "db_missed_flag", 1) > > modparam("acc", "log_fmt", "cdfimorstup") > > modparam("acc", "log_level", 1) > > modparam("acc", "failed_transactions", 1) > > modparam("acc", "report_cancels", 1) > > modparam("acc", "report_ack", 0) > > > > # -- domain params -- > > modparam("domain", "db_mode", 1) > > > > # ------------- exec parameters > > modparam("exec", "setvars", 1) > > modparam("exec", "time_to_kill", 10) > > > > # -- registration params -- > > modparam("registrar", "nat_flag", 2) > > modparam("registrar", "min_expires", 60) > > modparam("registrar", "max_expires", 86400) > > modparam("registrar", "default_expires", 3600) > > modparam("registrar", "append_branches", 1) > > > > # -- avp params -- > > modparam("avpops", "avp_url", "mysql://ser:heslo@localhost/ser") > > modparam("avpops", "avp_table", "usr_preferences") > > #modparam("avpops", "use_domain", "1") > > modparam("avpops", "uuid_column", "uuid") > > modparam("avpops", "username_column", "username") > > modparam("avpops", "domain_column", "domain") > > modparam("avpops", "attribute_column", "attribute") > > modparam("avpops", "value_column", "value") > > modparam("avpops", "type_column", "type") > > modparam("avpops", "avp_aliases", > > "voicemail=i:500;calltype=i:700;fwd_no_answer_type=i:701;fwd_busy_type=i:702") > > # To use more than one tables example > > #modparam("avpops", "db_scheme", > > "scheme1:table=subscriber;uuid_column=uuid;value_column=first_name") > > > > # -- tm params -- > > modparam("tm", "fr_timer", 15) > > modparam("tm", "fr_inv_timer", 22) > > modparam("tm", "wt_timer", 5) > > modparam("tm", "fr_inv_timer_avp", "inv_timeout") > > > > # -- pdt params -- > > modparam("pdt", "db_table", "prefix_domain") > > modparam("pdt", "prefix", "") > > modparam("pdt", "hsize_2pow", 2) > > modparam("pdt", "sync_time", 300) > > modparam("pdt", "clean_time", 600) > > > > # -- logging params > > modparam("xlog", "buf_size", 8192) > > > > # -- group params -- > > modparam("group", "table", "grp") > > modparam("group", "user_column", "username") > > modparam("group", "domain_column", "domain") > > modparam("group", "group_column", "grp") > > > > # ------------------------- request routing logic ------------------- > > > > # main routing logic > > > > route { > > > > # ------------------------------------------------------------------------ > > # Sanity Check Section > > # ------------------------------------------------------------------------ > > if (!mf_process_maxfwd_header("10")) { > > sl_send_reply("483", "Too Many Hops"); > > break; > > }; > > > > if (msg:len > max_len) { > > sl_send_reply("513", "Message Overflow"); > > break; > > }; > > > > # ------------------------------------------------------------------------ > > # NOTIFY Keep-Alive Section > > # ------------------------------------------------------------------------ > > if ((method=="NOTIFY") && search("^Event: keep-alive")) { > > sl_send_reply("200", "OK"); > > break; > > }; > > > > # ------------------------------------------------------------------------ > > # OPTIONS Section > > # ------------------------------------------------------------------------ > > if (method=="OPTIONS") { > > options_reply(); > > break; > > }; > > > > # ------------------------------------------------------------------------ > > # NAT Test Section #1 > > # ------------------------------------------------------------------------ > > if (method=="REGISTER" && client_nat_test("3")) { > > fix_contact(); > > force_rport(); > > setflag(2); > > }; > > > > # ------------------------------------------------------------------------ > > # Registration Section > > # ------------------------------------------------------------------------ > > if (method=="REGISTER") { > > > > # allow all requests from user 700 - the Click2Dial controller > > if (!isflagset(14)) { > > if (!is_from_local()) { > > sl_send_reply("403", "Unknown Domain"); > > break; > > }; > > if (!www_authorize("", "subscriber")) { > > www_challenge("", "0"); > > break; > > }; > > if (!check_to()) { > > sl_send_reply("401", "Unauthorized"); > > break; > > }; > > > > # To - Use To username and (optionally) domain to check > > if (is_user_in("To", "demo-disabled")) { > > sl_send_reply("403", "Your evaluation period has expired"); > > break; > > }; > > > > # To - Use To username and (optionally) domain to check > > if (is_user_in("To", "disabled")) { > > sl_send_reply("403", "Your account has been disabled"); > > break; > > }; > > }; > > > > # snom sip phones use this header to start their > > # keep-alive mechanism for NAT bindings > > append_to_reply("P-NAT-Refresh: 15\r\n"); > > > > if (!save("location")) { > > sl_reply_error(); > > }; > > break; > > }; > > > > # ------------------------------------------------------------------------ > > # Accounting Section # 1 > > # > > # NOTE: We test for flag 14 because we do not want to record Click2Dial > > # entries > > # ------------------------------------------------------------------------ > > if ((method=="INVITE" || method=="BYE") && !isflagset(14)) { > > setflag(1); > > }; > > > > # ------------------------------------------------------------------------ > > # NAT Tear-Down Section > > # ------------------------------------------------------------------------ > > if ((method == "BYE" || method == "CANCEL")) { > > end_media_session(); > > }; > > > > # ------------------------------------------------------------------------ > > # Record Route Section > > # > > # we record-route all messages -- to make sure that subsequent messages > > # will go through our proxy; that's particularly good if upstream and > > # downstream entities use different transport protocol > > # ------------------------------------------------------------------------ > > if (!method=="REGISTER") { > > record_route(); > > }; > > > > # ------------------------------------------------------------------------ > > # Loose Route Section > > # > > # Grant route routing if route headers present > > # ------------------------------------------------------------------------ > > if (loose_route()) { > > route(2); > > break; > > }; > > > > prefix2domain(); > > > > # ------------------------------------------------------------------------ > > # NAT Test Section #1 > > # ------------------------------------------------------------------------ > > if (client_nat_test("3") && !search("^Record-Route:")) { > > force_rport(); > > fix_contact(); > > }; > > > > # ------------------------------------------------------------------------ > > # PSTN Section > > # ------------------------------------------------------------------------ > > if (method=="INVITE") { ## Deny PSTN to 0204 and 095 on Tawan > > if ((uri=~"^sip:0204[0-9]*@") || (uri=~"^sip:095[0-9]*@")) { > > sl_send_reply("503", "Service Unavailable"); > > break; > > }; > > }; > > > > # ------------------------------------------------------------------------ > > # Alias Routing Section > > # ------------------------------------------------------------------------ > > lookup("aliases"); > > if (!uri==myself) { > > route(2); > > break; > > }; > > > > # ------------------------------------------------------------------------ > > # Load ACL Section > > # ------------------------------------------------------------------------ > > if (method=="INVITE" && !isflagset(14)) { > > xlog("L_ERR", "Time:[%Tf] Method:<%rm> r-uri:<%ru>\n"); > > xlog("L_ERR", "IP:<%is> From:<%fu> To:<%tu> %ct\n"); > > if (is_user_in("Request-URI", "voicemail")) { > > setflag(31); > > }; > > if (is_from_local() || is_uri_host_local()) { > > > > # Check user from grp table > > if (is_user_in("From", "int")) { > > log(1, "SER: a INT user\n"); > > setflag(29); > > }; > > if (is_user_in("From", "free-pstn")) { > > log(1, "SER: a FREE-PSTN user\n"); > > setflag(28); > > }; > > if (avp_db_load("$from/username", "s:callidblock")) { > > if (avp_check("s:callidblock", "eq/y/i")) { > > setflag(25); > > }; > > }; > > }; > > if (avp_db_load("$ruri/username", "s:anoncallrej")) { > > if (avp_check("s:anoncallrej", "eq/y/i")) { > > log(1, "SER: a ANON-CALL-REJ user\n"); > > setflag(24); > > }; > > }; > > }; > > > > # ------------------------------------------------------------------------ > > # Anonymous Call Rejection Section # 24 > > # ------------------------------------------------------------------------ > > if (isflagset(24) && (method=="INVITE") && > > search("^(f|F)rom:.*(a|A)nonymous")) { > > route(8); > > break; > > }; > > > > # ------------------------------------------------------------------------ > > # Speed Dialing Section > > # ------------------------------------------------------------------------ > > if ((method=="INVITE") && (uri=~"^sip:[0-9]{2}@.*")) { > > sd_lookup("speed_dial"); > > }; > > > > # ------------------------------------------------------------------------ > > # 002 International Call Section # 29 > > # ------------------------------------------------------------------------ > > if (method=="INVITE" && uri=~"^sip:002[0-9]*@") { > > if (isflagset(29)) { > > log(1, "SER: an International Call route(6)\n"); > > route(6); > > } else { > > sl_send_reply("503", "Service Unavailable"); > > }; > > break; > > }; > > > > # ------------------------------------------------------------------------ > > # 0XXXXXXXXX Domestic Call Section # 29 > > # ------------------------------------------------------------------------ > > if (method=="INVITE" && uri=~"^sip:0[0-9]{9}@") { > > if (isflagset(29)) { > > log(1, "SER: a Domestic Call route(6)\n"); > > route(6); > > } else { > > sl_send_reply("503", "Service Unavailable"); > > }; > > break; > > }; > > > > # ------------------------------------------------------------------------ > > # URI Compare Section > > # > > # Here we compare the "from" and "to" to see if the caller is dialing > > # their own extension. If so then we route to voicemail(31) if needed > > # ------------------------------------------------------------------------ > > if (method=="INVITE") { > > avp_write("$from", "i:34"); > > if (avp_check("i:34", "eq/$ruri/i")) { > > if (isflagset(31)) { > > route(5); > > break; > > } else { > > sl_send_reply("486", "Busy"); > > break; > > }; > > }; > > }; > > > > # ------------------------------------------------------------------------ > > # Do Not Disturb Section > > # ------------------------------------------------------------------------ > > if (avp_db_load("$ruri/username", "s:donotdisturb")) { > > if (avp_check("s:donotdisturb", "eq/y/i")) { > > route(5); > > break; > > }; > > }; > > > > # ------------------------------------------------------------------------ > > # Blind Call Forwarding Section > > # ------------------------------------------------------------------------ > > if (method=="INVITE") { > > log(1, "SER: BLIND CALL FORWARDING\n"); > > # here we must store the current (aka original) R-URI because if > > # we set call forwarding and the forwarded number is busy then we > > # need to use this original R-URI to determine which voicemail > > # box we should go to > > if (isflagset(31)) { > > avp_write("$ruri", "$voicemail"); > > }; > > if (avp_db_load("$ruri/username", "s:callfwd")) { > > avp_pushto("$ruri", "s:callfwd"); > > > > # lookup the call fowarding number to see if it is a served > > # sip number or a PSTN number > > > > # check forwarding number rules > > log(1, "SER: Check Forwarding Number Rules\n"); > > route(1); > > > > if (avp_check("$calltype", "eq/-/i")) { > > log(1, "SER: 503 Service Unavailable 1\n"); > > sl_send_reply("503", "Service Unavailable"); > > break; > > }; > > > > # test for domestic PSTN gateway > > if (avp_check("$calltype", "eq/dom/i")) { > > log(1, "SER: Start a domestic PSTN call route(3)\n"); > > route(3); > > break; > > }; > > > > # test for international PSTN gateway > > if (avp_check("$calltype", "eq/int/i")) { > > log(1, "SER: Start an international PSTN call route(6)\n"); > > route(6); > > break; > > }; > > }; > > }; > > > > # ------------------------------------------------------------------------ > > # Call Routing Section > > # ------------------------------------------------------------------------ > > if (!lookup("location")) { > > > > # if flag 31 (ie voicemail) is set and we made it here this means > > # the user's phone is not registered anywhere. We'll forward to > > # voicemail after this block because we need to check the call > > # forward settings first > > if (isflagset(31)) { > > # flag 19 means the user has voicemail but is not online > > # so we need to remember to send to voicemail if call > > # forwarding is not enabled > > setflag(19); > > }; > > > > if (method=="INVITE") { > > if (does_uri_exist()) { > > # subscriber record found, but they're offline > > log(1, "SER: Temporarily Unavailable\n"); > > sl_send_reply("480", "Temporarily Unavailable"); > > break; > > }; > > > > if (uri=~"^sip:0[0-9]{9}@") { > > # Send to PSTN Gateway > > if (isflagset(28) || (is_user_in("From", "int")) || > > (is_user_in("From", "free-pstn"))) { > > log(1, "SER: Start a PSTN call\n"); > > route(3); > > } else { > > log(1, "SER: 503 Service Unavailable 2\n"); > > sl_send_reply("503", "Service Unavailable"); > > }; > > break; > > }; > > sl_send_reply("404", "User Not Found"); > > break; > > }; > > }; > > > > # ------------------------------------------------------------------------ > > # Call Forwarding Section > > # ------------------------------------------------------------------------ > > if (method=="INVITE") { > > > > # save R-URI in a temp AVP for later use > > avp_write("$ruri", "i:99"); > > > > # only load the forward no answer option if voice mail is not enabled > > if (!isflagset(31)) { > > if (avp_db_load("$ruri/username", "s:fwdnoanswer")) { > > route(1); > > }; > > }; > > if (avp_db_load("$ruri/username", "s:fwdbusy")) { > > route(1); > > }; > > avp_pushto("$ruri", "i:99"); > > }; > > if (isflagset(19)) { > > # send to voicemail > > route(5); > > } else { > > route(2); > > }; > > } > > > > route[1] { > > > > # Here we have route checks for all the call forwarding stuff. > > # The return values are passed as AVP $calltype as follows: > > # > > # "-" = R-URI is not allowed > > # "dom" = R-RURI is a domestic call > > # "int" = R-RURI is an international call > > # "sip" = R-RURI is a sip call > > > > avp_write("sip", "$calltype"); > > > > # Call rejected > > if ((uri=~"^sip:0204[0-9]*@") || > > (uri=~"^sip:095[0-9]*@") || > > (uri=~"^sip:[0-9]{3}@")) { > > break; > > }; > > log(1, "SER: Look aliases\n"); > > lookup("aliases"); > > > > log(1, "SER: Look location\n"); > > if (!lookup("location")) { > > if (uri=~"^sip:0[0-9]{9}@") { > > # test for domestic PSTN number > > if (isflagset(28)) { > > log(1, "SER isflagset 28 (domestic)\n"); > > avp_write("dom", "$calltype"); > > }; > > } else if (uri=~"^sip:002[0-9]*@") { > > # test for international PSTN number > > if (isflagset(29)) { > > log(1, "SER isflagset 29 (int)\n"); > > avp_write("int", "$calltype"); > > }; > > }; > > break; > > }; > > log(1, "SER isflagset (sip)\n"); > > avp_write("sip", "$calltype"); > > } > > > > route[2] { > > log(1, "SER: SIP Call On-Net section route(2)\n"); > > if ((method=="INVITE") && !allow_trusted()) { > > if (!proxy_authorize("", "subscriber")) { > > proxy_challenge("", "0"); > > break; > > } else if (!check_from()) { > > log(1, "Spoofed SIP call attempt"); > > sl_send_reply("403", "Use From=ID"); > > break; > > } else if (!(is_from_local() || is_uri_host_local())) { > > sl_send_reply("403", "Please register to use our service"); > > break; > > }; > > }; > > if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && > > !search("^Route:")){ > > sl_send_reply("479", "We don't forward to private IP addresses"); > > break; > > }; > > if (isflagset(25)) { > > replace("^From:(.*)>" , "From: \"Anonymous\" > > <sip:someone@anonymous.invalid>"); > > }; > > if (method=="INVITE" || method=="ACK") { > > use_media_proxy(); > > }; > > t_on_failure("1"); > > t_on_reply("1"); > > if (!t_relay()) { > > if (method=="INVITE" || method=="ACK") { > > end_media_session(); > > }; > > sl_reply_error(); > > }; > > } > > > > route[3] { > > log(1, "SER: Demestic Call Off-Net section route(3)\n"); > > > > # All Domestic Calls Go To CISCO 5300 > > if (method=="INVITE") { > > if (!proxy_authorize("", "subscriber")) { > > proxy_challenge("", "0"); > > break; > > } else if (!check_from()) { > > log(1, "Spoofed SIP call attempt"); > > sl_send_reply("403", "Use From=ID"); > > break; > > } else if (!(is_from_local() || is_uri_host_local())) { > > sl_send_reply("403", "Please register to use our service"); > > break; > > }; > > # enable caller id blocking for PSTN calls > > if (isflagset(25)) { > > append_rpid_hf(); > > }; > > }; > > # SIP->PSTN calls get 45 seconds to timeout > > log(1, "SER: Connecting to PSTN.....\n"); > > avp_write("i:45", "inv_timeout"); > > rewritehost("61.220.190.243"); > > if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && > > !search("^Route:")){ > > sl_send_reply("479", "We don't forward to private IP addresses"); > > break; > > }; > > if (method=="INVITE" || method=="ACK") { > > use_media_proxy(); > > }; > > if (isflagset(31)) { > > t_on_failure("1"); > > }; > > t_on_reply("1"); > > if (!t_relay()) { > > if (method=="INVITE" || method=="ACK") { > > end_media_session(); > > }; > > sl_reply_error(); > > }; > > } > > > > route[4] { > > log(1, "SER: Voice Mail section route(4)\n"); > > > > # voicemail route #1 > > # > > # this path this executed during these conditions: > > # > > # cond 1) the called number is in the location table > > # but the callee did not answer the phone > > # (ie, failover to voicemail) > > > > if (isflagset(25)) { > > replace("^From:(.*)>" , "From: \"Anonymous\" > > <sip:someone@anonymous.invalid>"); > > }; > > rewritehostport("99.99.99.100:5060"); > > append_branch(); > > t_on_reply("1"); > > if (!t_relay()) { > > if (method=="INVITE" || method=="ACK") { > > end_media_session(); > > }; > > sl_reply_error(); > > }; > > } > > > > route[5] { > > log(1, "SER: Voice Mail section route(5)\n"); > > > > # voicemail route #2 > > # > > # this path this executed during these conditions: > > # > > # cond 1) the called number is not in the location table > > # cond 2) the from_uri == to_uri (ie, caller==callee) > > > > if (method=="INVITE" || method=="ACK") { > > use_media_proxy(); > > }; > > rewritehostport("99.99.99.100:5060"); > > t_on_reply("1"); > > if (!t_relay()) { > > if (method=="INVITE" || method=="ACK") { > > end_media_session(); > > }; > > sl_reply_error(); > > }; > > } > > > > route[6] { > > log(1, "SER: International Call Off-Net section route(6)\n"); > > > > # All International Calls Go To CISCO 5300 > > if (method=="INVITE") { > > if (!proxy_authorize("", "subscriber")) { > > proxy_challenge("", "0"); > > break; > > } else if (!check_from()) { > > log(1, "Spoofed SIP call attempt"); > > sl_send_reply("403", "Use From=ID"); > > break; > > } else if (!(is_from_local() || is_uri_host_local())) { > > sl_send_reply("403", "Please register to use our service"); > > break; > > }; > > # enable caller id blocking for PSTN calls > > if (isflagset(25)) { > > append_rpid_hf(); > > }; > > }; > > # SIP->PSTN calls get 45 seconds to timeout > > avp_write("i:45", "inv_timeout"); > > rewritehost("61.220.190.243"); > > if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && > > !search("^Route:")){ > > sl_send_reply("479", "We don't forward to private IP addresses"); > > break; > > }; > > if (method=="INVITE" || method=="ACK") { > > use_media_proxy(); > > }; > > t_on_reply("1"); > > if (!t_relay()) { > > if (method=="INVITE" || method=="ACK") { > > end_media_session(); > > }; > > sl_reply_error(); > > }; > > } > > > > route[7] { > > log(1, "SER: Caller Blocked section route(7)\n"); > > > > # caller blocked announcment > > # > > # this path this executed if a caller has been blocked > > > > if (method=="INVITE" || method=="ACK") { > > use_media_proxy(); > > }; > > rewriteuri("sip:699@99.99.99.100:5060"); > > t_on_reply("1"); > > if (!t_relay()) { > > if (method=="INVITE" || method=="ACK") { > > end_media_session(); > > }; > > sl_reply_error(); > > }; > > } > > > > route[8] { > > log(1, "SER: Anonymous Call Rejection section route(8)\n"); > > > > # anonymous call rejection announcment > > # > > # this path this executed for anonymous callers > > > > if (method=="INVITE" || method=="ACK") { > > use_media_proxy(); > > }; > > rewriteuri("sip:698@99.99.99.100:5060"); > > t_on_reply("1"); > > if (!t_relay()) { > > if (method=="INVITE" || method=="ACK") { > > end_media_session(); > > }; > > sl_reply_error(); > > }; > > } > > > > onreply_route[1] { > > # Not all 2xx messages have a content body so here we > > # make sure our Content-Length > 0 to avoid a parse error > > if (status=~"(180)|(183)|2[0-9][0-9]") { > > if (!search("^Content-Length:\ 0")) { > > use_media_proxy(); > > }; > > }; > > if (client_nat_test("1")) { > > fix_contact(); > > }; > > } > > > > failure_route[1] { > > log(1, "SER: Failure Route section failure_route(1)\n"); > > > > # if caller hung up then don't sent to voicemail > > if (t_check_status("487")) { > > break; > > }; > > if (isflagset(26) && t_check_status("486")) { > > # forward busy is flag 26 > > if (avp_pushto("$ruri", "s:fwdbusy")) { > > log(1, "SER: fork to fwdbusy\n"); > > avp_delete("s:fwdbusy"); > > append_branch(); > > resetflag(26); > > > > # test for domestic PSTN gateway > > if (uri=~"^sip:0[0-9]{9}@") { > > # if (avp_check("$fwd_busy_type", "eq/dom/i")) { > > # test for domestic PSTN gateway > > log(1, "SER: Busy Failure and Jump to route(3)\n"); > > route(3); > > } else if (uri=~"^sip:002[1-9][0-9]*@") { > > # } else if (avp_check("$fwd_busy_type", "eq/int/i")) { > > # test for international PSTN gateway > > log(1, "SER: Busy Failure and Jump to route(6)\n"); > > route(6); > > } else { > > # default to sip call > > log(1, "SER: Busy Failure and Jump to route(2)\n"); > > route(2); > > }; > > break; > > }; > > }; > > > > # here we can have either voicemail __OR__ forward no answer > > if (isflagset(27) && t_check_status("408")) { > > # forward no answer is flag 27 > > if (avp_pushto("$ruri", "s:fwdnoanswer")) { > > log(1, "SER: fork to fwdnoanswer\n"); > > avp_delete("s:fwdnoanswer"); > > append_branch(); > > resetflag(27); > > > > if (uri=~"^sip:0[0-9]{9}@") { > > # if (avp_check("$fwd_no_answer_type", "eq/dom/i")) { > > # test for domestic PSTN gateway > > log(1, "SER: No Answer Failure and Jump to route(3)\n"); > > route(3); > > } else if (uri=~"^sip:002[1-9][0-9]*@") { > > # } else if (avp_check("$fwd_no_answer_type", "eq/int/i")) { > > # test for international PSTN gateway > > log(1, "SER: No Answer Failure and Jump to route(6)\n"); > > route(6); > > } else { > > # default to sip call > > log(1, "SER: No Answer Failure and Jump to route(2)\n"); > > route(2); > > }; > > break; > > }; > > } else if (isflagset(31) && avp_pushto("$ruri", "$voicemail")) { > > avp_delete("$voicemail"); > > log(1, "SER: No Answer Failure and Jump to route(4)\n"); > > route(4); > > break; > > }; > > } > > > > _______________________________________________ > > Serusers mailing list > > serusers(a)lists.iptel.org > > http://lists.iptel.org/mailman/listinfo/serusers > > >

19 years, 9 months

[Serusers] Registration Timeout

by Suvendu Sethi

Hi All, Any idea, how to change registration timeout value in ser.cfg so that my phone register with the server every 5 minutes in place of default 1 minute. Please advise. Regards, Suvendu. ________________________________________________________________________ Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony

19 years, 9 months

Re: [Serusers] Module ACC + Mysql : problems

by Charles Wang

Uncomment "DEFS+=-DSQL_ACC" at modules/acc/Makfile and recompile the mysql.so. Then using modparam("acc", "db_url", "sql://ser:password@localhost/ser") or modparam("acc", "db_url", "mysql://ser:password@localhost/ser") to test it. Charles On Mon, 21 Feb 2005 13:09:50 +0100, Nicolas Ruiz <nruiz(a)vivaction.com> wrote: > Hi, > > I have set : modparam("acc", "db_url", "sql://ser:password@localhost/ser") > > but when I start it, I have : > > 0(19788) set_mod_param_regex: parameter <db_url> not found in module <acc> > 0(19788) parse error (70,61-62): Can't set module parameter > > How can I compil him with mysql support ? > > Thanks > > Best regards > > > > Vos Solutions Voix-Data ! > > > Nicolas Ruiz > Service Technique > Ligne directe : + 33 (0) 1 56 38 39 71 > Fax :+ 33 (0) 1 47 24 74 77 > nruiz(a)vivaction.com > > Immeuble Plein Ouest > 177 av. Georges Clemenceau > 92024 Nanterre - France > Tel : 0 811 02 6000 > www.vivaction.com > > ________________________________________________________________________________________________________________________ > This e-mail and the information it contains are confidential and legally > protected by law. Only access by the intended recipient is authorized. > Review, distribution,reproduction, publication or other use of this e-mail > is prohibited. > Cet e-mail et les informations qu'il contient sont confidentiels et protégés > par la loi. L'accès à ce message n'est autorisé qu'au destinataire de > celui-ci. Toute modification,distribution, reproduction, publication, ou > autre utilisation de cet e-mail est formellement interdite. > > > > > > > > > > > > _______________________________________________ > Serusers mailing list > serusers(a)lists.iptel.org > http://lists.iptel.org/mailman/listinfo/serusers > > >

19 years, 9 months

[Serusers] ser radius routing problems.

by sait＠karalar.com

Hi, I want to use SER to Rasius authenticate, radius accounting. I read too many documents but not able to get a good configuration. My scenerio is simple. - Register SIP clients via Radius Auth. - Route the call with respect to prefix (is it possible to get from radius?) or some other methos instead of direct CFG config. - radius accounting (start/stop) have a working cfg file ?

19 years, 9 months

[Serusers] Module ACC + Mysql : problems

by Nicolas Ruiz

Hi, I have set : modparam("acc", "db_url", "sql://ser:password@localhost/ser") but when I start it, I have : 0(19788) set_mod_param_regex: parameter <db_url> not found in module <acc> 0(19788) parse error (70,61-62): Can't set module parameter How can I compil him with mysql support ? Thanks Best regards Vos Solutions Voix-Data ! Nicolas Ruiz Service Technique Ligne directe : + 33 (0) 1 56 38 39 71 Fax :+ 33 (0) 1 47 24 74 77 nruiz(a)vivaction.com Immeuble Plein Ouest 177 av. Georges Clemenceau 92024 Nanterre - France Tel : 0 811 02 6000 www.vivaction.com ____________________________________________________________________________ ____________________________________________ This e-mail and the information it contains are confidential and legally protected by law. Only access by the intended recipient is authorized. Review, distribution,reproduction, publication or other use of this e-mail is prohibited. Cet e-mail et les informations qu'il contient sont confidentiels et protégés par la loi. L'accès à ce message n'est autorisé qu'au destinataire de celui-ci. Toute modification,distribution, reproduction, publication, ou autre utilisation de cet e-mail est formellement interdite.

19 years, 9 months

[Serusers] SER SDP Port Problem??

by Aisling O'Driscoll

Hi, I understand the basic problem behind one way audio is that the client behind nat has a private address in the sdp information, therefore the voice cannot be delivered to this private address. It is necessary to rewrite this sdp info with the nat public address. However I have done this in my ser.cfg and I still have one way voice. I have included some of relevant ethereal messages on SER and my ser.cfg below. The messages show that the rtp information has been changed. Does anyone think the problem is because there is no port information in the "c" and "o" fields in the sdp?? If so how can I make sure the port is included? Many Thanks, Aisling. Ethereal messages: call between private client with public nat address 63.218.54.71 and a public client with address 157.190.183.80. The SER address is 157.190.183.70. REGISTER sip:157.190.183.70 SIP/2.0 VIA: SIP/2.0/UDP 63.218.54.71:11987;rport;branch=z9h..... FROM: whoever <sip:2008@157.190.183.70>;tag=455.... TO: whoever <sip:2008@157.190.183.70> CONTACT: "whoever" <sip:2008@63.218.54.71:11987> Call-Id: .... CSeq: 22227 REGISTER Expires; 1800 User Agent: X-Lite release 1103m Content-Length: 0 SIP/2.0 200 OK VIA: SIP/2.0/UDP 63.218.54.71:11987;rport;branch=z9h..... FROM: whoever <sip:2008@157.190.183.70>;tag=455.... TO: whoever <sip:2008@157.190.183.70> CONTACT: "whoever" <sip:2008@63.218.54.71:11987>;q=0.00 expires=1800 Call-Id: .... CSeq: 22227 REGISTER Expires; 1800 User Agent: X-Lite release 1103m Content-Length: 0 The public client (157.190.183.80 also registers) Then the private client invites the public client to a voice conversation: INVITE sip:2001@157.190.183.70 SIP/2.0 VIA: SIP/2.0/UDP 63.218.54.71:11987;rport;branch=z9h..... FROM: whoever <sip:2008@157.190.183.70>;tag=455.... TO: whoever <sip:2001@157.190.183.70> CONTACT: "whoever" <sip:2008@63.218.54.71:11987> Call-Id: .... CSeq: 19929 INVITE Expires; 1800 User Agent: X-Lite release 1103m Content-Type=application/sdp Content-Length: 290 Session description Protocol Owner/Creator of the Session (o): 2008 245812 272828 IN IP4 63.218.54.71 Connection information (c): IN IP4 63.218.54.71 A 100 Trying is sent back from SER to the private client (i.e. caller) The INVITE is forwarded from SER to public client (callee) as show below: INVITE sip:2001@157.190.183.70 SIP/2.0 VIA: SIP/2.0/UDP 157.190.183.70;branch=.... VIA: SIP/2.0/UDP 63.218.54.71:11987;branch=z9h..... FROM: whoever <sip:2008@157.190.183.70>;tag=455.... TO: whoever <sip:2001@157.190.183.70> CONTACT: "whoever" <sip:2008@63.218.54.71:11987> Call-Id: .... CSeq: 19929 INVITE Expires; 1800 User Agent: X-Lite release 1103m Content-Type=application/sdp Content-Length: 290 Session description Protocol Owner/Creator of the Session (o): 2008 245812 272828 IN IP4 63.218.54.71 Connection information (c): IN IP4 63.218.54.71 157.190.183.80 157.190.183.70 SIP 100 Trying 157.190.183.80 157.190.183.70 SIP 180 Ringing 157.190.183.70 63.218.54.71 SIP 180 Ringing 157.190.183.80 157.190.183.70 SIP/SDP Status: 200OK SIP/2.0 200 OK Via: SIP/2.0/UDP 157.190.183.70;branch=.... Via: SIP/2.0/UDP 63.218.54.71:11987;rport=11987;branch=..... From: whoever<sip:2008@157.190.183.70>;tag=... To: <sip:2001@157.190.183.70>;tag=.... CSeq: 19929 INVITE User Agent: Grandtsream BT100 1.0.5.18 Contact: <sip:2001@157.190.183.80> Session description protocol (c) IN IP4 157.190.183.80 # # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script # # ----------- global configuration parameters ------------------------ #debug=3 # debug level (cmd line: -dddddddddd) #fork=yes #log_stderror=no # (cmd line: -E) /* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */ check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 #children=4 fifo="/tmp/ser_fifo" alias="157.190.183.70:5060" # ------------------ module loading ---------------------------------- # Uncomment this if you want to use SQL database loadmodule "/usr/lib/ser/modules/mysql.so" loadmodule "/usr/lib/ser/modules/sl.so" loadmodule "/usr/lib/ser/modules/tm.so" loadmodule "/usr/lib/ser/modules/rr.so" loadmodule "/usr/lib/ser/modules/maxfwd.so" loadmodule "/usr/lib/ser/modules/usrloc.so" loadmodule "/usr/lib/ser/modules/registrar.so" loadmodule "/usr/lib/ser/modules/textops.so" loadmodule "/usr/lib/ser/modules/nathelper.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/lib/ser/modules/auth.so" loadmodule "/usr/lib/ser/modules/auth_db.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- #modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2) # -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password") # -- rr params -- # add value to ;lr param to make some broken UAs happy #NB Had to up this value from 1 to 11 because reinvites were bombarding called phone modparam("rr", "enable_full_lr", 11) #!! Nathelper modparam("registrar", "nat_flag", 6) modparam("nathelper", "natping_interval", 30) #Ping interval 30 s modparam("nathelper", "ping_nated_only", 1) #Ping only clients behind NAT modparam("tm", "fr_inv_timer", 80) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; }; #########################added for cit client behind nat 09/02/05####################### if (nat_uac_test("3")){ if (method == "REGISTER" || ! search("^Record-Route:")){ log("Log: Someone trying to register from private IP,rewriting\n"); fix_nated_contact(); #Rewrite contact with source IP if (method == "INVITE"){ fix_nated_sdp("1"); #Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as Nated }; }; ##################################################################### ################### # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (method =="REGISTER") record_route(); # loose-route processing if (loose_route()) { #commented 11/02/05 #t_relay(); route(1); break; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { log(1,"into loop"); if (method=="REGISTER") { # Uncomment this if you want to use digest authentication # if (!www_authorize("157.190.183.70", "subscriber")) { # www_challenge("157.190.183.70", "0"); # break; # }; save("location"); break; }; lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); break; }; if (method=="INVITE"){ log(1,"in invite loop"); #break; #no 100 trying t_on_failure("1"); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { #sl_send_reply("404", "Not Found"); route(2); break; }; }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP #commented 11/02/05####################### if (!t_relay()) { sl_reply_error(); }; } ######################################entered 11/02/05############################################################ route[1] { #!!Nathelper if(uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && !search("^Route:")){ sl_send_reply("479", "We don't forward to private IP addresses"); break; }; t_on_reply("1"); if(!t_relay()){ sl_reply_error(); }; } ######################################entered 11/02/05############################################################ #!! Nathelper onreply_route[1]{ if(isflagset(6) && status =~ "(183)|2[0-9][0-9]"){ fix_nated_contact(); force_rtp_proxy(); } else if (nat_uac_test("1")){ fix_nated_contact(); }; } ###################################################################### ########################################### # ------------- handling of unavailable user ------------------ route[2] { # non-Voip -- just send "off-line" if (!(method == "INVITE" || method == "ACK" || method == "CANCEL")) { sl_send_reply("404", "Not Found"); break; }; # forward to voicemail now rewritehostport("157.190.183.70:5062"); t_relay_to_udp("157.190.183.70", "5062"); } # if forwarding downstream did not succeed, try voicemail running # at 157.190.183.70:5062 failure_route[1] { revert_uri(); rewritehostport("157.190.183.70:5062"); append_branch(); t_relay_to_udp("157.190.183.70", "5062"); } -------------------Legal Disclaimer--------------------------------------- The above electronic mail transmission is confidential and intended only for the person to whom it is addressed. Its contents may be protected by legal and/or professional privilege. Should it be received by you in error please contact the sender at the above quoted email address. Any unauthorised form of reproduction of this message is strictly prohibited. The Institute does not guarantee the security of any information electronically transmitted and is not liable if the information contained in this communication is not a proper and complete record of the message as transmitted by the sender nor for any delay in its receipt.

19 years, 9 months

[Serusers] SER -> Cisco Gateway (PSTN)

by Guido Krause

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi, we used the ser as a sip proxy and i will forward traffic to our cisco gateway (pstn). when i make a forward i become a timeout (no dialtone). whats wrong???? we use ser-0.8.12-0 ser.cfg ~ if (!lookup("location")) { ~ if(uri =~"sip:1024#"){ ~ log(1,"Forwarding to PSTN\n"); ~ rewritehostport("IP-GW:5060"); ~ break; ~ }else{ ~ sl_send_reply("404", "Not Found"); ~ log(1,"404 Not found\n"); ~ break; ~ }; cisco: dial-peer voice 99300 voip ~ incoming called-number 1024#T ~ session protocol sipv2 ~ dtmf-relay rtp-nte ~ codec g729r8 bytes 60 thanks hans -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCGbtpouYj3oyEw4wRAmR9AJ938/dqMVsbtAJdcI/RV9RVtMiLegCfVcs1 ruGUvrL+dl+UHtHpQ5uxut4= =1N0c -----END PGP SIGNATURE-----

19 years, 9 months

[Serusers] Security methods for PSTN termination of SIP calls

by Alan Litster

Hi, When providing PSTN termination of calls that originate from a SIP source how do you go about validating the identity of where the calls originated from - the SIP Proxy or the SUA. PSTN ---- SIP Proxy 1--- + --- SIP Proxy 2 ---- PSTN So the calls originate from the PSTN in a country, get transported across the internet and terminated in a different country via another company. Other than source IP address, what method could you use to validate the origin of the calls? Also in question is security for trunk services for companies that simply want to terminate calls out onto the PSTN. How can you setup a trust relationship between the two proxies? Is any one here in a similar situation?? Regards, Alan ------------------------------------------------------------------------------------------------------- This email, and any files transmitted with it, is copyright and may contain confidential information. The contents are intended for the use of the addressee(s) only. Unauthorized use may be unlawful. If you receive this email by mistake, please advise sender immediately. The views of the author may not necessarily constitute the views of Telco Electronics Limited. Nothing in this mail shall bind Telco Electronics Limited in any contract or obligation. Telco Electronics Limited 6-8 Oxford Court Brackley Northants NN13 7XY Tel 01280 761600 Fax 01280 841174

19 years, 9 months

[Serusers] Has any idea to disconnect a connection?

by Charles Wang

Dear ALL: If an UA1 ( Under NAT / Public Network) make a call to another UA2( Under NAT / Public Network), is there any idea to disconnect it after xx seconds? For example, the UA1 has 300 seconds credit, and this call can only keep maxinum 300 seconds. Charles

19 years, 9 months

← Newer
1
...
12
13
14
15
16
17
18
...
47
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users February 2005