sr-users February 2005

sr-users@lists.kamailio.org

215 participants
467 discussions

[Serusers] More call transfer questions
by Steve Blair 28 Feb '05

28 Feb '05

I'm a bit stuck and wonder if someone on this list can help. When a call arrives at a Cisco IP phone registered to our SER proxy from the PSTN it is answered. The called party then tries to transfer the call. In either case a new invite is generated. I'm under the impression a refer message should be generated but given the way attended transfer works on the 7960s it doesn't seem possible to have a refer generated. Has anyone else seen this? If so any thoughts on what is happening? Thanks,Steve

2 3

[Serusers] "3xx Redirection" - How Should This Work?
by Java Rockx 28 Feb '05

28 Feb '05

Hi all. I'm trying to get my call working working and I have a question. Suppose a SIP subscriber has voicemail and call forwarding is enabled. When an incoming call is destined for this SIP user, SER will reply with a 302 redirect message. Next the caller's phone should construct a brand new INVITE to the redirected destination. My question is this: If the forwarded destination is busy, then the call should be sent to the voicemail of the SIP subscriber that was originally called. This is the way the RBOCs call forwarding works. If I'm using sl_send_reply("302", "Temporarily Moved") back to the caller, how can I make the voicemail piece work? Regards, Paul

2 3

[Serusers] lookup not finding local users
by Glenn Dalgliesh 28 Feb '05

28 Feb '05

I dont seem to be able to get a match when I send a call from my gw to ser registered user. Debug indicates that user Not found in usrloc even though the database shows the users registered. I am able to make out bound calls the gw just fine. If anyone can shed some light in it it would be great. Part 1 of 2 Part to follow with ser.cfg Thanks ============================================================================ ================================= mysql> select * from location; +----------+--------+------------------------+----------+------------------- --+-------+----------------------------------+------+----------------+------ -----+-------+-------+----------------------------+ | username | domain | contact | received | expires | q | callid | cseq | last_modified | replicate | state | flags | user_agent | +----------+--------+------------------------+----------+------------------- --+-------+----------------------------------+------+----------------+------ -----+-------+-------+----------------------------+ | 9901 | | sip:9901@69.250.205.31 | NULL | 2005-02-26 03:31:09 | -1.00 | e5201b3819008718(a)192.168.199.102 | 107 | 20050226033016 | 0 | 0 | 0 | Grandstream BT100 1.0.5.11 | +----------+--------+------------------------+----------+------------------- --+-------+----------------------------------+------+----------------+------ -----+-------+-------+----------------------------+ 1 row in set (0.01 sec) ====debugt output====================================================================== ========================= 20(18672) parse_headers: flags=256 20(18672) find_first_route: No Route headers found 20(18672) loose_route: There is no Route HF 20(18672) lookup(): '9901' Not found in usrloc ============================================================================ ================================= U 69.19.88.16:5060 -> 69.19.88.19:5060 INVITE sip:9901@69.19.88.19 SIP/2.0..Via: SIP/2.0/UDP 69.19.88.16:5060;branch=z9hG4bK2fb13d17..From: "Cell Phone MD" <sip:4103532264 @69.19.88.16>;tag=as149fbe93..To: <sip:9901@69.19.88.19>..Contact: <sip:4103532264@69.19.88.16>..Call-ID: 745bcf587074e77d4a8118dc212 ccba7@69.19.88.16..CSeq: 102 INVITE..User-Agent: Asterisk PBX..Date: Sat, 26 Feb 2005 08:41:01 GMT..Allow: INVITE, ACK, CANCEL, OPTIONS , BYE, REFER..Content-Type: application/sdp..Content-Length: 240....v=0..o=root 11581 11581 IN IP4 69.19.88.16..s=session..c=IN IP4 66. 159.88.16..t=0 0..m=audio 14934 RTP/AVP 0 8 101..a=rtpmap:0 PCMU/8000..a=rtpmap:8 PCMA/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:1 01 0-16..a=silenceSupp:off - - - -.. # U 69.19.88.19:5060 -> 69.19.88.16:5060 SIP/2.0 100 trying -- your call is important to us..Via: SIP/2.0/UDP 69.19.88.16:5060;branch=z9hG4bK2fb13d17..From: "Cell Phone MD" < sip:4103532264@69.19.88.16>;tag=as149fbe93..To: <sip:9901@69.19.88.19>..Call-ID: 745bcf587074e77d4a8118dc212ccba7@69.19.88.16..CSeq: 102 INVITE..Server: Sip EXpress router (0.9.0 (i386/linux))..Content-Length: 0..Warning: 392 69.19.88.19:5060 "Noisy feedback tells: p id=18682 req_src_ip=69.19.88.16 req_src_port=5060 in_uri=sip:9901@69.19.88.19 out_uri=sip:9901@69.19.88.16:5060 via_cnt==1".... # U 69.19.88.19:5060 -> 69.19.88.16:5060 INVITE sip:9901@69.19.88.16:5060 SIP/2.0..Max-Forwards: 10..Record-Route: <sip:69.19.88.19;ftag=as149fbe93;lr=on>..Via: SIP/2.0/UDP 66 .159.88.19;branch=z9hG4bK96c9.80b8ddd7.0..Via: SIP/2.0/UDP 69.19.88.16:5060;branch=z9hG4bK2fb13d17..From: "Cell Phone MD" <sip:410353 2264(a)69.19.88.16>;tag=as149fbe93..To: <sip:9901@69.19.88.19>..Contact: <sip:4103532264@69.19.88.16>..Call-ID: 745bcf587074e77d4a8118d c212ccba7@69.19.88.16..CSeq: 102 INVITE..User-Agent: Asterisk PBX..Date: Sat, 26 Feb 2005 08:41:01 GMT..Allow: INVITE, ACK, CANCEL, OPT IONS, BYE, REFER..Content-Type: application/sdp..Content-Length: 240..P-hint: GATEWAY....v=0..o=root 11581 11581 IN IP4 69.19.88.16..s= session..c=IN IP4 69.19.88.16..t=0 0..m=audio 14934 RTP/AVP 0 8 101..a=rtpmap:0 PCMU/8000..a=rtpmap:8 PCMA/8000..a=rtpmap:101 telephone -event/8000..a=fmtp:101 0-16..a=silenceSupp:off - - - -.. # U 69.19.88.16:5060 -> 69.19.88.19:5060 SIP/2.0 482 Loop Detected..Via: SIP/2.0/UDP 69.19.88.19;branch=z9hG4bK96c9.80b8ddd7.0..Via: SIP/2.0/UDP 69.19.88.16:5060;branch=z9hG4b K2fb13d17..From: "Cell Phone MD" <sip:4103532264@69.19.88.16>;tag=as149fbe93..To: <sip:9901@69.19.88.19>;tag=as149fbe93..Call-ID: 74 5bcf587074e77d4a8118dc212ccba7@69.19.88.16..CSeq: 102 INVITE..User-Agent: Asterisk PBX..Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER ..Contact: <sip:4103532264@69.19.88.16>..Content-Length: 0....

2 2

[Serusers] SER MySQL + NAT problems
by Paulo Vicentini 28 Feb '05

28 Feb '05

Hi Would mind sending your ser.cfg file, i am facing problems with NAT traversal I have already read > <http://www.informatik.uni-bremen.de/~prelle/terena/cookbook/Co> okbook_D2/ but it still does not working This is my ser.cfg file: Is there anything wrong whit it? # # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script # # ----------- global configuration parameters ------------------------ #debug=3 # debug level (cmd line: -dddddddddd) #fork=yes #log_stderror=no # (cmd line: -E) /* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */ check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 #children=4 fifo="/tmp/ser_fifo" # ------------------ module loading ---------------------------------- loadmodule "/usr/local/lib/ser/modules/nathelper.so" # Uncomment this if you want to use SQL database loadmodule "/usr/lib/ser/modules/mysql.so" loadmodule "/usr/lib/ser/modules/sl.so" loadmodule "/usr/lib/ser/modules/tm.so" loadmodule "/usr/lib/ser/modules/rr.so" loadmodule "/usr/lib/ser/modules/maxfwd.so" loadmodule "/usr/lib/ser/modules/usrloc.so" loadmodule "/usr/lib/ser/modules/registrar.so" loadmodule "/usr/lib/ser/modules/textops.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/lib/ser/modules/auth.so" loadmodule "/usr/lib/ser/modules/auth_db.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- #modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2) # -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # We will you flag 6 to mark NATed contacts modparam("registrar", "nat_flag", 6) # Enable NAT pinging modparam("nathelper", "natping_interval", 60) # Ping only contacts that are known to be # behind NAT modparam("nathelper", "ping_nated_only", 1) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; }; # special handling for NATed clients; first, nat test is # executed: it looks for via!=received and RFC1918 addresses # in Contact (may fail if line-folding used); also, # the received test should, if complete, should check all # vias for presence of received if (nat_uac_test("3")) { # allow RR-ed requests, as these may indicate that # a NAT-enabled proxy takes care of it; unless it is # a REGISTER if (method == "REGISTER" || ! search("^Record-Route:")) { log("LOG: Someone trying to register from private IP, rewriting\n"); # This will work only for user agents that support symmetric # communication. We tested quite many of them and majority is # smart smart enough to be symmetric. In some phones, like # it takes a configuration option. With Cisco 7960, it is # called NAT_Enable=Yes, with kphone it is called # "symmetric media" and "symmetric signaling". (The latter # not part of public released yet.) fix_nated_contact(); # Rewrite contact with source IP of signalling if (method == "INVITE") { fix_nated_sdp("1"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed }; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route(); # loose-route processing if (loose_route()) { t_relay(); break; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") { # Uncomment this if you want to use digest authentication if (!www_authorize("200.151.192.13", "subscriber")) { www_challenge("200.151.192.13", "0"); break; }; save("location"); break; }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); }; } # # Forcing media relay if necessary # route[1] { if (uri=~"[@:](192\.168\.|10\.|172\.16)" && !search("^Route:")){ sl_send_reply("479", "We don't forward to private IP addresses"); break; }; if (isflagset(6)) { force_rtp_proxy(); t_on_reply("1"); append_hf("P-Behind-NAT: Yes\r\n"); }; if (!t_relay()) { sl_reply_error(); break; }; } onreply_route[1] { if (status =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); force_rtp_proxy(); }; } Thanks Paulo _________________________________________________________________ MSN Messenger: converse online com seus amigos . http://messenger.msn.com.br

1 0

[Serusers] ERROR: tcp_blocking_connect !!!
by Mohammad Khan 28 Feb '05

28 Feb '05

Hello List: I am getting this error message: ERROR: tcp_blocking_connect: timeout (10) By doing a search in Archive, I have found, it tcp connection take long time, this error raise. Is it right? I am not aware about any network problem in my network. Other issue, If any UA register, my locatoin table keeps record very good. But if UA re-register, location table have double entry of that user. Any idea, why its happening or how to fix it. BTW, I am running ser-0.9.0 with cvs version of rtpproxy. Thanks, MOhammad

1 0

[Serusers] SIP encrypted calls
by Stefano 28 Feb '05

28 Feb '05

Hi all, i have a question: -do you know how it's possible to encrypt the comunication between two SIP client? -does the proxy implement some particular tasks or actions, or is it a client-side problem? -if it is so, do you know any SIP client that implements encription? Thank you very much stefano __________________________________________________________________ Tiscali Adsl 3 Mega Flat, 3 MESI GRATIS! Con Tiscali Adsl 3 Mega Flat navighi in Rete alla supervelocita' a soli 29.95 euro al mese senza limiti di tempo. Attivati entro il 28 Febbraio 2005, 3 MESI sono GRATIS Scopri come http://abbonati.tiscali.it/adsl/sa/2flat_tc/

5 11

[Serusers] part 2 lookup not finding local users
by Glenn Dalgliesh 28 Feb '05

28 Feb '05

Part 2 of 2 ==ser.cfg=================================================================== ======================================== # # $Id: serconf.sh,v 1.3 2003/11/03 13:03:58 janakj Exp $ # # autogenerated SER configuration # # user: uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) # system: Linux baltodb.popdial.com 2.6.10-1.760_FC3 #1 Wed Feb 2 00:14:23 EST 2005 i686 i686 i386 GNU/Linux # date: Sat Feb 26 02:57:50 EST 2005 # # ----------- global configuration parameters ------------------------ /* debug=4 fork=yes port=5060 log_stderror=no memlog=5 */ mhomed=yes fifo="/tmp/ser_fifo" alias=baltodb.popdial.com # uncomment to override config values for test # /* debug=4 # debug level (cmd line: -ddd) fork=yes port=5060 log_stderror=yes # (cmd line: -E) fifo="/tmp/ser_fifox" # */ check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) children=16 # if changing fifo mode to a more restrictive value, put # decimal value in there, e.g. dec(rw|rw|rw)=dec(666)=438 #fifo_mode=438 # ------------------ module loading ---------------------------------- loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/acc.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/textops.so" loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/group.so" loadmodule "/usr/local/lib/ser/modules/msilo.so" loadmodule "/usr/local/lib/ser/modules/enum.so" loadmodule "/usr/local/lib/ser/modules/uri_db.so" # ----------------- setting module-specific parameters --------------- # all DB urls here #modparam("usrloc|acc|auth_db|group|msilo|uri", "db_url","mysql://ser:heslo@localhost/ser") modparam("usrloc|acc|auth_db|group|msilo|uri_db", "db_url","mysql://ser:heslo@localhost/ser") # -- usrloc params -- /* 0 -- dont use mysql, 1 -- write_through, 2--write_back */ modparam("usrloc", "db_mode", 2) modparam("usrloc", "timer_interval", 10) # -- auth params -- modparam("auth_db", "calculate_ha1", yes) #modparam("auth_db", "user_column", "user_id") modparam("auth_db", "password_column", "password") modparam("auth", "nonce_expire", 300) # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # -- acc params -- # that is the flag for which we will account -- don't forget to modparam("acc", "db_flag", 1 ) modparam("acc", "db_missed_flag", 3 ) # -- tm params -- modparam("tm", "fr_timer", 20 ) modparam("tm", "fr_inv_timer", 90 ) modparam("tm", "wt_timer", 20 ) # -- msilo params modparam("msilo", "registrar", "sip:registrar@baltodb.popdial.com") # -- enum params -- # modparam("enum", "domain_suffix", "e164.arpa.") # ------------------------- request routing logic ------------------- # main routing logic route{ /* ********* ROUTINE CHECKS ********************************** */ # filter too old messages if (!mf_process_maxfwd_header("10")) { log("LOG: Too many hops\n"); sl_send_reply("483","Alas Too Many Hops"); break; }; #if (len_gt( max_len )) { if ( msg:len > max_len ) { sl_send_reply("513", "Message too large sorry"); break; }; # Make sure that requests dont advertise addresses # from private IP space (RFC1918) in Contact HF # (note: does not match with folded lines) if (search("^(Contact|m): .*(a)(192\.168\.|10\.|172\.16)")) { # allow RR-ed requests, as these may indicate that # a NAT-enabled proxy takes care of it; unless it is # a REGISTER if ((method=="REGISTER" || ! search("^Record-Route:")) && !( src_ip==192.168.0.0/16 || src_ip==10.0.0.0/8 || src_ip==172.16.0.0/12 )) { log("LOG: Someone trying to register from private IP again\n"); sl_send_reply("479", "We dont accept private IP contacts" ); break; }; }; # anti-spam -- if somene claims to belong to our domain in From, # challenge him (skip REGISTERs -- we will chalenge them later) if (search("(From|F):.*(baltodb\.popdial\.com|66\.159\.88\.19)")) { # invites forwarded to other domains, like FWD may cause subsequent # request to come from there but have iptel in From -> verify # only INVITEs (ignore FIFO/UAC's requests, i.e. src_ip==myself) if (method=="INVITE" & !(src_ip==69.19.88.19)) { if (!(proxy_authorize( "baltodb.popdial.com" /* realm */, "subscriber" /* table name */ ))) { proxy_challenge("baltodb.popdial.com" /* realm */, "0" /* no-qop */); break; }; # to maintain outside credibility of our proxy, we enforce # username in From to equal digest username; user with # "john.doe" id could advertise "bill.gates" in From otherwise; if (!check_from()) { log("LOG: From Cheating attempt in INVITE\n"); sl_send_reply("403", "That is ugly -- use From=id next time (OB)"); break; }; # we better don't consume credentials -- some requests may be # spiraled through our server (sfo@iptel->7141@iptel) and the # subsequent iteration may challenge too, for example because of # iptel claim in From; UACs then give up because they # already submitted credentials for the given realm #consume_credentials(); }; # INVITEs claiming to come from our domain } else if (method=="INVITE" && !(uri=~"[@:\.](baltodb\.popdial\.com|66\.159\.88\.19)([;:].*)*" # ... and we serve our gateway too if present | uri=~"@66\.159\.88\.16([;:].*)*" )) { #the INVITE neither claims to come from our domain nor is it targeted to it # -> junk it sl_send_reply("403", "No relaying"); break; }; /* ********* RR ********************************** */ # to be safe, record route everything; UAs may use different # transport protocols and need to have SER in path record_route(); # if route forces us to forward to some explicit destination, # do so; check however first that a cheater didn't preload # a gateway destination to bypass PSTN ACLs if (loose_route()) { if (uri=~"sip:[+0-9]+@66\.159\.88\.16") { # it is gateway -- proceed to ACLs route(3); break; }; # route HF determined next hop; forward there append_hf("P-hint: rr-enforced\r\n"); t_relay(); break; }; /* ********* check for requests targeted out of our domain... ******* */ # sign of our domain: there is '@' (username) or : (nothing) in # front of our domain name ; ('.' is not there -- we handle all # xxx.iptel.org as outbound hosts);if none of these cases matches, # proceed with processing of outbound requests in route[2] if (!(uri=~"[@:](sip[\.)?(baltodb\.popdial\.com|66\.159\.88\.19)([;:].*)*" | uri=~"@66\.159\.88\.16([;:].*)*")) { route(2); break; }; /* ************ requests for our domain ********** */ /* now, the request is for sure for our domain */ # registers always MUST be authenticated to # avoid stealing incoming calls if (method=="REGISTER") { # Make sure that user's dont register infinite loops # (note: does not match with folded lines) if (search("^(Contact|m): .*(a)(baltodb\.popdial\.com|66\.159\.88\.19)")) { log(1, "LOG: alert: someone trying to set aor==contact\n"); sl_send_reply("476", "No Server Address in Contacts Allowed" ); break; }; if (search("^(Contact|m): .*66\.159\.88\.16")) { log(1, "LOG: alert: protected contacts\n"); sl_send_reply("476", "No Server Address in Contacts Allowed" ); break; }; if (!www_authorize( "baltodb.popdial.com" /* realm */, "subscriber" /* table name */ )) { # challenge if none or invalid credentials www_challenge( "baltodb.popdial.com" /* realm */, "0" /* no qop -- some phones can't deal with it */); break; }; # prohibit attempts to grab someone else's To address # using valid credentials; if (!check_to()) { log("LOG: To Cheating attempt\n"); sl_send_reply("403", "That is ugly -- use To=id in REGISTERs"); break; }; # it is an authenticated request, update Contact database now if (!save("location")) { sl_reply_error(); }; m_dump(); break; }; # some UACs might be fooled by Contacts our UACs generate to make MSN # happy (web-im, e.g.) -- tell its urneachable if (uri=~"sip:daemon@" ) { sl_send_reply("410", "daemon is gone"); break; }; # is this an ENUM destination (leading +?)? give it a try, if the lookup # doesn't change URI, just continue if (uri=~"sip:\+[0-9]+@") { if (!enum_query("voice")) { # if parameter empty, it defaults to "e2u+sip" enum_query(""); # E2U+sip }; } else { # aliases (take precedences over PSTN number; provisioning interface # is set up to assinge aliases beginning with 8) lookup("aliases"); }; # check again, if it is still for our domain after aliases are resolved if (!(uri=~"[@:](sip[\.)?(baltodb\.popdial\.com|66\.159\.88\.19)([;:].*)*" | uri=~"@66\.159\.88\.16([;:].*)*")) { route(5); break; }; # now check if it's about PSTN destinations through our gateway; # note that 8.... is exempted for numerical non-gw destinations if (uri=~"sip:\+?[0-79][0-9]*@.*") { route(3); break; }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { # handle user which was not found ... route(4); break; }; # check whether some inventive user has uploaded gateway # contacts to UsrLoc to bypass our authorization logic if (uri=~"sip:[+0-9]+@66\.159\.88\.16") { # it is gateway -- proceed to ACLs route(3); break; }; /* ... and also report on missed calls ... */ setflag(3); # we now know we may, we know where, let it go out now! append_hf("P-hint: USRLOC\r\n"); if (!t_relay()) { sl_reply_error(); break; }; } #------------------- OUTBOUND ---------------------------------------- # routing logic for outbound requests targeted out of our domain # (keep in mind messages to our users can end up here too: for example, # an INVITE may be UsrLoc-ed, then the other party uses outbound # proxy with r-uri=the usr_loced addredd (typically IP)) route[2] { append_hf("P-hint: OUTBOUND\r\n"); t_relay(); } #------- ALIASED OUTBOUND -------------------------------------------- # routing logic for inbound requests aliased outbound; unlike # with real outbound requests we do not force authentication # as these calls are server by our server and we do not want # to disqualify unathenticated request originatiors from other # domains route[5] { append_hf("P-hint: ALIASED-OUTBOUND\r\n"); t_relay(); } #----------------- PSTN ---------------------------------------------- # logic for calls to the PSTN route[3] { # turn accounting on setflag(1); /* require all who call PSTN to be members of the "int" group; apply ACLs only to INVITEs -- we don't need to protect other requests, as they don't imply charges; also it could cause troubles when a call comes in via PSTN and goes to a party that can't authenticate (voicemail, other domain) -- BYEs would fail then; exempt Cisco gateway from authentication by IP address -- it does not support digest */ if (method=="INVITE" && (!src_ip==69.19.88.16)) { if (!proxy_authorize( "baltodb.popdial.com" /* realm */, "subscriber" /* table name */)) { proxy_challenge( "baltodb.popdial.com" /* realm */, "0" /* no qop */ ); break; }; # let's check from=id ... avoids accounting confusion if (method=="INVITE" & !check_from()) { log("LOG: From Cheating attempt\n"); sl_send_reply("403", "That is ugly -- use From=id next time (gw)"); break; }; if(!is_user_in("credentials", "int")) { sl_send_reply("403", "NO PSTN Privileges..."); break; }; consume_credentials(); }; # INVITE to authorized PSTN # if you have passed through all the checks, let your call go to GW! rewritehostport("69.19.88.16:5060"); # snom conditioner if (method=="INVITE" && search("User-Agent: snom")) { replace("100rel, ", ""); }; append_hf("P-hint: GATEWAY\r\n"); # use UDP to guarantee well-known sender port (TCP ephemeral) t_relay_to_udp("69.19.88.16","5060"); } /* *********** handling of unavailable user ******************* */ route[4] { /**/ # message store if (method=="MESSAGE") { t_newtran(); if (m_store("0")) { t_reply("202", "Accepted for Later Delivery"); } else { t_reply("503", "Service Unavailable"); }; break; }; /**/ # non-Voip -- just send "off-line" if (!(method=="INVITE" || method=="ACK" || method=="CANCEL")) { sl_send_reply("404", "Not Found"); break; }; # voicemail subscribers ... t_newtran(); t_reply("404", "Not Found"); # we account missed incoming calls; previous statteful processing # guarantees that retransmissions are not accounted if (method=="INVITE") { acc_db_request("404 missed call", "missed_calls"); }; }

1 0

[Serusers] ser + rtpproxy - call disconnected
by support 28 Feb '05

28 Feb '05

Hi, When I try to make a call using rtpproxy and ser-0.8.14 (SIP UA <---> PSTN), most of the time the call will be disconnected within 1 minutes. Sometimes, it will be so unstable that the call be disconnected after 15 seconds. The above scenarios happens Will this problem related to unstable rtpproxy? Because I know that all packets will route through the server. once rtp packet get loss, the call will be disconnected. Is this correct? Perhaps it depends on my ser.cfg. Thomas My ser.cfg: # # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script # # ----------- global configuration parameters ------------------------ debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) listen="" port=5060 children=4 fifo_mode=0666 fifo="/tmp/ser_fifo" # ------------------ module loading ---------------------------------- loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/textops.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2) # -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # -- Nathelper params -- modparam("registrar", "nat_flag", 6) modparam("nathelper", "natping_interval", 30) # Ping interval modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT # ------------------------- request routing logic ------------------- # main routing logic route{ # ----------------------------------------------- # Sanity Check Section # ----------------------------------------------- # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; }; # ----------------------------------------------- # NOTIFY Keep-Alive Section # ----------------------------------------------- if ((method=="NOTIFY") && search("^Event: keep-alive")) { sl_send_reply("200","OK"); break; }; # Nathelper if (nat_uac_test("3")) { # Allow RR-ed requests, as these may indicate that # a NAT-enabled proxy takes care of it; unless it is # a REGISTER if (method == "REGISTER" || ! search("^Record-Route:")) { fix_nated_contact(); # Rewrite contact with source IP of signalling if (method == "INVITE") { fix_nated_sdp("1"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed }; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route(); # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); break; }; if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); break; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") { # Uncomment this if you want to use digest authentication if (!www_authorize("", "subscriber")) { www_challenge("", "0"); break; }; save("location"); break; }; # if the dialed number lies in the range 35891500-35891799, don't forward it to T1 Trunk GW if ((uri=~"^sip:(852|)358915[0-9][0-9]@") || (uri=~"^sip:(852|)358916[0-9][0-9]@") || (uri=~"^sip:(852|)358917[0-9][0-9]@")) { if (uri=~"^sip:852*") { strip(3); }; }; lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); break; }; # native SIP destinations are handled using our USRLOC DB # Call Routing Section if (!lookup("location")) { if (uri=~"^sip:(852|)[0-9]{8}@") { # Send to PSTN Gateway route(2); break; }; sl_send_reply("404", "User Not Found"); break; }; }; append_hf("P-hint: usrloc applied\r\n"); route(1); } route[1] { # Nathelper if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && !search("^Route:")){ sl_send_reply("479", "We don't forward to private IP addresses"); break; }; # if client or server know to be behind a NAT, enable relay if (isflagset(6)) { force_rtp_proxy(); }; # NAT processing of replies; apply to all transactions (for example, # re-INVITEs from public to private UA are hard to identify as # NATed at the moment of request processing); look at replies t_on_reply("1"); # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); break; }; } # PSTN Call to T1 Trunk GW route[2] { rewritehostport(""); if (isflagset(6)) { force_rtp_proxy(); }; t_on_reply("1"); if (!t_relay()) { sl_reply_error(); break; }; } # !! Nathelper onreply_route[1] { # NATed transaction ? if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); # Not all 2xx messages have a content body so here we make sure # out Content-Length > 0 to avoid a parse error if (!search("^Content-Length:\0")) { force_rtp_proxy(); }; # otherwise, is it a transaction behind a NAT and we did not # know at time of request processing ? (RFC1918 contacts) } else if (nat_uac_test("1")) { fix_nated_contact(); }; } ---------end of config -----------

2 3

[Serusers] 0.9.0 release
by Daniel-Constantin Mierla 28 Feb '05

28 Feb '05

The release of 0.9.0 should be finalized very soon. No bugs found for a while -- it might be due to no usage or no other bug there :-) . Would be appreciated any feedback regarding the usage of this version in order to estimate the level of stability. A short reply including how are you using the 0.9.0 (production/testing) and the list with used modules (copy&paste of loadmodule section to save time :-) for those who don't have it) would be very appreciated. Thanks, Daniel PS. If you don't want to make it public, then send it just to me.

5 5

[Serusers] no reply from radius server
by Seong bear 28 Feb '05

28 Feb '05

Hi, I'm trying to startup my ser with radius authentication, however i encountered the same problem with this post: http://lists.iptel.org/pipermail/serusers/2005-January/014425.html. I really appreciate that someone could point me put the problelm. :-( authserver radiusserver, 3.4.5.6 acctserver radiusserver, 3.4.5.6 where radiusserver with ip 3.4.5.6 in /etc/hosts, and tcdump didn't show any traffic with destinated radius server ip or hostname rc_send_server: no reply from RADIUS server radiusserver:1812 --> and sometime, i can't get to see this message. and the server just startup with log below without any message followed by. Feb 28 22:55:44 bear ser: Listening on Feb 28 22:55:44 bear ser: 127.0.0.1 [127.0.0.1]:5080 Feb 28 22:55:44 bear ser: 192.168.0.68 [192.168.0.68]:5080 Feb 28 22:55:44 bear ser: Aliases: localhost:5080 localhost.localdomain:5080 bear:5080 bear.abc.com:5080 Feb 28 22:55:44 bear ser: ser startup succeeded Feb 28 22:55:44 bear ser[15935]: INFO: udp_init: SO_RCVBUF is initially 110592 Feb 28 22:55:44 bear ser[15935]: INFO: udp_init: SO_RCVBUF is finally 221184 Feb 28 22:55:45 bear ser[15935]: INFO: udp_init: SO_RCVBUF is initially 110592 Feb 28 22:55:45 bear ser[15935]: INFO: udp_init: SO_RCVBUF is finally 221184 Feb 28 22:55:45 bear ser[15946]: INFO: fifo process starting: 15946 Feb 28 22:55:45 bear ser[15946]: SER: open_uac_fifo: fifo server up at /tmp/ser_fifo... This is my ser.cfg # ----------- global configuration parameters ------------------------ debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) /* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */ check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5080 children=4 fifo="/tmp/ser_fifo" # ------------------ module loading ---------------------------------- # Uncomment this if you want to use SQL database #loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/acc.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" loadmodule "/usr/local/lib/ser/modules/group_radius.so" #loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/uri_radius.so" #loadmodule "/usr/local/lib/ser/modules/mysql.so" #loadmodule "/usr/local/lib/ser/modules/im.so" #loadmodule "/usr/local/lib/ser/modules/jabber.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! #loadmodule "/usr/local/lib/ser/modules/auth.so" #loadmodule "/usr/local/lib/ser/modules/auth_db.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2) # -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password") modparam("auth_radius", "service_type", 15) modparam("auth_radius", "radius_config","/usr/local/etc/radiusclient/radiusclient.conf") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) #modparam("acc", "log_level", 1) modparam("acc", "radius_flag", 1) modparam("acc", "radius_missed_flag", 1) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route(); # loose-route processing if (loose_route()) { t_relay(); break; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { log(1, "Checking uri myself\n"); if (method=="REGISTER") { log(1, "after method REGISTER\n"); # Uncomment this if you want to use digest authentication if (!radius_www_authorize("")) { log(1, "REGISTER: challenging user\n"); www_challenge("", "0"); break; }; save("location"); break; }; if (method=="INVITE") { log(1, "INVITE\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ }; if (method=="MESSAGE") { log(1, "MESSAGE\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ }; if (method=="BYE" || method=="CANCEL") { log (1, "BYE or CANCEL\n"); setflag(1); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); }; }

1 0

← Newer
1
2
3
4
5
6
7
...
47
Older →

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users February 2005