sr-users February 2005

sr-users@lists.kamailio.org

215 participants
467 discussions

[Serusers] How Can I Change the Contact Header for "302 Temporarily Moved" Responses?

by Java Rockx

Hi All. I'm working through a call forwarding problem. When call forwarding is enabled on a SIP phone and someone calls that forwarded SIP phone, SER should reply with a 302 reponse code to indicate that the party has been forwarded to a new location. How can I have SER put the new contact location in the response message? I use avpops to read the call forwarding settings, so do I need to use textops to replace the contact header? If so, can I do that in a reply_route or something? Regards, Paul

19 years, 8 months

Re: [Serusers] SIP encrypted calls

by Cesc Santasusana

Hi, Full security for SIP calls is well defined, though there are several ways to go. IPSec is always there, though is not very flexible. You can encrypt and authenticate the signalling and the media. Keys can be either manually distributed or dinamycally created using a IKE (defined in the IPSec RFCs). I would not recommend the use of IPSec in a SIP environment, specially for the media. For the media (RTP), the Secure RTP (SRTP) protocol is way better. The overhead added is way smaller than that added to obtain equivalent protection using IPSec (authenticated ESP). Also, it is transparent to media proxies: the SRTP headers are only authenticated, not encrypted; only the body (data) of RTP packet is encrypted; the rest (UDP headers, RTP headers) are left plain. The SRTP keys can be obtained in several ways. The old manual keying method is always there, but there are several other more dynamic. * The k= SDP parameter, which sends a key in plain. This means that SDP needs to be encrypted (S/MIME for end-to-end, or at least TLS on every hop). BTW, i dont like S/MIME :) * The newer k-mgmt= SDP parameter. In this parameter, a full protocol (with embedded authentication and encryption) can be attached as the value, where the keys and SRTP parameters can be securely exchanged. See MIKEY (rfc 3830) and the draft on how to transport it over SDP (draft-ietf-mmusic-kmgmt-ext-xxx, on IETF last call). This provides for end-to-end negotiation of SRTP keys, and i think it is the best way to go. MIKEY is very flexible, suitable for several scenarios. In this scenario, using MIKEY over SDP, where MIKEY is self-protected, it is only left to protect against manipulation of the SIP message: an attacker removing the MIKEY sdp, thus removing security. This can be prevented using TLS on a hop-by-hop basis, if all proxies can be trusted. Again, S/MIME is another option, but i think TLS is better. S/MIME may prevent proxies of inspecting all headers needed during the exchange, whereas TLS would not. As for support of these features ... i know of one softphone supporting the SRTP/MIKEY/TLS approach ... minisip (www.minisip.org). It even has some IPSec support. I've tried, and it works beautifully. The beauty of MIKEY is that it is end-to-end and transparent to proxies, and the negotiation is done in just one round-trip, following the offer-answer SIP model. Very appropriate. Hope it helps, Cesc >>> Nils Ohlmeier <lists(a)ohlmeier.org> 02/28/05 12:44PM >>> Hi Klaus, On Monday 28 February 2005 11:31, Klaus Darilion wrote: > Nils Ohlmeier wrote: > > There are clients. See my previous mail. SRTP is completely transparent > > for SIP proxies. > > How will the clients exchange the key for the RTP encryption? Will it be > sent in the SDP? If yes, wouldn't I also need encrypted SIP to hide the > RTP key? Yes the keys will be exchanged within the SDP. So indeed you should crypt the SDP in signaling either by using TLS or S/MIME. Otherwise someone could read the keys from the signaling and decrypt the RTP streams. Greetings Nils Unclassified _______________________________________________ Serusers mailing list serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

19 years, 8 months

Re: [Serusers] SER+Asterisk+NAT. Need a working example or need to talk about it.

by Alexey N. Kovyrin ＠ Home

Charles Wang wrote: >Dear Alexey: > >Can you send me your config about ser.cfg & sip.conf, extensions.conf >for me to reference? > >My UA1(under NAT) can make a call to Asterisk via SER, then Asterisk >forward the call to PSTN(behind a CISCO 5300). > >But only UA1 can talk to PSTN side, PSTN side can't talk to UA1. > >Here are my sip.conf & extensions.conf. > >I just want to make a call to PSTN using a UA behind NAT. > >Is any config necessary to modify in my goal? > > First of all, you need to add some record for incoming calls from CISCO to sip.conf... [from-cisco] type=peer context=cisco host=61.220.190.243 Next, you need to add [cisco] section to your extensions.conf... [cisco] exten => _., 1, Answer exten => _., 2, Dial(sip/ser/USER_NAME_HERE) exten => _., 3, Hangup Note: It's for all calls be forwarded to same user... If you need (as i think) some more efficient scheme, use more extensions in you extensions.conf... Or do semething like that: [cisco] exten => _XXXXXXXXXX,1,Dial(SIP/${EXTEN}@${SERADDRESS},20,r) -- /Scoundrel

19 years, 8 months

[Serusers] Unauthencated to Authenticated Call --

by Kannaiyan Natesan

Hi, I want to forward an unauthenticated call to an authenticated call. Can anyone kindly guide me how can i do the same. UA -- Unauthenticated call -- My Server -- Authenticated Call - Customer I have the authenticated information on my server to handle the customer. Kannaiyan.

19 years, 8 months

[Serusers] SIP/2.0 404 Not found

by Sun Shung

Hi everyone, I uses SIPp to test up my SER server and i get the following error. -------------------------------------------------------------------------------------------- 2005-02-28 19:35:50: Unexpected message for Call-ID '36.9402.127.0.0.1(a)sipp.call.id': while expecting '100' response, received 'SIP/2.0 404 Not Found Via: SIP/2.0/UDP 127.0.0.1:5061 From: sipp <sip:sipp@127.0.0.1:5061>;tag=36 To: sut <sip:service@127.0.0.1:5060>;tag=b27e1a1d33761e85846fc98f5f3a7e58.cba5 Call-ID: 36.9402.127.0.0.1(a)sipp.call.id CSeq: 1 INVITE Server: Sip EXpress router (0.8.12 (i386/linux)) Content-Length: 0 Warning: 392 127.0.0.1:5060 "Noisy feedback tells: pid=2833 req_src_ip=127.0.0.1 req_src_port=5061 in_uri=sip:service@127.0.0.1:5060 out_uri=sip:service@127.0.0.1:5060 via_cnt==1" --------------------------------------------------------------------------------------------- When i run SIPp, Its only invite and doesnt hav any other response from the server. I m using the default ser.cfg file. Thanx alot guys From, sunshung _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

19 years, 8 months

[Serusers] uac module

by Elena Ramona Modroiu

I have just committed a new module "uac" that implements basic SIP UAC functionalities like: - manipulation of From header URI (caller id blocking, anonymization) - client-side authentication (SER should be able to authenticate itself as response to a challenge reply) - hopefully more in the future :-) . This first version has a known limitation in authentication part - qop is not supported. Any feedback regarding the functionality or possible errors is highly appreciated. Ramona

19 years, 8 months

[Serusers] Redirect responses and accounting

by Thomas Björklund

Hi everyone, I've been away from SER for a long time but now I have renewed interest. I'm confronted by a problem I've failed to solve by my self, maybe you could help, this is regarding accounting and what happens when a customer responds with a 3xx response (i.e. redirect). Call from customer to proxy works fine. 0(13212) Mon Feb 28 02:38:23 2005 - 130.244.194.233 - INVITE Call-ID: 00036bc3-7aa519a2-610f6e63-7f1e22c2(a)130.244.194.233 From: sip:0856204081@sip-corporate1.testdomain.com To: sip:0890510@sip-corporate1.testdomain.com 0(13212) Routeblock 2 - Calls from customers 0(13212) Call from customer: Test 0(13212) Call passed A-number check 0(13212) Routeblock 3 - To customer? 0(13212) Routeblock 4 - Call not to customer, to gateways 0(13212) Replyroute 1 0(13212) Replyroute 1 0(13212) Replyroute 1 0(13212) ACC: transaction answered: method=INVITE, uid=n/a, call_id=00036bc3-7aa519a2-610f6e63-7f1e22c2(a)130.244.194.233, from="0856204081" <sip:0856204081@sip-corporate1.testdomain.com>;tag=00036bc37aa5007d581f01d7-0ea60293, to=<sip:0890510@sip-corporate1.testdomain.com>;tag=18F3A96C-20F4, i-uri=sip:0890510@sip-corporate1.testdomain.com, o-uri=sip:0890510@sip-gw.swip.net:5060, fromtag=00036bc37aa5007d581f01d7-0ea60293, code=200 0(13212) ACC: transaction answered: method=BYE, uid=n/a, call_id=00036bc3-7aa519a2-610f6e63-7f1e22c2(a)130.244.194.233, from="0856204081" <sip:0856204081@sip-corporate1.testdomain.com>;tag=00036bc37aa5007d581f01d7-0ea60293, to=<sip:0890510@sip-corporate1.testdomain.com>;tag=18F3A96C-20F4, i-uri=sip:0890510@130.244.190.42:5060;ftag=00036bc37aa5007d581f01d7-0ea60293;lr=on, o-uri=sip:0890510@130.244.188.14:5060, fromtag=00036bc37aa5007d581f01d7-0ea60293, code=200 Accounting works fine with START, STOP Call from PSTN to customer, works fine, I have choosen not to generate a START record to make it easier for the billing department. 0(13212) Mon Feb 28 02:41:24 2005 - 130.244.188.14 - INVITE Call-ID: 8CB1DEF-889B11D9-80F1FA83-930B318E(a)130.244.188.14 From: sip:0856264000@130.244.188.14 To: sip:0856204081@130.244.190.42 0(13212) Call from gateway 0(13212) Routeblock 3 - To customer? 0(13212) Call to customer: Test 0(13212) Replyroute 1 0(13212) Replyroute 1 0(13212) Replyroute 1 0(13212) ACC: transaction answered: method=BYE, uid=n/a, call_id=8CB1DEF-889B11D9-80F1FA83-930B318E(a)130.244.188.14, from=<sip:0856264000@130.244.188.14>;tag=18F66B24-226F, to=<sip:0856204081@130.244.190.42>;tag=00036bc37aa5007f1d13f1ad-2475ba78, i-uri=sip:0856204081@130.244.190.42:5060;ftag=18F66B24-226F;lr=on, o-uri=sip:0856204081@130.244.194.233:5060, fromtag=18F66B24-226F, code=200 Here comes the tricky part. Call from PSTN to customer and customer has redirected his extension to a PSTN number. 0(13212) Mon Feb 28 02:42:49 2005 - 130.244.188.14 - INVITE Call-ID: 3B95F3CB-889B11D9-80F5FA83-930B318E(a)130.244.188.14 From: sip:0856264000@130.244.188.14 To: sip:0856204081@130.244.190.42 0(13212) Call from gateway 0(13212) Routeblock 3 - To customer? 0(13212) Call to customer: Test 0(13212) Replyroute 1 0(13212) Redirect prohibited This call generates no accounting (not even with setflag(1) at the top of the route block) I've managed to trigger the 'Redirect prohibited' message by using onreply_route[] but I find no way of canceling the request there. What I want is to be able to either disallow 3xx responses completly or by selectivly cancelling them in onreply_route. Another question, my ser-users archive just broke and I haven't been able to do much searching, what's the best way today to handle several pstn gateways and loadbalace between them for outgoing calls? Best regards, Thomas Björklund

19 years, 8 months

[Serusers] Mediaproxy: Proxydispatcher hangs

by Martin Koenig

Hello, last week, we have had issues with a hanging proxydispatcher, which then caused the whole ser setup to hang. Question: Is there a way to "ping" the proxydispatcher process via FIFO, to see whether it is still operating normally? Afaik, the proxydispatcher could be kill -9ed and restartet then without causing major issues for ongoing calls, because the calls are handled by the seperate mediaproxy process? Same question is valid for the mediaproxy process itself, altough "ping" would be TCP/IP or FIFO here. Thank you, with best regards, Martin

19 years, 8 months

[Serusers] SER+SERWEB+SEMS Deployment

by matt morris

Hello List, I'm a new user of SER. Just some questions about how I could deploy SER+SERWEB+SEMS, possibly on separate hosts, as I plan to have more than one SER proxy server with a centralized web server and media/voice mail server (1) Basically what features will I be missing if I decide to omit the fifo functions (if possible) in serweb? ( aliases, add new contact SIP address and who are online would be three features, right?) (2) I saw in one of the threads that there is a fifo_server.php file available for fifo-Internet relay, but not quite sure how to use it. Could someone give me some pointers? (3) Somewhere in the mailing list I saw the "fifo_db_url" global declaration, is it a feature only available in version 0.9.0? And is there a serweb version that will work with ser 0.9.0? (4) I have not tried SEMS yet, but since it also communicates with SER via fifo, I would assume it has to be in the same host as SER, right? Are there any existing modules/plugins that will allow SER and SEMS on different hosts? If not, would it be more scalable if I build an Asterisk box to handle voice mails? (5) If I have multiple SER proxy servers on different hosts, how could UA Alpha registered with SER proxy A be able to call UA beta which registered with SER proxy B? What setup/configuration would I need? I know I have some dumb questions - I'm new to voip and SER. Please try to help me out, I would really appreciate it. Thank you all in advance. _________________________________________________________________ Designer Mail isn't just fun to send, it's fun to receive. Use special stationery, fonts and colors. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=ht… Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*.

19 years, 8 months

[Serusers] SER and quintum GW for pstn termination

by Noel Paul Evangelista

good day! i am running ser v.0.8.12 and i am able to make the quintum, the ata and x-lite talk with each other. this is like a UA to UA call. i am using the defualt ser.cfg. how do i configure ser.cfg so that it can make a PSTN call via a quintum gateway that is connected to the TELCO. which part of the ser.cfg will i update. also, on the quintum gateway side, how do i configure it to accept the call and hop-off on the pstn port. i was successful in configuring the quintum to accept calls and ring the pbx port. any help will be greatly appreciated. thanks and regards, noel __________________________________ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail

19 years, 8 months

← Newer
1
2
3
4
5
6
7
8
...
47
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users February 2005