sr-users March 2005

sr-users@lists.kamailio.org

250 participants
627 discussions

Re: [Serusers] Authenticating INVITE requests method

by info＠beeplove.com

Isn't it the regular practice to use proxy_challenge and proxy_authorize for non REGISER methods. Mohammad Original Message: ----------------- From: Marian Dumitru marian.dumitru(a)voice-sistem.ro Date: Wed, 23 Mar 2005 21:59:27 +0100 To: rrisco(a)millicom.net.pe, serusers(a)iptel.org Subject: Re: [Serusers] Authenticating INVITE requests method Hi Rafael, replace if (method=="INVITE") { with if (method=="INVITE" && src_ip!=xxx.xxx.xxx.xxx) { where that many xxx-s is the GW's IP. Best regards, Marian Rafael J. Risco G.V. wrote: > Hello > I am doing some security improvements to my configuration because I´ve > realized that everyone can sends calls to PSTN gateways and other > registered users even if the caller fails to register in SER, so now I > instruct SER to check the username and password of the CALLER in every > INVITE request like that: > > if (method=="INVITE") { > if (!www_authorize("mydomain", "subscriber")) { > www_challenge("mydomain", "0"); > break; > }; > }; > > > well it works but not when calls are generated in my gateway Cisco > AS5350 (these GWs dont have register comand) so I need some advice to > "exclude" gateway IP for this authorization process. > > thanks > Rafael > > -- Voice System http://www.voice-system.ro _______________________________________________ Serusers mailing list Serusers(a)iptel.org http://mail.iptel.org/mailman/listinfo/serusers -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ .

19 years, 8 months

[Serusers] Authenticating INVITE requests method

by Rafael J. Risco G.V.

Hello I am doing some security improvements to my configuration because I´ve realized that everyone can sends calls to PSTN gateways and other registered users even if the caller fails to register in SER, so now I instruct SER to check the username and password of the CALLER in every INVITE request like that: if (method=="INVITE") { if (!www_authorize("mydomain", "subscriber")) { www_challenge("mydomain", "0"); break; }; }; well it works but not when calls are generated in my gateway Cisco AS5350 (these GWs dont have register comand) so I need some advice to "exclude" gateway IP for this authorization process. thanks Rafael -- rrgv

19 years, 8 months

[Serusers] Calling a break within a secondary routing block

by reticent

Calling "break;" within a secondary routing block ie -- route[1] { break; } -- will exit the current routing block (route[1]) dumping you back into the primary routing block Aside from setting some flag and checking for it when the secondary routing block returns to the primary route[0], is there a way to break from the whole script (the same effect a break in route[0] would have)?

19 years, 8 months

[Serusers] [HEADS UP] Multiple media streams (i.e. Video + audio) support is now available in rtpproxy/nathelper

by Maxim Sobolev

Folks, I've just committed support for handling multiple media streams within single SIP session (i.e. video + audio) into rtpproxy/nathelper. To use it you have to get the latest version of both from CVS. Please let me know if there are any problems after those changes. Thanks! Regards, Maxim

19 years, 8 months

[Serusers] simple rating process

by Iqbal

Hi I've looked at the serweb application for calculating time for each call, assuming INVITE/BYE matching, has anyone based on the details in the acc table worked on a simple rating script, which I could beg/steal/borrow :-) The problem I have is on-peak/off-peak , since I know when the call starts hence know which of the blocks (i.e on/off peak) it falls into, but I am getting confused as to howto calculate it. EG peak 1300 to 1500 , and call starts 14:45:00 and last for 16 mins hence finishes 16:01 hence 15 mins is peak and 1 minute is off peak, I just cant work out how to write the algo for this, so if someone has some pseudo code (or even real) that would be great. I have rating tables based on prefix all created, with the on-peak/off -peak entries, and the call time , as I have mentioned, can be pulled using the serweb logic... tks Iqbal

19 years, 8 months

[Serusers] [Fwd: Troubles calling from a Nated UA to a PSTN gateway on a Public address space using SER 0.9.1 and Mediaproxy Release 1.2.1]

by Alberto Cruz

Hi Marian Maybe you can give me a tip about this problem. I've been reading the tm module documentation to try to find if it is because I'm doing something wrong at routing but I'm really confused. I haven't found nothing at the INSTALL and README documentation from mediaproxy either. I have analyzed the problem and I'm watching that from some reason when the UA send the CANCEL signal to the SER, the SER is not sending the CANCEL to the PSTN gateway like if the transaction was losing the location or the call id. I don't know if this is because something with the rewritehost function. Thanks in advance. Alberto Cruz -------- Original Message -------- Subject: Troubles calling from a Nated UA to a PSTN gateway on a Public address space using SER 0.9.1 and Mediaproxy Release 1.2.1 Date: Tue, 22 Mar 2005 13:02:25 -0600 From: Alberto Cruz <acruz(a)tekbrain.com> To: serusers(a)lists.iptel.org Hi everybody I having a weird behavior with Mediaproxy I'm using SER 0.9.1 and Mediaproxy Release 1.2.1 The Gateway is a Cisco AS5300 using release 12.2(15)T I have a UA using behind a NAT, the PSTN gateway and the SER server both are using public IP addresses. The behaviors are the following: 1. When I tried to place a call from a NATed UA to the PSTN gateway I'm not receiving the call progress tone or ring back tone at the NATed UA. 2. If I decide to wait until the call is completed (doesn't matter if a heard death air as progress tone) I start hearing the calling party as soon the call is completed and we can talk each other without any troubles. 3. If I cancel the call and hang up the phone at the NATed UA before the call is completed (during the call progress stage) the SER/Mediaproxy don't cancel the call it still in progress until it is completed or cancelled by the PSTN. I'm attaching my ser configuration and the logging I'm getting when I cancel the call before it's completed. Please Help me to know how to fix this If I'm making some mistake with mediaproxy or routing configuration at the ser configuration. Thanks in advanced. Regards Alberto Cruz Mar 20 00:10:02 matrix proxydispatcher[1379]: command request call-80BF3413-4297-D911-0217-21(a)172.31.254.240 172.31.254.240:10286:audio 200.67.33.247 172.31.254.240 remote 65.208.39.219 remote Quintum/1.0.0 info=from:8412@172.31.254.240,to:018183324166@65.208.39.215,fromtag:ac1ffef0-20,totag: Mar 20 00:10:02 matrix proxydispatcher[1379]: will use default mediaproxy for this call. Mar 20 00:10:02 matrix mediaproxy[1376]: command request call-80BF3413-4297-D911-0217-21(a)172.31.254.240 172.31.254.240:10286:audio 200.67.33.247 172.31.254.240 remote 65.208.39.219 remote Quintum/1.0.0 info=from:8412@172.31.254.240,to:018183324166@65.208.39.215,fromtag:ac1ffef0-20,totag:,dispatcher Mar 20 00:10:02 matrix mediaproxy[1376]: session call-80BF3413-4297-D911-0217-21(a)172.31.254.240: started. listening on 65.208.39.215:35150 Mar 20 00:10:02 matrix mediaproxy[1376]: command execution time: 9.23 ms Mar 20 00:10:02 matrix proxydispatcher[1379]: forwarding to mediaproxy on /var/run/mediaproxy.sock: got: '65.208.39.215 35150' Mar 20 00:10:02 matrix proxydispatcher[1379]: command execution time: 13.13 ms Mar 20 00:10:06 matrix proxydispatcher[1379]: command lookup call-80BF3413-4297-D911-0217-21(a)172.31.254.240 65.208.39.219:18342:audio 65.208.39.219 172.31.254.240 remote 65.208.39.215 unknown Cisco-SIPGateway/IOS-12.x info=from:8412@172.31.254.240,to:018183324166@65.208.39.215,fromtag:ac1ffef0-20,totag:711504-73 Mar 20 00:10:06 matrix mediaproxy[1376]: command lookup call-80BF3413-4297-D911-0217-21(a)172.31.254.240 65.208.39.219:18342:audio 65.208.39.219 172.31.254.240 remote 65.208.39.215 unknown Cisco-SIPGateway/IOS-12.x info=from:8412@172.31.254.240,to:018183324166@65.208.39.215,fromtag:ac1ffef0-20,totag:711504-73,dispatcher Mar 20 00:10:06 matrix mediaproxy[1376]: command execution time: 1.63 ms Mar 20 00:10:06 matrix proxydispatcher[1379]: forwarding to mediaproxy on /var/run/mediaproxy.sock: got: '65.208.39.215 35150' Mar 20 00:10:06 matrix proxydispatcher[1379]: command execution time: 4.88 ms Mar 20 00:10:06 matrix mediaproxy[1376]: session call-80BF3413-4297-D911-0217-21(a)172.31.254.240: caller signed in from 200.67.33.247:49125 (RTP) (will return to 200.67.33.247:49125) Mar 20 00:10:06 matrix mediaproxy[1376]: session call-80BF3413-4297-D911-0217-21(a)172.31.254.240: called signed in from 65.208.39.219:18342 (RTP) (will return to 65.208.39.219:18342) Mar 20 00:10:08 matrix mediaproxy[1376]: session call-80BF3413-4297-D911-0217-21(a)172.31.254.240: caller signed in from 200.67.33.247:49126 (RTCP) (will return to 200.67.33.247:49126) Mar 20 00:10:11 matrix mediaproxy[1376]: session call-80BF3413-4297-D911-0217-21(a)172.31.254.240: called signed in from 65.208.39.219:18343 (RTCP) (will return to 65.208.39.219:18343) Mar 20 00:10:13 matrix proxydispatcher[1379]: command delete call-80BF3413-4297-D911-0217-21(a)172.31.254.240 info= Mar 20 00:10:13 matrix mediaproxy[1376]: command delete call-80BF3413-4297-D911-0217-21(a)172.31.254.240 info=dispatcher Mar 20 00:10:13 matrix mediaproxy[1376]: session call-80BF3413-4297-D911-0217-21(a)172.31.254.240: 29/44/73 packets, 1380/5320/6700 bytes (caller/called/relayed) Mar 20 00:10:13 matrix mediaproxy[1376]: session call-80BF3413-4297-D911-0217-21(a)172.31.254.240: ended. Mar 20 00:10:13 matrix mediaproxy[1376]: command execution time: 1.43 ms Mar 20 00:10:13 matrix proxydispatcher[1379]: forwarding to mediaproxy on /var/run/mediaproxy.sock: got: '' Mar 20 00:10:13 matrix proxydispatcher[1379]: command execution time: 4.29 ms Mar 20 00:10:45 matrix proxydispatcher[1379]: command lookup call-80BF3413-4297-D911-0217-21(a)172.31.254.240 65.208.39.219:18342:audio 65.208.39.219 172.31.254.240 remote 65.208.39.215 unknown Cisco-SIPGateway/IOS-12.x info=from:8412@172.31.254.240,to:018183324166@65.208.39.215,fromtag:ac1ffef0-20,totag:711504-73 Mar 20 00:10:45 matrix proxydispatcher[1379]: warning: trying to lookup session with non-existent id: 'call-80BF3413-4297-D911-0217-21(a)172.31.254.240' Mar 20 00:10:45 matrix proxydispatcher[1379]: command execution time: 0.91 ms Mar 20 00:10:45 matrix /usr/local/sbin/ser[11723]: error: use_media_proxy(): empty response from mediaproxy Mar 20 00:10:45 matrix /usr/local/sbin/ser[11723]: ERROR: on_reply processing failed Mar 20 00:10:46 matrix proxydispatcher[1379]: command lookup call-80BF3413-4297-D911-0217-21(a)172.31.254.240 65.208.39.219:18342:audio 65.208.39.219 172.31.254.240 remote 65.208.39.215 unknown Cisco-SIPGateway/IOS-12.x info=from:8412@172.31.254.240,to:018183324166@65.208.39.215,fromtag:ac1ffef0-20,totag:711504-73 Mar 20 00:10:46 matrix proxydispatcher[1379]: warning: trying to lookup session with non-existent id: 'call-80BF3413-4297-D911-0217-21(a)172.31.254.240' Mar 20 00:10:46 matrix proxydispatcher[1379]: command execution time: 1.08 ms Mar 20 00:10:46 matrix /usr/local/sbin/ser[11725]: error: use_media_proxy(): empty response from mediaproxy Mar 20 00:10:46 matrix /usr/local/sbin/ser[11725]: ERROR: on_reply processing failed Mar 20 00:10:47 matrix proxydispatcher[1379]: command lookup call-80BF3413-4297-D911-0217-21(a)172.31.254.240 65.208.39.219:18342:audio 65.208.39.219 172.31.254.240 remote 65.208.39.215 unknown Cisco-SIPGateway/IOS-12.x info=from:8412@172.31.254.240,to:018183324166@65.208.39.215,fromtag:ac1ffef0-20,totag:711504-73 Mar 20 00:10:47 matrix proxydispatcher[1379]: warning: trying to lookup session with non-existent id: 'call-80BF3413-4297-D911-0217-21(a)172.31.254.240' Mar 20 00:10:47 matrix proxydispatcher[1379]: command execution time: 1.09 ms Mar 20 00:10:47 matrix /usr/local/sbin/ser[11723]: error: use_media_proxy(): empty response from mediaproxy Mar 20 00:10:47 matrix /usr/local/sbin/ser[11723]: ERROR: on_reply processing failed # # $Id: ser.cfg,v 1.25.2.1 2005/02/18 14:30:44 andrei Exp $ # # # # ----------- global configuration parameters ------------------------ debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) /* Uncomment these lines to enter debugging mode fork=no log_stderror=yes */ check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) listen=65.208.39.215 port=5060 alias=65.208.39.215 alias=sip.telereunion.com.mx children=4 fifo_mode=0666 fifo="/tmp/ser_fifo" fifo_db_url="mysql://ser:heslo@localhost/ser" # ------------------ module loading ---------------------------------- # Uncomment this if you want to use SQL database loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/uri_db.so" loadmodule "/usr/local/lib/ser/modules/group.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/textops.so" loadmodule "/usr/local/lib/ser/modules/domain.so" loadmodule "/usr/local/lib/ser/modules/mediaproxy.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- #modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2) modparam("domain", "db_mode", 1) modparam("auth_db|usrloc|domain|group", "db_url", "mysql://ser:heslo@localhost/ser") modparam("group", "use_domain", 0) # -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) modparam("mediaproxy", "natping_interval", 60) modparam("registrar", "nat_flag", 2) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { if (method!="ACK") { sl_send_reply("483","Too Many Hops"); }; break; }; if (msg:len >= 2048 ) { if (method!="ACK") { sl_send_reply("513", "Message too big"); }; break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route(); if (method=="REGISTER") { if (uri==myself || is_from_local()) { # Mark as NAT'ed if (client_nat_test("3")) { setflag(2); force_rport(); fix_contact(); }; if (!www_authorize("", "subscriber")) { www_challenge("", "0"); break; } else if (!check_to()) { sl_send_reply("403", "Username!=To not allowed"); break; }; if (!save("location")) { sl_reply_error(); }; } else { append_hf("P-hint: outbound alias\r\n"); sl_send_reply("403", "This domain is not served here"); }; break; }; if (method=="INVITE") { if (!(is_from_local() || uri==myself || is_uri_host_local())) { sl_send_reply("403", "Relaying is forbidden"); break; }; t_on_failure("1"); } else if (method == "BYE" || method == "CANCEL") { end_media_session(); }; # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { append_hf("P-hint: rr-enforced\r\n"); # The following lines are added due media proxy if (method=="INVITE" || method=="ACK") { use_media_proxy(); }; # end media session for BYE and CANCEL is done above # before entering the loose route. no need to call it here t_relay(); break; }; if (client_nat_test("3") && !search("^Record-Route:")) { # Mark as NAT'ed force_rport(); fix_contact(); }; ### Begin PSTN evaluation if (method=="INVITE") { if (uri=~"sip:01[1-9][0-9]+@.*") { if (!is_user_in("From", "ld")) { sl_send_reply("403", "LD permissions needed"); break; }; rewritehostport("65.208.39.219:5060"); } else if (uri=~"sip:00[1-9][0-9]+@.*") { if (!is_user_in("From", "int")) { sl_send_reply("403", "International permissions needed"); break; }; rewritehost("65.208.39.219"); }; t_on_reply("1"); }; ### End PSTN evaluation if (is_uri_host_local() || uri==myself) { # join with next if? # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "User not found"); break; }; }; if (method=="INVITE" || method=="ACK") { use_media_proxy(); }; if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { if (method=="INVITE" || method=="ACK") { end_media_session(); }; sl_reply_error(); }; } failure_route[1] { end_media_session(); } onreply_route[1] { if (status=~"(180)|(183)|(2[0-9][0-9])") { if (client_nat_test("1")) { fix_contact(); }; use_media_proxy(); }; }

19 years, 8 months

[Serusers] LCR outbound and inbound

by Matt Schulte

All, I was thinking of using LCR outbound and inbound for a couple reasons. Inbound for the sake of some simple redundancy (and load balancing) and outbound for the sake of LCR (cheapest provider). The problem I'm facing is LCR feeds off of one table, while outbound is rather trivial I was wondering how I would work with inbound. I'm assuming I could put 10 digit equivelent users phone number in the LCR table. However, if it did *not* exist in the table it would potentially send it right back out the to the PSTN which could cause a really nasty loop. Has anyone done this? I have a couple thoughts on how to get around this but they all seem too complex and/or hardcoded. I'm trying to avoid external scripts also, if possible. We've had bad luck with those :-)... Matt

19 years, 8 months

[Serusers] HELP PLZ: Confuse between mediaproxy and STUN

by Charles Wang

Hi, ALL: I can't not make sure my view point between STUN and mediaproxy. Please explain for me. In my view, if NATed UACs want to make a call, the solutions shall be nathelper, mediaproxy or building a STUN server. If NATed UACs set their own STUN server's IP correctly, and they want to talk with each other will be in a "direct" (RTP will not pass through SER) mode, is it correct? And the STUN server will tell our UACs what's their NAT gateway's IP(behind what kind of network environment , and UACs will send these informations to SER? In another word, it is not necessary to use media proxy to pass their RTP channel? If it is correctly, so we will not to set any mediaproxy daemon for them, is it correct? If it is not, can anyone tell me why it is not? If ignore the STUN issue, I use the mediaproxy's ser.cfg as my template ser.cfg. But I find all UACs's RTP packages will pass through my SER wether behind NAT or not( read IPs ). How can I modify my ser.cfg and make a call directly without pass through SER if two UACs are all real IPs? ----------------- subset of my ser.cfg ------------------------- # ----------- global configuration parameters ------------------------ (skip something........) # -- mediaproxy params -- modparam("mediaproxy", "natping_interval", 30) modparam("mediaproxy", "sip_asymmetrics", "/usr/local/etc/ser/sip-asymmetric-clients") modparam("mediaproxy", "rtp_asymmetrics", "/usr/local/etc/ser/rtp-asymmetric-clients") # -- usrloc params -- modparam("usrloc", "db_mode", 1) modparam("usrloc", "timer_interval", 60) modparam("usrloc", "desc_time_order", 1) # -- registration params -- modparam("registrar", "nat_flag", 2) modparam("registrar", "min_expires", 60) modparam("registrar", "max_expires", 86400) modparam("registrar", "default_expires", 3600) modparam("registrar", "append_branches", 1) # ------------------------- request routing logic ------------------- # main routing logic route { (skip something........) # ------------------------------------------------------------------------ # NAT Test Section #1 # ------------------------------------------------------------------------ if (method=="REGISTER" && client_nat_test("3")) { fix_contact(); force_rport(); setflag(2); }; # ------------------------------------------------------------------------ # Registration Section # ------------------------------------------------------------------------ if (method=="REGISTER") { # allow all requests from user 700 - the Click2Dial controller if (!isflagset(14)) { if (!is_from_local()) { sl_send_reply("403", "Unknown Domain"); break; }; if (!www_authorize("", "subscriber")) { www_challenge("", "0"); break; }; if (!check_to()) { sl_send_reply("401", "Unauthorized"); break; }; # To - Use To username and (optionally) domain to check if (is_user_in("To", "demo-disabled")) { sl_send_reply("403", "Your evaluation period has expired"); break; }; # To - Use To username and (optionally) domain to check if (is_user_in("To", "disabled")) { sl_send_reply("403", "Your account has been disabled"); break; }; }; # snom sip phones use this header to start their # keep-alive mechanism for NAT bindings append_to_reply("P-NAT-Refresh: 15\r\n"); if (!save("location")) { sl_reply_error(); }; break; }; (skip something........) # ------------------------------------------------------------------------ # NAT Tear-Down Section # ------------------------------------------------------------------------ if ((method == "BYE" || method == "CANCEL")) { end_media_session(); }; # ------------------------------------------------------------------------ # Record Route Section # ------------------------------------------------------------------------ if (!method=="REGISTER") { record_route(); }; # ------------------------------------------------------------------------ # Loose Route Section # ------------------------------------------------------------------------ if (loose_route()) { route(2); break; }; # ------------------------------------------------------------------------ # NAT Test Section #1 # ------------------------------------------------------------------------ if (client_nat_test("3") && !search("^Record-Route:")) { force_rport(); fix_contact(); }; # ------------------------------------------------------------------------ # Alias Routing Section # ------------------------------------------------------------------------ lookup("aliases"); if (!uri==myself) { route(2); break; }; (skip something........) route[1] { (skip something........) } route[2] { log(1, "SER: SIP Call On-Net section route(2)\n"); if ((method=="INVITE") && !allow_trusted()) { if (!proxy_authorize("", "subscriber")) { proxy_challenge("", "0"); break; } else if (!check_from()) { log(1, "Spoofed SIP call attempt"); sl_send_reply("403", "Use From=ID"); break; } else if (!(is_from_local() || is_uri_host_local())) { sl_send_reply("403", "Please register to use our service"); break; }; }; if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && !search("^Route:")){ sl_send_reply("479", "We don't forward to private IP addresses"); break; }; if (method=="INVITE" || method=="ACK") { use_media_proxy(); }; t_on_failure("1"); t_on_reply("1"); if (!t_relay()) { if (method=="INVITE" || method=="ACK") { end_media_session(); }; sl_reply_error(); }; } onreply_route[1] { # Not all 2xx messages have a content body so here we # make sure our Content-Length > 0 to avoid a parse error if (status=~"(180)|(183)|2[0-9][0-9]") { if (!search("^Content-Length:\ 0")) { use_media_proxy(); }; }; if (client_nat_test("1")) { fix_contact(); }; } ---------------- END HERE --------------------------------------- ---------------- default mediaproxy's ser.cfg ---------------- # Example ser.cfg for mediaproxy functionality loadmodule "/usr/lib/ser/modules/registrar.so" loadmodule "/usr/lib/ser/modules/domain.so" loadmodule "/usr/lib/ser/modules/mediaproxy.so" modparam("mediaproxy", "natping_interval", 60) modparam("registrar", "nat_flag", 2) route{ if (!mf_process_maxfwd_header("10")) { if (method!="ACK") { sl_send_reply("483", "Too many hops"); }; break; }; if (msg:len >= max_len) { if (method!="ACK") { sl_send_reply("513", "Message too big"); }; break; }; if (method=="REGISTER") { if (is_from_local()) { # Mark as NAT'ed if (client_nat_test("3")) { setflag(2); force_rport(); fix_contact(); }; if (!www_authorize("", "subscriber")) { www_challenge("", "0"); break; } else if (!check_to()) { sl_send_reply("403", "Username!=To not allowed"); break; }; if (!save("location")) { sl_reply_error(); }; } else { sl_send_reply("403", "This domain is not served here"); }; break; }; if (method=="INVITE") { if (!(is_from_local() || is_uri_host_local())) { sl_send_reply("403", "Relaying is forbidden"); break; }; t_on_failure("1"); } else if (method == "BYE" || method == "CANCEL") { end_media_session(); }; if (loose_route()) { if (method=="INVITE" || method=="ACK") { use_media_proxy(); }; # end media session for BYE and CANCEL is done above # before entering the loose route. no need to call it here t_relay(); break; }; # Force subsequent messages to pass trough this proxy if (method == "INVITE") { record_route(); }; if (client_nat_test("3") && !search("^Record-Route:")) { # Mark as NAT'ed force_rport(); fix_contact(); }; if (method=="INVITE") { t_on_reply("1"); }; if (is_uri_host_local()) { # join with next if? if (!lookup("location")) { sl_send_reply("404", "User not found"); break; }; }; if (method=="INVITE" || method=="ACK") { use_media_proxy(); }; if (!t_relay()) { if (method=="INVITE" || method=="ACK") { end_media_session(); }; sl_reply_error(); }; } failure_route[1] { end_media_session(); } onreply_route[1] { if (status=~"(183)|(2[0-9][0-9])") { if (client_nat_test("1")) { fix_contact(); }; use_media_proxy(); }; } -- Best Regards Charles

19 years, 8 months

[Serusers] auth_radius

by Kamran Ahmad

hi can any tell me what is the problem in my configuration i want to use radius with SER when i am trying to send request sipsak -U -n -s sip:3000@mydomain -v it is replying with 401 unauthorized and after that sipsak is saying error: authorization failed request already contains (Proxy-) Authorization, but received 40[1|7], see above and when i am trying to register with SJPhone it is not registering radius is working but SER is not requesting radius for authorization radclient -f digest localhost auth testing123 Received response ID 36, code 3, length = 35 Reply-Message = "Authenticated" here is user file from radius #/usr/local/etc/raddb/user 3000 Auth-Type := Digest, User-Password == "1234" Reply-Message = "Authenticated", Sip-Rpid = "1234" #ser.cfg #------------ # # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script # # ----------- global configuration parameters ------------------------ #debug=3 # debug level (cmd line: -dddddddddd) #fork=yes #log_stderror=no # (cmd line: -E) #memlog=3 #sip_warning=yes #server_signature=yes #mhomed=0 #uid="kamran" #gid="kamran" /* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */ check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 #children=4 fifo="/tmp/ser_fifo" # ------------------ module loading ---------------------------------- # Uncomment this if you want to use SQL database loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth_radius.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib/ser/modules/auth.so" #loadmodule "/usr/local/lib/ser/modules/auth_db.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- #modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2) # -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) #modparam("auth_radius", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password") #modparam("auth_radius", "password_column", "password") # -- rr params -- # add value to ;lr param to make some broken UAs happy #modparam("rr", "enable_full_lr", 1) # ------------------------- request routing logic ------------------- # main routing logic route { # initial sanity checks -- messages with # max_forwards==0, or excessively long requests log(1,"inside route"); if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol log(1,"calling record_route"); record_route(); # loose-route processing if (loose_route()) { t_relay(); break; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) log(1,"checking register:uri="); #log(1,uri); #log(1,myself); #if (uri==myself) { log(1,"checking Register Message received"); if (method=="REGISTER") { # Uncomment this if you want to use digest authentication # if (!www_authorize("mydomain.com", "subscriber")) { # www_challenge("mydomain.com", "0"); # break; # }; log(1,"Register Message received"); if (!radius_www_authorize("MYDOMAIN")) { www_challenge("MYDOMAIN", "0"); break; } save("location"); break; }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; #}; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP # if requests URI is numerical and starts with # zero, forward statelessly to a static destination if (!t_relay()) { sl_reply_error(); }; } __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/

19 years, 8 months

[Serusers] When the UA crash (network or power) : the call continue!!!!

by Nicolas Ruiz

Hi, How can I verify if my UA have a network crash or a power crash, to cut the call ? can I send Keep ALIVE ??? Thansk a lot. Regards Nicolas RUIZ France, Paris

19 years, 8 months

← Newer
1
...
18
19
20
21
22
23
24
...
63
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users March 2005