sr-users August 2005

sr-users@lists.kamailio.org

220 participants
558 discussions

by Ryan Pagquil

Yes, it really make sense. I'll find the way how to check those From and To header of a SIP request. Maybe I will use textops.so to do this or any other module that can handle these kind of application. In your experience what did you use to make work this kind of scenario? --Ryan Steve Blair wrote: > > Sorry I missed the route[3] stuff because my mail client wrapped > the message text. Even though I got the route block number wrong I > think my original comment is still valid. If these inter-domain calls hit > route[3] then there you need to either check if the "from" user is > permitted to send calls or you need to check if the "to" address is a > valid > local address. Which approach you take depends on your implementation. > > If your iptel.org users are on soft clients where they can easily > enter the > authentication credentials then I think that would be a good approach. > If you > are trying handle multiple doamins (such as other business partners) > then the > problem is a little more difficult. We simply trust certain remote IP > addresses > to be the address of a "friendly" peer. We cannot prompt them for > credentials > because their users don't have accounts on our system. > > Does this make sense? > > _Steve > > Ryan Pagquil wrote: > >> Hi Steve, >> Here is the route[1] configuration. The calls from outside >> domains are falling to route[3] which make the call to be blocked. >> >> ##Default message handler## >> route[1] { >> >> t_on_reply("1"); >> >> if (!t_relay()) { >> >> if (method=="INVITE" || method=="ACK") { >> end_media_session(); >> }; >> >> sl_reply_error(); >> }; >> } >> >> Thanks, >> Ryan >> >> Steve Blair wrote: >> >>> >>> It looks like the type of call you describe should fall through to >>> route[1] is that >>> the behavior you are seeing? Anyway in route[1] (or somewhere ) you >>> need to >>> accept that the from address might not be a local user and allow for >>> the >>> case where the from address is a "trusted alternate domain like >>> iptel.org". I'm >>> guessing, but I cannot confirm from this code, that route[1] is >>> checking the >>> from user credentials and providing you with the authentication >>> required >>> message. >>> >>> At that point you could elect, and I think a soft phone will, prompt >>> the user for these >>> credentials. >>> >>> -Steve >>> >>> Ryan Pagquil wrote: >>> >>>> Hi Steve, >>>> >>>> Here is what happens with my current configuration. When I >>>> call from my iptel.org account going to my local users it prompts >>>> me "407, Proxy Authenctication Required". So what I like to do is >>>> to allow those calls going to my local users from other domain. >>>> BTW, here is my ser.cfg's INVITE message handler. >>>> >>>> ##INVITE message Handler## >>>> route[3] { if (client_nat_test("3")) { >>>> setflag(7); >>>> force_rport(); >>>> fix_nated_contact(); >>>> }; # if (!proxy_authorize("", "subscriber")) { >>>> # proxy_challenge("", "0"); >>>> # break; >>>> # } else >>>> >>>> if (!check_from() && method=="INVITE") >>>> { sl_send_reply("403", "User From=ID"); >>>> break; }; >>>> >>>> lookup("aliases"); >>>> if (uri!=myself) { >>>> route(1); >>>> break; >>>> }; >>>> >>>> if (!lookup("location")) { >>>> sl_send_reply("404", "User not found"); >>>> break; >>>> }; >>>> >>>> if (method=="CANCEL") { route(1); >>>> break; >>>> }; >>>> >>>> >>>> consume_credentials(); >>>> >>>> if (isflagset(6) || isflagset(7)) { >>>> use_media_proxy(); >>>> }; >>>> >>>> route(1); >>>> } >>>> >>>> I misse call with your SIP phone, just testing it. =) >>>> >>>> Thanks, >>>> Ryan >>>> >>>> Steve Blair wrote: >>>> >>>>> >>>>> Set the alias=<your sip domain> parameter then use if >>>>> (uri==myself) construct. >>>>> >>>>> -Steve >>>>> >>>>> Ryan Pagquil wrote: >>>>> >>>>>> Hello, >>>>>> How can I check if the call is for my domain? What >>>>>> specific module should I use? >>>>>> >>>>>> Thanks, >>>>>> >> > -- Ryan Pagquil Infodyne Inc. - PhilOnline.com 3603 Antel Global Corporate Center Doña Julia Vargas Ave. Ortigas Center Pasig City Tel: 687-0715 Web: www.philonline.com

19 years, 3 months

[Users] clienst behind same NAT

by jayesh nambiar

hi all, Thanx Klaus. Sorry to ask a question again related to the same problem. I had already tried writing the avp_write after lookup but even that causes a problem. When avp_write is done it writes the private IP address of the callee while the source_ip is the IP address of the NAT. I beleive this IP address is written because of the fix_nated_contact. Again, when avp_check is done, it returns false and again the RTP session gets started. IS there any way out to this problem. Thanx again.. Jayesh --------------------------------- Start your day with Yahoo! - make it your home page

19 years, 3 months

[Serusers] exec_dset & rtp stream

by Mik Cheez

Does anybody have a sample of a script that uses exec_dset to route to a PSTN, as well as handle the RTP stream for NAT'ed and non NAT'ed clients? Everything I've done either ends with a 483 or a large amount of the calls get a 481 "transation does not exist". the exec_dset could return many different values, so I cannot just use 'rewritehost'. :)

19 years, 3 months

[Serusers] DB Mode in Permissions module

by Ricardo Martinez

Hello List. I'm using the permission modules (in particular de allow_trusted command) to authorize the trusted hosts in my ser box. I'm also using the db_mode "1" (cache mode), to avoid that every INVITE became a request to my local database. Once in a while i need to add new "trsuted hosts" to my platform, but the changes in the database are not reflected in the allow_trusted query (since is cached). My question is : Is there a way to force the SER to read the changes in the DB without restarting SER.? or i have to use db_mode 0 to acomplish this?. I really appreciate any help here. Thanks in advance. Regards, Ricardo Martinez.-

19 years, 3 months

[Users] help with uac_redirect

by Kevin M. Murphy

Greeting all, I am currently working at migrating a Vovida deployment to OpenSer, and need to keep some of the Vovida architecture. I have been messing with the uac_redirect module and have found it to be almost exactly what i am looking for with one exception. I would like to fork calls serially based on contacts in a 302, however i have only been able to do this in parallel. Is there a way to make this happen. Here is some example config stuff, Thanks in advance to all. ---------------------------------------------------------------------- #test redirect config (to service two vovida Proxyies) : # the idea here is that the two ip addresses will query the redirect server first and then route apropriately # the first host here is invalid, while the second should work, if (method=="INVITE") { if(src_ip=="xxx.xxx.xxx.15") { rewritehostport("xxx.xxx.xxx.20:5066"); #prefix("23801"); append_branch("sip:4439121133@xxx.xxx.xxx.20:5060"); sl_send_reply("302", "Moved Temporarily"); } if(src_ip=="xxx.xxx.xxx..20") { rewritehostport("xxx.xxx.xxx.15:5066"); prefix("23801"); append_branch("sip:238014105716405@xxx.xxx.xxx.20:5060"); sl_send_reply("302", "Moved Temporarily"); } #currently the Proxies have a failed route statment like this: failure_route[1] { get_redirects("3:2"); append_branch(); t_relay(); } ---------------------------------------------------------- The behavior I would like to see is that the first contact is tried, and, after failure, the second contact is tried. Thanks again, Kevin

19 years, 3 months

[Serusers] how do I route to ranges?

by Dana Olson

I am not sure how to approach this, or even if it's possible. I want to have this kind of thing (pseudocode): if sipuri >0 & sipuri <96 { do stuff } if sipuri >95 & sipuri < 120 { do stuff } And so on. Assuming that the sipuri is a number, and anything outside of the ranges, or letters is ignored (and handled elsewhere). I could build individual routes for each number, but I am hoping there is an easier way to do it. If anyone could help me out, that'd be really awesome. -- Dana

19 years, 3 months

[Serusers] FW: Radius packets not being sent to radius server

by Ashutosh Kumar

Hi, Finally I got the radius working. But now I am getting the error message rc_avpair_gen: received unknown VSA attribute 103, vendor 9 of length 18: 0x683332332D72657475726E2D636F64653D31 I am using cardsaver radius (quantum). Can someone explain the error message. Regards, Ashutosh Kumar ________________________________________ From: Ashutosh Kumar [mailto:ashutoshk@chetu.com] Sent: Tuesday, August 23, 2005 12:13 AM To: 'serusers(a)lists.iptel.org' Subject: Radius packets not being sent to radius server Hi, I m using radius with SER-0.9.0 and also using all the reqd functions viz. www_raidus_authorize etc.. , but when I ngrep for any connection with my radius server, I dont get any radius-packets in the result. Also the log file contains rc_send_server: no reply from RADIUS server a.b.c.d.:1812 (a.b.c.d is the radius servers IP). This is despite the fact that the radius server is running and hosting another running service, also radisuclient is configured fine. Kindly guide. Regards, Ashutosh Kumar Chetu, Inc. Ph : 1(305) 402 6724 - Witin US Ph : 91 120 5323340 - Outside US Fax:1 (305) 832 5987 For more information, please visit http://www.chetu.com

19 years, 3 months

[Users] authentication in multi-domain

by jayesh nambiar

hi all, Thanx Klaus and Bogdan, for rectifying my idea about using Openser in multi-domain environment. It did help me a lot. But sorry to ask one more question regarding the same issue. How do we authenticate the clients in multi-domain environment. I beleive openser allows to add users with same username in different domain!! If so then is it required that, when a call is made to such user the caller needs to specify the complete username with domain.. I did not actually check how it works but i thought just to clear the doubt. And how do we authenticate the users registered in different domains. pls help me understand this.. Thanx a lot for previous responses. Jayesh ____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs

19 years, 3 months

[Serusers] Total NewBie to Linux

by Herman Janse van Vuuren

Hi There, I have looked at the manuals and stuff, got everything installed, but how to I get it to work? where to I go and enter my IP of my billing server? How do I configure calling cards on this server? How do I register a user with a permanent account. Best Regards, Herman Janse van Vuuren Q-Kon (PTY) LTD Tel:+27 12 665 0052 ext 216 Mobile: +27 82 920 6959 Email: hjvvuuren(a)qkon.com

19 years, 3 months

Re: [Serusers] Checking URI

by Ryan Pagquil

Hi Steve, Here is the route[1] configuration. The calls from outside domains are falling to route[3] which make the call to be blocked. ##Default message handler## route[1] { t_on_reply("1"); if (!t_relay()) { if (method=="INVITE" || method=="ACK") { end_media_session(); }; sl_reply_error(); }; } Thanks, Ryan Steve Blair wrote: > > It looks like the type of call you describe should fall through to > route[1] is that > the behavior you are seeing? Anyway in route[1] (or somewhere ) you > need to > accept that the from address might not be a local user and allow for the > case where the from address is a "trusted alternate domain like > iptel.org". I'm > guessing, but I cannot confirm from this code, that route[1] is > checking the > from user credentials and providing you with the authentication required > message. > > At that point you could elect, and I think a soft phone will, prompt > the user for these > credentials. > > -Steve > > Ryan Pagquil wrote: > >> Hi Steve, >> >> Here is what happens with my current configuration. When I call >> from my iptel.org account going to my local users it prompts me "407, >> Proxy Authenctication Required". So what I like to do is to allow >> those calls going to my local users from other domain. BTW, here is >> my ser.cfg's INVITE message handler. >> >> ##INVITE message Handler## >> route[3] { if (client_nat_test("3")) { >> setflag(7); >> force_rport(); >> fix_nated_contact(); >> }; >> # if (!proxy_authorize("", "subscriber")) { >> # proxy_challenge("", "0"); >> # break; >> # } else >> >> if (!check_from() && method=="INVITE") { >> sl_send_reply("403", "User From=ID"); >> break; }; >> >> lookup("aliases"); >> if (uri!=myself) { >> route(1); >> break; >> }; >> >> if (!lookup("location")) { >> sl_send_reply("404", "User not found"); >> break; >> }; >> >> if (method=="CANCEL") { route(1); >> break; >> }; >> >> >> consume_credentials(); >> >> if (isflagset(6) || isflagset(7)) { >> use_media_proxy(); >> }; >> >> route(1); >> } >> >> I misse call with your SIP phone, just testing it. =) >> >> Thanks, >> Ryan >> >> Steve Blair wrote: >> >>> >>> Set the alias=<your sip domain> parameter then use if (uri==myself) >>> construct. >>> >>> -Steve >>> >>> Ryan Pagquil wrote: >>> >>>> Hello, >>>> How can I check if the call is for my domain? What >>>> specific module should I use? >>>> >>>> Thanks, >>>> -- Ryan Pagquil Infodyne Inc. - PhilOnline.com 3603 Antel Global Corporate Center Doña Julia Vargas Ave. Ortigas Center Pasig City Tel: 687-0715 Web: www.philonline.com

19 years, 3 months

← Newer
1
...
7
8
9
10
11
12
13
...
56
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users August 2005