Hi all,
Can some one please point me to the doc's that how to install Openser as
Central server and multiple asterisks' are as PSTN gateways.
Thanks and regards
Naveen
Hi All,
We are currently using radius server for authentication. Is it possible to use oracle database with SER without using radius server. We have no problem if need to develop our own module for it, but the concern is whether we still be able to do digest authentication if we take out the radius server.
Best Regards,
Abdul Qadir
---------------------------------
Want to start your own business? Learn how on Yahoo! Small Business.
Hi,
This may seem like a silly question, but I would just like to know if any
modifications need to be made to the routing block(s) of openser.cfg to
allow calls to be established using TLS?
I'm running openser v 1.1.0 and I have just setup TLS. I'm using SIPp to
test it and it seems to be working as I can register using a SIPp scenario.
However when I try and make a call the invites are challenged and
authenticated, but once that is complete the invite is not forwarded to the
uas. The uas is registered and listening using TLS. The SIPp scenarios also
work perfectly if I don't use TLS.
Am I missing anything?
Many Thanks
Sebastian
--
Sebastian Murray-Roberts (B.Sc Hons)
Server Developer
CeDux Technologies
Fax: +27 21 409 7050
Mobile: +27 72 183 5998
CONFIDENTIALITY NOTICE: E-MAIL
This e-mail is confidential. If you receive it by mistake, please delete it
and notify the sender immediately. If you are not the intended recipient,
you may not use, disclose, distribute, copy or publish any information
contained herein.
I setup openser with TLS, and configured eyebeam as client. I
installed rootCA on one laptap and one desktop. Strange thing is the
eyebeam on desktop works well, but the same setup (Same setting in
eyebeam, same rootCA installed) does not work on Laptop, It always
returns 503 certificate failure. The log on eyebeam shows errors
below. Any idea what is going on?
Thanks,
Stephen
[06-12-01]10:25:17.611 Error (min) RESIP "Error when verifying
server's chain of certificates: self signed certificate in certificate
chaindepth=1 /CN=Stephen_Li/ST=IL/C=US/emailAddress=w13738(a)email.mot.com/O=MultiMediaIMS
"
[06-12-01]10:25:17.612 Error (min) RESIP:TRANSPORT TLS connection
failed ok=-1 err=1 error:00000001:lib(0):func(0):reason(1)
[06-12-01]10:25:17.612 Error (min) RESIP:TRANSPORT (SSL Error ssl)
[06-12-01]10:25:17.634 Error (min) RESIP:TRANSPORT error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[06-12-01]10:25:17.634 Error (min) RESIP:TRANSPORT Error code =
336134278 file=.\ssl\s3_clnt.c line=844
[06-12-01]10:25:17.634 Error (min) RESIP:TRANSPORT Couldn't TLS connect
Hi,
i am new to openser.i am using openser1.1.0.tls . i am getting
problem with PA module while try to get presence information.i am using
windows messenger as sip client . while am calling
handle_subscription("registrar") 8(32566) ERROR: parse_uri: bad uri,
state 0 parsed: <> (4) / <> (135224384) error is appears on openser
screen .
please help me on this .i am attaching openser.cfg also
8(32566) SIP Request:
8(32566) method: <SUBSCRIBE>
8(32566) uri: <sip:ramesh.b@192.168.0.56>
8(32566) version: <SIP/2.0>
8(32566) parse_headers: flags=2
8(32566) end of header reached, state=5
8(32566) parse_headers: Via found, flags=2
8(32566) parse_headers: this is the first via
8(32566) After parse_msg...
8(32566) preparing to run routing scripts...
8(32566) parse_headers: flags=100
8(32566) DEBUG:maxfwd:is_maxfwd_present: value = 70
8(32566) parse_headers: flags=10
8(32566) DEBUG: add_param: tag=4728ca770b8542babb6c8be2e07558d1
8(32566) DEBUG: add_param: epid=7abbed3e7b
8(32566) DEBUG:parse_to:end of header reached, state=29
8(32566) DBUG:parse_to: display={"ramesh.b(a)192.168.0.56"},
ruri={sip:ramesh.b@192.168.0.56}
8(32566) parse_headers: flags=200
8(32566) DEBUG:parse_to:end of header reached, state=10
8(32566) DBUG:parse_to: display={}, ruri={sip:ramesh.b@192.168.0.56}
8(32566) DEBUG: get_hdr_field: <To> [29]; uri=[sip:ramesh.b@192.168.0.56]
8(32566) DEBUG: to body [<sip:ramesh.b@192.168.0.56>
]
8(32566) get_hdr_field: cseq <CSeq>: <1> <SUBSCRIBE>
8(32566) DEBUG: get_hdr_body : content_length=0
8(32566) found end of header
8(32566) find_first_route: No Route headers found
8(32566) loose_route: There is no Route HF
8(32566) grep_sock_info - checking if host==us: 12==9 && [192.168.0.56]
== [127.0.0.1]
8(32566) grep_sock_info - checking if port 5060 matches port 5060
8(32566) grep_sock_info - checking if host==us: 12==12 &&
[192.168.0.56] == [192.168.0.56]
8(32566) grep_sock_info - checking if port 5060 matches port 5060
8(32566) grep_sock_info - checking if host==us: 12==9 && [192.168.0.56]
== [127.0.0.1]
8(32566) grep_sock_info - checking if port 5060 matches port 5060
8(32566) grep_sock_info - checking if host==us: 12==12 &&
[192.168.0.56] == [192.168.0.56]
8(32566) grep_sock_info - checking if port 5060 matches port 5060
8(32566) DEBUG: t_newtran: msg id=5 , global msg id=2 , T on
entrance=0xffffffff
8(32566) parse_headers: flags=ffffffffffffffff
8(32566) parse_headers: flags=78
8(32566) t_lookup_request: start searching: hash=20651, isACK=0
8(32566) DEBUG: proceeding to pre-RFC3261 transaction matching
8(32566) DEBUG: t_lookup_request: no transaction found
8(32566) handle_subscription() entered
8(32566) parse_headers: flags=608010
8(32566) check_message -0- _m=0x812fec8
8(32566) check_message -1- 8(32566) check_message -2- accepts_mimes=(nil)
8(32566) check_message -3-
*8(32566) check_message -4- parsed_event=(nil)
8(32566) check_message -5-
8(32566) get_pres_uri: _puri=
8(32566) ERROR: parse_uri: bad uri, state 0 parsed: <> (4) / <>
(135224384)
8(32566) extract_plain_uri(): Error while parsing URI
6(32559) SIP Request:*
6(32559) method: <SUBSCRIBE>
6(32559) uri: <sip:mahesh@192.168.0.56>
6(32559) version: <SIP/2.0>
6(32559) parse_headers: flags=2
6(32559) end of header reached, state=5
6(32559) 7(32560) SIP Request:
7(32560) method: <SUBSCRIBE>
7(32560) uri: <sip:ramesh.b@192.168.0.56>
7(32560) version: <SIP/2.0>
7(32560) parse_headers: flags=2
7(32560) end of header reached, state=5
7(32560) parse_headers: Via found, flags=2
7(32560) parse_headers: this is the first via
7(32560) After parse_msg...
7(32560) preparing to run routing scripts...
7(32560) parse_headers: flags=100
7(32560) DEBUG:maxfwd:is_maxfwd_present: value = 70
7(32560) parse_headers: flags=10
Thanks and Regards
venkatesh.d
#This configaration file for routing the failure calls another destination (like VMS)
#
# $Id: openser.cfg,v 1.6 2006/02/15 18:23:46 bogdan_iancu Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
debug=4 # debug level (cmd line: -dddddddddd)
fork=yes
#log_stderror=yes # (cmd line: -E)
# Uncomment these lines to enter debugging mode
#fork=no
log_stderror=yes
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/openser_fifo"
#
# uncomment the following lines for TLS support
#disable_tls = 0
#listen = tls:your_IP:5061
#tls_verify = 1
#tls_require_certificate = 0
#tls_method = TLSv1
#tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
#tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
#tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/openser/modules/mysql.so"
loadmodule "/usr/local/lib/openser/modules/sl.so"
loadmodule "/usr/local/lib/openser/modules/tm.so"
loadmodule "/usr/local/lib/openser/modules/rr.so"
loadmodule "/usr/local/lib/openser/modules/maxfwd.so"
loadmodule "/usr/local/lib/openser/modules/usrloc.so"
loadmodule "/usr/local/lib/openser/modules/registrar.so"
loadmodule "/usr/local/lib/openser/modules/textops.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/openser/modules/auth.so"
loadmodule "/usr/local/lib/openser/modules/auth_db.so"
loadmodule "/usr/local/lib/openser/modules/uac.so"
loadmodule "/usr/local/lib/openser/modules/pa.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")
modparam("registrar", "default_expires", 1800)
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 2)
modparam("auth_db","db_url","mysql://openser:openser@venkid/openser")
modparam("usrloc","db_url","mysql://openser:openser@venkid/openser")
modparam("pa", "db_url", "mysql://openser:openser@venkid/openser")
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER")
{
record_route();
}
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route())
{
#mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
};
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
# if you have some interdomain connections via TLS
# if(uri=~"@tls_domain1.net") {
# t_relay("tls:domain1.net");
# exit;
# } else if(uri=~"@tls_domain2.net") {
# t_relay("tls:domain2.net");
# exit;
#}
route(1);
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!www_authorize("venkid", "subscriber")) {
www_challenge("venkid", "0");
exit;
};
save("location");
exit;
};
if( method=="SUBSCRIBE" )
{
route(2);
};
if (!uri==myself)
{
append_hf("P-hint: outbound alias\r\n");
route(1);
};
if (!lookup("location")) {
log("not found while look up *********************************");
exit;
}else{
log("found while look up*************************************");
exit;
};
};
route(1);
}
route[1] {
if (!t_relay())
{
sl_reply_error();
}
exit;
}
route[2]
{
# absorb retransmissions
if (! t_newtran())
{
sl_reply_error();
exit;
};
# append to reply the contact of your server
append_to_reply("Contact: <sip:192.168.0.56:5060>\r\n");
handle_subscription("registrar");
sl_send_reply("200","ok ");
t_release();
exit;
}
Hi,
I'm attempting to use t_replicate in order to load balance the registration
proxy. However,
when the REGISTER packet goes to proxy2, it says "401 Unauthorized".
Both openser installations are working off of the same mysql database.
The first proxy has a srv record for the domain being served, the second
does not.
The first openser.cfg looks like this:
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest
authentication
if (!www_authorize("voipcall.com", "subscriber")) {
www_challenge("voipcall.com", "0");
exit;
};
save("location");
t_replicate('proxy2');
exit;
};
the second looks like this:
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest
authentication
if (!www_authorize("voipcall.com", "subscriber")) {
www_challenge("voipcall.com", "0");
exit;
};
save("location");
exit;
};
Both openser instances have aliases for the domain, and as I said before,
are operating off of the same database backend.
Furthermore, if I set the sip client's sip domain so that it will register
directly with proxy2, the phone registers with now problem.
However, when the t_replicate executes,
syslog says this:
Dec 4 23:26:01 /usr/sbin/openser[15365]: check_nonce(): comparing
[4574af56734dbd1d5c2c81242a74ba5cb5703c79] and
[4574af56989148c2191ea66c5c3c1d75726da244]
Dec 4 23:26:01 /usr/sbin/openser[15365]: pre_auth(): Invalid nonce value
received
Thanks,
Mark
Hi,
I am experiencing the following:
openser 1.1 and asterisk are on public IP addresses, with openser acting as
a sip proxy in front of asterisk.
sip clients A and B live behind the same firewall.
Let A be a TCP UAC. Let B be a UAC using TCP or UDP.
If A calls B and B hangs up, A never sees the BYE packet, and never hangs
up.
If A calls B and A hangs up, the BYE packet is transmitted just fine, and B
hangs up as it should.
tcpdump at the sip proxy shows that when B hangs up, the SIP hangup dialog
is as expected between
B<->openser<->asterisk
Then, asterisk sends a BYE through openser which is addressed to A, but A
never responds.
To be more exact, A never responds because the BYE message is not passing
through the firewall.
Perhaps someone has seen such a problem?
I have included a collection of facts below about the situation.
If there are others I can provide you with, let me know.
If A and B are both TCP, then clients A and B each have exactly one tcp
stream between themselves and openser. I.e. tcpdump shows precisely 2 each
of syn and syn/ack packets.
The source and destination ports of the final BYE packet are the same as the
destination and source ports of the original INVITE packet.
Furthermore, the time between phone registration and the sending of the last
BYE packet is on the order of 20 seconds, and the behavior is consistent, so
it is unlikely that the TCP stream timed out.
The following four packets were cut and pasted from tcpdump. Would more
information be helpful?
The following packets represent:
1. invite from asterisk to openser
2. invite from openser to client B
3. bye from asterisk to openser
4. bye from openser to client B
Recall that INVITE(tcp.src, tcp.dst) == BYE (tcp.dst,tcp.src).
INVITE sip:9043067733@joinuneta.com:5065 SIP/2.0\r\n
From: "Mark Price2" <sip:9043060000@66.129.95.24>;tag=as50a4e684\r\n
To: <sip:9043067733@joinuneta.com:5065>\r\n
Contact: <sip:9043060000@66.129.95.24>\r\n
Call-ID: 6e9c8160194ea4eb59afa0da0c22633d(a)66.129.95.24\r\n
CSeq: 102 INVITE\r\n
INVITE sip:9043067733@66.177.61.238:17522;transport=TLS;rinstance=58c12cb6506504ae
SIP/2.0\r\n
From: "Mark Price2" <sip:9043060000@66.129.95.24>;tag=as50a4e684\r\n
To: <sip:9043067733@joinuneta.com:5065>\r\n
Contact: <sip:9043060000@66.129.95.24>\r\n
Call-ID: 6e9c8160194ea4eb59afa0da0c22633d(a)66.129.95.24\r\n
CSeq: 102 INVITE\r\n
BYE sip:9043060000@66.177.61.238:17559 SIP/2.0\r\n
From: "9043067733 (Softphone)"<sip:9043067733@joinuneta.com
>;tag=as3f8914c4\r\n
To: "Mark Price"<sip:9043060000@joinuneta.com>;tag=3c60f44e\r\n
Contact: <sip:9043067733@66.129.95.24>\r\n
Call-ID: ZDFkMjBlMWJlOGZlZWE4NmZlMzQ2NWE0OWNiOGYzYzU.\r\n
CSeq: 102 BYE\r\n
BYE sip:9043060000@66.177.61.238:17559 SIP/2.0\r\n
From: "9043067733 (Softphone)"<sip:9043067733@joinuneta.com
>;tag=as3f8914c4\r\n
To: "Mark Price"<sip:9043060000@joinuneta.com>;tag=3c60f44e\r\n
Contact: <sip:9043067733@66.129.95.24>\r\n
Call-ID: ZDFkMjBlMWJlOGZlZWE4NmZlMzQ2NWE0OWNiOGYzYzU.\r\n
Thanks,
Mark Price
Hi all.
After UA makes a PSTN call, if remote PSTN peer hangs up first, server
correctly receives BYE from gateway, hit BYE section in config and CDR
records accordingly through radius.
But if UA hangs up first, BYE section in config never gets hit, instead
server logs "ERROR: forward_reply: no 2nd via found in reply" right after
" ACC: transaction answered:...", which was logged when the call was
answered by called PSTN. CDR accounting only records without STOP time
and duration being zero.
Any comments will be appreciated.
Which is more efficient?
if (uri=~"^sip:foo.*") {
or
if (avp_check("$rU", "re/^foo/i")) {
And, in the long run, given Amdahl's law, does it even matter?
Enquiring minds want to know
--
*******************************************
Mahesh Paolini-Subramanya (703) 386-1500 x9100
CTO mahesh(a)aptela.com
Aptela, Inc. http://www.aptela.com
"Aptela: How Business Answers The Call"
*******************************************
