>> I have a small configuration (pstn gateway ser.cfg) running ...
One of the things you have to be careful of with these tests is
just how realistic is the test? We can come up with all these magic
numbers about cps and #users, etc., but if the configs don't
include sufficient security checks to make it safe to put such
a server on the Internet then it could be a bit misleading.
I like openser and I'm enjoying learning about it and experimenting.
But I'm afraid that it's going to get a black-eye in the press due to
some significant security scandal. We need to put together a
"Security Considerations" section for the documentation, so that would
at least increase awareness among users (I'll work with someone to do
this, but I don't know enough yet to do it alone.)
Now some of you are going to say: Hey, use a commercial package if you
can't program the necessary security! But it's not me I'm worried
about, it's everyone else (OK, I am worried about me too :-)
Consider the path of sendmail. It took a long time for sendmail to
"ship" with arbitrary email relaying turned OFF by default. This
created big problems in the real world.
Likewise look how long it took for the default inetd.conf to have
virtually nothing defined in it, or for inetd itself to be turned off
by default. Previous default configurations caused big problems in
the real world.
The only security note in openser I recall seeing in two months of
reading and experimenting is about preventing someone from registering
with the same IP as one of your gateways. Here's the thing: if you
give people working configs then they will use them and some will use
them on the open Internet.
How does one person's deficient openser.cfg affect you? I don't know,
but one thing I hope we've all learned from the past dozen of so years
of Internet growth is that security at site A can be exploited to
affect site B in ways that we hadn't previously thought of.
Think of spam, distributed denial of service attacks, identity spoofing.
Thanks,
-mark
Hi,
In ser v10, I see a mediaproxy module and it points me to following address for a mediaproxy.
http://mediaproxy.ag-projects.com/
Could it be that this is the recent version of rtpproxy ?
should I use rtpproxy or mediaproxy ?
Thanks,
________________________________
From: ram [mailto:talk2ram@gmail.com]
Sent: Friday, June 16, 2006 5:12 PM
To: İlker Aktuna (Koç.net)
Subject: Re: [Serusers] Rtpproxy howto
Hi
In my i said get the Source of ser0.9.7 ( do not install ser of this version)
inside you can see rtpproxy source directory
install from that only rtpproxy.
ram
On 6/16/06, İlker Aktuna (Koç. net ) <ilkera(a)koc.net> wrote:
Hi,
I can't use ser0.9.7 because I need presence.
I already have ser v10 installed and running.
How can I add rtpproxy to it ?
Thanks,
ilker
________________________________
From: ram [mailto:talk2ram@gmail.com]
Sent: Friday, June 16, 2006 5:01 PM
To: İlker Aktuna (Koç.net <http://koç.net/> )
Cc: serusers(a)lists.iptel.org
Subject: Re: [Serusers] Rtpproxy howto
Hi
just download from onsip site ser0.9.7
untar that, and make rtpproxy from that
and run rtpproxy
its very simple
ram
On 6/16/06, İlker Aktuna (Koç. net ) <ilkera(a)koc.net > wrote:
Hi,
I will try to install RTP proxy for my internal users. Is there a simple RTP proxy howto/handbook for this process ?
Thanks,
ilker
<http://387555.sigclick.mailinfo.com/sigclick/020C0F07/04004D09/01020F4E/038…>
_____________________________________________________________________________________________________________________________________________
Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez.
This message is intended solely for the use of the individual or entity to whom it is addressed , and may contain confidential information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, can not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however, sender cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence.
_____________________________________________________________________________________________________________________________________________
<http://387555.sigclick.mailinfo.com/sigclick/020D0506/05044E03/01030A4F/022…>
_____________________________________________________________________________________________________________________________________________
Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez.
This message is intended solely for the use of the individual or entity to whom it is addressed , and may contain confidential information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, can not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however, sender cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence.
_____________________________________________________________________________________________________________________________________________
Hello all,
I'm guessing if OpenSER supports more than one CPU.
I ask for this to know if I can achieve to double the call per second
(cps) rate or registration rate using two processors instead of one.
I suppose that many of us have read the excellent "getting started 5"
guide and use the scripts provided in this guide to start their first
SER/OpenSER proxy. I would like to know if other users using these
scripts would like to share their experience on the amount of users
their OpenSER platform is able to handle, and on which hardware.
It could be interesting if some users can post their OpenSER performance
(cps, registration rate, number of user) with a particular "getting
started" script, for example : "Authenticating ser.cfg", "call
forwarding ser.cfg".
Moreover, it could be great if we could think of a standard procedure to
stress test the proxy. I have heard of Sipp, so do you think this
program could be the base of this procedure?
I understand that OpenSER performance greatly depends of the ser.cfg,
nat configuration, avpops, the database backend, but I think that it
could be great to delimit some standards configurations and show what we
can expect on different hardware specifications.
I'm wondering about this, cause I'd like to know if one or two OpenSER
will easily support 30 000 to 40 000 users, call forwarding, redirection
to voicemail; or will I have to buy a commercial product to do this.
I have a small configuration (pstn gateway ser.cfg) running with 50
users, registering every 60s and a peak of 20cps (limited by my pstn
connectivity), running like a charm on a small Intel P3 700 Mhz with
256MB (it's a small test box running on my desk).
If somebody could help to define a test, it will be a pleasure to share
my experience on an IBM HS20 blade with a bi Xeon 3,06 Ghz and 4GB of RAM.
Thanks to all for the daily support,
rod.
Hi All,
When I tried to start openser with accounting module, I got error:
0(0) db_init: Connection 'mysql://openser:openserrw@localhost/openser' not
found in pool
0(0) new_connection: Opening MySQL connection:
mysql://openser:openserrw@localhost/openser
0(0) new_connection: Connection type is Localhost via UNIX socket
0(0) new_connection: Protocol version is 10
0(0) new_connection: Server version is 4.0.18-standard
0(0) usrloc:preload_udomain: Wrong version v136545352 for table <location>,
expected v1001
0(0) register_udomain(): Error while preloading domain 'location'
0(0) pool_remove: Removing connection from the pool
0(0) domain_fixup(): Error while registering domain
ERROR: error -1 while trying to fix configuration
I tried to execute :
openser_mysql drop
openser_mysql create
After this, I start openser, the same erroe message.
I realy need help in this issue.
Thanks
John
Hi,
I can't use ser0.9.7 because I need presence.
I already have ser v10 installed and running.
How can I add rtpproxy to it ?
Thanks,
ilker
________________________________
From: ram [mailto:talk2ram@gmail.com]
Sent: Friday, June 16, 2006 5:01 PM
To: İlker Aktuna (Koç.net)
Cc: serusers(a)lists.iptel.org
Subject: Re: [Serusers] Rtpproxy howto
Hi
just download from onsip site ser0.9.7
untar that, and make rtpproxy from that
and run rtpproxy
its very simple
ram
On 6/16/06, İlker Aktuna (Koç. net ) <ilkera(a)koc.net> wrote:
Hi,
I will try to install RTP proxy for my internal users. Is there a simple RTP proxy howto/handbook for this process ?
Thanks,
ilker
<http://387555.sigclick.mailinfo.com/sigclick/020C0F07/04004D09/01020F4E/038…>
_____________________________________________________________________________________________________________________________________________
Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez.
This message is intended solely for the use of the individual or entity to whom it is addressed , and may contain confidential information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, can not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however, sender cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence.
_____________________________________________________________________________________________________________________________________________
Hi,
I will try to install RTP proxy for my internal users. Is there a simple RTP proxy howto/handbook for this process ?
Thanks,
ilker
<http://387555.sigclick.mailinfo.com/sigclick/0A090F07/05044F00/09070C4E/021…>
_____________________________________________________________________________________________________________________________________________
Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez.
This message is intended solely for the use of the individual or entity to whom it is addressed , and may contain confidential information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, can not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however, sender cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence.
_____________________________________________________________________________________________________________________________________________
This is my openser.cfg;
I'm using it to replicate the SIP registration from one asterisk to another
one (to have always the same registration status of SIP in all 2 asterisk,in
case of falls, every 2 ,have the same configuration and softphones run
without registration problem...(this is my purpose....) .
# demo script showing how to set-up usrloc replication
# SCRIPT PER COPIARE LO STATO DELLE REGISTRAZIONI DEI SIP DAL .12 all' .11
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=no
log_stderror=yes # (cmd line: -E)
#listen= 192.16.25.11
port=5060
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/openser/modules/mysql.so"
loadmodule "/usr/local/lib/openser/modules/sl.so"
loadmodule "/usr/local/lib/openser/modules/tm.so"
#loadmodule "/usr/local/lib/openser/modules/rr.so"
loadmodule "/usr/local/lib/openser/modules/maxfwd.so"
loadmodule "/usr/local/lib/openser/modules/usrloc.so"
loadmodule "/usr/local/lib/openser/modules/registrar.so"
#loadmodule "/usr/local/lib/openser/modules/textops.so"
loadmodule "/usr/local/lib/openser/modules/auth.so"
loadmodule "/usr/local/lib/openser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# digest generation secret; use the same in backup server;
# also, make sure that the backup server has sync'ed time
modparam("auth", "secret", "alsdkhglaksdhfkloiwr")
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwars==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
return;
};
#if (len_gt( max_len )) {
if ( msg:len > max_len ){
sl_send_reply("513", "Message too big");
return;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# verify credentials
if (!www_authorize("", "subscriber")) {
www_challenge("", "0");
return;
};
# if ok, update contacts and ...
save("location");
# ... if this REGISTER is not a replica from our
# peer server, replicate to the peer server
if (!src_ip== 192.16.25.12) {
t_replicate("192.16.25.12","5060");
};
return;
};
# do whatever else appropriate for your domain
log("non-REGISTER\n");
};
}
When I run openser happens this:
[root@asterisk11 ~]# openser
0(3294) WARNING: fix_socket_list: could not rev. resolve 192.16.25.11
0(3294) WARNING: fix_socket_list: could not rev. resolve 192.16.25.11
Listening on
udp: 127.0.0.1 [127.0.0.1]:5060
udp: 192.16.25.11 [ 192.16.25.11]:5060
tcp: 127.0.0.1 [127.0.0.1]:5060
tcp: 192.16.25.11 [ 192.16.25.11]:5060
Aliases:
tcp: asterisk11.local:5060
udp: asterisk11.local :5060
WARNING: no fork mode and more than one listen address found(will use only
the the first one)
stateless - initializing
0(0) Maxfwd module- initializing
0(0) AUTH module - initializing
0(0) AUTH_DB module - initializing
0(0) INFO: udp_init: SO_RCVBUF is initially 110592
0(0) INFO: udp_init: SO_RCVBUF is finally 221184
0(0) WARNING: using only the first listen address (no fork)
and then the windows doesn't respond.....is all stop....where is the
problem?
10000000 thanks!
sir
Sorry to disturb you once again but my softphone (X
lite)
is still not connected to ser. I also checked its log
and
it is sending requests to port 5065.
so PLZ tell all the possiblities and their corrections
as
well.
so that I wont disturb you again.
regards.
__________________________________________________________
Yahoo! India Answers: Share what you know. Learn something new
http://in.answers.yahoo.com/
Thank you :)
-----Original Message-----
From: Vaclav Kubart [mailto:vaclav.kubart@iptel.org]
Sent: Friday, June 16, 2006 10:31 AM
To: İlker Aktuna (Koç.net)
Cc: serusers(a)lists.iptel.org
Subject: Re: [Serusers] Presentity & Rls databases
See module parameters in presence handbook.
Vaclav
On Fri, Jun 16, 2006 at 10:27:40AM +0300, ?lker Aktuna (Koç.net) wrote:
> Hi,
>
> Anyone who has information about this ?
>
> thanks
> ilker
>
> ________________________________
>
> From: serusers-bounces(a)lists.iptel.org
> [mailto:serusers-bounces@lists.iptel.org] On Behalf Of ?lker Aktuna
> (Koç.net)
> Sent: Thursday, June 15, 2006 9:33 AM
> To: serusers(a)lists.iptel.org
> Subject: [Serusers] Presentity & Rls databases
>
>
>
> Hi,
>
>
> In my Ser installation with mysql db, I see some tables for presentity
> and RLS such as;
> | presentity |
> | presentity_contact |
> | presentity_notes |
> | presentity_persons |
> | rls_subscription |
> | rls_vs |
> | rls_vs_names |
>
> But they are empty tables and seems that they are not used anyhow.
> How can I make use of these tables ?
>
> I wonder how to save presence info on db.
>
> Thanks for any information.
>
> Regards,
> ilker
>
<http://387555.sigclick.mailinfo.com/sigclick/020A0507/03014E02/0104014E/043…>
_____________________________________________________________________________________________________________________________________________
Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez.
This message is intended solely for the use of the individual or entity to whom it is addressed , and may contain confidential information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, can not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however, sender cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence.
_____________________________________________________________________________________________________________________________________________
1. Specify "listen=x.x.x.x" and add "children=N" directive as well
(e.g. children=5)
2. Could not resolve blah-blah comes from the fact that you do not
have a DNS reverse entry for this IP address. Try specifying the
following directives. They might help.
dns=no
rev_dns=no
Regards,
Andrey.
P.S. - This is just a warning, so dont worry too much. Nevertheless,
seeing warnings is not that pleasant anyway. I understand your
concern. ;-)