sr-users March 2007

sr-users@lists.kamailio.org

192 participants
380 discussions

[Users] bad user name/uid number: -u openser
by Abdurrahman Sahin 31 Mar '07

31 Mar '07

hi all; i just received "bad user name/uid number: -u openser" error msg when i try to start openser server, after installing openser database on mysql and using openser.cfg generator scpript at sipwise.com /rtpproxy section any help about this msg is appreciated.

2 1

Re: [Users] Re: openser behind nat UAs behind NAT
by Abdurrahman Sahin 31 Mar '07

31 Mar '07

hi; when i use a stun server i can register my UAs , but i didnt like this method, i think i should be able to do it without a stun server at first, i see nathelper Module in the documentatios. is there somebody to show how to use nathelper module? ----- Original Message ----- From: raviprakash sunkara To: asahin Sent: Saturday, March 31, 2007 7:25 AM Subject: Re: [Users] Re: openser behind nat UAs behind NAT Hi Asahin, When U with OpenSER Behind NAT, I need to know that is OpenSER is Behind the NAT, which having the Firewall router/NAT. Is the OpenSER is private IP or Public IP (ISP) if the OpenSER is Having the Private IP, of that IP is should forwards the SIP port and RTP ports, and in openserclt, SIP Domain is the public ip. alias should be the Sip domain name In Register Section if!www_authorize("alias name or realm", " subscriber" ) On 3/31/07, asahin <abdsahin(a)gmail.com> wrote: hi all; i am now able to register my client with the openserver server. i used STUN server option of x-lite and stun.voipuser.org as the stun server i also set/exported SIP_DOMAIN variable to my public openser server ip address. i wonder do i have to use a stun server ? ----- Original Message ----- From: asahin To: users(a)openser.org Sent: Friday, March 30, 2007 10:26 PM Subject: openser behind nat UAs behind NAT hi; i installed and tested openser on the internal network, it was working. i tried to test it behind NAT with x-lite sip client, but it failed. i defined a port mapping on the adsl modem for udp/tcp 5060 ports to forward the packets to the openser installed machine. when i try to register to openser i received a 408 request timeout message. i guess its due to external ip of the openser server. i think i should define external ip of the modem to the openser as if it's its own ip, but dont where to define it. here is the ngrep dump at the server. U external_ip_of_ua:23975 -> 192.168.200.2:5060 REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport..Max-Forwards: 70..Contact: <sip:apo@external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo@external_ip_of_openser>..From: "apo"<sip:apo@external_ip_of_ua;tag=da6a3851..Call-ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER.. Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0....#U 192.168.200.2:5060 -> external_ip_of_openser:5060 REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP 192.168.200.2;branch=z9hG4bKd734.53940821.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport=23975..Max-Forwards: 69..Contact: <sip:apo@external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo@external_ip_of_openser>..From: "apo"<sip:apo@external_ip_of_ua;tag=da6a3851..Call- ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER..Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, B YE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0..P-hint: out bound.... my openser.cfg file is the initial openser openser.cfg file i didnt change it. ------------- # # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $ # # simple quick-start config script # Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php # for a explanation of possible statements, functions and parameters. # # ----------- global configuration parameters ------------------------ debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) children=4 # Uncomment these lines to enter debugging mode #fork=no #log_stderror=yes # port=5060 # uncomment the following lines for TLS support #disable_tls = 0 #listen = tls:your_IP:5061 #tls_verify_server = 1 #tls_verify_client = 1 #tls_require_client_certificate = 0 #tls_method = TLSv1 #tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem" #tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem" #tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem" # ------------------ module loading ---------------------------------- #set module path mpath="/usr/local/lib64/openser/modules/" # Uncomment this if you want to use SQL database #loadmodule "mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "mi_fifo.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! #loadmodule "auth.so" #loadmodule "auth_db.so" # ----------------- setting module-specific parameters --------------- # -- mi_fifo params -- modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo") # -- usrloc params -- modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2) # -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route(); # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); }; if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); # if you have some interdomain connections via TLS #if(uri=~"@tls_domain1.net") { # t_relay("tls:domain1.net"); # exit; #} else if(uri=~"@tls_domain2.net") { # t_relay("tls:domain2.net"); # exit; #} route(1); }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") { # Uncomment this if you want to use digest authentication #if (!www_authorize("openser.org", "subscriber")) { # www_challenge("openser.org", "0"); # exit; #}; save("location"); exit; }; lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); }; route(1); } route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit; } _______________________________________________ Users mailing list Users(a)openser.org http://openser.org/cgi-bin/mailman/listinfo/users -- Thanks and Regards Ravi Prakash Sunkara ravi.sunkara(a)hyperion-tech.com M:+91 9985077535 www.hyperion-tech.com Client and Parent company :- www.august-networks.com

2 1

[Users] Re: openser behind nat UAs behind NAT
by asahin 30 Mar '07

30 Mar '07

hi all; i am now able to register my client with the openserver server. i used STUN server option of x-lite and stun.voipuser.org as the stun server i also set/exported SIP_DOMAIN variable to my public openser server ip address. i wonder do i have to use a stun server ? ----- Original Message ----- From: asahin To: users(a)openser.org Sent: Friday, March 30, 2007 10:26 PM Subject: openser behind nat UAs behind NAT hi; i installed and tested openser on the internal network, it was working. i tried to test it behind NAT with x-lite sip client, but it failed. i defined a port mapping on the adsl modem for udp/tcp 5060 ports to forward the packets to the openser installed machine. when i try to register to openser i received a 408 request timeout message. i guess its due to external ip of the openser server. i think i should define external ip of the modem to the openser as if it's its own ip, but dont where to define it. here is the ngrep dump at the server. U external_ip_of_ua:23975 -> 192.168.200.2:5060 REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport..Max-Forwards: 70..Contact: <sip:apo@external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo@external_ip_of_openser>..From: "apo"<sip:apo@external_ip_of_ua;tag=da6a3851..Call-ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER.. Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0....#U 192.168.200.2:5060 -> external_ip_of_openser:5060 REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP 192.168.200.2;branch=z9hG4bKd734.53940821.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport=23975..Max-Forwards: 69..Contact: <sip:apo@external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo@external_ip_of_openser>..From: "apo"<sip:apo@external_ip_of_ua;tag=da6a3851..Call- ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER..Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, B YE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0..P-hint: out bound.... my openser.cfg file is the initial openser openser.cfg file i didnt change it. ------------- # # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $ # # simple quick-start config script # Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php # for a explanation of possible statements, functions and parameters. # # ----------- global configuration parameters ------------------------ debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) children=4 # Uncomment these lines to enter debugging mode #fork=no #log_stderror=yes # port=5060 # uncomment the following lines for TLS support #disable_tls = 0 #listen = tls:your_IP:5061 #tls_verify_server = 1 #tls_verify_client = 1 #tls_require_client_certificate = 0 #tls_method = TLSv1 #tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem" #tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem" #tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem" # ------------------ module loading ---------------------------------- #set module path mpath="/usr/local/lib64/openser/modules/" # Uncomment this if you want to use SQL database #loadmodule "mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "mi_fifo.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! #loadmodule "auth.so" #loadmodule "auth_db.so" # ----------------- setting module-specific parameters --------------- # -- mi_fifo params -- modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo") # -- usrloc params -- modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2) # -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route(); # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); }; if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); # if you have some interdomain connections via TLS #if(uri=~"@tls_domain1.net") { # t_relay("tls:domain1.net"); # exit; #} else if(uri=~"@tls_domain2.net") { # t_relay("tls:domain2.net"); # exit; #} route(1); }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") { # Uncomment this if you want to use digest authentication #if (!www_authorize("openser.org", "subscriber")) { # www_challenge("openser.org", "0"); # exit; #}; save("location"); exit; }; lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); }; route(1); } route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit; }

1 0

[Users] openser behind nat UAs behind NAT
by asahin 30 Mar '07

30 Mar '07

hi; i installed and tested openser on the internal network, it was working. i tried to test it behind NAT with x-lite sip client, but it failed. i defined a port mapping on the adsl modem for udp/tcp 5060 ports to forward the packets to the openser installed machine. when i try to register to openser i received a 408 request timeout message. i guess its due to external ip of the openser server. i think i should define external ip of the modem to the openser as if it's its own ip, but dont where to define it. here is the ngrep dump at the server. U external_ip_of_ua:23975 -> 192.168.200.2:5060 REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport..Max-Forwards: 70..Contact: <sip:apo@external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo@external_ip_of_openser>..From: "apo"<sip:apo@external_ip_of_ua;tag=da6a3851..Call-ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER.. Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0....#U 192.168.200.2:5060 -> external_ip_of_openser:5060 REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP 192.168.200.2;branch=z9hG4bKd734.53940821.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport=23975..Max-Forwards: 69..Contact: <sip:apo@external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo@external_ip_of_openser>..From: "apo"<sip:apo@external_ip_of_ua;tag=da6a3851..Call- ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER..Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, B YE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0..P-hint: out bound.... my openser.cfg file is the initial openser openser.cfg file i didnt change it. ------------- # # $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $ # # simple quick-start config script # Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php # for a explanation of possible statements, functions and parameters. # # ----------- global configuration parameters ------------------------ debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) children=4 # Uncomment these lines to enter debugging mode #fork=no #log_stderror=yes # port=5060 # uncomment the following lines for TLS support #disable_tls = 0 #listen = tls:your_IP:5061 #tls_verify_server = 1 #tls_verify_client = 1 #tls_require_client_certificate = 0 #tls_method = TLSv1 #tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem" #tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem" #tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem" # ------------------ module loading ---------------------------------- #set module path mpath="/usr/local/lib64/openser/modules/" # Uncomment this if you want to use SQL database #loadmodule "mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "mi_fifo.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! #loadmodule "auth.so" #loadmodule "auth_db.so" # ----------------- setting module-specific parameters --------------- # -- mi_fifo params -- modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo") # -- usrloc params -- modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2) # -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route(); # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); }; if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); # if you have some interdomain connections via TLS #if(uri=~"@tls_domain1.net") { # t_relay("tls:domain1.net"); # exit; #} else if(uri=~"@tls_domain2.net") { # t_relay("tls:domain2.net"); # exit; #} route(1); }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") { # Uncomment this if you want to use digest authentication #if (!www_authorize("openser.org", "subscriber")) { # www_challenge("openser.org", "0"); # exit; #}; save("location"); exit; }; lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); }; route(1); } route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit; }

1 0

Re: [Users] 1.1.1 to 1.2 : radius failed
by Bogdan-Andrei Iancu 30 Mar '07

30 Mar '07

Bodin, looks like the error has its roots in the radiusclient library: rc_check_reply: received invalid reply digest from RADIUS server I'm not a RADIUS expert, so I cannot say more than this.....:( ...maybe try to use wireshark to see the packages between server and client radius. regards, bogdan Bodin Bruno wrote: > Bogdan-Andrei Iancu a écrit : >> Hi Bodin, >> >> Have you try to see if your radius cfg is ok? see: >> >> http://www.openser.org/docs/openser-radius-1.0.x.html#testing_radius_commun… >> >> >> regards, >> bogdan >> >> >> Bodin Bruno wrote: >>> Bogdan-Andrei Iancu a écrit : >>>> Hi Bodin, >>>> >>>> look into the system log (/var/log/{syslog|messages}) to get the >>>> error generated by the radius library. >>>> >>>> regards, >>>> bogdan >>>> >>>> Bodin Bruno wrote: >>>>> Same radius client config, same radius server config, just 1.2 >>>>> from 1.1.1 but an error : >>>>> >>>>> 5(23229) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed >>>>> >>>>> Radius server get a good authenticate but openser failed this >>>>> after :( >>>> >>> On radius side, no error, in /var/log/messages there is only thise >>> line : >>> Mar 28 14:26:21 zebulon openser: rc_check_reply: received invalid >>> reply digest from RADIUS server >>> >>> >> > Hi, > Yes for sure. When a use 1.1.1 it work , and when I use 1.2 that > doesnt work, I thin k there is a difference between the two ... > > thank >

4 6

[Users] 0-terminated packet
by Tobias Lindgren 30 Mar '07

30 Mar '07

Hi all, Can anyone explain what this error mean? Mar 30 16:50:05 openser /sbin/openser[22632]: WARNING: udp_rcv_loop: upstream bug - 0-terminated packet from 192.168.0.1 50195 I'm getting this after an "Accepted" of a NOTIFY-message. Br, /Tobias

2 1

[Users] users authentication
by Joao Pereira 30 Mar '07

30 Mar '07

Hello I already have an OpenSER runnig nicely. Now I installed a second OpenSER (with other a newdomain) with the same database configuration and the same ser.cfg (except the IP). Everyting works fine... except the authentication... OpenSER always answers 401 Unauthorized. It only accepts clients when I comment this part: if (!www_authorize("newdomain.com", "subscriber")) { www_challenge("newdomain.com", "0"); break; }; The users exist in the database and I know the username / password. Whats happening? Thanks regards Joao Pereira

3 5

[Users] Unauthorized Calls - PLEASE HELP!
by Daryl Sanders 30 Mar '07

30 Mar '07

Hi Everyone, I aparently have something in my openser.cfg that is allowing unauthorized calls to go through to our PSTN gateways. I have included my config below for review. I would appreciate any help understanding how this might be happening. I am currently reviewing the CDRs from my PSTN gateways for clues as well. This is a pretty basic configuration with no NAT involved. Regards, Daryl route { # ----------------------------------------------------------------- # Sanity Check Section # ----------------------------------------------------------------- if (!mf_process_maxfwd_header("10")) { sl_send_reply("483", "Too Many Hops"); exit; }; if (msg:len > max_len) { sl_send_reply("513", "Message Overflow"); exit; }; if (method=="INVITE" || method=="ACK" || method=="BYE") { setflag(1); }; if (method=="INVITE") { if (is_user_in("From","inactive")) { if (uri =~ "^sip:911@") { xlog("L_NOTICE", "[$Tf] R1: $ci -- Allowing 911 Emergency Call on Inactive User\n" ); } else { sl_send_reply("403", "Forbidden"); xlog("L_NOTICE", "[$Tf] R1: $ci -- User Inactive\n" ); return; }; }; }; # ----------------------------------------------------------------- # Record Route Section # ----------------------------------------------------------------- if (method!="REGISTER") { record_route(); }; # ----------------------------------------------------------------- # Loose Route Section # ----------------------------------------------------------------- if (loose_route()) { xlog( "L_NOTICE", "[$Tf] RR: $ci -- Loose Route $rm ($rd).\n" ); if (!t_relay()) { sl_reply_error(); }; return; }; # ----------------------------------------------------------------- # Call Type Processing Section # ----------------------------------------------------------------- if (uri!=myself) { route(1); return; }; if (method=="ACK") { route(1); return; } else if (method=="REGISTER") { route(2); return; } else if (method=="INVITE") { route(3); return; } else if (method=="BYE" || method=="CANCEL") { t_relay(); exit; } lookup("aliases"); if (uri!=myself) { route(1); return; }; if (!lookup("location")) { sl_send_reply("404", "User Not Found"); return; }; route(1); } route[1] { # ----------------------------------------------------------------- # Default Message Handler # ----------------------------------------------------------------- t_on_reply("1"); t_on_failure("2"); if (!t_relay()) { sl_reply_error(); }; } route[2] { # ----------------------------------------------------------------- # REGISTER Message Handler # ----------------------------------------------------------------- sl_send_reply("100", "Trying"); if (!www_authorize("","subscriber")) { www_challenge("","0"); exit; }; consume_credentials(); if (!save("location")) { sl_reply_error(); }; } route[3] { # ----------------------------------------------------------------- # INVITE Message Handler # ----------------------------------------------------------------- # Trusted Provider IPs if (!src_ip==x.x.x.x)&&(!src_ip==x.x.x.x)&&(!src_ip==x.x.x.x) { if (!proxy_authorize("","subscriber")) { proxy_challenge("","0"); exit; }; consume_credentials(); }; lookup("aliases"); if (uri!=myself) { route(1); return; }; if (uri=~"[@:](192\.168\.|10\.|172\.16)" && !search("^Route:")){ sl_send_reply("479", "We do not forward to private IP addresses"); }; if ((uri =~ "^sip:0@")|| /* Operator Assistance */ (uri =~ "^sip:911@")|| /* 911 Emergency */ (uri =~ "^sip:411@")|| /* Directory Assistance */ (uri =~ "^sip:1[0-9]{10}@")) { /* Domestic PSTN */ route(4); return; }; if (uri=~"^sip:0111[0-9]*@") { # Kill calls to 011+1... (invalid dialing) sl_send_reply("406", "Not Acceptable"); return; } if (uri=~"^sip:011[0-9]*@") { # International PSTN if(!is_user_in("From","gateway1")) { strip(3); # Remove 011 for Gateway2 } route(4); return; }; if (!lookup("location")) { sl_send_reply("404", "User Not Found"); return; }; route(1); } route[4] { # ----------------------------------------------------------------- # PSTN Handler # ----------------------------------------------------------------- prefix("+"); # add "+" to Request URI append_hf("P-Asserted-Identity: \"User\"<sip:+1$avp(s:rpid)@x.x.x.x>\r\n"); uac_replace_from("$fn","sip:+$fU@$fd:5060"); if(is_user_in("From","gateway1")) { force_send_socket(x.x.x.x:5060); xlog("L_NOTICE", "[$Tf] Message sent via IP-1\n" ); } else { force_send_socket(x.x.x.x:5060); xlog("L_NOTICE", "[$Tf] Message sent via IP-2\n" ); }; ds_select_domain("1","0"); route(1); } onreply_route[1] { # we are checking here for a progressing return... ie a 180 Ringing or # 183 session progress -- if this occurs we don't care from here on # about failures as a gateway is handling the call... if( status =~ "18[0-9]" ) { xlog( "L_INFO", "[$Tf] ORR: $ci -- SIP-$rs Reset t_on_failure()\n"); t_on_failure("0"); } else { xlog( "L_INFO", "[$Tf] ORR: $ci -- $rs $rr\n" ); } } failure_route[2] { # 408 -- timeout -- typically the end party has not answered # Since we cancel t_on_failure() on a provisional response we should not be # getting a 408 timeout from a gateway at this stage.. it will just "fall through" # If fr_timer expires t_check_status("408") is true, although $rs is <null> if( t_check_status("408") ){ xlog( "L_NOTICE", "[$Tf] FR: $ci -- TIMEOUT for Gateway $rd\n" ); } else { xlog( "L_NOTICE", "[$Tf] FR: $ci -- $rs reason $rr\n" ); } # 403 -- Not a valid number, or possibly no permission to use the gateway if( t_check_status("403") ){ xlog("L_NOTICE", "[$Tf] FR: $ci -- SIP-$rs Forbidden\n" ); return; } # 486 -- User Busy if( t_check_status("486") ){ xlog("L_NOTICE", "[$Tf] FR: $ci -- SIP-$rs Destination Busy\n" ); return; } # 487 -- Request Cancelled (usually in response to a CANCEL transaction) if( t_check_status("487") ){ xlog("L_NOTICE", "[$Tf] FR: $ci -- SIP-$rs Request Cancelled\n" ); return; } # At this stage we try the next gateway, if no next gateway we bail. if( ds_next_domain() ){ t_on_reply("1"); t_on_failure("2"); xlog( "L_NOTICE", "[$Tf] FR: $ci Next gateway $fU -> $tU via $rd\n" ); if( !t_relay() ){ xlog( "L_WARN", "[$Tf] FR: $ci -- ERROR - Can not t_relay()\n" ); return; } return; } else { xlog( "L_WARN", "[$Tf] FR: $ci No more gateways -> 503.\n" ); t_reply("503", "Service unavailable -- no more gateways" ); return; } }

3 3

[Users] t_relay() with variables(proto:ip:port)
by Benko 30 Mar '07

30 Mar '07

Hello! I would like to relay messages to a location("proto:ip:port") i retrieve from a db-table with avp_db_query, unfortunately t_relay doesn't allow using avps or pseudo-variables currently(iirc). Do you know a workaround without using t_relay or is there a way to use avps/pseudo-variables with t_relay() since 1.2? Thx Christian

3 7

[Users] A Problem with Serweb server monitoring
by Jarkko Nevala 30 Mar '07

30 Mar '07

Hi. I'm having problems with Serweb server monitoring script. As Instructed Serweb install file I have cron job, that executes "read_ser_moni.php" once in a minute. Every time the script is executed I get this error on serweb log: "serweb [error] server monitoring - 500 command 't_stats' not available" It also happens, when I'm executing the script from command line or executing manually fifo command with openserctl ("openserctl fifo t_stat"). It seems, that openser receives the command, but doesen't know what to do with it, because I get this error on syslog from openser: ERROR: fifo_server: command t_stats is not available **** done consume INFO: fifo_server: command empty Has the t_stat fifo command depricated or am I just missing some parameter from my cfg. thanks. JN

2 1

← Newer
1
2
3
4
5
6
7
8
...
38
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users March 2007