hi all;
i just received "bad user name/uid number: -u openser" error msg when i try to start openser server, after installing openser database on mysql and using openser.cfg generator scpript at sipwise.com /rtpproxy section
any help about this msg is appreciated.
hi;
when i use a stun server i can register my UAs , but i didnt like this method, i think i should be able to do it without a stun server at first, i see nathelper Module in the documentatios.
is there somebody to show how to use nathelper module?
----- Original Message -----
From: raviprakash sunkara
To: asahin
Sent: Saturday, March 31, 2007 7:25 AM
Subject: Re: [Users] Re: openser behind nat UAs behind NAT
Hi Asahin,
When U with OpenSER Behind NAT,
I need to know that is OpenSER is Behind the NAT, which having the Firewall router/NAT.
Is the OpenSER is private IP or Public IP (ISP)
if the OpenSER is Having the Private IP, of that IP is should forwards the SIP port and RTP ports,
and in openserclt, SIP Domain is the public ip.
alias should be the Sip domain name
In Register Section if!www_authorize("alias name or realm", " subscriber" )
On 3/31/07, asahin <abdsahin(a)gmail.com> wrote:
hi all;
i am now able to register my client with the openserver server.
i used STUN server option of x-lite and stun.voipuser.org as the stun server
i also set/exported SIP_DOMAIN variable to my public openser server ip address.
i wonder do i have to use a stun server ?
----- Original Message -----
From: asahin
To: users(a)openser.org
Sent: Friday, March 30, 2007 10:26 PM
Subject: openser behind nat UAs behind NAT
hi;
i installed and tested openser on the internal network, it was working.
i tried to test it behind NAT with x-lite sip client, but it failed.
i defined a port mapping on the adsl modem for udp/tcp 5060 ports to forward the packets to the openser installed machine.
when i try to register to openser i received a 408 request timeout message.
i guess its due to external ip of the openser server. i think i should define external ip of the modem to the openser as if it's its own ip, but dont where to define it.
here is the ngrep dump at the server.
U external_ip_of_ua:23975 -> 192.168.200.2:5060 REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport..Max-Forwards: 70..Contact: <sip:apo@external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo@external_ip_of_openser>..From: "apo"<sip:apo@external_ip_of_ua;tag=da6a3851..Call-ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER.. Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0....#U 192.168.200.2:5060 -> external_ip_of_openser:5060
REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP 192.168.200.2;branch=z9hG4bKd734.53940821.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport=23975..Max-Forwards: 69..Contact: <sip:apo@external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo@external_ip_of_openser>..From: "apo"<sip:apo@external_ip_of_ua;tag=da6a3851..Call- ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER..Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, B YE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0..P-hint: out bound....
my openser.cfg file is the initial openser openser.cfg file i didnt change it.
-------------
#
# $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
#
# simple quick-start config script
# Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php
# for a explanation of possible statements, functions and parameters.
#
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)
children=4
# Uncomment these lines to enter debugging mode
#fork=no
#log_stderror=yes
#
port=5060
# uncomment the following lines for TLS support
#disable_tls = 0
#listen = tls:your_IP:5061
#tls_verify_server = 1
#tls_verify_client = 1
#tls_require_client_certificate = 0
#tls_method = TLSv1
#tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
#tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
#tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
# ------------------ module loading ----------------------------------
#set module path
mpath="/usr/local/lib64/openser/modules/"
# Uncomment this if you want to use SQL database
#loadmodule "mysql.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
#loadmodule "auth.so"
#loadmodule "auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- mi_fifo params --
modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER")
record_route();
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
};
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
# if you have some interdomain connections via TLS
#if(uri=~"@tls_domain1.net") {
# t_relay("tls:domain1.net");
# exit;
#} else if(uri=~"@tls_domain2.net") {
# t_relay("tls:domain2.net");
# exit;
#}
route(1);
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
#if (!www_authorize("openser.org", "subscriber")) {
# www_challenge("openser.org", "0");
# exit;
#};
save("location");
exit;
};
lookup("aliases");
if (!uri==myself) {
append_hf("P-hint: outbound alias\r\n");
route(1);
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
exit;
};
append_hf("P-hint: usrloc applied\r\n");
};
route(1);
}
route[1] {
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
exit;
}
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
--
Thanks and Regards
Ravi Prakash Sunkara
ravi.sunkara(a)hyperion-tech.com
M:+91 9985077535
www.hyperion-tech.com
Client and Parent company :- www.august-networks.com
hi all;
i am now able to register my client with the openserver server.
i used STUN server option of x-lite and stun.voipuser.org as the stun server
i also set/exported SIP_DOMAIN variable to my public openser server ip address.
i wonder do i have to use a stun server ?
----- Original Message -----
From: asahin
To: users(a)openser.org
Sent: Friday, March 30, 2007 10:26 PM
Subject: openser behind nat UAs behind NAT
hi;
i installed and tested openser on the internal network, it was working.
i tried to test it behind NAT with x-lite sip client, but it failed.
i defined a port mapping on the adsl modem for udp/tcp 5060 ports to forward the packets to the openser installed machine.
when i try to register to openser i received a 408 request timeout message.
i guess its due to external ip of the openser server. i think i should define external ip of the modem to the openser as if it's its own ip, but dont where to define it.
here is the ngrep dump at the server.
U external_ip_of_ua:23975 -> 192.168.200.2:5060 REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport..Max-Forwards: 70..Contact: <sip:apo@external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo@external_ip_of_openser>..From: "apo"<sip:apo@external_ip_of_ua;tag=da6a3851..Call-ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER.. Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0....#U 192.168.200.2:5060 -> external_ip_of_openser:5060
REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP 192.168.200.2;branch=z9hG4bKd734.53940821.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport=23975..Max-Forwards: 69..Contact: <sip:apo@external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo@external_ip_of_openser>..From: "apo"<sip:apo@external_ip_of_ua;tag=da6a3851..Call- ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER..Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, B YE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0..P-hint: out bound....
my openser.cfg file is the initial openser openser.cfg file i didnt change it.
-------------
#
# $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
#
# simple quick-start config script
# Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php
# for a explanation of possible statements, functions and parameters.
#
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)
children=4
# Uncomment these lines to enter debugging mode
#fork=no
#log_stderror=yes
#
port=5060
# uncomment the following lines for TLS support
#disable_tls = 0
#listen = tls:your_IP:5061
#tls_verify_server = 1
#tls_verify_client = 1
#tls_require_client_certificate = 0
#tls_method = TLSv1
#tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
#tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
#tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
# ------------------ module loading ----------------------------------
#set module path
mpath="/usr/local/lib64/openser/modules/"
# Uncomment this if you want to use SQL database
#loadmodule "mysql.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
#loadmodule "auth.so"
#loadmodule "auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- mi_fifo params --
modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER")
record_route();
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
};
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
# if you have some interdomain connections via TLS
#if(uri=~"@tls_domain1.net") {
# t_relay("tls:domain1.net");
# exit;
#} else if(uri=~"@tls_domain2.net") {
# t_relay("tls:domain2.net");
# exit;
#}
route(1);
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
#if (!www_authorize("openser.org", "subscriber")) {
# www_challenge("openser.org", "0");
# exit;
#};
save("location");
exit;
};
lookup("aliases");
if (!uri==myself) {
append_hf("P-hint: outbound alias\r\n");
route(1);
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
exit;
};
append_hf("P-hint: usrloc applied\r\n");
};
route(1);
}
route[1] {
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
exit;
}
hi;
i installed and tested openser on the internal network, it was working.
i tried to test it behind NAT with x-lite sip client, but it failed.
i defined a port mapping on the adsl modem for udp/tcp 5060 ports to forward the packets to the openser installed machine.
when i try to register to openser i received a 408 request timeout message.
i guess its due to external ip of the openser server. i think i should define external ip of the modem to the openser as if it's its own ip, but dont where to define it.
here is the ngrep dump at the server.
U external_ip_of_ua:23975 -> 192.168.200.2:5060 REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport..Max-Forwards: 70..Contact: <sip:apo@external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo@external_ip_of_openser>..From: "apo"<sip:apo@external_ip_of_ua;tag=da6a3851..Call-ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER.. Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0....#U 192.168.200.2:5060 -> external_ip_of_openser:5060
REGISTER sip:external_ip_of_openser SIP/2.0..Via: SIP/2.0/UDP 192.168.200.2;branch=z9hG4bKd734.53940821.0..Via: SIP/2.0/UDP external_ip_of_ua:23975;branch=z9hG4bK-d87543-307c62021a71bf6d-1--d87543-;rport=23975..Max-Forwards: 69..Contact: <sip:apo@external_ip_of_ua:23975;rinstance=6a2c0ccf1a30b6bf>..To: "apo"<sip:apo@external_ip_of_openser>..From: "apo"<sip:apo@external_ip_of_ua;tag=da6a3851..Call- ID: ODJmOTVkNmIxNjE0NWM3MWNiNTQ4ZjFlMmVkZDZmYjQ...CSeq: 1 REGISTER..Expires: 3600..Allow: INVITE, ACK, CANCEL, OPTIONS, B YE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 1006e stamp 34025..Content-Length: 0..P-hint: out bound....
my openser.cfg file is the initial openser openser.cfg file i didnt change it.
-------------
#
# $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
#
# simple quick-start config script
# Please refer to the Core CookBook at http://www.openser.org/dokuwiki/doku.php
# for a explanation of possible statements, functions and parameters.
#
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)
children=4
# Uncomment these lines to enter debugging mode
#fork=no
#log_stderror=yes
#
port=5060
# uncomment the following lines for TLS support
#disable_tls = 0
#listen = tls:your_IP:5061
#tls_verify_server = 1
#tls_verify_client = 1
#tls_require_client_certificate = 0
#tls_method = TLSv1
#tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
#tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
#tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
# ------------------ module loading ----------------------------------
#set module path
mpath="/usr/local/lib64/openser/modules/"
# Uncomment this if you want to use SQL database
#loadmodule "mysql.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
#loadmodule "auth.so"
#loadmodule "auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- mi_fifo params --
modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER")
record_route();
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
};
if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
# if you have some interdomain connections via TLS
#if(uri=~"@tls_domain1.net") {
# t_relay("tls:domain1.net");
# exit;
#} else if(uri=~"@tls_domain2.net") {
# t_relay("tls:domain2.net");
# exit;
#}
route(1);
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
#if (!www_authorize("openser.org", "subscriber")) {
# www_challenge("openser.org", "0");
# exit;
#};
save("location");
exit;
};
lookup("aliases");
if (!uri==myself) {
append_hf("P-hint: outbound alias\r\n");
route(1);
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
exit;
};
append_hf("P-hint: usrloc applied\r\n");
};
route(1);
}
route[1] {
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
exit;
}
Bodin,
looks like the error has its roots in the radiusclient library:
rc_check_reply: received invalid reply digest from RADIUS server
I'm not a RADIUS expert, so I cannot say more than this.....:( ...maybe
try to use wireshark to see the packages between server and client radius.
regards,
bogdan
Bodin Bruno wrote:
> Bogdan-Andrei Iancu a écrit :
>> Hi Bodin,
>>
>> Have you try to see if your radius cfg is ok? see:
>>
>> http://www.openser.org/docs/openser-radius-1.0.x.html#testing_radius_commun…
>>
>>
>> regards,
>> bogdan
>>
>>
>> Bodin Bruno wrote:
>>> Bogdan-Andrei Iancu a écrit :
>>>> Hi Bodin,
>>>>
>>>> look into the system log (/var/log/{syslog|messages}) to get the
>>>> error generated by the radius library.
>>>>
>>>> regards,
>>>> bogdan
>>>>
>>>> Bodin Bruno wrote:
>>>>> Same radius client config, same radius server config, just 1.2
>>>>> from 1.1.1 but an error :
>>>>>
>>>>> 5(23229) ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
>>>>>
>>>>> Radius server get a good authenticate but openser failed this
>>>>> after :(
>>>>
>>> On radius side, no error, in /var/log/messages there is only thise
>>> line :
>>> Mar 28 14:26:21 zebulon openser: rc_check_reply: received invalid
>>> reply digest from RADIUS server
>>>
>>>
>>
> Hi,
> Yes for sure. When a use 1.1.1 it work , and when I use 1.2 that
> doesnt work, I thin k there is a difference between the two ...
>
> thank
>
Hi all,
Can anyone explain what this error mean?
Mar 30 16:50:05 openser /sbin/openser[22632]: WARNING: udp_rcv_loop:
upstream bug - 0-terminated packet from 192.168.0.1 50195
I'm getting this after an "Accepted" of a NOTIFY-message.
Br,
/Tobias
Hello
I already have an OpenSER runnig nicely.
Now I installed a second OpenSER (with other a newdomain) with the same
database configuration and the same ser.cfg (except the IP).
Everyting works fine... except the authentication... OpenSER always
answers 401 Unauthorized.
It only accepts clients when I comment this part:
if (!www_authorize("newdomain.com", "subscriber")) {
www_challenge("newdomain.com", "0");
break;
};
The users exist in the database and I know the username / password.
Whats happening?
Thanks
regards
Joao Pereira
Hi Everyone,
I aparently have something in my openser.cfg that is allowing
unauthorized calls to go through to our PSTN gateways. I have included
my config below for review. I would appreciate any help understanding
how this might be happening.
I am currently reviewing the CDRs from my PSTN gateways for clues as well.
This is a pretty basic configuration with no NAT involved.
Regards,
Daryl
route {
# -----------------------------------------------------------------
# Sanity Check Section
# -----------------------------------------------------------------
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483", "Too Many Hops");
exit;
};
if (msg:len > max_len) {
sl_send_reply("513", "Message Overflow");
exit;
};
if (method=="INVITE" || method=="ACK" || method=="BYE") {
setflag(1);
};
if (method=="INVITE") {
if (is_user_in("From","inactive")) {
if (uri =~ "^sip:911@") {
xlog("L_NOTICE", "[$Tf] R1: $ci -- Allowing 911
Emergency Call on Inactive User\n" );
} else {
sl_send_reply("403", "Forbidden");
xlog("L_NOTICE", "[$Tf] R1: $ci -- User Inactive\n" );
return;
};
};
};
# -----------------------------------------------------------------
# Record Route Section
# -----------------------------------------------------------------
if (method!="REGISTER") {
record_route();
};
# -----------------------------------------------------------------
# Loose Route Section
# -----------------------------------------------------------------
if (loose_route()) {
xlog( "L_NOTICE", "[$Tf] RR: $ci -- Loose Route $rm ($rd).\n" );
if (!t_relay()) {
sl_reply_error();
};
return;
};
# -----------------------------------------------------------------
# Call Type Processing Section
# -----------------------------------------------------------------
if (uri!=myself) {
route(1);
return;
};
if (method=="ACK") {
route(1);
return;
} else if (method=="REGISTER") {
route(2);
return;
} else if (method=="INVITE") {
route(3);
return;
} else if (method=="BYE" || method=="CANCEL") {
t_relay();
exit;
}
lookup("aliases");
if (uri!=myself) {
route(1);
return;
};
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
return;
};
route(1);
}
route[1] {
# -----------------------------------------------------------------
# Default Message Handler
# -----------------------------------------------------------------
t_on_reply("1");
t_on_failure("2");
if (!t_relay()) {
sl_reply_error();
};
}
route[2] {
# -----------------------------------------------------------------
# REGISTER Message Handler
# -----------------------------------------------------------------
sl_send_reply("100", "Trying");
if (!www_authorize("","subscriber")) {
www_challenge("","0");
exit;
};
consume_credentials();
if (!save("location")) {
sl_reply_error();
};
}
route[3] {
# -----------------------------------------------------------------
# INVITE Message Handler
# -----------------------------------------------------------------
# Trusted Provider IPs
if (!src_ip==x.x.x.x)&&(!src_ip==x.x.x.x)&&(!src_ip==x.x.x.x) {
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","0");
exit;
};
consume_credentials();
};
lookup("aliases");
if (uri!=myself) {
route(1);
return;
};
if (uri=~"[@:](192\.168\.|10\.|172\.16)" && !search("^Route:")){
sl_send_reply("479", "We do not forward to private IP addresses");
};
if ((uri =~ "^sip:0@")|| /* Operator Assistance */
(uri =~ "^sip:911@")|| /* 911 Emergency */
(uri =~ "^sip:411@")|| /* Directory Assistance */
(uri =~ "^sip:1[0-9]{10}@")) { /* Domestic PSTN */
route(4);
return;
};
if (uri=~"^sip:0111[0-9]*@") { # Kill calls to 011+1... (invalid dialing)
sl_send_reply("406", "Not Acceptable");
return;
}
if (uri=~"^sip:011[0-9]*@") { # International PSTN
if(!is_user_in("From","gateway1")) {
strip(3); # Remove 011 for Gateway2
}
route(4);
return;
};
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
return;
};
route(1);
}
route[4] {
# -----------------------------------------------------------------
# PSTN Handler
# -----------------------------------------------------------------
prefix("+"); # add "+" to Request URI
append_hf("P-Asserted-Identity: \"User\"<sip:+1$avp(s:rpid)@x.x.x.x>\r\n");
uac_replace_from("$fn","sip:+$fU@$fd:5060");
if(is_user_in("From","gateway1")) {
force_send_socket(x.x.x.x:5060);
xlog("L_NOTICE", "[$Tf] Message sent via IP-1\n" );
} else {
force_send_socket(x.x.x.x:5060);
xlog("L_NOTICE", "[$Tf] Message sent via IP-2\n" );
};
ds_select_domain("1","0");
route(1);
}
onreply_route[1] {
# we are checking here for a progressing return... ie a 180 Ringing or
# 183 session progress -- if this occurs we don't care from here on
# about failures as a gateway is handling the call...
if( status =~ "18[0-9]" ) {
xlog( "L_INFO", "[$Tf] ORR: $ci -- SIP-$rs Reset
t_on_failure()\n");
t_on_failure("0");
} else {
xlog( "L_INFO", "[$Tf] ORR: $ci -- $rs $rr\n" );
}
}
failure_route[2] {
# 408 -- timeout -- typically the end party has not answered
# Since we cancel t_on_failure() on a provisional response we
should not be
# getting a 408 timeout from a gateway at this stage.. it will
just "fall through"
# If fr_timer expires t_check_status("408") is true, although
$rs is <null>
if( t_check_status("408") ){
xlog( "L_NOTICE", "[$Tf] FR: $ci -- TIMEOUT for Gateway $rd\n" );
} else {
xlog( "L_NOTICE", "[$Tf] FR: $ci -- $rs reason $rr\n" );
}
# 403 -- Not a valid number, or possibly no permission to use the gateway
if( t_check_status("403") ){
xlog("L_NOTICE", "[$Tf] FR: $ci -- SIP-$rs Forbidden\n" );
return;
}
# 486 -- User Busy
if( t_check_status("486") ){
xlog("L_NOTICE", "[$Tf] FR: $ci -- SIP-$rs Destination Busy\n" );
return;
}
# 487 -- Request Cancelled (usually in response to a CANCEL transaction)
if( t_check_status("487") ){
xlog("L_NOTICE", "[$Tf] FR: $ci -- SIP-$rs Request
Cancelled\n" );
return;
}
# At this stage we try the next gateway, if no next gateway we bail.
if( ds_next_domain() ){
t_on_reply("1");
t_on_failure("2");
xlog( "L_NOTICE", "[$Tf] FR: $ci Next gateway $fU ->
$tU via $rd\n" );
if( !t_relay() ){
xlog( "L_WARN", "[$Tf] FR: $ci -- ERROR - Can
not t_relay()\n" );
return;
}
return;
} else {
xlog( "L_WARN", "[$Tf] FR: $ci No more gateways -> 503.\n" );
t_reply("503", "Service unavailable -- no more gateways" );
return;
}
}
Hello!
I would like to relay messages to a location("proto:ip:port") i
retrieve from a db-table with avp_db_query, unfortunately t_relay
doesn't allow using avps or pseudo-variables currently(iirc). Do you
know a workaround without using t_relay or is there a way to use
avps/pseudo-variables with t_relay() since 1.2?
Thx
Christian
Hi.
I'm having problems with Serweb server monitoring script. As Instructed
Serweb install file I have cron job, that executes "read_ser_moni.php" once
in a minute.
Every time the script is executed I get this error on serweb log: "serweb
[error] server monitoring - 500 command 't_stats' not available" It also
happens, when I'm executing the script from command line or executing
manually fifo command with openserctl ("openserctl fifo t_stat").
It seems, that openser receives the command, but doesen't know what to do
with it, because I get this error on syslog from openser:
ERROR: fifo_server: command t_stats is not available
**** done consume
INFO: fifo_server: command empty
Has the t_stat fifo command depricated or am I just missing some parameter
from my cfg.
thanks.
JN
