sr-users May 2010

sr-users@lists.kamailio.org

67 participants
106 discussions

Testing at SIPit 26
by Daniel-Constantin Mierla 06 May '10

06 May '10

Hello, anyone of you at SIPit 26 in about two weeks? http://sip-router.org/2010/05/05/testing-at-sipit-26/ http://www.kamailio.org/w/2010/05/testing-at-sipit-26/ I will be there ready to test 3.0 and devel for Kamailio and SER. If you want to test together or meet there, drop me an email. Cheers, Daniel -- Daniel-Constantin Mierla * http://www.asipto.com/

2 1

RPID Mod Question
by dotnetdub 06 May '10

06 May '10

Hi List, For certain Asterisk customers I want them to be allowed to manage and send their own CLI - we currently pass this onto providers as RPID. For example we also run a multi tenant pbx that uses kamailio as its proxy so it makes sense that we can send the callerID from this box to kamailio. Basically I will setup a prefix, check for that and if it matches I want to rewrite the RPID using the From"" from the SIP message.. From: "16172345671" <sip:username@domain>;tag=xxxxxxxxxxxx In this case I would send the RPID as <sip:16172345671@domain;party=calling;id-type=subscriber;privacy=off;screen=yes>" to our providers rather than reading the default value from the database for rpid. Where in the Kamailio / SR docs should I be looking for examples that would be similar / manipulating this type of info. Thanks, S.

3 3

Rtpproxy behind the NAT
by indiver 05 May '10

05 May '10

Hello Every one, My network setup is one to one nating of public and private ip. I want to run rtpproxy behind the NAT with in the local IP,but in vain. can't create listener error appears when i run rtpproxy on local ip. Can we run rtpproxy behind the NAT with local IP. If possible can any one specify the method. Regards, Indiver. -- View this message in context: http://old.nabble.com/Rtpproxy-behind-the--NAT-tp28458859p28458859.html Sent from the OpenSER Users Mailing List mailing list archive at Nabble.com.

2 1

Kamailio SCTP support
by Francisco José Méndez Cirera 05 May '10

05 May '10

Hello, I've downloaded Kamailio 3.0.0 (the last release) and I´ve seen it´s possible downloading a "binary tar.gz" or the source to compile directly. I would like to know if the binary has enabled support for SCTP by default. If it´s enabled by default, how can I activate it (I can´t find any option related to sctp in kamailio.cfg) ? If it isn´t enabled by default, which are the dependencies? Is there a document or something with at least the main dependencies? Thank you very much. Bye!

3 2

new features: extended cfg preprocessor directives
by Daniel-Constantin Mierla 05 May '10

05 May '10

Hello, just to let you know about some new features related to config preprocessing. 3.0 added config preprocessor directives such as 'include_file' and 'define'. But the define could be used only to control which parts of config file are active. Several days ago I committed the code to allow you 'define' values for IDs, like: #!define MYINT 123 #!define MYSTR "xyz" The defined IDs are replaced at startup, during config parsing, e.g.,: $var(x) = 100 + MYINT; - is read as: $var(x) = 100 + 123; Moreover, you can have multi-line defined IDs: #!define IDLOOP $var(i) = 0; \ while($var(i)<5) { \ xlog("++++ $var(i)\n"); \ $var(i) = $var(i) + 1; \ } - then in routing block route { ... IDLOOP ... } A completely new thing is the substitution preprocessor directive: #!subst "/regexp/subst/" Defined IDs are not replaced within string values (because a cfg IDs is a standalone alphanumeric token, not enclosed in single or double quotes), so if you need to change something inside a string within config file, then use substitution. For example, if you want to replace the password in all db_url module parameters: #!subst "/DBPASSWD/xyz/" modparam("acc", "db_url", "mysql://user:DBPASSWD@localhost/db") modparam("auth_db", "db_url", "mysql://user:DBPASSWD@localhost/db") The value of a 'subst' directive can be any valid perl-like substitution expression, you can use wildcards, group tokens, backreferences, .... Hope this will make your cfg scripting easier. Testing and feedback is appreciated. Cheers, Daniel -- Daniel-Constantin Mierla * http://www.asipto.com/ * http://twitter.com/miconda * http://www.linkedin.com/in/danielconstantinmierla

2 2

Simple Trunkig with Kamailio
by Jared Martin 05 May '10

05 May '10

Ok, this is probably an easy question: Say I have my kamailio server set up and all of my voip clients are gleefully calling each other... but now I want to connect them to the PSTN. Can I set up kamailo to trunk calls using a few grandstream gateways? or is Asterisk neccesary? Sorry if the answers out there, but I haven't found anything that answered the question directly. I'm a linux admin, but I'm new to PBX's and the like. I've installed kamailio in the past using instructions specific to that situation, but haven't configured trunking (or I didn't recognize thats what it was) references to howtos or tutorials would also be greatly appreciated Thanks for your help, Jared Martin

2 1

Error with 'Contact' field replacing
by Konstantin Shpinev 05 May '10

05 May '10

Hi! I have a problem with Kamailio. Sometimes (can not catch the moment and conditions of) situations arise when, calling from AAA to uri XXX call comes to uri YYY. The call comes from PSTN to the gray subnet of user-agents registered in kamailio. As the PSTN we using Audiocodes mediant. Kamailio ver. 1.5.3 Mediant host: 172.19.32.2, Kamailio host: 172.19.32.3 XXX host: 172.19.32.33, YYY host: 192.168.1.203 I put a line in the log section route_branch: > Apr 28 12:59:20 sipproxy /ks/sbin/kamailio[18294]: [INFO] new branch at sip:XXX@172.19.32.33:5060;user=phone Then in the log module acc wrote: > Apr 28 12:59:21 sipproxy /ks/sbin/kamailio[18302]: ACC: transaction answered: timestamp=1272473961;method=BYE;from_tag=1e76ae41;to_tag=1c1795565414;call_id=17 955646162422000234627(a)172.19.32.2;code=481;reason=Call/Transaction Does Not Exist;from_uri=sip:XXX@172.19.32.3 <sip%3AXXX(a)172.19.32.3>;from_username=XXX;from_name=;from_domain= 172.19.32.3;to_uri=sip:AAA@172.19.32.2 <sip%3AAAA(a)172.19.32.2>;to_username=AAA;to_name=;to_domain=172.19.32.2;request_uri=sip:AAA@172.19.32.2 <sip%3AAAA(a)172.19.32.2>;request_username=AAA;route_id=;route_name=;route_type_id=;destination=;calllist_id= Despite the error, the call passes, but to the another uri. Here's the log of the mediant: 1: > Apr 28 12:52:31 172.19.32.2 ( lgr_flow)(44244101 ) ---- Outgoing SIP Message to 172.19.32.3:5060 ---- Apr 28 12:52:31 172.19.32.2 ACK sip:XXX@172.19.32.33:5060;user=phone SIP/2.0^M Via: SIP/2.0/UDP 172.19.32.2;branch=z9hG4bKac1897823584^M Max-Forwards: 70^M From: <sip:AAA@172.19.32.2 <sip%3AAAA(a)172.19.32.2>>;tag=1c1795565414^M To: <sip:XXX@172.19.32.3 <sip%3AXXX(a)172.19.32.3>>;tag=1e76ae41^M Call-ID: 17955646162422000234627(a)172.19.32.2^M CSeq: 1 ACK Contact: <sip:AAA@172.19.32.2 <sip%3AAAA(a)172.19.32.2>>^M Route: <sip:172.19.32.3;lr;ftag=1c1795565414;vsf=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA->^M Supported: em,timer,replaces,path,early-session,resource-priority^M Allow: REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK,REFER,INFO,SUBSCRIBE,UPDATE^M *User-Agent: Audiocodes-Sip-Gateway-Mediant 2000/v.5.00A.045.003*^M Content-Length: 0 As you can see, in 1. all is well. But then: 2: > ..... ---- Incoming SIP Message from 172.19.32.3:5060 ---- ....From: <sip:AAA@172.19.32.2 <sip%3AAAA(a)172.19.32.2>>;tag=1c1795565414^M > Call-ID: 17955646162422000234627(a)172.19.32.2^M CSeq: 1 INVITE^M Allow: > INVITE, ACK, CANCEL,OPTIONS, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO^M > Content-Type: application/sdp^M *User-Agent: Zoiper for Windows rev.1105*^M > Content-Length: 232^M ^M v=0^M *o=Zoiper_user 0 0 IN IP4 192.168.1.203^M > s=Zoiper_session^M c=IN IP4 192.168.1.203^*M t=0 0^M m=audio 8000 RTP/AVP > 8 0 101^M a=rtpmap:8 PCMA/8000^M a=rtpmap:0 PCMU/8000^M a=rtpmap:101 > telephone-event/8000^M a=fmtp:101 0-15^M a=sendrecv And that is where the substitution occurred at the data fields 'Contact' an entirely different user-agent (uri YYY), which is also registered on Kamailio. That it eventually comes to call. *Repeat: In second SIP message from Kamailio 'Contact' field is replaced by 'Contact' of another (!) user-agent (YYY).* There is a suspicion that an error occurs in a block: > if (!lookup("location")) { switch ($retcode) { case -3: ... case -1: ... case -2: ... } } } I myself anywhere 'Contact' field are not affected, so all suspected to *locate() *from module Registrar.

2 1

kamailio and presence_xml parse error
by Francesco 05 May '10

05 May '10

Hi to all. I'm new here. I'm getting crazy with presence_xml error. I'm using kamailio 1.5.4 notls with xlite 3.0 (winXP client) softphone and postgresql 8.4 as db backend. Seems that presence works, but i have error in parsing xml: those are the relevant log: Apr 29 16:42:54 ocs /usr/sbin/kamailio[2462]: INFO:presence:send_notify_request: NOTIFY sip:user1@ocs.ita.domain.net<sip%3Auser1(a)ocs.ita.domain.net>via sip:user1@10.44.17.145:24258 on behalf of sip:user2@ocs.ita.domain.net<sip%3Auser2(a)ocs.ita.domain.net>for event presence Apr 29 16:42:54 ocs /usr/sbin/kamailio[2463]: ERROR:presence_xml:agregate_xmls: while parsing xml body message Apr 29 16:42:54 ocs /usr/sbin/kamailio[2463]: ERROR:presence_xml:pres_agg_nbody: while aggregating body When i login on kamailio, the users are not immediatly notified to my presence...but, when there's a change of status, the client are notified and on softphone the status change. Other that, if the client close softphone, i can watch this on the log: Apr 29 16:42:41 ocs /usr/sbin/kamailio[2461]: ERROR:presence_xml:offline_nbody: while parsing xml memory Apr 29 16:42:41 ocs /usr/sbin/kamailio[2461]: ERROR:presence_xml:pres_agg_nbody: while constructing offline body Apr 29 16:42:41 ocs /usr/sbin/kamailio[2461]: INFO:presence:send_notify_request: NOTIFY sip:user1@ocs.ita.domain.net<sip%3Auser1(a)ocs.ita.domain.net>via sip:user1@10.44.17.145:24258 on behalf of sip:user3@ocs.ita.domain.net<sip%3Auser3(a)ocs.ita.domain.net>for event presence And the client, on the other softphone, results on line, rather then offline. I'm thinking about encoding database, i've tryied with SQL ASCII and UTF-8 too. Same behaviour. I try different releases (1.5.3 no tls) on different distribution (debian, lucid, alpine linux). Same behaviour. Obiouvsly, the softphone are right configured (presence agent is enabled). Any hints? Thanks for you kind attention. :: Francesco Colista :: Email : francesco.colista(a)gmail.com :: Jabber: francesco(a)jabber.org

3 5

Re: [SR-Users] sr-users Digest, Vol 60, Issue 6
by Rothe, Marcus, D22-WHV 05 May '10

05 May '10

"sr-users-request(a)lists.sip-router.org" <sr-users-request(a)lists.sip-router.org> schrieb: Send sr-users mailing list submissions to sr-users(a)lists.sip-router.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users or, via email, send a message with subject or body 'help' to sr-users-request(a)lists.sip-router.org You can reach the person managing the list at sr-users-owner(a)lists.sip-router.org When replying, please edit your Subject line so it is more specific than "Re: Contents of sr-users digest..." Today's Topics: 1. Authentication SER + RADIUS + LDAP (Pablo Ros) 2. Kamailio SCTP support (Francisco Jos? M?ndez Cirera) 3. Re: NAT Traversal IPTel example (Daniel-Constantin Mierla) 4. Re: Kamailio SCTP support (Daniel-Constantin Mierla) ---------------------------------------------------------------------- Message: 1 Date: Tue, 4 May 2010 10:03:26 +0200 From: Pablo Ros <prf1987(a)gmail.com> Subject: [SR-Users] Authentication SER + RADIUS + LDAP To: sr-users(a)lists.sip-router.org Message-ID: <m2i46878ffc1005040103m27d01ccfo9c84d8bba7dc7896(a)mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" Hello, We have a LDAP database with many users information and this is the one we use to implement most of our services; on the contrary we have SER working with a SQL data base. Our intention was to make also the authentication against LDAP. After some research, we've seen there's no specific module for SER to work with LDAP and we have considered some alternatives among them there was the "module" from ETH world<http://www.ethworld.ethz.ch/technologies/sipeth/ser_modules/ldap>. However, we didn't manage to make it work (if it's an advisable choice we'd appreciate some clues). So, we decided to make the authentication through the RADIUS server. Nevertheless, we are having some problems with the way data is sent. When doing the user authentication there's no problem as it is sent in plain text and we modified to do it against the email attribute as it's this what we want. It makes it perfectly. But it turns out that when we try to make the password authentication, as the data sent from SER comes in a hash (user:realm:password) as long as we know, we don't really know how to make it compare with the password field in LDAP (under MD5 algorithm as well). When we make a test over Radius by sending plain text it works perfectly so it shouldn't be a problem by searching the attributes over LDAP. We have tried to follow instructions to set the digest section properly but there's something we definitely miss. Attached there's a log from the radius when trying to log with SER and the Register section from SER. log: 03 User-Name = "my.user(a)i2cat.net" Digest-Attributes = 0x0a0b7061626c6f2e726f73 Digest-Attributes = 0x010b69326361742e6e6574 Digest-Attributes = 0x022a34626466643065343837303734363630626261366134363437663730313034343639 663532306532 Digest-Attributes = 0x040f7369703a69326361742e6e6574 Digest-Attributes = 0x030a5245474953544552 Digest-Response = "6c95bcba1fca30e976fa9295025b1bf4" Service-Type = Sip-Session Sip-Uri-User = "my.user" NAS-Port = 5060 NAS-IP-Address = 127.0.0.1 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_digest: Adding Auth-Type = DIGEST ++[digest] returns ok rlm_realm: Looking up realm "i2cat.net" for User-Name = " my.user(a)i2cat.net" rlm_realm: No such realm "i2cat.net" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop rlm_ldap: - authorize rlm_ldap: performing user authorization for my.user(a)i2cat.net WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: (mail=%{Stripped-User-Name:-%{User-Name}}) -> (mail= my.user(a)i2cat.net) expand: ou=activat,ou=personal,dc=i2cat,dc=net -> ou=activat,ou=personal,dc=i2cat,dc=net rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap.i2cat.net:389, authentication 0 rlm_ldap: bind as cn=anonim,dc=i2cat,dc=net/i2mngr to ldap.i2cat.net:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=activat,ou=personal,dc=i2cat,dc=net, with filter (mail=pablo.ros(a)i2cat.net) rlm_ldap: No default NMAS login sequence rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute userPassword as RADIUS attribute Digest-HA1 == "{md5}nCK4tZ5NNP48oT0wlXX+Jw==" rlm_ldap: looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? rlm_ldap: user pablo.ros(a)i2cat.net authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type DIGEST auth: type "digest" +- entering group authenticate rlm_digest: Digest-HA1 has invalid length, authentication failed. ++[digest] returns invalid auth: Failed to validate the user. Login incorrect: [my.user(a)i2cat.net/<via Auth-Type = DIGEST>] (from client localhost port 5060) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> my.user(a)i2cat.net attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds SER register -> User Authentication part #------------------------------------------------------------------------ # Comprovacio de credencials per als usuaris. #------------------------------------------------------------------------ if (!is_user_in("From", "noauth")) { xlog("L_NOTICE", "SER-INFO: challenging user...\n"); # IMPORTANTE: radius_www_authorize solo toma un par?metro! if(!radius_www_authorize("")) { # L'usuari NO esta registrat correctament o les # credencials no son valides! www_challenge("i2cat.net","0"); xlog("L_ALERT","SER-ALERT r[4]-Bad Auth from <%fu>:(%is) [403 Forbiden]\n"); sl_send_reply("403", "Forbiden!, Bad Credentials"); break; #tallem la comunicacio }; #-------------------------------------------------------------------- # check_to #-------------------------------------------------------------------- if(!check_to()) { xlog("L_ALERT","SER-ALERT: check_to(): REG Spoofed attempt <%fu>:(%is)\n"); sl_send_reply("403", "Use To=id la proxima vegada :@"); consume_credentials(); # fem que caduqui la sessio break; }; } -- Pablo Ros

1 0

Authentication SER + RADIUS + LDAP
by Pablo Ros 05 May '10

05 May '10

Hello, We have a LDAP database with many users information and this is the one we use to implement most of our services; on the contrary we have SER working with a SQL data base. Our intention was to make also the authentication against LDAP. After some research, we've seen there's no specific module for SER to work with LDAP and we have considered some alternatives among them there was the "module" from ETH world<http://www.ethworld.ethz.ch/technologies/sipeth/ser_modules/ldap>. However, we didn't manage to make it work (if it's an advisable choice we'd appreciate some clues). So, we decided to make the authentication through the RADIUS server. Nevertheless, we are having some problems with the way data is sent. When doing the user authentication there's no problem as it is sent in plain text and we modified to do it against the email attribute as it's this what we want. It makes it perfectly. But it turns out that when we try to make the password authentication, as the data sent from SER comes in a hash (user:realm:password) as long as we know, we don't really know how to make it compare with the password field in LDAP (under MD5 algorithm as well). When we make a test over Radius by sending plain text it works perfectly so it shouldn't be a problem by searching the attributes over LDAP. We have tried to follow instructions to set the digest section properly but there's something we definitely miss. Attached there's a log from the radius when trying to log with SER and the Register section from SER. log: 03 User-Name = "my.user(a)i2cat.net" Digest-Attributes = 0x0a0b7061626c6f2e726f73 Digest-Attributes = 0x010b69326361742e6e6574 Digest-Attributes = 0x022a34626466643065343837303734363630626261366134363437663730313034343639663532306532 Digest-Attributes = 0x040f7369703a69326361742e6e6574 Digest-Attributes = 0x030a5245474953544552 Digest-Response = "6c95bcba1fca30e976fa9295025b1bf4" Service-Type = Sip-Session Sip-Uri-User = "my.user" NAS-Port = 5060 NAS-IP-Address = 127.0.0.1 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_digest: Adding Auth-Type = DIGEST ++[digest] returns ok rlm_realm: Looking up realm "i2cat.net" for User-Name = " my.user(a)i2cat.net" rlm_realm: No such realm "i2cat.net" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop rlm_ldap: - authorize rlm_ldap: performing user authorization for my.user(a)i2cat.net WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: (mail=%{Stripped-User-Name:-%{User-Name}}) -> (mail= my.user(a)i2cat.net) expand: ou=activat,ou=personal,dc=i2cat,dc=net -> ou=activat,ou=personal,dc=i2cat,dc=net rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap.i2cat.net:389, authentication 0 rlm_ldap: bind as cn=anonim,dc=i2cat,dc=net/i2mngr to ldap.i2cat.net:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=activat,ou=personal,dc=i2cat,dc=net, with filter (mail=pablo.ros(a)i2cat.net) rlm_ldap: No default NMAS login sequence rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute userPassword as RADIUS attribute Digest-HA1 == "{md5}nCK4tZ5NNP48oT0wlXX+Jw==" rlm_ldap: looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? rlm_ldap: user pablo.ros(a)i2cat.net authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type DIGEST auth: type "digest" +- entering group authenticate rlm_digest: Digest-HA1 has invalid length, authentication failed. ++[digest] returns invalid auth: Failed to validate the user. Login incorrect: [my.user(a)i2cat.net/<via Auth-Type = DIGEST>] (from client localhost port 5060) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> my.user(a)i2cat.net attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds SER register -> User Authentication part #------------------------------------------------------------------------ # Comprovacio de credencials per als usuaris. #------------------------------------------------------------------------ if (!is_user_in("From", "noauth")) { xlog("L_NOTICE", "SER-INFO: challenging user...\n"); # IMPORTANTE: radius_www_authorize solo toma un parámetro! if(!radius_www_authorize("")) { # L'usuari NO esta registrat correctament o les # credencials no son valides! www_challenge("i2cat.net","0"); xlog("L_ALERT","SER-ALERT r[4]-Bad Auth from <%fu>:(%is) [403 Forbiden]\n"); sl_send_reply("403", "Forbiden!, Bad Credentials"); break; #tallem la comunicacio }; #-------------------------------------------------------------------- # check_to #-------------------------------------------------------------------- if(!check_to()) { xlog("L_ALERT","SER-ALERT: check_to(): REG Spoofed attempt <%fu>:(%is)\n"); sl_send_reply("403", "Use To=id la proxima vegada :@"); consume_credentials(); # fem que caduqui la sessio break; }; } -- Pablo Ros

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users May 2010