sr-users March 2014

sr-users@lists.kamailio.org

101 participants
165 discussions

How to configure Kamailio + Asterisk (on same server) to route between several disjoint networks?

by Alex Villacís Lasso

As part of a project, I have installed a CentOS 6 test system (a virtual machine) with Asterisk 11.7.0 and Kamailio 4.1.1 downloaded from http://download.opensuse.org/repositories/home:/kamailio:/telephony/CentOS_…. I am trying to setup a combination of Kamailio and Asterisk that will route SIP calls between all the configured networks in the test setup, in addition to being capable of using Asterisk in order to handle PSTN and IAX2 calls. I am using the following online guide to modify my kamailio.cfg: http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb . Based on this, I generated the attached patch for my Kamailio configuration My test setup has the following network interfaces: eth0: 10.1.0.3, on network 10.1.0.0/24 eth1: 192.168.5.18, on network 192.168.0.0/16 eth2: 10.0.0.2, on network 10.0.0.0/24 lo: 127.0.0.1, on network 127.0.0.0/8 I first configured Asterisk with SIP realtime support (with no Kamailio), and tested that all configured accounts could register from all interfaces, and that Asterisk could properly route media between any two disjoint networks. After installing Kamailio, the guide called for disabling Asterisk SIP authentication by setting passwords to NULL, and moving Asterisk SIP to a different port (I chose 5080) so that Asterisk and Kamailio could run on the same machine. At this point, the SIP clients (one softphone and one VoIP phone) can now register at port 5080 without authentication. In the process of changing my Kamailio configuration according to the attached patch, the guide says that I should configure the IP of the network interface as the value of asterisk.bindip and kamailio.bindip. After performing all required changes, Kamailio does take over authentication at the default port of 5060. Testing shows that for all SIP clients with IPs belonging to the same network as the configured asterisk.bindip, both registration and media exchange work correctly, and that the SIP clients are still capable of calling into the Asterisk dialplan, and therefore, routing into Asterisk resources. For SIP clients in disjoint networks, the failure mode depends on whether mhomed is enabled or disabled in kamailio.cfg. For mhomed=0 (or unset), I have the following situation between the two SIP clients (one at 10.1.0.1, the other at 10.0.0.3), as shown by "sip show peers" in Asterisk (when asterisk.bindip is set to 192.168.5.18): Privilege escalation protection disabled! See https://wiki.asterisk.org/wiki/x/1gKfAQ for more details. Name/username Host Dyn Forcerport ACL Port Status Description Realtime gatitoscomx64am_100/gatit 10.1.0.3 D N A 5060 OK (16 ms) Cached RT gatitoscomx64am_101/gatit 10.0.0.2 D N A 5060 OK (36 ms) Cached RT gatitoscomx64am_IM101 (Unspecified) D N A 0 UNREACHABLE Cached RT 3 sip peers [Monitored: 2 online, 1 offline Unmonitored: 0 online, 0 offline] If I try to call from one SIP client to an extension in the Asterisk dialplan that does NOT map to a SIP client in a disjoint network, the media exchange works (with negotiatied media IP in the same network as the SIP client), regardless of whether the calling client belongs in the same network as asterisk.bindip. If I try to call from the same SIP client to an extension that maps to a SIP client in a disjoint network, the call fails, and I get the spoken message about the user at extension such-and-such being unavailable. Additionally, I get the following error message in the Asterisk logs: [Feb 25 16:53:14] NOTICE[13807][C-00000003] chan_sip.c: Call from 'gatitoscomx64am_101' (10.0.0.2:5060) to extension 'gatitoscomx64am_101' rejected because extension not found in context 'gatitoscomx64am-from-internal'. For mhomed=1, the output of "sip show peers" changes to the following (when asterisk.bindip is set to 192.168.5.18): Privilege escalation protection disabled! See https://wiki.asterisk.org/wiki/x/1gKfAQ for more details. Name/username Host Dyn Forcerport ACL Port Status Description Realtime gatitoscomx64am_100/gatit 192.168.5.18 D N A 5060 OK (19 ms) Cached RT gatitoscomx64am_101/gatit 192.168.5.18 D N A 5060 OK (34 ms) Cached RT gatitoscomx64am_IM101 (Unspecified) D N A 0 UNREACHABLE Cached RT 3 sip peers [Monitored: 2 online, 1 offline Unmonitored: 0 online, 0 offline] From wireshark sniffing, I can see that the SDP payload sent from the client to Kamailio contains the IP address of the client, which is accessible by both Kamailio and Asterisk. However, the SDP payload in the OK response sent back to the client contains a media port with the IP address of asterisk.bindip (the one that appears in the "Host" column in the "sip show peers" report), not the IP address of the interface that received the INVITE. This results in broken media negotiation for all SIP clients belonging to networks other than the one that contains asterisk.bindip. In either case, I have to hardcode an IP address in kamailio.cfg, which is not satisfactory. IPs assigned to interfaces can and do change, especially if the interface is managed with DHCP. To escape this, I tried setting asterisk.bindip to 127.0.0.1, but since apparently localhost is also a disjoint network, all of the above described problems apply. Related to these issues, I am not satisfied with leaving Asterisk running unauthenticated SIP at the nonstandard port. Somebody suggested blocking the port with iptables, but I do not want to rely on this alone. I tried setting bindaddr=127.0.0.1 so that only Kamailio gets to talk to Asterisk, but this also has the side effect of restricting the media negotiation to localhost only. I am asking for help in building a Kamailio/Asterisk configuration that will support all of the networks and route media between all of them, just as if Asterisk were the only program running. Ideally, the configuration should not encode the current IP of any interface (except, maybe, localhost). What is the official name (if any) for the setup I am describing above? Does it have a standard setup procedure? How is Asterisk secured so that clients cannot bypass authentication using the Asterisk SIP port directly?

10 years, 8 months

Replacing an ACME Packet Net-Net SBC

by Francesco Maria Magnini

Hi, I would like to have some suggestions about a full replacement of an ACME Packet Net-Net Session Border Controller. By now, ACME SBC performs all the SBC functionalities, mainly: - it is used as a SIP endpoint for SIP client registrations - it is used as a SIP endpoint for interconnection to multiple SIP carriers via SIP trunks - it is used for NAT traversal In this deployment, the SIP Server communicates only with the SBC and this one takes care of the communication between the SIP Server and the external SIP entities (UA clients, SIP Trunks). In this scenario, can I consider to replace the SBC with Kamailio?

10 years, 8 months

prevent relaying to myself

by Henry Fernandes

Is there a way to prevent relaying requests to myself in route[RELAY]? -H

10 years, 8 months

fresh kamailio installation unable to connect through jitsi

by Michelle Jun

hi i just finished installation of kamailio on centos 6 64 bit following the docs on http://www.fredposner.com/voip/1457/kamailio-behind-nat/ the user able to chat through jitsi just fine, but when calling, one user able to connect, while the other showing only "connecting" (audio/video) any idea what did i do wrong? here is the /var/log./messages thank you Feb 26 17:43:34 black96 rtpproxy[4293]: INFO:handle_command: new session 2f6e045de764ae9e9252352d952359ae@0:0:0:0:0:0:0:0, tag 2d9e2107;1 requested, type strong Feb 26 17:43:34 black96 rtpproxy[4293]: INFO:handle_command: new session on a port 25982 created, tag 2d9e2107;1 Feb 26 17:43:34 black96 rtpproxy[4293]: INFO:handle_command: pre-filling caller's address with 192.168.168.1:5000 Feb 26 17:43:34 black96 rtpproxy[4293]: INFO:handle_command: new session 2f6e045de764ae9e9252352d952359ae@0:0:0:0:0:0:0:0, tag 2d9e2107;2 requested, type strong Feb 26 17:43:34 black96 rtpproxy[4293]: INFO:handle_command: new session on a port 25192 created, tag 2d9e2107;2 Feb 26 17:43:34 black96 rtpproxy[4293]: INFO:handle_command: pre-filling caller's address with 192.168.168.1:5002 Feb 26 17:43:39 black96 rtpproxy[4293]: INFO:handle_command: lookup on ports 25982/27044, session timer restarted Feb 26 17:43:39 black96 rtpproxy[4293]: INFO:handle_command: pre-filling callee's address with 192.168.168.1:5000 Feb 26 17:43:39 black96 rtpproxy[4293]: INFO:handle_command: lookup on ports 25192/22432, session timer restarted Feb 26 17:43:39 black96 rtpproxy[4293]: INFO:handle_command: pre-filling callee's address with 192.168.168.1:5002 Feb 26 17:43:39 black96 /usr/local/sbin/kamailio[4456]: NOTICE: acc [acc.c:279]: acc_log_request(): ACC: transaction answered: timestamp=1393465419;method=INVITE;from_tag=2d9e2107;to_tag=7175e4ad;call_id=2f6e045de764ae9e9252352d952359ae@0 :0:0:0:0:0:0:0;code=200;reason=OK;src_user=handy;src_domain=184.105.148.231;src_ip=192.168.168.1;dst_ouser=harri;dst_user=harri;dst_domain=192.168.113.2 Feb 26 17:43:39 black96 rtpproxy[4293]: INFO:handle_command: lookup on ports 25982/27044, session timer restarted Feb 26 17:43:39 black96 rtpproxy[4293]: INFO:handle_command: lookup on ports 25192/22432, session timer restarted Feb 26 17:43:40 black96 rtpproxy[4293]: INFO:handle_command: lookup on ports 25982/27044, session timer restarted Feb 26 17:43:40 black96 rtpproxy[4293]: INFO:handle_command: lookup on ports 25192/22432, session timer restarted Feb 26 17:43:42 black96 rtpproxy[4293]: INFO:handle_command: lookup on ports 25982/27044, session timer restarted Feb 26 17:43:42 black96 rtpproxy[4293]: INFO:handle_command: lookup on ports 25192/22432, session timer restarted Feb 26 17:44:43 black96 rtpproxy[4293]: INFO:process_rtp: session timeout Feb 26 17:44:43 black96 rtpproxy[4293]: INFO:remove_session: RTP stats: 0 in from callee, 0 in from caller, 0 relayed, 0 dropped Feb 26 17:44:43 black96 rtpproxy[4293]: INFO:remove_session: RTCP stats: 0 in from callee, 0 in from caller, 0 relayed, 0 dropped Feb 26 17:44:43 black96 rtpproxy[4293]: INFO:remove_session: session on ports 25982/27044 is cleaned up Feb 26 17:44:43 black96 rtpproxy[4293]: INFO:process_rtp: session timeout Feb 26 17:44:43 black96 rtpproxy[4293]: INFO:remove_session: RTP stats: 0 in from callee, 0 in from caller, 0 relayed, 0 dropped Feb 26 17:44:43 black96 rtpproxy[4293]: INFO:remove_session: RTCP stats: 0 in from callee, 0 in from caller, 0 relayed, 0 dropped Feb 26 17:44:43 black96 rtpproxy[4293]: INFO:remove_session: session on ports 25192/22432 is cleaned up Feb 26 17:45:23 black96 rtpproxy[4293]: INFO:handle_command: delete request failed: session 2f6e045de764ae9e9252352d952359ae@0:0:0:0:0:0:0:0, tags 2d9e2107/7175e4ad not found Feb 26 17:45:53 black96 /usr/local/sbin/kamailio[4460]: NOTICE: acc [acc.c:279]: acc_log_request(): ACC: transaction answered: timestamp=1393465553;method=BYE;from_tag=2d9e2107;to_tag=7175e4ad;call_id=2f6e045de764ae9e9252352d952359ae@0:0:0:0:0:0:0:0;code=408;reason=Request Timeout;src_user=handy;src_domain=184.105.148.231;src_ip=192.168.168.1;dst_ouser=harri;dst_user=;dst_domain=184.105.148.231

10 years, 8 months

What is required to enable TLS on non-standard port?

by info＠vintageelectronics.ca

Kamailio running in Fedora 19 box. The client (Jitsi) can only connect over TCP. If connecting over UDP, the clients connect, but cannot send/receive messages. Cannot connect over TLS at all. Ultimately I will need to run with TLS over 5065 port or higher. Tried using different listen directives, different port directive, but kamailio either does not start, or only listening on one TCP port. I've set up two SRV records, one for _sip on port 5065 and another for _sips on port 5066. Both pointing to the Fedora box. In Jitsi I have to specify port # and when I set it to 5065 over TCP it works, but 5066 over TLS never connects. What am I doing wrong? Thank you.

10 years, 8 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users March 2014