Hi Jerry,
I just joined so am unsure if you are good to go now but thought I would post my config as I also have a Freeswitch environment which I have placed Kamailio in front of to act as a load-balancing proxy. I also managed to get RTPEngine proxying through it too.
Here is the config, which I have created from Daniel’s default kamailio config. I have omitted the top portions of loading the modules and their settings. My dispatcher list is just a text file. I have two groups. One for registrations and outbound calls, and one for calls inbound coming from the FreeSwitch server.
In the NATMANAGE route, I currently have RTP proxying disabled as my free switch servers have external IPs and I let them handle the rtp stream.
On Freeswitch, I made the following changes to accomodate user/pass and IPAuth reg:
Changes to the Freeswitch servers listed in the dispatcher file
Edit /usr/local/freeswitch/conf/autoload_configs/acl.conf
<list name="proxy" default="deny">
<node type="allow" cidr=“IP address of Kamailio/32"/>
</list>
Edit /usr/local/freeswitch/conf/sip-profiles/internal-private.xml (or the sip-profile you need to edit in your instance)
<param name="apply-proxy-acl" value="proxy"/> #Add this line above the one below. This tells Freeswitch to look at the X-Auth-IP header which was inserted by Kamailio.
<param name="apply-inbound-acl" value="domains"/>
Then, restart freeswitch (with no active calls),
service freeswitch restart # or rescan the profile / reloadxml
I am not proxying RTP, however, I can un-comment out the stanza in the NATMANAGE route to get it to work.
The biggest gotcha for me was I was trying to use fix_nated_register when handling NAT for registrations instead of:
Fix_nated_contact() or the better set_contact_alias().
Using add_path_received(); in the Dispatcher just before sending to Freeswitch ensured all traffic returned to Kamailio too.
I am unsure of the SUBSCRIBE/PRESENCE stuff for you but the route should go out via the Kamailio proxy with this.
----------------------------
# main request routing logic
request_route {
xlog("L_WARN", "--- Going to <$ru>. src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd;src_ip=$si\n");
# per request initial checks
route(REQINIT);
# NAT detection
route(NATDETECT);
if(ds_is_from_list("33")) {
setflag(FLT_FS);
#xlog("L_WARN", "This source $si is from the dispatcher list.\n");
}
# CANCEL processing
if (is_method("CANCEL")) {
if (t_check_trans()) {
route(RELAY);
}
exit;
}
# handle retransmissions
if (!is_method("ACK")) {
if(t_precheck_trans()) {
t_check_trans();
exit;
}
t_check_trans();
}
# handle requests within SIP dialogs
route(WITHINDLG);
# record routing for dialog forming requests (in case they are routed)
# - remove preloaded route headers
remove_hf("Route");
if (is_method("INVITE|SUBSCRIBE")) {
xlog("L_WARN", "--- Going to <$ru>. src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd;src_ip=$si\n");
xlog("L_ALERT", "Marker 1\n");
record_route();
}
# account only INVITEs
if (is_method("INVITE")) {
setflag(FLT_ACC); # do accounting
}
if (isflagset(FLT_FS)) {
##t_on_reply("EXTERNAL_REPLY");
route(FROM_FS);
exit;
}
# handle presence related requests
route(PRESENCE);
# handle registrations
route(REGISTRAR);
if ($rU==$null) {
# request with no Username in RURI
sl_send_reply("484","Address Incomplete");
exit;
}
# dispatch destinations
route(DISPATCH);
return;
}
route[FROM_FS]
{
#record_route();
#loose_route_preloaded();
route(DLGURI);
route(RELAY);
exit;
}
route[RELAY] {
# enable additional event routes for forwarded requests
# - serial forking, RTP relaying handling, a.s.o.
if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) {
if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH");
}
if (is_method("INVITE|SUBSCRIBE|UPDATE")) {
if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY");
}
if (is_method("INVITE")) {
if(!t_is_set("failure_route")) t_on_failure("MANAGE_FAILURE");
}
if (!t_relay()) {
sl_reply_error();
}
exit;
}
#reply_route {
# if(status == 403) {
# xlog("L_WARN", "Forbidden from $si:$sp blah...\n");
# xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
# }
#}
onreply_route[LOGRPL] {
if(status == 403) {
xlog("L_ALERT", "$rs response. Consider banning AVP \"ipbancandidate\" is $avp(ipbancandidate) ");
}
}
# Per SIP request initial checks
route[REQINIT] {
# no connect for sending replies
# Enable tracing for SNGREP
##sip_trace();
##setflag(24);
#
set_reply_no_connect();
# enforce symmetric signaling
# - send back replies to the source address of request
force_rport();
#!ifdef WITH_ANTIFLOOD
# flood detection from same IP and traffic ban for a while
# be sure you exclude checking trusted peers, such as pstn gateways
# - local host excluded (e.g., loop to self)
if(src_ip!=myself) {
if($sht(ipban=>$si)!=$null) {
# ip is already blocked
xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
exit;
}
if (!pike_check_req()) {
xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
$sht(ipban=>$si) = 1;
exit;
}
}
#!endif
if($ua =~ "friendly|scanner|sipcli|sipvicious|VaxSIPUserAgent|pplsip|Hello\ SIP\ Automated") {
# silent drop for scanners - uncomment next line if want to reply
# sl_send_reply("200", "OK");
xlog("User agent is: $ua\n");
exit;
}
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
}
if(is_method("OPTIONS") && uri==myself && $rU==$null) {
sl_send_reply("200","Keepalive");
exit;
}
if(!sanity_check("17895", "7")) {
xlog("Malformed SIP message from $si:$sp\n");
exit;
}
}
# Handle requests within SIP dialogs
route[WITHINDLG] {
if (!has_totag()) return;
# sequential request withing a dialog should
# take the path determined by record-routing
if (loose_route()) {
xlog("L_INFO", "Routing before DLGURI\n");
route(DLGURI);
if (is_method("BYE")) {
setflag(FLT_ACC); # do accounting ...
setflag(FLT_ACCFAILED); # ... even if the transaction fails
} else if ( is_method("ACK") ) {
# ACK is forwarded statelessly
route(NATMANAGE);
} else if ( is_method("NOTIFY") ) {
# Add Record-Route for in-dialog NOTIFY as per RFC 6665.
record_route();
}
route(RELAY);
exit;
}
if (is_method("SUBSCRIBE") && uri == myself) {
# in-dialog subscribe requests
route(PRESENCE);
exit;
}
if ( is_method("ACK") ) {
if ( t_check_trans() ) {
# no loose-route, but stateful ACK;
# must be an ACK after a 487
# or e.g. 404 from upstream server
route(RELAY);
exit;
} else {
# ACK without matching transaction ... ignore and discard
exit;
}
}
sl_send_reply("404","Not here");
exit;
}
# Handle SIP registrations
route[REGISTRAR] {
if(!is_method("REGISTER"))
return;
xlog("L_WARN", "--- Going to <$ru>. src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd;src_ip=$si\n");
add_path_received();
$avp(ipbancandidate) = $si;
if(isflagset(FLT_NATS)) {
setbflag(FLB_NATB);
#!ifdef WITH_NATSIPPING
# do SIP NAT pinging
setbflag(FLB_NATSIPPING);
#!endif
}
route(DISPATCH);
if (!save("location")) {
sl_reply_error();
}
exit;
}
# Presence server route
route[PRESENCE] {
if(!is_method("PUBLISH|SUBSCRIBE"))
return;
sl_send_reply("404", "Not here");
exit;
}
# Caller NAT detection
route[NATDETECT] {
#!ifdef WITH_NAT
if (nat_uac_test("19")) {
if (is_method("REGISTER")) {
#fix_nated_register(); Disabled as we proxy registrations
#fix_nated_contact();
set_contact_alias();
##add_contact_alias();
#fix_nated_sdp("3");
xlog("L_ALERT", "Nat Registration nat fixed.\n");
} else {
if(is_first_hop()) {
set_contact_alias();
xlog("L_ALERT", "Contact NAT fixed\n");
}
}
setflag(FLT_NATS);
xlog("L_ALERT", "FLT_NATS flag set\n");
}
#!endif
return;
}
# RTPProxy control and signaling updates for NAT traversal
route[NATMANAGE] {
#!ifdef WITH_NAT
if (is_request()) {
if(has_totag()) {
if(check_route_param("nat=yes")) {
setbflag(FLB_NATB);
}
}
}
if (nat_uac_test("3")) {
#fix_nated_contact();
set_contact_alias();
##add_contact_alias();
force_rport();
}
if (has_body("application/sdp") && nat_uac_test("8")) {
fix_nated_sdp("11");
}
if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB))) return;
###!ifdef WITH_RTPENGINE
## xlog("RTPEngine enabled\n");
## if(nat_uac_test("8")) {
## xlog("RTP 1\n");
## rtpengine_manage("SIP-source-address replace-origin replace-session-connection");
## } else {
## rtpengine_manage("replace-origin replace-session-connection");
## }
###!else
## if(nat_uac_test("8")) {
## rtpproxy_manage("co");
## } else {
## rtpproxy_manage("cor");
## }
###!endif
if (is_request()) {
if (!has_totag()) {
if(t_is_branch_route()) {
add_rr_param(";nat=yes");
xlog("Nat notation added!\n");
}
}
}
if (is_reply()) {
if(isbflagset(FLB_NATB)) {
if(is_first_hop())
#fix_nated_contact();
set_contact_alias();
#add_contact_alias();
}
}
if(isbflagset(FLB_NATB)) {
# no connect message in a dialog involving NAT traversal
if (is_request()) {
if(has_totag()) {
set_forward_no_connect();
}
}
}
#!endif
return;
}
# URI update for dialog requests
route[DLGURI] {
#!ifdef WITH_NAT
if(!isdsturiset()) {
handle_ruri_alias();
xlog("L_INFO", "Routing in-dialog $rm from $fu to $du\n");
}
#!endif
return;
}
# Dispatch requests
route[DISPATCH] {
# round robin dispatching on gateways group '1'
remove_hf_re("Subject|P-.*|X-.*");
append_hf("X-Auth-IP: $si\r\n");
#add_rr_param(";nat=yes");
t_on_reply("LOGRPL");
if(!ds_select_dst("1", "0")) {
send_reply("404", "No destination");
exit;
}
#xdbg("--- SCRIPT: going to <$ru> via <$du> (attrs: $xavp(_dsdst_=>attrs))\n");
xlog("L_WARN", "--- Going to <$ru>. src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd;src_ip=$si; $RAi; $Ri;\n");
t_on_failure("RTF_DISPATCH");
route(RELAY);
}
# Try next destionations in failure route
failure_route[RTF_DISPATCH] {
if (t_is_canceled()) {
exit;
}
# next DST - only for 500 or local timeout
if (t_check_status("500")
or (t_branch_timeout() and !t_branch_replied())) {
if(ds_next_dst()) {
xdbg("--- SCRIPT: retrying to <$ru> via <$du> (attrs: $xavp(_dsdst_=>attrs))\n");
t_on_failure("RTF_DISPATCH");
route(RELAY);
exit;
}
}
}
# Manage outgoing branches
branch_route[MANAGE_BRANCH] {
xdbg("new branch [$T_branch_idx] to $ru\n");
xlog("L_ALERT", "Marker 20\n");
route(NATMANAGE);
return;
}
# Manage incoming replies
reply_route {
if(!sanity_check("17604", "6")) {
xlog("Malformed SIP response from $si:$sp\n");
drop;
}
return;
}
# Manage incoming replies in transaction context
onreply_route[MANAGE_REPLY] {
xdbg("incoming reply\n");
xlog("L_ALERT", "Marker 21\n");
if(status=~"[12][0-9][0-9]") {
route(NATMANAGE);
}
# if (has_body("application/sdp")) {
# rtpengine_manage();
# }
return;
}
# Manage failure routing cases
failure_route[MANAGE_FAILURE] {
xlog("L_ALERT", "Marker 23\n");
route(NATMANAGE);
if (t_is_canceled()) exit;
#!ifdef WITH_BLOCK3XX
# block call redirect based on 3xx replies.
if (t_check_status("3[0-9][0-9]")) {
t_reply("404","Not found");
exit;
}
#!endif
#!ifdef WITH_BLOCK401407
# block call redirect based on 401, 407 replies.
if (t_check_status("401|407")) {
t_reply("404","Not found");
exit;
}
#!endif
#!ifdef WITH_VOICEMAIL
# serial forking
# - route to voicemail on busy or no answer (timeout)
if (t_check_status("486|408")) {
$du = $null;
route(TOVOICEMAIL);
exit;
}
#!endif
return;
}
Hi all
On calls with privacy enabled to customers, I want to ensure no
information is disclosed. Not even if one would capture packets.
A PRACK and the 200 OK to a PRACK therefore may need the To and From
Header changed.
Unfortunately I seem not to be able to catch the 200 OK REPLY sent to a
PRACK with t_on_reply. It looks like they somehow pass completely
unprocessed through Kamailio (not completely Via Header are removed
accordingly)
Am I missing something?
--
Mit freundlichen Grüssen
-Benoît Panizzon- @ HomeOffice und normal erreichbar
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
Dear List,
I’m new to Kamailio and would like to set it up as a standalone general purpose SBC.
I’m having a hard time finding a guide specific for this. What can you recommend?
Thank you so much
With best wishes,
Unai Rodriguez
Hi,
Some exceptions generated in Python script cause a harmless traceback in the logs, while others cause Kamailio to crash:
Sep 22 06:28:34 proxy /usr/sbin/kamailio[3984]: CRITICAL: <core> [core/pass_fd.c:277]: receive_fd(): EOF on 11
Sep 22 06:28:34 proxy /usr/sbin/kamailio[3957]: ALERT: <core> [main.c:783]: handle_sigs(): child process 3965 exited by a signal 11
Sep 22 06:28:34 proxy /usr/sbin/kamailio[3957]: ALERT: <core> [main.c:786]: handle_sigs(): core was generated
(gdb) where
#0 0x00007fdaea729079 in vfprintf () from /lib64/libc.so.6
#1 0x00007fdaea754179 in vsnprintf () from /lib64/libc.so.6
#2 0x00007fdac45e9afd in make_message () from /usr/lib64/kamailio/modules/app_python3.so
#3 0x00007fdac45e5bc9 in python_handle_exception ()
from /usr/lib64/kamailio/modules/app_python3.so
#4 0x00007fdac45ebfde in apy_exec () from /usr/lib64/kamailio/modules/app_python3.so
#5 0x00007fdac45ecef1 in python_exec2 () from /usr/lib64/kamailio/modules/app_python3.so
#6 0x0000000000474ee0 in do_action ()
#7 0x000000000048217d in run_actions ()
#8 0x0000000000474d39 in do_action ()
#9 0x000000000048217d in run_actions ()
#10 0x0000000000474d39 in do_action ()
#11 0x000000000048217d in run_actions ()
#12 0x0000000000474d87 in do_action ()
#13 0x000000000048217d in run_actions ()
#14 0x00000000004828c1 in run_top_route ()
#15 0x00000000005e8044 in receive_msg ()
#16 0x00000000004df772 in udp_rcv_loop ()
#17 0x0000000000429f5b in main_loop ()
#18 0x000000000043423e in main ()
Is there a reasonable way to try to prevent this type of mid-air explosion?
— Alex
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
Hi,
I'm looking at a kamailio config where all substdef have the syntax
"!regexp!subst!flags", "!DB_URL!db.example.com!g" but i can't find this
syntax in the documentation. It's currently running on a fairly modern 5.x
version and as far as i know it has never been on 4.x or older.
Does anyone know where this syntax is from and if it's possible/recommended
to simply replace it with "/regexp/subst"?
*Fredrik* *Dahlgren* | Senior SIP/VoIP Engineer
fredrik.dahlgren(a)freespee.com | LinkedIn
<https://www.linkedin.com/company/freespee/> | Twitter
<https://twitter.com/freespee>
Hello,
Kamailio SIP Server v5.5.5 stable release is out.
This is a maintenance release of the stable branch 5.5 that
includes fixes since the release of v5.5.4. There is no change to
database schema or configuration language structure that you have to do
on previous installations of v5.5.x. Deployments running previous v5.5.x
versions are strongly recommended to be upgraded to v5.5.5.
Note that 5.5 is the second last stable branch, still officially maintained
by Kamailio development team. The latest stable branch is 5.6, with
v5.6.1 being release out of it.
For more details about version 5.5.5 (including links and guidelines to
download the tarball or from GIT repository), visit:
* https://www.kamailio.org/w/2022/09/kamailio-v5-5-5-released/
RPM, Debian/Ubuntu packages will be available soon as well.
Many thanks to all contributing and using Kamailio!
Cheers,
Daniel
--
Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - Online
Oct 10-13, 2022 (Europe Timezone)
* https://www.asipto.com/sw/kamailio-advanced-training-online/
Hi,
Instructions for upgrading from 5.5 to 5.6 don't include instructions for
the MySQL database schema changes:
http://www.kamailio.org/wiki/install/upgrade/5.5.x-to-5.6.0
Where can I get this information? It was always published in the past.
Best regards,
Leonid Fainshtein
Hello,
I am considering to release Kamailio v5.5.5 soon, likely on Monday or
Tuesday next week (Sep 19 or 20, 2022). This is the usual heads up
notification to see if anyone is aware of issues not yet reported to bug
tracker and if yes, do it as soon as possible to give them a chance to
be fixed.
Cheers,
Daniel
--
Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - Online
Oct 10-13, 2022 (Europe Timezone)
* https://www.asipto.com/sw/kamailio-advanced-training-online/
