sr-users

sr-users@lists.kamailio.org

4 participants
37456 discussions

14 Jun '06

hi guys, happy OpenSER's 1st Anniversary and happy world cup! I configure the TLS on OpenSER-1.0.1 release, but it doesn't work well. i searched on the web and found the discussion (attach it below) which posted monthes ago, my problem is very similar to it. but i can't find any conclusion about this discussion. Does anyone has resolved the similar problem, can you share the experiences? thanks in advance. my openssl's version is 0.9.8a when used snom360 to connect openser via tls, it blocked and freezed after receive ServerHelloDone. windows messenger 5.1 can go further, but still popup the "There was a problem verifying the certificate..." msg. and openser print the error are SSL_ERROR_WANT_READ and SSL_ERROR_SYSCALL... my certificate should be right, i have checked and regenerated it heaps of times... ---------------------------------------- [prev in list] [next in list] [prev in thread] [next in thread] List: voipsec Subject: Re: [VOIPSEC] Snom Softphone with TLS and Openser From: dennis <m8939605 () yahoo ! com ! tw> Date: 2006-02-24 13:44:01 Message-ID: 20060224134401.62975.qmail () web17506 ! mail ! tpe ! yahoo ! com [Download message RAW] Hi Martin, I folllow your method, but I still have somme problem. 1.After receive ClientHello, openser will be terminated. my openser is 1.0.0 1 1 0.0023 (0.0023) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA compression methods NULL 1 0.2734 (0.2710) S>C TCP FIN /////////////////////////////////// 2. Add the tls_ciphers_list="NULL-SHA:NULL-MD5", openser was ok, but snom soft phone was stuck immediately after starting and did not accept any input via the user interface. 1 1 0.0894 (0.0894) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA compression methods NULL 1 2 0.0913 (0.0018) S>C Handshake ServerHello Version 3.1 session_id[32]= 86 63 02 13 cd 51 12 d8 02 61 aa cc 66 63 84 d8 21 42 01 8e c1 d6 8e b0 c3 b6 d1 26 68 73 0d 02 cipherSuite TLS_RSA_WITH_NULL_MD5 compressionMethod NULL 1 3 0.0913 (0.0000) S>C Handshake Certificate 1 4 0.0913 (0.0000) S>C Handshake ServerHelloDone 1 131.0737 (130.9823) S>C TCP FIN When you re-executed the program, the ceritificate will be clean away. I thought that the soft phone lost it's certificate, so it hang on. Another root causer may be openssl (0.97f), I will try to upgrade or reinstall it. /////////////////////////////////////// In my environment, Windows Messenger always has some problems with Openser, when openser sent certificate, WM always pop up a error messange. 3 1 0.8193 (0.8193) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA compression methods NULL 3 2 0.8199 (0.0006) S>C Handshake ServerHello Version 3.1 session_id[32]= c3 b3 f1 16 de e4 76 d6 97 e3 ae ba 68 06 31 92 1a 5c 62 c7 f5 8c 7d 2c 2e 2b 87 47 32 a6 04 32 cipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA compressionMethod NULL 3 3 0.8199 (0.0000) S>C Handshake Certificate 3 4 0.8199 (0.0000) S>C Handshake ServerHelloDone //////////////////////////////////// But after replaced key size from 2048 to 1024, there was improvement in Windows Messenger, although it still pop up the same error. 3 1 0.8193 (0.8193) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA compression methods NULL 3 2 0.8199 (0.0006) S>C Handshake ServerHello Version 3.1 session_id[32]= c3 b3 f1 16 de e4 76 d6 97 e3 ae ba 68 06 31 92 1a 5c 62 c7 f5 8c 7d 2c 2e 2b 87 47 32 a6 04 32 cipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA compressionMethod NULL 3 3 0.8199 (0.0000) S>C Handshake Certificate 3 4 0.8199 (0.0000) S>C Handshake ServerHelloDone 3 5 0.8701 (0.0501) C>S Handshake ClientKeyExchange 3 6 0.8701 (0.0000) C>S ChangeCipherSpec 3 7 0.8701 (0.0000) C>S Handshake 3 8 0.8736 (0.0035) S>C ChangeCipherSpec 3 9 0.8738 (0.0001) S>C Handshake 3 1.6979 (0.8241) C>S TCP FIN 3 10 1.6985 (0.0006) S>C Alert 3 1.6986 (0.0000) S>C TCP FIN The Alert was not a standard TLS alert description, so I can't analyze it. The Alter messange is below: 15 03 01 00 18 fe ef bc 84 a3 c7 8c 8c a5 91 e7 da e1 7c ^^^^^^^^ (there are some problems.....) 06 ee 35 9d 32 21 ec ef 8c 79 --- Christian Stredicke <Christian.Stredicke(a)snom.de> ��G > Instead of using DNS SRV you can also use a > transport parameter in the > outbound proxy. E.g. > > server.example.at:5061;transport=tls > > Christian > > > -----Original Message----- > > From: Voipsec-bounces(a)voipsa.org > > [mailto:Voipsec-bounces@voipsa.org] On Behalf Of > Martin Petraschek > > Sent: Thursday, February 23, 2006 5:01 AM > > To: Voipsec(a)voipsa.org > > Subject: [VOIPSEC] Snom Softphone with TLS and > Openser > > > > Hi all, > > > > I just wanted to share the experiences I made when > trying to > > get the Snom 360 Softphone to work with TLS > support together > > with Openser. Maybe my findings can be of use for > other > > people having similar problems. > > > > The Snom Softphone is one of the few Softphones I > am aware of > > that support TLS as well as RTP encryption. > Unfortunately it > > is not Open Source, but the binary is freely > available at > > http://www.snom.com/download/snom360-5.3.exe > > > > When trying to use TLS, one might be disappointed > that the > > configuration menus do not offer any setting like > "enable > > TLS". This is because the Snom phone uses DNS SRV > queries in > > order to find out which connection method to use. > The first > > task is therefore to configure SRV records of the > DNS server. > > For bind, the following lines did the trick: > > > > example.at. IN NAPTR 10 50 "s" "SIPS+D2T" "" > _sips._tcp.example.at. > > example.at. IN NAPTR 20 50 "s" "SIP+D2U" "" > _sip._udp.example.at. > > example.at. IN NAPTR 30 50 "s" "SIP+D2T" "" > _sip._tcp.example.at. > > > > ; ----- SRV records ----- > > _sip._udp IN SRV 0 0 5060 > server.example.at. > > _sip._tcp IN SRV 0 0 5060 > server.example.at. > > _sips._tcp IN SRV 0 0 5061 > server.example.at. > > > > > > After that, the Snom phone tried to contact the > SIP server via TLS. > > However, the program was stuck immediately after > starting and > > did not accept any input via the user interface. I > inspected > > the network traffic it generated with the help of > the tool > > ssldump, which showed the following: > > > > server:/etc/openser/tools# ssldump -i eth0 port > 5061 New TCP > > connection #1: user.example.at(3695) <-> > server.example.at(5061) > > 1 1 0.0124 (0.0124) C>S Handshake > > ClientHello > > Version 3.1 > > cipher suites > > TLS_RSA_WITH_RC4_128_MD5 > > TLS_RSA_WITH_RC4_128_SHA > > TLS_RSA_WITH_NULL_MD5 > > TLS_RSA_WITH_NULL_SHA > > TLS_DH_anon_WITH_3DES_EDE_CBC_SHA > > TLS_DH_anon_WITH_RC4_128_MD5 > > TLS_RSA_WITH_DES_CBC_SHA > > TLS_RSA_EXPORT1024_WITH_RC4_56_SHA > > TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA > > TLS_DH_anon_WITH_DES_CBC_SHA > > compression methods > > NULL > > 1 2 0.0145 (0.0021) S>C Handshake > > ServerHello > > Version 3.1 > > session_id[32]= > > 5d a6 8d 61 58 ed c6 08 ae 76 d1 eb 24 > 82 6a c3 > > 2e 12 4c 29 17 7b 80 bf 1d 98 82 2c 67 > 53 ab f0 > > cipherSuite > TLS_RSA_EXPORT1024_WITH_RC4_56_SHA > > compressionMethod NULL > > 1 3 0.0146 (0.0000) S>C Handshake > > Certificate > > 1 4 0.0146 (0.0000) S>C Handshake > > CertificateRequest > > certificate_types > rsa_sign > > certificate_types > dss_sign > > ServerHelloDone > > 1 9.5153 (9.5006) C>S TCP RST > > > > > > I noticed that the chosen ciphersuite was 1024 bit > RSA. > > Checking the certificate file > > /etc/openser/tls/user/user-cert.pem, I found that > the > > certificate configured for openser is 2048 bit! To > overcome > > this problem, I changed the configuration files > ca.conf and > > user.conf as well as gen_rootCA.sh (just replaced > 2048 with > > 1024 at every occurence). > > After re-generating the certificates and restaring > openser, > > the TLS connection finally worked like a charm. > > > > Cheers, > > > > Martin > > > > _______________________________________________ > > Voipsec mailing list > > Voipsec(a)voipsa.org > > > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org > > > > > > > > _______________________________________________ > Voipsec mailing list > Voipsec(a)voipsa.org > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org >

1 0

RE: [Users] OpenSER - one year old
by Ricardo Martinez 14 Jun '06

14 Jun '06

Happy Birthday! Thanks to all the people involved in this project, thanks for your support and dedication. We really appreciate all your efforts. Thanks again and happy birthday. Cheers!! Ricardo Javier Martinez Ogalde Ingeniero de Desarrollo VOISS NET S.A. Cisco Certified Network Associate ,CCNA (CSCO 10643101) * : (56 2) 240 81 96 * : (56 2) 245 74 95 * : rmartinez(a)redvoiss.net > -----Mensaje original----- > De: Daniel-Constantin Mierla [mailto:daniel@voice-system.ro] > Enviado el: Miércoles, 14 de Junio de 2006 10:31 > Para: users(a)openser.org; devel(a)openser.org > Asunto: [Users] OpenSER - one year old > > > Hello everybody, > > today OpenSER is one year old. In the hope that its first > year brought > many features needed by you, helped you in your business, > study or just > in private use, we will like to thank to all developers and community > members for their contributions, support, usage and testing > of OpenSER. > > The news and summary of this year of activity is posted at: > > http://openser.org/openser-news-20060614.php > > For the next year, we look forward to many new features, to make the > functionality fit in most of business cases, from residential > services > to carrier grade. We are welcoming ideas and contributions > as well as > patches and testing reports. > > Cheers, > Daniel > > > _______________________________________________ > Users mailing list > Users(a)openser.org > http://openser.org/cgi-bin/mailman/listinfo/users >

1 0

[Users] OpenSER - one year old
by Daniel-Constantin Mierla 14 Jun '06

14 Jun '06

Hello everybody, today OpenSER is one year old. In the hope that its first year brought many features needed by you, helped you in your business, study or just in private use, we will like to thank to all developers and community members for their contributions, support, usage and testing of OpenSER. The news and summary of this year of activity is posted at: http://openser.org/openser-news-20060614.php For the next year, we look forward to many new features, to make the functionality fit in most of business cases, from residential services to carrier grade. We are welcoming ideas and contributions as well as patches and testing reports. Cheers, Daniel

2 1

[Users] called failed 408 Request timeout
by raviprakash sunkara 14 Jun '06

14 Jun '06

Hi Users, Today OPENSER's I st Anniversary , hi dedues please solve my issues In Local network openser with radius (AAA) is working fine. by using xten softphones But when i'm deploy in some other places with different network . Its successfully logined , but when making the calls its gives log as ' called failed : 408 request time out..." here is my openser,cfg below ........................... modparam("usrloc", "db_mode", 2) modparam("auth_db", "password_column", "password") modparam("auth_db", "calculate_ha1", yes) modparam("usrloc|acc|auth_db|group|msilo", "db_url", " mysql://openser:openserrw@localhost/openser") ########333333 modparam("acc","log_level",1) modparam("acc","log_flag",1) modparam("acc","log_missed_flag",2) modparam("acc", "log_fmt", "cdfimorstup") #modparam("acc", "failed_transaction_flag",3) modparam("acc", "report_cancels", 1) modparam("acc","report_ack",0) modparam("acc", "db_flag", 1) modparam("acc", "db_missed_flag", 2) modparam("acc","radius_flag",1) #modparam("acc","radius_level",1) #modparam("acc","radius_missed_flag",2) modparam("acc","service_type",15) #modparam("acc", "detect_direction", 1) modparam("acc","radius_config","/usr/local/etc/radiusclient-ng/radiusclient.conf") modparam("auth_radius","radius_config","/usr/local/etc/radiusclient-ng/radiusclient.conf") ##########33 modparam("nathelper","natping_interval",30) modparam("nathelper","ping_nated_only",1) modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock") #################33 modparam("rr", "enable_full_lr", 1) ############################################### route { # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("13")) { sl_send_reply("483","Too Many Hops........................!"); exit; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); exit; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if(!method== "REGISTER") { record_route(); }; # loose-route processing if (loose_route()) { # add now 0n 9 setflag(1); acc_rad_request("200 ok "); t_relay(); exit; }; # account completed transactions via syslog #setflag(1); # setflag(2); if(uri==myself) { if(method=="REGISTER") { if(!radius_www_authorize("192.168.2.55")) { www_challenge("192.168.2.55","0"); exit; }; #consume_credentials(); save("location"); if (m_dump()) { log("MSILO: offline messages dumped - if they were\n"); }else{ log("MSILO: no offline messages dumped\n"); }; exit; }; if(method=="INVITE" && method=="ACK") { record_route(); acc_rad_request("200"); force_rtp_proxy(); #setflag(1); t_on_reply("1"); }; /* if (method=="BYE") { record_route(); }; */ if (method=="MESSAGE") { log(1, "MESSAGE\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ }; if (method=="BYE" || method=="CANCEL") { #log (1, "BYE or CANCEL\n"); #setflag(1); acc_rad_request("200 "); #acc_rad_request("Stop"); #unforce_rtp_proxy(); #setflag(1); }; if(!lookup("location")) { sl_send_reply("404","Woo......... NOt found"); }; }; if(!t_relay()) { sl_reply_error(); }; lookup("aliases"); #setflag(2); exit; } onreply_route[1] { if(status=~"[0-9][0-9][0-9]") { force_rtp_proxy(); }; } ----------------------------------------------------------------------------------- please help me........ -- Thanks and Regards with cheers Sunkara Ravi Prakash (Voip Developer) Hyperion Technology www.hyperion-tech.com <b>

1 0

[Users] Re: Openser as front end to Asterisk
by Kenny Chua 14 Jun '06

14 Jun '06

I'm trying to use Asterisk's B2BUA with Openser. However I read somewhere that Asterisk can't handle as much concurrent calls as Openser can with SIP. So that's why I am trying to use both of them together. This is gonna be somewhat I'm trying to do: UA ----->Openser ---> Asterisk ------> PSTN Gateway or SIP All UA should be regisetered on Openser using mysql database. Question is, if I use this implementation, wouldn't all the call load be on Asterisk instead of Openser? Maybe I'm getting the wrong picture, as I'm fairly new to this. So I appreciate as much help as possible. I'm trying to do this for my senior design. Thank you. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

2 1

Re: [Serusers] Content-Type: multipart/mixed; boundary=uniqueBoundary problems?
by Jiri Kuthan 14 Jun '06

14 Jun '06

Hi Greg, looks like you will have to start debugging :-) Normally, SER doesn't care of payload (you could do H.323 tunnelling in it if you wished ;-)) I can only imagine SER can complain about the message if it uses some SDP-mangling module like nathelper but even then i would not expect SER dropping silently. Let me know what you have found out in any case -- it looks like a perfectly legitimate SIP request. -jiri At 07:44 14/06/2006, Greg Fausak wrote: >Before I start debugging I thought I'd ask. >I have a sip message from a gateway (Cisco IOS) that >is being sliently dropped. Should ser be able to handle >a message that looks like this? I haven't done a multipart >message before. > >Thanks, >---greg > >INVITE sip:+19194724170@sn-sip-in.ca-sn1.cisco.com:5060 SIP/2.0 >Via: SIP/2.0/UDP 172.18.109.91:5060;branch=z9hG4bK4F0109C >Remote-Party-ID: <sip: >+19199915651(a)172.18.109.91>;party=calling;screen=yes;privacy=off >From: <sip:+19199915651@172.18.109.91>;tag=249E4980-FFC >To: <sip:+19194724170@sn-sip-in.ca-sn1.cisco.com> >Date: Tue, 13 Jun 2006 19:37:55 GMT >Call-ID: F241878C-FA4A11DA-81EFC5C8-2F1D7951(a)172.18.109.91 >Supported: 100rel,timer,resource-priority,replaces >Min-SE: 1800 >Cisco-Guid: 4064260884-4199158234-2157445126-1397050494 >User-Agent: Cisco-SIPGateway/IOS-12.x >Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, >SUBSCRIBE, NOTIFY, INFO, REGISTER >CSeq: 101 INVITE >Max-Forwards: 10 >Timestamp: 1150227475 >Contact: <sip:+19199915651@172.18.109.91:5060> >Expires: 180 >Allow-Events: telephone-event >Content-Type: multipart/mixed;boundary=uniqueBoundary >Mime-Version: 1.0 >Content-Length: 797 > >--uniqueBoundary >Content-Type: application/sdp >Content-Disposition: session;handling=required > >v=0 >o=CiscoSystemsSIP-GW-UserAgent 8340 2382 IN IP4 172.18.109.91 >s=SIP Call >c=IN IP4 172.18.109.91 >t=0 0 >m=audio 19122 RTP/AVP 18 3 0 4 100 101 >c=IN IP4 172.18.109.91 >a=rtpmap:18 G729/8000 >a=fmtp:18 annexb=yes >a=rtpmap:3 GSM/8000 >a=rtpmap:0 PCMU/8000 >a=rtpmap:4 G723/8000 >a=fmtp:4 annexa=yes >a=rtpmap:100 X-NSE/8000 >a=fmtp:100 192-194 >a=rtpmap:101 telephone-event/8000 >a=fmtp:101 0-16 > >--uniqueBoundary >Content-Type: application/gtd >Content-Disposition: signal;handling=optional > >IAM, >PRN,isdn*,,NI***, >USI,rate,c,s,c,1 >USI,lay1,ulaw >TMR,00 >CPN,02,,1,4724170 >CGN,04,,1,y,2,9199915651 >CPC,09 >FCI,,,,,,,y, >GCI,f23fb314fa4a11da8098000653454c7e > > >--uniqueBoundary-- > > > >-- >Greg Fausak >greg(a)thursday.com >_______________________________________________ >Serusers mailing list >Serusers(a)lists.iptel.org >http://lists.iptel.org/mailman/listinfo/serusers -- Jiri Kuthan http://iptel.org/~jiri/

2 1

[Users] openser forking
by Padmaja RV 14 Jun '06

14 Jun '06

Hi all, i need to implement openser for forking an incoming sip call. can anyone pls guide me how to do this?

2 2

Re: [Users] openser forking
by Padmaja RV 14 Jun '06

14 Jun '06

Hi, sorry, i could not understand what u meant by that.... please elaborate a bit, Thanks, Padmaja ----- Original Message ----- From: ram To: Padmaja RV Sent: Wednesday, June 14, 2006 4:30 PM Subject: Re: [Users] openser forking Ngrep should help you for the same ram On 6/14/06, Padmaja RV <padmaja.rv(a)vodcalabs.com> wrote: Hi all, i need to implement openser for forking an incoming sip call. can anyone pls guide me how to do this? _______________________________________________ Users mailing list Users(a)openser.org http://openser.org/cgi-bin/mailman/listinfo/users

1 0

[Users] Openser as front end to Asterisk
by Kenny Chua 14 Jun '06

14 Jun '06

Hello everyone, I've finally got openser working with mysql. Now I'm trying to integrate Openser with Asterisk. I read Asterisk at large. However I have a few questions: 1) It is said that openser as a front end to asterisk will enable more concurrent calls comparing to asterisk alone. How is that so? 2) If openser acts as a front end connecting all SIP calls, what is the role of asterisks? 3) Will the load of SIP calls be handled by openser alone? Or is it both asterisk and openser? I'm confuse with this, please help a newbie out here. Thank you in advance. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

3 2

[Serusers] rewriting the outgoing URI to its alias
by Andy Thomas 14 Jun '06

14 Jun '06

Greger, Im already doing this for calls coming into my SER installation. However I want to do it the other way around, i.e. from SER/UA to PSTN Therefore I want to rewrite the username if the outgoing INVITE message to be the alias, not the location, when sending to the PSTN. Andy _____ From: Greger V. Teigre [mailto:greger@teigre.com] Sent: 12 June 2006 09:33 To: Andy Thomas Cc: serusers(a)lists.iptel.org Subject: Re: [Serusers] rewriting the outgoing URI to its alias I see a lot of confusion on the different user related ids in SIP. Let me try to explain (and answer your question, Andy, at the end of the post...) Let's start at the user agent(UA) side: -------------------- AOR: Address of record is the sip:myuser@domain.com address that you are known as, just like your email address. Many user agents don't ask for AOR, but builds it from other parameters you need to set Username: The username is normally the user (before @) of AOR) Realm: Often the domain portion of the AOR, thus AOR = sip:username@realm Friendly name/displayname: "My name" Out of this info, the From header is constructed: From: "My name" <sip:username@realm> --- Entirely separate (but sometimes confused in user agents): Authentication username: The user used for authentication Authentication realm: The realm to authenticate within Very often the authentication realm is implicitly assumed to be the same as the AOR realm --- Then, the user agent will create the Contact header. The Contact header should be the public contact address of your current location. Thus: Contact: sip:username@mypublicip:5060 If the user agent is behind a NAT, the mypublicip will be a private address. --- A sidenote: Unless registration server is explicitly specified, the realm in the AOR will be used for looking up the SIP registration server using DNS SRV or A lookups. You should avoid putting the FQDN of your SIP server in the realm. Also, you may in some user agents specify outbound proxy. This is the proxy where the user agent will send INVITEs (and other outbound messages). ------------------- And on the SER side: ------------------- Authentication user/realm are used to do Digest authentication, but are then forgotten (i.e. not stored). The AOR is registered in the location table, together with the Contact header, as well as the source ip and port (if different from Contact). The fix_nated_register() function handles this setting of the so-called received parameter. So, to the routing: - Messages that need to be routed (i.e. do not have Route headers) will have a Request URI; the first line and the part after the message type: INVITE sip:username@domain.com - It is by changing this request URI, you do routing. The t_relay() command uses the URI to forward the message correctly - Before forwarding to a user agent, you want the request uri to be the same as the stored Contact header for the AOR you are looking up. If not, the user agent may reply with a 404 User not found - The From header is NOT used for routing, and for backwards RFC compatibility, you should not change the From header as some UAs will use the content of the From header to match a dialog (however, if your UAs from experience still work, there should not be a problem doing it, it's just not RFC-compliant and may pop up and kick your butt later ;-) - The AOR in location table is used for looking up incoming messages if you can find a direct match between the Request-URI in the incoming message and the stored AOR. If not, you can use the aliases table (and lookup("aliases")) to match the Request-URI with something in the aliases table, that again will map to the AOR in the location table --- So keeping this (fairly simple) concept in focus: Routing (regardless of LCR, avps or whatever) should focus on finding the correct Request-URI before you call t_relay(). BUT, there are ways of "messing" up this... --- - There are several commands in SER you can use to override the Request-URI (forward_*). They should be avoided, unless you have a valid reason for having a Request-URI in the message you are forwarding that is NOT resolvable (either IP address or DNS name or DNS SRV/A resolvable) to the party you are forwarding to. The reason can be if you want the R-URI to contain the AOR and then forward the message to a server handling voicemail - The dst_uri parameter (implicitly set by lookup) will tell t_relay() to send the message to dst_uri instead of the Request-URI. lookup() will set this when it finds that the Contact stored for the AOR also has an associated received ip:port (because the user agent was NATed) In general trying all sorts of tricks o fix-up things the way you need it may not be so smart. Stick to the basics and question yourself: Is this something I really want to do? ---------------------- To Andy, you want the aliases table to map to the AOR (as registered by the UA in the REGISTER command). You do lookup("aliases") to resolve your DID into an AOR. Then, later you can do lookup("location") to map the AOR to the location of the UA (i.e. Contact/dst_uri). Then your Request-URI will be correct. g-) Andy Thomas wrote: Does anyone know how I would do this- For all users who have PSTN access, they are assigned a number in the MySQL alias table which matches a PSTN DDI number. e.g. user 8000 has an alias of 2071231234, so on an incoming call the lookup("aliases") function correctly matches the DDI to the user. I want my ser.cfg to rewrite the user on an outgoing call, if a number exists in the alias table for that user Obviously, the rewriteuser function will be used, but what do I put in after that? I have tried rewriteuser (lookup ("aliases")) but that doesn't work Can anyone help? _____ _______________________________________________ Serusers mailing list Serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

2 3

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users