6 Jul
2005
6 Jul
'05
8:39 a.m.
and also make sure if you do allow they are just meant for your internal
users, i.e relays to pstn arent allowed, that is unless u want people to
make "free" pstn calls, :-)
Iqbal
Steve Blair wrote:
If he is getting a proxy authenticate error as his message suggested
then your
ser.cfg has to be modified to allow calls from outside your domain
without
those calls being authenticated first.
harry gaillac wrote:
Thanks Ryan,
Many people can't call me !?
Harry
look at my ser.cfg:
# $Id: ser.cfg,v 1.27 2005/03/10 14:16:25 Exp $
#
#
# ----------- global configuration parameters
------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)
#memlog=5 # memory debug log level
#log_facility=LOG_LOCAL0 # sets the facility used for
logging (see syslog(3))
/* Uncomment these lines to enter debugging mode #fork=no
#log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://ser:heslo@serveur1.home.net/ser"
user=root
group=ser
fifo_user=root # owner of the ser fifo
fifo_group=ser
fifo_mode=0660 # fifo's permissions
#disable_core=yes #disables core dumping
#open_fd_limit=1024 # sets the open file descriptors
limit
#mhomed=yes # usefull for multihomed hosts, small
performance penalty
#disable_tcp=yes #tcp_accept_aliases=yes # accepts the tcp alias via
option (see NEWS)
listen=80.119.9.7
#
# ------------------ module loading
----------------------------------
loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/uri.so"
loadmodule "/usr/lib/ser/modules/uri_db.so"
loadmodule "/usr/lib/ser/modules/nathelper.so"
loadmodule "/usr/lib/ser/modules/mediaproxy.so"
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
loadmodule "/usr/lib/ser/modules/textops.so"
loadmodule "/usr/lib/ser/modules/permissions.so"
loadmodule "/usr/lib/ser/modules/domain.so"
loadmodule "/usr/lib/ser/modules/group.so"
loadmodule "/usr/lib/ser/modules/avpops.so"
# ----------------- setting module-specific parameters
---------------
# -- usrloc params--
modparam("usrloc", "db_mode", 2)
# -- autdb_params--
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# -- nathelper params --
modparam("nathelper", "ping_nated_only", 0)
modparam("nathelper", "rtpproxy_disable", 1)
# mediaproxy params --
modparam("mediaproxy", "natping_interval", 30)
modparam("mediaproxy", "mediaproxy_socket",
"var/run/mediaproxy.sock")
# -- registrar params --
modparam("registrar", "nat_flag", 4)
# -- tm params --
modparam("tm", "fr_inv_timer", 27)
modparam("tm", "fr_inv_timer_avp", "inv_timeout")
# --domain params --
modparam("domain", "db_url",
"mysql://ser:heslo@serveur1.home.net/ser") modparam("domain",
"domain_table", "domain")
modparam("domain", "db_mode", 1) # Use caching
# -- permissions params --
modparam("permissions", "db_url",
"mysql://ser:heslo@serveur1.home.net/ser")
modparam("permissions", "db_mode", 1)
modparam("permissions", "trusted_table", "trusted")
modparam("permissions", "default_deny_file",
"/etc/ser/permissions.deny")
modparam("permissions", "default_allow_file",
"/etc/ser/permissions.allow")
# ------------------------- request routing logic
-------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len >= max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy;
that's
# particularly good if upstream and downstream
entities
# use different transport protocol
if (!method=="REGISTER") { record_route();
};
if (method=="CANCEL" || method=="BYE") {
end_media_session();
};
# subsequent messages withing a dialog should take
the
# path determined by record-routing
if (loose_route()) {
if (has_totag() && method=="INVITE" ||
method=="ACK") {
if (client_nat_test("3")) {
setflag(4);
force_rport();
fix_contact();
};
use_media_proxy();
};
route(1);
break;
};
# Requests to others domains
if (!is_uri_host_local()) {
# Checking Authorization
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","0");
sl_send_reply("407", "Proxy Authentication
Required");
break;
};
if (client_nat_test("3")) {
setflag(4);
};
if (isflagset(4)) {
force_rport();
fix_contact();
use_media_proxy();
};
# mark routing logic in request
append_hf("P-hint: outbound\r\n"); route(1);
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following
command
# with proper names and addresses in it)
if (is_from_local() || src_ip==192.168.0.0/24 &&
src_port==5050) {
if (method=="CANCEL") {
route(3);
break;
} else if (method=="INVITE") {
route(3);
break;
} else if (method=="REGISTER") {
route(2);
break;
};
};
}
route[1] { ###########################
# Default Message Handler #
###########################
t_on_reply("1");
# send it out now; use stateful forwarding as it
works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
}
route[2] {
############################
# Register Message Handler #
############################
if (client_nat_test("3")) {
setflag(4);
force_rport();
fix_contact();
};
if (!www_authorize("nxs.yi.org", "subscriber")) {
www_challenge("nxs.yi.org", "0");
sl_send_reply("401", "Unauthorized");
break;
};
if (!check_to()) {
sl_send_reply("401", "Unauthorized");
break;
};
consume_credentials();
if (!save("location")) {
sl_reply_error();
break;
};
}
route[3] {
#############################
# CANCEL and INVITE handler #
#############################
# checking our sip agents
if (client_nat_test("3")) {
setflag(4);
};
if (isflagset(4)) {
force_rport();
fix_contact();
use_media_proxy();
};
# Checking Authorization to use proxy sip if
(method=="INVITE" && !allow_trusted()) {
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","0");
sl_send_reply("407", "Proxy Authentication
Required");
break;
};
};
consume_credentials();
# SIP destinations to PSTN
if (uri=~"^sip:0[0-9]{4}@.*$" ||
uri=~"^sip:0[0-9]{10}@.*$" ||
uri=~"^sip:006[0-9]{8}@.*$") {
route(4); route(1); break;
};
# SIP destinations to IPBX
if (uri=~"^sip:8[0-3]@.*$") {
route(5);
route(1);
break;
}
# native SIP destinations are handled using
our USRLOC DB
lookup("aliases");
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
break;
};
route(1);
break;
}
route[4] {
##########################
# Outgoing PSTN Handler #
##########################
# check ACLs
if (uri=~"^sip:0[0-9]{4}@.*$") {
if (!is_user_in("From", "local")) {
sl_send_reply("403", "Forbidden");
break;
};
} else if (uri=~"^sip:0[0-9]{10}@.*$") {
if (!is_user_in("From", "local")) {
sl_send_reply("403",
"Forbidden");
break;
};
} else if (uri=~"^sip:006[0-9]{8}@.*$") {
if (!is_user_in("From", "cellphone"))
{
sl_send_reply("403",
"Forbidden");
break;
};
};
rewritehostport("192.168.0.50:5050");
}
route[5] {
##########################
# Asterisk Handler #
##########################
if (uri=~"^sip:8[0-3]@.*$") {
if (!is_user_in("From", "local")) {
sl_send_reply("403",
"Forbidden");
break;
};
};
rewritehostport("192.168.0.50:5050");
# t_relay_to_udp("192.168.0.50","5060");
}
#route[6] {
##########################
# Sems Handler #
##########################
# t_relay_to_udp("192.168.0.50","5060");
#}
onreply_route[1] {
##########################
# Statefull Handler #
##########################
if (client_nat_test("1")) {
setflag(4);
};
if (isflagset(4) && status=~"(180) || (183) ||
2[0-9][0-9]") {
if(search("^Content-Type: .*$")) {
use_media_proxy();
};
};
}
--- Ryan Pagquil <rpagquil(a)philonline.com> a écrit :
i'm trying to connect to you at
sip:bob@80.119.9.7
but i get proxy authenticate. can we test our setup and chat for a
while.
harry gaillac wrote:
___________________________________________________________________________
Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo!
Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
> Hi Harry,
> I'am a new user , and would like to
>
test
> my call over the
> internet, i have an internet connection at home,
> where can i find a publicly available SIP server
>
to
> route the call to you,
> so that i can test th functionality ?
>
>
Look at www.ingate.com
> please can u suggest a way, or if you are on
>
Public
> IP, i can use direct
> call, but as you have a domain name,
> i would like the call to be routed using a Public
> running SIP Server ,
>
>
try sip:bob@nxs.yi.org or sip:bob@80.119.9.7
i have somme problems to receive calls !!?
Regards
Harry
___________________________________________________________________________
Appel audio GRATUIT partout dans le monde avec
le
nouveau Yahoo! Messenger
Téléchargez cette version sur
http://fr.messenger.yahoo.com
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
--
Ryan Pagquil
Infodyne Inc. - PhilOnline.com
3603 Antel Global Corporate Center
Doña Julia Vargas Ave.
Ortigas Center Pasig City
Tel: 687-0715
Web: www.philonline.com