Dear serusers,
I am running SER 9.4 . it works great. I am running SER outside on public address
I am also having small problem behind NAT. To resolv this I am running Stun server - public address with Stun Client - private address ( behind NAT address )
The clients were not able to find its location.
But If i do enter Public ip addresss for that system by finding via www.ip2location.com , Both incomming and out going works. The Problem is every time , i have to manually enter the ipaddress.
Not sure, if I have to put both Stun server and Stun Client on the public network. And not sure, Stun Client process gives the ip address of the location
Please help me
Regards Nesan
----- Original Message ----- From: serusers-request@lists.iptel.org To: serusers@lists.iptel.org Sent: Sunday, November 13, 2005 5:00 AM Subject: Serusers Digest, Vol 31, Issue 15
Send Serusers mailing list submissions to serusers@lists.iptel.org
To subscribe or unsubscribe via the World Wide Web, visit http://lists.iptel.org/mailman/listinfo/serusers or, via email, send a message with subject or body 'help' to serusers-request@lists.iptel.org
You can reach the person managing the list at serusers-owner@lists.iptel.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of Serusers digest..."
Today's Topics:
- LCR question (Juha Heinanen)
- Question Compiling acc.so (Leo Papadopoulos)
- Re: NAT Traversal (Thomas Britis)
- Multi-domain setup problem (Daryl Sanders)
- Re: Question Compiling acc.so (sip)
- Re: mediaproxy for incoming (George Lambson)
Message: 1 Date: Sat, 12 Nov 2005 15:48:01 +0200 From: Juha Heinanen jh@tutpro.com Subject: [Serusers] LCR question To: Stefan Prelle s.prelle@broadnet.de Cc: serusers@lists.iptel.org Message-ID: 17269.62097.141780.968729@rautu.tutpro.com Content-Type: text/plain; charset=us-ascii
Stefan Prelle writes:
I am having huge performance problems. The OpenSER drops to effectivly 1 CPS. My lcr table contains only 20 entries and I have just 2 gateways configured, so this shouldn't be a problem.
currently load_gws() makes a complex mysql query, but only one mysql query per second seems very slow to me. load_gws could be rewritten totally in c, but so far nobody has had time to do so.
-- juha
Message: 2 Date: Sat, 12 Nov 2005 10:26:34 -0500 From: "Leo Papadopoulos" leo@telecomcto.com Subject: [Serusers] Question Compiling acc.so To: serusers@lists.iptel.org Message-ID: 006201c5e79d$77ea4250$0a01010a@leoathlon Content-Type: text/plain; charset="us-ascii"
Dear serusers,
I am running ser 0.9.3 I want to enable the accounting package to write to MySQL. I realize I
need
to recompile to do this.
Can I just compile ONLY the acc and somehow install this acc module? If
so,
how? Is it just easier or better to recompile all of SER?
Telecom CTO Leo Papadopoulos 10 Old Stone Court Ridgefield, CT 06877 Tel: 203-438-8117 Cell: 203-788-6364 E-mail: leo@telecomCTO.com Web site: www.telecomCTO.com
Message: 3 Date: Sat, 12 Nov 2005 09:36:54 -0200 From: Thomas Britis thomas@tcnet.com.br Subject: Re: [Serusers] NAT Traversal To: "Greger V. Teigre" greger@teigre.com Cc: serusers@lists.iptel.org Message-ID: 4375D3D6.1070805@tcnet.com.br Content-Type: text/plain; charset=us-ascii; format=flowed
I tried. Everything goes fine until I change the default configuration from onsip.org. All the configuration files are basical and needs a lot of changes to make me happy, heh.
If anyone has an idea, it would be great.
Thank you.
Greger V. Teigre wrote:
Seems like you could use the Getting Started document from ONsip.org ;-) g-) ----- Original Message ----- From: "Thomas Britis" thomas@tcnet.com.br To: serusers@lists.iptel.org Sent: Friday, November 11, 2005 5:58 PM Subject: [Serusers] NAT Traversal
Hi,
I'm working on a popular cenario (I think) of SER's implementation but I'm having some difficult on making clients behind NAT to work well. I tried to use rtpproxy and mediaproxy (not together, of course) but without success. Here is my scenario: SER with public IP address with rtpproxy and/or mediaproxy up and running. Clients are behind NAT with NO firewall blocking any ports. Or even one client behind NAT and other with valid IP (by the way, all clients that are not behind nat works fine). The
one
behind nat do not receive any voice but can send it.
I'm attaching my ser.cfg (both, the rtpproxy and mediaproxy one) and appreciate any help.
Thank's in advance.
Thomas Storino Britis TCNet Informatica e Telecomunicacoes LTDA
------
# # $Id: ser.cfg,v 1.25.2.1 2005/02/18 14:30:44 andrei Exp $ # # simple quick-start config script #
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E)
# TCNet Configuration # hostname matching an alias will satisfy the condition uri==myself. listen="200.167.20.34" alias="e-voip.com.br" alias="200.167.20.34" uid="ser" gid="ser"
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" fifo_db_url="mysql://ser:pass@localhost/ser"
# Modules loadmodule "/tcnet/ser/lib/ser/modules/domain.so" loadmodule "/tcnet/ser/lib/ser/modules/mysql.so" loadmodule "/tcnet/ser/lib/ser/modules/sl.so" loadmodule "/tcnet/ser/lib/ser/modules/tm.so" loadmodule "/tcnet/ser/lib/ser/modules/rr.so" loadmodule "/tcnet/ser/lib/ser/modules/maxfwd.so" loadmodule "/tcnet/ser/lib/ser/modules/usrloc.so" loadmodule "/tcnet/ser/lib/ser/modules/registrar.so" loadmodule "/tcnet/ser/lib/ser/modules/auth.so" loadmodule "/tcnet/ser/lib/ser/modules/auth_db.so" loadmodule "/tcnet/ser/lib/ser/modules/uri.so" loadmodule "/tcnet/ser/lib/ser/modules/uri_db.so" loadmodule "/tcnet/ser/lib/ser/modules/nathelper.so" loadmodule "/tcnet/ser/lib/ser/modules/mediaproxy.so" loadmodule "/tcnet/ser/lib/ser/modules/textops.so" loadmodule "/tcnet/ser/lib/ser/modules/avpops.so" loadmodule "/tcnet/ser/lib/ser/modules/acc.so"
# Modules parameter # auth_db modparam("auth_db|uri_db|usrloc", "db_url", "mysql://ser:pass@localhost/ser") modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password")
# mediaproxy modparam("mediaproxy", "mediaproxy_socket", "/var/run/proxydispatcher.sock") modparam("mediaproxy", "natping_interval", 30) modparam("mediaproxy", "sip_asymmetrics", "/tcnet/mediaproxy/sip-asymmetrics-clients") modparam("mediaproxy", "rtp_asymmetrics", "/tcnet/mediaproxy/rtp-asymmetrics-clients")
# usrloc modparam("usrloc", "db_mode", 2)
# rr modparam("rr", "enable_full_lr", 1)
# registrar modparam("registrar", "nat_flag", 6)
# acc modparam("acc", "radius_config", "/usr/local/etc/radiusclient-ng/radiusclient.conf") modparam("acc", "log_level", 1) modparam("acc", "log_flag", 1) modparam("acc", "radius_flag", 1) modparam("acc", "radius_missed_flag", 2) modparam("acc", "log_fmt", "miocfst") modparam("acc", "failed_transactions", 1)
# tm modparam("tm", "fr_inv_timer", 27) modparam("tm", "fr_inv_timer_avp", "inv_timeout")
# main routing logic route {
if (method == "BYE" || method == "CANCEL") { end_media_session(); setflag(1); # accounting setflag(2); # missed call };
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { if (method!="ACK") { sl_send_reply("483", "Too Many Hops"); break; }; }; if (msg:len > max_len) { if (method!="ACK") { sl_send_reply("513", "Message too big"); break; }; };
if (method!="REGISTER") { record_route (); };
if (loose_route()) { if (method=="BYE" || method=="CANCEL") { end_media_session(); setflag(1); setflag(2); }; if (method=="INVITE" || method=="ACK") { use_media_proxy(); }; route(1); break; };
if (uri == myself) { if (method == "REGISTER") { if (search("^(Contact|m): .*@(200.167.20.34|evoip03.tcnet.com.br|sip.e-voip.com.br)")) { log("LOG: alert: someone trying to set aor==contact\n"); sl_send_reply("476", "No Server Address in Contacts Allowed"); break; };
route(2); # WWW authentication
if (!save("location")) { sl_reply_error(); }; break; };
if (method == "INVITE") { route(3); # PROXY authentication if (uri=~"^sip:0") { route(4); # Asterisk };
consume_credentials();
#lookup("location"); if (!lookup("location")) { if (!lookup("aliases")) { if (uri=~"^sip:[3789][0-9]") { prefix("035"); route(4); # Asterisk } else { sl_send_reply ("404", "Not Found"); break; }; }; }; setflag(1); setflag(2); route(1); break; }; }; route(1); }
# Fix NATED client on reply route. onreply_route[1] { if (client_nat_test("1") && status=~"(183)|(2[0-9][0-9])") { fix_contact(); }; use_media_proxy (); }
# Normal relay route[1] {
if (uri =~ "[@:](192.168.|10.|172.16)" && !search("^Route:")) { sl_send_reply("479", "We don't forward to private IP addresses"); break; };
t_on_reply("1"); t_on_failure("1");
if (!t_relay()) { sl_reply_error(); }; }
# WWW authentication route[2] { if (client_nat_test("3")) { setflag(6); force_rport(); fix_contact(); };
sl_send_reply("100", "Trying");
if (!www_authorize("", "subscriber")) { www_challenge("", "0"); break; };
if (!check_to()) { sl_send_reply ("401", "Unauthorized"); break; };
}
# PROXY authentication route[3] { if (!proxy_authorize("", "subscriber")) { proxy_challenge("", "0"); break; }; }
# Asterisk - E-Voip route[4] { t_on_reply("1"); rewritehost("200.167.20.26"); avp_write("i:45", "inv_timeout"); }
failure_route[1] { end_media_session(); }
------
# # $Id: ser.cfg,v 1.25.2.1 2005/02/18 14:30:44 andrei Exp $ # # simple quick-start config script #
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E)
# TCNet Configuration # hostname matching an alias will satisfy the condition uri==myself. listen="200.167.20.34" alias="e-voip.com.br" alias="200.167.20.34" uid="ser" gid="ser"
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" fifo_db_url="mysql://ser:pass@localhost/ser"
# Modules loadmodule "/tcnet/ser/lib/ser/modules/mysql.so" loadmodule "/tcnet/ser/lib/ser/modules/sl.so" loadmodule "/tcnet/ser/lib/ser/modules/tm.so" loadmodule "/tcnet/ser/lib/ser/modules/rr.so" loadmodule "/tcnet/ser/lib/ser/modules/maxfwd.so" loadmodule "/tcnet/ser/lib/ser/modules/usrloc.so" loadmodule "/tcnet/ser/lib/ser/modules/registrar.so" loadmodule "/tcnet/ser/lib/ser/modules/auth.so" loadmodule "/tcnet/ser/lib/ser/modules/auth_db.so" loadmodule "/tcnet/ser/lib/ser/modules/uri.so" loadmodule "/tcnet/ser/lib/ser/modules/uri_db.so" loadmodule "/tcnet/ser/lib/ser/modules/nathelper.so" loadmodule "/tcnet/ser/lib/ser/modules/textops.so" loadmodule "/tcnet/ser/lib/ser/modules/avpops.so" loadmodule "/tcnet/ser/lib/ser/modules/acc.so"
# Modules parameter # auth_db modparam("auth_db|uri_db|usrloc", "db_url", "mysql://ser:pass@localhost/ser") modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password")
# nathelper modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock")
# usrloc modparam("usrloc", "db_mode", 2)
# rr modparam("rr", "enable_full_lr", 1)
# registrar modparam("registrar", "nat_flag", 6)
# acc modparam("acc", "radius_config", "/usr/local/etc/radiusclient-ng/radiusclient.conf") modparam("acc", "log_level", 1) modparam("acc", "log_flag", 1) modparam("acc", "radius_flag", 1) modparam("acc", "radius_missed_flag", 2) modparam("acc", "log_fmt", "miocfst") modparam("acc", "failed_transactions", 1)
# tm modparam("tm", "fr_inv_timer", 27) modparam("tm", "fr_inv_timer_avp", "inv_timeout")
# main routing logic route {
if (method == "BYE" || method == "CANCEL") { unforce_rtp_proxy(); setflag(1); # accounting setflag(2); # missed call };
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483", "Too Many Hops"); break; }; if (msg:len > max_len) { sl_send_reply("513", "Message too big"); break; };
if (method!="REGISTER") { record_route (); };
if (loose_route()) { if (method == "BYE") { setflag(1); setflag(2); unforce_rtp_proxy(); }; route(1); break; };
if (uri == myself) { if (method=="INVITE") { fix_nated_sdp ("1"); };
if (method == "REGISTER") { if (search("^(Contact|m): .*@(200.167.20.34|evoip03.tcnet.com.br|sip.e-voip.com.br)")) { log("LOG: alert: someone trying to set aor==contact\n"); sl_send_reply("476", "No Server Address in Contacts Allowed"); break; };
route(2); # WWW authentication
if (!save("location")) { sl_reply_error(); }; break; };
if (method == "INVITE") { route(3); # PROXY authentication if (uri=~"^sip:0") { route(4); # Asterisk };
consume_credentials();
#lookup("location"); if (!lookup("location")) { if (!lookup("aliases")) { if (uri=~"^sip:[3789][0-9]") { prefix("035"); route(4); # Asterisk } else { sl_send_reply ("404", "Not Found"); break; }; }; }; setflag(1); setflag(2); route(1); break; }; }; route(1); }
# Fix NATED client on reply route. onreply_route[1] { if (isflagset(6) && status=~"(180)|(183)|2[0-9][0-9]") { if (!search("Content-Length:[ ]*0")) { force_rtp_proxy(); }; }; }
# Normal relay route[1] {
if (uri =~ "[@:](192.168.|10.|172.16)" && !search("^Route:")) { sl_send_reply("479", "We don't forward to private IP addresses"); break; };
t_on_reply("1");
if (isflagset(6) || isflagset(5)) { log (1, "oi"); force_rtp_proxy (); };
if (!t_relay()) { sl_reply_error(); }; }
# WWW authentication route[2] { if (!search("^Contact:[ ]**") && nat_uac_test("19")) { setflag(6); fix_nated_register(); force_rport(); };
sl_send_reply("100", "Trying");
if (!www_authorize("", "subscriber")) { www_challenge("", "0"); break; };
if (!check_to()) { sl_send_reply ("401", "Unauthorized"); break; };
if (isflagset(5)) { setflag(6); }; }
# PROXY authentication route[3] { if (nat_uac_test("19")) { setflag(6); };
if (!proxy_authorize("", "subscriber")) { proxy_challenge("", "0"); break; }; }
# Asterisk - E-Voip route[4] { if (isflagset(6)) { force_rport(); fix_nated_contact(); force_rtp_proxy(); };
t_on_reply("1"); rewritehost("200.167.20.26"); avp_write("i:45", "inv_timeout"); }
------
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Thomas Storino Britis TCNet Informatica e Telecomunicacoes LTDA
Message: 4 Date: Sat, 12 Nov 2005 14:59:01 -0700 From: Daryl Sanders daryl.sanders@gmail.com Subject: [Serusers] Multi-domain setup problem To: users@openser.org, SER Users serusers@lists.iptel.org Message-ID: cffd7ecd0511121359l3d7a135ev84f81087534e3a84@mail.gmail.com Content-Type: text/plain; charset=ISO-8859-1
Hi Everyone,
I just added a second domain to my openser box and screwed things up
somehow.
Maybe someone can help figure out what's going on. I'm using the new onsip config (unmodified except IPs & replacing breaks w/returns). I'm using mediaproxy for NAT. Everything worked properly prior to adding the new domain. I did add the new domain to the domain table, and have loaded the domain module with modparams as follows.
modparam("domain", "db_url", "mysql://openser:mypass@myhost/openser") modparam("domain", "db_mode", 1) modparam("domain", "domain_table", "domain") modparam("domain", "domain_col", "domain")
Existing domain: sip1.mydomain.com New domain: sip1.mydomain.com
user1: X-Lite (behind NAT) private-IP (192.168.x.x) Registers using domain sip1.mydomain.com
user2: Linksys PAP2-NA public-IP (same subnet as Utsarcom) Registers using domain sip1.mydomain.com
user3: Utstarcom iAN-02EX public-IP (63.225.x.x) Registers using domain sip2.mydomain.com
Here is what happens now...
- All users can register fine.
- user1 & user2 can only receives calls from user3 (can't call others
or pstn , 407 Proxy Auth Required)
- user3 is the only one who can call others (calls to user1,user2, &
pstn are fine)
It's probably just something simple I missed, but I can't seem to figure it out. As always, thanks for your assistance.
- Daryl
Message: 5 Date: Sat, 12 Nov 2005 17:02:34 -0500 From: "sip" sip@arcdiv.com Subject: Re: [Serusers] Question Compiling acc.so To: "Leo Papadopoulos" leo@telecomcto.com, serusers@lists.iptel.org Message-ID: 20051112215625.M80825@infinideas.com Content-Type: text/plain; charset=iso-8859-1
It's actually pretty easy to just recompile/install a module at a time.
The
recompilation part is in the docs (INSTALL file).
Basically, from the root directory of your source code...
make modules=modules/acc modules
That would recompile the acc module. My recommendation, however, is to go INTO the src/modules/acc directoy and do a make clean (it will whine about
how
you should run this from the root directory, but ignore that -- that's
just a
stock message and doesn't pertain to make cleans). THEN recompile the
module
from the root of the src tree to make sure any stale object files are no longer lying about mucking up your recompile.
Once it's been compiled, stop ser (important step), and just copy the resulting .so (which will be in the modules/acc directory) file into the /usr/local/lib/ser/modules directory and you're good to go.
Restart ser and watch for weird error messages in the log. :)
STOPPING ser is very important if you're replacing one of its modules, or
it
will panic, die, and leave a bunch of core files sitting in your / tree. Always messy.
N.
On Sat, 12 Nov 2005 10:26:34 -0500, Leo Papadopoulos wrote
Dear serusers,
I am running ser 0.9.3 I want to enable the accounting package to write to MySQL. I realize I need to recompile to do this.
Can I just compile ONLY the acc and somehow install this acc module? If so, how? Is it just easier or better to recompile all of SER?
Telecom CTO Leo Papadopoulos 10 Old Stone Court Ridgefield, CT 06877 Tel: 203-438-8117 Cell: 203-788-6364 E-mail: leo@telecomCTO.com Web site: www.telecomCTO.com
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Message: 6 Date: Sat, 12 Nov 2005 17:50:37 -0700 From: George Lambson LambsonGE@mtc.byu.edu Subject: Re: [Serusers] mediaproxy for incoming To: greger@teigre.com Cc: serusers@lists.iptel.org Message-ID: s3762bd8.008@mtcemail.mtc.byu.edu Content-Type: text/plain; charset=US-ASCII
Any idea what I might be doing wrong?
I have had some issues with setting up the served domain. I use x-lite for
my SIP UAs and have to put the host name of my SER server to get them to log in, even though I set the environment variable for the SIP domain of the server to my domain. Do you think that it might be related?
Thanks, George
"Greger V. Teigre" greger@teigre.com 11/11/2005 12:19:59 AM >>>
I believe the standard NAT traversal configs from onsip.org should handle that. g-) ----- Original Message ----- From: "George Lambson" LambsonGE@mtc.byu.edu To: serusers@lists.iptel.org Sent: Friday, November 11, 2005 12:51 AM Subject: [Serusers] mediaproxy for incoming
Is anyone using mediaproxy for INCOMING calls?
What I mean is: is SER capable of accepting INVITE messages from an unregistered UA that is behind a NAT Firewall and connecting them with a registered UA?
I would like to be able to receive incoming calls for my domain from anyone on the internet and connect them to the proper user. Please tell
me
anyone if you are successfully doing this.
Thanks, George
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
End of Serusers Digest, Vol 31, Issue 15