24 Feb
2011
24 Feb
'11
12:44 p.m.
Hi,
I installed a kamailio from the debian repository, i use the default
configuration.
The only enable the tcp and tls transport modes, and configured mysql login.
Everyting seems to be working fine.
I would need now to configure rtprpoxy, but i just cant make it work.
My goal is to force rtpproxy for all calls.
Any help is highly appreciated!!
Thank you
Marc
Rtpproxy is installed and seems to be running:
This is my rtpproxy configuration:
------------
# Defaults for rtpproxy
# The control socket.
#CONTROL_SOCK="unix:/var/run/rtpproxy/rtpproxy.sock"
# To listen on an UDP socket, uncomment this line:
CONTROL_SOCK=udp:127.0.0.1:22222
LISTEN_ADDR=[external_ip]
# Additional options that are passed to the daemon.
EXTRA_OPTS="-l ${LISTEN_ADDR}"
/usr/sbin#
-------------
It seems to be running:
-----------
/etc/init.d# ./rtpproxy start
Starting RTP relay: rtpproxy.
/etc/init.d# netstat -an|grep 22222
udp 0 0 127.0.0.1:22222 0.0.0.0:*
/etc/init.d#
-----------------
Here is my kamailio configuration, default as is installed:
-------------------------------------------
#!KAMAILIO
#
# Kamailio (OpenSER) SIP Server v3.1 - default configuration script
# - web: http://www.kamailio.org
# - git: http://sip-router.org
#
# Direct your questions about this file to: <sr-users(a)lists.sip-router.org>
# # Refer to the Core CookBook at http://www.kamailio.org/dokuwiki/doku.php
# for an explanation of possible statements, functions and parameters.
#
# Several features can be enabled using '#!define WITH_FEATURE' directives:
#
# *** To run in debug mode:
# - define WITH_DEBUG
#
# *** To enable mysql:
# - define WITH_MYSQL
#
# *** To enable authentication execute:
# - enable mysql
# - define WITH_AUTH
# - add users using 'kamctl'
#
# *** To enable IP authentication execute:
# - enable mysql
# - enable authentication
# - define WITH_IPAUTH
# - add IP addresses with group id '1' to 'address' table
#
# *** To enable persistent user location execute:
# - enable mysql
# - define WITH_USRLOCDB
#
# *** To enable presence server execute:
# - enable mysql
# - define WITH_PRESENCE
#
# *** To enable nat traversal execute:
# - define WITH_NAT
# - install RTPProxy: http://www.rtpproxy.org
# - start RTPProxy:
# rtpproxy -l _your_public_ip_ -s udp:localhost:7722
#
# *** To enable PSTN gateway routing execute:
# - define WITH_PSTN
# - set the value of pstn.gw_ip
# - check route[PSTN] for regexp routing condition
#
# *** To enable database aliases lookup execute:
# - enable mysql
# - define WITH_ALIASDB
#
# *** To enable multi-domain support execute:
# - enable mysql
# - define WITH_MULTIDOMAIN
#
# *** To enable TLS support execute:
# - adjust CFGDIR/tls.cfg as needed
# - define WITH_TLS
#
# *** To enable XMLRPC support execute:
# - define WITH_XMLRPC
# - adjust route[XMLRPC] for access policy
#
# *** To enable anti-flood detection execute:
# - adjust pike and htable=>ipban settings as needed (default is
# block if more than 16 requests in 2 seconds and ban for 300 seconds)
# - define WITH_ANTIFLOOD
#
# *** To enhance accounting execute:
# - enable mysql
# - define WITH_ACCDB
# - add following columns to database
#!ifdef ACCDB_COMMENT
ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT
'';
ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL
DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT
'';
ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT
'';
ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL
DEFAULT ''; #!endif
####### Defined Values #########
# *** Value defines - IDs used later in config #!ifdef WITH_MYSQL # -
database URL - used to connect to database server by modules such
# as: auth_db, acc, usrloc, a.s.o.
#!define ""mysql:[my_mysql_db_config]""
"mysql://openser:openserrw@localhost/openser"
#!endif
#!ifdef WITH_MULTIDOMAIN
# - the value for 'use_domain' parameters #!define MULTIDOMAIN 1 #!else
#!define MULTIDOMAIN 0 #!endif
# - flags
# FLT_ - per transaction (message) flags
# FLB_ - per branch flags
#!define FLT_ACC 1
#!define FLT_ACCMISSED 2
#!define FLT_ACCFAILED 3
#!define FLT_NATS 5
#!define FLB_NATB 6
#!define FLB_NATSIPPING 7
####### Global Parameters #########
#!ifdef WITH_DEBUG
debug=2
log_stderror=no
#!else
debug=2
log_stderror=no
#!endif
memdbg=5
memlog=5
log_facility=LOG_DAEMON
fork=yes
children=4
/* uncomment the next line to disable TCP (default on) */ disable_tcp=no
/* uncomment the next line to disable the auto discovery of local aliases
based on reverse DNS on IPs (default on) */ #auto_aliases=no
/* add local domain aliases */
/* uncomment and configure the following line if you want Kamailio to
bind on a specific interface/port/proto (default bind on all available)
*/ listen=udp:[external_ip]:5060
listen=tcp:[external_ip]:5062
listen=tls:[external_ip]:5061
/* port to listen to
* - can be specified more than once if needed to listen on many ports */
port=5060
port=5062
tls_port_no=5061
enable_tls=yes
#!ifdef WITH_TLS
enable_tls=yes
#!endif
####### Custom Parameters #########
# These parameters can be modified runtime via RPC interface # - see the
documentation of 'cfg_rpc' module.
#
# Format: group.id = value 'desc' description # Access:
$sel(cfg_get.group.id) or @cfg_get.group.id #
#!ifdef WITH_PSTN
# PSTN GW Routing
#
# - pstn.gw_ip: valid IP or hostname as string value, example:
# pstn.gw_ip = "10.0.0.101" desc "My PSTN GW Address"
#
# - by default is empty to avoid misrouting #pstn.gw_ip = "" desc "PSTN GW
Address"
#!endif
####### Modules Section ########
# set paths to location of modules
#!ifdef LOCAL_TEST_RUN
mpath="modules_k:modules"
#!else
mpath="/usr/lib/kamailio/modules_k/:/usr/lib/kamailio/modules/"
#!endif
#!ifdef WITH_MYSQL
loadmodule "db_mysql.so"
#!endif
loadmodule "mi_fifo.so"
loadmodule "kex.so"
loadmodule "tm.so"
loadmodule "tmx.so"
loadmodule "sl.so"
loadmodule "rr.so"
loadmodule "pv.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "siputils.so"
loadmodule "xlog.so"
loadmodule "sanity.so"
loadmodule "ctl.so"
loadmodule "mi_rpc.so"
loadmodule "acc.so"
loadmodule "tls.so"
modparam("tls", "config", "/etc/kamailio/tls.cfg")
#!ifdef WITH_AUTH
loadmodule "auth.so"
loadmodule "auth_db.so"
#!ifdef WITH_IPAUTH
loadmodule "permissions.so"
#!endif
#!endif
#!ifdef WITH_ALIASDB
loadmodule "alias_db.so"
#!endif
#!ifdef WITH_MULTIDOMAIN
loadmodule "domain.so"
#!endif
#!ifdef WITH_PRESENCE
loadmodule "presence.so"
loadmodule "presence_xml.so"
#!endif
#!ifdef WITH_NAT
loadmodule "nathelper.so"
loadmodule "rtpproxy.so"
#!endif
#!ifdef WITH_TLS
loadmodule "tls.so"
#!endif
#!ifdef WITH_ANTIFLOOD
loadmodule "htable.so"
loadmodule "pike.so"
#!endif
#!ifdef WITH_XMLRPC
loadmodule "xmlrpc.so"
#!endif
# ----------------- setting module-specific parameters ---------------
# ----- mi_fifo params -----
modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
# ----- tm params -----
# auto-discard branches from previous serial forking leg modparam("tm",
"failure_reply_mode", 3) # default retransmission timeout: 30sec
modparam("tm", "fr_timer", 30000) # default invite retransmission
timeout
after 1xx: 120sec modparam("tm", "fr_inv_timer", 120000)
# ----- rr params -----
# add value to ;lr param to cope with most of the UAs modparam("rr",
"enable_full_lr", 1) # do not append from tag to the RR (no need for this
script) modparam("rr", "append_fromtag", 0)
# ----- registrar params -----
modparam("registrar", "method_filtering", 1)
/* uncomment the next line to disable parallel forking via location */ #
modparam("registrar", "append_branches", 0)
/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)
# ----- acc params -----
/* what special events should be accounted ? */ modparam("acc",
"early_media", 0) modparam("acc", "report_ack", 0)
modparam("acc",
"report_cancels", 0)
/* by default ww do not adjust the direct of the sequential requests.
if you enable this parameter, be sure the enable "append_fromtag"
in "rr" module */
modparam("acc", "detect_direction", 0)
/* account triggers (flags) */
modparam("acc", "log_flag", FLT_ACC)
modparam("acc", "log_missed_flag", FLT_ACCMISSED)
modparam("acc",
"log_extra",
"src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
/* enhanced DB accounting */
#!ifdef WITH_ACCDB
modparam("acc", "db_flag", FLT_ACC)
modparam("acc", "db_missed_flag", FLT_ACCMISSED)
modparam("acc", "db_url",
""[my_mysql_db_config]"") modparam("acc",
"db_extra",
"src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
#!endif
# ----- usrloc params -----
/* enable DB persistency for location entries */ #!ifdef WITH_USRLOCDB
modparam("usrloc", "db_url", "[my_mysql_db_config]")
modparam("usrloc",
"db_mode", 2) modparam("usrloc", "use_domain", MULTIDOMAIN)
#!endif
# ----- auth_db params -----
#!ifdef WITH_AUTH
modparam("auth_db", "db_url",
""[my_mysql_db_config]"") modparam("auth_db",
"calculate_ha1", yes) modparam("auth_db", "password_column",
"password")
modparam("auth_db", "load_credentials", "")
modparam("auth_db",
"use_domain", MULTIDOMAIN)
# ----- permissions params -----
#!ifdef WITH_IPAUTH
modparam("permissions", "db_url", "[my_mysql_db_config]")
modparam("permissions", "db_mode", 1) #!endif
#!endif
# ----- alias_db params -----
#!ifdef WITH_ALIASDB
modparam("alias_db", "db_url", "[my_mysql_db_config]")
modparam("alias_db",
"use_domain", MULTIDOMAIN) #!endif
# ----- domain params -----
#!ifdef WITH_MULTIDOMAIN
modparam("domain", "db_url", "[my_mysql_db_config]") # use
caching
modparam("domain", "db_mode", 1) # register callback to match myself
condition with domains list modparam("domain", "register_myself", 1)
#!endif
#!ifdef WITH_PRESENCE
# ----- presence params -----
modparam("presence", "db_url", "[my_mysql_db_config]")
# ----- presence_xml params -----
modparam("presence_xml", "db_url", "[my_mysql_db_config]")
modparam("presence_xml", "force_active", 1) #!endif
#!ifdef WITH_NAT
# ----- rtpproxy params -----
modparam("rtpproxy", "rtpproxy_sock",
"udp:127.0.0.1:22222")
# ----- nathelper params -----
modparam("nathelper", "natping_interval", 30)
modparam("nathelper",
"ping_nated_only", 1) modparam("nathelper", "sipping_bflag",
FLB_NATSIPPING)
modparam("nathelper", "sipping_from",
"sip:pinger@[mydomain]")
# params needed for NAT traversal in other modules
modparam("nathelper|registrar", "received_avp",
"$avp(RECEIVED)")
modparam("usrloc", "nat_bflag", FLB_NATB) #!endif
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config", "/etc/kamailio/tls.cfg")
modparam("tls",
"tls_debug", 10) #!endif
#!ifdef WITH_ANTIFLOOD
# ----- pike params -----
modparam("pike", "sampling_time_unit", 2) modparam("pike",
"reqs_density_per_unit", 16) modparam("pike",
"remove_latency", 4)
# ----- htable params -----
# ip ban htable with autoexpire after 5 minutes modparam("htable",
"htable",
"ipban=>size=8;autoexpire=300;") #!endif
#!ifdef WITH_XMLRPC
# ----- xmlrpc params -----
modparam("xmlrpc", "route", "XMLRPC");
modparam("xmlrpc", "url_match", "^/RPC") #!endif
####### Routing Logic ########
# Main SIP request routing logic
# - processing of any incoming SIP request starts with this route route {
# per request initial checks
route(REQINIT);
# NAT detection
route(NAT);
# handle requests within SIP dialogs
route(WITHINDLG);
### only initial requests (no To tag)
# CANCEL processing
if (is_method("CANCEL"))
{
if (t_check_trans())
t_relay();
exit;
}
t_check_trans();
# authentication
route(AUTH);
# record routing for dialog forming requests (in case they are
routed)
# - remove preloaded route headers
remove_hf("Route");
if (is_method("INVITE|SUBSCRIBE"))
record_route();
# account only INVITEs
if (is_method("INVITE"))
{
setflag(FLT_ACC); # do accounting
}
# dispatch requests to foreign domains
route(SIPOUT);
### requests for my local domains
# handle presence related requests
route(PRESENCE);
# handle registrations
route(REGISTRAR);
if ($rU==$null)
{
# request with no Username in RURI
sl_send_reply("484","Address Incomplete");
exit;
}
# dispatch destinations to PSTN
route(PSTN);
# user location service
route(LOCATION);
route(RELAY);
}
route[RELAY] {
#!ifdef WITH_NAT
if (check_route_param("nat=yes")) {
setbflag(FLB_NATB);
}
if (isflagset(FLT_NATS) || isbflagset(FLB_NATB)) {
route(RTPPROXY);
}
#!endif
/* example how to enable some additional event routes */
if (is_method("INVITE")) {
#t_on_branch("BRANCH_ONE");
t_on_reply("REPLY_ONE");
t_on_failure("FAIL_ONE");
}
if (!t_relay()) {
sl_reply_error();
}
exit;
}
# Per SIP request initial checks
route[REQINIT] {
#!ifdef WITH_ANTIFLOOD
# flood dection from same IP and traffic ban for a while
# be sure you exclude checking trusted peers, such as pstn gateways
# - local host excluded (e.g., loop to self)
if(src_ip!=myself)
{
if($sht(ipban=>$si)!=$null)
{
# ip is already blocked
xdbg("request from blocked IP - $rm from $fu
(IP:$si:$sp)\n");
exit;
}
if (!pike_check_req())
{
xlog("L_ALERT","ALERT: pike blocking $rm from $fu
(IP:$si:$sp)\n");
$sht(ipban=>$si) = 1;
exit;
}
}
#!endif
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
}
if(!sanity_check("1511", "7"))
{
xlog("Malformed SIP message from $si:$sp\n");
exit;
}
}
# Handle requests within SIP dialogs
route[WITHINDLG] {
if (has_totag()) {
# sequential request withing a dialog should
# take the path determined by record-routing
if (loose_route()) {
if (is_method("BYE")) {
setflag(FLT_ACC); # do accounting ...
setflag(FLT_ACCFAILED); # ... even if the
transaction fails
}
route(RELAY);
} else {
if (is_method("SUBSCRIBE") && uri == myself) {
# in-dialog subscribe requests
route(PRESENCE);
exit;
}
if ( is_method("ACK") ) {
if ( t_check_trans() ) {
# no loose-route, but stateful ACK;
# must be an ACK after a 487
# or e.g. 404 from upstream server
t_relay();
exit;
} else {
# ACK without matching transaction
... ignore and discard
exit;
}
}
sl_send_reply("404","Not here");
}
exit;
}
}
# Handle SIP registrations
route[REGISTRAR] {
if (is_method("REGISTER"))
{
if(isflagset(FLT_NATS))
{
setbflag(FLB_NATB);
# uncomment next line to do SIP NAT pinging
setbflag(FLB_NATSIPPING);
}
if (!save("location"))
sl_reply_error();
exit;
}
}
# USER location service
route[LOCATION] {
#!ifdef WITH_ALIASDB
# search in DB-based aliases
alias_db_lookup("dbaliases");
#!endif
if (!lookup("location")) {
switch ($rc) {
case -1:
case -3:
t_newtran();
t_reply("404", "Not Found");
exit;
case -2:
sl_send_reply("405", "Method Not Allowed");
exit;
}
}
# when routing via usrloc, log the missed calls also
if (is_method("INVITE"))
{
setflag(FLT_ACCMISSED);
}
}
# Presence server route
route[PRESENCE] {
if(!is_method("PUBLISH|SUBSCRIBE"))
return;
#!ifdef WITH_PRESENCE
if (!t_newtran())
{
sl_reply_error();
exit;
};
if(is_method("PUBLISH"))
{
handle_publish();
t_release();
}
else
if( is_method("SUBSCRIBE"))
{
handle_subscribe();
t_release();
}
exit;
#!endif
# if presence enabled, this part will not be executed
if (is_method("PUBLISH") || $rU==$null)
{
sl_send_reply("404", "Not here");
exit;
}
return;
}
# Authentication route
route[AUTH] {
#!ifdef WITH_AUTH
if (is_method("REGISTER"))
{
# authenticate the REGISTER requests (uncomment to enable
auth)
if (!www_authorize("$td", "subscriber"))
{
www_challenge("$td", "0");
exit;
}
if ($au!=$tU)
{
sl_send_reply("403","Forbidden auth ID");
exit;
}
} else {
#!ifdef WITH_IPAUTH
if(allow_source_address())
{
# source IP allowed
return;
}
#!endif
# authenticate if from local subscriber
if (from_uri==myself)
{
if (!proxy_authorize("$fd", "subscriber")) {
proxy_challenge("$fd", "0");
exit;
}
if (is_method("PUBLISH"))
{
if ($au!=$tU) {
sl_send_reply("403","Forbidden auth
ID");
exit;
}
} else {
if ($au!=$fU) {
sl_send_reply("403","Forbidden auth
ID");
exit;
}
}
consume_credentials();
# caller authenticated
} else {
# caller is not local subscriber, then check if it
calls
# a local destination, otherwise deny, not an open
relay here
if (!uri==myself)
{
sl_send_reply("403","Not relaying");
exit;
}
}
}
#!endif
return;
}
# Caller NAT detection route
route[NAT] {
#!ifdef WITH_NAT
force_rport();
if (nat_uac_test("19")) {
if (method=="REGISTER") {
fix_nated_register();
} else {
fix_nated_contact();
}
setflag(FLT_NATS);
}
#!endif
return;
}
# RTPProxy control
route[RTPPROXY] {
#!ifdef WITH_NAT
if (is_method("BYE")) {
unforce_rtp_proxy();
} else if (is_method("INVITE")){
force_rtp_proxy();
}
if (!has_totag()) add_rr_param(";nat=yes"); #!endif
return;
}
# Routing to foreign domains
route[SIPOUT] {
if (!uri==myself)
{
append_hf("P-hint: outbound\r\n");
route(RELAY);
}
}
# PSTN GW routing
route[PSTN] {
#!ifdef WITH_PSTN
# check if PSTN GW IP is defined
if (strempty($sel(cfg_get.pstn.gw_ip))) {
xlog("SCRIPT: PSTN rotuing enabled but pstn.gw_ip not
defined\n");
return;
}
# route to PSTN dialed numbers starting with '+' or '00'
# (international format)
# - update the condition to match your dialing rules for PSTN
routing
if(!($rU=~"^(\+|00)[1-9][0-9]{3,20}$"))
return;
# only local users allowed to call
if(from_uri!=myself) {
sl_send_reply("403", "Not Allowed");
exit;
}
$ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip);
route(RELAY);
exit;
#!endif
return;
}
# XMLRPC routing
#!ifdef WITH_XMLRPC
route[XMLRPC]
{
# allow XMLRPC from localhost
if ((method=="POST" || method=="GET")
&& (src_ip==127.0.0.1)) {
# close connection only for xmlrpclib user agents (there is
a bug in
# xmlrpclib: it waits for EOF before interpreting the
response).
if ($hdr(User-Agent) =~ "xmlrpclib")
set_reply_close();
set_reply_no_connect();
dispatch_rpc();
exit;
}
send_reply("403", "Forbidden");
exit;
}
#!endif
# Sample branch router
branch_route[BRANCH_ONE] {
xdbg("new branch at $ru\n");
}
# Sample onreply route
onreply_route[REPLY_ONE] {
xdbg("incoming reply\n");
#!ifdef WITH_NAT
if ((isflagset(FLT_NATS) || isbflagset(FLB_NATB))
&& status=~"(183)|(2[0-9][0-9])") {
force_rtp_proxy();
}
if (isbflagset("6")) {
fix_nated_contact();
}
#!endif
}
# Sample failure route
failure_route[FAIL_ONE] {
#!ifdef WITH_NAT
if (is_method("INVITE")
&& (isbflagset(FLB_NATB) || isflagset(FLT_NATS))) {
unforce_rtp_proxy();
}
#!endif
if (t_is_canceled()) {
exit;
}
# uncomment the following lines if you want to block client
# redirect based on 3xx replies.
##if (t_check_status("3[0-9][0-9]")) {
##t_reply("404","Not found");
## exit;
##}
# uncomment the following lines if you want to redirect the failed
# calls to a different new destination
##if (t_check_status("486|408")) {
## sethostport("192.168.2.100:5060");
## append_branch();
## # do not set the missed call flag again
## t_relay();
##}
}