Use modparam("nathelper", "rtpproxy_sock", "<listen_socket_of_rtp_proxy>")
Jan.
On 27-10 12:46, Walter Willis wrote:
I am use ser-0.8.14 in gentoo. my project is of:
|--------| |----------| |---------| | | |ser-0.8.14| internet |firewall | | lan + |<======>|+ rtpproxy|<======================>|nat |<==========> client (msn/phone) | phones | | | |proxy | | + msn | |----------| |---------| |--------| 192.168.1.0/24 192.168.1.1/200.48.60.186/248
the rtpproxy this running ps aux
root 1570 0.0 0.3 1984 360 ? Ss 12:15 0:00 /root/rtpproxy/rtpproxy
but in the moment to initialize the being it leaves these errors; as I can fix it?
0(1788) mod_init(): Database connection opened successfuly acc - initializing exec - initializing print - initializing textops - initializing 0(0) INFO: udp_init: SO_RCVBUF is initially 108544 0(0) INFO: udp_init: SO_RCVBUF is finally 217088 0(0) INFO: udp_init: SO_RCVBUF is initially 108544 0(0) INFO: udp_init: SO_RCVBUF is finally 217088 1(1793) ERROR: send_rtpp_command: can't read reply from a RTP proxy 1(1793) WARNING: rtpp_test: can't get version of the RTP proxy 1(1793) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily 2(1794) ERROR: send_rtpp_command: can't read reply from a RTP proxy 2(1794) WARNING: rtpp_test: can't get version of the RTP proxy 2(1794) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily localhost init.d # 9(1816) INFO: fifo process starting: 1816 3(1795) ERROR: send_rtpp_command: can't read reply from a RTP proxy 3(1795) WARNING: rtpp_test: can't get version of the RTP proxy 3(1795) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily 5(1806) ERROR: send_rtpp_command: can't read reply from a RTP proxy 5(1806) WARNING: rtpp_test: can't get version of the RTP proxy 5(1806) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily 6(1807) ERROR: send_rtpp_command: can't read reply from a RTP proxy 6(1807) WARNING: rtpp_test: can't get version of the RTP proxy 6(1807) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily 4(1805) ERROR: send_rtpp_command: can't read reply from a RTP proxy 4(1805) WARNING: rtpp_test: can't get version of the RTP proxy 4(1805) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily 7(1808) ERROR: send_rtpp_command: can't read reply from a RTP proxy 7(1808) WARNING: rtpp_test: can't get version of the RTP proxy 7(1808) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily 9(1816) ERROR: send_rtpp_command: can't read reply from a RTP proxy 9(1816) WARNING: rtpp_test: can't get version of the RTP proxy 9(1816) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily 9(1816) SER: open_uac_fifo: fifo server up at /tmp/ser_fifo... 8(1815) ERROR: send_rtpp_command: can't read reply from a RTP proxy 8(1815) WARNING: rtpp_test: can't get version of the RTP proxy 8(1815) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily 10(1839) ERROR: send_rtpp_command: can't read reply from a RTP proxy 10(1839) WARNING: rtpp_test: can't get version of the RTP proxy 10(1839) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily 12(1842) ERROR: send_rtpp_command: can't read reply from a RTP proxy 12(1842) WARNING: rtpp_test: can't get version of the RTP proxy 12(1842) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily 11(1841) ERROR: send_rtpp_command: can't read reply from a RTP proxy 11(1841) WARNING: rtpp_test: can't get version of the RTP proxy 11(1841) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily 0(1788) ERROR: send_rtpp_command: can't read reply from a RTP proxy 0(1788) WARNING: rtpp_test: can't get version of the RTP proxy 0(1788) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily 14(1848) ERROR: send_rtpp_command: can't read reply from a RTP proxy 14(1848) WARNING: rtpp_test: can't get version of the RTP proxy 14(1848) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily 15(1849) ERROR: send_rtpp_command: can't read reply from a RTP proxy 15(1849) WARNING: rtpp_test: can't get version of the RTP proxy 15(1849) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily 13(1847) ERROR: send_rtpp_command: can't read reply from a RTP proxy 13(1847) WARNING: rtpp_test: can't get version of the RTP proxy 13(1847) WARNING: rtpp_test: support for RTP proxyhas been disabled temporarily 11(1841) ERROR: mk_proxy: could not resolve hostname: "cwafrica.com.pe" 11(1841) ERROR: uri2proxy: bad host name in URI sip:rbolivar@cwafrica.com.pe 11(1841) ERROR: t_forward_nonack: failure to add branches 11(1841) ERROR: mk_proxy: could not resolve hostname: "cwafrica.com.pe" 11(1841) ERROR: uri2proxy: bad host name in URI sip:rbolivar@cwafrica.com.pe 11(1841) ERROR: t_forward_nonack: failure to add branches
and script is:
# ------------- version 0.8.11-0 # ------------- Initial global variables
debug=3 fork=yes log_stderror=yes
listen=200.60.219.116 listen=127.0.0.1
alias=cwafrica.com.pe alias=200.60.219.116
dns=no rev_dns=no
port=5060 children=4
# check_via - Turn on or off Via host checking when forwarding replies. # Default is no. arcane. looks for discrepancy between name and # ip address when forwarding replies.
check_via=yes
# syn_branch - Shall the server use stateful synonym branches? It is # faster but not reboot-safe. Default is yes.
syn_branch=yes
# memlog - Debugging level for final memory statistics report. Default # is L_DBG -- memory statistics are dumped only if debug is set high.
memlog=3
# sip_warning - Should replies include extensive warnings? By default # yes, it is good for trouble-shooting.
sip_warning=yes
# fifo - FIFO special file pathname
fifo="/tmp/ser_fifo" fifo_mode=0666 # server_signature - Should locally-generated messages include server's # signature? By default yes, it is good for trouble-shooting.
server_signature=yes
# reply_to_via - A hint to reply modules whether they should send reply # to IP advertised in Via. Turned off by default, which means that # replies are sent to IP address from which requests came.
reply_to_via=no
# user | uid - uid to be used by the server. 99 = nobody.
#uid="nobody"
# group | gid - gid to be used by the server. 99 = nobody.
#gid="nobody"
# mhomed -- enable calculation of outbound interface; useful on # multihomed servers.
mhomed=0
# ------------- external module loading
loadmodule "/usr/lib/ser/modules/mysql.so" loadmodule "/usr/lib/ser/modules/sl.so" loadmodule "/usr/lib/ser/modules/tm.so" loadmodule "/usr/lib/ser/modules/rr.so" loadmodule "/usr/lib/ser/modules/maxfwd.so" loadmodule "/usr/lib/ser/modules/usrloc.so" loadmodule "/usr/lib/ser/modules/registrar.so" loadmodule "/usr/lib/ser/modules/auth.so" loadmodule "/usr/lib/ser/modules/auth_db.so" loadmodule "/usr/lib/ser/modules/acc.so" loadmodule "/usr/lib/ser/modules/exec.so" loadmodule "/usr/lib/ser/modules/group.so" loadmodule "/usr/lib/ser/modules/print.so" loadmodule "/usr/lib/ser/modules/textops.so" loadmodule "/usr/lib/ser/modules/uri.so" loadmodule "/usr/lib/ser/modules/nathelper.so"
# ------------- tm parameters
modparam("tm", "fr_timer", 12) modparam("tm", "fr_inv_timer", 24)
# ------------- rr parameters
# set ";lr" tag to .;lr=true. modparam("rr", "enable_full_lr", 1)
# ------------- accounting parameters
modparam("acc", "log_missed_flag", 3) modparam("acc", "log_level", 1) modparam("acc", "log_flag", 1)
# ------------- usrloc parameters
# 2 enables write-back to persistent mysql storage for speed # disable=0, write-through=1 modparam("usrloc", "db_mode", 2)
# minimize write back window - default is 60 seconds modparam("usrloc", "timer_interval", 10)
# database location modparam("usrloc", "db_url", "sql://ser:heslo@localhost/ser")
# ------------- auth parameters
# database location modparam("auth_db", "db_url", "sql://ser:heslo@localhost/ser")
# allows clear text passwords in the mysql database modparam("auth_db", "calculate_ha1", yes)
# name of password column in mysql database modparam("auth_db", "password_column", "password")
# ------------- routing logic route {
# ------------- routine checks
# stop forwarding at 10 hops to prevent infinite loops if (!mf_process_maxfwd_header("10")) { log(1, "LOG: Too many hops\n"); sl_send_reply("483", "Too many hops"); break; }; # rutas perdidas loose_route();
# prevents private ip space from being used #if (search("^(Contact|m): .*@(192.168.|10.|172.16|(ilse.)?cwafrica.com.pe)")) { # contacto sdp if (status=~"2[0-9][0-9]"){ fix_nated_contact(); fix_nated_sdp("3"); } /* registration (uses rewritten contacts) */ if (method=="REGISTER") { save("location"); break; };
if (method=="INVITE") { record_route(); if (isflagset(1)) { # ATA ? fix_nated_sdp("3"); }; /* set up reply processing */ t_on_reply("1"); };
if (method == "INVITE" || method == "CANCEL") { if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; };
/* set up reply processing and forward statefuly */ t_relay();
# metodo se ve despues # if (method=="REGISTER") { # log(1, "LOG: Someone trying to register from private IP\n"); # sl_send_reply("479", "Please don't use private IP addresses" ); # break; # }; #};
# separate the destination r-uri from the set of proxies that must be traversed loose_route();
# if the host portion of the request uri is not local, send it directly # to route processing. if (!(uri==myself)) { route(2); break; };
# All REGISTER attempts are processed and must always be authenticated if (method=="REGISTER") {
# make sure that users don't register infinite loops if (search("^(Contact|m):.*@(200.60.219.116|(ilse.)?cwafrica.com.pe)")) { log(1, "LOG: alert: someone trying to set aor==contact\n"); sl_send_reply("476", "No Server Address in Contacts Allowed" ); break; };
# challenge/response if (!www_authorize("cwafrica.com.pe", "subscriber")) { www_challenge("cwafrica.com.pe", "0"); break; }; # only registered users are allowed if (!is_user("replicator") & !check_to()) { log(1, "LOG: unregistered user registration attempt\n"); sl_send_reply("403", "Only registered users are allowed"); break; }; # it is an authenticated request, update Contact database now if (!save("location")) { sl_reply_error(); }; break;};
# process traffic local to BigU and the PSTN # Find the canonical username lookup("aliases");
# check domain again, if it is not still local after the alias # table lookup, just send it on its way. We do not authenticate # traffic we forward if (!(uri=~"^sip:(.+@)?(200.60.219.116|(ilse.)?cwafrica.com.pe)([:;?].*)?$")) { route(5); break; };
# now check for destinations through the gateway. 911 and 9911 # are always sent to the gateway. The assumption is that other all # numeric usernames between 5 and 20 digits are really pstn numbers # and so they are routed to the gateway if ( (uri=~"^sip:911@.*") | (uri=~"^sip:9911@.*") | (uri=~"sip:[0-9]{5,20}@.*") ) { route(3); break; };
# does the user wish redirection on no availability? (i.e., is he # in the voicemail (ser->grp) group?) if (is_user_in("Request-URI", "voicemail")) { t_on_failure("4"); setflag(4); };
# handle local SIP destinations not found in usrloc db
# mostly offline or non-existent users if (!lookup("location")) { route(4); break; };
# check whether some inventive user has uploaded gateway # contacts to usrloc to bypass authorization logic if (uri=~"@200.60.219.118([;:].*)*" ) { log(1, "LOG: Gateway address in UsrLoc\n"); route(3); break; };
# this flag is used with the acc module to report missed calls # to syslog. setflag(3);
# do it (words to live by) append_hf("P-hint: USRLOC\r\n"); if (!t_relay()) { sl_reply_error(); break; };
} /* end of initial routing logic */
# ------------- process traffic leaving BigU for Internet
route[2] {
# outbound requests are allowed only for registered BigU users if (!(src_ip==200.60.219.116) & !(proxy_authorize("cwafrica.com.pe", "subscriber"))) {
# ACK and CANCEL have no security mechanisms so they are just # noted if (method=="ACK" | method=="BYE") { log(1, "LOG: failed outbound authentication for ACK granted\n"); } else if (method=="CANCEL") { log(1, "LOG: failed outbound authentication for CANCEL granted\n"); } else { proxy_challenge("cwafrica.com.pe", "0"); break; };};
# to maintain credibility of our proxy, we check From in INVITEs if (!src_ip==200.60.219.116 & method=="INVITE" & !check_from()) { log(1, "LOG: Spoofed from attempt\n"); sl_send_reply("403", "Use From=id next time"); break; };
append_hf("P-hint: OUTBOUND ON INTERNET\r\n"); if (!t_relay()) { sl_reply_error(); break; };
}
# ------------- process traffic leaving Internet for PSTN
route[3] {
# all calls through the gateway must be record routed to assure # acl acceptance on the gateway record_route();
# send out emergency calls to pstn gateway immediately if ( (uri=~"^sip:911@.*") | (uri=~"^sip:9911@.*") ) { rewritehostport("200.60.219.118:5060"); forward(uri:host, uri:port); break; };
# five digit numeric addresses are internal freebies sent to the pbx # without authentication if (uri=~"^sip:[0-9]{5}@(200.60.219.116|(ilse,)?.cwafrica.com.pe)") { rewritehostport("200.60.219.118:5060"); forward(uri:host, uri:port); break; };
# all numeric addresses beginning with 9 go to the pbx on the way # to the PSTN
# first the caller needs to be authenticated if (uri=~"^sip:9[0-9]*@(200.60.219.116|(ilse.)?cwafrica.edu.pe)") { if (!(src_ip==200.60.219.116 | method==ACK | method=="CANCEL" | method=="BYE")) { if (!proxy_authorize("cwafrica.com.pe", "subscriber")) { proxy_challenge( "cwafrica.com.pe","0"); break; } else if (method=="INVITE" & !check_from()) { log(1, "LOG: Spoofed from attempt\n"); sl_send_reply("403", "Use From=id next time"); break; }; };
if (method=="INVITE") { # if the r-uri begins 91, does the authenticated user have # permission for long distance if (uri=~"sip:91[0-9]*@.*") { if (!is_user_in("credentials", "ld")) { sl_send_reply("403", "Local calls only"); break; }; }; }; # authenticated and authorized, now accounting is set setflag(1);};
rewritehostport("200.60.219.118:5060"); append_hf("P-hint: GATEWAY\r\n"); if (!t_relay()) { sl_reply_error(); break; }; }
# ------------- process calls for users offline
route[4] {
if (!t_newtran()) { sl_reply_error(); };
if (!t_reply("404", "Not Found")) { sl_reply_error(); }; break; }
# ------------- process aliased outbound traffic # inbound requests that have been aliased to a non-BigU domain # are not authenticated by BigU
route[5] {
append_hf("P-hint: ALIASED-OUTBOUND\r\n"); if (!t_relay()) { sl_reply_error(); break; }; }
# ------------- CC-Diversion to voicemail
failure_route[4] {
append_branch("sip:80000@200.60.219.118"); append_urihf("CC-Diversion: ", "\r\n"); append_hf("P-hint: OFFLINE-VOICEMAIL\r\n"); t_relay(); }
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers