# ----------- global configuration parameters ------------------------ #/* Uncomment these lines to enter debugging mode debug=6 fork=yes log_stderror=yes #*/ listen=10.0.2.130 listen=127.0.0.1 port=5060 # hostname matching an alias will satisfy the condition uri==myself". alias=mydomain.com.pe alias=10.0.2.130 alias=127.0.0.1 check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) children=4 fifo="/tmp/openser_fifo" fifo_mode=0666 # Fifo permissions can be changes from here. # sip_warning - Should replies include extensive warnings? # By default yes, it is good for trouble-shooting. sip_warning=yes # ------------------ module loading ---------------------------------- loadmodule "/usr/local/lib/openser/modules/domain.so" loadmodule "/usr/local/lib/openser/modules/avpops.so" loadmodule "/usr/local/lib/openser/modules/mysql.so" loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule "/usr/local/lib/openser/modules/tm.so" loadmodule "/usr/local/lib/openser/modules/rr.so" loadmodule "/usr/local/lib/openser/modules/maxfwd.so" loadmodule "/usr/local/lib/openser/modules/usrloc.so" loadmodule "/usr/local/lib/openser/modules/registrar.so" loadmodule "/usr/local/lib/openser/modules/group.so" loadmodule "/usr/local/lib/openser/modules/uri.so" loadmodule "/usr/local/lib/openser/modules/uri_db.so" loadmodule "/usr/local/lib/openser/modules/acc.so" loadmodule "/usr/local/lib/openser/modules/textops.so" loadmodule "/usr/local/lib/openser/modules/xlog.so" # digest authentication loadmodule "/usr/local/lib/openser/modules/auth.so" loadmodule "/usr/local/lib/openser/modules/auth_db.so" # !! Nathelper loadmodule "/usr/local/lib/openser/modules/nathelper.so" # ----------------- setting module-specific parameters --------------- modparam("usrloc", "db_mode", 2) # minimize write back window - default is 60 seconds modparam("usrloc", "timer_interval", 10) # database location modparam("usrloc", "db_url", "mysql://admin:heslo@localhost/openser") modparam("usrloc", "use_domain", 1) modparam("auth_db", "use_domain", 1) modparam("domain", "db_mode", 1) modparam("domain", "domain_table", "domain") modparam("domain", "domain_col", "domain") # ------------- Mysql Accounting parameters modparam("acc", "log_flag", 1) modparam("acc", "log_level", 2) modparam("acc", "db_flag", 1) modparam("acc", "db_missed_flag", 3) modparam("acc", "log_missed_flag", 3) modparam("acc", "db_url", "mysql://admin:heslo@localhost/openser") modparam("acc", "report_ack", 0) modparam("acc", "log_fmt", "miocfsputdr") modparam("tm", "fr_timer", 20 ) modparam("tm", "fr_inv_timer", 40 ) # Timer which hits if no final reply for an INVITE modparam("tm", "wt_timer", 20 ) # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) modparam("group", "db_url", "mysql://seradmin:heslo@localhost/openser") modparam("uri_db", "db_url", "mysql://seradmin:heslo@localhost/openser") # ------------- registration parameters modparam("registrar", "nat_flag", 6) modparam("registrar", "min_expires", 60) modparam("registrar", "max_expires", 86400) modparam("registrar", "default_expires", 3600) modparam("registrar", "desc_time_order", 1) modparam("registrar", "append_branches", 1) modparam("registrar", "use_domain", 1) # !! Nathelper # modparam("registrar", "nat_flag", 6) modparam("nathelper", "natping_interval", 30) # Ping interval 30 s modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT # -------------------------- request routing logic -------------------------- route { log(1, "-------------------------------------------\n"); log(1, "entering main loop\n"); # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); return; }; if ( msg:len >= max_len ) { sl_send_reply("513", "Message too big"); return; }; # set flag for Radius Accounting: if (!method=="OPTIONS") setflag(3); if (method=="INVITE") { log(1, "INVITE MESSAGE RECEIVED - START ACC\n"); setflag(1); /* set for accounting (the same value as in log_flag!) */ }; if (method=="BYE") { log (1, "BYE - STOP ACCOUNTING\n"); setflag(1); }; if (method=="CANCEL") { log (1, "CANCEL - STOP ACCOUNTING\n"); setflag(1); }; # ----------------------------------------------------------------- # Record Route Section # ----------------------------------------------------------------- # record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route(); if (method=="BYE" || method=="CANCEL") { unforce_rtp_proxy(); }; # ----------------------------------------------------------------- # Loose Route Section # ----------------------------------------------------------------- if (loose_route() && (!src_ip==10.0.2.130 && !src_port==5070)) { if (has_totag() && (method=="INVITE" || method=="ACK")) { if (nat_uac_test("19")) { setflag(7); force_rport(); fix_nated_contact(); }; force_rtp_proxy("l"); }; route(2); return; }; # ----------------------------------------------------------------- # Call Type Processing Section # ----------------------------------------------------------------- if (!uri==myself && (!src_ip==10.0.2.130 && !src_port==5070)) { route(1); return; }; if (method=="CANCEL") { route(2); return; }; if (method == "REGISTER") { if (!search("^Contact:[ ]*\*") && nat_uac_test("19")) { setflag(6); fix_nated_register(); force_rport(); }; sl_send_reply("100", "Trying"); log(1, "ANALYZING REGISTER REQUEST\n"); # ... to use digest authentication if (is_user_in("Request-URI", "desactivado")) { sl_send_reply("402", "Su cuenta fue desactivada por falta de pago"); return; }; if (!www_authorize("", "subscriber")) { log(1," ----- Fails to Register \n"); www_challenge("", "0"); return; }; # only signed users are allowed if (!check_to()) { log(1, "LOG: Hijack!!!--> unsigned user registration attempt\n"); sl_send_reply("403", "hijack attempt!!!! Only signed users are allowed"); return; }; consume_credentials(); log(1," Registered!!! \n"); if (!save("location")) { sl_reply_error(); }; return; }; # INVITE ? First check the source of the call #******************************************** # If the call comes from the gateways, no authentication is required. if (method == "INVITE" && (src_ip==10.0.2.145 || src_ip==10.0.2.132 || src_ip==10.0.2.131)) { log(1,"Call from pstn|*, no authentication is required. \n"); # If the call comes from B2BUA, no authentication is required. # The first leg of the call has already been authenticated. } else if (src_ip==10.0.2.130 && src_port==5070) { log(1,"Call from B2BUA, no authentication is required. \n"); } else { log(1, "ANALYZING INVITE REQUESTs\n"); if (method == "INVITE" && !src_ip==10.0.2.130 && !src_port==5070){ if (!proxy_authorize("", "subscriber")) { proxy_challenge("", "0"); return; } else { if (!check_from()) { sl_send_reply("403", "Only registered users are allowed"); log(1," ----> Only registered users are allowed \n"); return; }; consume_credentials(); if (nat_uac_test("19")) { setflag(7); }; }; # Not all the users are PREPAID, so we check the database # to see if the call will be routed through B2BUA. # If every call is to be routed through B2BUA the "is_user_in" # conditional is not required. # Do not use b2bua for local calls (660++++) if (is_user_in("From", "prepaidb") && uri=~"^sip:00") { log(1," ----> Usuario PREPAGO!!! enviando a b2bua... \n"); rewritehostport("10.0.2.130:5070"); t_relay_to_udp("10.0.2.130", "5070"); return; }; }; }; # End of if (method == "INVITE" |... /* *********** Dial out to Local and PSTN logic ********* */ if(uri=~"^sip:00"){ log(1,"00N match - Larga Distancia Internacional \n"); if (!is_user_in("from", "ldix")) { log(1,"No permission for international calls \n"); sl_send_reply("403", "No permission for international calls"); acc_db_request("403 Forbidden", "missed_calls"); return; }; rewritehostport("10.0.2.131:5070"); strip(2); route(1); return; }; /* ******************************************************************** */ lookup("aliases"); if (uri!=myself) { route(1); return; }; # does the user wish redirection on no availability? (i.e., is he # in the voicemail group?) -- determine it now and store it in # flag 4, before we rewrite the flag using UsrLoc if (is_user_in("Request-URI", "voicemail")) { log(1, "requested user is in voicemail group \n"); setflag(4); }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { log(1,"unable to locate user X ... sending to route(4)! \n"); # handle user which was not found route(4); return; }; ### Check if UAS are behind the same NAT system: ### if (isflagset(6) && isflagset(7)){ log(2, "Both Clients are behind NAT"); # Store the destination domain into an AVP avp_printf("i:450", "$dd"); if (avp_check("i:450", "eq/$src_ip/g")){ log(3, "Detected Two Clients Behind the Same NAT - Disabling Mediaproxy"); # Do not use media-proxy as the clients seem to be behind the same NAT resetflag(6); resetflag(7); route(2); return; }; }; route(1); # if user is on-line and is in Voicemail group, enable redirection if (method == "INVITE" && isflagset(4)) { log(1, "invite for voicemail user->initiate failureroute[1]\n"); t_on_failure("1"); }; } ### ##### ####### ########## ########### ############### ################# ##################### route[1] { # if client or server know to be behind a NAT, enable relay if (isflagset(6) || isflagset(7)) { force_rport(); fix_nated_contact(); force_rtp_proxy(); }; # NAT processing of replies; apply to all transactions (for example, # re-INVITEs from public to private UA are hard to identify as # NATed at the moment of request processing); look at replies t_on_reply("1"); # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { if (method=="INVITE" && (isflagset(6) || isflagset(7))) { unforce_rtp_proxy(); }; sl_reply_error(); }; log(1, "Route[1]: Send it out now!!!\n"); } # !! Nathelper onreply_route[1] { # NATed transaction ? # Not all 2xx messages have a content body so here we # make sure our Content-Length > 0 to avoid a parse error if ((isflagset(6) || isflagset(7)) && status =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); if (!search("^Content-Length:\ 0")) { force_rtp_proxy(); log(1, "onreply_route1: force rtp proxy!!!\n"); }; # otherwise, is it a transaction behind a NAT and we did not # know at time of request processing ? (RFC1918 contacts) } else if (nat_uac_test("1")) { fix_nated_contact(); }; } # -------------- Default Message Handler --------------------- route[2]{ # ---------------------------------------------------- # Default Message Handler # ---------------------------------------------------- t_on_reply("1"); if (!t_relay()) { if (method=="INVITE" && isflagset(7)) { unforce_rtp_proxy(); }; sl_reply_error(); }; } # --------------- Handling of Unavailable user ---------------- route[4] { # non-Voip -- just send "off-line" if (!(method=="INVITE" || method=="ACK" || method=="CANCEL" || method=="BYE" || method=="OPTIONS")) { sl_send_reply("404", "Not Found"); acc_db_request("404 Not Found", "missed_calls"); log(1, "acc 404 Not Found 1 \n"); return; }; # not voicemail subscriber if (!isflagset(4) && !method=="OPTIONS" && !method=="ACK" && !method=="BYE") { sl_send_reply("404", "Not Found and no voicemail turned on !! "); acc_db_request("404 Not Found", "missed_calls"); log(1, " acc 404 Not Found and no voicemail \n"); return; }; # forward to voicemail adding prefix to simplify asterisk "extension.conf" :: # exten => _vmXXXXXXX,1,SetLanguage(es) # exten => _vmXXXXXXX,2,Voicemail(u${EXTEN:2}) # exten => _vmXXXXXXX,3,Hangup prefix("vm"); acc_db_request("404 Not Found -> Vm", "missed_calls"); rewritehostport("10.0.2.131:5070"); t_relay_to_udp("10.0.2.131", "5070"); } # If forwarding downstream did not succeed, try voicemail running at Asterisk failure_route[1]{ if (t_check_status("408")){ # revert_uri (); back to the original URI, makes me loose all lookup/rewrite stuff prefix("vm"); rewritehostport ("10.0.2.131:5070"); acc_db_request("408 Timeout -> Vm", "missed_calls"); append_branch(); t_relay(); return; } else if (t_check_status("486")){ # revert_uri (); back to the original URI, makes me loose all lookup/rewrite stuff prefix("vm"); rewritehostport ("10.0.2.131:5070"); acc_db_request("486 Busy -> Vm", "missed_calls"); append_branch(); t_relay(); return; } }