Simon Barber wrote:

Hi All,

I have an internal SIP server that handles registrations, and is used for incoming and outgoing phone calls. It does not do any authentication. I'd like to set up SER in my DMZ, and have it:

1. authenticate all requests. (this should be easy - I think I can

handle it, although I would like to get digest -> RADIUS auth against an Active directory going).

2. forward REGISTER requests to the internal SIP server, both for phones

on the internal network and for phones on the external network.

3. forward INVITE and ACK requests performing the correct handling of

NAT, using RTP helper to forward media when needed.

Right now I'd love to just get the REGISTER requests doing the right thing. Any help, or even better sample config scripts would be much appreciated.

Simon

Hi,

I am using OpenSER to forward all INVITES (but I think it can be done for REGISTER's) to a group of Asterisk servers behind it. You are supposed to use the dispatcher module in Openser.

in /etc/dispatcher.list

# group sip addresses of your * units 1 sip:192.168.0.233:5060 1 sip:192.168.0.196:5060

in /etc/openser.cfg

loadmodule "/usr/lib/openser/modules/dispatcher.so" modparam("dispatcher", "list_file", "/etc/openser/dispatcher.list") modparam("dispatcher", "force_dst", 1) modparam("dispatcher", "flags", 1)

route{

if ( method=="INVITE" ) { # dbg("SIP Request: method [$rm] from [$fu] to [$tu]\n"); #xlog("L_INFO", "SIP Request: method [$rm] from [$fu] to [$tu]\n"); #log("yusufsSER - INVITE: dispatcher\n"); ds_select_domain("1","4"); # you can also add prefixes, if you need to send account codes # like: # prefix("123456"); # sl_send_reply("100","Trying"); # forward(uri:host, uri:port); forward(); };

}

if you change method=="INVITE" to method=="REGISTER", it might work :)