if (method=="REGISTER") { log(1, "REGISTER message received\n"); # Uncomment this if you want to use digest authentication if (!www_authorize("192.168.4.10", "subscriber")) { www_challenge("192.168.4.10", "0"); break; };

dont u need to change the IP above, infact why not use the domain they are coming from, and in ur IP phones set that as the realm

Iqbal

On 4/28/2005, "Felipe Martins" fmartins@mundivox.com wrote:

Hi guys,

I have 2 SER Servers talking to each other, working in a Private network using 192.168.4.0/16 authenticating at a mysql server (everything is for test, so the configuration is very basic). Everything works perfect, I have 4 users registered in each server, and everybody is talking to each other with no problem. My next step was to test my architecture with public IPs, so I've changed my ser.cfg to reflect my ip changes, and also configured 4 clientes (2 at each server) with public IPs, but my clients now, can't register, none of them in any server. I can see at the logs that the REGISTER Request reaches my server but the clients can't register. I also tried to use some other private network at some clients but they can't register either. So, any network could be used to make it work, but 192.168.4.0/16. I know it's probably a configuration error I've made, but I can't find where the error is. I'm sending my ser.cfg for you to see. Any hand will be pleased.

Best Regards

# -------------- SER.CFG ------------------------

# # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script #

# ----------- global configuration parameters ------------------------

# Uncomment these lines to enter debugging mode debug=9 fork=yes log_stderror=no #listen=200.142.96.218 listen=192.168.4.10 port=5060

alias="mundivox.com" alias="sipserver.com" #alias="200.201.187.254" alias="192.168.4.10"

# sip_warning - Should replies include extensive warnings? By default # yes, it is good for trouble-shooting #sip_warnings=yes

# server_signature - Should locally-generated messages include server's # signature? By default yes, it is good for trouble-shooting. server_signature=yes

# reply_to_via - A hint reply modules whether they should send reply

# to IP advertised in Via. Turned off by default, which means that # replies are sent to IP address from which requests came. # reply_to_via=no

# mhomed -- enable calculation of outbound interface; useful on # multihomed servers. # mhomed=0

check_via=yes # (cmd. line: -v) dns=yes # (cmd. line: -r) rev_dns=yes # (cmd. line: -R) children=4 fifo_mode=0666 fifo="/tmp/ser_fifo"

# ------------------ module loading ---------------------------------- # ------------- external module loading loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/acc.so" loadmodule "/usr/local/lib/ser/modules/exec.so" loadmodule "/usr/local/lib/ser/modules/group.so" loadmodule "/usr/local/lib/ser/modules/msilo.so" #loadmodule "/usr/local/lib/ser/modules/print.so" loadmodule "/usr/local/lib/ser/modules/enum.so" loadmodule "/usr/local/lib/ser/modules/textops.so" #loadmodule "/usr/local/lib/ser/modules/nathelper.so" loadmodule "/usr/local/lib/ser/modules/uri.so" #loadmodule "/usr/local/lib/ser/modules/uri_db.so" loadmodule "/usr/local/lib/ser/modules/domain.so" loadmodule "/usr/local/lib/ser/modules/xlog.so" #loadmodule "/usr/local/lib/ser/modules/speeddial.so" #loadmodule "/usr/local/lib/ser/modules/options.so" #loadmodule "/usr/local/lib/ser/modules/rtpproxy.so"

# ----------------- setting module-specific parameters ---------------

# ------------- db_url setting #modparam("acc|auth_db|domain|group|speeddial|uri_db|usrloc", # "db_url", "mysql://ser:heslo@localhost/ser") modparam("auth_db", "db_url", "mysql://ser:heslo@localhost/ser")

# ------------- use_domain setting modparam("auth_db|group|speeddial|uri_db|usrloc", "use_domain", 1)

# ------------- accounting parameters modparam("acc", "log_level", 1) modparam("acc", "log_flag", 1) #modparam("acc", "db_flag", 1) #modparam("acc", "db_missed_flag", 1) #modparam("acc", "log_fmt", "cdfimorstup") #modparam("acc", "failed_transactions", 1) #modparam("acc", "report_cancels", 1) #modparam("acc", "report_ack", 0)

# ------------- auth parameters # allows clear text passwords in the mysql database modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password")

# ------------- domain parameters modparam("domain", "db_mode", 1)

# ------------- exec parameters modparam("exec", "setvars", 1) modparam("exec", "time_to_kill", 10)

# ------------- registration parameters modparam("registrar", "nat_flag", 2) modparam("registrar", "min_expires", 60) modparam("registrar", "max_expires", 86400) modparam("registrar", "default_expires", 3600) modparam("registrar", "desc_time_order", 1) modparam("registrar", "append_branches", 1) modparam("registrar", "use_domain", 1)

#-------------- nathelper parameters #modparam("nathelper", "natping_interval", 30) #modparam("nathelper", "ping_nated_only", 1)

# ------------- rr parameters # set ";lr" tag to lr=true modparam("rr", "enable_full_lr", 1)

# ------------- tm parameters modparam("tm", "fr_timer", 20) modparam("tm", "fr_inv_timer", 40) modparam("tm", "wt_timer", 5)

# ------------- usrloc parameters # 0 = disable # 1 = write-through # 2 = write-back modparam("usrloc", "db_mode", 2) modparam("usrloc", "timer_interval", 60) modparam("usrloc", "desc_time_order", 1)

# ------------- logging parameters modparam("xlog", "buf_size", 8192)

# Checking for Username Column #modparam("auth_db", "user_column", "username")

# Checking for Domain Column #modparam("auth_db", "domain_column", "domain")

# ------------- logging parameters modparam("xlog", "buf_size", 8192)

# ------------------------- request routing logic -------------------

# main routing logic

route {

# ---------------------------------------------------------------------------- # Sanity Checks -- messages with max_forwards==0, or excessively long requests #----------------------------------------------------------------------------- if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; };

# ------------------------------------------------------------------------ # NOTIFY Keep-Alive Section # ------------------------------------------------------------------------ if ((method=="NOTIFY") && search("^Event: keep-alive")) { sl_send_reply("200", "OK"); break; };

if ((method=="NOTIFY") && (uri=~"^sip:700@")) { sl_send_reply("200", "OK"); break; };

# ------------------------------------------------------------ # OPTIONS Section # # This is used by sipsak to monitor the heath of our sip proxy #-------------------------------------------------------------

# if (search("^From: sip:sipsak@") && # (method=="OPTIONS") && (!uri=~"sip:.*[@]+.*")) { # options_reply(); # break; # };

# ------------------------------------------------------------ # Registration Section # ------------------------------------------------------------ # if (method=="REGISTER") { # # if (!is_from_local()) { # # sl_send_reply("403", "Unknown Domain"); # break; # }; # # if (is_user_in("Request-URI", "disabled")) { # # sl_send_reply("403", "Your evaluation period has expired"); # break; # }; # # if (!www_authorize("", "subscriber")) { # # www_challenge("", "0"); # break; # }; # # if (!check_to()) { # # sl_send_reply("401", "Unauthorized"); # break; # }; # # if (!save("location")) { # # sl_reply_error(); # }; # # break; # # };

# ----------------------------------------------------------------- # Open Relay Section # ----------------------------------------------------------------- # if (method=="INVITE") { # # if (!(is_from_local() || is_uri_host_local())) { # sl_send_reply("403", "Please register to use our service"); # break; # }; # };

# ----------------------------------------------------------------- # Accounting Section # ----------------------------------------------------------------- # if (method=="INVITE" || method=="BYE") { # setflag(1); # };

# ----------------------------------------------------------------- # Record Route Section # # we record-route all messages -- to make sure that subsequent messages # will go through our proxy; that's particularly good if upstream and # donwstream entities use different transport protocol # ----------------------------------------------------------------- if (!method=="REGISTER") { record_route(); };

if (method=="INVITE") record_route(); log(1, "INVITE message received\n");

# ----------------------------------------------------------------- # Loose Route Section # # Grant route routing if route headers present # ----------------------------------------------------------------- if (loose_route()) { route(2); break; };

# ----------------------------------------------------------------- # Alias Routing Section # ----------------------------------------------------------------- lookup("aliases"); if (!uri==myself) { route(2); break; };

# ------------------------------------------------------------------------ # Anonymous Call Rejection Section # ------------------------------------------------------------------------ if (isflagset(24) && (method=="INVITE") && search("^(f|F)rom:.*(a|A)nonymous")) { route(8); break; };

# ------------------------------------------------------------------------ # Call Block Section # ------------------------------------------------------------------------ # if (is_caller_blocked()) { # route(7); # break; # };

# ------------------------------------------------------------------------ # Do Not Disturb Section # ------------------------------------------------------------------------ # if (avp_db_load("$ruri/username", "s:donotdisturb")) { # if (avp_check("s:donotdisturb", "eq/y/i")) { # route(5); # break; # }; # };

# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol #record_route(); # loose-route processing if (loose_route()) { t_relay(); break; };

# Rota usada para guardar Logs no CDRTool - Billing # if (method=="REGISTER" || method=="INVITE" || method=="BYE" || method=="CANCEL") { # # Salvar mensagens no myslq para o CDRTool # exec_msg("/var/www/html/serweb/sertrace.py; exit 1"); # };

# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) # uri==myself retorna true se o nome de dominio URI for igual ao nome do # host ao qual SER esta rodando. Para configurar quais domain names o ser # aceita, deve-se configurar os ALIASES do sistema para tais nomes. if (uri==myself) {

if (method=="REGISTER") {
log(1, "REGISTER message received\n");
	# Uncomment this if you want to use digest authentication
	if (!www_authorize("192.168.4.10", "subscriber")) {
		www_challenge("192.168.4.10", "0");
		break;
	};
	save("location");
	break;
};

# Repassando Chamadas Internacionais para Asterisk
       if (uri=~"^sip:[2][0-9].*@") {
           	log(1, "Forwarding to Another Gateway - SIPProxy2 to SIPProxy1\n");
	setflag(1);     # MARK FOR ACCOUNTING
	rewritehost("192.168.4.11");
	forward(192.168.4.11,5060);
           	t_relay();
	break;
}

# ---------------------------------------------------------------- # Call Routing Section # ---------------------------------------------------------------- if (!lookup("location")) {

	sl_send_reply("404", "User Not Found");
	break;
};

};

# forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); };

}

# ------------------ EOF -------------------------

-- Felipe Martins Mundivox Communications Tecnologia e Projetos fmartins@mundivox.com

Tel.: +55 +21 +3820 8839 Cel.: +55 +21 +9823 8602 Fax.: +55 +21 +3820 8844 www.mundivox.com

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers