We had the same problem with SDP. There are very many UA with this mistake error To bypass this restriction we have added after force_rtp_proxy(); Also such command subst("/^c=IN IP4 ([0-9]+).([0-9]+).([0-9]+).([0-9]+)(.*)/c=IN IP4 11.22.33.44\5/i");
Dmitry
------------------------------
Message: 6 Date: Tue, 11 Apr 2006 16:51:22 +0200 From: "Nicolas Olivier" nolivier@alphalink.fr Subject: Re: [Users] nat_helper: multiple media IP address in SDP To: "Bogdan-Andrei Iancu" bogdan@voice-system.ro Cc: users@openser.org Message-ID: 443BC26A.8040407@alphalink.fr Content-Type: text/plain; format=flowed; charset="ISO-8859-1"
Ok, I may have a look to the csv. Thanks for the help.
regards, Nicolas
Bogdan-Andrei Iancu wrote:
Hi,
Nicolas Olivier wrote:
Hi Bogdan,
Ok, I understand now. But I still encounter the problem because:
- rtpproxy only rewrites the c= from media part (but it should be
fine
as you said) despite what a quick look in the rtpproxy code
comments
say ("We have to change ports in m-lines, and also change IP
addresses
in c-lines which can be placed either in session header (fallback
for
all medias) or media description.")
yes, the nathelper will change the c= from session header only if it finds a media section without a local c= (which means the default c= from session hdr will be used).
- the centrex (which is an asterisk by the way) take only into
account
the c= from the session part, not the one from media part
in the CVS devel there is a flag that force also changing of session
c= :
http://openser.org/docs/modules/1.1.x/nathelper.html#AEN275 , the"c" flag
regards, bogdan
regards, Nicolas
Bogdan-Andrei Iancu wrote:
Hi Nicolas,
it;s perfectly ok - see the SDP RFC : an SDP may contain a default
c= in
the session part; each media section (m=) may contain an ip (c=);
if it
doesn't the session c= will be used.
regards, bogdan
Nicolas Olivier wrote:
Hi,
I've got a gateway which is only used for rounting and rtp
proxying
between providers and centrexes.
On reply to an INVITE, one of our provider send back a "183
Session
Progress". The problem is that in the SDP block, we've got 2
media IP
address and rtpproxy only rewrite one.
Finally, the provider establish rtp session with our gateway,
and
our
centrex directly with the provider.
provider gateway centrex 172.16.0.10 192.168.1.10
192.168.1.20
RTP -------------> RTP ------------> RTP ^-------------------------------------------------|So my questions are, is it possible to have multiple IP address
in
SDP
and if so, how can I tell rtpproxy to rewrite all of them.
Coming from provider:
SIP/2.0 183 Session Progress. Via: SIP/2.0/UDP 192.168.1.10;branch=z9hG4bKdd67.a4cc2c44.0,SIP/2.0/UDP 192.168.1.20:5062;branch=z9hG4bKdd67.08f45a33.0,SIP/2.0/UDP 192.168.1.20:5060;branch=z9hG4bK4af242b7. From: "02" sip:0143132445@192.168.1.20;tag=as226ce7b9. To: sip:0123456789@192.168.1.20:5062;tag=3123AAA8-20C5. Date: Tue, 11 Apr 2006 09:10:29 GMT. Call-ID: 079ab6663e403ff44a1107e5111b075f@192.168.1.20. Server: Cisco-SIPGateway/IOS-12.x. CSeq: 102 INVITE. Allow-Events: telephone-event. Contact: sip:677238#0123456789@172.16.0.10:5060. Record-Route:
sip:192.168.1.10;ftag=as226ce7b9;lr=on,sip:192.168.1.20:5062;ftag=as2 26ce7b9;lr=on.
Content-Disposition: session;handling=required. Content-Type: application/sdp. Content-Length: 261. . v=0. o=CiscoSystemsSIP-GW-UserAgent 3448 4768 IN IP4 172.16.0.10. s=SIP Call. c=IN IP4 172.16.0.10. t=0 0. m=audio 18322 RTP/AVP 18 101. c=IN IP4 172.16.0.10. a=rtpmap:18 G729/8000. a=fmtp:18 annexb=no. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-16.
Forwarded to centrex:
SIP/2.0 183 Session Progress. Via: SIP/2.0/UDP 192.168.1.20:5062;branch=z9hG4bK43a4.3e96aba3.0,SIP/2.0/UDP 192.168.1.20:5060;branch=z9hG4bK3213db83. From: "02" sip:0143132445@192.168.1.20;tag=as1a2f900d. To: sip:0123456789@192.168.1.20:5062;tag=3121D1B4-1BFD. Date: Tue, 11 Apr 2006 09:08:28 GMT. Call-ID: 08467c5e299ab833106517c63d3edc2e@192.168.1.20. Server: Cisco-SIPGateway/IOS-12.x. CSeq: 102 INVITE. Allow-Events: telephone-event. Contact: sip:677238#0123456789@172.16.0.10:5060. Record-Route:
sip:192.168.1.10;ftag=as1a2f900d;lr=on,sip:192.168.1.20:5062;ftag=as1 a2f900d;lr=on.
Content-Disposition: session;handling=required. Content-Type: application/sdp. Content-Length: 277. . v=0. o=CiscoSystemsSIP-GW-UserAgent 565 174 IN IP4 172.16.0.10. s=SIP Call. c=IN IP4 172.16.0.10. t=0 0. m=audio 36296 RTP/AVP 18 101. c=IN IP4 192.168.1.10. a=rtpmap:18 G729/8000. a=fmtp:18 annexb=no. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-16. a=nortpproxy:yes.
openser.cfg
(...)
onreply_route[1] { if (status =~ "(180)|(183)|2[0-9][0-9]") { fix_nated_contact(); if (!search("^Content-Length:[ ]*0")) { force_rtp_proxy(); }; } else if (nat_uac_test("1")) { fix_nated_contact(); }; }
(...)
Best regards, Nicolas Olivier
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
------------------------------
Message: 7 Date: Tue, 11 Apr 2006 16:52:14 +0200 From: Cesc cesc.santa@gmail.com Subject: Re: [Users] Allow only TLS connections To: "Thorsten.Haupt@t-systems.com" Thorsten.Haupt@t-systems.com Cc: users@openser.org Message-ID: ce8208420604110752i733143d8k5b565ac45b0cfda2@mail.gmail.com Content-Type: text/plain; charset=ISO-8859-1
http://openser.org/dokuwiki/doku.php?id=openser_core_cookbook&DokuWiki=6 c17b007ea61fa37b86b391ce1b2a80f#tcp
On 4/11/06, Thorsten.Haupt@t-systems.com Thorsten.Haupt@t-systems.com wrote:
I searched for this function, but I didn't found it :-( Knows anyone the correct code, not only pseudo-code?
Torsten
-----Ursprьngliche Nachricht----- Von: Cesc [mailto:cesc.santa@gmail.com] Gesendet: Dienstag, 11. April 2006 14:03 An: Haupt, Thorsten Cc: users@openser.org Betreff: Re: [Users] Allow only TLS connections
I think in openser there is a function to check what transport the
message came in ... you can do something like:
if ( transport != TLS ) { send error to UA break; }
Cesc
On 4/11/06, Thorsten.Haupt@t-systems.com
Thorsten.Haupt@t-systems.com wrote:
Hello,
I use OpenSER in a testing environment for VoIP security. My clients connect via TLS. If I deactivate UDP/5060 on the server, it doesn't
work correct.
Some Clients can't connect and others can't establish calls. I read
in
another thread, that UDP is mandatory for SIP and that the server
need it.
But how can I prevent users from connecting via UDP and force them
to
use TLS? I tried a firewall, blocking UDP and TCP on port 5060. But
is
this the correct way? Are there any parameters server-side to force users to connect via TLS?
Thanks for response. Torsten _______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
------------------------------
Message: 8 Date: Tue, 11 Apr 2006 17:16:49 +0200 From: Andreas Granig andreas.granig@inode.info Subject: [Users] Overlapping AVPs To: users@openser.org Message-ID: 443BC861.6040303@inode.info Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hi,
Me again, sorry, but the docs aren't really noisy about AVP details...
So if I have user preferences for both the caller and callee and load them from DB and print them using the following:
avp_db_load("$avp($uuid_caller)", ""); avp_db_load("$avp($uuid_callee)", ""); avp_print();
then they may overlap because of the same ID (say "i:102" for toggling some specific feature on/off), but according to the debug output both are present:
INFO:avpops:print_avp: p=0x4056db90, flags=100 INFO: id=<102> INFO: val_int=<1>
INFO:avpops:print_avp: p=0x4056dc68, flags=100 INFO: id=<102> INFO: val_int=<0>
So is it possible to selectively access the avp-value of both $uuid_caller and $uuid_callee? Something like $avp(i:102)[0] and $avp(i:102)[1] maybe?
Thanks, Andy
------------------------------
Message: 9 Date: Tue, 11 Apr 2006 17:54:56 +0200 From: "D'Addelfio Davide" Davide.D'Addelfio@italtel.it Subject: R: [Users] load from db table To: "Bogdan-Andrei Iancu" bogdan@voice-system.ro Cc: users@openser.org Message-ID: 82C94EFCF026F74EB91A2048B1C963A504065277@BESONE.corp.dom Content-Type: text/plain; charset="iso-8859-1"
Hi Bogdan, I'm trying to setup my config file , did the same
modparam("avpops", "db_scheme", "scheme0:username_col=from;value_col=timestamp;value_type=string;table=a cc") modparam("avpops","avp_aliases","timestamp=i:800")
if (method=="INVITE") avp_db_load("$from","$timestamp/$scheme0");
I'm not sure that is correct...
log gives me these errors
Apr 11 08:42:59 localhost /usr/sbin/openser[13752]: submit_query: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'from='bob'' at line 1 Apr 11 08:42:59 localhost /usr/sbin/openser[13752]: db_query: Error while submitting query Apr 11 08:42:59 localhost /usr/sbin/openser[13752]: ERROR:avpops:load_avps: db_load failed
Any thought?
Thanks Davide
-----Messaggio originale----- Da: users-bounces@openser.org [mailto:users-bounces@openser.org] Per conto di Bogdan-Andrei Iancu Inviato: martedм 11 aprile 2006 16.12 A: D'Addelfio Davide Cc: users@openser.org Oggetto: Re: [Users] load from db table
Hi,
see: http://www.voice-system.ro/docs/avpops/ar01s06.html#avp_db_load
the "db_scheme" example.
regards, bogdan
D'Addelfio Davide wrote:
Hi Bogdan,
i setup my openser.cfg to store SIP messages into acc tables of mysql, using extra accounting to store also the body part of the message. Now i need that openser read into that db's table, in particular in
some
rows of db. If I use avp_db_load it works only over usr_preference table, instead I want it looks into acc table.
How can I do?
Thanks for help Davide
_______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
------------------------------
_______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
End of Users Digest, Vol 11, Issue 27 *************************************
Hi Dmitry,
Thanks, it works like a charm.
Nicolas
Dmitry Lyubimkov wrote:
We had the same problem with SDP. There are very many UA with this mistake error To bypass this restriction we have added after force_rtp_proxy(); Also such command subst("/^c=IN IP4 ([0-9]+).([0-9]+).([0-9]+).([0-9]+)(.*)/c=IN IP4 11.22.33.44\5/i");
Dmitry
Message: 6 Date: Tue, 11 Apr 2006 16:51:22 +0200 From: "Nicolas Olivier" nolivier@alphalink.fr Subject: Re: [Users] nat_helper: multiple media IP address in SDP To: "Bogdan-Andrei Iancu" bogdan@voice-system.ro Cc: users@openser.org Message-ID: 443BC26A.8040407@alphalink.fr Content-Type: text/plain; format=flowed; charset="ISO-8859-1"
Ok, I may have a look to the csv. Thanks for the help.
regards, Nicolas
Bogdan-Andrei Iancu wrote:
Hi,
Nicolas Olivier wrote:
Hi Bogdan,
Ok, I understand now. But I still encounter the problem because:
- rtpproxy only rewrites the c= from media part (but it should be
fine
as you said) despite what a quick look in the rtpproxy code
comments
say ("We have to change ports in m-lines, and also change IP
addresses
in c-lines which can be placed either in session header (fallback
for
all medias) or media description.")
yes, the nathelper will change the c= from session header only if it finds a media section without a local c= (which means the default c= from session hdr will be used).
- the centrex (which is an asterisk by the way) take only into
account
the c= from the session part, not the one from media part
in the CVS devel there is a flag that force also changing of session
c= :
http://openser.org/docs/modules/1.1.x/nathelper.html#AEN275 , the"c" flag
regards, bogdan
regards, Nicolas
Bogdan-Andrei Iancu wrote:
Hi Nicolas,
it;s perfectly ok - see the SDP RFC : an SDP may contain a default
c= in
the session part; each media section (m=) may contain an ip (c=);
if it
doesn't the session c= will be used.
regards, bogdan
Nicolas Olivier wrote:
Hi,
I've got a gateway which is only used for rounting and rtp
proxying
between providers and centrexes.
On reply to an INVITE, one of our provider send back a "183
Session
Progress". The problem is that in the SDP block, we've got 2
media IP
address and rtpproxy only rewrite one.
Finally, the provider establish rtp session with our gateway,
and
our
centrex directly with the provider.
provider gateway centrex 172.16.0.10 192.168.1.10
192.168.1.20
RTP -------------> RTP ------------> RTP ^-------------------------------------------------|So my questions are, is it possible to have multiple IP address
in
SDP
and if so, how can I tell rtpproxy to rewrite all of them.
Coming from provider:
SIP/2.0 183 Session Progress. Via: SIP/2.0/UDP 192.168.1.10;branch=z9hG4bKdd67.a4cc2c44.0,SIP/2.0/UDP 192.168.1.20:5062;branch=z9hG4bKdd67.08f45a33.0,SIP/2.0/UDP 192.168.1.20:5060;branch=z9hG4bK4af242b7. From: "02" sip:0143132445@192.168.1.20;tag=as226ce7b9. To: sip:0123456789@192.168.1.20:5062;tag=3123AAA8-20C5. Date: Tue, 11 Apr 2006 09:10:29 GMT. Call-ID: 079ab6663e403ff44a1107e5111b075f@192.168.1.20. Server: Cisco-SIPGateway/IOS-12.x. CSeq: 102 INVITE. Allow-Events: telephone-event. Contact: sip:677238#0123456789@172.16.0.10:5060. Record-Route:
sip:192.168.1.10;ftag=as226ce7b9;lr=on,sip:192.168.1.20:5062;ftag=as2 26ce7b9;lr=on.
Content-Disposition: session;handling=required. Content-Type: application/sdp. Content-Length: 261. . v=0. o=CiscoSystemsSIP-GW-UserAgent 3448 4768 IN IP4 172.16.0.10. s=SIP Call. c=IN IP4 172.16.0.10. t=0 0. m=audio 18322 RTP/AVP 18 101. c=IN IP4 172.16.0.10. a=rtpmap:18 G729/8000. a=fmtp:18 annexb=no. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-16.
Forwarded to centrex:
SIP/2.0 183 Session Progress. Via: SIP/2.0/UDP 192.168.1.20:5062;branch=z9hG4bK43a4.3e96aba3.0,SIP/2.0/UDP 192.168.1.20:5060;branch=z9hG4bK3213db83. From: "02" sip:0143132445@192.168.1.20;tag=as1a2f900d. To: sip:0123456789@192.168.1.20:5062;tag=3121D1B4-1BFD. Date: Tue, 11 Apr 2006 09:08:28 GMT. Call-ID: 08467c5e299ab833106517c63d3edc2e@192.168.1.20. Server: Cisco-SIPGateway/IOS-12.x. CSeq: 102 INVITE. Allow-Events: telephone-event. Contact: sip:677238#0123456789@172.16.0.10:5060. Record-Route:
sip:192.168.1.10;ftag=as1a2f900d;lr=on,sip:192.168.1.20:5062;ftag=as1 a2f900d;lr=on.
Content-Disposition: session;handling=required. Content-Type: application/sdp. Content-Length: 277. . v=0. o=CiscoSystemsSIP-GW-UserAgent 565 174 IN IP4 172.16.0.10. s=SIP Call. c=IN IP4 172.16.0.10. t=0 0. m=audio 36296 RTP/AVP 18 101. c=IN IP4 192.168.1.10. a=rtpmap:18 G729/8000. a=fmtp:18 annexb=no. a=rtpmap:101 telephone-event/8000. a=fmtp:101 0-16. a=nortpproxy:yes.
openser.cfg
(...)
onreply_route[1] { if (status =~ "(180)|(183)|2[0-9][0-9]") { fix_nated_contact(); if (!search("^Content-Length:[ ]*0")) { force_rtp_proxy(); }; } else if (nat_uac_test("1")) { fix_nated_contact(); }; }
(...)
Best regards, Nicolas Olivier
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Message: 7 Date: Tue, 11 Apr 2006 16:52:14 +0200 From: Cesc cesc.santa@gmail.com Subject: Re: [Users] Allow only TLS connections To: "Thorsten.Haupt@t-systems.com" Thorsten.Haupt@t-systems.com Cc: users@openser.org Message-ID: ce8208420604110752i733143d8k5b565ac45b0cfda2@mail.gmail.com Content-Type: text/plain; charset=ISO-8859-1
http://openser.org/dokuwiki/doku.php?id=openser_core_cookbook&DokuWiki=6 http://openser.org/dokuwiki/doku.php?id=openser_core_cookbook&DokuWiki=6 c17b007ea61fa37b86b391ce1b2a80f#tcp
On 4/11/06, Thorsten.Haupt@t-systems.com Thorsten.Haupt@t-systems.com wrote:
I searched for this function, but I didn't found it :-( Knows anyone the correct code, not only pseudo-code?
Torsten
-----Ursprьngliche Nachricht----- Von: Cesc [mailto:cesc.santa@gmail.com] Gesendet: Dienstag, 11. April 2006 14:03 An: Haupt, Thorsten Cc: users@openser.org Betreff: Re: [Users] Allow only TLS connections
I think in openser there is a function to check what transport the
message came in ... you can do something like:
if ( transport != TLS ) { send error to UA break; }
Cesc
On 4/11/06, Thorsten.Haupt@t-systems.com
Thorsten.Haupt@t-systems.com wrote:
Hello,
I use OpenSER in a testing environment for VoIP security. My clients connect via TLS. If I deactivate UDP/5060 on the server, it doesn't
work correct.
Some Clients can't connect and others can't establish calls. I read
in
another thread, that UDP is mandatory for SIP and that the server
need it.
But how can I prevent users from connecting via UDP and force them
to
use TLS? I tried a firewall, blocking UDP and TCP on port 5060. But
is
this the correct way? Are there any parameters server-side to force users to connect via TLS?
Thanks for response. Torsten _______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Message: 8 Date: Tue, 11 Apr 2006 17:16:49 +0200 From: Andreas Granig andreas.granig@inode.info Subject: [Users] Overlapping AVPs To: users@openser.org Message-ID: 443BC861.6040303@inode.info Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hi,
Me again, sorry, but the docs aren't really noisy about AVP details...
So if I have user preferences for both the caller and callee and load them from DB and print them using the following:
avp_db_load("$avp($uuid_caller)", ""); avp_db_load("$avp($uuid_callee)", ""); avp_print();
then they may overlap because of the same ID (say "i:102" for toggling some specific feature on/off), but according to the debug output both are present:
INFO:avpops:print_avp: p=0x4056db90, flags=100 INFO: id=<102> INFO: val_int=<1>
INFO:avpops:print_avp: p=0x4056dc68, flags=100 INFO: id=<102> INFO: val_int=<0>
So is it possible to selectively access the avp-value of both $uuid_caller and $uuid_callee? Something like $avp(i:102)[0] and $avp(i:102)[1] maybe?
Thanks, Andy
Message: 9 Date: Tue, 11 Apr 2006 17:54:56 +0200 From: "D'Addelfio Davide" Davide.D'Addelfio@italtel.it Subject: R: [Users] load from db table To: "Bogdan-Andrei Iancu" bogdan@voice-system.ro Cc: users@openser.org Message-ID: 82C94EFCF026F74EB91A2048B1C963A504065277@BESONE.corp.dom Content-Type: text/plain; charset="iso-8859-1"
Hi Bogdan, I'm trying to setup my config file , did the same
modparam("avpops", "db_scheme", "scheme0:username_col=from;value_col=timestamp;value_type=string;table=a cc") modparam("avpops","avp_aliases","timestamp=i:800")
if (method=="INVITE") avp_db_load("$from","$timestamp/$scheme0");
I'm not sure that is correct...
log gives me these errors
Apr 11 08:42:59 localhost /usr/sbin/openser[13752]: submit_query: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'from='bob'' at line 1 Apr 11 08:42:59 localhost /usr/sbin/openser[13752]: db_query: Error while submitting query Apr 11 08:42:59 localhost /usr/sbin/openser[13752]: ERROR:avpops:load_avps: db_load failed
Any thought?
Thanks Davide
-----Messaggio originale----- Da: users-bounces@openser.org [mailto:users-bounces@openser.org] Per conto di Bogdan-Andrei Iancu Inviato: martedм 11 aprile 2006 16.12 A: D'Addelfio Davide Cc: users@openser.org Oggetto: Re: [Users] load from db table
Hi,
see: http://www.voice-system.ro/docs/avpops/ar01s06.html#avp_db_load
the "db_scheme" example.
regards, bogdan
D'Addelfio Davide wrote:
Hi Bogdan,
i setup my openser.cfg to store SIP messages into acc tables of mysql, using extra accounting to store also the body part of the message. Now i need that openser read into that db's table, in particular in
some
rows of db. If I use avp_db_load it works only over usr_preference table, instead I want it looks into acc table.
How can I do?
Thanks for help Davide
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
End of Users Digest, Vol 11, Issue 27
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Dmitry Lyubimkov -
Nicolas Olivier