4 Dec
2003
4 Dec
'03
7:31 p.m.
Hi everyone,
I have been having lots of problems delivering calls to my companies
gateway. I have tried several different configs found online however
nothing seems to work. I am including the ser.cfg and a dump from ngrep in
hopes a kind person will see what the problem is. I do not know very much
about sip or ser so any help is greatly needed. Currently our company uses
a cisco voip solution and I am setting up Ser as a test. Unfortunately our
admin does not seem very helpful, I'm not sure if he has things setup
correctly for my calls on the gateway or if it's my ser.cfg file. I was
hoping from the information I'm sending someone can tell me where the
problem looks like it's coming from, wether it's his gateway or my config
file. I'm thinking it's me as I don't see any attempt of passing the call
to the gateway in the ngrep output.
Also, I have had to alter my ip's listed in this email. I have been warned
under penalty of pain not to broadcast their ip addresses... :p I hope
this does not cause a problem.
ATA 64.189.165.206
Ser Box 64.189.165.205
Cisco GW 65.189.155.101
Thank you,
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line -dddddddddd)
fork=yes
log_stderror=no # (cmd line -E)
#/* Uncomment these lines to enter debugging mode
#fork=no
#log_stderror=yes
#*/
check_via=no # (cmd. line -v)
dns=no # (cmd. line -r)
rev_dns=no # (cmd. line -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
#
# $Id pstn.cfg,v 1.2 2003/06/03 031812 jiri Exp $
#
#
# ------------------ module loading ----------------------------------
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/acc.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/uri.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
loadmodule "/usr/lib/ser/modules/textops.so"
loadmodule "/usr/lib/ser/modules/group.so"
modparam("auth_db", "db_url","sql//secret@localhost/ser")
modparam("usrloc", "db_url", "sql//secret@localhost/ser")
# ----------------- setting module-specific parameters ---------------
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
# -- acc params --
modparam("acc", "log_level", 1)
# that is the flag for which we will account -- don't forget to
# set the same one -)
modparam("acc", "log_flag", 1 )
# ------------------------- request routing logic -------------------
# main routing logic
route{
/* ********* ROUTINE CHECKS ********************************** */
# filter too old messages
if (!mf_process_maxfwd_header("10")) {
log("LOG Too many hops\n");
sl_send_reply("483","Too Many Hops");
break;
};
if (msglen >= max_len ) {
sl_send_reply("513", "Message too big");
break;
};
/* ********* RR ********************************** */
/* grant Route routing if route headers present */
if (loose_route()) { t_relay(); break; };
/* record-route INVITEs -- all subsequent requests must visit us */
if (method=="INVITE") {
record_route();
};
# now check if it really is a PSTN destination which should be handled
# by our gateway; if not, and the request is an invitation, drop it --
# we cannot terminate it in PSTN; relay non-INVITE requests -- it may
# be for example BYEs sent by gateway to call originator
if (!uri=~"sip\+?[0-9]+@.*") {
if (method=="INVITE") {
sl_send_reply("403", "Call cannot be served
here");
} else {
forward(urihost, uriport);
};
break;
};
# account completed transactions via syslog
setflag(1);
# free call destinations ... no authentication needed
if ( is_user_in("Request-URI", "free-pstn") /* free
destinations */
| uri=~"sip[7][0-9][0-9][0-9]@.*" /* local PBX */
| uri=~"sip98[0-9][0-9][0-9][0-9]") {
log("free call");
} else if (src_ip==65.189.155.101) {
# our gateway doesn't support digest authentication;
# verify that a request is coming from it by source
# address
log("gateway-originated request");
} else {
# in all other cases, we need to check the request against
# access control lists; first of all, verify request
# originator's identity
if (!proxy_authorize( "gateway" /* realm */,
"subscriber" /* table name */)) {
proxy_challenge( "gateway" /* realm */, "0"
/* no
qop */ );
break;
};
# authorize only for INVITEs -- RR/Contact may result in weird
# things showing up in d-uri that would break our logic; our
# major concern is INVITE which causes PSTN costs
if (method=="INVITE") {
# does the authenticated user have a permission
for local
# calls (destinations beginning with a single zero)?
# (i.e., is he in the "local" group?)
if (uri=~"sip0[1-9][0-9]+@.*") {
if (!is_user_in("credentials",
"local")) {
sl_send_reply("403", "No
permission for local calls");
break;
};
# the same for long-distance (destinations begin
with two zeros")
} else if (uri=~"sip00[1-9][0-9]+@.*") {
if (!is_user_in("credentials", "ld"))
{
sl_send_reply("403", " no
permission for LD ");
break;
};
# the same for international calls (three zeros)
} else if (uri=~"sip000[1-9][0-9]+@.*") {
if (!is_user_in("credentials",
"int")) {
sl_send_reply("403",
"International permissions needed");
break;
};
# everything else (e.g., interplanetary calls) is
denied
} else {
sl_send_reply("403", "Forbidden");
break;
};
}; # INVITE to authorized PSTN
}; # authorized PSTN
# if you have passed through all the checks, let your call go to GW!
rewritehostport("65.189.155.1015060");
# forward the request now
if (!t_relay()) {
sl_reply_error();
break;
};
}
################ ngrep output#######################
#
U 64.189.165.2065060 -> 64.189.165.2055060
INVITE sip776044445556(a)64.189.165.205;user=phone SIP/2.0..Via
SIP/2.0/UDP 64.189.165.2065060..From <sip6
044848235@64.189.165.205;user=phone>;tag=409936633..To
<sip776044445556@64.189.165.205;user=phone>..Call-ID
2945885252@64.189.165.206..CSeq 1 INVITE..Contact
<sip6044445555(a)64.189.165.2065060;user=phone;transpor
t=udp>..User-Agent Cisco ATA 186 v2.16.2 ata18x (030909a)..Expires
300..Content-Length 257..Content-Typ
e application/sdp....v=0..o=6044445555 62848 62848 IN IP4
64.189.165.206..s=ATA186 Call..c=IN IP4 64.189.165.206..t=0 0..m=audio
16384 RTP/AVP 18 8 0 101..a=rtpmap18 G729/8000/1..a=rtpmap8
PCMA/8000/1..a=rtpmap0PCMU/8000/1..a=rtpmap101
telephone-event/8000..a=fmtp101 0-15..
#
U 64.189.165.2055060 -> 64.189.165.2065060
SIP/2.0 407 Proxy Authentication Required..Via SIP/2.0/UDP
64.189.165.2065060..From
<sip6044445555@64.189.165.205;user=phone>;tag=409936633..To
<sip776044445556@64.189.165.205;user=phone>;tag=b27e1a1d33761e85846fc98f5f3a7e58.0ed0..Call-ID
2945885252@64.189.165.206..CSeq 1 INVITE..Proxy-Authenticate Digest
realm="gateway",
nonce="3fcf790810cb0daaf030be719aa79e574b96b535"..Server
Sip EXpress router (0.8.12 (i386/linux)).
.Content-Length 0..Warning 392 64.189.165.2055060 "Noisy feedback
tells pid=32407 req_src_ip=64.189.165.206 req_src_port=5060
in_uri=sip776044445556(a)64.189.165.205;user=phone
out_uri=sip776044445556(a)64.189.165.205;user=phone via_cnt==1"....
#
U 64.189.165.2065060 -> 64.189.165.2055060
ACK sip776044445556(a)64.189.165.205;user=phone SIP/2.0..Via SIP/2.0/UDP
64.189.165.2065060..From <sip6044
445555@64.189.165.205;user=phone>;tag=409936633..To
<sip776044445556(a)64.189.165.205;user=phone>;tag=b27e1a1
d33761e85846fc98f5f3a7e58.0ed0..Call-ID 2945885252@64.189.165.206..CSeq
1 ACK..User-Agent Cisco ATA 186
v2.16.2 ata18x (030909a)..Content-Length 0....
4 Dec
4 Dec
10:15 p.m.
Hello,
unfortunatelly the message dumps do not show anything useful. your ATA
sends an INVITE which is challenged by the server. After that the ATA is
supposed to send a new INVITE, this time including digest credentials.
Jan.
On 04-12 09:31, Rick Gocher wrote:
Hi everyone,
I have been having lots of problems delivering calls to my companies
gateway. I have tried several different configs found online however
nothing seems to work. I am including the ser.cfg and a dump from ngrep in
hopes a kind person will see what the problem is. I do not know very much
about sip or ser so any help is greatly needed. Currently our company uses
a cisco voip solution and I am setting up Ser as a test. Unfortunately our
admin does not seem very helpful, I'm not sure if he has things setup
correctly for my calls on the gateway or if it's my ser.cfg file. I was
hoping from the information I'm sending someone can tell me where the
problem looks like it's coming from, wether it's his gateway or my config
file. I'm thinking it's me as I don't see any attempt of passing the call
to the gateway in the ngrep output.
Also, I have had to alter my ip's listed in this email. I have been warned
under penalty of pain not to broadcast their ip addresses... :p I hope
this does not cause a problem.
ATA 64.189.165.206
Ser Box 64.189.165.205
Cisco GW 65.189.155.101
Thank you,
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line -dddddddddd)
fork=yes
log_stderror=no # (cmd line -E)
#/* Uncomment these lines to enter debugging mode
#fork=no
#log_stderror=yes
#*/
check_via=no # (cmd. line -v)
dns=no # (cmd. line -r)
rev_dns=no # (cmd. line -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
#
# $Id pstn.cfg,v 1.2 2003/06/03 031812 jiri Exp $
#
#
# ------------------ module loading ----------------------------------
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/acc.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/uri.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
loadmodule "/usr/lib/ser/modules/textops.so"
loadmodule "/usr/lib/ser/modules/group.so"
modparam("auth_db", "db_url","sql//secret@localhost/ser")
modparam("usrloc", "db_url", "sql//secret@localhost/ser")
# ----------------- setting module-specific parameters ---------------
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
# -- acc params --
modparam("acc", "log_level", 1)
# that is the flag for which we will account -- don't forget to
# set the same one -)
modparam("acc", "log_flag", 1 )
# ------------------------- request routing logic -------------------
# main routing logic
route{
/* ********* ROUTINE CHECKS ********************************** */
# filter too old messages
if (!mf_process_maxfwd_header("10")) {
log("LOG Too many hops\n");
sl_send_reply("483","Too Many Hops");
break;
};
if (msglen >= max_len ) {
sl_send_reply("513", "Message too big");
break;
};
/* ********* RR ********************************** */
/* grant Route routing if route headers present */
if (loose_route()) { t_relay(); break; };
/* record-route INVITEs -- all subsequent requests must visit us */
if (method=="INVITE") {
record_route();
};
# now check if it really is a PSTN destination which should be
handled
# by our gateway; if not, and the request is an invitation, drop it
--
# we cannot terminate it in PSTN; relay non-INVITE requests -- it
may
# be for example BYEs sent by gateway to call originator
if (!uri=~"sip\+?[0-9]+@.*") {
if (method=="INVITE") {
sl_send_reply("403", "Call cannot be served
here");
} else {
forward(urihost, uriport);
};
break;
};
# account completed transactions via syslog
setflag(1);
# free call destinations ... no authentication needed
if ( is_user_in("Request-URI", "free-pstn") /* free
destinations */
| uri=~"sip[7][0-9][0-9][0-9]@.*" /* local PBX */
| uri=~"sip98[0-9][0-9][0-9][0-9]") {
log("free call");
} else if (src_ip==65.189.155.101) {
# our gateway doesn't support digest authentication;
# verify that a request is coming from it by source
# address
log("gateway-originated request");
} else {
# in all other cases, we need to check the request against
# access control lists; first of all, verify request
# originator's identity
if (!proxy_authorize( "gateway" /* realm */,
"subscriber" /* table name */)) {
proxy_challenge( "gateway" /* realm */, "0"
/* no
qop */ );
break;
};
# authorize only for INVITEs -- RR/Contact may result in
weird
# things showing up in d-uri that would break our logic; our
# major concern is INVITE which causes PSTN costs
if (method=="INVITE") {
# does the authenticated user have a permission
for local
# calls (destinations beginning with a single zero)?
# (i.e., is he in the "local" group?)
if (uri=~"sip0[1-9][0-9]+@.*") {
if (!is_user_in("credentials",
"local")) {
sl_send_reply("403", "No
permission for local calls");
break;
};
# the same for long-distance (destinations begin
with two zeros")
} else if (uri=~"sip00[1-9][0-9]+@.*") {
if (!is_user_in("credentials", "ld"))
{
sl_send_reply("403", " no
permission for LD ");
break;
};
# the same for international calls (three zeros)
} else if (uri=~"sip000[1-9][0-9]+@.*") {
if (!is_user_in("credentials",
"int")) {
sl_send_reply("403",
"International permissions needed");
break;
};
# everything else (e.g., interplanetary calls) is
denied
} else {
sl_send_reply("403", "Forbidden");
break;
};
}; # INVITE to authorized PSTN
}; # authorized PSTN
# if you have passed through all the checks, let your call go to GW!
rewritehostport("65.189.155.1015060");
# forward the request now
if (!t_relay()) {
sl_reply_error();
break;
};
}
################ ngrep output#######################
#
U 64.189.165.2065060 -> 64.189.165.2055060
INVITE sip776044445556(a)64.189.165.205;user=phone SIP/2.0..Via
SIP/2.0/UDP 64.189.165.2065060..From <sip6
044848235@64.189.165.205;user=phone>;tag=409936633..To
<sip776044445556@64.189.165.205;user=phone>..Call-ID
2945885252@64.189.165.206..CSeq 1 INVITE..Contact
<sip6044445555(a)64.189.165.2065060;user=phone;transpor
t=udp>..User-Agent Cisco ATA 186 v2.16.2 ata18x (030909a)..Expires
300..Content-Length 257..Content-Typ
e application/sdp....v=0..o=6044445555 62848 62848 IN IP4
64.189.165.206..s=ATA186 Call..c=IN IP4 64.189.165.206..t=0 0..m=audio
16384 RTP/AVP 18 8 0 101..a=rtpmap18 G729/8000/1..a=rtpmap8
PCMA/8000/1..a=rtpmap0PCMU/8000/1..a=rtpmap101
telephone-event/8000..a=fmtp101 0-15..
#
U 64.189.165.2055060 -> 64.189.165.2065060
SIP/2.0 407 Proxy Authentication Required..Via SIP/2.0/UDP
64.189.165.2065060..From
<sip6044445555@64.189.165.205;user=phone>;tag=409936633..To
<sip776044445556@64.189.165.205;user=phone>;tag=b27e1a1d33761e85846fc98f5f3a7e58.0ed0..Call-ID
2945885252@64.189.165.206..CSeq 1 INVITE..Proxy-Authenticate Digest
realm="gateway",
nonce="3fcf790810cb0daaf030be719aa79e574b96b535"..Server
Sip EXpress router (0.8.12 (i386/linux)).
.Content-Length 0..Warning 392 64.189.165.2055060 "Noisy feedback
tells pid=32407 req_src_ip=64.189.165.206 req_src_port=5060
in_uri=sip776044445556(a)64.189.165.205;user=phone
out_uri=sip776044445556(a)64.189.165.205;user=phone via_cnt==1"....
#
U 64.189.165.2065060 -> 64.189.165.2055060
ACK sip776044445556(a)64.189.165.205;user=phone SIP/2.0..Via SIP/2.0/UDP
64.189.165.2065060..From <sip6044
445555@64.189.165.205;user=phone>;tag=409936633..To
<sip776044445556(a)64.189.165.205;user=phone>;tag=b27e1a1
d33761e85846fc98f5f3a7e58.0ed0..Call-ID 2945885252@64.189.165.206..CSeq
1 ACK..User-Agent Cisco ATA 186
v2.16.2 ata18x (030909a)..Content-Length 0....
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
10:21 p.m.
Jan Janak wrote:
Hello,
unfortunatelly the message dumps do not show anything useful. your ATA
sends an INVITE which is challenged by the server. After that the ATA is
supposed to send a new INVITE, this time including digest credentials.
Someone somewhere said that ATA have a bug that is solved mysteriously if
you add an IP address in the TFTP server field, any IP address.
See
http://lists.digium.com/pipermail/asterisk-users/2003-June/013718.html
/Olle
6 Dec
6 Dec
4:09 p.m.
The message dump you send is either incomplete or it indicates an
error in ATA. After the digest challenge in 407, a new INVITE should
follow with proper credentials. I suppose it is a bug in ATA if it
does not send such. I'm not sure what a workaround could be. Perhaps
changing realm to servername (which is a workaround for such a bug
in Messanger).
-jiri
At 06:31 PM 12/4/2003, Rick Gocher wrote:
Hi everyone,
I have been having lots of problems delivering calls to my companies gateway. I have
tried several different configs found online however nothing seems to work. I am
including the ser.cfg and a dump from ngrep in hopes a kind person will see what the
problem is. I do not know very much about sip or ser so any help is greatly needed.
Currently our company uses a cisco voip solution and I am setting up Ser as a test.
Unfortunately our admin does not seem very helpful, I'm not sure if he has things
setup correctly for my calls on the gateway or if it's my ser.cfg file. I was hoping
from the information I'm sending someone can tell me where the problem looks like
it's coming from, wether it's his gateway or my config file. I'm thinking
it's me as I don't see any attempt of passing the call to the gateway in the ngrep
output.
Also, I have had to alter my ip's listed in this email. I have been warned under
penalty of pain not to broadcast their ip addresses... :p I hope this does not cause a
problem.
ATA 64.189.165.206
Ser Box 64.189.165.205
Cisco GW 65.189.155.101
Thank you,
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line -dddddddddd)
fork=yes
log_stderror=no # (cmd line -E)
#/* Uncomment these lines to enter debugging mode
#fork=no
#log_stderror=yes
#*/
check_via=no # (cmd. line -v)
dns=no # (cmd. line -r)
rev_dns=no # (cmd. line -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
#
# $Id pstn.cfg,v 1.2 2003/06/03 031812 jiri Exp $
#
#
# ------------------ module loading ----------------------------------
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/acc.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/uri.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
loadmodule "/usr/lib/ser/modules/textops.so"
loadmodule "/usr/lib/ser/modules/group.so"
modparam("auth_db", "db_url","sql//secret@localhost/ser")
modparam("usrloc", "db_url", "sql//secret@localhost/ser")
# ----------------- setting module-specific parameters ---------------
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
# -- acc params --
modparam("acc", "log_level", 1)
# that is the flag for which we will account -- don't forget to
# set the same one -)
modparam("acc", "log_flag", 1 )
# ------------------------- request routing logic -------------------
# main routing logic
route{
/* ********* ROUTINE CHECKS ********************************** */
# filter too old messages
if (!mf_process_maxfwd_header("10")) {
log("LOG Too many hops\n");
sl_send_reply("483","Too Many Hops");
break;
};
if (msglen >= max_len ) {
sl_send_reply("513", "Message too big");
break;
};
/* ********* RR ********************************** */
/* grant Route routing if route headers present */
if (loose_route()) { t_relay(); break; };
/* record-route INVITEs -- all subsequent requests must visit us */
if (method=="INVITE") {
record_route();
};
# now check if it really is a PSTN destination which should be handled
# by our gateway; if not, and the request is an invitation, drop it --
# we cannot terminate it in PSTN; relay non-INVITE requests -- it may
# be for example BYEs sent by gateway to call originator
if (!uri=~"sip\+?[0-9]+@.*") {
if (method=="INVITE") {
sl_send_reply("403", "Call cannot be served
here");
} else {
forward(urihost, uriport);
};
break;
};
# account completed transactions via syslog
setflag(1);
# free call destinations ... no authentication needed
if ( is_user_in("Request-URI", "free-pstn") /* free
destinations */
| uri=~"sip[7][0-9][0-9][0-9]@.*" /* local PBX */
| uri=~"sip98[0-9][0-9][0-9][0-9]") {
log("free call");
} else if (src_ip==65.189.155.101) {
# our gateway doesn't support digest authentication;
# verify that a request is coming from it by source
# address
log("gateway-originated request");
} else {
# in all other cases, we need to check the request against
# access control lists; first of all, verify request
# originator's identity
if (!proxy_authorize( "gateway" /* realm */,
"subscriber" /* table name */)) {
proxy_challenge( "gateway" /* realm */, "0" /*
no qop */ );
break;
};
# authorize only for INVITEs -- RR/Contact may result in weird
# things showing up in d-uri that would break our logic; our
# major concern is INVITE which causes PSTN costs
if (method=="INVITE") {
# does the authenticated user have a permission for local
# calls (destinations beginning with a single zero)?
# (i.e., is he in the "local" group?)
if (uri=~"sip0[1-9][0-9]+@.*") {
if (!is_user_in("credentials",
"local")) {
sl_send_reply("403", "No permission
for local calls");
break;
};
# the same for long-distance (destinations begin with two
zeros")
} else if (uri=~"sip00[1-9][0-9]+@.*") {
if (!is_user_in("credentials", "ld"))
{
sl_send_reply("403", " no
permission for LD ");
break;
};
# the same for international calls (three zeros)
} else if (uri=~"sip000[1-9][0-9]+@.*") {
if (!is_user_in("credentials", "int"))
{
sl_send_reply("403", "International
permissions needed");
break;
};
# everything else (e.g., interplanetary calls) is denied
} else {
sl_send_reply("403", "Forbidden");
break;
};
}; # INVITE to authorized PSTN
}; # authorized PSTN
# if you have passed through all the checks, let your call go to GW!
rewritehostport("65.189.155.1015060");
# forward the request now
if (!t_relay()) {
sl_reply_error();
break;
};
}
################ ngrep output#######################
#
U 64.189.165.2065060 -> 64.189.165.2055060
INVITE sip776044445556(a)64.189.165.205;user=phone SIP/2.0..Via SIP/2.0/UDP
64.189.165.2065060..From <sip6
044848235@64.189.165.205;user=phone>;tag=409936633..To
<sip776044445556@64.189.165.205;user=phone>..Call-ID
2945885252@64.189.165.206..CSeq 1 INVITE..Contact
<sip6044445555(a)64.189.165.2065060;user=phone;transpor
t=udp>..User-Agent Cisco ATA 186 v2.16.2 ata18x (030909a)..Expires
300..Content-Length 257..Content-Typ
e application/sdp....v=0..o=6044445555 62848 62848 IN IP4 64.189.165.206..s=ATA186
Call..c=IN IP4 64.189.165.206..t=0 0..m=audio 16384 RTP/AVP 18 8 0 101..a=rtpmap18
G729/8000/1..a=rtpmap8 PCMA/8000/1..a=rtpmap0PCMU/8000/1..a=rtpmap101
telephone-event/8000..a=fmtp101 0-15..
#
U 64.189.165.2055060 -> 64.189.165.2065060
SIP/2.0 407 Proxy Authentication Required..Via SIP/2.0/UDP 64.189.165.2065060..From
<sip6044445555@64.189.165.205;user=phone>;tag=409936633..To
<sip776044445556@64.189.165.205;user=phone>;tag=b27e1a1d33761e85846fc98f5f3a7e58.0ed0..Call-ID
2945885252@64.189.165.206..CSeq 1 INVITE..Proxy-Authenticate Digest
realm="gateway",
nonce="3fcf790810cb0daaf030be719aa79e574b96b535"..Server Sip EXpress router
(0.8.12 (i386/linux)).
.Content-Length 0..Warning 392 64.189.165.2055060 "Noisy feedback tells pid=32407
req_src_ip=64.189.165.206 req_src_port=5060
in_uri=sip776044445556(a)64.189.165.205;user=phone
out_uri=sip776044445556(a)64.189.165.205;user=phone via_cnt==1"....
#
U 64.189.165.2065060 -> 64.189.165.2055060
ACK sip776044445556(a)64.189.165.205;user=phone SIP/2.0..Via SIP/2.0/UDP
64.189.165.2065060..From <sip6044
445555@64.189.165.205;user=phone>;tag=409936633..To
<sip776044445556(a)64.189.165.205;user=phone>;tag=b27e1a1
d33761e85846fc98f5f3a7e58.0ed0..Call-ID 2945885252@64.189.165.206..CSeq 1
ACK..User-Agent Cisco ATA 186
v2.16.2 ata18x (030909a)..Content-Length 0....
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
--
Jiri Kuthan http://iptel.org/~jiri/
8 Dec
8 Dec
2:19 a.m.
Hi everyone, thank you for your responses. Here is the latest copy of my
ngrep. I seem to have the ATA box trying to register with both ports (uid0
Rick and uid1 6044844000) however when ser tries to forward to my
gateway, I get the Method not allowed. I also noticed that no numbers I
try to dial ever get passed to the gateway, is that because it's failing
initial auth? I have registered the user Rick using serctl and placed the
uid into the free-pstn and local groups...
I'm including my ser.cfg as I may have changed things since last time....
thanks again,
Rick
##
U 64.189.165.2065060 -> 64.189.165.2055060REGISTER sip:64.189.165.205
SIP/2.0..Via SIP/2.0/UDP 64.189.165.2065060..From
sip:Rick@64.189.165.205;tag=3484959312..To sip:Rick@64.189.165.205..Call-ID
3859574384@64.189.165.206..CSeq 3 REGISTER..Contact <sip:Rick@
64.189.165.2065060;transport=udp>;expires=3600..User-Agent Cisco ATA
186 v2.16.2 ata18x (030909a)..Content-Length
0....
#
U 64.189.165.2055060 -> 65.189.155.1015060 REGISTER sip:64.189.165.205
SIP/2.0..Max-Forwards 10..Via SIP/2.0/UDP 64.189.165.205;branch=0..Via
SIP/2.0/UDP 64.189.165.2065060..From
sip:Rick@64.189.165.205;tag=3484959312..To sip:Rick@64.189.165.205..Call-ID
3859574384@64.189.165.206..CSeq
3REGISTER..Contact<sip:Rick@64.189.165.2065060;
transport=udp>;expires=3600..User-Agent Cisco ATA 186 v2.16.2 ata18x
(030909a)..Content-Length
0....
#
U 65.189.155.1015060 -> 64.189.165.2055060SIP/2.0 405 Method Not
Allowed..Via SIP/2.0/UDP 64.189.165.205;branch=0,SIP/2.0/UDP
64.189.165.2065060..From sip:Rick@64.189.165.205;tag=3484959312..To
sip:Rick@64.189.165.205..Call-ID 3859574384@64.189.165.206..CSeq 3
REGISTER..Allow INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER,
SUBSCRIBE, NOTIFY, INFO..Content-Length
0....
#
U 64.189.165.2055060 -> 64.189.165.2065060 SIP/2.0 405 Method Not
Allowed..Via SIP/2.0/UDP 64.189.165.2065060..From
sip:Rick@64.189.165.205;tag=3484959312..To sip:Rick@
64.189.165.205..Call-ID 3859574384@64.189.165.206..CSeq 3 REGISTER..Allow
INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY,
INFO..Content-Length0....
#
U 64.189.165.2065060 -> 64.189.165.2055060REGISTER sip:64.189.165.205
SIP/2.0..Via SIP/2.0/UDP 64.189.165.2065060..From
<sip:6044844000@64.189.165.205;user=phone>;tag=4073070426..To
<sip:6044844000@64.189.165.205;user=phone>..Call-ID
3464081553@64.189.165.206..CSeq 3 REGISTER..Contact
<sip:6044844000@64.189.165.2065060;user=phone;
transport=udp>;expires=3600..User-Agent Cisco ATA 186 v2.16.2 ata18x
(030909a)..Content-Length
0....
#
U 64.189.165.2055060 -> 65.189.155.1015060REGISTER sip64.189.165.205
SIP/2.0..Max-Forwards 10..Via SIP/2.0/UDP 64.189.165.205;branch=0..Via
SIP/2.0/UDP 64.189.165.206
5060..From<sip:6044844000@64.189.165.205;user=phone>; tag=4073070426..To
<sip:6044844000@64.189.165.205;user=phone>..Call-ID
3464081553@64.189.165.206..CSeq 3 REGISTER..Contact
<sip:6044844000@64.189.165.2065060;user=phone;transport=udp>;expires=3600..User-Agent
Cisco ATA 186 v2.16.2 ata18x
(030909a)..Content-Length
0....
#
U 65.189.155.1015060 -> 64.189.165.2055060 SIP/2.0 405 Method Not
Allowed..Via SIP/2.0/UDP 64.189.165.205;branch=0,SIP/2.0/UDP
64.189.165.2065060..From
<sip:6044844000@64.189.165.205;user=phone>;tag=4073070426..To<sip:6044844000@64.189.165.205;user=
phone>..Call-ID 3464081553@64.189.165.206..CSeq 3 REGISTER..Allow INVITE,
OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY,
INFO..Content-Length 0....
#
U 64.189.165.2055060 -> 64.189.165.2065060 SIP/2.0 405 Method Not
Allowed..Via SIP/2.0/UDP 64.189.165.2065060..From
<sip:6044844000@64.189.165.205;user=phone>;tag=4073070426..To
<sip:6044844000@64.189.165.205;user=phone>..Call-ID
3464081553@64.189.165.206..CSeq 3 REGISTER..Allow INVITE, OPTIONS, BYE,
CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO..Content-Length
0....
# ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=yes # (cmd line: -E)
#/* Uncomment these lines to enter debugging mode
#fork=no
#log_stderror=yes
#*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
#
# $Id: pstn.cfg,v 1.2 2003/06/03 03:18:12 jiri Exp $
#
#
# ------------------ module loading ----------------------------------
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/acc.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/uri.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
loadmodule "/usr/lib/ser/modules/textops.so"
loadmodule "/usr/lib/ser/modules/group.so"
modparam("auth_db",
"db_url","sql://ser:secret@localhost/ser")
modparam("usrloc", "db_url",
"sql://ser:secret@localhost/ser")
# ----------------- setting module-specific parameters ---------------
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("usrloc", "db_mode", 2)
# -- acc params --
# modparam("acc", "log_level", 1)
# that is the flag for which we will account -- don't forget to
# set the same one :-)
# modparam("acc", "log_flag", 1 )
# ------------------------- request routing logic -------------------
# main routing logic
route{
/* ********* ROUTINE CHECKS ********************************** */
# filter too old messages
if (!mf_process_maxfwd_header("10")) {
log("LOG: Too many hops\n");
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len >= max_len ) {
sl_send_reply("513", "Message too big");
break;
};
/* ********* RR ********************************** */
/* grant Route routing if route headers present */
if (loose_route()) { t_relay(); break; };
/* record-route INVITEs -- all subsequent requests must visit us */
if (method=="INVITE") {
record_route();
};
# now check if it really is a PSTN destination which should be handled
# by our gateway; if not, and the request is an invitation, drop it --
# we cannot terminate it in PSTN; relay non-INVITE requests -- it may
# be for example BYEs sent by gateway to call originator
if (!uri=~"sip:\+?[0-9]+@.*") {
if (method=="INVITE") {
sl_send_reply("403", "Call cannot be served
here");
} else {
# forward(uri:host, uri:port);
forward(65.189.155.101, 5060);
};
break;
};
# account completed transactions via syslog
setflag(1);
# free call destinations ... no authentication needed
if ( is_user_in("Request-URI", "free-pstn") /* free
destinations */
# | uri=~"sip:[79][0-9][0-9][0-9]@.*" /* local PBX */
| uri=~"sip:[9][0-9][0-9][0-9]@.*" /* local PBX */
| uri=~"sip:98[0-9][0-9][0-9][0-9]") {
log("free call");
} else if (src_ip==65.189.155.101) {
# our gateway doesn't support digest authentication;
# verify that a request is coming from it by source
# address
log("gateway-originated request");
} else {
# in all other cases, we need to check the request against
# access control lists; first of all, verify request
# originator's identity
if (!proxy_authorize( "gateway" /* realm */,
"subscriber" /* table name */)) {
proxy_challenge( "gateway" /* realm */, "0" /*
no
qop */ );
break;
};
# authorize only for INVITEs -- RR/Contact may result in weird
# things showing up in d-uri that would break our logic; our
# major concern is INVITE which causes PSTN costs
if (method=="INVITE") {
# does the authenticated user have a permission for
local
# calls (destinations beginning with a single zero)?
# (i.e., is he in the "local" group?)
if (uri=~"sip:0[1-9][0-9]+@.*") {
if (!is_user_in("credentials",
"local")) {
sl_send_reply("403", "No permission
for local calls");
break;
};
# the same for long-distance (destinations begin
with two zeros")
} else if (uri=~"sip:00[1-9][0-9]+@.*") {
if (!is_user_in("credentials", "ld"))
{
sl_send_reply("403", " no
permission for LD ");
break;
};
# the same for international calls (three zeros)
} else if (uri=~"sip:000[1-9][0-9]+@.*") {
if (!is_user_in("credentials", "int"))
{
sl_send_reply("403", "International
permissions needed");
break;
};
# everything else (e.g., interplanetary calls) is denied
} else {
sl_send_reply("403", "Forbidden");
break;
};
}; # INVITE to authorized PSTN
}; # authorized PSTN
# if you have passed through all the checks, let your call go to GW!
rewritehostport("65.189.155.101:5060");
# forward the request now
if (!t_relay()) {
sl_reply_error();
break;
};
if (uri=~"^sip:[0-9]*@.*") {
log("Forwarding to PSTN\n");
t_relay_to_udp ("65.189.155.101","5060");
t_relay_to_tcp ("65.189.155.101","5060");
break;
};
}
8:34 p.m.
The problem is that you do not process REGISTER messages, instead your
proxy server forwards them to the PSTN gateway which replies with
"Method not allowed".
You should do something like:
if (uri==myself) {
if (method=="REGISTER") {
save("location");
break;
};
};
See the default configuration file for more details.
Jan.
On 07-12 16:19, Rick Gocher wrote:
Hi everyone, thank you for your responses. Here is the
latest copy of my
ngrep. I seem to have the ATA box trying to register with both ports (uid0
Rick and uid1 6044844000) however when ser tries to forward to my
gateway, I get the Method not allowed. I also noticed that no numbers I
try to dial ever get passed to the gateway, is that because it's failing
initial auth? I have registered the user Rick using serctl and placed the
uid into the free-pstn and local groups...
I'm including my ser.cfg as I may have changed things since last time....
thanks again,
Rick
##
U 64.189.165.2065060 -> 64.189.165.2055060REGISTER sip:64.189.165.205
SIP/2.0..Via SIP/2.0/UDP 64.189.165.2065060..From
sip:Rick@64.189.165.205;tag=3484959312..To sip:Rick@64.189.165.205..Call-ID
3859574384@64.189.165.206..CSeq 3 REGISTER..Contact <sip:Rick@
64.189.165.2065060;transport=udp>;expires=3600..User-Agent Cisco ATA
186 v2.16.2 ata18x (030909a)..Content-Length
0....
#
U 64.189.165.2055060 -> 65.189.155.1015060 REGISTER sip:64.189.165.205
SIP/2.0..Max-Forwards 10..Via SIP/2.0/UDP 64.189.165.205;branch=0..Via
SIP/2.0/UDP 64.189.165.2065060..From
sip:Rick@64.189.165.205;tag=3484959312..To sip:Rick@64.189.165.205..Call-ID
3859574384@64.189.165.206..CSeq
3REGISTER..Contact<sip:Rick@64.189.165.2065060;
transport=udp>;expires=3600..User-Agent Cisco ATA 186 v2.16.2 ata18x
(030909a)..Content-Length
0....
#
U 65.189.155.1015060 -> 64.189.165.2055060SIP/2.0 405 Method Not
Allowed..Via SIP/2.0/UDP 64.189.165.205;branch=0,SIP/2.0/UDP
64.189.165.2065060..From sip:Rick@64.189.165.205;tag=3484959312..To
sip:Rick@64.189.165.205..Call-ID 3859574384@64.189.165.206..CSeq 3
REGISTER..Allow INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER,
SUBSCRIBE, NOTIFY, INFO..Content-Length
0....
#
U 64.189.165.2055060 -> 64.189.165.2065060 SIP/2.0 405 Method Not
Allowed..Via SIP/2.0/UDP 64.189.165.2065060..From
sip:Rick@64.189.165.205;tag=3484959312..To sip:Rick@
64.189.165.205..Call-ID 3859574384@64.189.165.206..CSeq 3 REGISTER..Allow
INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY,
INFO..Content-Length0....
#
U 64.189.165.2065060 -> 64.189.165.2055060REGISTER sip:64.189.165.205
SIP/2.0..Via SIP/2.0/UDP 64.189.165.2065060..From
<sip:6044844000@64.189.165.205;user=phone>;tag=4073070426..To
<sip:6044844000@64.189.165.205;user=phone>..Call-ID
3464081553@64.189.165.206..CSeq 3 REGISTER..Contact
<sip:6044844000@64.189.165.2065060;user=phone;
transport=udp>;expires=3600..User-Agent Cisco ATA 186 v2.16.2 ata18x
(030909a)..Content-Length
0....
#
U 64.189.165.2055060 -> 65.189.155.1015060REGISTER sip64.189.165.205
SIP/2.0..Max-Forwards 10..Via SIP/2.0/UDP 64.189.165.205;branch=0..Via
SIP/2.0/UDP 64.189.165.206
5060..From<sip:6044844000@64.189.165.205;user=phone>; tag=4073070426..To
<sip:6044844000@64.189.165.205;user=phone>..Call-ID
3464081553@64.189.165.206..CSeq 3 REGISTER..Contact
<sip:6044844000@64.189.165.2065060;user=phone;transport=udp>;expires=3600..User-Agent
Cisco ATA 186 v2.16.2 ata18x
(030909a)..Content-Length
0....
#
U 65.189.155.1015060 -> 64.189.165.2055060 SIP/2.0 405 Method Not
Allowed..Via SIP/2.0/UDP 64.189.165.205;branch=0,SIP/2.0/UDP
64.189.165.2065060..From
<sip:6044844000@64.189.165.205;user=phone>;tag=4073070426..To<sip:6044844000@64.189.165.205;user=
phone>..Call-ID 3464081553@64.189.165.206..CSeq 3 REGISTER..Allow INVITE,
OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY,
INFO..Content-Length 0....
#
U 64.189.165.2055060 -> 64.189.165.2065060 SIP/2.0 405 Method Not
Allowed..Via SIP/2.0/UDP 64.189.165.2065060..From
<sip:6044844000@64.189.165.205;user=phone>;tag=4073070426..To
<sip:6044844000@64.189.165.205;user=phone>..Call-ID
3464081553@64.189.165.206..CSeq 3 REGISTER..Allow INVITE, OPTIONS, BYE,
CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO..Content-Length
0....
# ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=yes # (cmd line: -E)
#/* Uncomment these lines to enter debugging mode
#fork=no
#log_stderror=yes
#*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
#
# $Id: pstn.cfg,v 1.2 2003/06/03 03:18:12 jiri Exp $
#
#
# ------------------ module loading ----------------------------------
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/acc.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/uri.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
loadmodule "/usr/lib/ser/modules/textops.so"
loadmodule "/usr/lib/ser/modules/group.so"
modparam("auth_db",
"db_url","sql://ser:secret@localhost/ser")
modparam("usrloc", "db_url",
"sql://ser:secret@localhost/ser")
# ----------------- setting module-specific parameters ---------------
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("usrloc", "db_mode", 2)
# -- acc params --
# modparam("acc", "log_level", 1)
# that is the flag for which we will account -- don't forget to
# set the same one :-)
# modparam("acc", "log_flag", 1 )
# ------------------------- request routing logic -------------------
# main routing logic
route{
/* ********* ROUTINE CHECKS ********************************** */
# filter too old messages
if (!mf_process_maxfwd_header("10")) {
log("LOG: Too many hops\n");
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len >= max_len ) {
sl_send_reply("513", "Message too big");
break;
};
/* ********* RR ********************************** */
/* grant Route routing if route headers present */
if (loose_route()) { t_relay(); break; };
/* record-route INVITEs -- all subsequent requests must visit us */
if (method=="INVITE") {
record_route();
};
# now check if it really is a PSTN destination which should be handled
# by our gateway; if not, and the request is an invitation, drop it
--
# we cannot terminate it in PSTN; relay non-INVITE requests -- it may
# be for example BYEs sent by gateway to call originator
if (!uri=~"sip:\+?[0-9]+@.*") {
if (method=="INVITE") {
sl_send_reply("403", "Call cannot be served
here");
} else {
# forward(uri:host, uri:port);
forward(65.189.155.101, 5060);
};
break;
};
# account completed transactions via syslog
setflag(1);
# free call destinations ... no authentication needed
if ( is_user_in("Request-URI", "free-pstn") /* free
destinations */
# | uri=~"sip:[79][0-9][0-9][0-9]@.*" /* local PBX */
| uri=~"sip:[9][0-9][0-9][0-9]@.*" /* local PBX */
| uri=~"sip:98[0-9][0-9][0-9][0-9]") {
log("free call");
} else if (src_ip==65.189.155.101) {
# our gateway doesn't support digest authentication;
# verify that a request is coming from it by source
# address
log("gateway-originated request");
} else {
# in all other cases, we need to check the request against
# access control lists; first of all, verify request
# originator's identity
if (!proxy_authorize( "gateway" /* realm */,
"subscriber" /* table name */)) {
proxy_challenge( "gateway" /* realm */, "0" /*
no
qop */ );
break;
};
# authorize only for INVITEs -- RR/Contact may result in
weird
# things showing up in d-uri that would break our logic; our
# major concern is INVITE which causes PSTN costs
if (method=="INVITE") {
# does the authenticated user have a permission for
local
# calls (destinations beginning with a single zero)?
# (i.e., is he in the "local" group?)
if (uri=~"sip:0[1-9][0-9]+@.*") {
if (!is_user_in("credentials",
"local")) {
sl_send_reply("403", "No permission
for local calls");
break;
};
# the same for long-distance (destinations begin
with two zeros")
} else if (uri=~"sip:00[1-9][0-9]+@.*") {
if (!is_user_in("credentials", "ld"))
{
sl_send_reply("403", " no
permission for LD ");
break;
};
# the same for international calls (three zeros)
} else if (uri=~"sip:000[1-9][0-9]+@.*") {
if (!is_user_in("credentials", "int"))
{
sl_send_reply("403", "International
permissions needed");
break;
};
# everything else (e.g., interplanetary calls) is denied
} else {
sl_send_reply("403", "Forbidden");
break;
};
}; # INVITE to authorized PSTN
}; # authorized PSTN
# if you have passed through all the checks, let your call go to GW!
rewritehostport("65.189.155.101:5060");
# forward the request now
if (!t_relay()) {
sl_reply_error();
break;
};
if (uri=~"^sip:[0-9]*@.*") {
log("Forwarding to PSTN\n");
t_relay_to_udp ("65.189.155.101","5060");
t_relay_to_tcp ("65.189.155.101","5060");
break;
};
}
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
10:26 p.m.
Hi Jan,
Thank you for your help, I'm relieved but not surprised that it's me and
not the cisco gateway. I have looked over all the example files in the
ser-0.8.12/examples. I see only some which have the below listed script
logic so I'm a little confused about where I actually should append this in
the ser.cfg. I have tried at the top of the routing and near the
bottom. I have been able to dialout with X-ten lite phone using no
registration however I can't even get dialtone when using the ata186 and
having it register.
Rick
At 07:34 PM 12/8/2003 +0100, Jan Janak wrote:
The problem is that you do not process REGISTER
messages, instead your
proxy server forwards them to the PSTN gateway which replies with
"Method not allowed".
You should do something like:
if (uri==myself) {
if (method=="REGISTER") {
save("location");
break;
};
};
See the default configuration file for more details.
Jan.
On 07-12 16:19, Rick Gocher wrote:
Hi everyone, thank you for your responses. Here
is the latest copy of my
ngrep. I seem to have the ATA box trying to register with both ports
(uid0
Rick and uid1 6044844000) however when ser tries
to forward to my
gateway, I get the Method not allowed. I also noticed that no numbers I
try to dial ever get passed to the gateway, is that because it's failing
initial auth? I have registered the user Rick using serctl and placed the
uid into the free-pstn and local groups...
I'm including my ser.cfg as I may have changed things since last time....
thanks again,
Rick
##
U 64.189.165.2065060 -> 64.189.165.2055060REGISTER sip:64.189.165.205
SIP/2.0..Via SIP/2.0/UDP 64.189.165.2065060..From
sip:Rick@64.189.165.205;tag=3484959312..To
sip:Rick@64.189.165.205..Call-ID
3859574384@64.189.165.206..CSeq 3
REGISTER..Contact <sip:Rick@
64.189.165.2065060;transport=udp>;expires=3600..User-Agent Cisco ATA
186 v2.16.2 ata18x (030909a)..Content-Length
0....
#
U 64.189.165.2055060 -> 65.189.155.1015060 REGISTER sip:64.189.165.205
SIP/2.0..Max-Forwards 10..Via SIP/2.0/UDP 64.189.165.205;branch=0..Via
SIP/2.0/UDP 64.189.165.2065060..From
sip:Rick@64.189.165.205;tag=3484959312..To
sip:Rick@64.189.165.205..Call-ID
3859574384@64.189.165.206..CSeq
3REGISTER..Contact<sip:Rick@64.189.165.2065060;
transport=udp>;expires=3600..User-Agent Cisco ATA 186 v2.16.2 ata18x
(030909a)..Content-Length
0....
#
U 65.189.155.1015060 -> 64.189.165.2055060SIP/2.0 405 Method Not
Allowed..Via SIP/2.0/UDP 64.189.165.205;branch=0,SIP/2.0/UDP
64.189.165.2065060..From sip:Rick@64.189.165.205;tag=3484959312..To
sip:Rick@64.189.165.205..Call-ID 3859574384@64.189.165.206..CSeq 3
REGISTER..Allow INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER,
SUBSCRIBE, NOTIFY, INFO..Content-Length
0....
#
U 64.189.165.2055060 -> 64.189.165.2065060 SIP/2.0 405 Method Not
Allowed..Via SIP/2.0/UDP 64.189.165.2065060..From
sip:Rick@64.189.165.205;tag=3484959312..To sip:Rick@
64.189.165.205..Call-ID 3859574384@64.189.165.206..CSeq 3 REGISTER..Allow
INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY,
INFO..Content-Length0....
#
U 64.189.165.2065060 -> 64.189.165.2055060REGISTER sip:64.189.165.205
SIP/2.0..Via SIP/2.0/UDP 64.189.165.2065060..From
<sip:6044844000@64.189.165.205;user=phone>;tag=4073070426..To
<sip:6044844000@64.189.165.205;user=phone>..Call-ID
3464081553@64.189.165.206..CSeq 3 REGISTER..Contact
<sip:6044844000@64.189.165.2065060;user=phone;
transport=udp>;expires=3600..User-Agent Cisco ATA 186 v2.16.2 ata18x
(030909a)..Content-Length
0....
#
U 64.189.165.2055060 -> 65.189.155.1015060REGISTER sip64.189.165.205
SIP/2.0..Max-Forwards 10..Via SIP/2.0/UDP 64.189.165.205;branch=0..Via
SIP/2.0/UDP 64.189.165.206
5060..From<sip:6044844000@64.189.165.205;user=phone>; tag=4073070426..To
<sip:6044844000@64.189.165.205;user=phone>..Call-ID
3464081553@64.189.165.206..CSeq 3 REGISTER..Contact
<sip:6044844000@64.189.165.2065060;user=phone;transport=udp>;expires=3600..User-Agent
Cisco ATA 186 v2.16.2 ata18x
(030909a)..Content-Length
0....
#
U 65.189.155.1015060 -> 64.189.165.2055060 SIP/2.0 405 Method Not
Allowed..Via SIP/2.0/UDP 64.189.165.205;branch=0,SIP/2.0/UDP
64.189.165.2065060..From
<sip:6044844000@64.189.165.205;user=phone>;tag=4073070426..To<sip:6044844000@64.189.165.205;user=
phone>..Call-ID
3464081553@64.189.165.206..CSeq 3 REGISTER..Allow INVITE,
OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY,
INFO..Content-Length 0....
#
U 64.189.165.2055060 -> 64.189.165.2065060 SIP/2.0 405 Method Not
Allowed..Via SIP/2.0/UDP 64.189.165.2065060..From
<sip:6044844000@64.189.165.205;user=phone>;tag=4073070426..To
<sip:6044844000@64.189.165.205;user=phone>..Call-ID
3464081553@64.189.165.206..CSeq 3 REGISTER..Allow INVITE, OPTIONS, BYE,
CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO..Content-Length
0....
# ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=yes # (cmd line: -E)
#/* Uncomment these lines to enter debugging mode
#fork=no
#log_stderror=yes
#*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
#
# $Id: pstn.cfg,v 1.2 2003/06/03 03:18:12 jiri Exp $
#
#
# ------------------ module loading ----------------------------------
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/acc.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/uri.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
loadmodule "/usr/lib/ser/modules/textops.so"
loadmodule "/usr/lib/ser/modules/group.so"
modparam("auth_db",
"db_url","sql://ser:secret@localhost/ser")
modparam("usrloc", "db_url",
"sql://ser:secret@localhost/ser")
# ----------------- setting module-specific parameters ---------------
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("usrloc", "db_mode", 2)
# -- acc params --
# modparam("acc", "log_level", 1)
# that is the flag for which we will account -- don't forget to
# set the same one :-)
# modparam("acc", "log_flag", 1 )
# ------------------------- request routing logic -------------------
# main routing logic
route{
/* ********* ROUTINE CHECKS ********************************** */
# filter too old messages
if (!mf_process_maxfwd_header("10")) {
log("LOG: Too many hops\n");
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len >= max_len ) {
sl_send_reply("513", "Message too big");
break;
};
/* ********* RR ********************************** */
/* grant Route routing if route headers present */
if (loose_route()) { t_relay(); break; };
/* record-route INVITEs -- all subsequent requests must visit us */
if (method=="INVITE") {
record_route();
};
# now check if it really is a PSTN destination which should be handled
# by our gateway; if not, and the request is an invitation, drop it
--
# we cannot terminate it in PSTN; relay non-INVITE requests --
it may
> # be for example BYEs sent by gateway to call originator
> if (!uri=~"sip:\+?[0-9]+@.*") {
> if (method=="INVITE") {
> sl_send_reply("403", "Call cannot be served
here");
> } else {
> # forward(uri:host, uri:port);
> forward(65.189.155.101, 5060);
> };
> break;
> };
>
> # account completed transactions via syslog
> setflag(1);
>
> # free call destinations ... no authentication needed
> if ( is_user_in("Request-URI", "free-pstn") /* free
destinations */
> # | uri=~"sip:[79][0-9][0-9][0-9]@.*" /* local PBX
*/
> | uri=~"sip:[9][0-9][0-9][0-9]@.*" /* local PBX */
> | uri=~"sip:98[0-9][0-9][0-9][0-9]") {
> log("free call");
>
> } else if (src_ip==65.189.155.101) {
> # our gateway doesn't support digest authentication;
> # verify that a request is coming from it by source
> # address
> log("gateway-originated request");
> } else {
> # in all other cases, we need to check the request against
> # access control lists; first of all, verify request
> # originator's identity
>
> if (!proxy_authorize( "gateway" /* realm */,
> "subscriber" /* table name */)) {
> proxy_challenge( "gateway" /* realm */,
"0" /* no
> qop */ );
> break;
> };
>
> # authorize only for INVITEs -- RR/Contact may result in
> weird
> # things showing up in d-uri that would break our logic; our
> # major concern is INVITE which causes PSTN costs
>
> if (method=="INVITE") {
>
> # does the authenticated user have a permission for
> local
> # calls (destinations beginning with a single zero)?
> # (i.e., is he in the "local" group?)
> if (uri=~"sip:0[1-9][0-9]+@.*") {
> if (!is_user_in("credentials",
"local")) {
> sl_send_reply("403", "No
permission
> for local calls");
> break;
> };
> # the same for long-distance (destinations begin
> with two zeros")
> } else if (uri=~"sip:00[1-9][0-9]+@.*") {
> if (!is_user_in("credentials",
"ld")) {
> sl_send_reply("403", " no
> permission for LD ");
> break;
> };
> # the same for international calls (three zeros)
> } else if (uri=~"sip:000[1-9][0-9]+@.*") {
> if (!is_user_in("credentials",
"int")) {
> sl_send_reply("403",
"International
> permissions needed");
> break;
> };
> # everything else (e.g., interplanetary calls) is denied
> } else {
> sl_send_reply("403",
"Forbidden");
> break;
> };
>
> }; # INVITE to authorized PSTN
>
> }; # authorized PSTN
>
> # if you have passed through all the checks, let your call go to GW!
>
> rewritehostport("65.189.155.101:5060");
>
> # forward the request now
> if (!t_relay()) {
> sl_reply_error();
> break;
> };
> if (uri=~"^sip:[0-9]*@.*") {
> log("Forwarding to PSTN\n");
> t_relay_to_udp ("65.189.155.101","5060");
> t_relay_to_tcp ("65.189.155.101","5060");
> break;
> };
> }
>
> _______________________________________________
> Serusers mailing list
> serusers(a)lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
7655
days inactive
7659
days old
6 comments
4 participants
participants (4)
-
Jan Janak -
Jiri Kuthan -
Olle E. Johansson -
Rick Gocher