13 Jun
2008
13 Jun
'08
6:47 p.m.
the script didn't fit, here it is:
#
# $Id: openser.cfg 1676 2007-02-21 13:16:34Z bogdan_iancu $
#
# simple quick-start config script
# Please refer to the Core CookBook at
http://www.openser.org/dokuwiki/doku.php
# for a explanation of possible statements, functions and parameters.
#
# ----------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)
children=10
port=5060
listen=MY.OPENSER.IP.COM
disable_dns_blacklist=true
# ------------------ module loading ----------------------------------
#set module path
mpath="//lib/openser/modules/"
# Uncomment this if you want to use SQL database
#loadmodule "mysql.so"
loadmodule "mysql.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "uri.so"
loadmodule "uri_db.so"
loadmodule "domain.so"
loadmodule "permissions.so"
#loadmodule "group.so"
loadmodule "mi_fifo.so"
loadmodule "lcr.so"
loadmodule "avpops.so"
loadmodule "xlog.so"
loadmodule "mediaproxy.so"
loadmodule "acc.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "auth.so"
loadmodule "auth_db.so"
# ----------------- setting module-specific parameters ---------------
modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
modparam("registrar", "received_avp", "$avp(i:42)")
modparam("usrloc", "db_mode", 2)
modparam("usrloc", "nat_bflag", 4)
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("rr", "enable_full_lr", 1)
#modparam("auth_db|permissions|uri_db|usrloc","db_url","mysql://openser:openserrw@localhost
/openser")
modparam("auth_db|permissions|usrloc|uri_db|domain|lcr|avpops|avp_url","db_url","mysql://openser:password@localhost
/openser")
modparam("permissions", "db_mode", 1)
modparam("permissions", "trusted_table", "trusted")
modparam("avpops", "avp_table", "usr_preferences")
modparam("mediaproxy","natping_interval",20)
modparam("mediaproxy","mediaproxy_socket",
"/var/run/mediaproxy/mediaproxy.sock")
modparam("mediaproxy","sip_asymmetrics","/etc/openser/sip-clients")
modparam("mediaproxy","rtp_asymmetrics","/ect/openser/rtp-clients")
modparam("lcr", "contact_avp", "$avp(i:711)")
modparam("lcr|tm", "fr_inv_timer_avp", "$avp(i:704)")
modparam("lcr", "gw_uri_avp", "$avp(i:709)")
modparam("^auth$|lcr", "rpid_avp", "$avp(i:302)")
modparam("lcr", "ruri_user_avp", "$avp(i:500)")
modparam("lcr", "dm_flag", 25)
modparam("acc", "radius_config",
"/etc/radiusclient-ng/radiusclient.conf")
modparam("acc", "radius_flag", 2)
modparam("acc", "radius_missed_flag", 3)
modparam("acc", "radius_extra",
"User-Name=$Au;Calling-Station-Id=$from;Called-Station-Id=$to;Sip-Translated-Request-URI=$ruri;Sip-RPid=$avp(s:rpid);Source-IP=$si;Source-Port=$sp;Canonical-URI=$avp(s:can_uri);Billing-Party=$avp(s:billing_party);Divert-Reason=$avp(s:divert_reason);X-RTP-Stat=$hdr(X-RTP-Stat);Contact=$hdr(contact);Event=$hdr(event);SIP-Proxy-IP=$avp(s:sip_proxy_ip);ENUM-TLD=$avp(s:enum_tld)")
# ------------------------- request routing logic -------------------
# main routing logic
route{
#
# -- 1 -- Request Validation
#
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
#
# -- 2 -- Routing Preprocessing
#
## Record-route all except Register
## Mark packets with nat=yes
## This mark will be used to identify the request in the loose
## route section
if(!is_method("REGISTER")){
record_route(";nat=yes");
};
##Loose_route packets
if (has_totag()) {
#sequential request withing a dialog should
# take the path determined by record-routing
if (loose_route()) {
if(method=="BYE") {
#Account BYE transactions
setflag(2);
};
#Check authentication of re-invites
if(method=="INVITE" && (!allow_trusted())) {
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","1");
exit;
} else if (!check_from()) {
sl_send_reply("403", "Forbidden, use From=ID");
exit;
};
};
if(method=="BYE" || method=="CANCEL") {
end_media_session();
};
##Detect requests in the dialog behind NAT and flag with 6
route(1);
} else {
sl_send_reply("404","Not here");
}
exit;
}
#CANCEL processing
if (is_method("CANCEL")) {
if (t_check_trans()) {
end_media_session();
t_relay();
};
exit;
}
t_check_trans();
#
# -- 3 -- Determine Request Target
#
if (method=="REGISTER") {
route(2);
} else {
route(3);
};
}
route[1] {
#
# -- 4 -- Forward request to target
#
# Forward statefully
t_on_reply("1");
t_on_failure("1");
if (!t_relay()) {
sl_reply_error();
};
exit;
}
route[2] {
## Register request handler
if (is_uri_host_local()) {
if (!www_authorize("", "subscriber")) {
www_challenge("", "1");
exit;
};
if (!check_to()) {
sl_send_reply("403", "Forbidden");
exit;
};
setbflag(6);
force_rport();
save("location");
exit;
} else if {
sl_send_reply("403", "Forbidden");
};
}
route[3] {
## Requests handler
if (method=="INVITE") {
# Account INVITE packets
setflag(2);
# Account Missed calls
setflag(3);
# Radius Extra
$avp(s:sip_proxy_ip)="MY.OPENSER.IP.COM";
};
if (is_from_local()){
# From an internal domain -> check the credentials and the FROM
if(!allow_trusted()){
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","0");
exit;
} else if(!check_from()) {
sl_send_reply("403", "Forbidden, use From=ID");
exit;
};
};
#unconditional call forward
if(avp_db_load("$ru/username","$avp(s:callfwd)")) {
avp_pushto("$ru", "$avp(s:callfwd)");
route(1);
exit;
}
consume_credentials();
#verify aliases, if found replace R-URI.
lookup("aliases");
if (is_uri_host_local()) {
# -- Inbound to Inbound
xlog("L_INFO","OPENSER: INBOUND -> INBOUND ($tU)");
route(10);
} else {
# -- Inbound to outbound
xlog("L_INFO","OPENSER: INBOUND -> OUTBOUND ($tU)");
route(11);
};
} else {
#From an external domain ->do not check credentials
#Verify aliases, if found replace R-URI.
lookup("aliases");
if (is_uri_host_local()) {
xlog("L_INFO","OPENSER: OUTBOUND -> INBOUND
($tU)");
#-- Outbound to inbound
route(12);
} else {
xlog("L_INFO","OPENSER: OUTBOUND -> OUTBOUND
($tU)");
# -- Outbound to outbound
route(13);
};
};
}
route[4] {
# routing to the public network
if (!load_gws()) {
sl_send_reply("503", "Unable to load gateways");
exit;
}
if(!next_gw()){
sl_send_reply("503", "Unable to find a gateway");
exit;
}
t_on_failure("2");
if (!t_relay()) {
sl_reply_error();
};
exit;
}
route[6] {
#
# -- NAT handling --
#
append_hf("P-hint: Route[6]: mediaproxy \r\n");
use_media_proxy();
}
route[10] {
#from an internal domain -> inbound
#Native SIP destinations are handled using the location table
#Gateway destinations are handled by regular expressions
append_hf("P-hint: inbound->inbound \r\n");
xlog("L_INFO","LOOKING FOR: $tU");
if (uri=~"^sip:55613") { # ECHO TEST
xlog("L_INFO","IN ROUTE 613");
route(6);
rewritehostport("fwdnat2.pulver.com:5060");
if (!t_relay()) {
sl_reply_error();
};
exit;
};
if (uri=~"^sip:301") { # ECHO TEST
route(6);
rewritehostport("blueface.ie");
if (!t_relay()) {
sl_reply_error();
};
exit;
};
#
# if (uri=~"^sip:1[2-9][0-9]{9}@") {
# if (is_user_in("credentials","ld")) {
# strip(1);
# prefix("+1");
# route(6);
# route(4);
# exit;
# } else {
# sl_send_reply("403", "No permissions for long
distance");
# exit;
# };
# };
#
# if (uri=~"^sip:011[0-9]*@") {
# if (is_user_in("credentials","int")) {
# strip(3);
# prefix("+");
# route(6);
# route(4);
# exit;
# } else {
# sl_send_reply("403", "No permissions for international
calls");
# };
# };
if (!lookup("location")) {
if (does_uri_exist()) {
## User not registered at this time.
## Use the IP Address of your e-mail server
revert_uri();
prefix("u");
rewritehostport("192.168.1.171"); #Use the IP address of your
voicemail server
route(6);
route(1);
} else {
sl_send_reply("404", "Not Found");
exit;
}
sl_send_reply("404", "Not Found");
exit;
};
route(6);
route(1);
}
route[11] {
# from an internal domain -> outbound
# Simply route the call outbound using DNS search
append_hf("P-hint: inbound->outbound \r\n");
route(1);
}
route[12] {
# From an external domain -> inbound
# Verify aliases, if found replace R-URI.
lookup("aliases");
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
exit;
};
route(1);
}
route[13] {
#From an external domain outbound
#we are not accepting these calls
append_hf("P-hint: outbound->inbound \r\n");
sl_send_reply("403", "Forbidden");
exit;
}
failure_route[1] {
##--
##-- If cancelled, exit.
##--
if (t_was_cancelled()) {
exit;
};
##--
##-- If busy send to the e-mail server, prefix the "b"
##-- character to indicate busy.
##--
if (t_check_status("486")) {
revert_uri();
prefix("b");
rewritehostport("192.168.1.171");
append_branch();
route(1);
exit;
};
##--
##-- If timeout (408) or unavailable temporarily (480),
##-- prefix the uri with the "u"character to indicate
##-- unanswered and send to the e-mail
##-- sever
##--
if (t_check_status("408") || t_check_status("480")) {
revert_uri();
prefix("u");
rewritehostport("192.168.1.171");
append_branch();
route(1);
exit;
};
}
failure_route[2] {
if(!next_gw()) {
t_reply("503", "Service not available, no more gateways");
exit;
};
t_on_failure("2");
t_relay();
}
onreply_route[1] {
#
#-- On-replay block routing --
#
append_hf("P-hint: onreply_route|usemediaproxy \r\n");
use_media_proxy();
exit;
}
13 Jun
13 Jun
7:36 p.m.
New subject: [OpenSER-Users] Radius accounting and Dialog
El Viernes, 13 de Junio de 2008 16:47, David Villasmil escribió:
the script didn't fit, here it is:
Sorry David, I'll not check you config, that's your work, not mine ;-), but a
fast reading show that you are not calling use_media_proxy on the right
places.
Also your flow throught the script seems a little chaotic to me, but eachone
have it own way of doing things.
What I have seen on your ngrep capture is that your RTP traffic NEVER hitted
your mediaproxy, thats why you receive a timeout, from that point on you must
first clarify:
1- Paint your test scenario, with IP's (no matter if they are not the real
ones, but with IP's no names please), where you have NAT, etc.
2- Reread you ngrep trace, you will see very strange packets.
3- Came again with specific questions, not with your config file and a "here
you have ... solve it"
--
Saludos.
Raúl Alexis Betancor Santana
Dimensión Virtual S.L.
7:47 p.m.
New subject: [OpenSER-Users] Radius accounting and Dialog
That was not my intention at all and I'm sorry you got it that way. I did
take a look at my script and I thought I should do was eliminate all tests
for nats and simply call use_media_proxy when an INVITE comes in, and an
on_reply was hit. Also of course end_media_session() n a BYE or a CANCEL...
But it is still not working, well it instruct my UAC to send rtps directly
to the echo test ip... and this wasn't working.
And because I did not see anything work (I don't have much experience with
media-proxy) I thought I'd ask here... my bad. ;-)
Of course I will keeo looking at this, I don't want anyone to do my job...
;-)
Thanks a lot
David
On Fri, Jun 13, 2008 at 6:36 PM, Raúl Alexis Betancor Santana <
rabs(a)dimension-virtual.com> wrote:
El Viernes, 13 de Junio de 2008 16:47, David Villasmil
escribió:
the script didn't fit, here it is:
Sorry David, I'll not check you config, that's your work, not mine ;-), but
a
fast reading show that you are not calling use_media_proxy on the right
places.
Also your flow throught the script seems a little chaotic to me, but
eachone
have it own way of doing things.
What I have seen on your ngrep capture is that your RTP traffic NEVER
hitted
your mediaproxy, thats why you receive a timeout, from that point on you
must
first clarify:
1- Paint your test scenario, with IP's (no matter if they are not the real
ones, but with IP's no names please), where you have NAT, etc.
2- Reread you ngrep trace, you will see very strange packets.
3- Came again with specific questions, not with your config file and a
"here
you have ... solve it"
--
Saludos.
Raúl Alexis Betancor Santana
Dimensión Virtual S.L.
_______________________________________________
Users mailing list
Users(a)lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users
8:11 p.m.
New subject: [OpenSER-Users] Radius accounting and Dialog
El Viernes, 13 de Junio de 2008 17:47, David Villasmil escribió:
That was not my intention at all and I'm sorry you
got it that way. I did
take a look at my script and I thought I should do was eliminate all tests
for nats and simply call use_media_proxy when an INVITE comes in, and an
on_reply was hit. Also of course end_media_session() n a BYE or a CANCEL...
But it is still not working, well it instruct my UAC to send rtps directly
to the echo test ip... and this wasn't working.
And because I did not see anything work (I don't have much experience with
media-proxy) I thought I'd ask here... my bad. ;-)
Of course I will keeo looking at this, I don't want anyone to do my job...
;-)
Ok, so from that point on ... what it's your test scenario, paint it and we
could guide you to the right point.
We do not have a crystal ball ;-)
--
Saludos.
Raúl Alexis Betancor Santana
Dimensión Virtual S.L.
14 Jun
14 Jun
10:06 p.m.
New subject: [OpenSER-Users] Radius accounting and Dialog
2008/6/13 David Villasmil <david.villasmil.work(a)gmail.com>om>:
the script didn't fit, here it is:
Have all your users public IP? you don't fix NAT "Contacts" neither
add "rport" in any request/response.
--
Iñaki Baz Castillo
<ibc(a)aliax.net>
16 Jun
16 Jun
2:01 p.m.
New subject: [OpenSER-Users] Radius accounting and Dialog
2008/6/13 David Villasmil <david.villasmil.work(a)gmail.com>om>:
Is there a problem if I do it anyway? I supose it will have some impact on
performance, but very little right? I don't know if all my clients have
public IPs without NAT. The fact is I pretend to do wholesale on this
server, that's why I need mediaproxy to do the rtps all the time.
the script didn't fit, here it is:
Have all your users public IP? you don't fix NAT "Contacts" neither
add "rport" in any request/response.
2:36 p.m.
New subject: [OpenSER-Users] Radius accounting and Dialog
El Monday 16 June 2008 13:01:36 David Villasmil escribió:
If you manage clients behind NAT with no STUN you need to fix NAT in SIP
signalling. For that you need managing rport, rewritting "Contact" header and
so.
Of course, if you are not the responsible of the clients you don't need it. :)
--
Iñaki Baz Castillo
ibc(a)in.ilimit.es
2008/6/13
David Villasmil <david.villasmil.work(a)gmail.com>om>:
Is there a problem if I do it anyway? I supose it will have some impact on
performance, but very little right? I don't know if all my clients have
public IPs without NAT. The fact is I pretend to do wholesale on this
server, that's why I need mediaproxy to do the rtps all the time. the script didn't fit, here it is:
Have all your users public IP? you don't fix NAT "Contacts" neither
add "rport" in any request/response.
6005
days inactive
6008
days old
6 comments
4 participants
participants (4)
-
David Villasmil -
Iñaki Baz Castillo -
Iñaki Baz Castillo -
Raúl Alexis Betancor Santana