Re: [SR-Users] Kamailio CentOS 7 repos broken

[Sergey Safarov]

Please try

yum clean all
yum -y install yum-utils
yum-config-manager --add-repo http://rpm.kamailio.org/centos/kamailio.repo
yum install --disablerepo=kamailio --enablerepo=kamailio-5.2.7 kamailio


On Tue, Jul 28, 2020 at 2:02 AM Patrick Wakano  wrote:

> Hi list,
> Hope you are all good!
>
> I've been trying to install kamailio 5.2.7 from the centos 7 repo, but it
> is failing in both repos.
> With the http://rpm.kamailio.org/centos/ repo it fails with:
> Error: Package:
> kamailio-sipcapture-daemon-config-5.2.7-0.el7.centos.x86_64 (kamailio-5.2)
>Requires: kamailio-sipcapture = 5.2.7
>
> With the
> http://download.opensuse.org/repositories/home:/kamailio:/v5.2.x-rpms/CentOS_7/
> repo it fails with:
> kamailio-5.2.7-7.el7.centos.x8 FAILED
>  ===] 579 kB/s |  12 MB  00:00:04 ETA
>
> https://download.opensuse.org/repositories/home%3A/kamailio%3A/v5.2.x-rpms/CentOS_7/x86_64/kamailio-5.2.7-7.el7.centos.x86_64.rpm:
> [Errno -1] Package does not match intended download. Suggestion: run yum
> --enablerepo=home_kamailio_v5.2.x-rpms clean metadata
> Trying other mirror.
> Error downloading packages:
>   kamailio-5.2.7-7.el7.centos.x86_64: [Errno 256] No more mirrors to try.
>
> Would someone be able to have a look at that?
>
> Thank you!
> Patrick Wakano
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] Kamailio CentOS 7 repos broken

[Patrick Wakano]

Hi list,
Hope you are all good!

I've been trying to install kamailio 5.2.7 from the centos 7 repo, but it
is failing in both repos.
With the http://rpm.kamailio.org/centos/ repo it fails with:
Error: Package: kamailio-sipcapture-daemon-config-5.2.7-0.el7.centos.x86_64
(kamailio-5.2)
   Requires: kamailio-sipcapture = 5.2.7

With the
http://download.opensuse.org/repositories/home:/kamailio:/v5.2.x-rpms/CentOS_7/
repo it fails with:
kamailio-5.2.7-7.el7.centos.x8 FAILED
   ===] 579 kB/s |  12 MB  00:00:04 ETA
https://download.opensuse.org/repositories/home%3A/kamailio%3A/v5.2.x-rpms/CentOS_7/x86_64/kamailio-5.2.7-7.el7.centos.x86_64.rpm:
[Errno -1] Package does not match intended download. Suggestion: run yum
--enablerepo=home_kamailio_v5.2.x-rpms clean metadata
Trying other mirror.
Error downloading packages:
  kamailio-5.2.7-7.el7.centos.x86_64: [Errno 256] No more mirrors to try.

Would someone be able to have a look at that?

Thank you!
Patrick Wakano
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] Registrar - registered match_received

[Ilie Soltanici]

Hello,

Yes, i have it there but the variable name was mismatching with the module
variable name:

$xavp(regcfg=>match_received) = $su;

modparam("registrar", "xavp_cfg", "reg")

It's all good now.
Thanks for your help.
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Registrar - registered match_received

[Sergiu Pojoga]

Did you specify to match on received?

For example:

$xavp(regcfg=>match_received) = $su;

if (registered("location", "$fu", 2, 1))
   xlog("L_INFO", "S=$su is a valid Contact in Location \n");

On Mon, Jul 27, 2020 at 11:28 AM Ilie Soltanici 
wrote:

> Hello,
>
> Trying to check if an extension it's already registered with the same
> received path.
>
> if (registered("location","$fu",2)) {
>   sl_send_reply("200","OK");
>   exit;
> };
>
>
> But, it's not working for me, getting true even if the received path it's
> different:
>
> This is what I'm getting from Kamailio:
>
> [root@dev ilie.soltanici]# /usr/local/sbin/kamcmd ul.dump
> {
> Domains: {
> Domain: {
> Domain: location
> Size: 1024
> AoRs: {
> Info: {
> AoR: 101
> HashID: -1698832128
> Contacts: {
> Contact: {
> Address:
> sip:101@192.168.1.10:12767;ob
> Expires: 2452
> Q: 1.00
> Call-ID:
> 3fa6c9f7db404e8e93a9664c3634ddf7
> CSeq: 31114
> User-Agent:
> MicroSIP/3.19.31
> Received: sip:
> 192.168.1.10:12767
> Path: [not set]
> State: CS_SYNC
> Flags: 0
> CFlags: 12288
> Socket: udp:
> 192.168.1.1:5060
> Methods: 8159
> Ruid:
> uloc-b-5f1eea5d-57b0-1
> Instance: [not set]
> Reg-Id: 0
> Server-Id: 11
> Tcpconn-Id: -1
> Keepalive: 1
> Last-Keepalive:
> 1595862742
> Last-Modified:
> 1595861637
> }
> }
>
> This is the SIP Trace:
>
> 2020/07/27 16:17:12.214151 192.168.1.10:12610 -> 192.168.1.1:5060
> OPTIONS sip:dev.local SIP/2.0
> Via: SIP/2.0/UDP 192.168.1.10:5060;branch=z9hG4bK-91-1-0
> From: "Test Account" ;tag=91SIPpTag001
> To: sip:dev.local
> Call-ID: 1-91@192.168.1.10
> User-Agent: SIPP
> CSeq: 1 OPTIONS
> Content-Length: 0
>
> As you can see the source port it's different 12767/12610, but the
> registered function is still getting true.
>
> Thank you.
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] Registrar - registered match_received

[Ilie Soltanici]

Hello,

Trying to check if an extension it's already registered with the same
received path.

if (registered("location","$fu",2)) {
  sl_send_reply("200","OK");
  exit;
};


But, it's not working for me, getting true even if the received path it's
different:

This is what I'm getting from Kamailio:

[root@dev ilie.soltanici]# /usr/local/sbin/kamcmd ul.dump
{
Domains: {
Domain: {
Domain: location
Size: 1024
AoRs: {
Info: {
AoR: 101
HashID: -1698832128
Contacts: {
Contact: {
Address:
sip:101@192.168.1.10:12767;ob
Expires: 2452
Q: 1.00
Call-ID:
3fa6c9f7db404e8e93a9664c3634ddf7
CSeq: 31114
User-Agent:
MicroSIP/3.19.31
Received: sip:
192.168.1.10:12767
Path: [not set]
State: CS_SYNC
Flags: 0
CFlags: 12288
Socket: udp:
192.168.1.1:5060
Methods: 8159
Ruid:
uloc-b-5f1eea5d-57b0-1
Instance: [not set]
Reg-Id: 0
Server-Id: 11
Tcpconn-Id: -1
Keepalive: 1
Last-Keepalive:
1595862742
Last-Modified:
1595861637
}
}

This is the SIP Trace:

2020/07/27 16:17:12.214151 192.168.1.10:12610 -> 192.168.1.1:5060
OPTIONS sip:dev.local SIP/2.0
Via: SIP/2.0/UDP 192.168.1.10:5060;branch=z9hG4bK-91-1-0
From: "Test Account" ;tag=91SIPpTag001
To: sip:dev.local
Call-ID: 1-91@192.168.1.10
User-Agent: SIPP
CSeq: 1 OPTIONS
Content-Length: 0

As you can see the source port it's different 12767/12610, but the
registered function is still getting true.

Thank you.
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Install 5.3 on Ubuntu 20.04 With MySQL 8

[Mark Boyce]

Hi

Just pure force of habit to be honest.  Never had it deployed in a situation 
where it became a performance bottleneck. Or had any other reason to switch.


Mark



> On 27 Jul 2020, at 12:53, Daniel-Constantin Mierla  wrote:
> 
> Hello,
> 
> out of curiosity, one more question: do you stick with MySQL for some 
> specific reasons (e.g., support, performance, replication, ...)?
> 
> In most of my deployments I migrated to MariaDB, because it is the default 
> one shipped by Debian Stable and I haven't faced any major issue so far...
> 
> Cheers,
> Daniel
> 
> On 27.07.20 10:51, Mark Boyce wrote:
>> Hi
>> 
>> Yes not surprised.  Ubuntu has been lagging behind on MySQL v5 for ages, 
>> which is one of the reasons I use MySQLs own repo.  I have been using Ubuntu 
>> 18.04 with kamailio 5.3 from repo, MySQL 8 from MySQL repo, and TLS without 
>> issue.
>> 
>> Cheers
>> Mark
>> 
>>> On 27 Jul 2020, at 09:46, Daniel-Constantin Mierla >> > wrote:
>>> 
>>> Hello,
>>> 
>>> ok, thanks for these details!
>>> 
>>> I asked mainly because the libmysqlclient seems to have some issues in 
>>> older ubuntu (16.04 and 18.04) when using tls and libssl 1.1, based on 
>>> reports on community. Nothing similar reported when using mariadb so far.
>>> 
>>> Cheers,
>>> Daniel
>>> 
>>> On 27.07.20 10:25, Mark Boyce wrote:
 Hi
 
 Package - Cool.  FYI 5.4 from git seems to compile ok, although I’m only 
 compiling modules I’m using.  (Only issue I’m having is G729 for 
 rtpengine, but that’s another story...)
 
 MySQL - Using MySQL’s repo is force of habit for getting v8.  Ubuntu has 
 been shipping with MySQL v5.7, although having just checked on 20.04 is 
 finally shipping with MySQL 8.0.20 now
 
 Package: mysql-server
 Versions:
 8.0.21-1ubuntu20.04 (/var/lib/apt/lists/repo.mysql.com 
 _apt_ubuntu_dists_focal_mysql-8.0_binary-amd64_Packages)
  (/var/lib/dpkg/status)
  Description Language:
  File: 
 /var/lib/apt/lists/repo.mysql.com_apt_ubuntu_dists_focal_mysql-8.0_binary-amd64_Packages
   MD5: 40f35c3f688a48dea4283a87850ef877
 
 8.0.20-0ubuntu0.20.04.1 (/var/lib/apt/lists/nova.clouds.archive.ubuntu.com 
 _ubuntu_dists_focal-updates_main_binary-amd64_Packages)
  (/var/lib/apt/lists/security.ubuntu.com_ubuntu_
 dists_focal-security_main_binary-amd64_Packages)
  Description Language:
  File: 
 /var/lib/apt/lists/nova.clouds.archive.ubuntu.com_ubuntu_dists_focal_main_binary-amd64_Packages
   MD5: 743caadb7bcc9923a15d886cf7260d23
 
 Maria 10.3 is also available on Ubuntu 20.04
 
 Package: mariadb-server
 Versions:
 1:10.3.22-1ubuntu1 
 (/var/lib/apt/lists/nova.clouds.archive.ubuntu.com_ubuntu_dists_focal_universe_binary-amd64_Packages)
  Description Language:
  File: /var/lib/apt/lists/nova.clouds.archive.ubuntu.com 
 _ubuntu_dists_focal_universe_binary-amd64_Packages
   MD5: 47753d361ef73aaa0d808a49d4717d3f
 
 To get 10.5 (Stable) we’d need to use the Maria Repo 
 https://mariadb.org/download/#mariadb-repositories 
 
 
 Cheers
 Mark
 
 
> On 27 Jul 2020, at 09:02, Daniel-Constantin Mierla  > wrote:
> 
> Hello,
> 
> there is an open issue on tracker for adding packaging jobs for Ubuntu
> 20.04, hopefully Victor can find some time soon for it:
> 
>   - https://github.com/kamailio/kamailio/issues/2338 
> 
> 
> Otherwise I am curious to know if MySQL server is shipped with Ubuntu
> 20.04 by default? You said "MySQL 8 (From MySQL Repo)", just want to be
> sure if MySQL or MariaDB is the default one (maybe you wanted to use
> MySQL Repo to get a more recent version).
> 
> Cheers,
> Daniel
> 
> On 24.07.20 20:27, Mark Boyce wrote:
>> Hi all
>> 
>> This is installing 5.3 for Bionic (18.04) on Focal (20.04) but as I know 
>> you’re in the throws of building 5.4 thought I'd throw this out there in 
>> case it changes anything;
>> 
>> Installing kamailio from;
>> deb http://deb.kamailio.org/kamailio53 
>>  bionic main
>> 
>> 
>> The following packages have unmet dependencies:
>> kamailio : Depends: libreadline7 (>= 6.0) but it is not installable
>> kamailio-mysql-modules : Depends: libmysqlclient20 (>= 5.7.11) but it is 
>> not installable
>> kamailio-redis-modules : Depends: libhiredis0.13 (>= 0.13.1) but it is 
>> not installable
>> 
>> libreadline7 -> libreadline8 (v 8.0-4)
>> libmysqlclient20 -> libmysqlclient21 (v 8.0.21-1ubuntu20.04)
>

Re: [SR-Users] Install 5.3 on Ubuntu 20.04 With MySQL 8

[Daniel-Constantin Mierla]

Hello,

out of curiosity, one more question: do you stick with MySQL for some
specific reasons (e.g., support, performance, replication, ...)?

In most of my deployments I migrated to MariaDB, because it is the
default one shipped by Debian Stable and I haven't faced any major issue
so far...

Cheers,
Daniel

On 27.07.20 10:51, Mark Boyce wrote:
> Hi
>
> Yes not surprised.  Ubuntu has been lagging behind on MySQL v5 for
> ages, which is one of the reasons I use MySQLs own repo.  I have been
> using Ubuntu 18.04 with kamailio 5.3 from repo, MySQL 8 from MySQL
> repo, and TLS without issue.
>
> Cheers
> Mark
>
>> On 27 Jul 2020, at 09:46, Daniel-Constantin Mierla > > wrote:
>>
>> Hello,
>>
>> ok, thanks for these details!
>>
>> I asked mainly because the libmysqlclient seems to have some issues
>> in older ubuntu (16.04 and 18.04) when using tls and libssl 1.1,
>> based on reports on community. Nothing similar reported when using
>> mariadb so far.
>>
>> Cheers,
>> Daniel
>>
>> On 27.07.20 10:25, Mark Boyce wrote:
>>> Hi
>>>
>>> Package - Cool.  FYI 5.4 from git seems to compile ok, although I’m
>>> only compiling modules I’m using.  (Only issue I’m having is G729
>>> for rtpengine, but that’s another story...)
>>>
>>> MySQL - Using MySQL’s repo is force of habit for getting v8.  Ubuntu
>>> has been shipping with MySQL v5.7, although having just checked on
>>> 20.04 is finally shipping with MySQL 8.0.20 now
>>>
>>> Package: mysql-server
>>> Versions:
>>> *8.0.21*-1ubuntu20.04 (/var/lib/apt/lists/repo.*mysql.com
>>> *_apt_ubuntu_dists_focal_mysql-8.0_binary-amd64_Packages)
>>> (/var/lib/dpkg/status)
>>>  Description Language:
>>>                  File:
>>> /var/lib/apt/lists/repo.mysql.com_apt_ubuntu_dists_focal_mysql-8.0_binary-amd64_Packages
>>>                   MD5: 40f35c3f688a48dea4283a87850ef877
>>>
>>> *8.0.20*-0ubuntu0.20.04.1
>>> (/var/lib/apt/lists/nova.clouds.archive.*ubuntu.com
>>> *_ubuntu_dists_focal-updates_main_binary-amd64_Packages)
>>> (/var/lib/apt/lists/security.ubuntu.com_ubuntu_
>>> dists_focal-security_main_binary-amd64_Packages)
>>>  Description Language:
>>>                  File:
>>> /var/lib/apt/lists/nova.clouds.archive.ubuntu.com_ubuntu_dists_focal_main_binary-amd64_Packages
>>>                   MD5: 743caadb7bcc9923a15d886cf7260d23
>>>
>>> Maria 10.3 is also available on Ubuntu 20.04
>>>
>>> Package: mariadb-server
>>> Versions:
>>> 1:10.3.22-1ubuntu1
>>> (/var/lib/apt/lists/nova.clouds.archive.ubuntu.com_ubuntu_dists_focal_universe_binary-amd64_Packages)
>>>  Description Language:
>>>                  File:
>>> /var/lib/apt/lists/nova.clouds.archive.*ubuntu.com
>>> *_ubuntu_dists_focal_universe_binary-amd64_Packages
>>>                   MD5: 47753d361ef73aaa0d808a49d4717d3f
>>>
>>> To get 10.5 (Stable) we’d need to use the Maria
>>> Repo https://mariadb.org/download/#mariadb-repositories
>>>
>>> Cheers
>>> Mark
>>>
>>>
 On 27 Jul 2020, at 09:02, Daniel-Constantin Mierla
 mailto:mico...@gmail.com>> wrote:

 Hello,

 there is an open issue on tracker for adding packaging jobs for Ubuntu
 20.04, hopefully Victor can find some time soon for it:

   - https://github.com/kamailio/kamailio/issues/2338

 Otherwise I am curious to know if MySQL server is shipped with Ubuntu
 20.04 by default? You said "MySQL 8 (From MySQL Repo)", just want to be
 sure if MySQL or MariaDB is the default one (maybe you wanted to use
 MySQL Repo to get a more recent version).

 Cheers,
 Daniel

 On 24.07.20 20:27, Mark Boyce wrote:
> Hi all
>
> This is installing 5.3 for Bionic (18.04) on Focal (20.04) but as
> I know you’re in the throws of building 5.4 thought I'd throw this
> out there in case it changes anything;
>
> Installing kamailio from;
> deb http://deb.kamailio.org/kamailio53 bionic main
>
>
> The following packages have unmet dependencies:
> kamailio : Depends: libreadline7 (>= 6.0) but it is not installable
> kamailio-mysql-modules : Depends: libmysqlclient20 (>= 5.7.11) but
> it is not installable
> kamailio-redis-modules : Depends: libhiredis0.13 (>= 0.13.1) but
> it is not installable
>
> libreadline7-> libreadline8 (v 8.0-4)
> libmysqlclient20-> libmysqlclient21 (v 8.0.21-1ubuntu20.04)
> libhiredis0.13-> libhiredis-dev  (v 0.14.0-6).
>
>
> Ubuntu Server 20.04 LTS (focal)
> MySQL 8 (From MySQL Repo)
> Redis 6 from latest stable
>
>
> Best regards
> Mark
> -- 
> Mark Boyce
> Dark Origins Ltd
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org 
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

 -- 
 Daniel-Constantin Mierla -- www.asipto.com 

[SR-Users] Kamailio Dockerization

[Edward Romanenco]

Hi,

I am working on a project involving Kamailio dockerezation, which is meant to 
run alongside Freeswitch and RTPEngine containers, on the basis of a 
Docker-Compose file which is launched on top of a CentOS 7.7 host system.
I was able to create and run the containers successfully, they are starting and 
listening to the correct ports, but for some unexplained reason - the incoming 
SIP traffic is not getting picked up by Kamailio. I can easily trace the 
traffic from the host, but when SSHing the container and running a test from 
within, no traffic goes by.
I've used netcat to generate plain UDP traffic to the container, and it was 
logged into the Kamailio log files, but real-life traffic doesn't seem to work.
I've tried moving to host mode (from bridge), but it didn't make any 
difference. All required firewall rules were opened obviously, I've also tried 
shutting the firewall off completely but it didn't help.

Does anyone experienced anything similar while running Kamailio in Dockers, and 
could provide me a go-through on what steps did he take to fix it?

EXCERPT FROM MY DOCKERFILE

# Getting Kamailio source code from GIT
RUN mkdir -p /usr/local/src/kamailio-5.3
WORKDIR /usr/local/src/kamailio-5.3
RUN git clone --depth 1 --no-single-branch https://github.com/kamailio/kamailio
WORKDIR /usr/local/src/kamailio-5.3/kamailio
RUN git checkout -b 5.3.2

# Compile the source code and install Kamailio
RUN make include_modules="phonenum db_mysql xmlrpc http_async_client jansson 
auth_db nathelper websocket tls outbound topoh http_client" cfg && \
make all && make install

# Default setting is to run Kamailio as user “kamailio” and group “kamailio”
RUN adduser --quiet --system --group --disabled-password \
--shell /bin/false --gecos "Kamailio" \
--home /var/run/kamailio kamailio

# To use init.d script for starting/stopping the Kamailio server
COPY Init/kamailio /etc/init.d/
RUN chmod 755 /etc/init.d/kamailio
COPY Default/kamailio /etc/default/
COPY kamailio.service /etc/systemd/system/
RUN mkdir -p /var/run/kamailio
RUN chown kamailio:kamailio /var/run/kamailio

COMPOSE (BRIDGE NETWORK VERSION)

kamailioegress:
  build: kamailio_egress
  image: kamailioegress:latest
  container_name: kamailioegress
  restart: always
  environment:
- DATABASE=kamailioe
- SIP_DOMAIN=XXX
- DBHOST=kamailiodb
- DBROOTUSER=root
- DBROOTPASS=XXX
- PUBLIC_IPV4=XXX
  depends_on:
- Kamailio-Base
- kmdb
- freeswitch
- rtpengine
  expose:
- "5060/udp"
- "5060/tcp"
  ports:
- "XXX:5060:5060/udp"
  networks:
private-net:
  ipv4_address: "172.18.0.30"
  deploy:
mode: replicated
replicas: 1
restart_policy:
  condition: always
  delay: 5s
  max_attempts: 3
  window: 120s

networks:
  private-net:
driver: bridge
ipam:
  config:
- subnet: 172.18.0.0/16
driver_opts:
  com.docker.network.bridge.name: wrtcpriv
  public-net:
external:
  name: host

​COMPOSE (HOST MODE VERSION)

kamailioegress:
  build: kamailio_egress
  image: kamailioegress:latest
  container_name: kamailioegress
  network_mode: host
  restart: always
  environment:
- DATABASE=kamailioe
- SIP_DOMAIN=XXX
- DBHOST=172.18.0.10
- DBROOTUSER=root
- DBROOTPASS=XXX
- PUBLIC_IPV4=XXX
- EGPORT=5060
- LINTE=ens224
- LINTI=ens192
- RTPENGINE=localhost
  depends_on:
- Kamailio-Base
- kmdb
- freeswitch
- rtpengine
  expose:
- "5060/udp"
  ports:
- "213.8.76.13:5060:5060/udp"
  deploy:
mode: replicated
replicas: 1
restart_policy:
  condition: always
  delay: 5s
  max_attempts: 3
  window: 120s

CONFIG FILE

/* uncomment and configure the following line if you want Kamailio to
 * bind on a specific interface/port/proto (default bind on all available) */
listen=udp:0.0.0.0:LPORT advertise PUBLIC_IP:LPORT

KAMAILIO-LOCALE

#!define DBURL "mysql://root:XXX@DBHOST/kamailioe"
#!substdef "!MY_DBURL!mysql://root:XXX@DBHOST/kamailioe!g"
#!substdef "!RTPENGINE!MY_RTPENGINE!g"
#!substdef "!SIP_DOMAIN!MY_SIP_DOMAIN!g"
#!substdef "!PUBLIC_IP!MY_PUBLIC_IP!g"
#!substdef "!PRIVATE_IP!MY_PRIVATE_IP!g"
#!substdef "!LPORT!MY_LPORT!g"
#!substdef "!LINT!MY_LINT!g"
#!substdef "!HOMER_IP!10.1.0.100!g"
#!substdef "!API_URL!http://localhost:3000/v1/mock!g";
#!substdef "/CCODES/972|380/"
#!substdef "/NUM_TRANSLATE_OUT_RE/+?(CCODES)([0-9]+)/"
#!substdef "/NUM_TRANSLATE_IN_RE/0([0-9]+)/"

​FIREWALL RULES

-bash-4.2# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens192 ens224
  sources: 192.168.1.39
  services: dhcpv6-client http https sip ssh
  ports: 9323/tcp 9323/udp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
rule family="ipv4" destination address="XXX" port port="5060" 
protocol="udp" accept
rule family="ipv4" destination address="XXX" port port="5060" 
protocol="

Re: [SR-Users] Using GeoIP2 AS Lookup?

[Daniel-Constantin Mierla]

Hello,

On 27.07.20 11:32, Mark Boyce wrote:
>
> Hi
>
> Sounds very similar to the way I’ve been heading, working on multi
> layer defence like this;
>
> 1) Already Blacklisted -> drop
>
> 2) Very naughty things we should never see (SQL injection/scanner) ->
> Add to permanent blacklist & drop


This make sense as well. Probably we should extend sanity module for
doing such checks over the relevant parts of the message (R-URI, From/To
headers, Call-ID).


>
> 3) Rate Limiting . Using temp blacklist, banning for x mins.
>
> 4) If not an “Invite/Register” and IP not on list of IPs we have seen
> auth previously, drop. (Gets rid of all the Option/Subscribe scanners)
>
> 5) “Not for us” user/domain check -> drop.  (good, as it ignores all
> those invites from 100@1.1.1.1 . Bad, as it means
> a badly configured UA trying to talk to us on IP domain doesn’t get an
> Auth challenge)
>
> 6) Normal Challenge Auth, with failure rate limit
>
> (Using details retrieved as part of Auth)
>
> 7) If not in $au:$ip:$ua.. cache Check IP / GeoIP Countries / Device
> UA / etc. Caching result
>
> 8) Check if endpoint / user / etc is disabled (means disabling a
> single endpoint doesn’t end up banning entire IP for Auth failures)
>
>
> Most of which is coded by hand inside cfg file at the moment.
>  Couldn’t quite get security module etc to work quiet how I wanted the
> logic to work.

that's not easy indeed -- every time I think I should wrap all the
conditions I have in a recent config into a "security" module (for the
sake of easing provisioning), a different pattern pops up that I have to
cover or there is a new deployment with different call scenarios/end
points behaviour that is reusing only a few from the previous config.

Making such a module with very flexible policies stored in database will
be very complex, hard to define the format of the rules, which can end
up being harder to manage than just combining modules and conditions in
configuration file.

Cheers,
Daniel

>
> Cheers
> Mark
>
>
>
>> On 27 Jul 2020, at 10:08, Daniel-Constantin Mierla > > wrote:
>>
>> Hello,
>>
>> what worked quite well so far for me was maintaining ipban and
>> ipallow htables, adding to ipallow the address of a successfully
>> authenticated request and adding to ipban the address of a flooding
>> end point (detected via pike or pipelimit) which is not in ipallow.
>>
>> Of course, skipping trusted fixed ip end points (e.g., pstn gateways).
>>
>> Most of the end points send the REGISTER and once authenticated and
>> gets back 200ok, then they flood with SUBSCRIBE for BLF/MWI/Presence,
>> but at that moment, the IP is in ipallow. I also maintain an userban
>> htable where to keep username:ip if that user failed to authenticate
>> 5 times in a row.
>>
>> Anyhow, adding more layers of trusting levels is better.
>>
>> Cheers,
>> Daniel
>>
>> On 27.07.20 10:45, Mark Boyce wrote:
>>> Hi
>>>
>>> I only have ubuntu to hand.  The latest v20.04 still seems to
>>> include a country db version, although it’s from Dec 2019.
>>>
>>> Completely agree on security, and still wondering how much admin
>>> overhead maintaining it is.
>>>
>>> At the moment I’m thinking of layering it like this;
>>>
>>> - Fixed IP
>>> - Dynamic IP but Fixed ISP (AS)
>>> - Mobile but Fixed/Limited Country
>>> - Mobile no restrictions
>>>
>>> Also playing with matching User-Agent from headers against a list of
>>> RegEx’s to verify that the endpoint is the make/model expected.  
>>>
>>>
>>> GeoIP Module - Great.  I’ll have a look at module source and try to
>>> document what’s involved.
>>>
>>>
>>> Cheers
>>> Mark
>>>
 On 27 Jul 2020, at 09:14, Daniel-Constantin Mierla
 mailto:mico...@gmail.com>> wrote:

 Hello,

 indeed, I noticed a while ago MaxMind requires registration to
 fetch the
 latest database, from that point I was still using a local copy of an
 older version for testing. Are the major Linux distros still
 shipping it?

 I can add lookup of AS to the module -- it would be appreciated and
 speed up things if you can give some references/links to the
 API/library
 docs for it.

 As for how much security it can bring, as always, it depends. If you
 have only fixed lines customers, then it can be an extra check. But if
 the people can use mobile apps, they can go in parks, or public places
 and use mobile carriers or public wifi networks. Also, I encountered
 situations when people do vpn from their mobile and show up as coming
 from another country, a matter where the vpn server is located.

 In general, the more restrictions you can set for end point locations,
 the better. Still, they can be compromised even if they are inside a
 known isp network...

 Cheers,
 Daniel

 On 23.07.20 12:18, Mark Boyce wrote:
> Hi all
>
> Just looking at the latest GeoIP2 MaxMind databases (now requires
> reg

Re: [SR-Users] kamailio 5.3.5 - none local route header

[Daniel-Constantin Mierla]

Hello,

maybe the R-URI (address in the first line) is coming with a local
domain/ip, and then strict routing is done, meaning that next route
header is moved to R-URI, from where it can be overwritten by other
config actions.

Anyhow, set debug=3 and what the messages printed by rr module and core
when executing loose_route(), it shoud show if the URI in the route or
R-URI is matching myself.

Be also, you don't have any remove_hf("Route") executed by mistake (you
can use debugger module with cfgtrace enabled to check what actions are
executed).

Cheers,
Daniel

On 27.07.20 12:12, Jonathan Hunter wrote:
>
> Hi Daniel,
>
>  
>
> Thanks for the reply.
>
>  
>
> I don’t see the CARRIER_IP listed as an alias, and I have only 1
> domain listed and that’s local. I also toggled the register_myself
> parameter and it is still removing the none local CARRIER_IP.
>
>  
>
> The route header containing the CARRIER_IP doesn’t contain a from tag,
> apart from that it looks normal and I cant fine any reference to it
> locally.
>
>  
>
> I haven’t seen this before, however this is my first time implementing
> things in Azure and on centos 7. Its only on outbound calls as well,
> what other steps do you suggest if any?
>
>  
>
> Thanks for the reply.
>
>  
>
> Jon
>
>  
>
> Sent from Mail  for
> Windows 10
>
>  
>
> *From: *Daniel-Constantin Mierla 
> *Sent: *27 July 2020 09:04
> *To: *Kamailio (SER) - Users Mailing List
> ; Jonathan Hunter
> ; Kamailio (SER) - Users Mailing List
> 
> *Subject: *Re: [SR-Users] kamailio 5.3.5 - none local route header
>
>  
>
> Hello,
>
> that can happen if you have CARRIER_IP as value for alias global
> parameter or inside the domain module records with register_myself
> modparam enabled. Can you chack if any of those cases happens?
>
> Cheers,
> Daniel
>
> On 24.07.20 12:58, Jonathan Hunter wrote:
>
> Hi Guys,
>
>  
>
> Sorry if this is too generic or silly a question but I am testing
>
> kamailio 5.3.5 within Azure and its behind NAT.
>
>  
>
> I am having an issue with passing an ACK from our internal side
> back out to
>
> the carrier side and it appears having run loose_route a none
> local route-header is
>
> consistently being removed by kamailio at this point.
>
>  
>
> ie Route:  
>
>  
>
> Is this normal or configuration related?
>
>  
>
> As I am unsure within what scenario I would remove a route header
> which doesnt contain the local
>
> Proxy IP.
>
>  
>
> Please can someone advise?
>
>  
>
> Many thanks
>
>  
>
> Jon
>
>  
>
> Sent from Mail
> 
> 
> for Windows 10
>
>  
>
>
>
> ___
>
> Kamailio (SER) - Users Mailing List
>
> sr-users@lists.kamailio.org 
>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users 
> 
>
> -- 
> Daniel-Constantin Mierla -- www.asipto.com 
> 
> www.twitter.com/miconda 
> 
>  -- www.linkedin.com/in/miconda 
> 
> Funding: https://www.paypal.me/dcmierla 
> 
>
>  
>
-- 
Daniel-Constantin Mierla -- www.

Re: [SR-Users] kamailio 5.3.5 - none local route header

[Jonathan Hunter]

Hi Daniel,

Thanks for the reply.

I don’t see the CARRIER_IP listed as an alias, and I have only 1 domain listed 
and that’s local. I also toggled the register_myself parameter and it is still 
removing the none local CARRIER_IP.

The route header containing the CARRIER_IP doesn’t contain a from tag, apart 
from that it looks normal and I cant fine any reference to it locally.

I haven’t seen this before, however this is my first time implementing things 
in Azure and on centos 7. Its only on outbound calls as well, what other steps 
do you suggest if any?

Thanks for the reply.

Jon

Sent from Mail for Windows 10

From: Daniel-Constantin Mierla
Sent: 27 July 2020 09:04
To: Kamailio (SER) - Users Mailing List; 
Jonathan Hunter; Kamailio (SER) - Users Mailing 
List
Subject: Re: [SR-Users] kamailio 5.3.5 - none local route header


Hello,

that can happen if you have CARRIER_IP as value for alias global parameter or 
inside the domain module records with register_myself modparam enabled. Can you 
chack if any of those cases happens?

Cheers,
Daniel
On 24.07.20 12:58, Jonathan Hunter wrote:
Hi Guys,

Sorry if this is too generic or silly a question but I am testing
kamailio 5.3.5 within Azure and its behind NAT.

I am having an issue with passing an ACK from our internal side back out to
the carrier side and it appears having run loose_route a none local 
route-header is
consistently being removed by kamailio at this point.

ie Route: 

Is this normal or configuration related?

As I am unsure within what scenario I would remove a route header which doesnt 
contain the local
Proxy IP.

Please can someone advise?

Many thanks

Jon

Sent from 
Mail
 for Windows 10




___

Kamailio (SER) - Users Mailing List

sr-users@lists.kamailio.org

https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

--

Daniel-Constantin Mierla -- 
www.asipto.com

www.twitter.com/miconda
 -- 
www.linkedin.com/in/miconda

Funding: 
https://www.paypal.me/dcmierla

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Using GeoIP2 AS Lookup?

[Mark Boyce]

Hi

Sounds very similar to the way I’ve been heading, working on multi layer 
defence like this;

1) Already Blacklisted -> drop

2) Very naughty things we should never see (SQL injection/scanner) -> Add to 
permanent blacklist & drop

3) Rate Limiting . Using temp blacklist, banning for x mins.

4) If not an “Invite/Register” and IP not on list of IPs we have seen auth 
previously, drop. (Gets rid of all the Option/Subscribe scanners)

5) “Not for us” user/domain check -> drop.  (good, as it ignores all those 
invites from 100@1.1.1.1 . Bad, as it means a badly 
configured UA trying to talk to us on IP domain doesn’t get an Auth challenge)

6) Normal Challenge Auth, with failure rate limit

(Using details retrieved as part of Auth)

7) If not in $au:$ip:$ua.. cache Check IP / GeoIP Countries / Device UA / etc. 
Caching result

8) Check if endpoint / user / etc is disabled (means disabling a single 
endpoint doesn’t end up banning entire IP for Auth failures)


Most of which is coded by hand inside cfg file at the moment.  Couldn’t quite 
get security module etc to work quiet how I wanted the logic to work.

Cheers
Mark



> On 27 Jul 2020, at 10:08, Daniel-Constantin Mierla  wrote:
> 
> Hello,
> 
> what worked quite well so far for me was maintaining ipban and ipallow 
> htables, adding to ipallow the address of a successfully authenticated 
> request and adding to ipban the address of a flooding end point (detected via 
> pike or pipelimit) which is not in ipallow.
> 
> Of course, skipping trusted fixed ip end points (e.g., pstn gateways).
> 
> Most of the end points send the REGISTER and once authenticated and gets back 
> 200ok, then they flood with SUBSCRIBE for BLF/MWI/Presence, but at that 
> moment, the IP is in ipallow. I also maintain an userban htable where to keep 
> username:ip if that user failed to authenticate 5 times in a row.
> 
> Anyhow, adding more layers of trusting levels is better.
> 
> Cheers,
> Daniel
> 
> On 27.07.20 10:45, Mark Boyce wrote:
>> Hi
>> 
>> I only have ubuntu to hand.  The latest v20.04 still seems to include a 
>> country db version, although it’s from Dec 2019.
>> 
>> Completely agree on security, and still wondering how much admin overhead 
>> maintaining it is.
>> 
>> At the moment I’m thinking of layering it like this;
>> 
>> - Fixed IP
>> - Dynamic IP but Fixed ISP (AS)
>> - Mobile but Fixed/Limited Country
>> - Mobile no restrictions
>> 
>> Also playing with matching User-Agent from headers against a list of RegEx’s 
>> to verify that the endpoint is the make/model expected.  
>> 
>> 
>> GeoIP Module - Great.  I’ll have a look at module source and try to document 
>> what’s involved.
>> 
>> 
>> Cheers
>> Mark
>> 
>>> On 27 Jul 2020, at 09:14, Daniel-Constantin Mierla >> > wrote:
>>> 
>>> Hello,
>>> 
>>> indeed, I noticed a while ago MaxMind requires registration to fetch the
>>> latest database, from that point I was still using a local copy of an
>>> older version for testing. Are the major Linux distros still shipping it?
>>> 
>>> I can add lookup of AS to the module -- it would be appreciated and
>>> speed up things if you can give some references/links to the API/library
>>> docs for it.
>>> 
>>> As for how much security it can bring, as always, it depends. If you
>>> have only fixed lines customers, then it can be an extra check. But if
>>> the people can use mobile apps, they can go in parks, or public places
>>> and use mobile carriers or public wifi networks. Also, I encountered
>>> situations when people do vpn from their mobile and show up as coming
>>> from another country, a matter where the vpn server is located.
>>> 
>>> In general, the more restrictions you can set for end point locations,
>>> the better. Still, they can be compromised even if they are inside a
>>> known isp network...
>>> 
>>> Cheers,
>>> Daniel
>>> 
>>> On 23.07.20 12:18, Mark Boyce wrote:
 Hi all
 
 Just looking at the latest GeoIP2 MaxMind databases (now requires 
 registration, but still free) and noticed that they also include the AS 
 (ISP) lookup one in the free offering.
 
 Wondering if this is another way to facilitate better security for users 
 on dynamic IP. Typically working from home these days.
 
 So, rather than just limiting an end device to a country we could limit it 
 to a particular ISP within that country.
 
 Has anyone tried this? Have I missed a reason why this wouldn’t help?  
 Admin overhead not worth it?
 
 Thoughts?
 
 Best regards
 Mark
 -- 
 Mark Boyce
 Dark Origins Ltd
 
 ___
 Kamailio (SER) - Users Mailing List
 sr-users@lists.kamailio.org 
 https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users 
 
>>> 
>>> -- 
>>> Daniel-Constantin Mierla -- ww

Re: [SR-Users] The plan for releasing Kamailio v5.4.0

[Daniel-Constantin Mierla]

Hello,

the 2 days ahead notification before the next major version release:
5.4.0. If you are aware of anything that should make it to this release,
start the discussion asap to give it a good chance.

Cheers,
Daniel

On 17.07.20 09:17, Daniel-Constantin Mierla wrote:
> Hello,
>
> we are considering to release the next major stable release,
> respectively 5.4.0, on Wednesday, July 29, 2020.
>
> The branch 5.4 was already created, several doc resources were already
> added (wiki pages with what is new,
> core/variables/transformations/rpcs/stats cookbooks, alphabetic indexes,
> ...), at least debian/ubuntu packages should be built nightly, ...
>
> If anyone is testing an upgrade from branch 5.3 to 5.4 and encounters
> changes that should be done in Kamailio config, add notes about at:
>
>   * https://www.kamailio.org/wiki/install/upgrade/5.3.x-to-5.4.0
>
> Cheers,
> Daniel
>
> -- 
> Daniel-Constantin Mierla -- www.asipto.com
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Funding: https://www.paypal.me/dcmierla
>
-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla


___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Using GeoIP2 AS Lookup?

[Daniel-Constantin Mierla]

Hello,

what worked quite well so far for me was maintaining ipban and ipallow
htables, adding to ipallow the address of a successfully authenticated
request and adding to ipban the address of a flooding end point
(detected via pike or pipelimit) which is not in ipallow.

Of course, skipping trusted fixed ip end points (e.g., pstn gateways).

Most of the end points send the REGISTER and once authenticated and gets
back 200ok, then they flood with SUBSCRIBE for BLF/MWI/Presence, but at
that moment, the IP is in ipallow. I also maintain an userban htable
where to keep username:ip if that user failed to authenticate 5 times in
a row.

Anyhow, adding more layers of trusting levels is better.

Cheers,
Daniel

On 27.07.20 10:45, Mark Boyce wrote:
> Hi
>
> I only have ubuntu to hand.  The latest v20.04 still seems to include
> a country db version, although it’s from Dec 2019.
>
> Completely agree on security, and still wondering how much admin
> overhead maintaining it is.
>
> At the moment I’m thinking of layering it like this;
>
> - Fixed IP
> - Dynamic IP but Fixed ISP (AS)
> - Mobile but Fixed/Limited Country
> - Mobile no restrictions
>
> Also playing with matching User-Agent from headers against a list of
> RegEx’s to verify that the endpoint is the make/model expected.  
>
>
> GeoIP Module - Great.  I’ll have a look at module source and try to
> document what’s involved.
>
>
> Cheers
> Mark
>
>> On 27 Jul 2020, at 09:14, Daniel-Constantin Mierla > > wrote:
>>
>> Hello,
>>
>> indeed, I noticed a while ago MaxMind requires registration to fetch the
>> latest database, from that point I was still using a local copy of an
>> older version for testing. Are the major Linux distros still shipping it?
>>
>> I can add lookup of AS to the module -- it would be appreciated and
>> speed up things if you can give some references/links to the API/library
>> docs for it.
>>
>> As for how much security it can bring, as always, it depends. If you
>> have only fixed lines customers, then it can be an extra check. But if
>> the people can use mobile apps, they can go in parks, or public places
>> and use mobile carriers or public wifi networks. Also, I encountered
>> situations when people do vpn from their mobile and show up as coming
>> from another country, a matter where the vpn server is located.
>>
>> In general, the more restrictions you can set for end point locations,
>> the better. Still, they can be compromised even if they are inside a
>> known isp network...
>>
>> Cheers,
>> Daniel
>>
>> On 23.07.20 12:18, Mark Boyce wrote:
>>> Hi all
>>>
>>> Just looking at the latest GeoIP2 MaxMind databases (now requires
>>> registration, but still free) and noticed that they also include the
>>> AS (ISP) lookup one in the free offering.
>>>
>>> Wondering if this is another way to facilitate better security for
>>> users on dynamic IP. Typically working from home these days.
>>>
>>> So, rather than just limiting an end device to a country we could
>>> limit it to a particular ISP within that country.
>>>
>>> Has anyone tried this? Have I missed a reason why this wouldn’t
>>> help?  Admin overhead not worth it?
>>>
>>> Thoughts?
>>>
>>> Best regards
>>> Mark
>>> -- 
>>> Mark Boyce
>>> Dark Origins Ltd
>>>
>>> ___
>>> Kamailio (SER) - Users Mailing List
>>> sr-users@lists.kamailio.org 
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>> -- 
>> Daniel-Constantin Mierla -- www.asipto.com 
>> www.twitter.com/miconda  --
>> www.linkedin.com/in/miconda 
>> Funding: https://www.paypal.me/dcmierla
>>
>
>
> -- 
> Mark Boyce
> Dark Origins Ltd
> e: m...@darkorigins.com 
>
-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Redis error: Server closed the connection / nbd_redis / kamailio 5.3.5

[Daniel-Constantin Mierla]

Hello,

based on these details, you can do 'kamctl ps' to see the type of the
process printing the disconnect log message matching the pid. Maybe is
some process with low activity, not using the redis connection that much.

Cheers,
Daniel

On 22.07.20 14:48, Alexandre Abreu wrote:
> Hi Karsten,
>
> I notice that some errors are in intervals of 1 minute:
>
> 13:43
> 13:44
> 13:45
>
> Maybe the connection to Redis of that thread are idle and the Redis
> server close the connection.
>
> More information here: https://redis.io/topics/clients#client-timeouts
>
> I hope it helps.
>
>
> *Alexandre Abreu*
> Voice Application Engineer & Team Leader
> __
> *BySide*
> (+351) 931 111 544
> Rua Visconde Bóbeda, 70
> 4000-108 Porto
> __
>
> Advertência/Warning
> Este correio electrónico contém informação privada e estritamente
> confidencial.
> Qualquer leitura, retenção, distribuição ou cópia desta mensagem por
> qualquer pessoa que não seja o destinatário da presente mensagem é
> proibida.
>
> This e-mail is privileged, confidential and contains private information.
> Any reading, retention, distribution or copying of this communication
> by any person other than its intended recipient is prohibited.
>
>
>
> On Wed, Jul 22, 2020 at 1:26 PM Karsten Horsmann  > wrote:
>
> Hi everyone,
>
> I get some strange errors from nbd_redis but my setup is working.
> kamailio 5.3.5 on CentOS 7.7.1908.
> Redis-Server is an haproxy frontend that pushed the stuff to an
> redis-sentinel cluster (with and really old
> version redis-3.2.1-2.el7.remi.x86_64).
> Any ideas on that? 
>
> Jul 22 13:42:52 siptrunk5 kamailio[112377]: ERROR: ndb_redis
> [redis_client.c:1083]: redisc_exec_argv(): Redis error: Server
> closed the connection
> Jul 22 13:43:34 siptrunk5 kamailio[112359]: ERROR: ndb_redis
> [redis_client.c:1083]: redisc_exec_argv(): Redis error: Server
> closed the connection
> Jul 22 13:43:34 siptrunk5 kamailio[112378]: ERROR: ndb_redis
> [redis_client.c:1083]: redisc_exec_argv(): Redis error: Server
> closed the connection
> Jul 22 13:44:33 siptrunk5 kamailio[112363]: ERROR: ndb_redis
> [redis_client.c:1083]: redisc_exec_argv(): Redis error: Server
> closed the connection
> Jul 22 13:45:03 siptrunk5 kamailio[112362]: ERROR: ndb_redis
> [redis_client.c:1083]: redisc_exec_argv(): Redis error: Server
> closed the connection
> Jul 22 14:00:01 siptrunk5 kamailio[112381]: ERROR: ndb_redis
> [redis_client.c:1083]: redisc_exec_argv(): Redis error: Server
> closed the connection
> Jul 22 14:00:01 siptrunk5 kamailio[112365]: ERROR: {24519 CANCEL
> 59644df6-68ac-4dd6-9fa5-1a9c2eda3b59} ndb_redis
> [redis_client.c:1083]: redisc_exec_argv(): Redis error: Server
> closed the connection
>
>
> # grep redis /etc/kamailio/kamailio.cfg
> loadmodule "ndb_redis.so"
> loadmodule "topos_redis.so"
> modparam("ndb_redis", "server",
> "name=CFG_REDIS_NAME;addr=CFG_REDIS_ADDR;port=6379;db=CFG_REDIS_DB")
> modparam("ndb_redis", "connect_timeout", 1500) # default 1000ms/1sec
> modparam("ndb_redis", "cmd_timeout", 1500) # default 1000ms/1sec
> modparam("topos", "storage", "redis")
> modparam("topos_redis", "serverid", "CFG_REDIS_NAME")
> -- 
> Cheers
> *Karsten Horsmann*
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org 
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] failed to lock the memory pages (disable swap) WARNING

[Daniel-Constantin Mierla]

Hello,

thanks for updating back, very useful to know.

Btw, both updates of /etc/security/limits.conf and systemd unit file are
required, or only one is enough?

Cheers,
Daniel

On 24.07.20 16:46, Joel Serrano wrote:
> Hey guys, I never replied back but thankfully didn’t forget. 
>
> I finally got some time to finish checking this, as you guys pointed
> out, my only issue was the limits. 
>
> If anyone else runs into this:
>
> To /etc/security/limits.conf (and reboot):
>
> *    hard   memlock   unlimited
> *    soft    memlock   unlimited
>
> If you are using systemd based OS:
>
> To Kamailio systemd unit file/drop-in overrides, in [Service] section:
>
> |LimitMEMLOCK=infinity|
> |
> |
> |
> |
> Thanks Henning and David!
>
> Cheers,
> Joel. 
>
> On Tue, Jul 7, 2020 at 23:17 Henning Westerholt  > wrote:
>
> Hello,
>
>  
>
> check process capabilities (if EOMEM is errno 12 in your
> installation as well):
>
> *Errors*
>
> *ENOMEM*
>
> (Linux 2.6.9 and later) the caller had a nonzero *RLIMIT_MEMLOCK*
> soft resource limit, but tried to lock more memory than the limit
> permitted. This limit is not enforced if the process is privileged
> (*CAP_IPC_LOCK*).
>
> Cheers,
>
>  
>
> Henning
>
>  
>
> -- 
>
> Henning Westerholt – https://skalatan.de/blog/
>
> Kamailio services – https://gilawa.com 
>
>  
>
>  
>
> *From:*sr-users  > *On Behalf Of *Joel
> Serrano
> *Sent:* Wednesday, July 8, 2020 12:16 AM
> *To:* Kamailio (SER) - Users Mailing List
> mailto:sr-users@lists.kamailio.org>>
> *Subject:* [SR-Users] failed to lock the memory pages (disable
> swap) WARNING
>
>  
>
> Hi all, 
>
>  
>
> Can anyone give me some info on what this warning means:
>
>  
>
> Jul  7 17:02:29 csbc02 csbc[16006]: WARNING: 
> [core/daemonize.c:596]: mem_lock_pages(): failed to lock the
> memory pages (disable swap): Cannot allocate memory [12]
>
>  
>
>  
>
>  
>
> Yes, if I set mlock_pages=no I don't see the warning, but I'm
> trying to understand why can't it allocate with mlock_pages=yes.
>
>  
>
> Joel.
>
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Install 5.3 on Ubuntu 20.04 With MySQL 8

[Mark Boyce]

Hi

Yes not surprised.  Ubuntu has been lagging behind on MySQL v5 for ages, which 
is one of the reasons I use MySQLs own repo.  I have been using Ubuntu 18.04 
with kamailio 5.3 from repo, MySQL 8 from MySQL repo, and TLS without issue.

Cheers
Mark

> On 27 Jul 2020, at 09:46, Daniel-Constantin Mierla  wrote:
> 
> Hello,
> 
> ok, thanks for these details!
> 
> I asked mainly because the libmysqlclient seems to have some issues in older 
> ubuntu (16.04 and 18.04) when using tls and libssl 1.1, based on reports on 
> community. Nothing similar reported when using mariadb so far.
> Cheers,
> Daniel
> On 27.07.20 10:25, Mark Boyce wrote:
>> Hi
>> 
>> Package - Cool.  FYI 5.4 from git seems to compile ok, although I’m only 
>> compiling modules I’m using.  (Only issue I’m having is G729 for rtpengine, 
>> but that’s another story...)
>> 
>> MySQL - Using MySQL’s repo is force of habit for getting v8.  Ubuntu has 
>> been shipping with MySQL v5.7, although having just checked on 20.04 is 
>> finally shipping with MySQL 8.0.20 now
>> 
>> Package: mysql-server
>> Versions:
>> 8.0.21-1ubuntu20.04 (/var/lib/apt/lists/repo.mysql.com 
>> _apt_ubuntu_dists_focal_mysql-8.0_binary-amd64_Packages) 
>> (/var/lib/dpkg/status)
>>  Description Language:
>>  File: 
>> /var/lib/apt/lists/repo.mysql.com_apt_ubuntu_dists_focal_mysql-8.0_binary-amd64_Packages
>>   MD5: 40f35c3f688a48dea4283a87850ef877
>> 
>> 8.0.20-0ubuntu0.20.04.1 (/var/lib/apt/lists/nova.clouds.archive.ubuntu.com 
>> _ubuntu_dists_focal-updates_main_binary-amd64_Packages) 
>> (/var/lib/apt/lists/security.ubuntu.com_ubuntu_
>> dists_focal-security_main_binary-amd64_Packages)
>>  Description Language:
>>  File: 
>> /var/lib/apt/lists/nova.clouds.archive.ubuntu.com_ubuntu_dists_focal_main_binary-amd64_Packages
>>   MD5: 743caadb7bcc9923a15d886cf7260d23
>> 
>> Maria 10.3 is also available on Ubuntu 20.04
>> 
>> Package: mariadb-server
>> Versions:
>> 1:10.3.22-1ubuntu1 
>> (/var/lib/apt/lists/nova.clouds.archive.ubuntu.com_ubuntu_dists_focal_universe_binary-amd64_Packages)
>>  Description Language:
>>  File: /var/lib/apt/lists/nova.clouds.archive.ubuntu.com 
>> _ubuntu_dists_focal_universe_binary-amd64_Packages
>>   MD5: 47753d361ef73aaa0d808a49d4717d3f
>> 
>> To get 10.5 (Stable) we’d need to use the Maria Repo 
>> https://mariadb.org/download/#mariadb-repositories 
>> 
>> 
>> Cheers
>> Mark
>> 
>> 
>>> On 27 Jul 2020, at 09:02, Daniel-Constantin Mierla >> > wrote:
>>> 
>>> Hello,
>>> 
>>> there is an open issue on tracker for adding packaging jobs for Ubuntu
>>> 20.04, hopefully Victor can find some time soon for it:
>>> 
>>>   - https://github.com/kamailio/kamailio/issues/2338 
>>> 
>>> 
>>> Otherwise I am curious to know if MySQL server is shipped with Ubuntu
>>> 20.04 by default? You said "MySQL 8 (From MySQL Repo)", just want to be
>>> sure if MySQL or MariaDB is the default one (maybe you wanted to use
>>> MySQL Repo to get a more recent version).
>>> 
>>> Cheers,
>>> Daniel
>>> 
>>> On 24.07.20 20:27, Mark Boyce wrote:
 Hi all
 
 This is installing 5.3 for Bionic (18.04) on Focal (20.04) but as I know 
 you’re in the throws of building 5.4 thought I'd throw this out there in 
 case it changes anything;
 
 Installing kamailio from;
 deb http://deb.kamailio.org/kamailio53 
  bionic main
 
 
 The following packages have unmet dependencies:
 kamailio : Depends: libreadline7 (>= 6.0) but it is not installable
 kamailio-mysql-modules : Depends: libmysqlclient20 (>= 5.7.11) but it is 
 not installable
 kamailio-redis-modules : Depends: libhiredis0.13 (>= 0.13.1) but it is not 
 installable
 
 libreadline7   -> libreadline8 (v 8.0-4)
 libmysqlclient20   -> libmysqlclient21 (v 8.0.21-1ubuntu20.04)
 libhiredis0.13 -> libhiredis-dev  (v 0.14.0-6).
 
 
 Ubuntu Server 20.04 LTS (focal)
 MySQL 8 (From MySQL Repo)
 Redis 6 from latest stable 
 
 
 Best regards
 Mark
 -- 
 Mark Boyce
 Dark Origins Ltd
 ___
 Kamailio (SER) - Users Mailing List
 sr-users@lists.kamailio.org 
 https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users 
 
>>> 
>>> -- 
>>> Daniel-Constantin Mierla -- www.asipto.com 
>>> www.twitter.com/miconda  -- 
>>> www.linkedin.com/in/miconda 
>>> Funding: https://www.paypal.me/dcmierla 
>>> 
>> 
>> 
>>

Re: [SR-Users] Install 5.3 on Ubuntu 20.04 With MySQL 8

[Daniel-Constantin Mierla]

Hello,

ok, thanks for these details!

I asked mainly because the libmysqlclient seems to have some issues in
older ubuntu (16.04 and 18.04) when using tls and libssl 1.1, based on
reports on community. Nothing similar reported when using mariadb so far.

Cheers,
Daniel

On 27.07.20 10:25, Mark Boyce wrote:
> Hi
>
> Package - Cool.  FYI 5.4 from git seems to compile ok, although I’m
> only compiling modules I’m using.  (Only issue I’m having is G729 for
> rtpengine, but that’s another story...)
>
> MySQL - Using MySQL’s repo is force of habit for getting v8.  Ubuntu
> has been shipping with MySQL v5.7, although having just checked on
> 20.04 is finally shipping with MySQL 8.0.20 now
>
> Package: mysql-server
> Versions:
> *8.0.21*-1ubuntu20.04 (/var/lib/apt/lists/repo.*mysql.com
> *_apt_ubuntu_dists_focal_mysql-8.0_binary-amd64_Packages)
> (/var/lib/dpkg/status)
>  Description Language:
>                  File:
> /var/lib/apt/lists/repo.mysql.com_apt_ubuntu_dists_focal_mysql-8.0_binary-amd64_Packages
>                   MD5: 40f35c3f688a48dea4283a87850ef877
>
> *8.0.20*-0ubuntu0.20.04.1
> (/var/lib/apt/lists/nova.clouds.archive.*ubuntu.com
> *_ubuntu_dists_focal-updates_main_binary-amd64_Packages)
> (/var/lib/apt/lists/security.ubuntu.com_ubuntu_
> dists_focal-security_main_binary-amd64_Packages)
>  Description Language:
>                  File:
> /var/lib/apt/lists/nova.clouds.archive.ubuntu.com_ubuntu_dists_focal_main_binary-amd64_Packages
>                   MD5: 743caadb7bcc9923a15d886cf7260d23
>
> Maria 10.3 is also available on Ubuntu 20.04
>
> Package: mariadb-server
> Versions:
> 1:10.3.22-1ubuntu1
> (/var/lib/apt/lists/nova.clouds.archive.ubuntu.com_ubuntu_dists_focal_universe_binary-amd64_Packages)
>  Description Language:
>                  File:
> /var/lib/apt/lists/nova.clouds.archive.*ubuntu.com
> *_ubuntu_dists_focal_universe_binary-amd64_Packages
>                   MD5: 47753d361ef73aaa0d808a49d4717d3f
>
> To get 10.5 (Stable) we’d need to use the Maria
> Repo https://mariadb.org/download/#mariadb-repositories
>
> Cheers
> Mark
>
>
>> On 27 Jul 2020, at 09:02, Daniel-Constantin Mierla > > wrote:
>>
>> Hello,
>>
>> there is an open issue on tracker for adding packaging jobs for Ubuntu
>> 20.04, hopefully Victor can find some time soon for it:
>>
>>   - https://github.com/kamailio/kamailio/issues/2338
>>
>> Otherwise I am curious to know if MySQL server is shipped with Ubuntu
>> 20.04 by default? You said "MySQL 8 (From MySQL Repo)", just want to be
>> sure if MySQL or MariaDB is the default one (maybe you wanted to use
>> MySQL Repo to get a more recent version).
>>
>> Cheers,
>> Daniel
>>
>> On 24.07.20 20:27, Mark Boyce wrote:
>>> Hi all
>>>
>>> This is installing 5.3 for Bionic (18.04) on Focal (20.04) but as I
>>> know you’re in the throws of building 5.4 thought I'd throw this out
>>> there in case it changes anything;
>>>
>>> Installing kamailio from;
>>> deb http://deb.kamailio.org/kamailio53 bionic main
>>>
>>>
>>> The following packages have unmet dependencies:
>>> kamailio : Depends: libreadline7 (>= 6.0) but it is not installable
>>> kamailio-mysql-modules : Depends: libmysqlclient20 (>= 5.7.11) but
>>> it is not installable
>>> kamailio-redis-modules : Depends: libhiredis0.13 (>= 0.13.1) but it
>>> is not installable
>>>
>>> libreadline7-> libreadline8 (v 8.0-4)
>>> libmysqlclient20-> libmysqlclient21 (v 8.0.21-1ubuntu20.04)
>>> libhiredis0.13-> libhiredis-dev  (v 0.14.0-6).
>>>
>>>
>>> Ubuntu Server 20.04 LTS (focal)
>>> MySQL 8 (From MySQL Repo)
>>> Redis 6 from latest stable
>>>
>>>
>>> Best regards
>>> Mark
>>> -- 
>>> Mark Boyce
>>> Dark Origins Ltd
>>> ___
>>> Kamailio (SER) - Users Mailing List
>>> sr-users@lists.kamailio.org 
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>> -- 
>> Daniel-Constantin Mierla -- www.asipto.com 
>> www.twitter.com/miconda  --
>> www.linkedin.com/in/miconda 
>> Funding: https://www.paypal.me/dcmierla
>>
>
>
> -- 
> Mark Boyce
> Dark Origins Ltd
> e: m...@darkorigins.com 

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Using GeoIP2 AS Lookup?

[Mark Boyce]

Hi

I only have ubuntu to hand.  The latest v20.04 still seems to include a country 
db version, although it’s from Dec 2019.

Completely agree on security, and still wondering how much admin overhead 
maintaining it is.

At the moment I’m thinking of layering it like this;

- Fixed IP
- Dynamic IP but Fixed ISP (AS)
- Mobile but Fixed/Limited Country
- Mobile no restrictions

Also playing with matching User-Agent from headers against a list of RegEx’s to 
verify that the endpoint is the make/model expected.  


GeoIP Module - Great.  I’ll have a look at module source and try to document 
what’s involved.


Cheers
Mark

> On 27 Jul 2020, at 09:14, Daniel-Constantin Mierla  wrote:
> 
> Hello,
> 
> indeed, I noticed a while ago MaxMind requires registration to fetch the
> latest database, from that point I was still using a local copy of an
> older version for testing. Are the major Linux distros still shipping it?
> 
> I can add lookup of AS to the module -- it would be appreciated and
> speed up things if you can give some references/links to the API/library
> docs for it.
> 
> As for how much security it can bring, as always, it depends. If you
> have only fixed lines customers, then it can be an extra check. But if
> the people can use mobile apps, they can go in parks, or public places
> and use mobile carriers or public wifi networks. Also, I encountered
> situations when people do vpn from their mobile and show up as coming
> from another country, a matter where the vpn server is located.
> 
> In general, the more restrictions you can set for end point locations,
> the better. Still, they can be compromised even if they are inside a
> known isp network...
> 
> Cheers,
> Daniel
> 
> On 23.07.20 12:18, Mark Boyce wrote:
>> Hi all
>> 
>> Just looking at the latest GeoIP2 MaxMind databases (now requires 
>> registration, but still free) and noticed that they also include the AS 
>> (ISP) lookup one in the free offering.
>> 
>> Wondering if this is another way to facilitate better security for users on 
>> dynamic IP. Typically working from home these days.
>> 
>> So, rather than just limiting an end device to a country we could limit it 
>> to a particular ISP within that country.
>> 
>> Has anyone tried this? Have I missed a reason why this wouldn’t help?  Admin 
>> overhead not worth it?
>> 
>> Thoughts?
>> 
>> Best regards
>> Mark
>> -- 
>> Mark Boyce
>> Dark Origins Ltd
>> 
>> ___
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> 
> -- 
> Daniel-Constantin Mierla -- www.asipto.com
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Funding: https://www.paypal.me/dcmierla
> 


-- 
Mark Boyce
Dark Origins Ltd
e: m...@darkorigins.com 
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Install 5.3 on Ubuntu 20.04 With MySQL 8

[Mark Boyce]

Hi

Package - Cool.  FYI 5.4 from git seems to compile ok, although I’m only 
compiling modules I’m using.  (Only issue I’m having is G729 for rtpengine, but 
that’s another story...)

MySQL - Using MySQL’s repo is force of habit for getting v8.  Ubuntu has been 
shipping with MySQL v5.7, although having just checked on 20.04 is finally 
shipping with MySQL 8.0.20 now

Package: mysql-server
Versions:
8.0.21-1ubuntu20.04 
(/var/lib/apt/lists/repo.mysql.com_apt_ubuntu_dists_focal_mysql-8.0_binary-amd64_Packages)
 (/var/lib/dpkg/status)
 Description Language:
 File: 
/var/lib/apt/lists/repo.mysql.com_apt_ubuntu_dists_focal_mysql-8.0_binary-amd64_Packages
  MD5: 40f35c3f688a48dea4283a87850ef877

8.0.20-0ubuntu0.20.04.1 
(/var/lib/apt/lists/nova.clouds.archive.ubuntu.com_ubuntu_dists_focal-updates_main_binary-amd64_Packages)
 (/var/lib/apt/lists/security.ubuntu.com_ubuntu_
dists_focal-security_main_binary-amd64_Packages)
 Description Language:
 File: 
/var/lib/apt/lists/nova.clouds.archive.ubuntu.com_ubuntu_dists_focal_main_binary-amd64_Packages
  MD5: 743caadb7bcc9923a15d886cf7260d23

Maria 10.3 is also available on Ubuntu 20.04

Package: mariadb-server
Versions:
1:10.3.22-1ubuntu1 
(/var/lib/apt/lists/nova.clouds.archive.ubuntu.com_ubuntu_dists_focal_universe_binary-amd64_Packages)
 Description Language:
 File: 
/var/lib/apt/lists/nova.clouds.archive.ubuntu.com_ubuntu_dists_focal_universe_binary-amd64_Packages
  MD5: 47753d361ef73aaa0d808a49d4717d3f

To get 10.5 (Stable) we’d need to use the Maria Repo 
https://mariadb.org/download/#mariadb-repositories 


Cheers
Mark


> On 27 Jul 2020, at 09:02, Daniel-Constantin Mierla  wrote:
> 
> Hello,
> 
> there is an open issue on tracker for adding packaging jobs for Ubuntu
> 20.04, hopefully Victor can find some time soon for it:
> 
>   - https://github.com/kamailio/kamailio/issues/2338
> 
> Otherwise I am curious to know if MySQL server is shipped with Ubuntu
> 20.04 by default? You said "MySQL 8 (From MySQL Repo)", just want to be
> sure if MySQL or MariaDB is the default one (maybe you wanted to use
> MySQL Repo to get a more recent version).
> 
> Cheers,
> Daniel
> 
> On 24.07.20 20:27, Mark Boyce wrote:
>> Hi all
>> 
>> This is installing 5.3 for Bionic (18.04) on Focal (20.04) but as I know 
>> you’re in the throws of building 5.4 thought I'd throw this out there in 
>> case it changes anything;
>> 
>> Installing kamailio from;
>> deb http://deb.kamailio.org/kamailio53 bionic main
>> 
>> 
>> The following packages have unmet dependencies:
>> kamailio : Depends: libreadline7 (>= 6.0) but it is not installable
>> kamailio-mysql-modules : Depends: libmysqlclient20 (>= 5.7.11) but it is not 
>> installable
>> kamailio-redis-modules : Depends: libhiredis0.13 (>= 0.13.1) but it is not 
>> installable
>> 
>> libreadline7 -> libreadline8 (v 8.0-4)
>> libmysqlclient20 -> libmysqlclient21 (v 8.0.21-1ubuntu20.04)
>> libhiredis0.13   -> libhiredis-dev  (v 0.14.0-6).
>> 
>> 
>> Ubuntu Server 20.04 LTS (focal)
>> MySQL 8 (From MySQL Repo)
>> Redis 6 from latest stable 
>> 
>> 
>> Best regards
>> Mark
>> -- 
>> Mark Boyce
>> Dark Origins Ltd
>> ___
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> 
> -- 
> Daniel-Constantin Mierla -- www.asipto.com
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Funding: https://www.paypal.me/dcmierla
> 


-- 
Mark Boyce
Dark Origins Ltd
e: m...@darkorigins.com ___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Using GeoIP2 AS Lookup?

[Daniel-Constantin Mierla]

Hello,

indeed, I noticed a while ago MaxMind requires registration to fetch the
latest database, from that point I was still using a local copy of an
older version for testing. Are the major Linux distros still shipping it?

I can add lookup of AS to the module -- it would be appreciated and
speed up things if you can give some references/links to the API/library
docs for it.

As for how much security it can bring, as always, it depends. If you
have only fixed lines customers, then it can be an extra check. But if
the people can use mobile apps, they can go in parks, or public places
and use mobile carriers or public wifi networks. Also, I encountered
situations when people do vpn from their mobile and show up as coming
from another country, a matter where the vpn server is located.

In general, the more restrictions you can set for end point locations,
the better. Still, they can be compromised even if they are inside a
known isp network...

Cheers,
Daniel

On 23.07.20 12:18, Mark Boyce wrote:
> Hi all
>
> Just looking at the latest GeoIP2 MaxMind databases (now requires 
> registration, but still free) and noticed that they also include the AS (ISP) 
> lookup one in the free offering.
>
> Wondering if this is another way to facilitate better security for users on 
> dynamic IP. Typically working from home these days.
>
> So, rather than just limiting an end device to a country we could limit it to 
> a particular ISP within that country.
>
> Has anyone tried this? Have I missed a reason why this wouldn’t help?  Admin 
> overhead not worth it?
>
> Thoughts?
>
> Best regards
> Mark
> -- 
> Mark Boyce
> Dark Origins Ltd
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla


___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] kamailio 5.3.5 - none local route header

[Daniel-Constantin Mierla]

Hello,

that can happen if you have CARRIER_IP as value for alias global
parameter or inside the domain module records with register_myself
modparam enabled. Can you chack if any of those cases happens?

Cheers,
Daniel

On 24.07.20 12:58, Jonathan Hunter wrote:
>
> Hi Guys,
>
>  
>
> Sorry if this is too generic or silly a question but I am testing
>
> kamailio 5.3.5 within Azure and its behind NAT.
>
>  
>
> I am having an issue with passing an ACK from our internal side back
> out to
>
> the carrier side and it appears having run loose_route a none local
> route-header is
>
> consistently being removed by kamailio at this point.
>
>  
>
> ie Route: 
>
>  
>
> Is this normal or configuration related?
>
>  
>
> As I am unsure within what scenario I would remove a route header
> which doesnt contain the local
>
> Proxy IP.
>
>  
>
> Please can someone advise?
>
>  
>
> Many thanks
>
>  
>
> Jon
>
>  
>
> Sent from Mail  for
> Windows 10
>
>  
>
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Install 5.3 on Ubuntu 20.04 With MySQL 8

[Daniel-Constantin Mierla]

Hello,

there is an open issue on tracker for adding packaging jobs for Ubuntu
20.04, hopefully Victor can find some time soon for it:

  - https://github.com/kamailio/kamailio/issues/2338

Otherwise I am curious to know if MySQL server is shipped with Ubuntu
20.04 by default? You said "MySQL 8 (From MySQL Repo)", just want to be
sure if MySQL or MariaDB is the default one (maybe you wanted to use
MySQL Repo to get a more recent version).

Cheers,
Daniel

On 24.07.20 20:27, Mark Boyce wrote:
> Hi all
>
> This is installing 5.3 for Bionic (18.04) on Focal (20.04) but as I know 
> you’re in the throws of building 5.4 thought I'd throw this out there in case 
> it changes anything;
>
> Installing kamailio from;
> deb http://deb.kamailio.org/kamailio53 bionic main
>
>
> The following packages have unmet dependencies:
>  kamailio : Depends: libreadline7 (>= 6.0) but it is not installable
>  kamailio-mysql-modules : Depends: libmysqlclient20 (>= 5.7.11) but it is not 
> installable
>  kamailio-redis-modules : Depends: libhiredis0.13 (>= 0.13.1) but it is not 
> installable
>
> libreadline7  -> libreadline8 (v 8.0-4)
> libmysqlclient20  -> libmysqlclient21 (v 8.0.21-1ubuntu20.04)
> libhiredis0.13-> libhiredis-dev  (v 0.14.0-6).
>
>
> Ubuntu Server 20.04 LTS (focal)
> MySQL 8 (From MySQL Repo)
> Redis 6 from latest stable 
>
>
> Best regards
> Mark
> -- 
> Mark Boyce
> Dark Origins Ltd
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla


___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Dialog - timeout for dlg with CallID

[Daniel-Constantin Mierla]

Hello,

this sounds like the ACK is  not matched for dialog processing and the
early_timeout is firing. I just pushed a commit to dialog module to
print the old state when the timeout callback function is executed,
maybe you can test with it -- it is in branch 5.3:

  -
https://github.com/kamailio/kamailio/commit/ff2f8c4e63b4fefa7dc5b10835505c3c4ae84388

Otherwise, maybe call dlg_manage() for ACK, although the loose_route()
callback should be executed and ACK handled for dialog processing.

Cheers,
Daniel

On 24.07.20 12:46, Ilie Soltanici wrote:
> Hello,
>
> I'm trying to get CDR working in Kamailio by using the acc and dialog
> modules. Everything seemed to be working fine - until i noticed that
> for some of the calls the call duration is 0, even if that call has
> been successfully established and duration was for about a few
> minutes. In the Kamailio logs I'm getting such errors:
>
> WARNING: dialog [dlg_handlers.c:1649]: dlg_ontimeout(): timeout for
> dlg with CallID '304bad142b50bb3a7a117816439ea3d5' and tags
> 'as3adde5c7' '7d28152f-e0e3-4bcf-9d5c-21c3723b95c5'
> WARNING: acc [acc_cdr.c:230]: db_write_cdr(): fallback to dlg_only
> search because of message doesn't exist.
>
> This error I'm getting at about 2 min after the ACK message for 200
> OK. I'm not sure that this is related to the dialog timeout, but below
> you can see the related configuration for the dialog module:
>
> modparam("dialog", "default_timeout", 10800) # 3 hours
> modparam("dialog", "early_timeout", 180)
> modparam("dialog", "noack_timeout", 90)
>
> Unfortunately, I'm not able to reproduce this issue, as that's
> happening randomly and just a few times per day. On the SIP Level i
> didn't notice any strange issues.
>
> Any ideas why is that happening?
> Thank you.
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Kamailio Dockerization

[Sergey Safarov]

Issue documented here
https://github.com/moby/libnetwork/issues/2423

you can use

/usr/bin/docker run --net=host --privileged --rm
claesjonsson/conntrack -D --proto udp



On Mon, Jul 27, 2020 at 10:28 AM Edward Romanenco 
wrote:

> Hi,
>
> I am working on a project involving Kamailio dockerezation, which is meant
> to run alongside Freeswitch and RTPEngine containers, on the basis of a
> Docker-Compose file which is launched on top of a CentOS 7.7 host system.
> I was able to create and run the containers successfully, they are
> starting and listening to the correct ports, but for some unexplained
> reason - the incoming SIP traffic is not getting picked up by Kamailio. I
> can easily trace the traffic from the host, but when SSHing the container
> and running a test from within, no traffic goes by.
> I've used netcat to generate plain UDP traffic to the container, and it
> was logged into the Kamailio log files, but real-life traffic doesn't seem
> to work.
> I've tried moving to host mode (from bridge), but it didn't make any
> difference. All required firewall rules were opened obviously, I've also
> tried shutting the firewall off completely but it didn't help.
>
> Does anyone experienced anything similar while running Kamailio in
> Dockers, and could provide me a go-through on what steps did he take to fix
> it?
>
> EXCERPT FROM MY DOCKERFILE
>
> # Getting Kamailio source code from GIT
> RUN mkdir -p /usr/local/src/kamailio-5.3
> WORKDIR /usr/local/src/kamailio-5.3
> RUN git clone --depth 1 --no-single-branch 
> https://github.com/kamailio/kamailio
> WORKDIR /usr/local/src/kamailio-5.3/kamailio
> RUN git checkout -b 5.3.2
>
> # Compile the source code and install Kamailio
> RUN make include_modules="phonenum db_mysql xmlrpc http_async_client jansson 
> auth_db nathelper websocket tls outbound topoh http_client" cfg && \
> make all && make install
>
> # Default setting is to run Kamailio as user “kamailio” and group “kamailio”
> RUN adduser --quiet --system --group --disabled-password \
> --shell /bin/false --gecos "Kamailio" \
> --home /var/run/kamailio kamailio
>
> # To use init.d script for starting/stopping the Kamailio server
> COPY Init/kamailio /etc/init.d/
> RUN chmod 755 /etc/init.d/kamailio
> COPY Default/kamailio /etc/default/
> COPY kamailio.service /etc/systemd/system/
> RUN mkdir -p /var/run/kamailio
> RUN chown kamailio:kamailio /var/run/kamailio
>
> COMPOSE (BRIDGE NETWORK VERSION)
>
> kamailioegress:
>   build: kamailio_egress
>   image: kamailioegress:latest
>   container_name: kamailioegress
>   restart: always
>   environment:
> - DATABASE=kamailioe
> - SIP_DOMAIN=XXX
> - DBHOST=kamailiodb
> - DBROOTUSER=root
> - DBROOTPASS=XXX
> - PUBLIC_IPV4=XXX
>   depends_on:
> - Kamailio-Base
> - kmdb
> - freeswitch
> - rtpengine
>   expose:
> - "5060/udp"
> - "5060/tcp"
>   ports:
> - "XXX:5060:5060/udp"
>   networks:
> private-net:
>   ipv4_address: "172.18.0.30"
>   deploy:
> mode: replicated
> replicas: 1
> restart_policy:
>   condition: always
>   delay: 5s
>   max_attempts: 3
>   window: 120s
>
> networks:
>   private-net:
> driver: bridge
> ipam:
>   config:
> - subnet: 172.18.0.0/16
> driver_opts:
>   com.docker.network.bridge.name: wrtcpriv
>   public-net:
> external:
>   name: host
>
> ​COMPOSE (HOST MODE VERSION)
>
> kamailioegress:
>   build: kamailio_egress
>   image: kamailioegress:latest
>   container_name: kamailioegress
>   network_mode: host
>   restart: always
>   environment:
> - DATABASE=kamailioe
> - SIP_DOMAIN=XXX
> - DBHOST=172.18.0.10
> - DBROOTUSER=root
> - DBROOTPASS=XXX
> - PUBLIC_IPV4=XXX
> - EGPORT=5060
> - LINTE=ens224
> - LINTI=ens192
> - RTPENGINE=localhost
>   depends_on:
> - Kamailio-Base
> - kmdb
> - freeswitch
> - rtpengine
>   expose:
> - "5060/udp"
>   ports:
> - "213.8.76.13:5060:5060/udp"
>   deploy:
> mode: replicated
> replicas: 1
> restart_policy:
>   condition: always
>   delay: 5s
>   max_attempts: 3
>   window: 120s
>
> CONFIG FILE
>
> /* uncomment and configure the following line if you want Kamailio to
>  * bind on a specific interface/port/proto (default bind on all available) */
> listen=udp:0.0.0.0:LPORT advertise PUBLIC_IP:LPORT
>
> KAMAILIO-LOCALE
>
> #!define DBURL "mysql://root:XXX@DBHOST/kamailioe"
> #!substdef "!MY_DBURL!mysql://root:XXX@DBHOST/kamailioe!g"
> #!substdef "!RTPENGINE!MY_RTPENGINE!g"
> #!substdef "!SIP_DOMAIN!MY_SIP_DOMAIN!g"
> #!substdef "!PUBLIC_IP!MY_PUBLIC_IP!g"
> #!substdef "!PRIVATE_IP!MY_PRIVATE_IP!g"
> #!substdef "!LPORT!MY_LPORT!g"
> #!substdef "!LINT!MY_LINT!g"
> #!substdef "!HOMER_IP!10.1.0.100!g"
> #!substdef "!API_URL!http://localhost:3000/v1/mock!g";
> #!substdef "/CCODES/972|380/"
> #!substdef "/NUM_TRANSLATE_OUT_RE/+?(CCODES)([0-9]+)/"
> #!substdef "/NUM_TRANSLATE_IN_RE