Re: [SR-Users] Unknown caller gets online user's identity
Hello,
There is a message Possible Security issue with Kamailio - Asterisk
Realtime integration in Asterisk users mailing list:
http://lists.digium.com/pipermail/asterisk-users/2013-February/277633.html
I think the problem I have is somewhat similar.
Should I suppose that there is a security risk in Kamailio - Asterisk
realtime integration, and if this is a case what I can do to eliminate
this risk?
Best,
Teijo
16.7.2014 9:44, g.aloi...@gmail.com kirjoitti:
Hello,
Has anybody any solution or suggestion?
If I for example launch MicroSIP (no doubt it could be some other SIP
client), and simply call:
sip:some_extens...@my.public.ip.address
call is established, if there is online user/users. Naturally this
incoming call should be handled by Asterisk in context where I have
defined unauthorized calls are handled, but in stead, the call goes
online user's context.
To get this situation I don't need to define any account information in
MicroSIP.
I have not set passwords for users in Asterisk to avoid double
authorization. May this cause the behavior? I have not set default user
or from user in my peer definitions. I am not registering Kamailio to
Asterisk - I mean I have no peer definition for Kamailio in sip.conf.
I do not know what direction to go to. I would be happy, if I should not
go to the trial and error path so any help is welcome.
Thanks in advance,
Teijo
14.7.2014 9:06, g.aloi...@gmail.com kirjoitti:
Hello,
If one places call, and tell that my from domain is your Kamailio's
IP, call is established, because Asterisk accepts requests from
Kamailio. One problem is that it's unpredictable in this case what is
the context where thiskind of call is handled by Asterisk.
This situation requires that I change something in my setup. If I decide
accept calls only from my users, I suppose that it can be quite easily
done by modifying if statement referred below or at least by applying
instructions found here:
http://www.kamailio.org/dokuwiki/doku.php/examples:restrict-calls-to-registered-users
However, I'm somewhat unsure what should I do, if I decide to accept
calls from any caller - not only from my users.
Best,
Teijo
12.7.2014 19:36, Muhammad Shahzad kirjoitti:
Well, this
*if (from_uri!=myself uri!=myself)*
Means neither source nor destination is our user. Which implies that
if our
domain is A, then call from domain B to C is not possible. However,
calls
from B or C to A and A to B or C are possible. That is way an
unauthorized user gets passed and reaches asterisk. Asterisk accepts it
since call is coming from kamailio and tries to route it back to
kamailio,
where kamailio finds user online and thus it goes through.
You should really break down this,
*if (from_uri!=myself uri!=myself)*
into something like this for clarity,
*if (from_uri!=myself) { *
* if (uri!=myself) {*
* # neither source nor destination is our user*
* } else {*
* # source is not our user but destination is our user*
* };*
*} else {*
* if (uri!=myself) {*
* # source is our user but destination is not our user*
* } else {*
* # both source and destination are our users*
* };*
*};*
Hope this helps.
Thank you.
On Fri, Jul 11, 2014 at 5:36 PM, g.aloi...@gmail.com wrote:
Hello,
I'm using Kamailio version 4.1.4+precise (amd64).
I have followed Kamailio 4.0.x and Asterisk 11.3.0 Realtime
Integration
using Asterisk Database (http://kb.asipto.com/
asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb). One main
difference in my setup compared to that one is that I continued use of
Kamailio's database.
The problem is as follows:
I decided to put Kamailio and through it Asterisk reachable from
internet.
I have tried to configure Asterisk so that only calls of registered
users
would be possible, and they could only call to other registered
users or
conference rooms and echo test number.
Then I took the following steps:
I ensured that there was no online users with kamctl online. Then I
launched MicroSIP (www.microsip.org), but I did not defined account, I
simply set the protocol to tls and media encryption to mandatory,
because
I'm using these.
I called to extension with x...@my.public.ip.address (where xxx is
extension) getting unauthorized. And that was what I wanted.
But if there is online users, calls go through, and incoming call is
coming from Asterisk (in syslog I can find out that src_user=asterisk).
Kamailio and Asterisk are listening the same IP address, but different
port. I have refused connections to the Asterisk's port with iptables.
I have defined my public IP address as domain in sip.conf. There is
also
other domain defined which corresponds to users' domain I am using in
Kamailio's database.
In kamailio.cfg there is if statement which prevents Kamailio not to be
open relay:
if (from_uri!=myself uri!=myself)
...
If I change this for example:
if (from_uri!=myself || uri!=myself)
I get what I want this time: no calls from outside, but I
Re: [SR-Users] Unknown caller gets online user's identity
Hello,
Try allow allowguest=no in sip.conf [general] context and create a peer for
kamailio in sip.comf
Regards
Cibin
On 17-Jul-2014, at 12:52 pm, g.aloi...@gmail.com wrote:
Hello,
There is a message Possible Security issue with Kamailio - Asterisk Realtime
integration in Asterisk users mailing list:
http://lists.digium.com/pipermail/asterisk-users/2013-February/277633.html
I think the problem I have is somewhat similar.
Should I suppose that there is a security risk in Kamailio - Asterisk
realtime integration, and if this is a case what I can do to eliminate this
risk?
Best,
Teijo
16.7.2014 9:44, g.aloi...@gmail.com kirjoitti:
Hello,
Has anybody any solution or suggestion?
If I for example launch MicroSIP (no doubt it could be some other SIP
client), and simply call:
sip:some_extens...@my.public.ip.address
call is established, if there is online user/users. Naturally this
incoming call should be handled by Asterisk in context where I have
defined unauthorized calls are handled, but in stead, the call goes
online user's context.
To get this situation I don't need to define any account information in
MicroSIP.
I have not set passwords for users in Asterisk to avoid double
authorization. May this cause the behavior? I have not set default user
or from user in my peer definitions. I am not registering Kamailio to
Asterisk - I mean I have no peer definition for Kamailio in sip.conf.
I do not know what direction to go to. I would be happy, if I should not
go to the trial and error path so any help is welcome.
Thanks in advance,
Teijo
14.7.2014 9:06, g.aloi...@gmail.com kirjoitti:
Hello,
If one places call, and tell that my from domain is your Kamailio's
IP, call is established, because Asterisk accepts requests from
Kamailio. One problem is that it's unpredictable in this case what is
the context where thiskind of call is handled by Asterisk.
This situation requires that I change something in my setup. If I decide
accept calls only from my users, I suppose that it can be quite easily
done by modifying if statement referred below or at least by applying
instructions found here:
http://www.kamailio.org/dokuwiki/doku.php/examples:restrict-calls-to-registered-users
However, I'm somewhat unsure what should I do, if I decide to accept
calls from any caller - not only from my users.
Best,
Teijo
12.7.2014 19:36, Muhammad Shahzad kirjoitti:
Well, this
*if (from_uri!=myself uri!=myself)*
Means neither source nor destination is our user. Which implies that
if our
domain is A, then call from domain B to C is not possible. However,
calls
from B or C to A and A to B or C are possible. That is way an
unauthorized user gets passed and reaches asterisk. Asterisk accepts it
since call is coming from kamailio and tries to route it back to
kamailio,
where kamailio finds user online and thus it goes through.
You should really break down this,
*if (from_uri!=myself uri!=myself)*
into something like this for clarity,
*if (from_uri!=myself) { *
* if (uri!=myself) {*
* # neither source nor destination is our user*
* } else {*
* # source is not our user but destination is our user*
* };*
*} else {*
* if (uri!=myself) {*
* # source is our user but destination is not our user*
* } else {*
* # both source and destination are our users*
* };*
*};*
Hope this helps.
Thank you.
On Fri, Jul 11, 2014 at 5:36 PM, g.aloi...@gmail.com wrote:
Hello,
I'm using Kamailio version 4.1.4+precise (amd64).
I have followed Kamailio 4.0.x and Asterisk 11.3.0 Realtime
Integration
using Asterisk Database (http://kb.asipto.com/
asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb). One main
difference in my setup compared to that one is that I continued use of
Kamailio's database.
The problem is as follows:
I decided to put Kamailio and through it Asterisk reachable from
internet.
I have tried to configure Asterisk so that only calls of registered
users
would be possible, and they could only call to other registered
users or
conference rooms and echo test number.
Then I took the following steps:
I ensured that there was no online users with kamctl online. Then I
launched MicroSIP (www.microsip.org), but I did not defined account, I
simply set the protocol to tls and media encryption to mandatory,
because
I'm using these.
I called to extension with x...@my.public.ip.address (where xxx is
extension) getting unauthorized. And that was what I wanted.
But if there is online users, calls go through, and incoming call is
coming from Asterisk (in syslog I can find out that src_user=asterisk).
Kamailio and Asterisk are listening the same IP address, but different
port. I have refused connections to the Asterisk's port with iptables.
I have defined my public IP address as domain in sip.conf. There is
also
other
Re: [SR-Users] Unknown caller gets online user's identity
Hello,
Try allow allowguest=no in sip.conf [general] context and create a peer for
kamailio in sip.comf
Regards
Cibin
On 17-Jul-2014, at 12:52 pm, g.aloi...@gmail.com wrote:
Hello,
There is a message Possible Security issue with Kamailio - Asterisk Realtime
integration in Asterisk users mailing list:
http://lists.digium.com/pipermail/asterisk-users/2013-February/277633.html
I think the problem I have is somewhat similar.
Should I suppose that there is a security risk in Kamailio - Asterisk
realtime integration, and if this is a case what I can do to eliminate this
risk?
Best,
Teijo
16.7.2014 9:44, g.aloi...@gmail.com kirjoitti:
Hello,
Has anybody any solution or suggestion?
If I for example launch MicroSIP (no doubt it could be some other SIP
client), and simply call:
sip:some_extens...@my.public.ip.address
call is established, if there is online user/users. Naturally this
incoming call should be handled by Asterisk in context where I have
defined unauthorized calls are handled, but in stead, the call goes
online user's context.
To get this situation I don't need to define any account information in
MicroSIP.
I have not set passwords for users in Asterisk to avoid double
authorization. May this cause the behavior? I have not set default user
or from user in my peer definitions. I am not registering Kamailio to
Asterisk - I mean I have no peer definition for Kamailio in sip.conf.
I do not know what direction to go to. I would be happy, if I should not
go to the trial and error path so any help is welcome.
Thanks in advance,
Teijo
14.7.2014 9:06, g.aloi...@gmail.com kirjoitti:
Hello,
If one places call, and tell that my from domain is your Kamailio's
IP, call is established, because Asterisk accepts requests from
Kamailio. One problem is that it's unpredictable in this case what is
the context where thiskind of call is handled by Asterisk.
This situation requires that I change something in my setup. If I decide
accept calls only from my users, I suppose that it can be quite easily
done by modifying if statement referred below or at least by applying
instructions found here:
http://www.kamailio.org/dokuwiki/doku.php/examples:restrict-calls-to-registered-users
However, I'm somewhat unsure what should I do, if I decide to accept
calls from any caller - not only from my users.
Best,
Teijo
12.7.2014 19:36, Muhammad Shahzad kirjoitti:
Well, this
*if (from_uri!=myself uri!=myself)*
Means neither source nor destination is our user. Which implies that
if our
domain is A, then call from domain B to C is not possible. However,
calls
from B or C to A and A to B or C are possible. That is way an
unauthorized user gets passed and reaches asterisk. Asterisk accepts it
since call is coming from kamailio and tries to route it back to
kamailio,
where kamailio finds user online and thus it goes through.
You should really break down this,
*if (from_uri!=myself uri!=myself)*
into something like this for clarity,
*if (from_uri!=myself) { *
* if (uri!=myself) {*
* # neither source nor destination is our user*
* } else {*
* # source is not our user but destination is our user*
* };*
*} else {*
* if (uri!=myself) {*
* # source is our user but destination is not our user*
* } else {*
* # both source and destination are our users*
* };*
*};*
Hope this helps.
Thank you.
On Fri, Jul 11, 2014 at 5:36 PM, g.aloi...@gmail.com wrote:
Hello,
I'm using Kamailio version 4.1.4+precise (amd64).
I have followed Kamailio 4.0.x and Asterisk 11.3.0 Realtime
Integration
using Asterisk Database (http://kb.asipto.com/
asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb). One main
difference in my setup compared to that one is that I continued use of
Kamailio's database.
The problem is as follows:
I decided to put Kamailio and through it Asterisk reachable from
internet.
I have tried to configure Asterisk so that only calls of registered
users
would be possible, and they could only call to other registered
users or
conference rooms and echo test number.
Then I took the following steps:
I ensured that there was no online users with kamctl online. Then I
launched MicroSIP (www.microsip.org), but I did not defined account, I
simply set the protocol to tls and media encryption to mandatory,
because
I'm using these.
I called to extension with x...@my.public.ip.address (where xxx is
extension) getting unauthorized. And that was what I wanted.
But if there is online users, calls go through, and incoming call is
coming from Asterisk (in syslog I can find out that src_user=asterisk).
Kamailio and Asterisk are listening the same IP address, but different
port. I have refused connections to the Asterisk's port with iptables.
I have defined my public IP address as domain in sip.conf. There is
also
other
Re: [SR-Users] Unknown caller gets online user's identity
Hello,
I have:
allowguest=no
contactpermit=kamailio.ip.addr.ess
I also have tried the approach that I have peer kamailio, but then all
calls seems to go to to the context defined for kamailio peer. I do not
know how I could in that case handle individual calls - for example
determine if given phone can call to given number or not.
Best,
Teijo
17.7.2014 10:48, Cibin Paul kirjoitti:
Hello,
Try allow* allowguest=no *in sip.conf [general] context and create a
peer for kamailio in sip.comf
Regards
Cibin
On 17-Jul-2014, at 12:52 pm, g.aloi...@gmail.com
mailto:g.aloi...@gmail.com wrote:
Hello,
There is a message Possible Security issue with Kamailio - Asterisk
Realtime integration in Asterisk users mailing list:
http://lists.digium.com/pipermail/asterisk-users/2013-February/277633.html
I think the problem I have is somewhat similar.
Should I suppose that there is a security risk in Kamailio - Asterisk
realtime integration, and if this is a case what I can do to eliminate
this risk?
Best,
Teijo
16.7.2014 9:44, g.aloi...@gmail.com mailto:g.aloi...@gmail.com
kirjoitti:
Hello,
Has anybody any solution or suggestion?
If I for example launch MicroSIP (no doubt it could be some other SIP
client), and simply call:
sip:some_extens...@my.public.ip.address
call is established, if there is online user/users. Naturally this
incoming call should be handled by Asterisk in context where I have
defined unauthorized calls are handled, but in stead, the call goes
online user's context.
To get this situation I don't need to define any account information in
MicroSIP.
I have not set passwords for users in Asterisk to avoid double
authorization. May this cause the behavior? I have not set default user
or from user in my peer definitions. I am not registering Kamailio to
Asterisk - I mean I have no peer definition for Kamailio in sip.conf.
I do not know what direction to go to. I would be happy, if I should not
go to the trial and error path so any help is welcome.
Thanks in advance,
Teijo
14.7.2014 9:06, g.aloi...@gmail.com mailto:g.aloi...@gmail.com
kirjoitti:
Hello,
If one places call, and tell that my from domain is your Kamailio's
IP, call is established, because Asterisk accepts requests from
Kamailio. One problem is that it's unpredictable in this case what is
the context where thiskind of call is handled by Asterisk.
This situation requires that I change something in my setup. If I decide
accept calls only from my users, I suppose that it can be quite easily
done by modifying if statement referred below or at least by applying
instructions found here:
http://www.kamailio.org/dokuwiki/doku.php/examples:restrict-calls-to-registered-users
However, I'm somewhat unsure what should I do, if I decide to accept
calls from any caller - not only from my users.
Best,
Teijo
12.7.2014 19:36, Muhammad Shahzad kirjoitti:
Well, this
*if (from_uri!=myself uri!=myself)*
Means neither source nor destination is our user. Which implies that
if our
domain is A, then call from domain B to C is not possible. However,
calls
from B or C to A and A to B or C are possible. That is way an
unauthorized user gets passed and reaches asterisk. Asterisk accepts it
since call is coming from kamailio and tries to route it back to
kamailio,
where kamailio finds user online and thus it goes through.
You should really break down this,
*if (from_uri!=myself uri!=myself)*
into something like this for clarity,
*if (from_uri!=myself) { *
* if (uri!=myself) {*
* # neither source nor destination is our user*
* } else {*
* # source is not our user but destination is our user*
* };*
*} else {*
* if (uri!=myself) {*
* # source is our user but destination is not our user*
* } else {*
* # both source and destination are our users*
* };*
*};*
Hope this helps.
Thank you.
On Fri, Jul 11, 2014 at 5:36 PM, g.aloi...@gmail.com wrote:
Hello,
I'm using Kamailio version 4.1.4+precise (amd64).
I have followed Kamailio 4.0.x and Asterisk 11.3.0 Realtime
Integration
using Asterisk Database (http://kb.asipto.com/
asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb). One main
difference in my setup compared to that one is that I continued use of
Kamailio's database.
The problem is as follows:
I decided to put Kamailio and through it Asterisk reachable from
internet.
I have tried to configure Asterisk so that only calls of registered
users
would be possible, and they could only call to other registered
users or
conference rooms and echo test number.
Then I took the following steps:
I ensured that there was no online users with kamctl online. Then I
launched MicroSIP (www.microsip.org), but I did not defined account, I
simply set the protocol to tls and media encryption to mandatory,
because
I'm using these.
I called to extension with x...@my.public.ip.address (where xxx is
extension) getting unauthorized. And that was what I wanted.
But if there is online users, calls go
Re: [SR-Users] Really need help on kamailio-snmpstats module
Hello,
the spec was maintained by Peter (added here as explicit recipient) --
he used to build rpms, not sure about the current state. Maybe he can
add some comments about.
Cheers,
Daniel
On 16/07/14 23:13, Allen Zhang wrote:
Hi,
We cloned the kamailio 4.0.0 repository and the spec file was in the
source directory: ~/kamailio-4.0.0/pkg/kamailio/centos/6/kamailio.spec
Cheers,
Allen
*From:*Daniel-Constantin Mierla [mailto:mico...@gmail.com]
*Sent:* Thursday, 17 July 2014 7:57 a.m.
*To:* Allen Zhang; Kamailio (SER) - Users Mailing List
*Cc:* Shane Harrison
*Subject:* Re: [SR-Users] Really need help on kamailio-snmpstats module
Hello,
there are several specs in the source tree, perhaps some need to be
updated or removed. Can you point the path to the one you used?
Cheers,
Daniel
On 11/07/14 04:25, Allen Zhang wrote:
Hi,
There is a bug in the kamailio.spec file from kamailio-4.0.0.0’s
source code directory (if it matters to anyone but me).
This piece of config:
%if 0%{?centos}
Requires: net-snmp-agent-libs
%else
Requires: net-snmp-libs
Should be this:
%if 0%{?fedora}
Requires: net-snmp-agent-libs
%else
Requires: net-snmp-libs
The spec file from the build service is correct. So I guess it
doesn’t matter to most people.
Cheers,
Allen
*From:*sr-users-boun...@lists.sip-router.org
mailto:sr-users-boun...@lists.sip-router.org
[mailto:sr-users-boun...@lists.sip-router.org] *On Behalf Of
*Allen Zhang
*Sent:* Friday, 11 July 2014 9:04 a.m.
*To:* mico...@gmail.com mailto:mico...@gmail.com; Kamailio (SER)
- Users Mailing List
*Subject:* Re: [SR-Users] Really need help on kamailio-snmpstats
module
Hi Daniel,
I’m using the kamailio.spec in the source from kamailio-4.0.0.
I’ll go through the package names again.
Cheer,
Allen
*From:*sr-users-boun...@lists.sip-router.org
mailto:sr-users-boun...@lists.sip-router.org
[mailto:sr-users-boun...@lists.sip-router.org] *On Behalf Of
*Daniel-Constantin Mierla
*Sent:* Thursday, 10 July 2014 6:30 p.m.
*To:* Kamailio (SER) - Users Mailing List
*Subject:* Re: [SR-Users] Really need help on kamailio-snmpstats
module
Hello,
which kamailio.spec are you using? Try to edit it to have the
dependency named as the package available on your system.
Cheers,
Daniel
On 09/07/14 07:21, Allen Zhang wrote:
Hi
This is a re-post. I’m desperate.
What I’m trying to do:
Use rpmbuild to build kamailio rpms from source code. We made
a lot of changes in the kamailio code. I can’t use the rpms
from the build service. The plan is to push these changes to
kamailio but that’s not done, yet.
The problem is when I try to install kamailio-snmpstats module
from the rpm built, it reports error:
Error: Package: kamailio-snmpstats-4.0.0-0.el6.x86_64
(company_name)
Requires: net-snmp-agent-libs
I’ve installed net-snmp on the build machine and the machine
that needs to install kamailio-snmpstats.
I have tried to use the kamailio.spec file from kamailio build
server but it didn’t solve the problem.
Can anyone help, please?
Regards,
Allen
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -http://www.asipto.com
http://twitter.com/#!/miconda http://twitter.com/#%21/miconda
-http://www.linkedin.com/in/miconda
--
Daniel-Constantin Mierla -http://www.asipto.com
http://twitter.com/#!/miconda http://twitter.com/#%21/miconda
-http://www.linkedin.com/in/miconda
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Kamailio RtpProxy MHomed
Hello,
have you looked at sip trace and checked what are the IP addresses in
the SDP? Maybe you need to swap the flags i and e.
You can eventually provide here the incoming invite as well as outgoing
invite, saying what you would expect to be in the outgoing one, so we
can give further hints.
Cheers,
Daniel
On 16/07/14 15:08, Pascal Fautré wrote:
Hi,
I tried to use Kamailio / RTPProxy in mhomed setup without any luck.
I had no problem to configure it with only 1 interface, without
mhomed, everything worked perfectly.
The RTP streams where not established correctly even if I managed to
have to proper IP in the SIP INVITE (C O).
Versions:
version: kamailio 4.1.4 (x86_64/linux)
flags: STATS: Off, USE_TCP, USE_TLS, TLS_HOOKS, USE_RAW_SOCKS,
DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC,
DBG_QM_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE,
USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 4MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled on 04:23:19 Jun 13 2014 with gcc 4.7.2
RTPProxy -v:
Basic version: 20040107
Extension 20050322: Support for multiple RTP streams and MOH
Extension 20060704: Support for extra parameter in the V command
Extension 20071116: Support for RTP re-packetization
Extension 20071218: Support for forking (copying) RTP stream
Extension 20080403: Support for RTP statistics querying
Extension 20081102: Support for setting codecs in the update/lookup
command
Extension 20081224: Support for session timeout notifications
Here is my RTPProxy config (/etc/default/rtpproxy) :
CONTROL_SOCK=udp:127.0.0.1:7722
EXTRA_OPTS=“-l /PU.BL.IC.IP///PRI.VA.TE.IP/ -m 11000 -M 12000 -d
DBUG:LOG_LOCAL3
Here are snippets of my kamailio.cfg:
port=5060
mhomed=1
# RTPProxy control
route[NATMANAGE] {
#!ifdef WITH_NAT
if (is_request()) {
if(has_totag()) {
if(check_route_param(nat=yes)) {
setbflag(FLB_NATB);
}
}
}
if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB)))
return;
xlog(NATMANAGE M=$rm OU=$ou RURI=$ru RD=$rd F=$fu T=$tu NH=$nh(d)
IP=$si ID=$ci\n);
if(dst_ip == PUBLIC_IP) {
if(is_ipv4($nh(d)) is_in_subnet($nh(d), PRIVATE_NET)) {
xlog(NATMANAGE coei\n);
rtpproxy_manage(coei, PRIVATE_IP);
} else {
xlog(NATMANAGE coee\n);
rtpproxy_manage(coee, PUBLIC_IP);
}
} else {
if(is_ipv4($nh(d)) is_in_subnet($nh(d), PRIVATE_NET)) {
xlog(NATMANAGE coii\n);
rtpproxy_manage(coii, PRIVATE_IP);
} else {
xlog(NATMANAGE coie\n);
rtpproxy_manage(coie, PUBLIC_IP);
}
}
if (is_request()) {
if (!has_totag()) {
if(t_is_branch_route()) {
add_rr_param(;nat=yes);
}
}
}
if (is_reply()) {
if(isbflagset(FLB_NATB)) {
if(is_first_hop())
set_contact_alias();
}
}
#!endif
return;
}
Calls were correctly going to the desired rtpproxy_manage options.
Now I’m not quite sure I’m using the correct ones.
I had to specify the PUBLIC_IP or PRIVATE_IP in the rtpproxy_manage
calls in order to have the correct IP address in the C and O headers
of the SIP INVITE. Without that, the public IP would be sent as C and
O params to phones on the private subnet.
In fact not a single call direction would give correct RTP streams.
Any idea where I missed the turn?
Cheers
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Some of the calls drops after 15 minutes + some seconds
On Jul 16, 2014, at 4:05 PM, Andras FOGARASI fogar...@fogarasi.com wrote:
On 7/16/14, 10:00 PM, Frank Carmickle wrote:
On Jul 16, 2014, at 3:54 PM, Daniel-Constantin Mierla mico...@gmail.com
wrote:
Hello,
I expect that the signaling is ok at least for call setup.
From signling point of view, I can think of following situations:
- endpoints send keep alive packets (or session updates) which are no
answered. You can add an xlog(...) at the top of request_route{} and
reply_route{} blocks printing at least the method, call-id, cseq, from and
to header, plus the response code for reply block. In this case you can see
if there is some signaling before call is dropped.
Is this happening just on calls between two phones in your domain, or is
there a carrier/federation involved?
No other parties are involved, only the two phones involved (and the
proxy of course).
I would expect that if it was a NAT issue you would see it much sooner than 15
minutes, 30-60 seconds. Are session timers being stripped by Kamailio? You
say it's a TURN server or is it acting more like a media relay where it is
signaled into the path? What TURN server are you using? How is it configured?
--FC
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Msilo not delivering message (status 408)
Hi, We did have a working msilo implementation a while back, but we don’t use it any more, so I can only look back at the config files (which are a lot more complicated than yours). We added the a modparam modparam(msilo, outbound_proxy, sip:MY_REAL_IP:MY_SIP_PORT;transport=tcp) which will make it arrive on the local machine on the given socket (instead of localhost) to be processed, but that probably isn’t your problem. Is it possible that Kamailio is trying to establish a new connection, instead of reusing the existing connection to the client? That would be visible as TCP SYNs in a trace and would cause a 408 after the timeout. We are using a separate outbound enabled edge proxy so this isn’t a problem for us. Regards, Hugh From: sr-users-boun...@lists.sip-router.org [mailto:sr-users-boun...@lists.sip-router.org] On Behalf Of Peter Villeneuve Sent: 17 July 2014 13:10 To: Daniel-Constantin Mierla; Kamailio (SER) - Users Mailing List Subject: Re: [SR-Users] Msilo not delivering message (status 408) I guess no one really knows why it isn't working either. The only option I have left seems to be to try and update to the 4.2 nightly and hope that whatever's wrong is a bug with 4.1.4 and not a simple mistake in my routing syntax or logic. Daniel, is 4.2 nightly debian package stable enough for a production system? Would you recommend I upgrade? Thanks On Wed, Jul 16, 2014 at 9:37 PM, Peter Villeneuve peterv...@gmail.commailto:peterv...@gmail.com wrote: Can anyone help please? I was supposed to have this server up and running hours ago and I can't think of anything to do next to help debug this. Thanks On Wed, Jul 16, 2014 at 7:01 PM, Peter Villeneuve peterv...@gmail.commailto:peterv...@gmail.com wrote: I removed the localhost listeners on TCP and UDP, and, as I suspected, Kamailio doesn't seem to like that. Why isn't kamailio sending the message back through the TLS socket? NOTICE: script: -MESSAGE PROCESSING: dumping offline messages ERROR: tm [ut.h:343]: uri2dst2(): no corresponding socket for af 2 ERROR: tm [uac.c:266]: t_uac_prepare(): t_uac: no socket found On Wed, Jul 16, 2014 at 4:44 PM, Peter Villeneuve peterv...@gmail.commailto:peterv...@gmail.com wrote: And here's the full routing block. I copied it from someone else on the list that was troubleshooting msilo a while back. Also, I can confirm the message never gets delivered because it remains in msilo DB and kamailio logs shows it trying and trying. ### Routing Logic … On Wed, Jul 16, 2014 at 4:38 PM, Peter Villeneuve peterv...@gmail.commailto:peterv...@gmail.com wrote: Thanks for your help Daniel. OK I ngrepped port 5060 and indeed the message tries to get delivered. However it never arrives at the client (1010 in this case). I have added localhost listeners for UDP and TCP, even though all clients register through TLS only (could this be the root of the problem?). I added localhost listeners because I was getting the no socket found error message. Listening on udp: 127.0.0.1:5080http://127.0.0.1:5080 tcp: 127.0.0.1:5060http://127.0.0.1:5060 tls: 79.my.server.IP1:5061 Aliases: tcp: localhost:5060 udp: localhost:5080 *: my.domain.com:* U 2014/07/16 15:29:14.904285 127.0.0.1:5080http://127.0.0.1:5080 - 79.my.server.IP1:5060 MESSAGE sip:1...@my.domain.commailto:sip%3a1...@my.domain.com SIP/2.0. Via: SIP/2.0/UDP 127.0.0.1:5080;branch=z9hG4bKcde3.542219f4.0. To: sip:1...@my.domain.commailto:sip%3a1...@my.domain.com. From: sip:1...@my.domain.commailto:sip%3a1...@my.domain.com;tag=def4124455da8a0b8e97eafabd028e26-2c30. CSeq: 10 MESSAGE. Call-ID: 16b126996f51d89c-12460@127.0.0.1mailto:16b126996f51d89c-12460@127.0.0.1. Max-Forwards: 70. Content-Length: 58. User-Agent: kamailio (4.1.4 (x86_64/linux)). Date: Wed, 16 Jul 2014 15:22:31 GMT. Content-Type: text/plain. . [Offline message - Wed Jul 16 15:22:31 2014] Test 1,2,3 On Wed, Jul 16, 2014 at 8:58 AM, Daniel-Constantin Mierla mico...@gmail.commailto:mico...@gmail.com wrote: Hello, can you watch the sip traffic on the network to see if the sip messages is sent out? You can use ngrep, like: ngrep -d any -qt -W byline sip port 5060 Cheers, Daniel On 14/07/14 19:56, Peter Villeneuve wrote: Hi, This is most likely a stupid mistake on my route config, but msilo correctly stores messages for offline users, but when they come back online, the message never arrives. Looking through the debug logs indeed there is an error, with status 408, which suggests kamaiio can't find a route to the user that just logged. Before I spend hours looking through all the routing blocks, perhaps someone more exprienced in kamailio can see the problem right away and offer a solution? Thanks DEBUG: msilo [msilo.c:1148]: m_dump(): msg [1-12] for: sip:1...@my.domain.commailto:sip%3a1...@my.domain.com DEBUG: core [io_wait.h:617]:
Re: [SR-Users] Msilo not delivering message (status 408)
Thanks for helping out Hugh (and obviously Daniel) I have made some progress by adding the modparam (msilo, outbound_proxy, sip:my.domain.com:5061;transport=tls). Now indeed the stored message gets delivered when a UAC registers. But I just noticed that it was also filling up msilo db with user xxx is offline! messages, instead of sending that msg to the initial UAC sending the msg. This likely means I'm doing something wrong with the routing, as it feels like it's in an endless loop. I think Daniel earlier suggested adding if(src_ip != myself) t_on_failure(FAIL_MESSAGE) to another poster that was having trouble with the exact same routing config, but I'm not sure exactly where to insert it. Can someone experienced with the routing syntax point out my - likely obvious - mistake? Cheers, Peter On Thu, Jul 17, 2014 at 3:11 PM, Waite, Hugh hugh.wa...@acision.com wrote: Hi, We did have a working msilo implementation a while back, but we don’t use it any more, so I can only look back at the config files (which are a lot more complicated than yours). We added the a modparam *modparam(msilo, outbound_proxy, sip:MY_REAL_IP:MY_SIP_PORT;transport=tcp)* which will make it arrive on the local machine on the given socket (instead of localhost) to be processed, but that probably isn’t your problem. Is it possible that Kamailio is trying to establish a new connection, instead of reusing the existing connection to the client? That would be visible as TCP SYNs in a trace and would cause a 408 after the timeout. We are using a separate outbound enabled edge proxy so this isn’t a problem for us. Regards, Hugh *From:* sr-users-boun...@lists.sip-router.org [mailto: sr-users-boun...@lists.sip-router.org] *On Behalf Of *Peter Villeneuve *Sent:* 17 July 2014 13:10 *To:* Daniel-Constantin Mierla; Kamailio (SER) - Users Mailing List *Subject:* Re: [SR-Users] Msilo not delivering message (status 408) I guess no one really knows why it isn't working either. The only option I have left seems to be to try and update to the 4.2 nightly and hope that whatever's wrong is a bug with 4.1.4 and not a simple mistake in my routing syntax or logic. Daniel, is 4.2 nightly debian package stable enough for a production system? Would you recommend I upgrade? Thanks On Wed, Jul 16, 2014 at 9:37 PM, Peter Villeneuve peterv...@gmail.com wrote: Can anyone help please? I was supposed to have this server up and running hours ago and I can't think of anything to do next to help debug this. Thanks On Wed, Jul 16, 2014 at 7:01 PM, Peter Villeneuve peterv...@gmail.com wrote: I removed the localhost listeners on TCP and UDP, and, as I suspected, Kamailio doesn't seem to like that. Why isn't kamailio sending the message back through the TLS socket? NOTICE: script: -MESSAGE PROCESSING: dumping offline messages ERROR: tm [ut.h:343]: uri2dst2(): no corresponding socket for af 2 ERROR: tm [uac.c:266]: t_uac_prepare(): t_uac: no socket found On Wed, Jul 16, 2014 at 4:44 PM, Peter Villeneuve peterv...@gmail.com wrote: And here's the full routing block. I copied it from someone else on the list that was troubleshooting msilo a while back. Also, I can confirm the message never gets delivered because it remains in msilo DB and kamailio logs shows it trying and trying. ### Routing Logic … On Wed, Jul 16, 2014 at 4:38 PM, Peter Villeneuve peterv...@gmail.com wrote: Thanks for your help Daniel. OK I ngrepped port 5060 and indeed the message tries to get delivered. However it never arrives at the client (1010 in this case). I have added localhost listeners for UDP and TCP, even though all clients register through TLS only (could this be the root of the problem?). I added localhost listeners because I was getting the no socket found error message. Listening on udp: 127.0.0.1:5080 tcp: 127.0.0.1:5060 tls: 79.my.server.IP1:5061 Aliases: tcp: localhost:5060 udp: localhost:5080 *: my.domain.com:* U 2014/07/16 15:29:14.904285 127.0.0.1:5080 - 79.my.server.IP1:5060 MESSAGE sip:1...@my.domain.com SIP/2.0. Via: SIP/2.0/UDP 127.0.0.1:5080 ;branch=z9hG4bKcde3.542219f4.0. To: sip:1...@my.domain.com. From: sip:1...@my.domain.com;tag=def4124455da8a0b8e97eafabd028e26-2c30. CSeq: 10 MESSAGE. Call-ID: 16b126996f51d89c-12460@127.0.0.1. Max-Forwards: 70. Content-Length: 58. User-Agent: kamailio (4.1.4 (x86_64/linux)). Date: Wed, 16 Jul 2014 15:22:31 GMT. Content-Type: text/plain. . [Offline message - Wed Jul 16 15:22:31 2014] Test 1,2,3 On Wed, Jul 16, 2014 at 8:58 AM, Daniel-Constantin Mierla mico...@gmail.com wrote: Hello, can you watch the sip traffic on the network to see if the sip messages is sent out? You can use ngrep, like: ngrep -d any -qt -W byline sip
Re: [SR-Users] Crash Kamailio 4.1.4
Hello,
I don't understand the patch you sent me. Is it for the PAI problem?
Regards,
Igor
2014-07-07 12:40 GMT+02:00 Igor Potjevlesch igor.potjevle...@gmail.com:
Hello,
Can you explain the modification and the impact on our plateform?
Is it for the pai problem?
Do you have explanation for the km_val.c problem wich cause crash for
Kamailio too?
Regards,
Igor
2014-07-01 16:40 GMT+02:00 Daniel-Constantin Mierla mico...@gmail.com:
Hello,
can you give it a try with the patch from next commit?
-
http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=da9d56be28e050dd0cb4aed50efcbda043a3e5cf
If all goes fine while testing, I will backport.
Cheers,
Daniel
On 26/06/14 12:58, Igor Potjevlesch wrote:
Hello,
Here the result :
(gdb) frame 6
#6 0x7f127cb6dde6 in acc_onreply (t=0x7f1274c157f0,
req=0x7f1274c3ac08,
reply=0x7f12804a6d70, code=200) at acc_logic.c:501
501 clean_hdr_field(hdr);
(gdb) print hdr
$1 = (hdr_field_t *) 0x7f1274c3c238
(gdb) print *hdr
$2 = {type = HDR_PAI_T, name = {
s = 0x7f1274c3b6cd P-Asserted-Identity:
sip:0123456789@domain;user=phone\r\nP-Sig-Options:
Sending-Complete\r\n\r\nv=0\r\no=- 111851 1 IN IP4 A.B.C.D\r\ns=-\r\nt=0
0\r\nm=audio 21336 RTP/AVP 8 101 13\r\nc=IN IP4 A.B.C..., len = 19}, body
= {
s = 0x7f1274c3b6e2 sip:0123456789@domain;user=phone\r\nP-Sig-Options:
Sending-Complete\r\n\r\nv=0\r\no=- 111851 1 IN IP4 A.B.C.D\r\ns=-\r\nt=0
0\r\nm=audio 21336 RTP/AVP 8 101 13\r\nc=IN IP4 A.B.C.D\r\na=rtpmap:101
tele..., len = 44}, len = 67, parsed = 0x0, next = 0x7f1274c3c278}
(gdb) frame 4
#4 0x0056e5e6 in free_pai_ppi_body (pid_b=0x7f12803cb480)
at parser/parse_ppi_pai.c:102
102 pkg_free(pid_b);
(gdb) print *pid_b
$3 = {id = 0x0, num_ids = 0, next = 0x1d0}
This is the bt full :
#0 0x003d6f6328a5 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x003d6f634085 in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x00546d3c in qm_debug_frag (qm=0x7f1280275010,
f=0x7f12803cb450) at mem/q_malloc.c:142
__FUNCTION__ = qm_debug_frag
#3 0x00548b26 in qm_free (qm=0x7f1280275010, p=0x7f12803cb480,
file=0x6276a0 core: parser/parse_ppi_pai.c, func=0x627a00
free_pai_ppi_body, line=102) at mem/q_malloc.c:464
f = 0x7f12803cb450
size = 139717434027144
next = 0xf
prev = 0x7f127cd79e00
__FUNCTION__ = qm_free
#4 0x0056e5e6 in free_pai_ppi_body (pid_b=0x7f12803cb480) at
parser/parse_ppi_pai.c:102
__FUNCTION__ = free_pai_ppi_body
#5 0x0054fee0 in clean_hdr_field (hf=0x7f1274c3c238) at
parser/hf.c:126
h_parsed = 0x7f1274c3c268
__FUNCTION__ = clean_hdr_field
#6 0x7f127cb6dde6 in acc_onreply (t=0x7f1274c157f0,
req=0x7f1274c3ac08, reply=0x7f12804a6d70, code=200) at acc_logic.c:501
new_uri_bk = {s = 0x7f1274b53cdf sip:0987654321@GW
SIP/2.0\r\nRecord-Route: sip:A.B.C.D;lr=on\r\nVia: SIP/2.0/UDP
A.B.C.D;branch=z9hG4bK512b.82b19726f6b60c0c63b79801294d.0\r\nVia:
SIP/2.0/UDP A.B.C.D:2057;branch=z9hG4bK-12..., len = 19}
br = 0
hdr = 0x7f1274c3c238
__FUNCTION__ = acc_onreply
#7 0x7f127cb6e30a in tmcb_func (t=0x7f1274c157f0, type=512,
ps=0x7fff0b015580) at acc_logic.c:573
__FUNCTION__ = tmcb_func
#8 0x7f127ed68478 in run_trans_callbacks_internal
(cb_lst=0x7f1274c15860, type=512, trans=0x7f1274c157f0,
params=0x7fff0b015580) at t_hooks.c:290
cbp = 0x7f1274ac0e90
backup_from = 0x934630
backup_to = 0x934638
backup_dom_from = 0x934640
backup_dom_to = 0x934648
backup_uri_from = 0x934620
backup_uri_to = 0x934628
backup_xavps = 0x934760
__FUNCTION__ = run_trans_callbacks_internal
#9 0x7f127ed6868a in run_trans_callbacks_with_buf (type=512,
rbuf=0x7f1274c158b0, req=0x7f1274c3ac08, repl=0x7f12804a6d70, flags=200) at
t_hooks.c:336
params = {req = 0x7f1274c3ac08, rpl = 0x7f12804a6d70, param =
0x7f1274ac0ea0, code = 200, flags = 200, branch = 0, t_rbuf =
0x7f1274c158b0, dst = 0x7f1274c15900, send_buf = {
s = 0x7f1274c27620 SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP
A.B.C.D:2057;branch=z9hG4bK-129F259C;rport=2057\r\nCall-ID:
cb03dc02e909d3118f86009033290024@A.B.C.D\r\nFrom:
sip:0123456789@domain;user=phone;epid=00903..., len = 1021}}
trans = 0x7f1274c157f0
#10 0x7f127ed9ac06 in relay_reply (t=0x7f1274c157f0,
p_msg=0x7f12804a6d70, branch=0, msg_status=200, cancel_data=0x7fff0b0158e0,
do_put_on_wait=1) at t_reply.c:2001
relay = 0
save_clone = 0
buf = 0x7f12804a7cc0 SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP
A.B.C.D:2057;branch=z9hG4bK-129F259C;rport=2057\r\nCall-ID:
cb03dc02e909d3118f86009033290024@A.B.C.D\r\nFrom:
sip:0123456789@domain;user=phone;epid=00903...
Re: [SR-Users] Some of the calls drops after 15 minutes + some seconds
On 7/17/14, 3:41 PM, Frank Carmickle wrote:
On Jul 16, 2014, at 4:05 PM, Andras FOGARASI fogar...@fogarasi.com wrote:
On 7/16/14, 10:00 PM, Frank Carmickle wrote:
On Jul 16, 2014, at 3:54 PM, Daniel-Constantin Mierla mico...@gmail.com
wrote:
Hello,
I expect that the signaling is ok at least for call setup.
From signling point of view, I can think of following situations:
- endpoints send keep alive packets (or session updates) which are no
answered. You can add an xlog(...) at the top of request_route{} and
reply_route{} blocks printing at least the method, call-id, cseq, from and
to header, plus the response code for reply block. In this case you can
see if there is some signaling before call is dropped.
Is this happening just on calls between two phones in your domain, or is
there a carrier/federation involved?
No other parties are involved, only the two phones involved (and the
proxy of course).
I would expect that if it was a NAT issue you would see it much sooner than
15 minutes, 30-60 seconds. Are session timers being stripped by Kamailio?
You say it's a TURN server or is it acting more like a media relay where it
is signaled into the path? What TURN server are you using? How is it
configured?
The problem occurs even without TURN, in pure peer-to-peer mode. We use
TURN only in emergency case (symmetric NAT and like that...). I do
nothing with session timers - i didn't think about it until now...
Andras
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Some of the calls drops after 15 minutes + some seconds
On Jul 17, 2014, at 11:27 AM, Andras FOGARASI fogar...@fogarasi.com wrote: On 7/17/14, 3:41 PM, Frank Carmickle wrote: I would expect that if it was a NAT issue you would see it much sooner than 15 minutes, 30-60 seconds. Are session timers being stripped by Kamailio? You say it's a TURN server or is it acting more like a media relay where it is signaled into the path? What TURN server are you using? How is it configured? The problem occurs even without TURN, in pure peer-to-peer mode. We use TURN only in emergency case (symmetric NAT and like that...). I do nothing with session timers - i didn't think about it until now… How do you set up the TURN only in emergency case? Do the phones do it themselves? Does Kamailio control the TURN, rtpengine/mediaproxy-ng? Who sends the bye? --FC ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Some of the calls drops after 15 minutes + some seconds
On 7/17/14, 5:34 PM, Frank Carmickle wrote: On Jul 17, 2014, at 11:27 AM, Andras FOGARASI fogar...@fogarasi.com wrote: On 7/17/14, 3:41 PM, Frank Carmickle wrote: I would expect that if it was a NAT issue you would see it much sooner than 15 minutes, 30-60 seconds. Are session timers being stripped by Kamailio? You say it's a TURN server or is it acting more like a media relay where it is signaled into the path? What TURN server are you using? How is it configured? The problem occurs even without TURN, in pure peer-to-peer mode. We use TURN only in emergency case (symmetric NAT and like that...). I do nothing with session timers - i didn't think about it until now… How do you set up the TURN only in emergency case? Do the phones do it themselves? Does Kamailio control the TURN, rtpengine/mediaproxy-ng? Who sends the bye? Caller send BYE as i see. Meanwhile i made some debug: after 15 minutes an UPDATE comes. Sometimes the UPDATE is answered with 200 OK, then the call doesn't drop, continues and everything works as expected. Sometimes it's not answered at all (it seems timeout), then hangs up. Andras ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Kamailio RtpProxy MHomed
I have created an environment with the same config and I find the same problem.
While still does not work for video, I have changed (flip) the public/internal
IP addresses on rtpproxy and I can get half call leg working properly,
includding video.
However, I am testing video calls. So I got another question on top of the
original post: Can we use rtpproxy also for video or it only supports voice rtp
proxy?
Cheers,
Mo
Date: Thu, 17 Jul 2014 13:56:53 +0200
From: mico...@gmail.com
To: sr-users@lists.sip-router.org
Subject: Re: [SR-Users] Kamailio RtpProxy MHomed
Hello,
have you looked at sip trace and checked what are the IP addresses
in the SDP? Maybe you need to swap the flags i and e.
You can eventually provide here the incoming invite as well as
outgoing invite, saying what you would expect to be in the outgoing
one, so we can give further hints.
Cheers,
Daniel
On 16/07/14 15:08, Pascal Fautré wrote:
Hi,
I tried to use Kamailio / RTPProxy in mhomed setup without
any luck.
I had no problem to configure it with only 1 interface,
without mhomed, everything worked perfectly.
The RTP streams where not established correctly even if I
managed to have to proper IP in the SIP INVITE (C O).
Versions:
version:
kamailio 4.1.4 (x86_64/linux)
flags: STATS:
Off, USE_TCP, USE_TLS, TLS_HOOKS, USE_RAW_SOCKS,
DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP,
PKG_MALLOC, DBG_QM_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT,
USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST,
HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024,
MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024,
BUF_SIZE 65535, DEFAULT PKG_SIZE 4MB
poll method
support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled on
04:23:19 Jun 13 2014 with gcc 4.7.2
RTPProxy -v:
Basic version:
20040107
Extension
20050322: Support for multiple RTP streams and MOH
Extension
20060704: Support for extra parameter in the V command
Extension
20071116: Support for RTP re-packetization
Extension
20071218: Support for forking (copying) RTP stream
Extension
20080403: Support for RTP statistics querying
Extension
20081102: Support for setting codecs in the update/lookup
command
Extension
20081224: Support for session timeout notifications
Here is my RTPProxy config (/etc/default/rtpproxy) :
CONTROL_SOCK=udp:127.0.0.1:7722
EXTRA_OPTS=“-l
PU.BL.IC.IP/PRI.VA.TE.IP -m 11000 -M 12000 -d
DBUG:LOG_LOCAL3
Here are snippets of my kamailio.cfg:
port=5060
mhomed=1
# RTPProxy
control
route[NATMANAGE]
{
#!ifdef
WITH_NAT
if
(is_request()) {
if(has_totag()) {
if(check_route_param(nat=yes)) {
setbflag(FLB_NATB);
}
}
}
if
(!(isflagset(FLT_NATS) || isbflagset(FLB_NATB)))
return;
xlog(NATMANAGE M=$rm OU=$ou RURI=$ru RD=$rd F=$fu T=$tu
NH=$nh(d) IP=$si ID=$ci\n);
if(dst_ip == PUBLIC_IP) {
if(is_ipv4($nh(d)) is_in_subnet($nh(d),
PRIVATE_NET)) {
xlog(NATMANAGE coei\n);
rtpproxy_manage(coei, PRIVATE_IP);
} else {
xlog(NATMANAGE coee\n);
rtpproxy_manage(coee, PUBLIC_IP);
}
}
else {
if(is_ipv4($nh(d)) is_in_subnet($nh(d),
PRIVATE_NET)) {
xlog(NATMANAGE coii\n);
rtpproxy_manage(coii, PRIVATE_IP);
} else {
xlog(NATMANAGE coie\n);
Re: [SR-Users] Crash Kamailio 4.1.4
Hello, On 17/07/14 18:41, Igor Potjevlesch wrote: Hello, When this patch will be add in a new release? I can't try without validation of new release. when is scheduled the next release? you were the only one reporting this issue. The patch will be backported if you can test and confirm it is working. You don't need to install master for it, you can cherry-pick it on your local clone. Otherwise, it will get in 4.2 which should be out later in the autumn. Cheers, Daniel Regards, Igor. 2014-07-17 17:50 GMT+02:00 Daniel-Constantin Mierla mico...@gmail.com mailto:mico...@gmail.com: Hello, the patch is adding a lock to protect against races executing the acc callback -- acc was parsing the header pointing to private memory, but linking it in the shared memory structure. Now it is cleaned up and such cases don't overlap anymore. Hope is clear enough. That could have been the cause for the other crash, as the pointer might have been invalidated by the raced execution. Cheers, Daniel On 17/07/14 17:18, Igor Potjevlesch wrote: Hello, I don't understand the patch you sent me. Is it for the PAI problem? Regards, Igor 2014-07-07 12:40 GMT+02:00 Igor Potjevlesch igor.potjevle...@gmail.com mailto:igor.potjevle...@gmail.com: Hello, Can you explain the modification and the impact on our plateform? Is it for the pai problem? Do you have explanation for the km_val.c problem wich cause crash for Kamailio too? Regards, Igor -- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Kamailio RtpProxy MHomed
On 17/07/14 23:10, Moacir Ferreira wrote:
I have created an environment with the same config and I find the same
problem. While still does not work for video, I have changed (flip)
the public/internal IP addresses on rtpproxy and I can get half call
leg working properly, includding video.
However, I am testing video calls. So I got another question on top of
the original post: Can we use rtpproxy also for video or it only
supports voice rtp proxy?
Yes, it works for both audio and video at the same time. As an example,
see my ipv4-ipv6 tutorial where I used it in bridge mode and tested with
video using Jitsi:
- http://kb.asipto.com/kamailio:kamailio-mixed-ipv4-ipv6
Cheers,
Daniel
Cheers,
Mo
Date: Thu, 17 Jul 2014 13:56:53 +0200
From: mico...@gmail.com
To: sr-users@lists.sip-router.org
Subject: Re: [SR-Users] Kamailio RtpProxy MHomed
Hello,
have you looked at sip trace and checked what are the IP addresses in
the SDP? Maybe you need to swap the flags i and e.
You can eventually provide here the incoming invite as well as
outgoing invite, saying what you would expect to be in the outgoing
one, so we can give further hints.
Cheers,
Daniel
On 16/07/14 15:08, Pascal Fautré wrote:
Hi,
I tried to use Kamailio / RTPProxy in mhomed setup without any luck.
I had no problem to configure it with only 1 interface, without
mhomed, everything worked perfectly.
The RTP streams where not established correctly even if I managed
to have to proper IP in the SIP INVITE (C O).
Versions:
version: kamailio 4.1.4 (x86_64/linux)
flags: STATS: Off, USE_TCP, USE_TLS, TLS_HOOKS, USE_RAW_SOCKS,
DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP,
PKG_MALLOC, DBG_QM_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT,
USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST,
HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN
16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 4MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled on 04:23:19 Jun 13 2014 with gcc 4.7.2
RTPProxy -v:
Basic version: 20040107
Extension 20050322: Support for multiple RTP streams and MOH
Extension 20060704: Support for extra parameter in the V command
Extension 20071116: Support for RTP re-packetization
Extension 20071218: Support for forking (copying) RTP stream
Extension 20080403: Support for RTP statistics querying
Extension 20081102: Support for setting codecs in the
update/lookup command
Extension 20081224: Support for session timeout notifications
Here is my RTPProxy config (/etc/default/rtpproxy) :
CONTROL_SOCK=udp:127.0.0.1:7722
EXTRA_OPTS=“-l /PU.BL.IC.IP///PRI.VA.TE.IP/ -m 11000 -M 12000 -d
DBUG:LOG_LOCAL3
Here are snippets of my kamailio.cfg:
port=5060
mhomed=1
# RTPProxy control
route[NATMANAGE] {
#!ifdef WITH_NAT
if (is_request()) {
if(has_totag()) {
if(check_route_param(nat=yes)) {
setbflag(FLB_NATB);
}
}
}
if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB)))
return;
xlog(NATMANAGE M=$rm OU=$ou RURI=$ru RD=$rd F=$fu T=$tu
NH=$nh(d) IP=$si ID=$ci\n);
if(dst_ip == PUBLIC_IP) {
if(is_ipv4($nh(d)) is_in_subnet($nh(d), PRIVATE_NET)) {
xlog(NATMANAGE coei\n);
rtpproxy_manage(coei, PRIVATE_IP);
} else {
xlog(NATMANAGE coee\n);
rtpproxy_manage(coee, PUBLIC_IP);
}
} else {
if(is_ipv4($nh(d)) is_in_subnet($nh(d), PRIVATE_NET)) {
xlog(NATMANAGE coii\n);
rtpproxy_manage(coii, PRIVATE_IP);
} else {
xlog(NATMANAGE coie\n);
rtpproxy_manage(coie, PUBLIC_IP);
}
}
if (is_request()) {
if (!has_totag()) {
if(t_is_branch_route()) {
add_rr_param(;nat=yes);
}
}
}
if (is_reply()) {
if(isbflagset(FLB_NATB)) {
if(is_first_hop())
set_contact_alias();
}
}
#!endif
return;
}
Calls were correctly going to the desired rtpproxy_manage options.
Now I’m not quite sure I’m using the correct ones.
I had to specify the PUBLIC_IP or PRIVATE_IP in the
rtpproxy_manage calls in order to have the correct IP address in
the C and O headers of the SIP INVITE. Without that, the public IP
would be sent as C and O params to phones on the private subnet.
In fact not a single call direction would give
