Re: [SR-Users] Kamailio on Mac

2014-07-30 Thread stan_byrds...@yahoo.com 
Any luck yet? I'm trying todo the same thing flow this  Kamailio on OS X
Mavericks

  

Good Luck!!!



--
View this message in context: 
http://sip-router.1086192.n5.nabble.com/Kamailio-on-Mac-tp129264p129333.html
Sent from the Users mailing list archive at Nabble.com.

___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] [Serusers] how to enable logs in SER

2014-07-30 Thread pawan 
Sir pl help for registration of soft phone to my local sip server my email
vijay8...@gmail.com



---
This email is free from viruses and malware because avast! Antivirus protection 
is active.
http://www.avast.com
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] [Kamailio]list members

2014-07-30 Thread Djamel Bahamid 

Hi,

I would like to subscribe to the list.

Best Regards,

Djamel BAHAMID.

___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] sip

2014-07-30 Thread Nar 
 Hi, I am developing a social application where I want to enable voice & video 
calling function and still I don't know what to use in server side, do you have 
any product that I can use to develop the server side(for 10.000+ users)?
Thank you in advance.___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] Unable to SUBSCRIBE for presence using sip.js through WSS

2014-07-30 Thread Alex Villací­s Lasso 

My kamailio.cfg configuration file is attached.

I am having trouble using SIP.js (http://sipjs.com/) to handle a SUBSCRIBE for presence information. With Jitsi clients (using plain UDP), presence seems to work correctly. However, when using SIP.js via a websocket, Kamailio is unable to send the NOTIFY 
for the presence event. However, MESSAGE packets are routed correctly between peers, even through websockets.


The location table after registration looks like this:

+-+--+--+--+--++--+-+---++--+-+---++--+---+-+-++
| id  | ruid | username | domain   | contact  | received   | path | expires | q | callid | cseq | last_modified   | flags | cflags | 
user_agent   | socket| methods | instance| reg_id |

+-+--+--+--+--++--+-+---++--+-+---++--+---+-+-++
| 192 | uloc-53d96398-1afc-1 | admin| pbx.villacis.com | sip:nfinhooe@192.0.2.90;transport=ws | sip:192.168.3.2:41478;transport=WS | NULL | 2014-07-30 17:18:57 | -1.00 | 6a2dot9ihoobhng9ackqmq |   90 | 2014-07-30 17:08:57 | 0 | 64 | 
SIP.js/0.5.0 | tls:192.168.2.18:5061 | 782 |  |  1 |

+-+--+--+--+--++--+-+---++--+-+---++--+---+-+-++

When running the following javascript code:

var subs = ua.subscribe('ad...@pbx.villacis.com', 'presence');
subs.on('notify', function (n) { alert(n.request.body); });

... I see the following traffic in the browser console area:

SUBSCRIBE sip:ad...@pbx.villacis.com SIP/2.0
Via: SIP/2.0/WSS 192.0.2.90;branch=z9hG4bK3654279
Max-Forwards: 70
To: 
From: "Administrator" ;tag=rt0men9qve
Call-ID: pa7jno8q3op5pu0qitad
CSeq: 322 SUBSCRIBE
Proxy-Authorization: Digest algorithm=MD5, username="admin", realm="pbx.villacis.com", 
nonce="U9lswVPZa5WSu5jz1P/jIOJTvthKXw6v", uri="sip:ad...@pbx.villacis.com", 
response="f7246e64573b5888d69896a70d4204aa"
Event: presence
Expires: 3600
Contact: 
Allow: ACK,CANCEL,BYE,OPTIONS,MESSAGE
Supported: outbound
User-Agent: SIP.js/0.5.0
Content-Length: 0

SIP/2.0 202 OK
Via: SIP/2.0/WSS 
192.0.2.90;branch=z9hG4bK3654279;rport=41478;received=192.168.3.2
To: ;tag=a6a1c5f60faecf035a1ae5b6e96e979a-84c3
From: "Administrator" ;tag=rt0men9qve
Call-ID: pa7jno8q3op5pu0qitad
CSeq: 322 SUBSCRIBE
Expires: 3600
Contact: 
Server: kamailio (4.1.4 (x86_64/linux))
Content-Length: 0

However, I also get the following messages in the kamailio log:

Jul 30 17:03:01 elx3 /usr/sbin/kamailio[6908]: WARNING:  
[msg_translator.c:2506]: via_builder(): TCP/TLS connection (id: 0) for WebSocket 
could not be found
Jul 30 17:03:01 elx3 /usr/sbin/kamailio[6908]: ERROR: tm [t_msgbuilder.c:1365]: 
assemble_via(): assemble_via: via building failed
Jul 30 17:03:01 elx3 /usr/sbin/kamailio[6908]: ERROR: tm [t_msgbuilder.c:1544]: 
build_uac_req(): build_uac_req(): Error while assembling Via
Jul 30 17:03:01 elx3 /usr/sbin/kamailio[6908]: ERROR: tm [uac.c:338]: 
t_uac_prepare(): t_uac: Error while building message
Jul 30 17:03:01 elx3 /usr/sbin/kamailio[6908]: ERROR: presence [notify.c:1591]: 
send_notify_request(): in function tmb.t_request_within
Jul 30 17:03:01 elx3 /usr/sbin/kamailio[6908]: ERROR: presence [notify.c:1678]: 
notify(): sending Notify not successful
Jul 30 17:03:01 elx3 /usr/sbin/kamailio[6908]: ERROR: presence 
[subscribe.c:678]: update_subscription(): Could not send notify
Jul 30 17:03:01 elx3 /usr/sbin/kamailio[6908]: ERROR: presence 
[subscribe.c:713]: update_subscription(): occured
Jul 30 17:03:01 elx3 /usr/sbin/kamailio[6908]: ERROR: presence 
[subscribe.c:994]: handle_subscribe(): in update_subscription


I have found a discussion at http://marc.info/?l=sr-users&m=136624316816288&w=2 which recommends fix_nated_contact(), but I am not really sure about how to add it, or what conditions to check on whether it should be used. I added the call to 
fix_nated_contact() like this:


# Caller NAT detection route
route[NATDETECT] {
#!ifdef WITH_NAT
force_rport();
#
#  1 - Contact header field is searched for occurrence of RFC1918 o

[SR-Users] kamailio routes packets with invalid From/To headers with uac.restore_mode=auto when incoming packet does not use exact same replaced From/To header

2014-07-30 Thread Alex Villací­s Lasso 
I am currently handling a system that runs kamailio and asterisk in the same machine. The kamailio instances are being used to emulate multiple SIP domains, by means of From/To mangling of incoming packets, which are then routed to Asterisk. The attached 
kamailio.cfg does this work.


There is an problem when handling SUBSCRIBE requests (as required for BLF and voicemail indications). My configuration is written so that these SUBSCRIBE requests are not handled by kamailio, but instead routed to asterisk. There is a failure to check 
From/To headers to see whether NOTIFY packets generated as part of a subscription can be restored using the information in Record-Route. The end result is that kamailio ends up sending packets with garbled tags that are (rightly) rejected by the SIP endpoint.


The following is an example that demonstrates the issue (using Jitsi as 
endpoint):

After registration, Jitsi sends a SUBSCRIBE request:

SUBSCRIBE sip:avillaci...@pbx.villacis.com SIP/2.0
Call-ID: 87ff107c2665316f4e257b358c54b3d4@0:0:0:0:0:0:0:0
CSeq: 2 SUBSCRIBE
From: "avillacisIM" ;tag=bf427f4a
To: "avillacisIM" 
Max-Forwards: 70
Contact: "avillacisIM" 

User-Agent: Jitsi2.5.5255Linux
Event: message-summary
Accept: application/simple-message-summary
Expires: 3600
Via: SIP/2.0/UDP 
192.168.3.2:5060;branch=z9hG4bK-343638-bd3ea073eb8920481b32962f3221eb6f
Proxy-Authorization: Digest 
username="avillacisIM",realm="pbx.villacis.com",nonce="U9lZJlPZV/r06Xep/ukc1UzAIO0V3TbS",uri="sip:avillaci...@pbx.villacis.com",response="0e18f4913c2693f6154c91f158fb17fe"
Content-Length: 0

This packet is mangled by the configuration, and is sent to asterisk like this:

SUBSCRIBE sip:avillaci...@pbx.villacis.com SIP/2.0
Record-Route: 

Record-Route: 

Call-ID: 87ff107c2665316f4e257b358c54b3d4@0:0:0:0:0:0:0:0
CSeq: 2 SUBSCRIBE
From: "avillacisIM" 
;tag=bf427f4a
To: "avillacisIM" 
Max-Forwards: 69
Contact: "avillacisIM" 

User-Agent: Jitsi2.5.5255Linux
Event: message-summary
Accept: application/simple-message-summary
Expires: 3600
Via: SIP/2.0/UDP 127.0.0.1;branch=z9hG4bKd941.2ab9cf36e41dc48855ae2cbe9a309d0a.0
Via: SIP/2.0/UDP 
192.168.3.2:5060;rport=5060;branch=z9hG4bK-343638-bd3ea073eb8920481b32962f3221eb6f
Content-Length: 0

The asterisk response for the SUBSCRIBE:

SIP/2.0 200 OK
Via: SIP/2.0/UDP 
127.0.0.1;branch=z9hG4bKd941.2ab9cf36e41dc48855ae2cbe9a309d0a.0;received=127.0.0.1;rport=5060
Via: SIP/2.0/UDP 
192.168.3.2:5060;rport=5060;branch=z9hG4bK-343638-bd3ea073eb8920481b32962f3221eb6f
Record-Route: 

Record-Route: 

From: "avillacisIM" 
;tag=bf427f4a
To: "avillacisIM" 
;tag=as5562e95e
Call-ID: 87ff107c2665316f4e257b358c54b3d4@0:0:0:0:0:0:0:0
CSeq: 2 SUBSCRIBE
Server: Asterisk PBX 11.11.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, 
PUBLISH, MESSAGE
Supported: replaces, timer
Expires: 3600
Contact: ;expires=3600
Content-Length: 0

This is in turn transformed back by kamailio, and sent to Jitsi like this:

SIP/2.0 200 OK
Via: SIP/2.0/UDP 
192.168.3.2:5060;rport=5060;branch=z9hG4bK-343638-bd3ea073eb8920481b32962f3221eb6f
Record-Route: 

Record-Route: 

From: "avillacisIM" ;tag=bf427f4a
To: "avillacisIM" ;tag=as5562e95e
Call-ID: 87ff107c2665316f4e257b358c54b3d4@0:0:0:0:0:0:0:0
CSeq: 2 SUBSCRIBE
Server: Asterisk PBX 11.11.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, 
PUBLISH, MESSAGE
Supported: replaces, timer
Expires: 3600
Contact: ;expires=3600
Content-Length: 0

Now asterisk wants to send a NOTIFY to the endpoint for the subscription. The 
NOTIFY looks like this:

NOTIFY 
sip:avillacisIM@192.168.3.2:5060;transport=udp;registering_acc=pbx_villacis_com 
SIP/2.0
Via: SIP/2.0/UDP 127.0.0.1:5080;branch=z9hG4bK658fa5fc;rport
Max-Forwards: 70
Route: 
,

From: "asterisk" ;tag=as5562e95e
To: 
;tag=bf427f4a
Contact: 
Call-ID: 87ff107c2665316f4e257b358c54b3d4@0:0:0:0:0:0:0:0
CSeq: 102 NOTIFY
User-Agent: Asterisk PBX 11.11.0
Event: message-summary
Content-Type: application/simple-message-summary
Subscription-State: active
Content-Length: 89

Messages-Waiting: no
Message-Account: sip:*97@127.0.0.1:5080
Voice-Message: 0/0 (0/0)

Here is where the bug appears. The autoprocessing does not recognize that the From header (From: "asterisk" ;tag=as5562e95e) from the above request has nothing to do with the saved information (vsf parameter). Instead, it 
blindly mangles the From header, and does not even run a sanity check on the result before routing it. The end result is shown below.


NOTIFY 
sip:avillacisIM@192.168.3.2:5060;transport=udp;registering_acc=pbx_villacis_com 
SIP/2.0
Record-Route: 
Record-Route: 
Via: SIP/2.0/UDP 
192.168.2.18;branch=z9hG4bK8333.8bfe7bc2bd554a8631f0d00d463b28ee.0
Via: SIP/2.0/UDP 127.0.0.1:5080;branch=z9hG4bK658fa5fc;rport=5080
Max-Forwards: 69
From: "asterisk" 
;tag=as5562e95e
To: 
;tag=bf427f4a
Contact: 
Call-ID: 87ff107c2665316f4e257b358c54b3d4@0:0:0:0:0:0:0:0
CSeq: 102 NOTIFY
User-Agent: Asterisk PBX 11.11.0
Event: message-summary
Content-Type: application/sim

[SR-Users] SIGUSR1 for memory status not working as documented - only one process reports back

2014-07-30 Thread Alex Villací­s Lasso 
I am trying to track down a memory leak that was triggered by a patch I wrote for my local copy of kamailio 4.1.4 . For this, I am following the documentation at http://www.kamailio.org/dokuwiki/doku.php/troubleshooting:memory . This page claims that once 
memlog is set in the configuration file, a kamailio process will dump a report of the allocation map when shutting down, or when receiving a SIGUSR1. I have configured my kamailio.cfg with memlog=1 and no other change, and I see the memory report on 
shutdown for all processes. However, when I send a SIGUSR1 to a kamailio process, the process does absolutely nothing, with the exception of the first kamailio process (the one reported as Type=attendant by "kamctl ps"). All of the other processes just 
ignore SIGUSR1. What is going on? It is inconvenient to force a shutdown of all the kamailio processes just to get the memory report.


___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] SIPp load testing

2014-07-30 Thread bob sacamano 
to give some more info I used the provided config files instead of my own but 
still no luck.  The calls just re-transmit and then timeout. i ran the 
command:/sipp  -sf  uac_msg.xml  -rsa 10.0.0.208:5060 10.0.0.209:5070 -m 20 
-r 1 -d 1 -l 70 -trace_err
and the error logs showed:2014-07-30  19:22:38:1771406748158.177881: 
Aborting call on UDP retransmission timeout for Call-ID '490-1430@127.0.0.1'.

From: uncle...@hotmail.com
To: sr-users@lists.sip-router.org
Date: Wed, 30 Jul 2014 18:13:23 +
Subject: [SR-Users] SIPp load testing




I am trying to follow the guide shown 
here:http://www.kamailio.org/docs/openser-performance-tests/ to load test my 
kamailio system.I am a little unclear as to how many instances of sipp are 
running. For the first part i see the command ./sipp  -sf  uac_msg.xml  -rsa 
192.168.2.102:5060 192.168.2.102:5070 -m 20 -r 1 -d 1 -l 70for 
generating the UAC part but is there another instance of sipp running on the 
kamailio computer acting as a UAS? I have seen come sites use for example: sipp 
192.168.1.100:5060 -sn uas -p 5060 but is this not necessary?
thanks for any help   

___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users   
  ___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] multi-homed rtpengine

2014-07-30 Thread Paul Belanger 
Greetings,

We have had good success in the past using rtpproxy with internal and
external interfaces however, we are attempting to migrate to rtpengine
now but are running into an issue (apparently this feature is not
supported).

So, my question is as follows, does this mean we need to multiple
rtpengine and bind them to each interface?  Additionally, in this
setup can audio be bridged between the 2 rtpengine processes?

If not, how do people over come this difference?

-- 
Paul Belanger | PolyBeacon, Inc.
Jabber: paul.belan...@polybeacon.com | IRC: pabelanger (Freenode)
Github: https://github.com/pabelanger | Twitter: https://twitter.com/pabelanger

___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] SIPp load testing

2014-07-30 Thread bob sacamano 
I am trying to follow the guide shown 
here:http://www.kamailio.org/docs/openser-performance-tests/ to load test my 
kamailio system.I am a little unclear as to how many instances of sipp are 
running. For the first part i see the command ./sipp  -sf  uac_msg.xml  -rsa 
192.168.2.102:5060 192.168.2.102:5070 -m 20 -r 1 -d 1 -l 70for 
generating the UAC part but is there another instance of sipp running on the 
kamailio computer acting as a UAS? I have seen come sites use for example: sipp 
192.168.1.100:5060 -sn uas -p 5060 but is this not necessary?
thanks for any help   ___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Kamailio on Mac

2014-07-30 Thread Carlos Ruiz Díaz 
Thank you for the suggestion Victor. I'll make some tests using it.

Daniel, do you develop Kamailio using VMs on your Mac, or do you natively
compile and run Kamailio on OS X?

Thanks,
Carlos


On Wed, Jul 30, 2014 at 3:47 AM, Daniel-Constantin Mierla  wrote:

>
> On 30/07/14 09:50, Victor Seva wrote:
>
>> On 07/27/2014 01:46 AM, Carlos Ruiz Díaz wrote:
>>
>>> Hi all,
>>>
>>> I'm switching my development environment from Linux to Mac.
>>>
>>> Is there any tutorial on how to setup Kamailio on this OS? It may be an
>>> Unix flavor, but it's still quite different from Linux :).
>>>
>> Maybe using docker can help you...
>> https://docs.docker.com/installation/mac/
>>
> I see docker is installing virtualbox (if I got right the the docs at the
> quick look). Then, in this direction, installing a VM with linux on mac
> will do the job as well. I use a lot of virtualbox on mac for testing on
> various linux distributions when needed.
>
> On the other hand, anyone one here that has played with kamailio and
> docker? Any pitfalls? I noticed searching the web a reference to a kamailio
> docker container by guardianproject.
>
>
> Cheers,
> Daniel
>
> --
> Daniel-Constantin Mierla - http://www.asipto.com
> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>
>
> ___
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users@lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>



-- 
Carlos
http://caruizdiaz.com
http://ngvoice.com
+52 55 3048 3303
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Obscuring SIP traffic and using with NoSIP

2014-07-30 Thread Muhammad Shahzad 
The key purpose of ITV encryption is to avoid making a pattern of any sort.
If you encrypt same text / packet 10 times you will get completely
different encrypted text / packet each time. This happens due to the fact
that the encryption key changes dynamically with each new encryption done,
see the readme file for more details

https://github.com/mshary/itv/blob/master/README.md

Secondly with v2.0, it uses non-deterministic random source as well as
auto-learning, so it can adopt to new symbols and words encountered while
encrypting and update itself to use them. So technically, it can also be
used for binary data such as RTP, however RTP uses UDP which has
possibility of packet loss and thus not suitable for ITV encryption (at
least for now, this is a hot discussion within my researchers circle and we
are actively looking for a solution for this).

See release notes for v2.0 here,

https://github.com/mshary/itv/releases/tag/v2.0

Anyways, the current target is to use kamailio as SIP proxy and doubango as
SIP client for iPhone and Android. Once it is achieved it will be available
free / open source to public and then it can be actually tested against all
possible voip blocking and sniffing scenarios which we hope it would be
able to solve with minimal possible overhead. So far the prototype works
pretty good in a few voip blocked countries and GSM operators where we have
tested it.

Thank you.




On Wed, Jul 30, 2014 at 5:32 PM, Daniel Tryba  wrote:

> On Wednesday 30 July 2014 06:37:31 Muhammad Shahzad wrote:
> > Humm, no reply so far, may be because my email was very long and no body
> > bothered to read it all. Anyways, here is the shorter more direct version
> > of it.
>
> I read it all and my only though was: use a VPN.
>
> If someone wants to stop SIP, it has an easy to spot pattern.
> If someone wants to stop VPN, they will drop every non clear connection
> which
> doesn't match a known non-VPN pattern.
>
> If I was afraid of my telco listening in on my SIP dialogs, I'd also want
> to
> encrypt RTP. Which is much more resource intensive than encrypting a few
> SIP
> messages. So if you think standard tls is to intensive you'll also have to
> create some custom lightweight rtp mangling.
>
> ___
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users@lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] LCR

2014-07-30 Thread Moritz Graf 
Hi Keith,

you can take the from userpart from the pseudovar $fU. Find further
infos on the pseudovar documentation site:
http://www.kamailio.org/wiki/cookbooks/4.1.x/pseudovariables

After that you can try to match that with the module regex, see
documentation here:
http://kamailio.org/docs/modules/4.1.x/modules/regex.html

But I recomend using "app_perl". By that you get the whole SIP-message.
Apply PERL regexpower onto it and return some values via avps, or insert
branch directly in perl.

Depending on how sophisticated your LCR rules are using the LCR-Module
or any other module might also be worth a thought.

greetz

Am 29.07.2014 21:55, schrieb Keith:
> Hi,
> 
> I want to do LCR based on from uri. I get I need to do regular
> expression matching but have no idea where to look to start.
> 
> Any pointers would be good.
> Thanks
> Keith


-- 

Moritz Graf, M.Sc.
Betrieb NGN-Plattform
G-FIT GmbH & Co. KG
Greflingerstr. 26, 93055 Regensburg



signature.asc
Description: OpenPGP digital signature
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Obscuring SIP traffic and using with NoSIP

2014-07-30 Thread Daniel Tryba 
On Wednesday 30 July 2014 06:37:31 Muhammad Shahzad wrote:
> Humm, no reply so far, may be because my email was very long and no body
> bothered to read it all. Anyways, here is the shorter more direct version
> of it.

I read it all and my only though was: use a VPN.

If someone wants to stop SIP, it has an easy to spot pattern. 
If someone wants to stop VPN, they will drop every non clear connection which 
doesn't match a known non-VPN pattern.

If I was afraid of my telco listening in on my SIP dialogs, I'd also want to 
encrypt RTP. Which is much more resource intensive than encrypting a few SIP 
messages. So if you think standard tls is to intensive you'll also have to 
create some custom lightweight rtp mangling.

___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Obscuring SIP traffic and using with NoSIP

2014-07-30 Thread Daniel-Constantin Mierla 


On 30/07/14 11:52, Muhammad Shahzad wrote:
Thank you so much for this very useful information. I am working on 
first approach for the moment since its much simpler and easier to 
implement with only difference being that instead of per header or per 
sdp line, i plan to do it in one go, i.e. get entire sip message in 
$mb (sip message buffer), encrypt it and put it back in $mb.


- i guess randomizing registration time is already provided by kamailio.
- yes packet sizes are a concern, so i already have planned for random 
padding as you mentioned.


For client app, i have a developed a basic prototype based on doubango 
framework. I am hopping to release a free and open source 
implementation using idoubs within next couple of months on Apple app 
store.
For a mobile device, an app is needed. But for a linux computer, it 
might works running a kamailio proxy there. Say you have many locations 
for a company, then within local network on each site can be sip and 
between sites, the encrypted signaling.


If kamailio uses a socket for clients and a socket for communicating 
with the other sides, then it is easy to tell to the new module for 
which socket should do encryption/decryption. Alternative is to provide 
either local network address or remote site address and match on src 
ip/dst ip.


Cheers,
Daniel



Thank you.




On Wed, Jul 30, 2014 at 12:22 PM, Daniel-Constantin Mierla 
mailto:mico...@gmail.com>> wrote:



On 30/07/14 06:37, Muhammad Shahzad wrote:

Humm, no reply so far, may be because my email was very long and
no body bothered to read it all. Anyways, here is the shorter
more direct version of it. (including kamailio dev list, since
question is rather technical).

Is it possible to implement a custom SIP transport in Kamailio
script file i.e. kamailio.cfg. The purpose is to allow
experimentation with custom encryption algorithms such as this,

https://github.com/mshary/itv

What we need is a couple of functions, one to receive incoming
raw / encrypted data received on SIP socket, which then can be
parsed / decrypted in kamailio.cfg (using e.g. LUA or PERL
language modules etc.) and afterwords feed to kamailio for usual
processing (as if it was normal / plain-text sip data received on
sip socket). The second function to do the opposite, it receives
the normal / plain-text sip data that is ready to be sent out
from kamailio's core, encrypts it and then send it out to actual
destination.

In case above is not possible. Can i do it in kamailio's native
code? Any hooks / example code for reference?

If you look at encrypting sip messages, look at topoh module. You
can write a replacement for its hooks. Topoh is practically
decoding the headers and then lets the pure SIP message go through
config file execution. Before sending, it encodes the headers and
then let it go to the network.

This is something that should be rather straightforward to do if
you are familiar with C code.

You mentioned that using TLS can still reveal patters of being
sip. You have to think here of ways to obfuscate even in your case
of a new encryption method. What can be matched here:
- periodical registrations - you can have the client (or even the
server) to use different expires times for each registration
- size of packages, specially if user IDs are the same or similar
length (e.g., say everyone uses a 10 digit id), practically no
matter who is calling who, the size will be pretty much the same
because most of the phones I have seen so far use same set of
headers. Here you can add random custom headers for each packet. I
haven't checked the proposed encryption algorithm (some use random
blocks implicitly to pad the data), but eventually you can add
random data before and after the packet that you strip (and
re-add) in topoh-replacement module

The other option of having a totally different protocol than SIP
should be possible as well. But you need to re-implement a lot
(like location, authentication, ...). Look at msrp module for an
example. This may need to touch core code a bit.

Of course, in both cases, the client application has to be
developed as well. Perhaps still easier if going for first option,
by reusing some open source sip client and adding the
encapsulation/decapsulation layer when receiving/sending to network.

Cheers,
Daniel




Many thanks and kind regards for your help.


On Mon, Jul 28, 2014 at 2:38 AM, Muhammad Shahzad
mailto:shaherya...@gmail.com>> wrote:

Hi,

As the mobile voip is getting more and more popular these
days, there has been a strong opposition from GSM operators
against mobile voip apps. They often use tactics like
blocking voip ports, or detect and block voip traffic and in
some cases restricting udp traffic altoget

Re: [SR-Users] Obscuring SIP traffic and using with NoSIP

2014-07-30 Thread Muhammad Shahzad 
Thank you so much for this very useful information. I am working on first
approach for the moment since its much simpler and easier to implement with
only difference being that instead of per header or per sdp line, i plan to
do it in one go, i.e. get entire sip message in $mb (sip message buffer),
encrypt it and put it back in $mb.

- i guess randomizing registration time is already provided by kamailio.
- yes packet sizes are a concern, so i already have planned for random
padding as you mentioned.

For client app, i have a developed a basic prototype based on doubango
framework. I am hopping to release a free and open source implementation
using idoubs within next couple of months on Apple app store.

Thank you.




On Wed, Jul 30, 2014 at 12:22 PM, Daniel-Constantin Mierla <
mico...@gmail.com> wrote:

>
> On 30/07/14 06:37, Muhammad Shahzad wrote:
>
>  Humm, no reply so far, may be because my email was very long and no body
> bothered to read it all. Anyways, here is the shorter more direct version
> of it. (including kamailio dev list, since question is rather technical).
>
>  Is it possible to implement a custom SIP transport in Kamailio script
> file i.e. kamailio.cfg. The purpose is to allow experimentation with custom
> encryption algorithms such as this,
>
> https://github.com/mshary/itv
>
>  What we need is a couple of functions, one to receive incoming raw /
> encrypted data received on SIP socket, which then can be parsed / decrypted
> in kamailio.cfg (using e.g. LUA or PERL language modules etc.) and
> afterwords feed to kamailio for usual processing (as if it was normal /
> plain-text sip data received on sip socket). The second function to do the
> opposite, it receives the normal / plain-text sip data that is ready to be
> sent out from kamailio's core, encrypts it and then send it out to actual
> destination.
>
>  In case above is not possible. Can i do it in kamailio's native code?
> Any hooks / example code for reference?
>
> If you look at encrypting sip messages, look at topoh module. You can
> write a replacement for its hooks. Topoh is practically decoding the
> headers and then lets the pure SIP message go through config file
> execution. Before sending, it encodes the headers and then let it go to the
> network.
>
> This is something that should be rather straightforward to do if you are
> familiar with C code.
>
> You mentioned that using TLS can still reveal patters of being sip. You
> have to think here of ways to obfuscate even in your case of a new
> encryption method. What can be matched here:
> - periodical registrations - you can have the client (or even the server)
> to use different expires times for each registration
> - size of packages, specially if user IDs are the same or similar length
> (e.g., say everyone uses a 10 digit id), practically no matter who is
> calling who, the size will be pretty much the same because most of the
> phones I have seen so far use same set of headers. Here you can add random
> custom headers for each packet. I haven't checked the proposed encryption
> algorithm (some use random blocks implicitly to pad the data), but
> eventually you can add random data before and after the packet that you
> strip (and re-add) in topoh-replacement module
>
> The other option of having a totally different protocol than SIP should be
> possible as well. But you need to re-implement a lot (like location,
> authentication, ...). Look at msrp module for an example. This may need to
> touch core code a bit.
>
> Of course, in both cases, the client application has to be developed as
> well. Perhaps still easier if going for first option, by reusing some open
> source sip client and adding the encapsulation/decapsulation layer when
> receiving/sending to network.
>
> Cheers,
> Daniel
>
>
>
>  Many thanks and kind regards for your help.
>
>
> On Mon, Jul 28, 2014 at 2:38 AM, Muhammad Shahzad 
> wrote:
>
>>   Hi,
>>
>>  As the mobile voip is getting more and more popular these days, there
>> has been a strong opposition from GSM operators against mobile voip apps.
>> They often use tactics like blocking voip ports, or detect and block voip
>> traffic and in some cases restricting udp traffic altogether to very low
>> upload and download speeds. See below link for some details,
>>
>> http://www.linphone.org/eng/blog/linphone-over-3g.html
>>
>>  While not all the problems can be solved right now (especially the
>> limiting udp traffic, since RTP always uses udp transport) I was wondering
>> if we can at least handle the sip related problems. The most important of
>> them is SIP traffic detection. While some forks would suggest using TCP/TLS
>> to encrypt SIP traffic, it has a few problems, e.g.
>>
>>  1. It requires somewhat high resources on mobile devices, so many
>> low-end android phones simply can't use it.
>>
>>  2. There is possibility that encryption signature may identify it as SIP
>> traffic. There exists firewalls (often deployed in middle eastern
>> cou

Re: [SR-Users] Complex NAT Scenario,HELP!

2014-07-30 Thread Daniel-Constantin Mierla 

Hello,

what is ip 1.1.1.1 in your trace? I see you use it with advertise for 
listen. In that case, you don't need set advertised address function in 
routing blocks.


Few things that you should check:
- the listen on the dms address has to be with advertise of firewall 
port forwarding public address
- the rtp relay has to advertise also the firewall port forwarding 
public address
- you have to do rtp bridging -- I see you use rtpengine (or its former 
version mediaproxy-ng). I think that doesn't have support of bridging 
two ipv4 networks, you would need to run two instances, and bridge the 
local interfaces via linux config. Alternative is to use rtpproxy which 
can do bridging and you can force media ip to be firewall public address 
via rtpproxy_manage() parameter or use a patch for adding advertised 
address parameter to rtpproxy (I made one available at 
https://github.com/miconda/rtpproxy/commits/master)


Cheers,
Daniel

On 25/07/14 11:35, Agiftel wrote:

Hi all, I need help configuring a little bit complex NAT/PAT scenario. Idea
is that clients on Internet registers themselvs against kamailio and then it
routes requests to Alcatel PBX. kamailio acts also as NAT proxy ( so that
clients on internet does not need vpn connection. Something like EDGE SERVER
for MS Lync clients)
Below the scenario

Alcatel PBX: 10.9.6.3
Kamailio internal NIC: 172.16.52.240
Kamailio DMZ NIC: 10.9.23.180
PU.BL.I.C.IP: 1.2.3.4


ALCATEL PBX(LAN 10.9.6.3)--
|
|———-(LAN INT 
172.16.52.240)

|

|KAMAILIO (2 NICs)



|

|
|   
|
|(LAN dmz 
10.9.23.180)
PAT/NAT |
|firewal

|

|

PU.BL.I.C.IP


^

|

|
Client 
on internet

As you can see there is a firewall that make NAT and PAT from PU.BL.I.C.IP
to internal Kamailio DMZ nic.
natted ports are 5060 and range from 3 to 65000 ( for RTP )

I'am tryng to use kamailio.cfg that comes with installation.. Now I am
making some changes but is not working.
Internal client ( lan 172.16.52.x ), registered on kamailio, can make call
to alcatel phones and viceversa.
External client ( on internet ) can register to kamailio but cannot call
alcatel phone nor client registered on kamailio.



--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda


___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] planning the release of v4.1.5

2014-07-30 Thread Daniel-Constantin Mierla 

Hello,

I am considering to release v4.1.5 sometime next week, most likely on 
the 6th of August. Checking the 4.1 branch, there are not many fixes, 
few are on my list for backporting. That's good, indicating a high level 
of stability.


If anyone is aware of issues not reported on tracker or patches that 
have not been backported, add to the tracker or write a message to 
sr-dev mailing list.


Cheers,
Daniel

--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda


___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Kamailio on Mac

2014-07-30 Thread Daniel-Constantin Mierla 


On 30/07/14 09:50, Victor Seva wrote:

On 07/27/2014 01:46 AM, Carlos Ruiz Díaz wrote:

Hi all,

I'm switching my development environment from Linux to Mac.

Is there any tutorial on how to setup Kamailio on this OS? It may be an
Unix flavor, but it's still quite different from Linux :).

Maybe using docker can help you...
https://docs.docker.com/installation/mac/
I see docker is installing virtualbox (if I got right the the docs at 
the quick look). Then, in this direction, installing a VM with linux on 
mac will do the job as well. I use a lot of virtualbox on mac for 
testing on various linux distributions when needed.


On the other hand, anyone one here that has played with kamailio and 
docker? Any pitfalls? I noticed searching the web a reference to a 
kamailio docker container by guardianproject.


Cheers,
Daniel

--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda


___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Kamailio on Mac

2014-07-30 Thread Victor Seva 
On 07/27/2014 01:46 AM, Carlos Ruiz Díaz wrote:
> Hi all,
> 
> I'm switching my development environment from Linux to Mac. 
> 
> Is there any tutorial on how to setup Kamailio on this OS? It may be an
> Unix flavor, but it's still quite different from Linux :).

Maybe using docker can help you...
https://docs.docker.com/installation/mac/

Victor



signature.asc
Description: OpenPGP digital signature
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Obscuring SIP traffic and using with NoSIP

2014-07-30 Thread Daniel-Constantin Mierla 


On 30/07/14 06:37, Muhammad Shahzad wrote:
Humm, no reply so far, may be because my email was very long and no 
body bothered to read it all. Anyways, here is the shorter more direct 
version of it. (including kamailio dev list, since question is rather 
technical).


Is it possible to implement a custom SIP transport in Kamailio script 
file i.e. kamailio.cfg. The purpose is to allow experimentation with 
custom encryption algorithms such as this,


https://github.com/mshary/itv

What we need is a couple of functions, one to receive incoming raw / 
encrypted data received on SIP socket, which then can be parsed / 
decrypted in kamailio.cfg (using e.g. LUA or PERL language modules 
etc.) and afterwords feed to kamailio for usual processing (as if it 
was normal / plain-text sip data received on sip socket). The second 
function to do the opposite, it receives the normal / plain-text sip 
data that is ready to be sent out from kamailio's core, encrypts it 
and then send it out to actual destination.


In case above is not possible. Can i do it in kamailio's native code? 
Any hooks / example code for reference?
If you look at encrypting sip messages, look at topoh module. You can 
write a replacement for its hooks. Topoh is practically decoding the 
headers and then lets the pure SIP message go through config file 
execution. Before sending, it encodes the headers and then let it go to 
the network.


This is something that should be rather straightforward to do if you are 
familiar with C code.


You mentioned that using TLS can still reveal patters of being sip. You 
have to think here of ways to obfuscate even in your case of a new 
encryption method. What can be matched here:
- periodical registrations - you can have the client (or even the 
server) to use different expires times for each registration
- size of packages, specially if user IDs are the same or similar length 
(e.g., say everyone uses a 10 digit id), practically no matter who is 
calling who, the size will be pretty much the same because most of the 
phones I have seen so far use same set of headers. Here you can add 
random custom headers for each packet. I haven't checked the proposed 
encryption algorithm (some use random blocks implicitly to pad the 
data), but eventually you can add random data before and after the 
packet that you strip (and re-add) in topoh-replacement module


The other option of having a totally different protocol than SIP should 
be possible as well. But you need to re-implement a lot (like location, 
authentication, ...). Look at msrp module for an example. This may need 
to touch core code a bit.


Of course, in both cases, the client application has to be developed as 
well. Perhaps still easier if going for first option, by reusing some 
open source sip client and adding the encapsulation/decapsulation layer 
when receiving/sending to network.


Cheers,
Daniel



Many thanks and kind regards for your help.


On Mon, Jul 28, 2014 at 2:38 AM, Muhammad Shahzad 
mailto:shaherya...@gmail.com>> wrote:


Hi,

As the mobile voip is getting more and more popular these days,
there has been a strong opposition from GSM operators against
mobile voip apps. They often use tactics like blocking voip ports,
or detect and block voip traffic and in some cases restricting udp
traffic altogether to very low upload and download speeds. See
below link for some details,

http://www.linphone.org/eng/blog/linphone-over-3g.html

While not all the problems can be solved right now (especially the
limiting udp traffic, since RTP always uses udp transport) I was
wondering if we can at least handle the sip related problems. The
most important of them is SIP traffic detection. While some forks
would suggest using TCP/TLS to encrypt SIP traffic, it has a few
problems, e.g.

1. It requires somewhat high resources on mobile devices, so many
low-end android phones simply can't use it.

2. There is possibility that encryption signature may identify it
as SIP traffic. There exists firewalls (often deployed in middle
eastern countries) which have huge database of encryption
signatures and patterns which although may not decrypt the sip
packet but at least identify it as sip packet and block it.

Also with rough agencies of evil empires spying over millions of
users worldwide makes the current encryption standards pretty much
pointless, at least in terms of user privacy and network security.
So there is a strong need to experiment with new ideas and
concepts to regain internet freedom. Some of such ideas are,

1. Convert sip traffic which is plain text to binary format just
before transmitting it and revert it to plain text upon reception.

2. XOR the sip traffic (pretty much same as binary sip).

3. Use some very lightweight but effective / non-standard
encryption algorithm, e.g.

https://github.com/mshary/itv

All t

Re: [SR-Users] LCR

2014-07-30 Thread Juha Heinanen 
Keith writes:

> I want to do LCR based on from uri. I get I need to do regular expression
> matching but have no idea where to look to start.

see lcr module readme if lcr module from uri matching meets your needs.

-- juha

___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users