Re: [OpenSIPS-Users] How to overcome SIP ALG on Wi-Fi routers

2016-05-02 Thread Russell Treleaven 
TCP works for me.
On May 2, 2016 8:43 PM, "Nabeel"  wrote:

> Thanks for the suggestions of using TLS or changing the port. I changed
> the port, but some routers are still able to mess with the SIP headers. I
> would have used TLS, if not for two reasons:
>
> 1. ICE protocol was originally designed for UDP according to RFC5245, and
> it seems to work better with UDP.
>
> 2. The SIP servers I have used (OpenSIPS and Repro) seem to be more stable
> with UDP compared to TLS (they do not randomly drop connections, throw
> unusual errors in the logs, etc.)
>
> I may try TLS again, but it would be better if there is an alternative
> workaround for UDP.
>
> On 2 May 2016 at 13:33, Patrick Wakano  wrote:
>
>> Using TLS!
>> Also configuring your systems/devices to use other port than 5060 may do
>> the trick...
>>
>> On Mon, May 2, 2016 at 9:14 AM, Nabeel  wrote:
>>
>>> Hi,
>>>
>>> Other than using rtpproxy/NAThelper modules, is there any way to
>>> bypass/workaround SIP ALG enabled on many WiFi routers? Although SIP ALG
>>> was designed to help with NAT, in most cases it does the opposite and
>>> breaks SIP.
>>>
>>> Nabeel
>>>
>>> ___
>>> Users mailing list
>>> Users@lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>> ___
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] How to overcome SIP ALG on Wi-Fi routers

2016-05-02 Thread Nabeel 
Thanks for the suggestions of using TLS or changing the port. I changed the
port, but some routers are still able to mess with the SIP headers. I would
have used TLS, if not for two reasons:

1. ICE protocol was originally designed for UDP according to RFC5245, and
it seems to work better with UDP.

2. The SIP servers I have used (OpenSIPS and Repro) seem to be more stable
with UDP compared to TLS (they do not randomly drop connections, throw
unusual errors in the logs, etc.)

I may try TLS again, but it would be better if there is an alternative
workaround for UDP.

On 2 May 2016 at 13:33, Patrick Wakano  wrote:

> Using TLS!
> Also configuring your systems/devices to use other port than 5060 may do
> the trick...
>
> On Mon, May 2, 2016 at 9:14 AM, Nabeel  wrote:
>
>> Hi,
>>
>> Other than using rtpproxy/NAThelper modules, is there any way to
>> bypass/workaround SIP ALG enabled on many WiFi routers? Although SIP ALG
>> was designed to help with NAT, in most cases it does the opposite and
>> breaks SIP.
>>
>> Nabeel
>>
>> ___
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Memory fragments

2016-05-02 Thread Alex Balashov 

On 05/02/2016 05:08 PM, Dragomir Haralambiev wrote:


I have registration activity with Radius asin


So, why do you expect fragmentation from time to time as the OpenSIPS 
memory manager allocates and frees SHM blocks?


--
Alex Balashov | Principal | Evariste Systems LLC
1447 Peachtree Street NE, Suite 700
Atlanta, GA 30309
United States

Tel: +1-800-250-5920 (toll-free) / +1-678-954-0671 (direct)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Memory fragments

2016-05-02 Thread Dragomir Haralambiev 
I have registration activity with Radius asin

2016-05-02 23:44 GMT+03:00 Alex Balashov :

> On 05/02/2016 04:22 PM, Dragomir Haralambiev wrote:
>
> Opensips has not routed any calls.
>>
>
> Has it done anything else, including passive registration activity or any
> periodic database-bound synchronisation tasks?
>
> --
> Alex Balashov | Principal | Evariste Systems LLC
> 1447 Peachtree Street NE, Suite 700
> Atlanta, GA 30309
> United States
>
> Tel: +1-800-250-5920 (toll-free) / +1-678-954-0671 (direct)
> Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Memory fragments

2016-05-02 Thread Bogdan-Andrei Iancu 

Hi Dragomir,

And there is no activity at all on that opensips ? nothing at all ? no 
traffic ?


Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 02.05.2016 23:22, Dragomir Haralambiev wrote:

Hello,

I have monitoring memory segments of Opensips 2.2.

For the past 4 days memory fragment has increased from 940 to 1295.
Opensips has not routed any calls.

Is this normaly?

Regards,
Dragomir


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Memory fragments

2016-05-02 Thread Alex Balashov 

On 05/02/2016 04:44 PM, Alex Balashov wrote:

On 05/02/2016 04:22 PM, Dragomir Haralambiev wrote:


Opensips has not routed any calls.


Has it done anything else, including passive registration activity or
any periodic database-bound synchronisation tasks?


Also, what about passively deflecting the SIPvicious-es of the world?

--
Alex Balashov | Principal | Evariste Systems LLC
1447 Peachtree Street NE, Suite 700
Atlanta, GA 30309
United States

Tel: +1-800-250-5920 (toll-free) / +1-678-954-0671 (direct)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Memory fragments

2016-05-02 Thread Alex Balashov 

On 05/02/2016 04:22 PM, Dragomir Haralambiev wrote:


Opensips has not routed any calls.


Has it done anything else, including passive registration activity or 
any periodic database-bound synchronisation tasks?


--
Alex Balashov | Principal | Evariste Systems LLC
1447 Peachtree Street NE, Suite 700
Atlanta, GA 30309
United States

Tel: +1-800-250-5920 (toll-free) / +1-678-954-0671 (direct)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] Memory fragments

2016-05-02 Thread Dragomir Haralambiev 
Hello,

I have monitoring memory segments of Opensips 2.2.

For the past 4 days memory fragment has increased from 940 to 1295.
Opensips has not routed any calls.

Is this normaly?

Regards,
Dragomir
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] How to overcome SIP ALG on Wi-Fi routers

2016-05-02 Thread Patrick Wakano 
Using TLS!
Also configuring your systems/devices to use other port than 5060 may do
the trick...

On Mon, May 2, 2016 at 9:14 AM, Nabeel  wrote:

> Hi,
>
> Other than using rtpproxy/NAThelper modules, is there any way to
> bypass/workaround SIP ALG enabled on many WiFi routers? Although SIP ALG
> was designed to help with NAT, in most cases it does the opposite and
> breaks SIP.
>
> Nabeel
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] How to overcome SIP ALG on Wi-Fi routers

2016-05-02 Thread Nabeel 
Hi,

Other than using rtpproxy/NAThelper modules, is there any way to
bypass/workaround SIP ALG enabled on many WiFi routers? Although SIP ALG
was designed to help with NAT, in most cases it does the opposite and
breaks SIP.

Nabeel
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Nathelper module doesn't send OPTIONS keepalive

2016-05-02 Thread Julian Santer 

Hi guys,

my mistake was to configure the nathelper module on edge server.
As it has to use the usrloc module and the usrloc module is on the core server.

So I have loaded now the nathelper module on the core server:

loadmodule "usrloc.so"
modparam("usrloc", "user_column",   "username")
...

loadmodule "nathelper.so"
modparam("nathelper", "natping_interval", 10)
modparam("nathelper", "ping_nated_only", 0)
modparam("nathelper", "natping_partitions", 1)
modparam("nathelper", "sipping_bflag", 8)
modparam("nathelper", "sipping_from", "sip:keepal...@lab.rolvoice.it")
modparam("nathelper", "sipping_method", "OPTIONS")

route[R_REGISTER]
{
if (! save("LOCATION_TABLE", "vp1"))
{
xlog("L_ERR", "Saving contact from EDGE failed - LF_BASE");
exit;
}
xlog("L_INFO", "Saving contact received from EDGE, replicate to 
REGISTRAR_FAILOVER - LF_BASE");

if (proto == UDP)
{
setbflag(8);
xlog("L_INFO", "Nat keepalive sip_ping_flag - LF_BASE");
}

In log I see:
May  2 12:42:59 core2 OpenSIPS[34111]: Saving contact received from EDGE - M=REGISTER RURI=sip:1.2.3.5 F=sip:dev-lab1@domain T=sip:dev-lab1@domain 
SRC=1.2.3.4:5060 UAC=snom760/8.7.5.35 ID=3134363034303936373734333636-kohhuu6fsruo B=
May  2 12:42:59 core2 OpenSIPS[34111]: Nat keepalive sip_ping_flag - M=REGISTER RURI=sip:1.2.3.5 F=sip:dev-lab1@domain T=sip:dev-lab1@domain 
SRC=1.2.3.4:5060 UAC=snom760/8.7.5.35 ID=3134363034303936373734333636-kohhuu6fsruo B=


For tests I set the ping_nated_only to 0, so all clients should receive a 
keepalive.
I hoped that the core sends now:
- OPTIONS with data from usrloc
- uses the path from usrloc to send the OPTIONS to the edge server, and then I 
could relay to the client

But the core sends now the 4 bytes (zero filled) UDP packages to the edge 
server.
Why the nathelper module doesn't use the usrloc?
Maybe you could give a hint, what is missing in the config.

Kind regards,
Julian Santer
Raiffeisen OnLine

Am 03.03.2016 um 17:05 schrieb Julian Santer:

Hi guys,

we tried to switch from nat_traversal to nathelper.
The reason is the keepalive mechanism.

The nat_traversal module sends OPTIONS with the following to header: 
sip:UAC_IP:UAC_PORT
Most of the UAC's answers with a 404 Not found.
On AVM Fritzbox with firmware >= 6.04, this OPTIONS may activate a security 
feature.
So after a certain time, the Fritzbox blocks all packages send from our proxy.
As we have ca. 80% AVM Fritzbox as UAC, we got a big problem.
So we deactivated the nat_keepalive vor this UAC's and we have to enable the 
keepalive Feature on the Fritzbox.

The better solution would be, if we could send OPTIONS with a to header like: 
sip:username@UAC_IP:UAC_PORT.
As I understood the nathelper module could send OPTIONS like this. Because it 
is looking into the userloc table. Right?

The nathelper module is on our edge server, the registrar on our core server.
The problem now is, that the module does not sends any OPTIONS at all.

We are using the version 2.1.2 from git. Last pull on 2016/03/01.

The nathelper config looks like:
 nathelper module
loadmodule "nathelper.so"
modparam("nathelper", "natping_interval", 56)
modparam("nathelper", "ping_nated_only", 0)
modparam("nathelper", "natping_partitions", 1)
modparam("nathelper", "natping_socket", "IP_PROXY:5060")
modparam("nathelper", "sipping_bflag", "SIP_PING_FLAG")
modparam("nathelper", "sipping_from", "sip:keepalive@DEFAULT_REALM")
modparam("nathelper", "sipping_method", "OPTIONS")
modparam("nathelper", "nortpproxy_str", "")
modparam("nathelper", "natping_tcp", 0)

For the test, in the register route I tried to set always the sipping_bflag:
if (proto == UDP)
{
 setbflag(SIP_PING_FLAG);
 xlog("L_INFO", "Nat keepalive sip_ping_flag - LF_BASE");
}

But in my traces I can't find any OPTIONS send by the nathelper module.
Could you give me a hint?

Kind regards,
Julian Santer
Raiffeisen OnLine






___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Re-Invite routed to private IP

2016-05-02 Thread Julian Santer 

Hi John,

I investigated some traces from our old platform and I found a call
with a private VIA and the Re-Invite is done correctly.
You can find the trace here: http://siptrace.rolbox.net/ok.html
The trace with the broken Re-Invite here: http://siptrace.rolbox.net/ko.html

Kind regards,
Julian Santer
Raiffeisen OnLine

Am 29.04.2016 um 15:56 schrieb Johan De Clercq:

I don;t think so : force_rport just adds the port on which you receive to the 
first via header.

2016-04-29 15:36 GMT+02:00 Julian Santer >:

We are using 2.1.2
So we made a "huge" version update and also changed the kind of working

Am 29.04.2016 um 14:27 schrieb Johan De Clercq:

What version do you use in your new install ?

2016-04-29 13:12 GMT+02:00 Julian Santer 
>>:

 Hi Johan,

 we changed our platform 2 weeks ago from 1 OpenSips Proxy 1.6.4 to 
3 OpenSips instances with topology hiding.
 Since we didn't have this problems earlier, I think it worked with 
the old platform.
 As we call force_rport() in the main_route, the private IP in the 
VIA header should be ignored, right?
 At the moment we call force_rport() in all our instances.
 I think, we should call force_rport() only on the edge server 
where we make the nat_handling, right?

 Kind regards,
 Julian Santer
 Raiffeisen OnLIne


 Am 29.04.2016 um 10:10 schrieb Johan De Clercq:

 Indeed.


 2016-04-29 9:49 GMT+02:00 Julian Santer 
>
   >
  >>
  
>

 :

   Hi guys,

   we are using OpenSips 2.1.2 with topology_hiding.
   Now we got trouble with Re-Invites, which are routed to 
the private IP from the "from".
   The topology_hiding matches, but the Re-Invite is sent to 
the private IP from the "from".
   Have we to call lookup again on the 
registrar/core, when we got a Re-Invite?
   You can find the trace under 
http://siptrace.rolbox.net/siptrace.html

   Kind regards,
   Julian Santer
   Raiffeisen OnLine


   ___
   Users mailing list
Users@lists.opensips.org 
>
 
>>
   
>
  >/p...@public.gmane.orgsips.org

Re: [OpenSIPS-Users] Dynamic Routing module issue with srip

2016-05-02 Thread Michele Pinassi 
Thanks Bogdan for your prompt reply but seems that don't work as
expected: i need to strip leading '0' from called R-URI and To !

Just to help, i try to describe better my context:

for any external calls, i use route[pstn]:

route[pstn] {
# Default outbound carrier
$var(carrier) = "pstn";

# Need to route to specific carrier ?
if(avp_db_load("$fu","$avp(out_carrier)")) {
$var(carrier) = $avp(out_carrier);
   # Remove leading zero
subst_uri('/sip:0(.*)@(.*)/sip:\1@\2/g');
subst('/^To:(.*)sip:0(.*)@(.*)/sip:\1@\2/g'); < Seems that
don't work !!!
}
   
# Need to map outbound caller number ?
if(avp_db_load("$fu","$avp(out_number_map)")) {
   
uac_replace_from("$avp(out_number_map)","sip:$avp(out_number_map)@$Ri");
append_hf("P-Asserted-Identity:
\r\n");
}

xlog("L_INFO","$ci - Route via $var(carrier) from $fU to $tU (RURI:
$ru)\n");

if(route_to_carrier("$var(carrier)")) {
t_on_failure("next_gw");
t_relay();
exit;
}
}

Here are dynamic routing tables:

dr gateways
++---+--+-+---++---++---+++
| id | gwid  | type | address | strip | pri_prefix | attrs |
probe_mode | state | socket | description|
++---+--+-+---++---++---+++
|  2 | mediabox1 |1 | 172.y.x.x  | 0 | NULL   | NULL 
|  2 | 0 || Mediabox gateway   |
|  1 | pstn1 |1 | 172.y.x.z  | 0 | NULL   | NULL 
|  2 | 0 || Patton GW to MD110 |
|  5 | toip1 |1 | 172.w.x.r | 1 | NULL   | NULL 
|  2 | 0 || Trunk VoIP Fastweb |
|  6 | toip2 |1 | 172.w.x.f | 1 | NULL   | NULL 
|  2 | 0 || Trunk VoIP Fastweb |
++---+--+-+---++---++---+++
dr groups
++--++-+---+
| id | username | domain | groupid | description   |
++--++-+---+
|  1 | .*   | .* |   1 | PSTN  |
|  2 | .*   | .* |   2 | Asterisk mediabox |
|  5 | .*   | .* |   3 | Trunk TOIP|
++--++-+---+
dr carriers
++---+-+---+---+---+-+
| id | carrierid | gwlist  | flags | state | attrs |
description |
++---+-+---+---+---+-+
|  6 | legacy| pstn1   | 1 | 0 |   | Carrier to
legacy MD110 |
|  2 | mediabox  | mediabox1   | 1 | 0 |   | Carrier to
MEDIA BOX|
|  1 | pstn  | pstn1   | 1 | 0 |   | Carrier to
PSTN |
|  5 | toip  | toip1,toip2 | 1 | 0 |   | Carrier to
Trunk TOIP   |
++---+-+---+---+---+-+
dr rules
++-++-+--+-+-+---+---+
| ruleid | groupid | prefix | timerec | priority | routeid | gwlist 
| attrs | description   |
++-++-+--+-+-+---+---+
|  1 | 1   || |  100 | NULL| pstn1  
| NULL  | Default route to PSTN |
|  2 | 2   || |  100 | NULL| mediabox1  
| NULL  | Route to MEDIA BOX|
|  6 | 3   || |  100 | NULL| toip1,toip2
| NULL  | VoIP Trunk|

When someone call 00 and need to get out via "toip" carrier,
just for example, i need to strip out first 0...

Thanks, Michele

Il 29/04/2016 15:59, Bogdan-Andrei Iancu ha scritto:
> Hi Michele,
>
> the per-gw ops are done in all the routing scenarios (per prefix, per
> carrier, etc). Are you sure your call is routed via that GW ? try to
> print in cfg the GW ID to see it the right GW is used.
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
> On 29.04.2016 12:02, Michele Pinassi wrote:
>> Hi all,
>>
>> on my OpenSIPS 1.11.6 i use dymanic module routing to magare multiple
>> routes. I need to strip a number for particular gateways and, following
>> manual, i set to '1' the 'strip' field in dr_gateways table.
>>
>> But, using function "route_to_carrier" to manage carrier routing, i get
>> no number strip...
>>
>> Maybe i'm missing something ?
>>
>> Thanks, Michele
>>
>

-- 
Michele Pinassi
Responsabile Telefonia di Ateneo
Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi di Siena
tel: 0577.(23)5000 - central...@unisi.it

Per trovare una soluzione rapida ai tuoi problemi tecnici