Hi Douglas,
I've recently been through the process of setting opensips up as an
authenticating relay much the same as you describe. I strip the User-Agent
header but it would be a single line to add a replacement one in after this.
I also remove remove the g711 codecs due to bandwidth limitations and change
any reference to internal IP addresses to our external IP for RTP traffic.
I've pasted the resulting config below for you to start with. Some more
knowledgable people here can probably point out any issues with it. I'm sure
I'm not handling packets on the external interface very well but without these
steps (particularly in the branch route) BYEs from the ITSP got messed up
before being passed to our PBX.
For reference:
• this is running on our router
• the external IP address is 203.31.111.19
• the internal IP address is 192.168.52.1
• the ITSP address is sip.pennytel.com
• the PBX IP address is 192.168.52.31 (I really would rather not use
this anywhere since it stuffs up using high availability, etc)
Regards,
Andrew Radke
Yuruga Nursery Pty Ltd
Clonal Solutions Australia Pty Ltd
PO Box 220
Walkamin Qld 4872
Phone: (07) 4093 3826
Fax: (07) 4093 3869
Email: andrew.ra...@yuruga.com.au
Web: www.yuruga.com.au
On 26/01/2012, at 3:58 AM, Douglas Adami wrote:
> Hello everyone, I'm new here and I go to test my settings, but I need to
> authenticate a remote server, I was reading about the UAC module, one has
> configuration examples? I can also customize the user_agent authentication
> for each record, because the service only allows specific user_agents?
>
> Thanks in advance!
>
> Regards, Doug
> _______________________________________________
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
debug=2
log_stderror=no
log_facility=LOG_LOCAL0
fork=yes
children=4
port=5060
listen=192.168.52.1
listen=203.31.111.19
mhomed=1
dns=no
rev_dns=no
disable_tcp=yes
auto_aliases=no
####### Modules Section ########
#set module path
mpath="/usr/lib/opensips/modules/"
loadmodule "rr.so"
loadmodule "tm.so"
loadmodule "uac.so"
loadmodule "xlog.so"
loadmodule "textops.so"
loadmodule "sl.so"
loadmodule "uri.so"
loadmodule "exec.so"
# ----------------- setting module-specific parameters ---------------
modparam("uac", "credential", "<userid>:sip.pennytel.com:<password>")
modparam("uac","from_restore_mode","auto")
modparam("rr", "enable_full_lr", 1)
modparam("exec", "time_to_kill", 1)
####### Routing Logic ########
# main request routing logic
route{
xlog ("L_INFO","$ci -------START main_route------\n");
xlog ("L_NOTICE","$ci $rm $ou from $si\n");
remove_hf("Proxy-Authorization");
remove_hf("User-Agent");
# Remove reference to high bandwidth codecs and internal media
addresses if appropriate
# ------------
if ( has_body("application/sdp") ) {
if ( search_body("a=rtpmap:. PCM.\/.*\n") ) {
xlog ("L_INFO","$ci Removing g711 codecs...\n");
replace_body_all("a=rtpmap:. PCM.\/.*\n", "");
}
if ( search_body("192\.168\.52\..*") ) {
xlog ("L_INFO","$ci Correcting RTP IP address...\n");
replace_body_all("192\.168\.52\..*", "203.31.111.19");
}
}
if (method == "BYE" || method == "CANCEL") {
xlog ("$ci $fU ($fn) $rm $oU\n");
}
# Loose Route
# -----------
if (loose_route()) {
xlog ("L_INFO","$ci Loose routing\n");
route(1);
return;
}
if (dst_ip == "203.31.111.19") {
xlog ("L_NOTICE", "$ci main route external: $rm $ou from $si to
$rd\n");
route(4);
xlog ("L_INFO","$ci INVITE: Recording route\n");
record_route();
route(1);
return;
}
# Call Type Processing
# --------------------
if (uri != myself) {
xlog ("L_ERR","$ci $rm $ou / $rs $rr NOT for here from $si to
$rd:\n");
xlog ("L_ERR","$ci request body: $rb\n");
sl_send_reply("404", "Won't relay calls");
return;
};
if (uri == myself) {
xlog ("L_INFO","$ci $rm for router from $si\n");
if (method == "BYE" || method == "CANCEL") {
route(1);
return;
} else if (method == "ACK") {
route(3);
return;
} else if (method == "INVITE") {
route(2);
return;
} else {
sl_send_reply("404", "Unsupported");
return;
}
};
xlog ("L_CRIT","$ci Made it to the end... SHOULD NOT BE HERE!\n");
route(1);
}
# Default Message Handling
# -----------------------
route[1] {
t_on_reply("1");
t_on_branch("1");
if (!t_relay()) {
xlog ("L_ERR","$ci Forwarding failed to $rd\n");
sl_reply_error();
} else {
xlog ("L_INFO","$ci Forwarded okay to $rd\n");
};
}
# INVITE Message Handling
# ----------------------------------
route[2] {
xlog ("$ci $fU ($fn) calling $oU\n");
exec_avp("ifconfig ppp0 | grep UP | sed 's/.* UP .*/UP/'",
"$avp(s:ppp0)");
xlog ("L_ERR", "$ci ppp0 status: $avp(s:ppp0)\n");
if ( $avp(s:ppp0) != "UP" ) {
xlog ("L_ERR", "$ci Internet connection (ppp0) is down. Cannot
place call.\n");
sl_send_reply("404", "Internet down. Cannot place call.");
return;
}
xlog ("L_INFO","$ci INVITE: Recording route\n");
record_route();
if (t_newtran()) {
xlog ("L_INFO","$ci INVITE: created new transaction\n");
t_reply("183","Trying internet call...");
}
xlog ("L_INFO","$ci Forwarding request to sip.pennytel.com\n");
rewritehost("sip.pennytel.com");
t_on_failure("1");
route(1);
return;
}
# ACK Message Handling
# ----------------------------------
route[3] {
# ACK sent to router to be forwarded to ITSP
rewritehost("sip.pennytel.com");
route(1);
return;
}
route[4] {
xlog ("L_INFO","$ci -------START external packet------\n");
$var(i) = 0;
$var(dest) = "";
while ( $var(i) < 10 ) {
if ( $var(dest) == "" && $(hdr(Route)[$var(i)]) != NULL ) {
$var(route) = $(hdr(Route)[$var(i)]);
$var(route) = $(var(route){s.select,0,;});
$var(route) = $(var(route){s.select,1,:});
xlog ("L_INFO","$ci Route $var(i): $var(route)\n");
if ( $var(route) != "203.31.111.19" && $var(route) !=
"192.168.52.1" ) {
xlog ("L_INFO","$ci Found next route:
$var(route)\n");
$var(dest) = $var(route);
}
}
$var(i) = $var(i) + 1;
}
if ( $var(dest) == "" ) {
$var(dest) = "192.168.52.31";
xlog ("L_ERR","$ci Using fallback next route of $var(dest)\n");
}
if ( $rd != $var(dest) ) {
xlog ("L_NOTICE", "$ci Changing next route from $rd to
$var(dest)\n");
$rd = $var(dest);
}
xlog ("L_INFO", "$ci Next route: $rd\n");
xlog ("L_INFO","$ci -------END external packet------\n");
}
failure_route[1] {
xlog ("L_INFO","$ci -------START failure_route------\n");
if (t_check_status("40[17]")) {
xlog ("L_INFO","$ci Authentication requested\n");
if (uac_auth()) {
xlog ("L_INFO","$ci Authentication successfull\n");
t_relay("udp:sip.pennytel.com");
} else {
xlog ("L_CRIT","$ci Authentication FAILED\n");
}
}
xlog ("L_INFO","$ci -------END failure_route------\n");
}
onreply_route[1] {
xlog ("L_INFO","$ci -------START onreply_route------\n");
xlog ("L_INFO","$ci $rs $rr from $si\n");
if (t_check_status("183")) {
if (subst_uri('/Session Progress/Ringing.../i') ) {
xlog ("L_INFO","$ci Changing 'Session Progress' to
'Ringing...'");
}
replace("Session Progress", "Ringing..."); # Doesn't work
because it's not inside the body
#drop();
}
xlog ("L_INFO","$ci -------END onreply_route------\n");
}
branch_route[1] {
xlog ("L_INFO","$ci -------START branch_route------\n");
xlog ("L_INFO","$ci SIP Request's original URI: $ou\n");
xlog ("L_INFO","$ci SIP Request's URI: $ru\n");
xlog ("L_INFO","$ci Destination URI: $du\n");
if ( $oU != NULL && subst_uri('/^sip:([^@]+)(;.*|)$/sip:$oU@\1\2/i') ) {
xlog ("L_NOTICE","$ci adding extension ($oU) back in to uri");
}
if (dst_ip == "203.31.111.19") {
xlog ("L_NOTICE", "$ci branch route external: $rm $ou from $si
to $rd\n");
route(4);
}
xlog ("L_INFO","$ci -------END branch_route------\n");
}
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
