Hi all, i have Opensips on a server with two interfaces, PUBLIC and PRIVATE (172.20.x.x).
This is my opensips.cfg: ####### Routing Logic ######## route { force_rport(); if (is_method("INVITE")) { if (!get_source_group("$var(group)") ) { $var(group) = 3; /* Default value */ } # User group: # 1 = Internal VoIP subnet 172.20 # 2 = External VoIP subnet but inside Unisi context 172.16 | 10.0.0 # 3 = Outside/foreign (not allowed) xlog("L_INFO", "User group is $var(group) [$fd/$fu/$rd/$ru/$si]\n"); if ($var(group) == 2) { # Outside VoIP LAN if (is_method("REGISTER")) { fix_nated_register(); setbflag(NAT); } else { fix_nated_contact(); setflag(NAT); } } } if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; } # Verifica che l'IP provenga da una rete abilitata (address table) if (!check_address("0","$si","$sp","$proto")) { xlog("L_INFO","IP $si Forbidden"); sl_send_reply("403", "Forbidden"); } if (has_totag()) { # sequential request withing a dialog should # take the path determined by record-routing if (loose_route()) { # validate the sequential request against dialog if ( $DLG_status!=NULL && !validate_dialog() ) { xlog("In-Dialog $rm from $si (callid=$ci) is not valid according to dialog\n"); ## exit; } if (is_method("BYE")) { setflag(ACC_DO); # do accounting ... setflag(ACC_FAILED); # ... even if the transaction fails } else if (is_method("INVITE")) { # even if in most of the cases is useless, do RR for # re-INVITEs alos, as some buggy clients do change route set # during the dialog. record_route(); } if (check_route_param("nat=yes")) setflag(NAT); # route it out to whatever destination was set by loose_route() # in $du (destination URI). route(relay); } else { if (is_method("SUBSCRIBE") && $rd == "127.0.0.1:5060") { # CUSTOMIZE ME # in-dialog subscribe requests route(handle_presence); exit; } if ( is_method("ACK") ) { if ( t_check_trans() ) { # non loose-route, but stateful ACK; must be an ACK after # a 487 or e.g. 404 from upstream server t_relay(); exit; } else { # ACK without matching transaction -> # ignore and discard exit; } } sl_send_reply("404","Not here"); } exit; } # CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) t_relay(); exit; } t_check_trans(); if ( !(is_method("REGISTER") || is_from_gw() ) ) { if (is_from_local()) { if (!proxy_authorize("", "subscriber")) { proxy_challenge("", "0"); exit; } if (!db_check_from()) { sl_send_reply("403","Forbidden auth ID"); exit; } consume_credentials(); } else { if (!is_uri_host_local()) { send_reply("403","Rely forbidden"); exit; } } } # preloaded route checking if (loose_route()) { xlog("L_ERR", "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]"); if (!is_method("ACK")) sl_send_reply("403","Preload Route denied"); exit; } # record routing if (!is_method("REGISTER|MESSAGE")) record_route(); # account only INVITEs if (is_method("INVITE")) { # create dialog with timeout if ( !create_dialog("B") ) { send_reply("500","Internal Server Error"); exit; } setflag(ACC_DO); # do accounting } if (!is_uri_host_local()) { append_hf("P-hint: outbound\r\n"); route(relay); } # requests for my domain if( is_method("PUBLISH|SUBSCRIBE")) route(handle_presence); if (is_method("REGISTER")) { # authenticate the REGISTER requests if (!www_authorize("", "subscriber")) { www_challenge("", "0"); exit; } if (!db_check_to()) { sl_send_reply("403","Forbidden auth ID"); exit; } if ( 0 ) setflag(TCP_PERSISTENT); if (!save("location")) sl_reply_error(); exit; } if ($rU==NULL) { # request with no Username in RURI sl_send_reply("484","Address Incomplete"); exit; } # apply DB based aliases alias_db_lookup("dbaliases"); # do lookup with method filtering if (!lookup("location","m")) { switch ($retcode) { case -1: # Note here: check for blacklist numbers if (!check_blacklist("globalblacklist")) { sl_send_reply("403", "Forbidden"); exit; } # Check for user ACLs if($rU=~"^\0") { if(!db_is_user_in("Credentials","extern")) { xlog("L_INFO","403 - Forbidden [$fd/$fu/$rd/$ru/$si]\n"); sl_send_reply("403", "Forbidden - No permission for external calls"); exit; } } # Then route it ! cr_user_carrier("$fU", "$fd", "$avp(carrier)"); if($avp(carrier)==0) { xlog("L_INFO","Not here: default route [$fd/$fu/$rd/$ru/$si]\n"); if($(rU{s.len}) < 4) { xlog("L_ERR", "Number incomplete/failure for $rU\n"); prefix("FAIL_"); route(vmbox); } if(!cr_route("default", "$fd", "$rU", "$rU", "call_id", "$avp(host)")) { xlog("L_ERR", "Number not found for $rU\n"); prefix("FAIL_"); route(vmbox); } } else { xlog("L_INFO","Not here: user route [$fd/$fu/$rd/$ru/$si/$avp(carrier)]\n"); $avp(domain)="voip.unisi.it"; if (!cr_route("$avp(carrier)", "$avp(domain)", "$rU", "$rU","call_id", "$avp(host)")) { sl_send_reply("404", "Not found"); xlog("L_ERR", "cr_route failed\n"); exit; } } t_on_failure("missed_call"); if (!t_relay()) { sl_reply_error(); }; exit; case -3: # internal error t_newtran(); t_reply("404", "Not Found"); exit; case -2: # method not supported sl_send_reply("405", "Method Not Allowed"); exit; } } if (isbflagset(NAT)) setflag(NAT); # when routing via usrloc, log the missed calls also setflag(ACC_MISSED); route(relay); } route[relay] { # for INVITEs enable some additional helper routes if (is_method("INVITE")) { if (isflagset(NAT)) { rtpproxy_offer("ro"); } t_on_branch("per_branch_ops"); t_on_reply("handle_nat"); t_on_failure("missed_call"); } if (isflagset(NAT)) { add_rr_param(";nat=yes"); } if (!t_relay()) { send_reply("500","Internal Error"); }; exit; } # Presence route route[handle_presence] { if (!t_newtran()) { sl_reply_error(); exit; } if(is_method("PUBLISH")) { handle_publish(); } else if( is_method("SUBSCRIBE")) { handle_subscribe(); } exit; } branch_route[per_branch_ops] { xlog("new branch at $ru\n"); } onreply_route[handle_nat] { if (nat_uac_test("1")) fix_nated_contact(); if ( isflagset(NAT) ) rtpproxy_answer("ro"); # xlog("incoming reply\n"); } failure_route[missed_call] { if (t_was_cancelled()) { exit; } if (t_check_status("408|5[0-9][0-9]")) { if(!cr_route("default", "$fd", "$rU", "$rU", "call_id", "$avp(host)")){ t_reply("403", "Not allowed"); } else { revert_uri(); prefix("FAILURE_"); rewritehostport("172.20.1.5:5060"); t_relay(); } } } route[vmbox] { xlog("L_INFO","Route VMBOX [$fd/$fu/$rd/$ru/$si/]\n"); rewritehostport("172.20.1.5:5060"); route(relay); } local_route { if (is_method("BYE") && $DLG_dir=="UPSTREAM") { acc_db_request("200 Dialog Timeout", "acc"); } } SIP Signaling works but RTP (Voice) not. If i register a device like "sip:5001@10.1.65.117" call signalling works but voice not. Any hint ? Thanks, Michele -- Michele Pinassi Responsabile Telefonia di Ateneo Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi di Siena tel: 0577.(23)2169 - fax: 0577.(23)2053 Per trovare una soluzione rapida ai tuoi problemi tecnici consulta le FAQ di Ateneo, http://www.faq.unisi.it
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users