Hi. Please help. We have: One MGW: Cisco AS5350 UserID=telephone number and registration on OpenSips through MySQL Call to PSTN pass through MGW with prefix 9999:
Now, such a scheme works: (UAC )---->sip----->Opensips 1.7--->SIP--->MGW Cisco 85.85.85.95 85.85.85.85 85.85.85.11 RTP----------------------------------------------------------->MGW Cisco-------->PSTN Here is an example CFG-file that works now: The message "183" prefix and visible IP gateway. And that could be a threat of fraud. Here: if you use the function topology_hiding (); it does not happen a fair exchange: "BYE" comes to the message "404", "Not here" rather than "200 OK" I use client_nat_test to cut off all requests for registration are NAT, but it does not work! port=5060 listen=udp:85.85.85.85:5060 #Opensips-server route{ if (has_totag()) { if (loose_route()) { if (is_method("BYE")) { setflag(1); setflag(3);} else if (is_method("INVITE")) { #topology_hiding(); record_route(); } route(1);} else { if ( is_method("ACK") ) { if ( t_check_trans() ) { t_relay(); exit;} else { exit; }} sl_send_reply("404","Not here"); } exit; } #initial requests if (is_method("CANCEL")){ if (t_check_trans()) t_relay(); exit;} t_check_trans(); # authenticate if from local subscriber (uncomment to enable auth) # authenticate all initial non-REGISTER request that pretend to be # generated by local subscriber (domain from FROM URI is local) if (!(method=="REGISTER") && from_uri==myself) #/*no multidomain version*/ {if (!proxy_authorize("", "subscriber")) {proxy_challenge("", "0"); exit;} if (!db_check_from()) {sl_send_reply("403","Forbidden auth ID"); exit;} consume_credentials(); } # preloaded route checking if (loose_route()) {xlog("L_ERR","Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]"); if (!is_method("ACK")) sl_send_reply("403","Preload Route denied"); exit; } # record routing if (!is_method("REGISTER|MESSAGE")) record_route(); # account only INVITEs if (is_method("INVITE")) { # if (!src_ip=="85.85.85.11") #CISCO MGW IP #{ # topology_hiding(); # } setflag(1); # do accounting } if (!uri==myself) ## replace with following line if multi-domain support is used { route(1);} # requests for my domain if (is_method("PUBLISH")){ sl_send_reply("503", "Service Unavailable"); exit;} if (is_method("REGISTER")){ # if(client_nat_test("3")) # { # sl_send_reply("403", "Not working NAT"); # exit; # } # authenticate the REGISTER requests (uncomment to enable auth) if (!www_authorize("", "subscriber")) { www_challenge("", "0"); exit;} if (!db_check_to()) { sl_send_reply("403","Forbidden auth ID"); exit;} if (!save("location")) sl_reply_error(); exit; } if ($rU==NULL) { # request with no Username in RURI sl_send_reply("484","Address Incomplete"); exit; } # do lookup with method filtering if ((src_ip=="85.85.85.11") && (!lookup("location"))) { switch ($retcode) { case -1: case -3: t_newtran(); t_reply("404", "Not Found"); exit; case -2: sl_send_reply("405", "Method Not Allowed"); exit; }} # when routing via usrloc, log the missed calls also setflag(2); if (src_ip=="85.85.85.11") { route(1);} route(3); } route[1] { # for INVITEs enable some additional helper routes if (is_method("INVITE")) { t_on_branch("2"); t_on_reply("2"); t_on_failure("1");} if (!t_relay()) { sl_reply_error();}; exit;} #################################################### route[3] { prefix("9999"); rewritehostport("85.85.85.11:5060"); if (!t_relay()) { sl_reply_error(); };exit; } #################################################### branch_route[2] { xlog("new branch at $ru\n");} onreply_route[2] { xlog("incoming reply\n"); } failure_route[1] { if (t_was_cancelled()) {exit;}} It's not safe, it's necessary to build a new wiring diagram: (UAC )--->sip,RTP---->(Opensips--->rtp,SIP------>)----->MGW Cisco--->PSTN 85.85.85.95 (85.85.85.85 192.168.0.2) 192.168.0.3 questions: 1. to hide the network topology from the users (can be used dialog module, function: topology_hiding?) 2. hide RTP traffic to MGW for Opensips-server (can be used MediaProxy or rtpproxy)? 3. Cut off all who are NAT!!! Please, give examples opensips.cfg-file ?
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users