Hi,
if /a.a.a.a/ is PublicIP and /b.b.b.b/ is Private IP ; where c.c.c.c
is another Private IP address then you just need to enable multihome
param "*mhomed=1" *in your opensips.cfg script and OpenSIPS should
take care of relaying the packet our with proper SIP headers, the
selection of the interface to "c.c.c.c" will be done automatically if
the Operating System's IP routes are configured properly i.e b.b.b.b
can reach c.c.c.c.
Next up is the rpproxy engagement, you'll need to do couple of things
for that.
1 - start RTPproxy in bridging mode i.e -l a.a.a.a/b.b.b.b
2 - in your opensips.cfg you've to explicitly tell the rtpproxy which
direction this call is flowing by use of flags and other functions.
i.e
if(call-from-WAN->LAN)
* rtpproxy_engage("ei");*
if(call-from-LAN->WAN)
* rtpproxy_engage("ie");*
You might need additional flags in there as this is just an example.
Hope this helps.
Regards,
Sammy
On Tue, Jan 7, 2020 at 8:22 PM Matthew Schumacher <s...@schu.net
<mailto:s...@schu.net>> wrote:
Hello all,
I'm trying to setup an SBC of sorts so that I can have users
authenticate to opensips using a public interface, then have opensips
relay and rtpproxy that request to a private sip host.
Something like this:
public sip client ---(proxy authetication)--> aa.aa.aa.aa
bb.bb.bb.bb <http://bb.bb.bb.bb>
----(sip trunk auth by ip) ---> cc.cc.cc.cc <http://cc.cc.cc.cc>
(inside sip gateway)
Where aa.aa.aa.aa and bb.bb.bb.bb <http://bb.bb.bb.bb> live on the
same host.
I used osipsconfig with use_auth, use_dbacc, use_dbusrloc,
use_dialog,
use_multidomain, use_dialplan, have_inbound_pstn, have_outbound_pstn
I then took the config it created and added rtpproxy module and
config
as well as force_send_socket() because when it sent sip to
cc.cc.cc.c it
was sourcing from aa.aa.aa.aa instead of bb.bb.bb.bb
<http://bb.bb.bb.bb>.
It almost works, and actually works with one way audio from
cc.cc.cc.cc <http://cc.cc.cc.cc>
through the proxy to the client, but opensips tells the client
that the
audio is at cc.cc.cc.cc <http://cc.cc.cc.cc> which doesn't route.
What's the best way to do multi homing? opensips seems fairly
straight
forward with a single IP address, but things got complicated fast
when I
added a second IP.
I would just use b2b_init_request("top hiding"); but I get lots of
loops
when I do that.
Thanks,
Matt
####### Global Parameters #########
log_level=4
log_stderror=yes
log_facility=LOG_LOCAL0
children=4
/* uncomment the following lines to enable debugging */
#debug_mode=yes
/* uncomment the next line to enable the auto temporary
blacklisting of
not available destinations (default disabled) */
#disable_dns_blacklist=no
/* uncomment the next line to enable IPv6 lookup after IPv4 dns
lookup failures (default disabled) */
#dns_try_ipv6=yes
/* comment the next line to enable the auto discovery of local aliases
based on reverse DNS on IPs */
auto_aliases=no
listen=udp:bb.bb.bb.bb:5060 <http://bb.bb.bb.bb:5060> # CUSTOMIZE ME
listen=udp:aa.aa.aa.aa:5060 # CUSTOMIZE ME
####### Modules Section ########
#set module path
mpath="/usr/lib64/opensips/modules/"
#### SIGNALING module
loadmodule "signaling.so"
#### StateLess module
loadmodule "sl.so"
#### Transaction Module
loadmodule "tm.so"
modparam("tm", "fr_timeout", 5)
modparam("tm", "fr_inv_timeout", 30)
modparam("tm", "restart_fr_on_each_reply", 0)
modparam("tm", "onreply_avp_mode", 1)
#### Record Route Module
loadmodule "rr.so"
/* do not append from tag to the RR (no need for this script) */
modparam("rr", "append_fromtag", 0)
#### MAX ForWarD module
loadmodule "maxfwd.so"
#### SIP MSG OPerationS module
loadmodule "sipmsgops.so"
#### FIFO Management Interface
loadmodule "mi_fifo.so"
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
modparam("mi_fifo", "fifo_mode", 0666)
#### PGSQL module
loadmodule "db_postgres.so"
#### HTTPD module
loadmodule "httpd.so"
modparam("httpd", "port", 8888)
#### USeR LOCation module
loadmodule "usrloc.so"
modparam("usrloc", "nat_bflag", "NAT")
modparam("usrloc", "db_mode", 2)
modparam("usrloc", "db_url",
"postgres://opensips:longpassword@localhost/opensips") #
CUSTOMIZE ME
#### REGISTRAR module
loadmodule "registrar.so"
modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")
/* uncomment the next line not to allow more than 10 contacts per
AOR */
#modparam("registrar", "max_contacts", 10)
#### ACCounting module
loadmodule "acc.so"
/* what special events should be accounted ? */
modparam("acc", "early_media", 0)
modparam("acc", "report_cancels", 0)
/* by default we do not adjust the direct of the sequential requests.
if you enable this parameter, be sure the enable "append_fromtag"
in "rr" module */
modparam("acc", "detect_direction", 0)
modparam("acc", "db_url",
"postgres://opensips:longpassword@localhost/opensips") #
CUSTOMIZE ME
#### AUTHentication modules
loadmodule "auth.so"
loadmodule "auth_db.so"
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("auth_db", "db_url",
"postgres://opensips:longpassword@localhost/opensips") #
CUSTOMIZE ME
modparam("auth_db", "load_credentials", "")
#### DOMAIN module
loadmodule "domain.so"
modparam("domain", "db_url",
"postgres://opensips:longpassword@localhost/opensips") #
CUSTOMIZE ME
modparam("domain", "db_mode", 1) # Use caching
modparam("auth_db|usrloc", "use_domain", 1)
#### DIALOG module
loadmodule "dialog.so"
modparam("dialog", "dlg_match_mode", 1)
modparam("dialog", "default_timeout", 21600) # 6 hours timeout
modparam("dialog", "db_mode", 2)
modparam("dialog", "db_url",
"postgres://opensips:longpassword@localhost/opensips") #
CUSTOMIZE ME
#### DIALPLAN module
loadmodule "dialplan.so"
modparam("dialplan", "db_url",
"postgres://opensips:longpassword@localhost/opensips") #
CUSTOMIZE ME
#### MI_HTTP module
loadmodule "mi_http.so"
modparam("mi_http", "root", "json")
loadmodule "proto_udp.so"
loadmodule "proto_tcp.so"
loadmodule "rtpproxy.so"
modparam("rtpproxy", "rtpproxy_sock",
"unix:/var/run/rtpproxy.sock") #
CUSTOMIZE ME
loadmodule "json.so"
loadmodule "jsonrpc.so"
loadmodule "event_jsonrpc.so"
####### Routing Logic ########
# main request routing logic
route{
if (!mf_process_maxfwd_header(10)) {
send_reply(483,"Too Many Hops");
exit;
}
if (has_totag()) {
# handle hop-by-hop ACK (no routing required)
if ( is_method("ACK") && t_check_trans() ) {
t_relay();
exit;
}
# sequential request within a dialog should
# take the path determined by record-routing
if ( !loose_route() ) {
# we do record-routing for all our traffic, so we
should not
# receive any sequential requests without Route hdr.
send_reply(404,"Not here");
exit;
}
# validate the sequential request against dialog
if ( $DLG_status!=NULL && !validate_dialog() ) {
xlog("In-Dialog $rm from $si (callid=$ci) is not valid
according to dialog\n");
## exit;
}
if (is_method("BYE")) {
# do accounting even if the transaction fails
do_accounting("db","failed");
}
# route it out to whatever destination was set by
loose_route()
# in $du (destination URI).
route(relay);
exit;
}
# CANCEL processing
if (is_method("CANCEL")) {
if (t_check_trans())
t_relay();
exit;
}
# absorb retransmissions, but do not create transaction
t_check_trans();
if ( !(is_method("REGISTER") || ($si==cc.cc.cc.cc
<http://cc.cc.cc.cc> && $sp==5060 /*
CUSTOMIZE ME */) ) ) {
if (is_myself("$fd")) {
# authenticate if from local subscriber
# authenticate all initial non-REGISTER request that
pretend to be
# generated by local subscriber (domain from FROM URI
is local)
if (!proxy_authorize("", "subscriber")) {
proxy_challenge("", 0);
exit;
}
if ($au!=$fU) {
send_reply(403,"Forbidden auth ID");
exit;
}
consume_credentials();
# caller authenticated
} else {
# if caller is not local, then called number must be
local
if (!is_myself("$rd")) {
send_reply(403,"Relay Forbidden");
exit;
}
}
}
# preloaded route checking
if (loose_route()) {
xlog("L_ERR",
"Attempt to route with preloaded Route's
[$fu/$tu/$ru/$ci]");
if (!is_method("ACK"))
send_reply(403,"Preload Route denied");
exit;
}
# record routing
if (!is_method("REGISTER|MESSAGE"))
record_route();
# account only INVITEs
if (is_method("INVITE")) {
# create dialog with timeout
if ( !create_dialog("B") ) {
send_reply(500,"Internal Server Error");
exit;
}
do_accounting("db");
}
if (!is_myself("$rd")) {
append_hf("P-hint: outbound\r\n");
route(relay);
}
# requests for my domain
if (is_method("PUBLISH|SUBSCRIBE")) {
send_reply(503, "Service Unavailable");
exit;
}
if (is_method("REGISTER")) {
# authenticate the REGISTER requests
if (!www_authorize("", "subscriber")) {
www_challenge("", 0);
exit;
}
if ($au!=$tU) {
send_reply(403,"Forbidden auth ID");
exit;
}
if ($proto == "tcp")
setflag(TCP_PERSISTENT);
if (!save("location"))
sl_reply_error();
exit;
}
if ($rU==NULL) {
# request with no Username in RURI
send_reply(484,"Address Incomplete");
exit;
}
# apply transformations from dialplan table
dp_translate( 0, "$rU", $rU);
if ($rU=~"^\+[1-9][0-9]+$") {
$rd="cc.cc.cc.cc <http://cc.cc.cc.cc>"; # CUSTOMIZE ME
$rp=5060;
force_send_socket(udp:bb.bb.bb.bb:5060
<http://bb.bb.bb.bb:5060>);
rtpproxy_engage();
route(relay);
exit;
}
# do lookup with method filtering
if (!lookup("location","m")) {
if (!db_does_uri_exist("$ru","subscriber")) {
send_reply(420,"Bad Extension");
exit;
}
t_reply(404, "Not Found");
exit;
}
# when routing via usrloc, log the missed calls also
do_accounting("db","missed");
route(relay);
}
route[relay] {
# for INVITEs enable some additional helper routes
if (is_method("INVITE")) {
t_on_branch("per_branch_ops");
t_on_reply("handle_nat");
t_on_failure("missed_call");
}
if (!t_relay()) {
send_reply(500,"Internal Error");
}
exit;
}
branch_route[per_branch_ops] {
xlog("new branch at $ru\n");
}
onreply_route[handle_nat] {
xlog("incoming reply\n");
}
failure_route[missed_call] {
if (t_was_cancelled()) {
exit;
}
# uncomment the following lines if you want to block client
# redirect based on 3xx replies.
##if (t_check_status("3[0-9][0-9]")) {
##t_reply(404,"Not found");
## exit;
##}
}
local_route {
if (is_method("BYE") && $DLG_dir=="UPSTREAM") {
acc_db_request("200 Dialog Timeout", "acc");
}
}
_______________________________________________
Users mailing list
Users@lists.opensips.org <mailto:Users@lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
