[OpenSIPS-Users] RTPProxy to link two networks
Jeryes .
jeryes at voicetechnology.com.br
Fri Oct 18 15:52:34 CEST 2013
Hi Michele!
Is your rtpproxy running on bridge mode?
Em 18/10/2013 10:02, "Michele Pinassi" <michele.pinassi at unisi.it> escreveu:
> Hi all,
>
> i have Opensips on a server with two interfaces, PUBLIC and PRIVATE
> (172.20.x.x).
>
> This is my opensips.cfg:
>
> ####### Routing Logic ########
> route {
> force_rport();
>
> if (is_method("INVITE")) {
> if (!get_source_group("$var(group)") ) {
> $var(group) = 3; /* Default value */
> }
>
> # User group:
> # 1 = Internal VoIP subnet 172.20
> # 2 = External VoIP subnet but inside Unisi context 172.16 | 10.0.0
> # 3 = Outside/foreign (not allowed)
>
> xlog("L_INFO", "User group is $var(group)
> [$fd/$fu/$rd/$ru/$si]\n");
>
> if ($var(group) == 2) { # Outside VoIP LAN
> if (is_method("REGISTER")) {
> fix_nated_register();
> setbflag(NAT);
> } else {
> fix_nated_contact();
> setflag(NAT);
> }
> }
> }
>
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> exit;
> }
>
> # Verifica che l'IP provenga da una rete abilitata (address table)
> if (!check_address("0","$si","$sp","$proto")) {
> xlog("L_INFO","IP $si Forbidden");
> sl_send_reply("403", "Forbidden");
> }
>
> if (has_totag()) {
> # sequential request withing a dialog should
> # take the path determined by record-routing
> if (loose_route()) {
>
> # validate the sequential request against dialog
> if ( $DLG_status!=NULL && !validate_dialog() ) {
> xlog("In-Dialog $rm from $si (callid=$ci) is not valid
> according to dialog\n");
> ## exit;
> }
>
> if (is_method("BYE")) {
> setflag(ACC_DO); # do accounting ...
> setflag(ACC_FAILED); # ... even if the transaction fails
> } else if (is_method("INVITE")) {
> # even if in most of the cases is useless, do RR for
> # re-INVITEs alos, as some buggy clients do change route
> set
> # during the dialog.
> record_route();
> }
>
> if (check_route_param("nat=yes"))
> setflag(NAT);
>
> # route it out to whatever destination was set by loose_route()
> # in $du (destination URI).
> route(relay);
> } else {
> if (is_method("SUBSCRIBE") && $rd == "127.0.0.1:5060") { #
> CUSTOMIZE ME
> # in-dialog subscribe requests
> route(handle_presence);
> exit;
> }
> if ( is_method("ACK") ) {
> if ( t_check_trans() ) {
> # non loose-route, but stateful ACK; must be an ACK
> after
> # a 487 or e.g. 404 from upstream server
> t_relay();
> exit;
> } else {
> # ACK without matching transaction ->
> # ignore and discard
> exit;
> }
> }
> sl_send_reply("404","Not here");
> }
> exit;
> }
>
> # CANCEL processing
> if (is_method("CANCEL"))
> {
> if (t_check_trans())
> t_relay();
> exit;
> }
>
> t_check_trans();
>
> if ( !(is_method("REGISTER") || is_from_gw() ) ) {
> if (is_from_local()) {
> if (!proxy_authorize("", "subscriber")) {
> proxy_challenge("", "0");
> exit;
> }
> if (!db_check_from()) {
> sl_send_reply("403","Forbidden auth ID");
> exit;
> }
>
> consume_credentials();
> } else {
> if (!is_uri_host_local()) {
> send_reply("403","Rely forbidden");
> exit;
> }
> }
>
> }
>
> # preloaded route checking
> if (loose_route()) {
> xlog("L_ERR", "Attempt to route with preloaded Route's
> [$fu/$tu/$ru/$ci]");
> if (!is_method("ACK"))
> sl_send_reply("403","Preload Route denied");
> exit;
> }
>
> # record routing
> if (!is_method("REGISTER|MESSAGE"))
> record_route();
>
> # account only INVITEs
> if (is_method("INVITE")) {
> # create dialog with timeout
> if ( !create_dialog("B") ) {
> send_reply("500","Internal Server Error");
> exit;
> }
>
> setflag(ACC_DO); # do accounting
> }
>
>
> if (!is_uri_host_local()) {
> append_hf("P-hint: outbound\r\n");
>
> route(relay);
> }
>
> # requests for my domain
>
> if( is_method("PUBLISH|SUBSCRIBE"))
> route(handle_presence);
>
> if (is_method("REGISTER"))
> {
>
> # authenticate the REGISTER requests
> if (!www_authorize("", "subscriber"))
> {
> www_challenge("", "0");
> exit;
> }
>
> if (!db_check_to())
> {
> sl_send_reply("403","Forbidden auth ID");
> exit;
> }
>
> if ( 0 ) setflag(TCP_PERSISTENT);
>
> if (!save("location"))
> sl_reply_error();
>
> exit;
> }
>
> if ($rU==NULL) {
> # request with no Username in RURI
> sl_send_reply("484","Address Incomplete");
> exit;
> }
>
>
> # apply DB based aliases
> alias_db_lookup("dbaliases");
>
> # do lookup with method filtering
> if (!lookup("location","m")) {
> switch ($retcode) {
> case -1: # Note here: check for blacklist numbers
> if (!check_blacklist("globalblacklist")) {
> sl_send_reply("403", "Forbidden");
> exit;
> }
>
> # Check for user ACLs
> if($rU=~"^\0") {
> if(!db_is_user_in("Credentials","extern")) {
> xlog("L_INFO","403 - Forbidden
> [$fd/$fu/$rd/$ru/$si]\n");
> sl_send_reply("403", "Forbidden - No permission for
> external calls");
> exit;
> }
> }
>
> # Then route it !
> cr_user_carrier("$fU", "$fd", "$avp(carrier)");
> if($avp(carrier)==0) {
> xlog("L_INFO","Not here: default route
> [$fd/$fu/$rd/$ru/$si]\n");
>
> if($(rU{s.len}) < 4) {
> xlog("L_ERR", "Number incomplete/failure for $rU\n");
> prefix("FAIL_");
> route(vmbox);
> }
>
> if(!cr_route("default", "$fd", "$rU", "$rU",
> "call_id", "$avp(host)")) {
> xlog("L_ERR", "Number not found for $rU\n");
> prefix("FAIL_");
> route(vmbox);
> }
> } else {
> xlog("L_INFO","Not here: user route
> [$fd/$fu/$rd/$ru/$si/$avp(carrier)]\n");
>
> $avp(domain)="voip.unisi.it";
> if (!cr_route("$avp(carrier)", "$avp(domain)",
> "$rU", "$rU","call_id", "$avp(host)")) {
> sl_send_reply("404", "Not found");
> xlog("L_ERR", "cr_route failed\n");
> exit;
> }
> }
>
> t_on_failure("missed_call");
>
> if (!t_relay()) {
> sl_reply_error();
> };
> exit;
> case -3: # internal error
> t_newtran();
> t_reply("404", "Not Found");
> exit;
> case -2: # method not supported
> sl_send_reply("405", "Method Not Allowed");
> exit;
> }
> }
>
> if (isbflagset(NAT)) setflag(NAT);
>
> # when routing via usrloc, log the missed calls also
> setflag(ACC_MISSED);
> route(relay);
> }
>
>
> route[relay] {
> # for INVITEs enable some additional helper routes
> if (is_method("INVITE")) {
>
> if (isflagset(NAT)) {
> rtpproxy_offer("ro");
> }
>
> t_on_branch("per_branch_ops");
> t_on_reply("handle_nat");
> t_on_failure("missed_call");
> }
>
> if (isflagset(NAT)) {
> add_rr_param(";nat=yes");
> }
>
> if (!t_relay()) {
> send_reply("500","Internal Error");
> };
> exit;
> }
>
>
> # Presence route
> route[handle_presence]
> {
> if (!t_newtran())
> {
> sl_reply_error();
> exit;
> }
>
> if(is_method("PUBLISH"))
> {
> handle_publish();
> }
> else
> if( is_method("SUBSCRIBE"))
> {
> handle_subscribe();
> }
>
> exit;
> }
>
>
> branch_route[per_branch_ops] {
> xlog("new branch at $ru\n");
> }
>
>
> onreply_route[handle_nat] {
> if (nat_uac_test("1"))
> fix_nated_contact();
> if ( isflagset(NAT) )
> rtpproxy_answer("ro");
> # xlog("incoming reply\n");
> }
>
>
> failure_route[missed_call] {
> if (t_was_cancelled()) {
> exit;
> }
>
> if (t_check_status("408|5[0-9][0-9]")) {
> if(!cr_route("default", "$fd", "$rU", "$rU", "call_id",
> "$avp(host)")){
> t_reply("403", "Not allowed");
> } else {
> revert_uri();
> prefix("FAILURE_");
> rewritehostport("172.20.1.5:5060");
> t_relay();
> }
> }
> }
>
> route[vmbox] {
> xlog("L_INFO","Route VMBOX [$fd/$fu/$rd/$ru/$si/]\n");
>
> rewritehostport("172.20.1.5:5060");
>
> route(relay);
> }
>
>
> local_route {
> if (is_method("BYE") && $DLG_dir=="UPSTREAM") {
>
> acc_db_request("200 Dialog Timeout", "acc");
>
> }
> }
>
> SIP Signaling works but RTP (Voice) not. If i register a device like
> "sip:5001 at 10.1.65.117" call signalling works but voice not.
>
> Any hint ?
>
> Thanks, Michele
>
> --
> Michele Pinassi
> Responsabile Telefonia di Ateneo
> Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi di
> Siena
> tel: 0577.(23)2169 - fax: 0577.(23)2053
>
> Per trovare una soluzione rapida ai tuoi problemi tecnici
> consulta le FAQ di Ateneo, http://www.faq.unisi.it
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20131018/b1a63f78/attachment-0001.htm>
More information about the Users
mailing list