[OpenSIPS-Users] Help with rtpproxy on a multihomed host.
SamyGo
govoiper at gmail.com
Wed Jan 8 15:44:33 EST 2020
Hi,
Did you manage to get 2way audio now ?
There could be other ways as well, you'll get to use other functions based
on your needs.
What I've usually seen is as follows:
if(route(FROM_LAN)){
rtpproxy_engage("eis");
route(LOCATION);
}else{
rtpproxy_engage("ies");
route(TO_LAN);
}
route(RELAY);
There are multiple variations depending on how you use rtpproxy and in
which route you use them i,.e branch_route or main route etc.
Regards,
Sammy
On Wed, Jan 8, 2020 at 2:16 PM Matthew Schumacher <schu at schu.net> wrote:
> SamyGo,
>
> Thank you for the help.
>
> I configured rtpproxy as you said and used:
>
> if($rd=="cc.cc.cc.cc") {
> rtpproxy_engage("ies");
> } else {
> rtpproxy_engage("eis");
> }
>
> Is that a reasonable way to do it?
>
> Thanks,
> schu
>
> On 1/7/20 9:02 PM, SamyGo wrote:
>
> Hi,
> if *a.a.a.a* is PublicIP and *b.b.b.b* is Private IP ; where c.c.c.c is
> another Private IP address then you just need to enable multihome param "
> *mhomed=1" *in your opensips.cfg script and OpenSIPS should take care of
> relaying the packet our with proper SIP headers, the selection of the
> interface to "c.c.c.c" will be done automatically if the Operating System's
> IP routes are configured properly i.e b.b.b.b can reach c.c.c.c.
>
> Next up is the rpproxy engagement, you'll need to do couple of things for
> that.
> 1 - start RTPproxy in bridging mode i.e -l a.a.a.a/b.b.b.b
> 2 - in your opensips.cfg you've to explicitly tell the rtpproxy which
> direction this call is flowing by use of flags and other functions.
>
> i.e
> if(call-from-WAN->LAN)
> * rtpproxy_engage("ei");*
>
> if(call-from-LAN->WAN)
> * rtpproxy_engage("ie");*
>
> You might need additional flags in there as this is just an example. Hope
> this helps.
>
> Regards,
> Sammy
>
>
>
>
> On Tue, Jan 7, 2020 at 8:22 PM Matthew Schumacher <schu at schu.net> wrote:
>
>> Hello all,
>>
>> I'm trying to setup an SBC of sorts so that I can have users
>> authenticate to opensips using a public interface, then have opensips
>> relay and rtpproxy that request to a private sip host.
>>
>> Something like this:
>>
>> public sip client ---(proxy authetication)--> aa.aa.aa.aa bb.bb.bb.bb
>> ----(sip trunk auth by ip) ---> cc.cc.cc.cc (inside sip gateway)
>>
>> Where aa.aa.aa.aa and bb.bb.bb.bb live on the same host.
>>
>> I used osipsconfig with use_auth, use_dbacc, use_dbusrloc, use_dialog,
>> use_multidomain, use_dialplan, have_inbound_pstn, have_outbound_pstn
>>
>> I then took the config it created and added rtpproxy module and config
>> as well as force_send_socket() because when it sent sip to cc.cc.cc.c it
>> was sourcing from aa.aa.aa.aa instead of bb.bb.bb.bb.
>>
>> It almost works, and actually works with one way audio from cc.cc.cc.cc
>> through the proxy to the client, but opensips tells the client that the
>> audio is at cc.cc.cc.cc which doesn't route.
>>
>> What's the best way to do multi homing? opensips seems fairly straight
>> forward with a single IP address, but things got complicated fast when I
>> added a second IP.
>>
>> I would just use b2b_init_request("top hiding"); but I get lots of loops
>> when I do that.
>>
>> Thanks,
>> Matt
>>
>>
>> ####### Global Parameters #########
>>
>> log_level=4
>> log_stderror=yes
>> log_facility=LOG_LOCAL0
>>
>> children=4
>>
>> /* uncomment the following lines to enable debugging */
>> #debug_mode=yes
>>
>> /* uncomment the next line to enable the auto temporary blacklisting of
>> not available destinations (default disabled) */
>> #disable_dns_blacklist=no
>>
>> /* uncomment the next line to enable IPv6 lookup after IPv4 dns
>> lookup failures (default disabled) */
>> #dns_try_ipv6=yes
>>
>> /* comment the next line to enable the auto discovery of local aliases
>> based on reverse DNS on IPs */
>> auto_aliases=no
>>
>> listen=udp:bb.bb.bb.bb:5060 # CUSTOMIZE ME
>> listen=udp:aa.aa.aa.aa:5060 # CUSTOMIZE ME
>>
>>
>> ####### Modules Section ########
>>
>> #set module path
>> mpath="/usr/lib64/opensips/modules/"
>>
>> #### SIGNALING module
>> loadmodule "signaling.so"
>>
>> #### StateLess module
>> loadmodule "sl.so"
>>
>> #### Transaction Module
>> loadmodule "tm.so"
>> modparam("tm", "fr_timeout", 5)
>> modparam("tm", "fr_inv_timeout", 30)
>> modparam("tm", "restart_fr_on_each_reply", 0)
>> modparam("tm", "onreply_avp_mode", 1)
>>
>> #### Record Route Module
>> loadmodule "rr.so"
>> /* do not append from tag to the RR (no need for this script) */
>> modparam("rr", "append_fromtag", 0)
>>
>> #### MAX ForWarD module
>> loadmodule "maxfwd.so"
>>
>> #### SIP MSG OPerationS module
>> loadmodule "sipmsgops.so"
>>
>> #### FIFO Management Interface
>> loadmodule "mi_fifo.so"
>> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
>> modparam("mi_fifo", "fifo_mode", 0666)
>>
>> #### PGSQL module
>> loadmodule "db_postgres.so"
>>
>> #### HTTPD module
>> loadmodule "httpd.so"
>> modparam("httpd", "port", 8888)
>>
>> #### USeR LOCation module
>> loadmodule "usrloc.so"
>> modparam("usrloc", "nat_bflag", "NAT")
>> modparam("usrloc", "db_mode", 2)
>> modparam("usrloc", "db_url",
>> "postgres://opensips:longpassword@localhost/opensips") # CUSTOMIZE
>> ME
>>
>>
>> #### REGISTRAR module
>> loadmodule "registrar.so"
>> modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")
>> /* uncomment the next line not to allow more than 10 contacts per AOR */
>> #modparam("registrar", "max_contacts", 10)
>>
>> #### ACCounting module
>> loadmodule "acc.so"
>> /* what special events should be accounted ? */
>> modparam("acc", "early_media", 0)
>> modparam("acc", "report_cancels", 0)
>> /* by default we do not adjust the direct of the sequential requests.
>> if you enable this parameter, be sure the enable "append_fromtag"
>> in "rr" module */
>> modparam("acc", "detect_direction", 0)
>> modparam("acc", "db_url",
>> "postgres://opensips:longpassword@localhost/opensips") # CUSTOMIZE
>> ME
>>
>> #### AUTHentication modules
>> loadmodule "auth.so"
>> loadmodule "auth_db.so"
>> modparam("auth_db", "calculate_ha1", yes)
>> modparam("auth_db", "password_column", "password")
>> modparam("auth_db", "db_url",
>> "postgres://opensips:longpassword@localhost/opensips") # CUSTOMIZE
>> ME
>> modparam("auth_db", "load_credentials", "")
>>
>> #### DOMAIN module
>> loadmodule "domain.so"
>> modparam("domain", "db_url",
>> "postgres://opensips:longpassword@localhost/opensips") #
>> CUSTOMIZE ME
>> modparam("domain", "db_mode", 1) # Use caching
>> modparam("auth_db|usrloc", "use_domain", 1)
>>
>> #### DIALOG module
>> loadmodule "dialog.so"
>> modparam("dialog", "dlg_match_mode", 1)
>> modparam("dialog", "default_timeout", 21600) # 6 hours timeout
>> modparam("dialog", "db_mode", 2)
>> modparam("dialog", "db_url",
>> "postgres://opensips:longpassword@localhost/opensips") # CUSTOMIZE
>> ME
>>
>> #### DIALPLAN module
>> loadmodule "dialplan.so"
>> modparam("dialplan", "db_url",
>> "postgres://opensips:longpassword@localhost/opensips") # CUSTOMIZE
>> ME
>>
>> #### MI_HTTP module
>> loadmodule "mi_http.so"
>> modparam("mi_http", "root", "json")
>>
>> loadmodule "proto_udp.so"
>> loadmodule "proto_tcp.so"
>>
>> loadmodule "rtpproxy.so"
>> modparam("rtpproxy", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock") #
>> CUSTOMIZE ME
>>
>> loadmodule "json.so"
>> loadmodule "jsonrpc.so"
>> loadmodule "event_jsonrpc.so"
>>
>> ####### Routing Logic ########
>>
>> # main request routing logic
>>
>> route{
>>
>> if (!mf_process_maxfwd_header(10)) {
>> send_reply(483,"Too Many Hops");
>> exit;
>> }
>>
>> if (has_totag()) {
>>
>> # handle hop-by-hop ACK (no routing required)
>> if ( is_method("ACK") && t_check_trans() ) {
>> t_relay();
>> exit;
>> }
>>
>> # sequential request within a dialog should
>> # take the path determined by record-routing
>> if ( !loose_route() ) {
>> # we do record-routing for all our traffic, so we should not
>> # receive any sequential requests without Route hdr.
>> send_reply(404,"Not here");
>> exit;
>> }
>>
>> # validate the sequential request against dialog
>> if ( $DLG_status!=NULL && !validate_dialog() ) {
>> xlog("In-Dialog $rm from $si (callid=$ci) is not valid
>> according to dialog\n");
>> ## exit;
>> }
>>
>> if (is_method("BYE")) {
>> # do accounting even if the transaction fails
>> do_accounting("db","failed");
>>
>> }
>>
>> # route it out to whatever destination was set by loose_route()
>> # in $du (destination URI).
>> route(relay);
>> exit;
>> }
>>
>> # CANCEL processing
>> if (is_method("CANCEL")) {
>> if (t_check_trans())
>> t_relay();
>> exit;
>> }
>>
>> # absorb retransmissions, but do not create transaction
>> t_check_trans();
>>
>> if ( !(is_method("REGISTER") || ($si==cc.cc.cc.cc && $sp==5060 /*
>> CUSTOMIZE ME */) ) ) {
>>
>> if (is_myself("$fd")) {
>>
>> # authenticate if from local subscriber
>> # authenticate all initial non-REGISTER request that
>> pretend to be
>> # generated by local subscriber (domain from FROM URI is
>> local)
>> if (!proxy_authorize("", "subscriber")) {
>> proxy_challenge("", 0);
>> exit;
>> }
>> if ($au!=$fU) {
>> send_reply(403,"Forbidden auth ID");
>> exit;
>> }
>>
>> consume_credentials();
>> # caller authenticated
>>
>> } else {
>> # if caller is not local, then called number must be local
>>
>> if (!is_myself("$rd")) {
>> send_reply(403,"Relay Forbidden");
>> exit;
>> }
>> }
>>
>> }
>>
>> # preloaded route checking
>> if (loose_route()) {
>> xlog("L_ERR",
>> "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
>> if (!is_method("ACK"))
>> send_reply(403,"Preload Route denied");
>> exit;
>> }
>>
>> # record routing
>> if (!is_method("REGISTER|MESSAGE"))
>> record_route();
>>
>> # account only INVITEs
>> if (is_method("INVITE")) {
>>
>> # create dialog with timeout
>> if ( !create_dialog("B") ) {
>> send_reply(500,"Internal Server Error");
>> exit;
>> }
>>
>> do_accounting("db");
>>
>> }
>>
>>
>> if (!is_myself("$rd")) {
>> append_hf("P-hint: outbound\r\n");
>>
>> route(relay);
>> }
>>
>> # requests for my domain
>>
>> if (is_method("PUBLISH|SUBSCRIBE")) {
>> send_reply(503, "Service Unavailable");
>> exit;
>> }
>>
>> if (is_method("REGISTER")) {
>> # authenticate the REGISTER requests
>> if (!www_authorize("", "subscriber")) {
>> www_challenge("", 0);
>> exit;
>> }
>>
>> if ($au!=$tU) {
>> send_reply(403,"Forbidden auth ID");
>> exit;
>> }
>> if ($proto == "tcp")
>> setflag(TCP_PERSISTENT);
>>
>> if (!save("location"))
>> sl_reply_error();
>>
>> exit;
>> }
>>
>> if ($rU==NULL) {
>> # request with no Username in RURI
>> send_reply(484,"Address Incomplete");
>> exit;
>> }
>>
>>
>>
>>
>> # apply transformations from dialplan table
>> dp_translate( 0, "$rU", $rU);
>>
>> if ($rU=~"^\+[1-9][0-9]+$") {
>>
>>
>> $rd="cc.cc.cc.cc"; # CUSTOMIZE ME
>> $rp=5060;
>> force_send_socket(udp:bb.bb.bb.bb:5060);
>> rtpproxy_engage();
>>
>> route(relay);
>> exit;
>> }
>>
>> # do lookup with method filtering
>> if (!lookup("location","m")) {
>> if (!db_does_uri_exist("$ru","subscriber")) {
>> send_reply(420,"Bad Extension");
>> exit;
>> }
>>
>> t_reply(404, "Not Found");
>> exit;
>> }
>>
>>
>>
>> # when routing via usrloc, log the missed calls also
>> do_accounting("db","missed");
>>
>> route(relay);
>> }
>>
>>
>> route[relay] {
>> # for INVITEs enable some additional helper routes
>> if (is_method("INVITE")) {
>>
>>
>>
>> t_on_branch("per_branch_ops");
>> t_on_reply("handle_nat");
>> t_on_failure("missed_call");
>> }
>>
>>
>>
>> if (!t_relay()) {
>> send_reply(500,"Internal Error");
>> }
>> exit;
>> }
>>
>>
>>
>>
>> branch_route[per_branch_ops] {
>> xlog("new branch at $ru\n");
>> }
>>
>>
>> onreply_route[handle_nat] {
>>
>> xlog("incoming reply\n");
>> }
>>
>>
>> failure_route[missed_call] {
>> if (t_was_cancelled()) {
>> exit;
>> }
>>
>> # uncomment the following lines if you want to block client
>> # redirect based on 3xx replies.
>> ##if (t_check_status("3[0-9][0-9]")) {
>> ##t_reply(404,"Not found");
>> ## exit;
>> ##}
>>
>>
>> }
>>
>>
>>
>> local_route {
>> if (is_method("BYE") && $DLG_dir=="UPSTREAM") {
>>
>> acc_db_request("200 Dialog Timeout", "acc");
>>
>> }
>> }
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
> _______________________________________________
> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20200108/c868eba1/attachment-0001.html>
More information about the Users
mailing list