[OpenSIPS-Users] - INVITE (SDP) includes Originators IP info

Bela H hobe69 at hotmail.com
Thu Oct 20 00:00:08 UTC 2022


I hope this helps:
https://opensips.org/docs/modules/3.2.x/sipmsgops.html#func_remove_hf


From: Nitesh Divecha<mailto:aviator.nitesh.d at gmail.com>
Sent: Thursday, 20 October 2022 12:29
To: OpenSIPS users mailling list<mailto:users at lists.opensips.org>
Subject: Re: [OpenSIPS-Users] - INVITE (SDP) includes Originators IP info

Bela,

Much appreciated!

Changing topolgy_hiding("C"); fixed the Call-ID issue.

Call-ID shows clean Call-ID: DLGCH_W0xtTFgVXWleUV1fVgFvEiVSRVdabgccAltXbUFf

Now gotta figure out how to stop sending Originator User-Agent to outbound provider and how to configure rtpproxy behind NAT.

Cheers,
Nitesh



On Wed, Oct 19, 2022 at 5:35 PM Bela H <hobe69 at hotmail.com<mailto:hobe69 at hotmail.com>> wrote:

For the first problem check this:
C - Encode the callid header
Note: Changing the callid of the call using the "C" flag is only available when doing topology_hiding with dialog support. Using this flag without dialog support will not change the callid at all!.

From: Nitesh Divecha<mailto:aviator.nitesh.d at gmail.com>
Sent: Thursday, 20 October 2022 10:09
To: Bogdan-Andrei Iancu<mailto:bogdan at opensips.org>
Cc: OpenSIPS users mailling list<mailto:users at lists.opensips.org>
Subject: Re: [OpenSIPS-Users] - INVITE (SDP) includes Originators IP info

Hello All,

So I had some success using topology_hiding and rtpproxy but found few problems.

After implementing topology_hiding(), SIP INVITE was much better but still showing following:

INVITE sip:aaabbbcccc at outboundprovider.com:5060<http://sip:aaabbbcccc@outboundprovider.com:5060> SIP/2.0
Call-ID: 4ed41738da10faa5 at 172.16.16.250<mailto:4ed41738da10faa5 at 172.16.16.250> <<<-- showing originators Device LAN IP —>>>
Content-Length: 329
CSeq: 8002 INVITE
From: <sip:zzzzzzzzzz at outboundprovider.com<mailto:sip%3Azzzzzzzzzz at outboundprovider.com>>;tag=SP39b79130abfb7487f
Max-Forwards: 69
To: <sip: aaabbbcccc at 3.xxx.xxx.49>
Via: SIP/2.0/UDP 3.xxx.xxx.49:5060;branch=z9hG4bK1dcb.5bb78035.0
User-Agent: OBIHAI/OBi302-3.2.2.6259 <<<-- showing originators User-Agent —>>>
Contact: <sip:3.xxx.xxx.49;did=6a7.5e849703>
Expires: 60
Supported: replaces
Allow: ACK,BYE,CANCEL,INFO,INVITE,NOTIFY,OPTIONS,PRACK,REFER,UPDATE
Content-Type: application/sdp

===
1) How can I remove IP from Call-ID and rewrite Originators User-Agent to local OpenSIPS User-Agent?
===


Now issue with rtpproxy - I'm running this OpenSIPS on AWS cloud... AWS cloud does natting by default, so my Public IP is 3.xxx.xxx.49 and actual VM IP is 172.31.29.47.

After implement rtpproxy (https://www.rtpproxy.org/), it is running on local IP:
└─183589 /usr/local/bin/rtpproxy -s udp:172.31.29.47 22222 -u rtpproxy rtpproxy -p /var/run/rtpproxy/rtpproxy.pid -l 172.31.29.47 -m 1000 -M 2000 -d INFO LOG_LOCAL5
As it shows from SIP INVITE and due to that no audio or RTP because IP is not reachable...

v=0
o=- 16210664 1 IN IP4 172.31.29.47 <<<-- OpenSIPS NAT IP —>>>
s=-
c=IN IP4 172.31.29.47 <<<-- OpenSIPS NAT IP —>>>
t=0 0
m=audio 1958 RTP/AVP 0 8 18 104 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=rtpmap:104 G726-32/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
a=ptime:20
a=xg726bitorder:big-endian
a=nortpproxy:yes

===
2. How can I configure rtpproxy with Public IP? Or do I start rtpproxy with Public IP 3.xxx.xxx.49 and reconfigure OpenSIPS with Public IP?
modparam("rtpproxy", "rtpproxy_sock", "udp:172.31.29.47:22222<http://172.31.29.47:22222>")

Thanking in advance...

Cheers,
Nitesh





On Wed, Oct 19, 2022 at 10:17 AM Nitesh Divecha <aviator.nitesh.d at gmail.com<mailto:aviator.nitesh.d at gmail.com>> wrote:
Hello,

Thank y'all for the input... I will try to read the documentation and work on implementing these modules.

By any chance do either of you have any working examples which I can refer to? I'm a work in progress and every time I change something I break OpenSIPS and it takes me hours to troubleshoot! :-)

Thanking in advance...

Cheers,
Nitesh



On Wed, Oct 19, 2022 at 2:20 AM Bogdan-Andrei Iancu <bogdan at opensips.org<mailto:bogdan at opensips.org>> wrote:
Hi there,

Actually you do not need the B2B, you can achieve the same kind of privacy (at SIP level) with dialog module and topology_hiding module together.

Regards,

Bogdan-Andrei Iancu



OpenSIPS Founder and Developer

  https://www.opensips-solutions.com

OpenSIPS Bootcamp 5-16 Dec 2022, online

  https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/
On 10/19/22 1:23 AM, Abdul Basit wrote:
Nitesh,

You need a B2BUA function<https://www.tutorialspoint.com/session_initiation_protocol/session_initiation_protocol_b2bua.htm> with the help of a topo-hiding module with opensips as Bela shared in his email.
Also, install the RTP proxy on the same opensips box (not necessary if you need separate signaling and media boxes).

Far end party will not be able to see the A-party information.

https://www.opensips.org/Documentation/Tutorials-B2BUA-3-2

I hope this will help.

--
regards,

abdul basit

On Wed, 19 Oct 2022 at 03:14, Bela H <hobe69 at hotmail.com<mailto:hobe69 at hotmail.com>> wrote:
Hi Nitesh,


  1.  Check the topology hiding function: https://opensips.org/docs/modules/3.2.x/topology_hiding.html
  2.  Use e.g. rtpproxy:

https://opensips.org/docs/modules/3.2.x/rtpproxy.html#func_rtpproxy_offer

http://opensips.com.br/wiki/index.php?title=Oopensips_Nat_script_with_RTPPROXY_-_English

https://github.com/sippy/rtpproxy

I hope these help!

Cheers,
Bela

From: Nitesh Divecha<mailto:aviator.nitesh.d at gmail.com>
Sent: Wednesday, 19 October 2022 04:26
To: OpenSIPS users mailling list<mailto:users at lists.opensips.org>
Subject: [OpenSIPS-Users] - INVITE (SDP) includes Originators IP info

Hello All,

This is my first OpenSIPS project so I'm a newbie!

After going back and forth with "uac_replace_from()", I was successfully able to make a call from my ATA -> OpenSIPS -> Outbound Provider -> CellPhone. All worked fine with two-way audio except few issues:

1) Outbound Provider was able to see my ATA (Originator's IP/User-Agent/etc) in SIP INVITE (SDP) which kinda raised some eyebrows with Outbound provider. How can I block or strip all the Originator's contact info in SIP INVITE (SDP) and only send OpenSIPS info? Meaning I want to protect my Originators and don't want to show anything to the Outbound Provider. Outbound providers should only communicate to the OpenSIPS server.

2) When the call was up I failed to capture any media/RTP on the OpenSIPS server. I want to involve OpenSIPS in media/RTP between ATA and outbound providers. How can I force media/RTP to pass-thru OpenSIPS IP so I'm not exposing Originator's IP.

Any insights will be highly appreciated.

Cheers,
Nitesh

_______________________________________________
Users mailing list
Users at lists.opensips.org<mailto:Users at lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________

Users mailing list

Users at lists.opensips.org<mailto:Users at lists.opensips.org>

http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
Users at lists.opensips.org<mailto:Users at lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20221020/39bb81b4/attachment-0001.html>


More information about the Users mailing list