
<p dir="ltr">Hi Michele!</p>

<p dir="ltr">Is your rtpproxy running on bridge mode?<br>

</p>

<div class="gmail_quote">Em 18/10/2013 10:02, &quot;Michele Pinassi&quot; &lt;<a href="mailto:michele.pinassi@unisi.it">michele.pinassi@unisi.it</a>&gt; escreveu:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

Hi all,<br>

<br>

i have Opensips on a server with two interfaces, PUBLIC and PRIVATE<br>

(172.20.x.x).<br>

<br>

This is my opensips.cfg:<br>

<br>

####### Routing Logic ########<br>

route {<br>

    force_rport();<br>

<br>

    if (is_method(&quot;INVITE&quot;)) {<br>

        if (!get_source_group(&quot;$var(group)&quot;) ) {<br>

            $var(group) = 3; /* Default value */<br>

        }<br>

<br>

        # User group:<br>

        # 1 = Internal VoIP subnet 172.20<br>

        # 2 = External VoIP subnet but inside Unisi context 172.16 | 10.0.0<br>

        # 3 = Outside/foreign (not allowed)<br>

<br>

        xlog(&quot;L_INFO&quot;, &quot;User group is $var(group) [$fd/$fu/$rd/$ru/$si]\n&quot;);<br>

<br>

            if ($var(group) == 2) { # Outside VoIP LAN<br>

        if (is_method(&quot;REGISTER&quot;)) {<br>

                fix_nated_register();<br>

            setbflag(NAT);<br>

        } else {<br>

            fix_nated_contact();<br>

            setflag(NAT);<br>

        }<br>

        }<br>

    }<br>

<br>

    if (!mf_process_maxfwd_header(&quot;10&quot;)) {<br>

        sl_send_reply(&quot;483&quot;,&quot;Too Many Hops&quot;);<br>

        exit;<br>

    }<br>

<br>

    # Verifica che l&#39;IP provenga da una rete abilitata (address table)<br>

    if (!check_address(&quot;0&quot;,&quot;$si&quot;,&quot;$sp&quot;,&quot;$proto&quot;)) {<br>

        xlog(&quot;L_INFO&quot;,&quot;IP $si Forbidden&quot;);<br>

        sl_send_reply(&quot;403&quot;, &quot;Forbidden&quot;);<br>

    }<br>

<br>

    if (has_totag()) {<br>

        # sequential request withing a dialog should<br>

        # take the path determined by record-routing<br>

        if (loose_route()) {<br>

<br>

            # validate the sequential request against dialog<br>

            if ( $DLG_status!=NULL &amp;&amp; !validate_dialog() ) {<br>

                xlog(&quot;In-Dialog $rm from $si (callid=$ci) is not valid<br>

according to dialog\n&quot;);<br>

                ## exit;<br>

            }<br>

<br>

            if (is_method(&quot;BYE&quot;)) {<br>

                setflag(ACC_DO); # do accounting ...<br>

                setflag(ACC_FAILED); # ... even if the transaction fails<br>

            } else if (is_method(&quot;INVITE&quot;)) {<br>

                # even if in most of the cases is useless, do RR for<br>

                # re-INVITEs alos, as some buggy clients do change route set<br>

                # during the dialog.<br>

                record_route();<br>

            }<br>

<br>

            if (check_route_param(&quot;nat=yes&quot;))<br>

                setflag(NAT);<br>

<br>

            # route it out to whatever destination was set by loose_route()<br>

            # in $du (destination URI).<br>

            route(relay);<br>

        } else {<br>

            if (is_method(&quot;SUBSCRIBE&quot;) &amp;&amp; $rd == &quot;<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>&quot;) { #<br>

CUSTOMIZE ME<br>

                # in-dialog subscribe requests<br>

                route(handle_presence);<br>

                exit;<br>

            }<br>

            if ( is_method(&quot;ACK&quot;) ) {<br>

                if ( t_check_trans() ) {<br>

                    # non loose-route, but stateful ACK; must be an ACK<br>

after<br>

                    # a 487 or e.g. 404 from upstream server<br>

                    t_relay();<br>

                    exit;<br>

                } else {<br>

                    # ACK without matching transaction -&gt;<br>

                    # ignore and discard<br>

                    exit;<br>

                }<br>

            }<br>

            sl_send_reply(&quot;404&quot;,&quot;Not here&quot;);<br>

        }<br>

        exit;<br>

    }<br>

<br>

    # CANCEL processing<br>

    if (is_method(&quot;CANCEL&quot;))<br>

    {<br>

        if (t_check_trans())<br>

            t_relay();<br>

        exit;<br>

    }<br>

<br>

    t_check_trans();<br>

<br>

    if ( !(is_method(&quot;REGISTER&quot;)  || is_from_gw() ) ) {<br>

        if (is_from_local()) {<br>

            if (!proxy_authorize(&quot;&quot;, &quot;subscriber&quot;)) {<br>

                proxy_challenge(&quot;&quot;, &quot;0&quot;);<br>

                exit;<br>

            }<br>

            if (!db_check_from()) {<br>

                sl_send_reply(&quot;403&quot;,&quot;Forbidden auth ID&quot;);<br>

                exit;<br>

            }<br>

<br>

            consume_credentials();<br>

        } else {<br>

            if (!is_uri_host_local()) {<br>

                send_reply(&quot;403&quot;,&quot;Rely forbidden&quot;);<br>

                exit;<br>

            }<br>

        }<br>

<br>

    }<br>

<br>

    # preloaded route checking<br>

    if (loose_route()) {<br>

        xlog(&quot;L_ERR&quot;, &quot;Attempt to route with preloaded Route&#39;s<br>

[$fu/$tu/$ru/$ci]&quot;);<br>

        if (!is_method(&quot;ACK&quot;))<br>

            sl_send_reply(&quot;403&quot;,&quot;Preload Route denied&quot;);<br>

        exit;<br>

    }<br>

<br>

    # record routing<br>

    if (!is_method(&quot;REGISTER|MESSAGE&quot;))<br>

        record_route();<br>

<br>

    # account only INVITEs<br>

    if (is_method(&quot;INVITE&quot;)) {<br>

        # create dialog with timeout<br>

        if ( !create_dialog(&quot;B&quot;) ) {<br>

            send_reply(&quot;500&quot;,&quot;Internal Server Error&quot;);<br>

            exit;<br>

        }<br>

<br>

        setflag(ACC_DO); # do accounting<br>

    }<br>

<br>

<br>

    if (!is_uri_host_local()) {<br>

        append_hf(&quot;P-hint: outbound\r\n&quot;);<br>

<br>

        route(relay);<br>

    }<br>

<br>

    # requests for my domain<br>

<br>

    if( is_method(&quot;PUBLISH|SUBSCRIBE&quot;))<br>

            route(handle_presence);<br>

<br>

    if (is_method(&quot;REGISTER&quot;))<br>

    {<br>

<br>

        # authenticate the REGISTER requests<br>

        if (!www_authorize(&quot;&quot;, &quot;subscriber&quot;))<br>

        {<br>

            www_challenge(&quot;&quot;, &quot;0&quot;);<br>

            exit;<br>

        }<br>

<br>

        if (!db_check_to())<br>

        {<br>

            sl_send_reply(&quot;403&quot;,&quot;Forbidden auth ID&quot;);<br>

            exit;<br>

        }<br>

<br>

        if (   0 ) setflag(TCP_PERSISTENT);<br>

<br>

        if (!save(&quot;location&quot;))<br>

            sl_reply_error();<br>

<br>

        exit;<br>

    }<br>

<br>

    if ($rU==NULL) {<br>

        # request with no Username in RURI<br>

        sl_send_reply(&quot;484&quot;,&quot;Address Incomplete&quot;);<br>

        exit;<br>

    }<br>

<br>

<br>

    # apply DB based aliases<br>

    alias_db_lookup(&quot;dbaliases&quot;);<br>

<br>

    # do lookup with method filtering<br>

    if (!lookup(&quot;location&quot;,&quot;m&quot;)) {<br>

        switch ($retcode) {<br>

            case -1: # Note here: check for blacklist numbers<br>

                if (!check_blacklist(&quot;globalblacklist&quot;)) {<br>

                    sl_send_reply(&quot;403&quot;, &quot;Forbidden&quot;);<br>

                    exit;<br>

                }<br>

<br>

                # Check for user ACLs<br>

                if($rU=~&quot;^\0&quot;) {<br>

                    if(!db_is_user_in(&quot;Credentials&quot;,&quot;extern&quot;)) {<br>

                    xlog(&quot;L_INFO&quot;,&quot;403 - Forbidden<br>

[$fd/$fu/$rd/$ru/$si]\n&quot;);<br>

                    sl_send_reply(&quot;403&quot;, &quot;Forbidden - No permission for<br>

external calls&quot;);<br>

                    exit;<br>

                    }<br>

                }<br>

<br>

                # Then route it !<br>

                cr_user_carrier(&quot;$fU&quot;, &quot;$fd&quot;, &quot;$avp(carrier)&quot;);<br>

                if($avp(carrier)==0) {<br>

                    xlog(&quot;L_INFO&quot;,&quot;Not here: default route<br>

[$fd/$fu/$rd/$ru/$si]\n&quot;);<br>

<br>

                    if($(rU{s.len}) &lt; 4) {<br>

                    xlog(&quot;L_ERR&quot;, &quot;Number incomplete/failure for $rU\n&quot;);<br>

                    prefix(&quot;FAIL_&quot;);<br>

                    route(vmbox);<br>

                    }<br>

<br>

                    if(!cr_route(&quot;default&quot;, &quot;$fd&quot;, &quot;$rU&quot;, &quot;$rU&quot;,<br>

&quot;call_id&quot;, &quot;$avp(host)&quot;)) {<br>

                    xlog(&quot;L_ERR&quot;, &quot;Number not found for $rU\n&quot;);<br>

                    prefix(&quot;FAIL_&quot;);<br>

                    route(vmbox);<br>

                    }<br>

                } else {<br>

                    xlog(&quot;L_INFO&quot;,&quot;Not here: user route<br>

[$fd/$fu/$rd/$ru/$si/$avp(carrier)]\n&quot;);<br>

<br>

                    $avp(domain)=&quot;<a href="http://voip.unisi.it" target="_blank">voip.unisi.it</a>&quot;;<br>

                    if (!cr_route(&quot;$avp(carrier)&quot;, &quot;$avp(domain)&quot;,<br>

&quot;$rU&quot;, &quot;$rU&quot;,&quot;call_id&quot;, &quot;$avp(host)&quot;)) {<br>

                    sl_send_reply(&quot;404&quot;, &quot;Not found&quot;);<br>

                    xlog(&quot;L_ERR&quot;, &quot;cr_route failed\n&quot;);<br>

                    exit;<br>

                    }<br>

                }<br>

<br>

                t_on_failure(&quot;missed_call&quot;);<br>

<br>

                if (!t_relay()) {<br>

                    sl_reply_error();<br>

                };<br>

                exit;<br>

            case -3: # internal error<br>

                t_newtran();<br>

                t_reply(&quot;404&quot;, &quot;Not Found&quot;);<br>

                exit;<br>

            case -2: # method not supported<br>

                sl_send_reply(&quot;405&quot;, &quot;Method Not Allowed&quot;);<br>

                exit;<br>

        }<br>

    }<br>

<br>

    if (isbflagset(NAT)) setflag(NAT);<br>

<br>

    # when routing via usrloc, log the missed calls also<br>

    setflag(ACC_MISSED);<br>

    route(relay);<br>

}<br>

<br>

<br>

route[relay] {<br>

    # for INVITEs enable some additional helper routes<br>

    if (is_method(&quot;INVITE&quot;)) {<br>

<br>

        if (isflagset(NAT)) {<br>

            rtpproxy_offer(&quot;ro&quot;);<br>

        }<br>

<br>

        t_on_branch(&quot;per_branch_ops&quot;);<br>

        t_on_reply(&quot;handle_nat&quot;);<br>

        t_on_failure(&quot;missed_call&quot;);<br>

    }<br>

<br>

    if (isflagset(NAT)) {<br>

        add_rr_param(&quot;;nat=yes&quot;);<br>

        }<br>

<br>

    if (!t_relay()) {<br>

        send_reply(&quot;500&quot;,&quot;Internal Error&quot;);<br>

    };<br>

    exit;<br>

}<br>

<br>

<br>

# Presence route<br>

route[handle_presence]<br>

{<br>

    if (!t_newtran())<br>

    {<br>

        sl_reply_error();<br>

        exit;<br>

    }<br>

<br>

    if(is_method(&quot;PUBLISH&quot;))<br>

    {<br>

        handle_publish();<br>

    }<br>

    else<br>

    if( is_method(&quot;SUBSCRIBE&quot;))<br>

    {<br>

        handle_subscribe();<br>

    }<br>

<br>

    exit;<br>

}<br>

<br>

<br>

branch_route[per_branch_ops] {<br>

    xlog(&quot;new branch at $ru\n&quot;);<br>

}<br>

<br>

<br>

onreply_route[handle_nat] {<br>

    if (nat_uac_test(&quot;1&quot;))<br>

        fix_nated_contact();<br>

    if ( isflagset(NAT) )<br>

        rtpproxy_answer(&quot;ro&quot;);<br>

#    xlog(&quot;incoming reply\n&quot;);<br>

}<br>

<br>

<br>

failure_route[missed_call] {<br>

    if (t_was_cancelled()) {<br>

        exit;<br>

    }<br>

<br>

    if (t_check_status(&quot;408|5[0-9][0-9]&quot;)) {<br>

            if(!cr_route(&quot;default&quot;, &quot;$fd&quot;, &quot;$rU&quot;, &quot;$rU&quot;, &quot;call_id&quot;,<br>

&quot;$avp(host)&quot;)){<br>

            t_reply(&quot;403&quot;, &quot;Not allowed&quot;);<br>

        } else {<br>

            revert_uri();<br>

        prefix(&quot;FAILURE_&quot;);<br>

        rewritehostport(&quot;<a href="http://172.20.1.5:5060" target="_blank">172.20.1.5:5060</a>&quot;);<br>

        t_relay();<br>

        }<br>

    }<br>

}<br>

<br>

route[vmbox] {<br>

    xlog(&quot;L_INFO&quot;,&quot;Route VMBOX  [$fd/$fu/$rd/$ru/$si/]\n&quot;);<br>

<br>

    rewritehostport(&quot;<a href="http://172.20.1.5:5060" target="_blank">172.20.1.5:5060</a>&quot;);<br>

<br>

    route(relay);<br>

}<br>

<br>

<br>

local_route {<br>

    if (is_method(&quot;BYE&quot;) &amp;&amp; $DLG_dir==&quot;UPSTREAM&quot;) {<br>

<br>

        acc_db_request(&quot;200 Dialog Timeout&quot;, &quot;acc&quot;);<br>

<br>

    }<br>

}<br>

<br>

SIP Signaling works but RTP (Voice) not. If i register a device like<br>

&quot;<a href="mailto:sip%3A5001@10.1.65.117">sip:5001@10.1.65.117</a>&quot; call signalling works but voice not.<br>

<br>

Any hint ?<br>

<br>

Thanks, Michele<br>

<br>

--<br>

Michele Pinassi<br>

Responsabile Telefonia di Ateneo<br>

Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi di Siena<br>

tel: 0577.(23)2169 - fax: 0577.(23)2053<br>

<br>

Per trovare una soluzione rapida ai tuoi problemi tecnici<br>

consulta le FAQ di Ateneo, <a href="http://www.faq.unisi.it" target="_blank">http://www.faq.unisi.it</a><br>

<br>

<br>

<br>_______________________________________________<br>

Users mailing list<br>

<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>

<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>

<br></blockquote></div>