<div dir="ltr"><div>Hi. Please help.<br><span id="result_box" class="" lang="en"><span class="">We have:</span></span><br><span id="result_box" class="" lang="en"><span class="">One MGW: Cisco AS5350<br></span></span></div>
<span id="result_box" class="" lang="en"><span class="">UserID=</span></span><span id="result_box" class="" lang="en"><span class="">telephone number and </span></span><span id="result_box" class="" lang="en"><span class="">registration on OpenSips </span></span><span id="result_box" class="" lang="en"><span class="">through MySQL<br>
</span></span><span id="result_box" class="" lang="en"><span class="">Call to</span> <span class="">PSTN</span> <span class="">pass through</span> <span class="">MGW</span> <span class="">with prefix</span> <span class="">9999:</span></span><br>
<span id="result_box" class="" lang="en"><span class=""><br>Now, such a scheme works:<br>
<br>
(UAC )---->sip----->Opensips 1.7--->SIP--->MGW Cisco<br>85.85.85.95 85.85.85.85 85.85.85.11<br>RTP----------------------------------------------------------->MGW Cisco-------->PSTN<br>
<br></span></span><span id="result_box" class="" lang="en"><span class="">Here is
an example</span> <span class="">CFG-</span><span class="">file that</span> <span class="">works now</span><span class="">:</span> <br class="">
<span class="">The message</span> <span class="">"</span><span class="">183</span><span class="">"</span> <span class="">prefix
and</span> <span class="">visible</span> <span class="">IP</span>
<span class="">gateway.</span> <span class="">And that
could</span> <span class="">be a threat</span> <span class="">of fraud</span><span class="">.</span> <br class="">
<span class="">Here:</span> <span class="">if you use the</span>
<span class="">function</span> <span class="">topology_hiding
();</span> <span class="">it</span> <span class="">does
not happen</span> <span class="">a fair exchange</span><span class="">:</span> <br class="">
<span class=""></span></span><span id="result_box" class="" lang="en"><span class="">"BYE"</span> <span class="">comes</span>
<span class="">to the message</span> <span class="">"404</span><span class="">", "Not here"</span> <span class="">rather than
"</span><span class="">200</span> <span class="">OK"</span>
<br class="">
<span class="">I use</span> <span class="">client_nat_test</span>
<span class="">to</span> <span class="">cut off</span> <span class="">all requests for</span> <span class="">registration</span>
<span class="">are NAT</span><span class=""></span></span><span id="result_box" class="" lang="en"><span class=""><span id="result_box" class="" lang="en"><span class="">, but</span>
<span class="">it does not work</span></span>!<br>
<br>
</span></span>port=5060<br>
listen=udp:<a href="http://85.85.85.85:5060">85.85.85.85:5060</a> #Opensips-server<br>
route{<br>
if (has_totag()) {<br>
if (loose_route()) {<br>
if (is_method("BYE")) {<br>
setflag(1);<br>
setflag(3);}<br>
else if (is_method("INVITE")) {<br>
#topology_hiding();<br>
record_route(); }<br>
route(1);}<br>
else {<br>
if ( is_method("ACK") ) {<br>
if ( t_check_trans() ) {<br>
t_relay();<br>
exit;}<br>
else {<br>
exit;<br>
}}<br>
sl_send_reply("404","Not here");<br>
}<br>
exit;<br>
}<br>
<br>
#initial requests<br>
if (is_method("CANCEL")){<br>
if (t_check_trans())<br>
t_relay();<br>
exit;}<br>
<br>
t_check_trans();<br>
<br>
# authenticate if from local subscriber (uncomment to enable auth)<br>
# authenticate all initial non-REGISTER request that pretend to be<br>
# generated by local subscriber (domain from FROM URI is local)<br>
<br>
if (!(method=="REGISTER") && from_uri==myself) #/*no
multidomain version*/<br>
{if (!proxy_authorize("", "subscriber")) <br>
{proxy_challenge("", "0");<br>
exit;}<br>
if (!db_check_from()) <br>
{sl_send_reply("403","Forbidden auth ID");<br>
exit;}<br>
consume_credentials();<br>
}<br>
<br>
# preloaded route checking<br>
if (loose_route()) <br>
{xlog("L_ERR","Attempt to route with preloaded Route's
[$fu/$tu/$ru/$ci]");<br>
if (!is_method("ACK")) sl_send_reply("403","Preload Route
denied");<br>
exit;<br>
}<br>
<br>
# record routing<br>
if (!is_method("REGISTER|MESSAGE")) record_route();<br>
<br>
# account only INVITEs if (is_method("INVITE"))<br>
{<br>
# if (!src_ip=="85.85.85.11") #CISCO MGW IP<br>
#{<br>
# topology_hiding();<br>
# }<br>
setflag(1); # do accounting<br>
}<br>
<br>
if (!uri==myself) ## replace with following line if multi-domain
support is used<br>
{<br>
route(1);}<br>
<br>
# requests for my domain<br>
if (is_method("PUBLISH")){<br>
sl_send_reply("503", "Service Unavailable");<br>
exit;}<br>
<br>
if (is_method("REGISTER")){<br>
# if(client_nat_test("3"))<br>
# {<br>
# sl_send_reply("403", "Not working NAT");<br>
# exit;<br>
# }<br>
<br>
# authenticate the REGISTER requests (uncomment to enable auth)<br>
if (!www_authorize("", "subscriber")) {<br>
www_challenge("", "0");<br>
exit;}<br>
if (!db_check_to()) {<br>
sl_send_reply("403","Forbidden auth ID");<br>
exit;}<br>
if (!save("location"))<br>
sl_reply_error();<br>
exit;<br>
}<br>
<br>
if ($rU==NULL) {<br>
# request with no Username in RURI<br>
sl_send_reply("484","Address Incomplete");<br>
exit;<br>
}<br>
<br>
# do lookup with method filtering<br>
if ((src_ip=="85.85.85.11") && (!lookup("location")))<br>
{<br>
switch ($retcode) {<br>
case -1:<br>
case -3:<br>
t_newtran();<br>
t_reply("404", "Not Found");<br>
exit;<br>
case -2:<br>
sl_send_reply("405", "Method Not Allowed");<br>
exit;<br>
}}<br>
<br>
# when routing via usrloc, log the missed calls also<br>
setflag(2);<br>
<br>
if (src_ip=="85.85.85.11") {<br>
route(1);}<br>
route(3);<br>
}<br>
<br>
route[1] {<br>
# for INVITEs enable some additional helper routes<br>
if (is_method("INVITE")) {<br>
t_on_branch("2");<br>
t_on_reply("2");<br>
t_on_failure("1");}<br>
if (!t_relay()) {<br>
sl_reply_error();};<br>
exit;}<br>
####################################################<br>
route[3] {<br>
prefix("9999");<br>
rewritehostport("<a href="http://85.85.85.11:5060">85.85.85.11:5060</a>");<br>
if (!t_relay()) {<br>
sl_reply_error();<br>
};exit;<br>
}<br>
####################################################<br>
branch_route[2] { xlog("new branch at $ru\n");}<br>
onreply_route[2] { xlog("incoming reply\n"); }<br>
<br>
failure_route[1] {<br>
if (t_was_cancelled()) {exit;}}<br><br><br>It's not safe, it's necessary to build a new wiring diagram:<br>
(UAC )--->sip,RTP---->(Opensips--->rtp,SIP------>)----->MGW Cisco--->PSTN<br>
85.85.85.95 (85.85.85.85 192.168.0.2) 192.168.0.3<br>
<br>
questions:<br>
1. to hide the network topology from the users (can be used dialog module, function: topology_hiding?)<br>
2. hide RTP traffic to MGW for Opensips-server (can be used MediaProxy or rtpproxy)?<br>3. <span id="result_box" class="" lang="en"><span class="">Cut off</span> <span class="">all</span> <span class="">who</span> <span class="">are NAT!!!</span></span><br>
Please, give examples opensips.cfg-file ?<br></div>