Re: [SR-Users] conditional on secfilter seems does not work or how to do it
El mié., 12 de ago. de 2020 a la(s) 10:30, Pepelux (pepel...@gmail.com)
escribió:
> Hi there
>
> It must work fine. I've just tested it:
>
no! i found the problem.. i forgot to say that we updated the table
dynamically and later noted in the documentation this:
there's no sense in having a table if we cannot load and use data in
real-time!
-> "All data will be loaded into memory when the module is started. There
is an RPC reload command to update all the data from database."
https://www.kamailio.org/docs/modules/devel/modules/secfilter.html#idm19 so
stupid.. htable logic is better, cos runs dynamically..
puff this module are so inflexible!
> kamailio.cfg
> xinfo("Checking source IP $si");
> secf_check_ip();
> xinfo("Result of sec_check_ip: $?");
>
> kamailio.log
> Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO:
>
[SR-Users] conditional on secfilter seems does not work or how to do it
I implemented secfilter in a simple way, in first step routing put that
conditional for black list check that already works:
```
secf_check_ip();
if ($? == -2) {
xlog("L_ALERT", "$rm from $si is blacklisted");
drop();
}
```
BUT NOW i want to change to whitelick checks, so i reviewed the docs and
"2" is resulting for whitelist, so then i said "if not whitelisted so
block" using "!= 2" as on
https://www.kamailio.org/wiki/cookbooks/5.3.x/core#operators BUT SEEMS DOES
NOT WORK: that is the code:
```
secf_check_ip();
if ($? != 2) {
xlog("L_ALERT", "$rm from $si is not in whitelist, block");
drop();
}
```
when i tested all the calls passed not matter if are in the table or not
as whitelist!
I want able to call only if are present and whitelisted the ip address.. so
i also tested with:
```
secf_check_ip();
if ($? == 0) {
xlog("L_ALERT", "$rm from $si is not present, so block");
drop();
}
```
to check if the ip address are presented in the table but call also passed
and must not cos i not put never a entry in the table!
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[SR-Users] Does kamailio sip domain makes sense if i defined some alias
in kamctlrc i defined an DOMAIN but later that ip was updated.. so my question: it make sense inclusivelly if already defined more allias in kamailiorc.cfg file? in case of more complicated response,, anybody can explain me about that why? -- Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Kamailio with dispatcher and asterisks real time
2020-05-05 2:40 GMT-04:00, Karsten Horsmann :
> the learning curve in sipproxies is really hard cos you have to understand
> the basics of sip. It's nothing you can do in a day. I learn every day and
> I am sure that I not understand everything.
umm ok but i only need a VERY SPECIFIC THING i already asked!
route[REGFWD} are the only thing i need to complete the coding of the
kamailio+asterisk real-time dispatcher case
>
> You could hire one of the business professionals on Kamailio to help you
>
> https://www.kamailio.org/w/business-directory/
>
> There you find many great people that can help you for some money.
Umm seems we can paste a propagande here with total free!
>
> Cheers
> Karsten
>
> ospos web schrieb am Di., 5. Mai 2020, 01:17:
>
>> On Sun, May 3, 2020 at 3:17 PM PICCORO McKAY Lenz
>> wrote:
>> > are the string ip comparitions. The guide points out two important
>> routines,
>> > which are FROMASTERISK and TOASTERISK, in these it is verified if the
>> > request acts from asterisk, or goes to asterisk.
>> > But are another routine that are also important, es la REGFWD
>>
>> many many thans! now it worked at leas some call are making in some
>> asterisk..
>> but as you pointed here seems nobody wants to help us with the
>> route[REGFWD} also i am a novice in this SIP world.. can anybody help
>> me? PLEASE!
>>
>> > HERE THE LAST PROBLEM:
>> >
>> > taken from the asterisk realtime guide, just almost at the lasted
>> > lines of the kamailio.cfg this is the code part that i cannot or i
>> > does not have enoought knowledge to translate that rules
>> > to the dispatcher ruling.. there are the code:
>> >
>> > route[REGFWD] {
>> > if(!is_method("REGISTER"))
>> > {
>> > return;
>> > }
>> > $var(rip) = $sel(cfg_get.asterisk.bindip);
>> > $uac_req(method)="REGISTER";
>> > $uac_req(ruri)="sip:" + $var(rip) + ":" +
>> $sel(cfg_get.asterisk.bindport);
>> > $uac_req(furi)="sip:" + $au + "@" + $var(rip);
>> > $uac_req(turi)="sip:" + $au + "@" + $var(rip);
>> > $uac_req(hdrs)="Contact: > > + $sel(cfg_get.kamailio.bindip)
>> > + ":" + $sel(cfg_get.kamailio.bindport)
>> + ">\r\n";
>> > if($sel(contact.expires) != $null)
>> > $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " +
>> $sel(contact.expires) + "\r\n";
>> > else
>> > $uac_req(hdrs)= $uac_req(hdrs) + "Expires: " +
>> $hdr(Expires) + "\r\n";
>> > uac_req_send();
>> > }
>> >
>> >
>> > 2020-04-22 19:59 GMT-04:00, ospos web :
>> > > Hi all folks, Hello people, I'm new and I've been reading, so I have
>> > > some but not much knowledge.
>> > >
>> > > I must integrate as work, two asterisk to the kamailio, a month ago I
>> > > started with the real time guide [1] with only one kamailio,
>> > > register,
>> > > start the call, etc.. I am with the basics and it works.
>> > >
>> > > Now I must put two asterisk and using dispatcher, but although I read
>> > > the documentation of the module.. use it and so then configure a list
>> > > of file (with the asterisk where to dispatch) and not in the
>> > > database..
>> > >
>> > > MY HELP REQUEST QUESTION: How do I use dispatcher in load balancing
>> > > mode, but taking in consideration my already working
>> > > realtime-asterisk
>> > > worling setup?
>> > >
>> > > THE PROBLEM: since with what I did it simply sends the call to both
>> > > asterisk. i setup only 4 easy steps.. load module, then setup params
>> > > (where i set the asterisk lists by file, and not db) and then added a
>> > > "ds_select_dst(1, 4);" before the "route(RELAY);" line. please help!
>> > >
>> > > as i know.. the ds_select_dst(1, 4); prepare wicht asterisk will be
>> > > choose to use and then when the routing RELAY happends no cares if in
>> > > the realtime previously guide are a main asterisk? right?
>> > >
>> > > NOTE: I know it's a big world... but I can't keep reading the
>> > > kamaili
Re: [SR-Users] Kamailio with dispatcher and asterisks real time
the problem with Aserisk realtime and the kamailio dispatcher integration,
are the string ip comparitions. The guide points out two important routines,
which are FROMASTERISK and TOASTERISK, in these it is verified if the
request acts from asterisk, or goes to asterisk.
But are another routine that are also important, es la REGFWD
I was able to adjust these routines (mediocre, because I only check
if it comes from one of the asterisks on the list and not the one in question),
but in the REGFWD rules, the code are bit confusing..
i made this:
1) follow the normal guideliness ... enable the module by addiding the
loadmodule "dispatcher.so" and later specify source list/db by
modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list")
etc etc .. and adde a rule "route[DISPATCH]" of course. ..
2) later i sustitute the rutines of FROMASTERISK and TOASTERISK by that code:
route[FROMASTERISK] {
if(ds_is_from_list()){
return 1;
}
return -1;
}
route[TOASTERISK] {
ds_mark_dst("P");
if(!ds_select_dst("1", "2")) { # i have only 2 sterisk in list
sl_send_reply("500", "Service Unavailable");
exit;
}
route(RELAY);
exit;
}
And that'sall.. but:
NOTE. the code on TOASTERISK exit if service are unavailable,, i have
doubs about that, due i assume that if does not return (noted the "!"
in the contidional) from the list.. there's no way to deliver to a
asterisk.. so exit,cos i not have enought xpertise to propety code a
subrutine that waiths to an asterisk to be available!
HERE THE LAST PROBLEM:
taken from the asterisk realtime guide, just almost at the lasted
lines of the kamailio.cfg this is the code part that i cannot or i
does not have enoought knowledge to translate that rules
to the dispatcher ruling.. there are the code:
route[REGFWD] {
if(!is_method("REGISTER"))
{
return;
}
$var(rip) = $sel(cfg_get.asterisk.bindip);
$uac_req(method)="REGISTER";
$uac_req(ruri)="sip:" + $var(rip) + ":" +
$sel(cfg_get.asterisk.bindport);
$uac_req(furi)="sip:" + $au + "@" + $var(rip);
$uac_req(turi)="sip:" + $au + "@" + $var(rip);
$uac_req(hdrs)="Contact: \r\n";
if($sel(contact.expires) != $null)
$uac_req(hdrs)= $uac_req(hdrs) + "Expires: " +
$sel(contact.expires) + "\r\n";
else
$uac_req(hdrs)= $uac_req(hdrs) + "Expires: " + $hdr(Expires) +
"\r\n";
uac_req_send();
}
2020-04-22 19:59 GMT-04:00, ospos web :
> Hi all folks, Hello people, I'm new and I've been reading, so I have
> some but not much knowledge.
>
> I must integrate as work, two asterisk to the kamailio, a month ago I
> started with the real time guide [1] with only one kamailio, register,
> start the call, etc.. I am with the basics and it works.
>
> Now I must put two asterisk and using dispatcher, but although I read
> the documentation of the module.. use it and so then configure a list
> of file (with the asterisk where to dispatch) and not in the
> database..
>
> MY HELP REQUEST QUESTION: How do I use dispatcher in load balancing
> mode, but taking in consideration my already working realtime-asterisk
> worling setup?
>
> THE PROBLEM: since with what I did it simply sends the call to both
> asterisk. i setup only 4 easy steps.. load module, then setup params
> (where i set the asterisk lists by file, and not db) and then added a
> "ds_select_dst(1, 4);" before the "route(RELAY);" line. please help!
>
> as i know.. the ds_select_dst(1, 4); prepare wicht asterisk will be
> choose to use and then when the routing RELAY happends no cares if in
> the realtime previously guide are a main asterisk? right?
>
> NOTE: I know it's a big world... but I can't keep reading the kamailio
> theory, i must goon forward due i have to lear later once are property
> working..
>
> [1]
> https://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
--
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[SR-Users] siremis help and usage index?
it's there some help manual usage for siremis? the only KB source i have are asipto.. and only are install manuals!! Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[SR-Users] strange conditional "if ($au!=$tU)" with previous exit
i have this in asterisk integration how to, and i noted the "exit"
before the "if($au!=$tU)" .. i dont understan the conditional and the
exit there!
please can someon xplain me that!?
# authenticate the REGISTER requests (uncomment to enable auth)
#!ifdef WITH_ASTERISK
if (!www_authorize("$td", "sipusers"))
#!else
if (!www_authorize("$td", "subscriber"))
#!endif
{
www_challenge("$td", "0");
exit;
}
if ($au!=$tU)
{
sl_send_reply("403","Forbidden auth ID");
exit;
}
i investigate at the kamailio cgf documentation and there's no clear
topic related!
http://www.kamailio.org/wiki/cookbooks/5.2.x/pseudovariables#tu_-_to_uri
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] exit after www_challenge
2019-10-08 12:13 GMT-04:00, David Villasmil :
> And this is because the next message (response to the authentication
> challenge) will come in as a different packet.
umm David gimme to me the most reasonable response..
maybe i must shared a more expanded code.. to property see if are
reasonable a "exit" call there?
that is the complete portion of the code:
(i follow the kamailio/asterisk integration realtime guide)
# Authentication route
route[AUTH] {
#!ifdef WITH_AUTH
#!ifdef WITH_ASTERISK
# do not auth traffic from Asterisk - trusted!
if(route(FROMASTERISK))
return;
#!endif
if (is_method("REGISTER"))
{
# authenticate the REGISTER requests (uncomment to enable auth)
#!ifdef WITH_ASTERISK
if (!www_authorize("$td", "sipusers"))
#!else
if (!www_authorize("$td", "subscriber"))
#!endif
{
www_challenge("$td", "0");
exit;
}
if ($au!=$tU)
{
sl_send_reply("403","Forbidden auth ID");
exit;
}
consume_credentials();
xlog("L_ALERT","get hole from $si\n");
} else {
#!ifdef WITH_IPAUTH
if(allow_source_address())
{
# source IP allowed
return;
}
#!endif
if (from_uri==myself)
{
#!ifdef WITH_ASTERISK
if (!proxy_authorize("$fd", "sipusers")) {
#!else
if (!proxy_authorize("$fd", "subscriber")) {
#!endif
proxy_challenge("$fd", "0");
exit;
}
xlog("L_ALERT","get hole from $si\n");
if (is_method("PUBLISH"))
{
if ($au!=$tU) {
sl_send_reply("403","Forbidden auth
ID");
exit;
}
} else {
if ($au!=$fU) {
sl_send_reply("403","Forbidden auth
ID");
exit;
}
}
consume_credentials();
# caller authenticated
} else {
# caller is not local subscriber, then check if it calls
# a local destination, otherwise deny, not an open
relay here
if (!uri==myself)
{
sl_send_reply("403","Not relaying");
exit;
}
}
}
#!endif
return;
}
>
> Regards,
>
> David Villasmil
> email: david.villasmil.w...@gmail.com
> phone: +34669448337
>
>
> On Tue, Oct 8, 2019 at 4:57 PM Daniel Tryba wrote:
>
>> On Tue, Oct 08, 2019 at 11:07:44AM -0400, PICCORO McKAY Lenz wrote:
>> > i have the code with an exit, i dont know if are correct that "exit"
>> > in that line? or not? help me please?
>>
>> They are correct (to me). After calling www_challenge() you want to stop
>> any further processing. Same for your 403 condition. If you only want
>> authenticated after that pooint exit will stop the processing of the
>> message.
>>
>>
>> ___
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>
--
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[SR-Users] exit after www_challenge
i have the code with an exit, i dont know if are correct that "exit"
in that line? or not? help me please?
# authenticate the REGISTER requests (uncomment to enable auth)
#!ifdef WITH_ASTERISK
if (!www_authorize("$td", "sipusers"))
#!else
if (!www_authorize("$td", "subscriber"))
#!endif
{
www_challenge("$td", "0");
exit;
}
if ($au!=$tU)
{
sl_send_reply("403","Forbidden auth ID");
exit;
}
consume_credentials();
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[SR-Users] xtrange error but those rules that already work, some bug?
i have many xtrange errors in the log.. but the code seems as i guess
completed each rule without error.
In the kamailio i have that error by example:
Sep 23 13:38:29 ser-server-02 kamailio[2847]: 4(2855) ERROR: ***
cfgtrace:request_route=[REGISTRAR]
c=[/etc/kamailio/kamailio-devel.cfg] l=692 a=25 n=save
that line represents a supposed error in the following code, BUT that code
seem work.. kamailio it’s working perfectly.. so i’m worry about it, what
it happened?
# Handle SIP registrations
route[REGISTRAR] {
if (!is_method("REGISTER")) return;
if(isflagset(FLT_NATS))
{
setbflag(FLB_NATB);
#!ifdef WITH_NATSIPPING
# uncomment next line to do SIP NAT pinging
setbflag(FLB_NATSIPPING);
#!endif
}
if (!save("location"))
sl_reply_error();
#!ifdef WITH_ASTERISK
route(REGFWD);
#!endif
exit;
}
why that happened?
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Kamalio & Asterisk integration erroneous behavior, setup issue
El mié., 4 de sep. de 2019 a la(s) 02:03, Aristeidis Tsitras ( tsit...@gmail.com) escribió: > when i have the adsl attached on the network then on the pcap file i see > the public IP of the router something like 2200@62.38.100.150 instead of > 2200@192.168.1.7. When i unplug the adsl from the router, then i get > 2200@192.168.1.7. This happens only for the windows PC. > seems pretty clear the problem -> " This happens only for the windows PC." that M$ thing have their own routing problems.. so makes sense that if router do not have public address the routing stsart to works in some manner, same procedure happened if yu plug or unplug.. that sh** said in the network icon "there's no network interenet connection" with a exclamation icon... but network are still present, so use a real os > Also there was an attempt from a second windows PC in the network to > register, but i could not see anything coming through. It is the extension > 2202 and the IP is 192.168.1.8 > > > I would appreciate any help available, please. > > > > Στις Παρ, 30 Αυγ 2019 στις 4:09 μ.μ., ο/η David Villasmil < > david.villasmil.w...@gmail.com> έγραψε: > >> Log into asterisk’s cli and see what it has to say. >> >> On Fri, 30 Aug 2019 at 14:07, Aristeidis Tsitras >> wrote: >> >>> attached you can find the pcap. >>> IPs >>> >>>- 192.168.1.220. Kamailio at port 5060 and Asterisk at port 5080 >>>- 192.168.1.7.Zoiper softphone in Windows PC. extension 2200 >>>- 192.168.1.124. Softphone in Android phone. extension 2201 >>> >>> 2200 calls 2201. 2200's softphone says call established, probably >>> voicemail, but 2201 never receives the call. >>> >>> Thanks in advance for your help >>> >>> >>> Στις Παρ, 30 Αυγ 2019 στις 2:19 μ.μ., ο/η David Villasmil < >>> david.villasmil.w...@gmail.com> έγραψε: >>> The users are registered on kamailio, not asterisk, that’s why you don’t see them in asterisk. The voicemail is happening because asterisk doesn’t know where the user being called is. So I assume kamailio is not forwarding the registration location to asterisk. Make a trace with I.e.: sngrep while registering, you should the register forward happening. On Fri, 30 Aug 2019 at 09:55, Aristeidis Tsitras wrote: > new to the area and trying to setup Kamailio with Asterisk in a single > machine. All users will register to Kamailio's port and in case of need > for > media, it will be forwarded to Asterisk, that is my intention. All of my > work is based on the following link > https://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb. > Here is what i have done: > >- Debian 8, 64 bit machine with mysql and odbc >- > > > > > > > > *root@kamast: ~ $ lsb_release -a No LSB modules are available. >Distributor ID: Debian Description:Debian GNU/Linux 8.11 (jessie) >Release:8.11 Codename: jessie root@kamast: ~ $ uname -a > Linux >kamast 3.16.0-10-amd64 #1 SMP Debian 3.16.72-1 (2019-08-13) x86_64 >GNU/Linux root@kamast: ~ $ * >- Kamailio 5.2 installed from Kamailio's deb repository >- Asterisk 13LTS installed from source >- Used the same passwords such as kamailiorw and >asterisk_password, since this is a test system, for proof of concept. > > I did import to the mysql>asterisk database 3 users 2200, 2201 and > 2202. Then created in sip.conf the same 3 users with the same credentials. > Then on 3 PCs i used softphones (Jitsi, Zoiper) and registered each > account > to a softphone. Problems: > >- Cannot see the users in the Asterisk's cli, sip show peers >- I can see users only in Kamailio with kamctl ul show >- A call between the extensions goes to voicemail. It never >reaches the other destination eg 2200 calls 2201 and in Asterisk's > console >i am getting a message that 2201 is absent and it goes to voicemail. > The >same with any other extension. > > Attached you can find: > >1. Kamailio.cfg >2. Asterisk's sip.conf >3. Asterisk's extension.conf >4. The import that i have done to mysql for the user creation. > > > I would appreciate if someone could point me to the error and help me > fix it please? > > > > ___ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > -- Regards, David Villasmil email: david.villasmil.w...@gmail.com phone: +34669448337 ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> ___
[SR-Users] exit stop procesing or not after a conditional? based on "exit" core docs seems does not explain behaviour
in my kamailio-asterisk integration i have a exit after the authentication
logic, BUT; there's another conditional after the "exit" sentence,
so my ask, if there's a exit in that piece of code .. that next conditional
will not be executed?
Docs seems said "stop execution of script" so all the rest of the logic in
file will not be routed?
The documentation seems does not explain in good behavior what happened or
the kamailio-asterisk wiki page does not have good explanations for that!
it's that an error?
https://www.kamailio.org/wiki/cookbooks/4.3.x/core#exit
-
-
```
if (from_uri==myself)
{#!ifdef WITH_ASTERISK
if (!proxy_authorize("$fd", "sipusers")) {#!else
if (!proxy_authorize("$fd", "subscriber")) {#!endif
proxy_challenge("$fd", "0");
exit;
}
if (is_method("PUBLISH"))
{
if ($au!=$tU) {
sl_send_reply("403","Forbidden auth
ID");
exit;
}
} else {
if ($au!=$fU) {
sl_send_reply("403","Forbidden auth
ID");
exit;
}
}
consume_credentials();
# caller authenticated
} else {
# caller is not local subscriber, then check if it calls
# a local destination, otherwise deny, not an open
relay here
if (!uri==myself)
{
sl_send_reply("403","Not relaying");
exit;
}
}
}
#!endif
return;
}
```
8:52 am
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] pike parameters doup when have dinamyc ip clients and scanners
El mié., 14 de ago. de 2019 a la(s) 10:11, Daniel Tryba (d.tr...@pocos.nl)
escribió:
> Yes, this adds the source ip to the htable that is used to block further
> requests. But my experience is that if you sent a 200 OK the scans
> will stop for the older scanners. So you might want to add a
> sl_send_reply("200", "OK");
> before the drop.
>
added! thanks
but:
> I'm not sure what you are trying to say here.
>
> In my setups I have a limit of 64 requests per 2s. But I also have
> whitelist (with/via the permissions module) for known high traffic
> ipaddresses. Dimensioning the pike module for the known high traffic
> hosts kind of defeats the purpose of using pike to detect strange
> unwanted traffic. The correct numbers depend on your endpoints.
>
i cannot use whitelist due my experiment are for all dinamyc ip clients
so what its the meaning of "depend on your endpoints" ?
> if(src_ip!=myself && !allow_address("2", "$si", "$sp"))
> {
>if($sht(ipban=>$si)!=$null)
>{
># ip is already blocked
>exit;
>}
>
>if (!pike_check_req())
>{
>$sht(ipban=>$si) = 1;
>exit;
>
>
>
> > oh, also i put for scanners that:
> >
> > if($ua =~ "friendly-scanner") {
> >xlog("L_ALERT", "friendly scanning incoming $rm IP:$si:$sp - R:$ruri -
> > F:$fu - T:$tu - UA:$ua - $rm\n");
> > $sht(ipban=>$si) = 1;
> >drop();
> > }
> >
> > so i ban the ip where the friendly scanner are made for a while, it's
> that
> > correct?
>
>
>
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] pike parameters doup when have dinamyc ip clients and scanners
El mié., 14 de ago. de 2019 a la(s) 04:55, Daniel Tryba (d.tr...@pocos.nl)
escribió:
> On Tue, Aug 13, 2019 at 03:57:36PM -0430, PICCORO McKAY Lenz wrote:
> > # this it's my setup for pike due the dinamyc ip and devices over the
> internet:
> > modparam("pike", "sampling_time_unit", 4)
> > modparam("pike", "reqs_density_per_unit", 80)
> > modparam("pike", "remove_latency", 60)
>
> With above settings a client will be banned if it sends more than 80
> messages per 4s. And ipaddresses will be tracked by pike for at max 60s
> after the last request.
>
Thanks a lot, the language barrier confused all, you confirmed to me..
that the pike only are a tool to property ban with htable.. thanks o lot
But now have a doub, please guide me with that:
Wheter the config id good depends on the behavior of your clients. A
> simple SIP phone will only send a couple of messages per second. A
> multitenant machine can send many depending on the number of channels
> and trunks configured (and the way it may REGISTER, e.g. asterisk tries
> to REGISTER all trunks at the same time (sequentially))
>
you said: " A simple SIP phone will only send a couple of messages per
second"
so if i have that special case with dinamyc ip in clients.. who could be
better to not confuse those clients with intents of attacks?
oh, also i put for scanners that:
if($ua =~ "friendly-scanner") {
xlog("L_ALERT", "friendly scanning incoming $rm IP:$si:$sp - R:$ruri -
F:$fu - T:$tu - UA:$ua - $rm\n");
$sht(ipban=>$si) = 1;
drop();
}
so i ban the ip where the friendly scanner are made for a while, it's that
correct?
>
>
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[SR-Users] pike parameters doup when have dinamyc ip clients and scanners
I read documentation for pike usage.. and have a doub.. what it's the
best for very dinamyc ip of my devices.. i mean, i'm just curious of
that very ironic and problematic scenario:
for the scanners i setup fail2ban but only when the scaning are
detecte.. but if i have the pike option how this:
# this it's my setup for pike due the dinamyc ip and devices over the internet:
modparam("pike", "sampling_time_unit", 4)
modparam("pike", "reqs_density_per_unit", 80)
modparam("pike", "remove_latency", 60)
...
route {
if (!pike_check_req()) {
xlog("L_ALERT","ALERT: pike block $rm from $fu (IP:$si:$sp)\n");
exit;
}
...
}
I put the remove latency in 60, so then due are dinamycally must
remian in memory more (due any one will be a possible clilent), just
ban if there are 180 (60*3) request each 4 seconds,
it's a good configuration or maybe i'm wrong please help me!
--
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] How to configure Kamailio 5.1 with Asterisk pjsip
El jue., 9 de may. de 2019 a la(s) 15:26, Henning Westerholt (h...@skalatan.de) escribió: > quality of the documentation, please help to improve it, or choose > i try to improve it but how if i cannot get some help! > If you don't like this english list, I think there is also a spanish > list which might be interesting for you. If you happens to speak another > very "forever alone" when something ask for advanced things! and so then must go to english list! top playing games! i want also improve the documentation but i still have problems still do not understan the ast4erisk and BLF kamailio integration.. when i ask got "ask to asterisk" ... some months ago the "viral" systemd script was full of bugs on debian pacakging of kamailio.. ok was solved but that causes lot of waste of time! i not have powerfully machine.. not have enought faster network service so seems i cannot do nothing but also seems that i the only one to do something about the outdated documentation! the facts are sad! and i not have so light here! ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] How to configure Kamailio 5.1 with Asterisk pjsip
El mié., 8 de may. de 2019 a la(s) 10:30, David Villasmil (david.villasmil.w...@gmail.com) escribió: > But if you’re still interested, then buy and read > https://www.asipto.com/sw/kamailio-admin-book-purchase/ outdated! > I hope you learn how to ask for help in the future. ask for help its a different issue respect to provide help! > > Cheers > > David > > On Wed, 8 May 2019 at 14:37, Social Boh wrote: >> >> Try and failure. The best for you. >> >> --- >> I'm SoCIaL, MayBe >> >> On 5/8/19 07:31, PICCORO McKAY Lenz wrote: >> >> El dom., 5 de may. de 2019 a la(s) 15:25, David Villasmil >> (david.villasmil.w...@gmail.com) escribió: >>> >>> http://www.kamailio.org/wiki/tutorials/getting-started/main >> >> Pretty vage, VAGE! >> >>> >>> http://kb.asipto.com/asterisk:index which is about integrating Kamailio and >>> asterisk. It’s pretty old (4.0) but most still applies. >> >> not "pretty" >> VERY VERY OLD! >> >> why there's no a good documentation and users must liate with english here >> in maillist? >> >> by example i must "waith" to something if "wants" to answer "my" question! >> in that time i waste the time! du i cannot do anything due lack of good >> documentation! >> >> >>> >>> >>> After installing kamailio, check out the configuration file, it should >>> pretty much work for you unchanged by just enabling or disabling “define”s >>> >>> Good luck >>> >>> David >>> >>> On Sun, 5 May 2019 at 18:12, przeqpiciel wrote: >>>> >>>> I would like to have an infrastructure where there are two machines with >>>> Kamailio installed (K1, K2) and another two with Asterisk installed (A1, >>>> A2). >>>> Ultimately, I want to be able to make calls through any Asterisk dialplan >>>> regardless of which Kamailio the registration took place. >>>> When this is achieved, I would like to register an account provided by the >>>> VoIP provider and be able to accept and make calls. Of course, the logic >>>> of these connections, IVR, Queue is to be based on Asterisk. >>>> So the question. Where can I find descriptions of how to do this. >>>> ___ >>>> Kamailio (SER) - Users Mailing List >>>> sr-users@lists.kamailio.org >>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >>> -- >>> Regards, >>> >>> David Villasmil >>> email: david.villasmil.w...@gmail.com >>> phone: +34669448337 >>> ___ >>> Kamailio (SER) - Users Mailing List >>> sr-users@lists.kamailio.org >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> >> >> ___ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> >> ___ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > -- > Regards, > > David Villasmil > email: david.villasmil.w...@gmail.com > phone: +34669448337 > ___ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] How to configure Kamailio 5.1 with Asterisk pjsip
El dom., 5 de may. de 2019 a la(s) 15:25, David Villasmil ( david.villasmil.w...@gmail.com) escribió: > http://www.kamailio.org/wiki/tutorials/getting-started/main > Pretty vage, VAGE! > http://kb.asipto.com/asterisk:index which is about integrating Kamailio > and asterisk. It’s pretty old (4.0) but most still applies. > not "pretty" VERY VERY OLD! why there's no a good documentation and users must liate with english here in maillist? by example i must "waith" to something if "wants" to answer "my" question! in that time i waste the time! du i cannot do anything due lack of good documentation! > > After installing kamailio, check out the configuration file, it should > pretty much work for you unchanged by just enabling or disabling “define”s > > Good luck > > David > > On Sun, 5 May 2019 at 18:12, przeqpiciel wrote: > >> I would like to have an infrastructure where there are two machines with >> Kamailio installed (K1, K2) and another two with Asterisk installed (A1, >> A2). >> Ultimately, I want to be able to make calls through any Asterisk dialplan >> regardless of which Kamailio the registration took place. >> When this is achieved, I would like to register an account provided by >> the VoIP provider and be able to accept and make calls. Of course, the >> logic of these connections, IVR, Queue is to be based on Asterisk. >> So the question. Where can I find descriptions of how to do this. >> ___ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > -- > Regards, > > David Villasmil > email: david.villasmil.w...@gmail.com > phone: +34669448337 > ___ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[SR-Users] kamailio, asterisk and BLF seems its only using json?
hi, i try to follow the how to in the wiki https://kb.asipto.com/kamailio:presence:k43-blf and configure my two only phones.. but for any states only one led its blinking, the busy state.. no other state work, (if i connect directly to asterisk all work perfeclty, i using asterisk 13 with kamailio 4.4.4) also read the archived https://lists.kamailio.org/pipermail/sr-users/2013-May/078234.html but no luck wht happened with that how to? it's different for asterisk if are integrated? do i need a pjsip asterisk event the oldes chan? see that in presense module parameters, the server address said that value of Contact header filed for 200 OK replies to SUBSCRIBE and PUBLISH and in NOTIFY messages umm if i have integrated and working asterisk (relatime mode) with kamailio, that address muswt be asterisk? taking in cosideration that i have a route rule said that send auth to asterisk and trust any incomming from it? -- Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[SR-Users] drop before exit and send ok reply first can be done?
h have this for a custom rule agains spoecific messages:
sl_send_reply("200", "OK");
drop();
exit;
my question are if that rules are correct:
i want to drop but send firts to client a ok response..
i mean client receive "all are ok dont worry" and then drop the rest
packets..
that's correct?
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[SR-Users] where to find the cfg languaje for program on it?
recently i wrote a portion of my cfg file but i found that i based my code in other sources and results of try/tach experiments i cannot found the documents for the languaje of the core i only found the link: https://www.kamailio.org/wiki/cookbooks/devel/core but in that link there's no references about languaje per see only about how to write portions of the file and sections.. maybe i wrong or the document are wrote in different way? by example how to evaluate the output of a custom function/section? Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Releasing Kamailio v5.2.2
El jue., 7 de mar. de 2019 a la(s) 09:12, Daniel-Constantin Mierla ( mico...@gmail.com) escribió: > I think in old debian/other-linux distros, the /var/run/kamailio was > created from init.d, not by kamailio. On newer OS versions, should be > created by > debian 8, 9 , and "old" as you pointed does not use init.d by default... and about systemd > systemd/tmpfsd at startup, otherwise kamailio attempts to create if it has > enough privileges. > seems that's the problem, systemd create it with root privilegies in wheeze backported the kamailio and uses init.d and there's no problem., so "olders" dont seems have problem.. but noted that when kamailio starts the pid are owned by root! Cheers, > Daniel > On 07.03.19 13:14, PICCORO McKAY Lenz wrote: > > the /var/run/kamailio directory for the fifo and crtl files STILL are > denied for acces to the service > as i can see directory are owed byt root and only ower and group have > access > > kamailio 4.4 backported by me for Debian jessie have this: > drwxr-xr-x 2 kamailio kamailio 100 Aug 15 17:33 kamailio > kamailio 5.2 installed on buster/testing build from sources: > drwxr-x--- 2 root root 120 Jan 30 09:35 kamailio > > > Lenz McKAY Gerardo (PICCORO) > http://qgqlochekone.blogspot.com > > > El mié., 6 de mar. de 2019 a la(s) 04:00, Daniel-Constantin Mierla ( > mico...@gmail.com) escribió: > >> Hello, >> >> I am considering to release a new version from branch 5.2, respectively >> v5.2.2, on next Monday, March 11. >> >> As usual, check if any fixes done on master for issues you reported were >> backported to 5.2 already or not (I just pushed a bunch of backports >> earlier today). >> >> Also, if you are aware of issues not reported to the bug tracker, >> register them to get a chance to review and eventually fix. >> >> Cheers, >> Daniel >> >> -- >> Daniel-Constantin Mierla -- www.asipto.com >> www.twitter.com/miconda -- www.linkedin.com/in/miconda >> Kamailio World Conference - May 6-8, 2019 -- www.kamailioworld.com >> Kamailio Advanced Training - Mar 25-27, 2019, in Washington, DC, USA -- >> www.asipto.com >> >> >> ___ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > -- > Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- > www.linkedin.com/in/miconda > Kamailio World Conference - May 6-8, 2019 -- www.kamailioworld.com > Kamailio Advanced Training - Mar 25-27, 2019, in Washington, DC, USA -- > www.asipto.com > > ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Releasing Kamailio v5.2.2
the /var/run/kamailio directory for the fifo and crtl files STILL are denied for acces to the service as i can see directory are owed byt root and only ower and group have access kamailio 4.4 backported by me for Debian jessie have this: drwxr-xr-x 2 kamailio kamailio 100 Aug 15 17:33 kamailio kamailio 5.2 installed on buster/testing build from sources: drwxr-x--- 2 root root 120 Jan 30 09:35 kamailio Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com El mié., 6 de mar. de 2019 a la(s) 04:00, Daniel-Constantin Mierla ( mico...@gmail.com) escribió: > Hello, > > I am considering to release a new version from branch 5.2, respectively > v5.2.2, on next Monday, March 11. > > As usual, check if any fixes done on master for issues you reported were > backported to 5.2 already or not (I just pushed a bunch of backports > earlier today). > > Also, if you are aware of issues not reported to the bug tracker, > register them to get a chance to review and eventually fix. > > Cheers, > Daniel > > -- > Daniel-Constantin Mierla -- www.asipto.com > www.twitter.com/miconda -- www.linkedin.com/in/miconda > Kamailio World Conference - May 6-8, 2019 -- www.kamailioworld.com > Kamailio Advanced Training - Mar 25-27, 2019, in Washington, DC, USA -- > www.asipto.com > > > ___ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] it's auth module send clear text password?
El mar., 5 de mar. de 2019 a la(s) 09:33, Giovanni Maruzzelli (@ gmail.com) escribió: > On Tue, Mar 5, 2019 at 1:12 PM PICCORO McKAY Lenz > wrote: > >> thanks for aswer Federico, another, if the communication beetween >> asterisk and kamailio are using public ip, that password are easyl >> hackaeable? >> > yes, they are hackable, exactly like HTTP passwords. Easily, that depends > who the hackers are. > umm like that so then sound and any other stream beetween two right? > For real security (and privacy, etc) go for TLS and SRTP (ZRTP being the > uber good). > TLS implementation are knowed, but some documentations and ruting examples for SRTP case? very very thanks Giovanni Maruzzelli > > -giovanni > > > >> >> i read rfc2617 but does are not clear respect security and seems SIP is >> not an easy protocol to secure due relationship beetween both are trusted >> or something similar? >> >> El mar., 5 de mar. de 2019 a la(s) 03:08, Federico Cabiddu ( >> federico.cabi...@gmail.com) escribió: >> >>> Hi, >>> auth module implement digest authentication (rfc2617) so passwords are >>> not sent in clear from the client to kamailio. >>> >>> Federico >>> >>> On Tue, Mar 5, 2019 at 7:07 AM PICCORO McKAY Lenz < >>> mckaygerh...@gmail.com> wrote: >>> >>>> if kamailio doe snot use TLS all the mechanish in atuh module are send >>>> the pasword nude to the network? >>>> >>>> Lenz McKAY Gerardo (PICCORO) >>>> http://qgqlochekone.blogspot.com >>>> ___ >>>> Kamailio (SER) - Users Mailing List >>>> sr-users@lists.kamailio.org >>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>> ___ >>> Kamailio (SER) - Users Mailing List >>> sr-users@lists.kamailio.org >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> ___ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > > > -- > Sincerely, > > Giovanni Maruzzelli > OpenTelecom.IT > cell: +39 347 266 56 18 > > ___ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] it's auth module send clear text password?
thanks for aswer Federico, another, if the communication beetween asterisk and kamailio are using public ip, that password are easyl hackaeable? i read rfc2617 but does are not clear respect security and seems SIP is not an easy protocol to secure due relationship beetween both are trusted or something similar? El mar., 5 de mar. de 2019 a la(s) 03:08, Federico Cabiddu ( federico.cabi...@gmail.com) escribió: > Hi, > auth module implement digest authentication (rfc2617) so passwords are not > sent in clear from the client to kamailio. > > Federico > > On Tue, Mar 5, 2019 at 7:07 AM PICCORO McKAY Lenz > wrote: > >> if kamailio doe snot use TLS all the mechanish in atuh module are send >> the pasword nude to the network? >> >> Lenz McKAY Gerardo (PICCORO) >> http://qgqlochekone.blogspot.com >> ___ >> Kamailio (SER) - Users Mailing List >> sr-users@lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > ___ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[SR-Users] it's auth module send clear text password?
if kamailio doe snot use TLS all the mechanish in atuh module are send the pasword nude to the network? Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] http_event have errors with exec_avp
El vie., 1 de mar. de 2019 a la(s) 07:51, escribió:
>
> route[DO_SMTH]
> {
> exec_avp(“/usr/bin/who”,”$avp(s:user_)”);
> }
>
no all the times the rule retrievbe a valid value user...
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] kamailio/asterisk no call with sound if use rtpproxy/rtpengine
El jue., 28 de feb. de 2019 a la(s) 09:21, Daniel Tryba (d.tr...@pocos.nl) escribió: > You wrote something else in your original message: > exposing asterisk RTP 1-3 makes it function. > that's the problem here! yes! > I read that to be an indication that rtp(proxy|engine) isn't rewriting. > in fact, the first try was with rtpproxy, but due the DEBUG log are very poor we tried with rtpengine, and now i noted that rtpengine only output in log that: ``` Feb 28 14:39:44 ip-10-10-1-1 rtpengine[28721]: DEBUG: timer run time = 0.05 sec Feb 28 14:39:44 ip-10-10-1-1 rtpengine[28803]: [1551364784.000249] DEBUG: timer run time = 0.35 sec Feb 28 14:39:45 ip-10-10-1-1 rtpengine[28864]: DEBUG: timer run time = 0.10 sec Feb 28 14:39:46 ip-10-10-1-1 rtpengine[28864]: DEBUG: timer run time = 0.07 sec Feb 28 14:39:46 ip-10-10-1-1 rtpengine[28732]: DEBUG: timer run time = 0.08 sec Feb 28 14:39:46 ip-10-10-1-1 rtpengine[28832]: DEBUG: timer run time = 0.05 sec ``` BUT: rtpproxy seems are working cos if not there's no SIP sesion stablished! but as i siad, no sound if i not exposed the asterisk ports! NOTE: audio of the call are udp! so that means are not possible? i guess must be possible due the kamailio can manage an route using the rtp[proxy|engine] right? > > > ___ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Kamailio behind NAT or With Public IP - Which one is highly recommended
El mar., 26 de feb. de 2019 a la(s) 17:53, Alex Balashov ( abalas...@evaristesys.com) escribió: > I third that. NAT by definition adds complications and overhead, even if > i agree with! i currently have a confusion: as i pointed here: https://lists.kamailio.org/pipermail/sr-users/2019-February/104862.html i have kamailio+rtpproxy/rtpengine and asterisk in realtime mode but if i not bind the asterisk ports agains the public ip there's its no sound.. i mean, i want only let rtpproxy/rtpengine (whatever of two no both) only agains public ip > is nowadays to deploy Kamailio in NAT-only environments such as AWS. > i cannot find some info about deploy agains AWS flavored OS, where the public ip are kind of NAT.. and cannot take as real interface ... some help with that are appreciated! > > On Tue, Feb 26, 2019 at 01:47:36PM -0800, Joel Serrano wrote: > > > I second that. And to add to Henning's suggestion... > > > > We recently tested that same setup, and we found one "thing": Using > > advertise, you will need a second port (listen transport:ip:port) to talk > > to internal servers that require you to *keep* the private IP. Otherwise > > all outgoing request from that kamailio will have the IP replaced by > > whatever the advertise says and that can mess up your internal routing. > > > > Not an issue, as I said you can configure a second port, but just > something > > to know depending on what your setup is gong to look like. > > > > Good luck! > > Joel. > > > > On Tue, Feb 26, 2019 at 1:28 PM Henning Westerholt > wrote: > > > > > Am Dienstag, 26. Februar 2019, 06:09:08 CET schrieb Pintu Lohar: > > > > Which one among the below option is highly recommended for setting up > > > > Kamailio (for production) > > > > 1. Kamailio behind NAT *or* > > > >2. Setting up Kamailio using public IP? > > > > > > > > are there any disadvantages if we setup Kamailio behind NAT and use > > > > advertise option in listen parameters? > > > > > > > > We have tested both the options, and both the options work great for > us( > > > a. > > > > Kamailio behind NAT with advertising in listen parameters b.Kamailio > > > setup > > > > with public IP). So wondering which one is best and highly > recommended? > > > > > > > > Some extra info : > > > > 1. We use TLS > > > > 2. Using coturn for media > > > > > > Hello Pintu, > > > > > > generally speaking, if you have the choice between a network setup with > > > NAT > > > and without NAT (everything else equal) - my recommendation would to > > > choose > > > the one without NAT. It will be easier to debug in case of problems on > > > your > > > side or the client side. > > > > > > Best regards, > > > > > > Henning > > > > > > -- > > > Henning Westerholt - https://skalatan.de/blog/ > > > Kamailio services - https://skalatan.de/services > > > Kamailio security assessment - https://skalatan.de/de/assessment > > > > > > ___ > > > Kamailio (SER) - Users Mailing List > > > sr-users@lists.kamailio.org > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > > > > ___ > > Kamailio (SER) - Users Mailing List > > sr-users@lists.kamailio.org > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > -- > Alex Balashov | Principal | Evariste Systems LLC > > Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) > Web: http://www.evaristesys.com/, http://www.csrpswitch.com/ > > ___ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] kamailio/asterisk no call with sound if use rtpproxy/rtpengine
hih thanks for your respond, but seems you dont paid attention to my
problem, with ports opened and redirected to pulbic ip with the AWS
firewalling (tech support) call have sound, but and later NAT traversal
with rtpproxy as i understand in simple we must have:
phone/caller-->[-->rtpproxy->kamailio->asterisk->kamailio->rtpproxy
-]->phone/dest
then there's no sound...
El jue., 28 de feb. de 2019 a la(s) 05:25, Daniel Tryba (d.tr...@pocos.nl)
escribió:
> On Wed, Feb 27, 2019 at 04:04:45PM -0400, PICCORO McKAY Lenz wrote:
> > N]OTE: the public ip are not a real interface in the kamailio/rtppropxy
> > machine, are provided by the service AWS at amazon! a NAT kind i guess!
> But how are you calling rtp(proxy|engine) from kamailio? I think you
>
what its the relation fo that question? i already said that use socket and
both are in same machine
> need to call rtpengine with the direction option to accomplish what you
>
so i use unix socket in the rtpproxy one,
later with when i changed to rtpengine i use that:
```
cat kamailio.cfg | grep rtp
loadmodule "rtpengine.so"
modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:2")
rtpengine_manage("co");
rtpengine_manage("cor");
```
but if you are taking about what ip/interface we used the provided
internally:
```
cat kamailio.cfg | grep listen
listen=udp:10.10.1.1:5060 advertise 200.1.1.1:5060
```
the eth0 reports ip 10.10.1.1 in kamailio server,
and AWS provide a kind of NAT with ip 200.1.1.1:5060
> want in your setup. Also look at the INVITEs (on kamailio) to debug what
> happens with regards to SDP rewriting.
>
>
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[SR-Users] kamailio/asterisk no call with sound if use rtpproxy/rtpengine
i have setup asterisk/rtpproxy/kamailio following the guide in https://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb and later NAT traversal with rtpproxy as i understand in simple we must have: phone/caller-->[-->rtpproxy->kamailio->asterisk->kamailio->rtpproxy -]->phone/dest But when you make a call between two phones, there is no sound... ...to make it work and get sound have to open the ports (range 1 to 3 udp) in the asterisk exposing them to the public ip whre its the kamailio and rtpproxy. We configured kamailio with rtpproxy (also tried with rtpengine), and when I configure Asterisk and Kamailio in "real time" mode, everything goes well, the extensions are registered, the authentication is in the asterisk side (table sipusers requires ignore the version check parameter if you use kamailio 5+) etc etc .. but there's no sound, we have: kamailio.bindip="10.10.1.1" desc "kamailio.bindip" kamailio.bindport=5060 desc "kamailio.bindport" asterisk.bindip="10.10.1.2" desc "asterisk.bindip" asterisk.bindport=5060 desc "asterisk.bindport" listen=udp:10.10.1.1:5060 advertise 200.1.1.1:5060 at rtpproxy we have: /usr/bin/rtpproxy -s unix:/var/run/rtpproxy/rtpproxy.sock -u kamailio -p /var/run/rtpproxy/rtpproxy.pid -l 10.10.1.1 -A 200.1.1.1 -F -m 1 -M 3 why we need to make asterisk open the ports directly to the publlic ip? N]OTE: the public ip are not a real interface in the kamailio/rtppropxy machine, are provided by the service AWS at amazon! a NAT kind i guess! Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Kamailio Asterisk Retransmitting problem
i have similar problem, but only with streams due i used NAT with rtpproxy.. some help are apreciate in details! Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com El mar., 19 de feb. de 2019 a la(s) 03:22, Techinnovation ( techinnovat...@inbox.lv) escribió: > Hello, > > Could you please help me correctly to configure Kamailio with load > balancing between two asterisk servers and topology hidding with topoh > module. > In attach sip trace from kamailio and my config. > > Currently my problem is that after call UP on Asterisk side, Asterisk send > 10 times Retransmitting to > <-> > Retransmitting #5 (no NAT) to 37.148.171.162:5060: > SIP/2.0 200 OK > Via: SIP/2.0/UDP > 37.148.171.162;branch=z9hG4bKf534.157d7d1321019895cc6ba367dd3ae94c.0;received=37.148.171.162 > Via: SIP/2.0/UDP > 37.148.171.162;branch=z9hG4bKsr-mDYdVEts1x8-yJc91MhEVMtOVMhC6pni1uai1uSAQiytLvyKkMqHB5JsSg98PMYayEyHzESE1gdA6E9C > From: "testaccount" ;tag=as7abbf1f1 > To: ;tag=as143173ac > Call-ID: > !!:1MeMfMhpfGtgfo6MQu6HfMNH1v-515SC1omDQocT1Efc1MhEVMtOVMhC6pni1uai1uSA > CSeq: 102 INVITE > Server: Asterisk PBX GIT-master-c83a44c > Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, > PUBLISH, MESSAGE > Supported: replaces, timer > Session-Expires: 1800;refresher=uas > Contact: > Content-Type: application/sdp > Require: timer > Content-Length: 267 > > v=0 > o=root 1502512559 1502512559 IN IP4 37.148.171.164 > s=Asterisk PBX GIT-master-c83a44c > c=IN IP4 37.148.171.164 > t=0 0 > m=audio 19658 RTP/AVP 8 101 > a=rtpmap:8 PCMA/8000 > a=rtpmap:101 telephone-event/8000 > a=fmtp:101 0-16 > a=ptime:20 > a=maxptime:150 > a=sendrecv > > And no ACK answer from Kamailio. After 32 sec call drops. > > I have call flow: Provider 213.21.197.50 -> Kamailio 37.148.171.162 -> > Asterisk 37.148.171.163. > > kamailio -v > version: kamailio 5.2.0 (x86_64/linux) 535e13 > flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, > DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, > Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, > FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, > USE_DST_BLACKLIST, HAVE_RESOLV_RES > ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024, > BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB > poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. > id: 535e13 > compiled on 01:27:51 Dec 16 2018 with gcc 4.8.5 > > On Asterisk side I have config > > [general] > language=en > maxexpirey=3600 > defaultexpirey=3600 > bindport=5060 > subscribecontext=lab > allowsubscribe=yes > limitonpeers=yes > notifyringing=yes > notifyhold=yes > disallow=all > alwaysauthreject=yes > allowguest=no > allow=alaw > bindaddr=37.148.171.163 > t38pt_udptl=yes,redundancy > faxdetect=yes > directmedia=no > rtptimeout=60 > rtpholdtimeout=300 > > [kamailio] > type=friend > host=37.148.171.162 > port=5060 > nat=no > qualify=no > canreinvite=yes > insecure=invite > context=from-pstn > ;directmedia=yes > > Many thanks ! > > BR, > Alex > > > > > > > > > > > > > > > > > > > > *-- Best regards, Techinnovation * > mailto:techinnovat...@inbox.lv > ___ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[SR-Users] How can i send presence status from Asterisk 13 to kamailio presence module
i have followed the guie in https://kb.asipto.com/kamailio:presence:k43-blf and asterisk are working (due we connnect the phones directly to asterisk and works) but when connect the phones to the kamailio the led in phones does not work! ther's some info missing or what? Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Presence module with external MWI
umm that sounds interesting: i have in my cfg file presence
configured, and also configure asterisk realtime, and my led in
phones does not get on and only works if i setup the phones only with
asterisk!
here my configuration:
route[PRESENCE] {
if(!is_method("PUBLISH|SUBSCRIBE")) {
xlog("[$Tf] presence rule: not forwarding sub/pub requests??\n");
return;
}
if(is_method("SUBSCRIBE") && $hdr(Event)=="message-summary") {
route(TOVOICEMAIL);
# returns here if no voicemail server is configured
sl_send_reply("404", "No voicemail service");
xlog("[$Tf] presence rule: not forwarding voicemail requests??\n");
exit;
}
#!ifdef WITH_PRESENCE
if (!t_newtran()) {
sl_reply_error();
xlog("[$Tf] presence rule: error??\n");
exit;
}
if(is_method("PUBLISH")) {
handle_publish();
t_release();
} else if(is_method("SUBSCRIBE")) {
handle_subscribe();
t_release();
}
exit;
#!endif
# if presence enabled, this part will not be executed
if (is_method("PUBLISH") || $rU==$null) {
sl_send_reply("404", "Not here");
xlog("[$Tf] presence rule: nothere publish requests??\n");
exit;
}
return;
}
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
El lun., 18 de feb. de 2019 a la(s) 17:48, Charles Chance
(charles.cha...@sipcentric.com) escribió:
>
> Hi Trevor,
>
> Typically, your voicemail server would send a publish to Kamailio, which
> would then notify each of the watchers.
>
> A call to handle_publish() should be all that’s required.
>
> https://www.kamailio.org/docs/modules/stable/modules/presence.html#presence.f.handle_publish
>
> Cheers,
>
> Charles
>
> On Mon, 18 Feb 2019 at 21:07, Trevor Peirce
> wrote:
>>
>> Hello,
>>
>> Looking for pointers as to what I'm missing here.
>>
>> I'm using the presence module to allow UAs to subscribe to
>> message-summary events. I can see the entries appearing in the
>> active_watchers table and I see subscription renewals increment the cseq
>> columns so I'm satisfied this part is working well.
>>
>> I'm having trouble finding out how to tell Kamailio about a change to
>> the message-summary so that it can notify the watchers.
>>
>> The pua module seems to provide a way but it doesn't seem to work with
>> the subscriptions set up by the presence module. The presence module
>> itself does not seem to offer any RPCs capable of doing this.
>>
>> Appreciate any pointers!
>>
>> Thanks,
>>
>> --
>> Trevor Peirce
>> AcroVoice Solutions Inc
>>
>>
>> ___
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Charles Chance
> Managing Director
>
> t. 0330 120 1200m. 07932 063 891
>
> Sipcentric Ltd. Company registered in England & Wales no. 7365592. Registered
> office: Faraday Wharf, Innovation Birmingham Campus, Holt Street, Birmingham
> Science Park, Birmingham B7 4BB.
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] how to see banned address after rule it
El lun., 18 de feb. de 2019 a la(s) 15:36, Daniel-Constantin Mierla
(mico...@gmail.com) escribió:
>
> It is not very clear what you look for .. you don't know where the log
> messages are written? Or you want to see the list of ip addresses from pike
> module?
Fred said: "You could always grep the log" that actually i do, but i
do not how to made the other methods/ways:
> "use RPC to check the HTABLE parameter, or
cron something that runs kamcmd htable.dump ipban (or whatever)... You
could also use rtimer and output the htable as well."
How can i made those ways?
>
> Cheers,
> Daniel
>
> On 18.02.19 20:01, PICCORO McKAY Lenz wrote:
>
> i configure rules for routing banned ip and i want to see where i can autdit
> this issues.. i mean where i can automatically define a cron setup that grep
> those logs definitios.. where are loggin those all?
>
> my rules are:
>
> define at begining of kamailio.cfg "#!WITH_ANTIFLOOD", later add:
>
> #!ifdef WITH_ANTIFLOOD
> loadmodule "htable.so"
> loadmodule "pike.so"
>
> modparam("pike", "sampling_time_unit", 2)
> modparam("pike", "reqs_density_per_unit", 16)
> modparam("pike", "remove_latency", 4)
> modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
> #!endif
>
> later routing definitions:
>
> route[REQINIT] {
>if(src_ip!=myself) {
> if($sht(ipban=>$si)!=$null) {
> xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
> exit;
> }
> if (!pike_check_req()) {
> xlog("L_ALERT","ALERT: pike blocking $rm from $fu
> (IP:$si:$sp)\n");
> $sht(ipban=>$si) = 1;
> exit;
> }
> }
> if($ua =~ "friendly-scanner|sipcli|VaxSIPUserAgent") {
> xlog("L_ALERT","ALERT: friendly canings from $fu (IP:$si:$sp)\n");
> exit;
> }
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> exit;
> }
> if(is_method("OPTIONS") && uri==myself && $rU==$null) {
> sl_send_reply("200","Keepalive");
> exit;
> }
> if(!sanity_check("1511", "7")) {
> xlog("Malformed SIP message from $si:$sp\n");
> exit;
> }
> }
>
> Lenz McKAY Gerardo (PICCORO)
> http://qgqlochekone.blogspot.com
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Daniel-Constantin Mierla -- www.asipto.com
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Kamailio World Conference - May 6-8, 2019 -- www.kamailioworld.com
> Kamailio Advanced Training - Mar 4-6, 2019 in Berlin; Mar 25-27, 2019, in
> Washington, DC, USA -- www.asipto.com
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[SR-Users] how to see banned address after rule it
i configure rules for routing banned ip and i want to see where i can
autdit this issues.. i mean where i can automatically define a cron setup
that grep those logs definitios.. where are loggin those all?
my rules are:
define at begining of kamailio.cfg "#!WITH_ANTIFLOOD", later add:
#!ifdef WITH_ANTIFLOOD
loadmodule "htable.so"
loadmodule "pike.so"
modparam("pike", "sampling_time_unit", 2)
modparam("pike", "reqs_density_per_unit", 16)
modparam("pike", "remove_latency", 4)
modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
#!endif
later routing definitions:
route[REQINIT] {
if(src_ip!=myself) {
if($sht(ipban=>$si)!=$null) {
xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
exit;
}
if (!pike_check_req()) {
xlog("L_ALERT","ALERT: pike blocking $rm from $fu
(IP:$si:$sp)\n");
$sht(ipban=>$si) = 1;
exit;
}
}
if($ua =~ "friendly-scanner|sipcli|VaxSIPUserAgent") {
xlog("L_ALERT","ALERT: friendly canings from $fu
(IP:$si:$sp)\n");
exit;
}
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
}
if(is_method("OPTIONS") && uri==myself && $rU==$null) {
sl_send_reply("200","Keepalive");
exit;
}
if(!sanity_check("1511", "7")) {
xlog("Malformed SIP message from $si:$sp\n");
exit;
}
}
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
