Hi
I am migrating OpenSER v1.0.9 to v1.1.0 using the config file I send
below that works perfect in 1.0.9 and I modified to run in 1.1.x ,
I´ve just needed to change naming schema in parameter given to
exported functions of avpops module to run without errors in this new
version but when running can´t see basic logs and can´t register any
client even if I install DB schema and create subscriber using its
openserctl , ngrep just show me a 'forbidden' message but dont know
why, please someone send me some advice.
thanks
rafael
# ----------------- global configuration parameters --------------------
debug=4
fork=yes
log_stderror=yes
listen=192.168.2.136 # OPENSER IP ADDRESS HERE
port=5060
# Hostname matching an alias will satisfy the condition uri==myself".
# alias=mydomain.com.pe:5060
# alias=mydomain.com.pe
alias=192.168.2.136:5060
alias=192.168.2.136
check_via=yes # (cmd. line: -v)
children=4
dns=no
rev_dns=no
fifo="/tmp/openser_fifo"
# fifo="FIFO"
fifo_mode=0666 # Fifo permissions can be changes from here.
fifo_db_url="mysql://dbuser:[EMAIL PROTECTED]/openser"
# -----------------------------------------------------------------------
loadmodule "/usr/local/lib/openser/modules/mysql.so"
loadmodule "/usr/local/lib/openser/modules/sl.so"
loadmodule "/usr/local/lib/openser/modules/tm.so"
loadmodule "/usr/local/lib/openser/modules/rr.so"
loadmodule "/usr/local/lib/openser/modules/maxfwd.so"
loadmodule "/usr/local/lib/openser/modules/usrloc.so"
loadmodule "/usr/local/lib/openser/modules/registrar.so"
loadmodule "/usr/local/lib/openser/modules/group.so"
loadmodule "/usr/local/lib/openser/modules/auth.so"
loadmodule "/usr/local/lib/openser/modules/auth_db.so"
loadmodule "/usr/local/lib/openser/modules/uri.so"
loadmodule "/usr/local/lib/openser/modules/uri_db.so"
## loadmodule "/usr/local/lib/openser/modules/mediaproxy.so"
loadmodule "/usr/local/lib/openser/modules/nathelper.so"
loadmodule "/usr/local/lib/openser/modules/textops.so"
loadmodule "/usr/local/lib/openser/modules/avpops.so"
loadmodule "/usr/local/lib/openser/modules/domain.so"
loadmodule "/usr/local/lib/openser/modules/permissions.so"
loadmodule "/usr/local/lib/openser/modules/acc.so"
loadmodule "/usr/local/lib/openser/modules/uac_redirect.so"
loadmodule "/usr/local/lib/openser/modules/diversion.so"
# -----------------------------------------------------------------------
modparam("auth_db|permissions|group|uri_db|usrloc", "db_url",
"mysql://dbuser:[EMAIL PROTECTED]/openser")
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock")
modparam("usrloc", "db_mode", 2)
modparam("registrar", "nat_flag", 6)
modparam("rr", "enable_full_lr", 1)
modparam("tm", "fr_inv_timer", 27)
modparam("permissions", "db_mode", 1)
modparam("permissions", "trusted_table", "trusted")
modparam("avpops", "avp_url",
"mysql://dbuser:[EMAIL PROTECTED]/openser")
modparam("avpops", "avp_table", "usr_preferences")
# ------------- Mysql Accounting parameters
modparam("acc", "log_flag", 1)
modparam("acc", "log_level", 2)
modparam("acc", "db_flag", 1)
modparam("acc", "db_missed_flag", 3)
modparam("acc", "log_missed_flag", 3)
modparam("acc", "db_url", "mysql://dbuser:[EMAIL PROTECTED]/openser")
modparam("acc", "report_ack", 0) # 1 reporta dos starts en acc (para
INVITE y ACK)
modparam("acc", "log_fmt", "miocfsputdr")
modparam("acc", "detect_direction", 1) # only in 1.1.x or cvs
modparam("acc", "multi_leg_enabled", 1)
modparam("acc", "src_leg_avp_id", 110)
modparam("acc", "dst_leg_avp_id", 111)
# ------------- Domain parameters
modparam("usrloc", "use_domain", 1)
modparam("auth_db", "use_domain", 1)
modparam("registrar", "use_domain", 1)
modparam("domain", "db_mode", 1)
modparam("domain", "domain_table", "domain")
modparam("domain", "domain_col", "domain")
# -------------------------------------------------------------------------
route {
# log(1, "-------------------------------------------------------\n");
# log(1, "entering main loop\n");
## populate the avps (for Multi call leg accounting):
if (!method=="REGISTER" && !method=="NOTIFY") {
avp_write("$from/username", "$avp(i:110)");
avp_write("$ruri/username", "$avp(i:111)");
};
# set flag for Missed calls for Accounting:
if (!method=="OPTIONS") setflag(3);
if (method=="INVITE") {
log(1, " INVITE MESSAGE RECEIVED - START ACC\n");
};
if (method=="BYE") {
log (1, " BYE MESSAGE RECEIVED - STOP ACCOUNTING\n");
};
if (method=="CANCEL") {
log (1, " CANCEL MESSAGE RECEIVED - STOP ACCOUNTING\n");
};
if (method=="OPTIONS") {
log(1, " OPTIONS MESSAGE RECEIVED\n");
return; #Do Nothing for 'Options'
};
# -----------------------------------------------------------------
# Sanity Check Section
# -----------------------------------------------------------------
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483", "Too Many Hops");
return;
};
if (msg:len > max_len) {
sl_send_reply("513", "Message Overflow");
return;
};
# -----------------------------------------------------------------
# Handle NOTIFY requests from Sipura's to keep-alive NAT
# -----------------------------------------------------------------
if ((is_method("NOTIFY")) && (! uri=~"sip:[EMAIL PROTECTED]")) {
sl_send_reply("200", "OK keep-alive");
log(1, " OK keep-alive\n");
return;
};
# -----------------------------------------------------------------
# Only allow known sip messages
# -----------------------------------------------------------------
if (!is_method("INVITE|REGISTER|BYE|NOTIFY|ACK|CANCEL|REFER|SUBSCRIBE"))
{
sl_send_reply("501", "Not implemented here");
log(1, " 501 - Not implemented here\n");
return;
};
# -----------------------------------------------------------------
# SUBSCRIBE cleanup
# -----------------------------------------------------------------
if (is_method("SUBSCRIBE")) {
replace(" talk", "talk");
};
# -----------------------------------------------------------------
# Record Route Section
# -----------------------------------------------------------------
if (method=="INVITE" && nat_uac_test("19")) {
# OPENSER IP ADDRESS OR DOMAIN HERE:
record_route_preset("192.168.2.136:5060;nat=yes");
setflag(1); ## Set Flag 1 for Acc: test from this location!!
} else if (method!="REGISTER") {
record_route();
};
# -----------------------------------------------------------------
# Call Tear Down Section
# -----------------------------------------------------------------
if (method=="BYE" || method=="REFER" || method=="CANCEL") {
unforce_rtp_proxy();
setflag(1); ### Set Flag 1 for Acounting
};
# -----------------------------------------------------------------
# Loose Route Section
# -----------------------------------------------------------------
if (loose_route()) {
if (has_totag() && (method=="INVITE" || method=="ACK")) {
if (nat_uac_test("19")) {
setflag(7);
force_rport();
fix_nated_contact();
};
force_rtp_proxy("l");
};
route(1);
return;
};
# -----------------------------------------------------------------
# Call Type Processing Section
# -----------------------------------------------------------------
if (!is_uri_host_local()) {
if (is_from_local() || allow_trusted()) {
route(4);
route(1);
} else {
sl_send_reply("403", "Forbidden");
};
return;
};
if (method=="CANCEL") {
route(1);
return;
} else if (method=="INVITE") {
setflag(1); # Set Flag for Acounting
route(3);
return;
} else if (method=="REGISTER") {
route(2);
return;
};
lookup("aliases");
if (uri!=myself) {
route(4);
route(1);
return;
};
if (!lookup("location") && !method=="ACK") {
if (does_uri_exist()) {
log(1, " uri_exist but its Temporarily
Unavailable 1 \n");
route(7); # To Voicemail
return;
} else {
log(1, " unable to locate user - User
Not Exist 1 \n");
sl_send_reply("404", "User Not Exist");
acc_db_request("404 User Not Exist", "missed_calls");
return;
};
};
route(1);
}
route[1] {
# -----------------------------------------------------------------
# Default Message Handler
# -----------------------------------------------------------------
t_on_reply("1");
if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
unforce_rtp_proxy();
};
sl_reply_error();
};
}
route[2] {
# -----------------------------------------------------------------
# REGISTER Message Handler
# -----------------------------------------------------------------
sl_send_reply("100", "Trying");
if (is_user_in("from", "desactivado")) {
sl_send_reply("402", "desactivada temporalmente");
log(1," Cta. desactivada temporalmente \n");
return;
};
if (!search("^Contact:[ ]*\*") && nat_uac_test("19")) {
setflag(6);
fix_nated_register();
force_rport();
};
if (!www_authorize("","subscriber")) {
log(1," Fails to Register \n");
www_challenge("","0");
return;
};
if (!check_to()) {
log(1," Unauthorized registration attempt \n");
sl_send_reply("401", "Unauthorized");
return;
};
consume_credentials();
log(1," Registered! \n");
if (!save("location")) {
sl_reply_error();
};
}
route[3] {
# -----------------------------------------------------------------
# INVITE Message Handler
# -----------------------------------------------------------------
log(1," route[3]---> INVITE Message Handler \n");
if ( allow_trusted() ) log(1, " Call from pstn or *pbx, no
authentication is required. \n");
if (!allow_trusted()) {
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","0");
return;
} else if (!check_from()) {
sl_send_reply("403", "Use From=ID");
log(1, " Sorry, only registered users
are allowed \n");
return;
};
consume_credentials();
};
append_rpid_hf();
# some digits rules here....
lookup("aliases");
if (!is_uri_host_local()) {
route(4);
route(1);
return;
};
if (nat_uac_test("19")) {
setflag(7);
force_rport();
};
# -----------------------------------------------------------------
# to PSTN Routes!!!
# -----------------------------------------------------------------
route(6); # To PSTN & LDI Routes block!!!
# -----------------------------------------------------------------
if ( is_uri_host_local() ) {
# (Is he in the voicemail group?) -- determine it now
and store it in
# flag 4, before we rewrite the flag using UsrLoc:
if (is_user_in("Request-URI", "voicemail")) {
log(1, " requested user is in voicemail
group \n");
setflag(4);
};
# if user is on-line and is in Voicemail group, enable
redirection
# Pendiente: # ver como meter voicemail al avp junto a
las otras funciones...
if (method == "INVITE" && isflagset(4)) {
log(1, " invite for voicemail
user->initiate failureroute[1]\n");
t_on_failure("1");
};
# flag 22 determines if we need to call the
append_branch() for Blind CallFwd.
if (avp_db_load("$ruri/username", "$avp(s:callfwd)")) {
setflag(22);
avp_pushto("$ruri", "$avp(s:callfwd)");
route(6);
return;
};
# native SIP destinations are handled using our USRLOC DB:
if (!lookup("location") ) {
if (does_uri_exist()) {
log(1," uri_exist but its
Temporarily Unavailable 2 \n");
route(7); # To Voicemail
return;
} else {
log(1," Unable to locate
xcompany user - User Not Exist 2X \n");
prefix("iu"); ## in asterisk: iu:
exten => _iu1780XXXX,1,Playback(invalid,noanswer)
acc_db_request("404 User Invalid",
"missed_calls");
rewritehostport("192.168.2.131:5070");
t_relay();
return;
};
};
# t_on_failure() informs SER that we want to perform
special handling when a failure condition occurs.
# Failure conditions in this context refer to 4xx and
5xx response codes.
# By setting t_on_failure(1) before calling t_relay(),
oSER will pass control to the failure_route[1]
t_on_failure("1");
route(4);
route(1);
};
}
route[4] {
# -----------------------------------------------------------------
# NAT Traversal Section
# -----------------------------------------------------------------
### First check and resetflags if UAS are behind the same NAT
system: ###
if (isflagset(6) && isflagset(7)){
log(2, " Both Clients are behind NAT");
# Store the destination domain into an AVP
avp_printf("$avp(i:450)", "$dd");
if (avp_check("$avp(i:450)", "eq/$src_ip/g")){
log(3, " Detected Two Clients Behind the
Same NAT - Disabling Mediaproxy");
# Do not use media-proxy as the clients seem
to be behind the same NAT
resetflag(6);
resetflag(7);
};
};
if (isflagset(6) || isflagset(7)) {
if (!isflagset(8)) {
setflag(8);
force_rport();
fix_nated_contact();
force_rtp_proxy();
};
};
}
route[5] {
# -----------------------------------------------------------------
# ILD - PSTN Handler
# -----------------------------------------------------------------
# Forward international calls to Asterisk (a SIP LDI Providers):
if(uri=~"^sip:011"){
log(1, " 011N match - Larga Distancia Internacional a USA \n");
if (!is_user_in("from", "ldiusa")) {
log(1," No permission for international
calls to USA \n");
sl_send_reply("403", "No permission for
international calls to USA");
acc_db_request("403 Forbidden", "missed_calls");
return;
};
strip(2);
};
if(uri=~"^sip:011"){
log(1," 011N match - Larga Distancia Internacional \n");
if (!is_user_in("from", "ldix")) {
log(1, " No permission for
international calls \n");
sl_send_reply("403", "No permission
for international calls");
acc_db_request("403 Forbidden", "missed_calls");
return;
};
};
rewritehostport("192.168.2.137:5070"); # Asterisk or PSTN
GATEWAY IP ADDRESS
t_on_failure("1");
route(4);
route(1);
}
route[6] {
# ----------------- Free Calls -------------------
# To Info numbers 102, 104, 123 y 080011236
if(uri=~"^sip:102@" || uri=~"^sip:104@" ||
uri=~"^sip:123@" || uri=~"^sip:0800123456@"){
log(1," To CallCenter xcompany!! \n");
rewriteuri("sip:[EMAIL PROTECTED]");
rewritehostport("callcenter.mydomain.com.pe:5060");
route(4);
route(1);
return;
};
if (is_user_in("from", "restringido")) {
sl_send_reply("402", "Restriccion temporal");
log(1," 402 - Restriccion temporal \n");
acc_db_request("402 Restricted", "missed_calls");
return;
};
lookup("aliases");
if (!is_uri_host_local()) {
if (!isflagset(22)) {
append_branch();
};
route(4);
route(1);
return;
};
# -------------------------- Seccion de Rutas a LDI
----------------------------------------
# Forward international calls to Asterisk (To SIP LDI Providers):
if (uri=~"^sip:011[0-9]*@" && !uri=~"^sip:01152*@") {
route(5);
return;
};
if( uri=~"^sip:[2-8][0-9]{6}@" || uri=~"^sip:1[2-8][0-9]{6}@"
|| uri=~"^sip:01[2-8][0-9]{6}@" ) {
log(1, " A Fijos Mexico PSTN \n");
if (uri=~"^sip:01[2-8][0-9][0-9][0-9][0-9][0-9][0-9]@") {
strip(1);
};
if (uri=~"^sip:[2-8][0-9][0-9][0-9][0-9][0-9][0-9]@") {
prefix("1");
};
if (!is_user_in("from", "fijomexico")) {
sl_send_reply("403", "No permission for local
fixed calls");
log(1, " 403 - No permission for local
fixed calls \n");
acc_db_request("403 Forbidden", "missed_calls");
return;
};
rewritehostport("192.168.2.137:5070");
prefix("52");
route(4);
route(1);
return;
};
# no existe? (debe ir al final siempre)
if ( uri=~"^sip:[0-9]" && !does_uri_exist() ) {
log(1, " Unable to locate route for this dnid -
User Not Exist 3X \n");
prefix("mc");
acc_db_request("404 Number Invalid or Incomplete",
"missed_calls");
rewritehostport("192.168.2.131:5070");
t_relay();
return;
};
}
route[7] {
# ---------------------- Handling of Unavailable user
----------------------
# non-Voip -- just send "off-line"
if (!(method=="INVITE" || method=="ACK" || method=="CANCEL" ||
method=="BYE" || method=="OPTIONS")) {
sl_send_reply("404", "Not Found");
acc_db_request("404 Not Found", "missed_calls");
log(1, " 404 Not Found & non-Voip -- just send
off-line \n");
return;
};
# Not voicemail subscriber:
if (!isflagset(4) && !method=="OPTIONS" && !method=="ACK" &&
!method=="BYE" && !method=="CANCEL") {
#sl_send_reply("404", "Not Found and no VMail turned on");
acc_db_request("480 Temporarily Unavailable", "missed_calls");
# A locucion (Usuario temporalmente fuera de servicio
'ss-noservice');
log(1, " 404 Not Found and no voicemail \n");
prefix("fu"); ## su: exten =>
_su1780XXXX,1,Playback(ss-noservice,noanswer)
rewritehostport("192.168.2.131:5070");
t_relay();
return;
};
# forward to voicemail adding prefix to simplify asterisk
"extension.conf" ::
if (isflagset(4) && !method=="OPTIONS" && !method=="ACK" &&
!method=="BYE" && !method=="CANCEL") {
prefix("vm");
acc_db_request("480 Temporarily Unavailable -> Vm",
"missed_calls");
rewritehostport ("192.168.2.131:5070");
t_relay();
return;
};
}
#
--------------------------------------------------------------------------
onreply_route[1] {
if ((isflagset(6) || isflagset(7)) &&
(status=~"(180)|(183)|2[0-9][0-9]")) {
if (!search("^Content-Length:[ ]*0")) {
force_rtp_proxy();
};
};
if (nat_uac_test("1")) {
fix_nated_contact();
};
}
failure_route[1] {
if (t_check_status("487")) {
return;
};
if (t_check_status("486")){
prefix("vmb");
acc_db_request("486 Busy -> Vm", "missed_calls");
rewritehostport ("192.168.2.131:5070");
append_branch();
t_relay();
return;
};
if (t_check_status("408")){
prefix("vmu");
acc_db_request("408 Timeout -> Vm", "missed_calls");
rewritehostport ("192.168.2.131:5070");
append_branch();
t_relay();
return;
};
unforce_rtp_proxy();
}
failure_route[2] {
# handle 302 redirects
if (t_check_status("3[0-9][0-9]")) {
get_redirects("*");
t_relay();
};
}
### The End ###
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
