[Asterisk-Users] Ser and Asterisk together
Barry Flanagan
barryf-lists at flanagan.ie
Thu Apr 22 04:46:12 MST 2004
I am finally making some progress on this.
I now have SER passing off PSTN calls to * OK. Calls are being
connected, however, I don't hear anything on the SIP end, and asterisk
gives the following error:
WARNING[9226]: chan_sip.c:457 __sip_xmit: sip_xmit of 0x80e2dec (len
642) to 212.17.32.215 returned -1: Operation not permitted
Below is the context of this. I am using nathelper on SER, but I am not
at all confident of my config file (it being a patchwork of bits from
different examples. I attach my SER conf at the end of this message.
Should * be talking directly with the SIP UA, or should it be talking to
SER?
Any help would be appreciated! Even better would be a sample ser.cfg
which supports nathelper and using * for VM and PSTN!!
to 212.17.32.215:3568
Apr 22 12:31:38 WARNING[9226]: chan_sip.c:457 __sip_xmit: sip_xmit of
0x80e2dec (len 642) to 212.17.32.215 returned -1: Operation not
permitted
Retransmitting #2 (no NAT):
INVITE sip:8004 at 212.17.32.215:3568 SIP/2.0
Via: SIP/2.0/UDP 212.17.35.184:5060;branch=z9hG4bK4c8263f2
From: <sip:00353863854334 at voip.edo.ie;user=phone>;tag=as4e38a4ab
To: "Ray Naughton"
<sip:8004 at voip.edo.ie;user=phone>;tag=e64bcbbe63564744
Contact: <sip:00353863854334 at 212.17.35.184>
Call-ID: a1ef53731b3ab444 at 212.17.32.215
CSeq: 103 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
Content-Type: application/sdp
Content-Length: 164
v=0
o=root 21443 21445 IN IP4 213.137.65.251
s=session
c=IN IP4 213.137.65.251
t=0 0
m=audio 16670 RTP/AVP 0
a=rtpmap:0 PCMU/8000
a=silenceSupp:off - - - -
to 212.17.32.215:3568
Apr 22 12:31:39 WARNING[9226]: chan_sip.c:457 __sip_xmit: sip_xmit of
0x80e2dec (len 642) to 212.17.32.215 returned -1: Operation not
permitted
zeppelin*CLI>
===== ser.cfg ====
#
# $Id: ser.cfg,v 1.21 2003/06/04 13:47:36 jiri Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd)
fork=no
log_stderror=yes # (cmd line: -E)
listen=213.159.144.8
#listen=127.0.0.1
# hostname matching an alias will satisfy the condition uri==myself".
alias=voip.edo.ie
alias=avmx.edo.ie
# Uncomment these lines to enter debugging mode
/*
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
alias=voip.edo.ie avmx.edo.ie localhost
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# load the voicemail module
#loadmodule "/usr/local/lib/ser/modules/vm.so"
# load the enum module
loadmodule "/usr/local/lib/ser/modules/enum.so"
# load the group module, to verify if a user forwards to voicemail
loadmodule "/usr/local/lib/ser/modules/group.so"
# load the nathelper module
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
# ----------------- setting module-specific parameters ---------------
# -- registrar parameter
# special NAT flag indicates that a registered client is behind NAT
modparam("registrar", "nat_flag", 6)
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
#modparam("usrloc", "db_url", "mysql://ser:heslo@localhost/ser")
modparam("usrloc|auth_db|acc|group|msilo|uri","db_url","mysql://ser:heslo@localhost/ser")
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")
#modparam("auth_db", "db_url", "mysql://ser:heslo@localhost/ser")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# -- voicemail params --
#modparam("voicemail", "db_url","mysql://ser:heslo@localhost/ser")
# -- voicemail params --
#modparam("group", "db_url","mysql://serro:heslo@localhost/ser")
# -- nathelper params --
modparam("nathelper", "natping_interval", 60)
modparam("nathelper", "ping_nated_only", 1)
modparam("tm", "fr_inv_timer", 30 )
#modparam("tm", "fr_inv_timer", 8 )
# ------------------------- request routing logic -------------------
# main routing logic
route{
log(1, "-------------------------------------------\n");
log(1, "entering main loop\n");
if (nat_uac_test("2")) {
log(1, "src address different than via header->NAT detected\n");
log(1, "force_rport and fix_nated_contact and setflag(5)\n");
#try NAT traversal, works only if the client is symmetrical
force_rport();
fix_nated_contact();
append_hf("P-hint: fixed NAT contact for request\r\n");
# flag 5 indicates that incoming request is from NATed client
setflag(5);
};
if (method=="REGISTER")
log(1, "REGISTER message received\n");
if (method=="INVITE")
log(1, "INVITE message received\n");
if (method=="ACK")
log(1, "ACK message received\n");
if (method=="BYE")
log(1, "BYE message received\n");
if (method=="CANCEL")
log(1, "CANCEL message received\n");
if (method=="SUBSCRIBE")
log(1, "SUBSCRIBE message received\n");
if (method=="NOTIFY")
log(1, "NOTIFY message received\n");
if (method=="OPTIONS")
log(1, "OPTIONS message received\n");
if (method=="INFO")
log(1, "INFO message received\n");
if (method=="MESSAGE")
log(1, "MESSAGE message received\n");
if (method=="REFER")
log(1, "REFER message received\n");
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len > max_len) {
#if (len_gt( max_len )) {
sl_send_reply("513", "Message too big");
break;
};
# loose-route processing
if (loose_route()) {
log(1, "loose_route processing\n");
t_relay();
break;
};
# create transaction state; abort if error occured
# if ( !t_newtran()) {
# sl_reply_error();
# break;
# };
#new
# now check if it's about PSTN destinations through our gateway;
# note that 8.... is exempted for numerical non-gw destinations
if (uri=~"sip:\+?[0-79][0-9]*@.*") {
route(3);
break;
};
#
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
log(1, "analyzing REGISTER request\n");
# Uncomment this if you want to use digest authentication
if (!www_authorize("voip.edo.ie", "subscriber")) {
www_challenge("voip.edo.ie", "0");
break;
};
if (isflagset(5)) {
#register from nated client, save nat_flag=6
#in location table
setflag(6);
};
if (!save("location")) {
log(1, "save location error\n");
sl_reply_error();
};
break;
};
lookup("aliases");
#mark transaction for voicemail
if (is_user_in("Request-URI", "voicemail\n")) {
log(1, "requested user is in voicemail group");
setflag(4);
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
# handle user which was not found
log(1, "requested user not found\n");
route(4);
break;
};
};
#add failure route which should be performed if response code >=300
if (method=="INVITE" && isflagset(4)) {
log(1, "invite for voicemail user->initiate failureroute[1]\n");
t_on_failure("1");
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
route(1);
}
route[1]{
log(1, "-------------------------------------------\n");
log(1, "entering route[1] - relaying SIP message\n");
if ((isflagset(5)) || (isflagset(6))) {
log(1, "at least one of the participants is NATed->record_route\n");
record_route();
log(1, " -->setting up reply processing ->onreply_route[1]");
t_on_reply("1");
if (method=="INVITE") {
log(1, " INVITE request-->force_rtp_proxy, set NATED-INVITE flag(7)");
force_rtp_proxy();
append_hf("P-hint: request forced to rtp proxy\r\n");
setflag(7);
};
};
log(1, "relaying message ...\n");
if (!t_relay()) {
log(1, "t_relay error occured\n");
sl_reply_error();
};
}
# all incoming replies for t_onrepli-ed transactions enter here
onreply_route[1] {
log(1, "-------------------------------------------\n");
log(1, "onreply_route[1] entered\n");
if (isflagset(6)) {
log(1, "transaction was sent to a NATED client -> fix nated contact\n");
fix_nated_contact();
append_hf("P-hint: fixed NAT contact for response\r\n");
}
if ( (status=~"100") ) {
log(1, "status 100 received\n");
};
if ( (status=~"180") ) {
log(1, "status 180 received\n");
};
if ( (status=~"202") ) {
log(1, "status 202 received\n");
};
if ( (status=~"200" || status=~"183") ) {
log(1, "status 2xx or 183");
if ( isflagset(7) ) {
log(1, "marked(7) as NATED-INVITE -> force_rtp_proxy \n");
force_rtp_proxy();
append_hf("P-hint: response forced to rtp proxy\r\n");
};
};
}
#new
# logic for calls to the PSTN
route[3] {
# turn accounting on
setflag(1);
/* require all who call PSTN to be members of the "int" group;
apply ACLs only to INVITEs -- we don't need to protect other requests, as they
don't imply charges; also it could cause troubles when a call comes in via PSTN
and goes to a party that can't authenticate (voicemail, other domain) -- BYEs would
fail then; exempt Cisco gateway from authentication by IP address -- it does not
support digest
*/
if (method=="INVITE" && (!src_ip==212.17.35.184)) {
if (!proxy_authorize( "voip.edo.ie" /* realm */,
"subscriber" /* table name */)) {
proxy_challenge( "voip.edo.ie" /* realm */, "0" /* no qop */ );
break;
};
# let's check from=id ... avoids accounting confusion
if(!is_user_in("credentials", "int")) {
sl_send_reply("403", "NO PSTN Privileges...");
break;
};
consume_credentials();
}; # INVITE to authorized PSTN
# if you have passed through all the checks, let your call go to GW!
force_rtp_proxy();
record_route();
t_on_reply("1");
# snom conditioner
if (method=="INVITE" && search("User-Agent: snom")) {
replace("100rel, ", "");
};
append_hf("P-hint: GATEWAY\r\n");
# use UDP to guarantee well-known sender port (TCP ephemeral)
t_relay_to_udp("212.17.35.184","5060");
}
route[4]{
log(1, "-------------------------------------------\n");
log(1, "entering route[4] = requested user not online\n");
# non-Voip -- just send "off-line"
if (!(method == "INVITE" || method == "ACK" || method == "CANCEL" || method == "REFER" || method == "BYE")) {
log(1, "no invite,ack,cancel,refer->return 404\n");
sl_send_reply("404", "Not Found");
break;
};
# not voicemail subscriber and no echo/conference call
if ( isflagset(4)) {
log(1, "flag(4) active\n");
};
if (uri =~ "conference") {
log(1, "conference call\n");
};
if (uri =~ "echo") {
log(1, "echo call\n");
};
if ( !( isflagset(4) || (uri =~ "conference") || (uri =~ "echo") ) ) {
log(1, "no voicemail subscriber->return 404");
sl_send_reply("404", "Not Found and no voicemail turned on");
break;
};
if ( isflagset(5) ) {
log(1, "caller is NATed->record_route\n");
record_route();
log(1, " -->setting up reply processing ->onreply_route[1]");
t_on_reply("1");
if (method=="INVITE") {
log(1, " INVITE request-->force_rtp_proxy");
force_rtp_proxy();
};
};
# forward to voicemail now
rewritehostport("212.17.35.184:5060");
log(1, "forward to voicemail\n");
t_relay_to_udp("212.17.35.184", "5060");
}
failure_route[1] {
/* XX: note: unsafe if preloaded routes without username used */
log(1, "-------------------------------------------\n");
log(1, "failureroute[1] entered\");
revert_uri();
rewritehostport("212.17.35.184:5060");
append_branch();
t_relay_to_udp("212.17.35.184", "5060");
}
--
-Barry Flanagan
More information about the asterisk-users
mailing list