[OpenSIPS-Users] RTPProxy to link two networks

Jeryes . jeryes at voicetechnology.com.br
Fri Oct 18 15:52:34 CEST 2013


Hi Michele!

Is your rtpproxy running on bridge mode?
 Em 18/10/2013 10:02, "Michele Pinassi" <michele.pinassi at unisi.it> escreveu:

> Hi all,
>
> i have Opensips on a server with two interfaces, PUBLIC and PRIVATE
> (172.20.x.x).
>
> This is my opensips.cfg:
>
> ####### Routing Logic ########
> route {
>     force_rport();
>
>     if (is_method("INVITE")) {
>         if (!get_source_group("$var(group)") ) {
>             $var(group) = 3; /* Default value */
>         }
>
>         # User group:
>         # 1 = Internal VoIP subnet 172.20
>         # 2 = External VoIP subnet but inside Unisi context 172.16 | 10.0.0
>         # 3 = Outside/foreign (not allowed)
>
>         xlog("L_INFO", "User group is $var(group)
> [$fd/$fu/$rd/$ru/$si]\n");
>
>             if ($var(group) == 2) { # Outside VoIP LAN
>         if (is_method("REGISTER")) {
>                 fix_nated_register();
>             setbflag(NAT);
>         } else {
>             fix_nated_contact();
>             setflag(NAT);
>         }
>         }
>     }
>
>     if (!mf_process_maxfwd_header("10")) {
>         sl_send_reply("483","Too Many Hops");
>         exit;
>     }
>
>     # Verifica che l'IP provenga da una rete abilitata (address table)
>     if (!check_address("0","$si","$sp","$proto")) {
>         xlog("L_INFO","IP $si Forbidden");
>         sl_send_reply("403", "Forbidden");
>     }
>
>     if (has_totag()) {
>         # sequential request withing a dialog should
>         # take the path determined by record-routing
>         if (loose_route()) {
>
>             # validate the sequential request against dialog
>             if ( $DLG_status!=NULL && !validate_dialog() ) {
>                 xlog("In-Dialog $rm from $si (callid=$ci) is not valid
> according to dialog\n");
>                 ## exit;
>             }
>
>             if (is_method("BYE")) {
>                 setflag(ACC_DO); # do accounting ...
>                 setflag(ACC_FAILED); # ... even if the transaction fails
>             } else if (is_method("INVITE")) {
>                 # even if in most of the cases is useless, do RR for
>                 # re-INVITEs alos, as some buggy clients do change route
> set
>                 # during the dialog.
>                 record_route();
>             }
>
>             if (check_route_param("nat=yes"))
>                 setflag(NAT);
>
>             # route it out to whatever destination was set by loose_route()
>             # in $du (destination URI).
>             route(relay);
>         } else {
>             if (is_method("SUBSCRIBE") && $rd == "127.0.0.1:5060") { #
> CUSTOMIZE ME
>                 # in-dialog subscribe requests
>                 route(handle_presence);
>                 exit;
>             }
>             if ( is_method("ACK") ) {
>                 if ( t_check_trans() ) {
>                     # non loose-route, but stateful ACK; must be an ACK
> after
>                     # a 487 or e.g. 404 from upstream server
>                     t_relay();
>                     exit;
>                 } else {
>                     # ACK without matching transaction ->
>                     # ignore and discard
>                     exit;
>                 }
>             }
>             sl_send_reply("404","Not here");
>         }
>         exit;
>     }
>
>     # CANCEL processing
>     if (is_method("CANCEL"))
>     {
>         if (t_check_trans())
>             t_relay();
>         exit;
>     }
>
>     t_check_trans();
>
>     if ( !(is_method("REGISTER")  || is_from_gw() ) ) {
>         if (is_from_local()) {
>             if (!proxy_authorize("", "subscriber")) {
>                 proxy_challenge("", "0");
>                 exit;
>             }
>             if (!db_check_from()) {
>                 sl_send_reply("403","Forbidden auth ID");
>                 exit;
>             }
>
>             consume_credentials();
>         } else {
>             if (!is_uri_host_local()) {
>                 send_reply("403","Rely forbidden");
>                 exit;
>             }
>         }
>
>     }
>
>     # preloaded route checking
>     if (loose_route()) {
>         xlog("L_ERR", "Attempt to route with preloaded Route's
> [$fu/$tu/$ru/$ci]");
>         if (!is_method("ACK"))
>             sl_send_reply("403","Preload Route denied");
>         exit;
>     }
>
>     # record routing
>     if (!is_method("REGISTER|MESSAGE"))
>         record_route();
>
>     # account only INVITEs
>     if (is_method("INVITE")) {
>         # create dialog with timeout
>         if ( !create_dialog("B") ) {
>             send_reply("500","Internal Server Error");
>             exit;
>         }
>
>         setflag(ACC_DO); # do accounting
>     }
>
>
>     if (!is_uri_host_local()) {
>         append_hf("P-hint: outbound\r\n");
>
>         route(relay);
>     }
>
>     # requests for my domain
>
>     if( is_method("PUBLISH|SUBSCRIBE"))
>             route(handle_presence);
>
>     if (is_method("REGISTER"))
>     {
>
>         # authenticate the REGISTER requests
>         if (!www_authorize("", "subscriber"))
>         {
>             www_challenge("", "0");
>             exit;
>         }
>
>         if (!db_check_to())
>         {
>             sl_send_reply("403","Forbidden auth ID");
>             exit;
>         }
>
>         if (   0 ) setflag(TCP_PERSISTENT);
>
>         if (!save("location"))
>             sl_reply_error();
>
>         exit;
>     }
>
>     if ($rU==NULL) {
>         # request with no Username in RURI
>         sl_send_reply("484","Address Incomplete");
>         exit;
>     }
>
>
>     # apply DB based aliases
>     alias_db_lookup("dbaliases");
>
>     # do lookup with method filtering
>     if (!lookup("location","m")) {
>         switch ($retcode) {
>             case -1: # Note here: check for blacklist numbers
>                 if (!check_blacklist("globalblacklist")) {
>                     sl_send_reply("403", "Forbidden");
>                     exit;
>                 }
>
>                 # Check for user ACLs
>                 if($rU=~"^\0") {
>                     if(!db_is_user_in("Credentials","extern")) {
>                     xlog("L_INFO","403 - Forbidden
> [$fd/$fu/$rd/$ru/$si]\n");
>                     sl_send_reply("403", "Forbidden - No permission for
> external calls");
>                     exit;
>                     }
>                 }
>
>                 # Then route it !
>                 cr_user_carrier("$fU", "$fd", "$avp(carrier)");
>                 if($avp(carrier)==0) {
>                     xlog("L_INFO","Not here: default route
> [$fd/$fu/$rd/$ru/$si]\n");
>
>                     if($(rU{s.len}) < 4) {
>                     xlog("L_ERR", "Number incomplete/failure for $rU\n");
>                     prefix("FAIL_");
>                     route(vmbox);
>                     }
>
>                     if(!cr_route("default", "$fd", "$rU", "$rU",
> "call_id", "$avp(host)")) {
>                     xlog("L_ERR", "Number not found for $rU\n");
>                     prefix("FAIL_");
>                     route(vmbox);
>                     }
>                 } else {
>                     xlog("L_INFO","Not here: user route
> [$fd/$fu/$rd/$ru/$si/$avp(carrier)]\n");
>
>                     $avp(domain)="voip.unisi.it";
>                     if (!cr_route("$avp(carrier)", "$avp(domain)",
> "$rU", "$rU","call_id", "$avp(host)")) {
>                     sl_send_reply("404", "Not found");
>                     xlog("L_ERR", "cr_route failed\n");
>                     exit;
>                     }
>                 }
>
>                 t_on_failure("missed_call");
>
>                 if (!t_relay()) {
>                     sl_reply_error();
>                 };
>                 exit;
>             case -3: # internal error
>                 t_newtran();
>                 t_reply("404", "Not Found");
>                 exit;
>             case -2: # method not supported
>                 sl_send_reply("405", "Method Not Allowed");
>                 exit;
>         }
>     }
>
>     if (isbflagset(NAT)) setflag(NAT);
>
>     # when routing via usrloc, log the missed calls also
>     setflag(ACC_MISSED);
>     route(relay);
> }
>
>
> route[relay] {
>     # for INVITEs enable some additional helper routes
>     if (is_method("INVITE")) {
>
>         if (isflagset(NAT)) {
>             rtpproxy_offer("ro");
>         }
>
>         t_on_branch("per_branch_ops");
>         t_on_reply("handle_nat");
>         t_on_failure("missed_call");
>     }
>
>     if (isflagset(NAT)) {
>         add_rr_param(";nat=yes");
>         }
>
>     if (!t_relay()) {
>         send_reply("500","Internal Error");
>     };
>     exit;
> }
>
>
> # Presence route
> route[handle_presence]
> {
>     if (!t_newtran())
>     {
>         sl_reply_error();
>         exit;
>     }
>
>     if(is_method("PUBLISH"))
>     {
>         handle_publish();
>     }
>     else
>     if( is_method("SUBSCRIBE"))
>     {
>         handle_subscribe();
>     }
>
>     exit;
> }
>
>
> branch_route[per_branch_ops] {
>     xlog("new branch at $ru\n");
> }
>
>
> onreply_route[handle_nat] {
>     if (nat_uac_test("1"))
>         fix_nated_contact();
>     if ( isflagset(NAT) )
>         rtpproxy_answer("ro");
> #    xlog("incoming reply\n");
> }
>
>
> failure_route[missed_call] {
>     if (t_was_cancelled()) {
>         exit;
>     }
>
>     if (t_check_status("408|5[0-9][0-9]")) {
>             if(!cr_route("default", "$fd", "$rU", "$rU", "call_id",
> "$avp(host)")){
>             t_reply("403", "Not allowed");
>         } else {
>             revert_uri();
>         prefix("FAILURE_");
>         rewritehostport("172.20.1.5:5060");
>         t_relay();
>         }
>     }
> }
>
> route[vmbox] {
>     xlog("L_INFO","Route VMBOX  [$fd/$fu/$rd/$ru/$si/]\n");
>
>     rewritehostport("172.20.1.5:5060");
>
>     route(relay);
> }
>
>
> local_route {
>     if (is_method("BYE") && $DLG_dir=="UPSTREAM") {
>
>         acc_db_request("200 Dialog Timeout", "acc");
>
>     }
> }
>
> SIP Signaling works but RTP (Voice) not. If i register a device like
> "sip:5001 at 10.1.65.117" call signalling works but voice not.
>
> Any hint ?
>
> Thanks, Michele
>
> --
> Michele Pinassi
> Responsabile Telefonia di Ateneo
> Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi di
> Siena
> tel: 0577.(23)2169 - fax: 0577.(23)2053
>
> Per trovare una soluzione rapida ai tuoi problemi tecnici
> consulta le FAQ di Ateneo, http://www.faq.unisi.it
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20131018/b1a63f78/attachment-0001.htm>


More information about the Users mailing list