[OpenSIPS-Users] RTPProxy to link two networks

Michele Pinassi michele.pinassi at unisi.it
Fri Oct 18 15:02:33 CEST 2013


Hi all,

i have Opensips on a server with two interfaces, PUBLIC and PRIVATE
(172.20.x.x).

This is my opensips.cfg:

####### Routing Logic ########
route {
    force_rport();
   
    if (is_method("INVITE")) {
        if (!get_source_group("$var(group)") ) {
            $var(group) = 3; /* Default value */
        }
       
        # User group:
        # 1 = Internal VoIP subnet 172.20
        # 2 = External VoIP subnet but inside Unisi context 172.16 | 10.0.0
        # 3 = Outside/foreign (not allowed)
       
        xlog("L_INFO", "User group is $var(group) [$fd/$fu/$rd/$ru/$si]\n");

            if ($var(group) == 2) { # Outside VoIP LAN
        if (is_method("REGISTER")) {
                fix_nated_register();
            setbflag(NAT);
        } else {
            fix_nated_contact();
            setflag(NAT);
        }
        }
    }

    if (!mf_process_maxfwd_header("10")) {
        sl_send_reply("483","Too Many Hops");
        exit;
    }
   
    # Verifica che l'IP provenga da una rete abilitata (address table)
    if (!check_address("0","$si","$sp","$proto")) {
        xlog("L_INFO","IP $si Forbidden");
        sl_send_reply("403", "Forbidden");
    }

    if (has_totag()) {
        # sequential request withing a dialog should
        # take the path determined by record-routing
        if (loose_route()) {
           
            # validate the sequential request against dialog
            if ( $DLG_status!=NULL && !validate_dialog() ) {
                xlog("In-Dialog $rm from $si (callid=$ci) is not valid
according to dialog\n");
                ## exit;
            }
           
            if (is_method("BYE")) {
                setflag(ACC_DO); # do accounting ...
                setflag(ACC_FAILED); # ... even if the transaction fails
            } else if (is_method("INVITE")) {
                # even if in most of the cases is useless, do RR for
                # re-INVITEs alos, as some buggy clients do change route set
                # during the dialog.
                record_route();
            }

            if (check_route_param("nat=yes"))
                setflag(NAT);

            # route it out to whatever destination was set by loose_route()
            # in $du (destination URI).
            route(relay);
        } else {
            if (is_method("SUBSCRIBE") && $rd == "127.0.0.1:5060") { #
CUSTOMIZE ME
                # in-dialog subscribe requests
                route(handle_presence);
                exit;
            }
            if ( is_method("ACK") ) {
                if ( t_check_trans() ) {
                    # non loose-route, but stateful ACK; must be an ACK
after
                    # a 487 or e.g. 404 from upstream server
                    t_relay();
                    exit;
                } else {
                    # ACK without matching transaction ->
                    # ignore and discard
                    exit;
                }
            }
            sl_send_reply("404","Not here");
        }
        exit;
    }

    # CANCEL processing
    if (is_method("CANCEL"))
    {
        if (t_check_trans())
            t_relay();
        exit;
    }

    t_check_trans();

    if ( !(is_method("REGISTER")  || is_from_gw() ) ) {
        if (is_from_local()) {
            if (!proxy_authorize("", "subscriber")) {
                proxy_challenge("", "0");
                exit;
            }
            if (!db_check_from()) {
                sl_send_reply("403","Forbidden auth ID");
                exit;
            }
       
            consume_credentials();
        } else {
            if (!is_uri_host_local()) {
                send_reply("403","Rely forbidden");
                exit;
            }
        }

    }

    # preloaded route checking
    if (loose_route()) {
        xlog("L_ERR", "Attempt to route with preloaded Route's
[$fu/$tu/$ru/$ci]");
        if (!is_method("ACK"))
            sl_send_reply("403","Preload Route denied");
        exit;
    }

    # record routing
    if (!is_method("REGISTER|MESSAGE"))
        record_route();

    # account only INVITEs
    if (is_method("INVITE")) {
        # create dialog with timeout
        if ( !create_dialog("B") ) {
            send_reply("500","Internal Server Error");
            exit;
        }
       
        setflag(ACC_DO); # do accounting
    }

   
    if (!is_uri_host_local()) {
        append_hf("P-hint: outbound\r\n");
       
        route(relay);
    }

    # requests for my domain
   
    if( is_method("PUBLISH|SUBSCRIBE"))
            route(handle_presence);

    if (is_method("REGISTER"))
    {
       
        # authenticate the REGISTER requests
        if (!www_authorize("", "subscriber"))
        {
            www_challenge("", "0");
            exit;
        }
       
        if (!db_check_to())
        {
            sl_send_reply("403","Forbidden auth ID");
            exit;
        }

        if (   0 ) setflag(TCP_PERSISTENT);

        if (!save("location"))
            sl_reply_error();

        exit;
    }

    if ($rU==NULL) {
        # request with no Username in RURI
        sl_send_reply("484","Address Incomplete");
        exit;
    }

   
    # apply DB based aliases
    alias_db_lookup("dbaliases");

    # do lookup with method filtering
    if (!lookup("location","m")) {
        switch ($retcode) {
            case -1: # Note here: check for blacklist numbers
                if (!check_blacklist("globalblacklist")) {
                    sl_send_reply("403", "Forbidden");
                    exit;
                }

                # Check for user ACLs
                if($rU=~"^\0") {
                    if(!db_is_user_in("Credentials","extern")) {
                    xlog("L_INFO","403 - Forbidden
[$fd/$fu/$rd/$ru/$si]\n");
                    sl_send_reply("403", "Forbidden - No permission for
external calls");
                    exit;
                    }
                }

                # Then route it !
                cr_user_carrier("$fU", "$fd", "$avp(carrier)");
                if($avp(carrier)==0) {
                    xlog("L_INFO","Not here: default route
[$fd/$fu/$rd/$ru/$si]\n");

                    if($(rU{s.len}) < 4) {
                    xlog("L_ERR", "Number incomplete/failure for $rU\n");
                    prefix("FAIL_");
                    route(vmbox);
                    }
                   
                    if(!cr_route("default", "$fd", "$rU", "$rU",
"call_id", "$avp(host)")) {
                    xlog("L_ERR", "Number not found for $rU\n");
                    prefix("FAIL_");
                    route(vmbox);
                    }
                } else {
                    xlog("L_INFO","Not here: user route
[$fd/$fu/$rd/$ru/$si/$avp(carrier)]\n");

                    $avp(domain)="voip.unisi.it";
                    if (!cr_route("$avp(carrier)", "$avp(domain)",
"$rU", "$rU","call_id", "$avp(host)")) {
                    sl_send_reply("404", "Not found");
                    xlog("L_ERR", "cr_route failed\n");
                    exit;
                    }
                }
               
                t_on_failure("missed_call");
               
                if (!t_relay()) {
                    sl_reply_error();
                };
                exit;
            case -3: # internal error
                t_newtran();
                t_reply("404", "Not Found");
                exit;
            case -2: # method not supported
                sl_send_reply("405", "Method Not Allowed");
                exit;
        }
    }
   
    if (isbflagset(NAT)) setflag(NAT);

    # when routing via usrloc, log the missed calls also
    setflag(ACC_MISSED);
    route(relay);
}


route[relay] {
    # for INVITEs enable some additional helper routes
    if (is_method("INVITE")) {
       
        if (isflagset(NAT)) {
            rtpproxy_offer("ro");
        }

        t_on_branch("per_branch_ops");
        t_on_reply("handle_nat");
        t_on_failure("missed_call");
    }

    if (isflagset(NAT)) {
        add_rr_param(";nat=yes");
        }

    if (!t_relay()) {
        send_reply("500","Internal Error");
    };
    exit;
}


# Presence route
route[handle_presence]
{
    if (!t_newtran())
    {
        sl_reply_error();
        exit;
    }

    if(is_method("PUBLISH"))
    {
        handle_publish();
    }
    else
    if( is_method("SUBSCRIBE"))
    {
        handle_subscribe();
    }

    exit;
}


branch_route[per_branch_ops] {
    xlog("new branch at $ru\n");
}


onreply_route[handle_nat] {
    if (nat_uac_test("1"))
        fix_nated_contact();
    if ( isflagset(NAT) )
        rtpproxy_answer("ro");
#    xlog("incoming reply\n");
}


failure_route[missed_call] {
    if (t_was_cancelled()) {
        exit;
    }
   
    if (t_check_status("408|5[0-9][0-9]")) {
            if(!cr_route("default", "$fd", "$rU", "$rU", "call_id",
"$avp(host)")){
            t_reply("403", "Not allowed");
        } else {
            revert_uri();
        prefix("FAILURE_");
        rewritehostport("172.20.1.5:5060");
        t_relay();
        }
    }
}

route[vmbox] {
    xlog("L_INFO","Route VMBOX  [$fd/$fu/$rd/$ru/$si/]\n");

    rewritehostport("172.20.1.5:5060");

    route(relay);
}


local_route {
    if (is_method("BYE") && $DLG_dir=="UPSTREAM") {
       
        acc_db_request("200 Dialog Timeout", "acc");
       
    }
}

SIP Signaling works but RTP (Voice) not. If i register a device like
"sip:5001 at 10.1.65.117" call signalling works but voice not.

Any hint ?

Thanks, Michele

-- 
Michele Pinassi
Responsabile Telefonia di Ateneo
Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi di Siena
tel: 0577.(23)2169 - fax: 0577.(23)2053

Per trovare una soluzione rapida ai tuoi problemi tecnici
consulta le FAQ di Ateneo, http://www.faq.unisi.it 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opensips.org/pipermail/users/attachments/20131018/c34329ba/attachment.pgp>


More information about the Users mailing list