[OpenSIPS-Users] Help with rtpproxy on a multihomed host.
Matthew Schumacher
schu at schu.net
Wed Jan 8 14:13:18 EST 2020
SamyGo,
Thank you for the help.
I configured rtpproxy as you said and used:
if($rd=="cc.cc.cc.cc") {
rtpproxy_engage("ies");
} else {
rtpproxy_engage("eis");
}
Is that a reasonable way to do it?
Thanks,
schu
On 1/7/20 9:02 PM, SamyGo wrote:
> Hi,
> if /a.a.a.a/ is PublicIP and /b.b.b.b/ is Private IP ; where c.c.c.c
> is another Private IP address then you just need to enable multihome
> param "*mhomed=1" *in your opensips.cfg script and OpenSIPS should
> take care of relaying the packet our with proper SIP headers, the
> selection of the interface to "c.c.c.c" will be done automatically if
> the Operating System's IP routes are configured properly i.e b.b.b.b
> can reach c.c.c.c.
>
> Next up is the rpproxy engagement, you'll need to do couple of things
> for that.
> 1 - start RTPproxy in bridging mode i.e -l a.a.a.a/b.b.b.b
> 2 - in your opensips.cfg you've to explicitly tell the rtpproxy which
> direction this call is flowing by use of flags and other functions.
>
> i.e
> if(call-from-WAN->LAN)
> * rtpproxy_engage("ei");*
>
> if(call-from-LAN->WAN)
> * rtpproxy_engage("ie");*
>
> You might need additional flags in there as this is just an example.
> Hope this helps.
>
> Regards,
> Sammy
>
>
>
>
> On Tue, Jan 7, 2020 at 8:22 PM Matthew Schumacher <schu at schu.net
> <mailto:schu at schu.net>> wrote:
>
> Hello all,
>
> I'm trying to setup an SBC of sorts so that I can have users
> authenticate to opensips using a public interface, then have opensips
> relay and rtpproxy that request to a private sip host.
>
> Something like this:
>
> public sip client ---(proxy authetication)--> aa.aa.aa.aa
> bb.bb.bb.bb <http://bb.bb.bb.bb>
> ----(sip trunk auth by ip) ---> cc.cc.cc.cc <http://cc.cc.cc.cc>
> (inside sip gateway)
>
> Where aa.aa.aa.aa and bb.bb.bb.bb <http://bb.bb.bb.bb> live on the
> same host.
>
> I used osipsconfig with use_auth, use_dbacc, use_dbusrloc,
> use_dialog,
> use_multidomain, use_dialplan, have_inbound_pstn, have_outbound_pstn
>
> I then took the config it created and added rtpproxy module and
> config
> as well as force_send_socket() because when it sent sip to
> cc.cc.cc.c it
> was sourcing from aa.aa.aa.aa instead of bb.bb.bb.bb
> <http://bb.bb.bb.bb>.
>
> It almost works, and actually works with one way audio from
> cc.cc.cc.cc <http://cc.cc.cc.cc>
> through the proxy to the client, but opensips tells the client
> that the
> audio is at cc.cc.cc.cc <http://cc.cc.cc.cc> which doesn't route.
>
> What's the best way to do multi homing? opensips seems fairly
> straight
> forward with a single IP address, but things got complicated fast
> when I
> added a second IP.
>
> I would just use b2b_init_request("top hiding"); but I get lots of
> loops
> when I do that.
>
> Thanks,
> Matt
>
>
> ####### Global Parameters #########
>
> log_level=4
> log_stderror=yes
> log_facility=LOG_LOCAL0
>
> children=4
>
> /* uncomment the following lines to enable debugging */
> #debug_mode=yes
>
> /* uncomment the next line to enable the auto temporary
> blacklisting of
> not available destinations (default disabled) */
> #disable_dns_blacklist=no
>
> /* uncomment the next line to enable IPv6 lookup after IPv4 dns
> lookup failures (default disabled) */
> #dns_try_ipv6=yes
>
> /* comment the next line to enable the auto discovery of local aliases
> based on reverse DNS on IPs */
> auto_aliases=no
>
> listen=udp:bb.bb.bb.bb:5060 <http://bb.bb.bb.bb:5060> # CUSTOMIZE ME
> listen=udp:aa.aa.aa.aa:5060 # CUSTOMIZE ME
>
>
> ####### Modules Section ########
>
> #set module path
> mpath="/usr/lib64/opensips/modules/"
>
> #### SIGNALING module
> loadmodule "signaling.so"
>
> #### StateLess module
> loadmodule "sl.so"
>
> #### Transaction Module
> loadmodule "tm.so"
> modparam("tm", "fr_timeout", 5)
> modparam("tm", "fr_inv_timeout", 30)
> modparam("tm", "restart_fr_on_each_reply", 0)
> modparam("tm", "onreply_avp_mode", 1)
>
> #### Record Route Module
> loadmodule "rr.so"
> /* do not append from tag to the RR (no need for this script) */
> modparam("rr", "append_fromtag", 0)
>
> #### MAX ForWarD module
> loadmodule "maxfwd.so"
>
> #### SIP MSG OPerationS module
> loadmodule "sipmsgops.so"
>
> #### FIFO Management Interface
> loadmodule "mi_fifo.so"
> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
> modparam("mi_fifo", "fifo_mode", 0666)
>
> #### PGSQL module
> loadmodule "db_postgres.so"
>
> #### HTTPD module
> loadmodule "httpd.so"
> modparam("httpd", "port", 8888)
>
> #### USeR LOCation module
> loadmodule "usrloc.so"
> modparam("usrloc", "nat_bflag", "NAT")
> modparam("usrloc", "db_mode", 2)
> modparam("usrloc", "db_url",
> "postgres://opensips:longpassword@localhost/opensips") #
> CUSTOMIZE ME
>
>
> #### REGISTRAR module
> loadmodule "registrar.so"
> modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")
> /* uncomment the next line not to allow more than 10 contacts per
> AOR */
> #modparam("registrar", "max_contacts", 10)
>
> #### ACCounting module
> loadmodule "acc.so"
> /* what special events should be accounted ? */
> modparam("acc", "early_media", 0)
> modparam("acc", "report_cancels", 0)
> /* by default we do not adjust the direct of the sequential requests.
> if you enable this parameter, be sure the enable "append_fromtag"
> in "rr" module */
> modparam("acc", "detect_direction", 0)
> modparam("acc", "db_url",
> "postgres://opensips:longpassword@localhost/opensips") #
> CUSTOMIZE ME
>
> #### AUTHentication modules
> loadmodule "auth.so"
> loadmodule "auth_db.so"
> modparam("auth_db", "calculate_ha1", yes)
> modparam("auth_db", "password_column", "password")
> modparam("auth_db", "db_url",
> "postgres://opensips:longpassword@localhost/opensips") #
> CUSTOMIZE ME
> modparam("auth_db", "load_credentials", "")
>
> #### DOMAIN module
> loadmodule "domain.so"
> modparam("domain", "db_url",
> "postgres://opensips:longpassword@localhost/opensips") #
> CUSTOMIZE ME
> modparam("domain", "db_mode", 1) # Use caching
> modparam("auth_db|usrloc", "use_domain", 1)
>
> #### DIALOG module
> loadmodule "dialog.so"
> modparam("dialog", "dlg_match_mode", 1)
> modparam("dialog", "default_timeout", 21600) # 6 hours timeout
> modparam("dialog", "db_mode", 2)
> modparam("dialog", "db_url",
> "postgres://opensips:longpassword@localhost/opensips") #
> CUSTOMIZE ME
>
> #### DIALPLAN module
> loadmodule "dialplan.so"
> modparam("dialplan", "db_url",
> "postgres://opensips:longpassword@localhost/opensips") #
> CUSTOMIZE ME
>
> #### MI_HTTP module
> loadmodule "mi_http.so"
> modparam("mi_http", "root", "json")
>
> loadmodule "proto_udp.so"
> loadmodule "proto_tcp.so"
>
> loadmodule "rtpproxy.so"
> modparam("rtpproxy", "rtpproxy_sock",
> "unix:/var/run/rtpproxy.sock") #
> CUSTOMIZE ME
>
> loadmodule "json.so"
> loadmodule "jsonrpc.so"
> loadmodule "event_jsonrpc.so"
>
> ####### Routing Logic ########
>
> # main request routing logic
>
> route{
>
> if (!mf_process_maxfwd_header(10)) {
> send_reply(483,"Too Many Hops");
> exit;
> }
>
> if (has_totag()) {
>
> # handle hop-by-hop ACK (no routing required)
> if ( is_method("ACK") && t_check_trans() ) {
> t_relay();
> exit;
> }
>
> # sequential request within a dialog should
> # take the path determined by record-routing
> if ( !loose_route() ) {
> # we do record-routing for all our traffic, so we
> should not
> # receive any sequential requests without Route hdr.
> send_reply(404,"Not here");
> exit;
> }
>
> # validate the sequential request against dialog
> if ( $DLG_status!=NULL && !validate_dialog() ) {
> xlog("In-Dialog $rm from $si (callid=$ci) is not valid
> according to dialog\n");
> ## exit;
> }
>
> if (is_method("BYE")) {
> # do accounting even if the transaction fails
> do_accounting("db","failed");
>
> }
>
> # route it out to whatever destination was set by
> loose_route()
> # in $du (destination URI).
> route(relay);
> exit;
> }
>
> # CANCEL processing
> if (is_method("CANCEL")) {
> if (t_check_trans())
> t_relay();
> exit;
> }
>
> # absorb retransmissions, but do not create transaction
> t_check_trans();
>
> if ( !(is_method("REGISTER") || ($si==cc.cc.cc.cc
> <http://cc.cc.cc.cc> && $sp==5060 /*
> CUSTOMIZE ME */) ) ) {
>
> if (is_myself("$fd")) {
>
> # authenticate if from local subscriber
> # authenticate all initial non-REGISTER request that
> pretend to be
> # generated by local subscriber (domain from FROM URI
> is local)
> if (!proxy_authorize("", "subscriber")) {
> proxy_challenge("", 0);
> exit;
> }
> if ($au!=$fU) {
> send_reply(403,"Forbidden auth ID");
> exit;
> }
>
> consume_credentials();
> # caller authenticated
>
> } else {
> # if caller is not local, then called number must be
> local
>
> if (!is_myself("$rd")) {
> send_reply(403,"Relay Forbidden");
> exit;
> }
> }
>
> }
>
> # preloaded route checking
> if (loose_route()) {
> xlog("L_ERR",
> "Attempt to route with preloaded Route's
> [$fu/$tu/$ru/$ci]");
> if (!is_method("ACK"))
> send_reply(403,"Preload Route denied");
> exit;
> }
>
> # record routing
> if (!is_method("REGISTER|MESSAGE"))
> record_route();
>
> # account only INVITEs
> if (is_method("INVITE")) {
>
> # create dialog with timeout
> if ( !create_dialog("B") ) {
> send_reply(500,"Internal Server Error");
> exit;
> }
>
> do_accounting("db");
>
> }
>
>
> if (!is_myself("$rd")) {
> append_hf("P-hint: outbound\r\n");
>
> route(relay);
> }
>
> # requests for my domain
>
> if (is_method("PUBLISH|SUBSCRIBE")) {
> send_reply(503, "Service Unavailable");
> exit;
> }
>
> if (is_method("REGISTER")) {
> # authenticate the REGISTER requests
> if (!www_authorize("", "subscriber")) {
> www_challenge("", 0);
> exit;
> }
>
> if ($au!=$tU) {
> send_reply(403,"Forbidden auth ID");
> exit;
> }
> if ($proto == "tcp")
> setflag(TCP_PERSISTENT);
>
> if (!save("location"))
> sl_reply_error();
>
> exit;
> }
>
> if ($rU==NULL) {
> # request with no Username in RURI
> send_reply(484,"Address Incomplete");
> exit;
> }
>
>
>
>
> # apply transformations from dialplan table
> dp_translate( 0, "$rU", $rU);
>
> if ($rU=~"^\+[1-9][0-9]+$") {
>
>
> $rd="cc.cc.cc.cc <http://cc.cc.cc.cc>"; # CUSTOMIZE ME
> $rp=5060;
> force_send_socket(udp:bb.bb.bb.bb:5060
> <http://bb.bb.bb.bb:5060>);
> rtpproxy_engage();
>
> route(relay);
> exit;
> }
>
> # do lookup with method filtering
> if (!lookup("location","m")) {
> if (!db_does_uri_exist("$ru","subscriber")) {
> send_reply(420,"Bad Extension");
> exit;
> }
>
> t_reply(404, "Not Found");
> exit;
> }
>
>
>
> # when routing via usrloc, log the missed calls also
> do_accounting("db","missed");
>
> route(relay);
> }
>
>
> route[relay] {
> # for INVITEs enable some additional helper routes
> if (is_method("INVITE")) {
>
>
>
> t_on_branch("per_branch_ops");
> t_on_reply("handle_nat");
> t_on_failure("missed_call");
> }
>
>
>
> if (!t_relay()) {
> send_reply(500,"Internal Error");
> }
> exit;
> }
>
>
>
>
> branch_route[per_branch_ops] {
> xlog("new branch at $ru\n");
> }
>
>
> onreply_route[handle_nat] {
>
> xlog("incoming reply\n");
> }
>
>
> failure_route[missed_call] {
> if (t_was_cancelled()) {
> exit;
> }
>
> # uncomment the following lines if you want to block client
> # redirect based on 3xx replies.
> ##if (t_check_status("3[0-9][0-9]")) {
> ##t_reply(404,"Not found");
> ## exit;
> ##}
>
>
> }
>
>
>
> local_route {
> if (is_method("BYE") && $DLG_dir=="UPSTREAM") {
>
> acc_db_request("200 Dialog Timeout", "acc");
>
> }
> }
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20200108/098b3926/attachment-0001.html>
More information about the Users
mailing list