Opensips1.7 + MediaProxy

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Opensips1.7 + MediaProxy

LAVer
Hi. Please help.
We have:
1.One server consists of: CenOS6.5 + Opensips1.7 + MediaProxy2.5
2.One MGW: Cisco AS5350
3.UserID=telephone number and registration on OpenSips through MySQL
4.Call to PSTN pass through MGW with prefix 9999:
route[4] {      prefix("9999");
      rewritehostport("192.168.0.3:5060");
      if (!t_relay()) { sl_reply_error(); };
        exit;}

Now, such a scheme works:

(UAC       )---->sip----->Opensips 1.7--->SIP--->MGW Cisco
192.168.0.65               192.168.0.2                 192.168.0.3
RTP----------------------------------------------------------->MGW Cisco-------->PSTN

In this topology visible

It's not safe, it's necessary to build a new wiring diagram:
(UAC      )--->sip,RTP---->(Opensips--->rtp,SIP------>)----->MGW Cisco--->PSTN
85.85.85.85                    (85.85.85.2     192.168.0.2)     192.168.0.3

questions:
1. to hide the network topology from the users (can be used dialog module, function: topology_hiding?)
2. hide RTP traffic to MGW for Opensips-server (can be used MediaProxy or rtpproxy)?
Please, give examples opensips.cfg-file ?

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Opensips1.7 + MediaProxy

Pavel Eremin-3

Did you get answer or example?

25.02.2014 14:45 пользователь "Антон Лытаев" <[hidden email]> написал:
Hi. Please help.
We have:
1.One server consists of: CenOS6.5 + Opensips1.7 + MediaProxy2.5
2.One MGW: Cisco AS5350
3.UserID=telephone number and registration on OpenSips through MySQL
4.Call to PSTN pass through MGW with prefix 9999:
route[4] {      prefix("9999");
      rewritehostport("192.168.0.3:5060");
      if (!t_relay()) { sl_reply_error(); };
        exit;}

Now, such a scheme works:

(UAC       )---->sip----->Opensips 1.7--->SIP--->MGW Cisco
192.168.0.65               192.168.0.2                 192.168.0.3
RTP----------------------------------------------------------->MGW Cisco-------->PSTN

In this topology visible

It's not safe, it's necessary to build a new wiring diagram:
(UAC      )--->sip,RTP---->(Opensips--->rtp,SIP------>)----->MGW Cisco--->PSTN
85.85.85.85                    (85.85.85.2     192.168.0.2)     192.168.0.3

questions:
1. to hide the network topology from the users (can be used dialog module, function: topology_hiding?)
2. hide RTP traffic to MGW for Opensips-server (can be used MediaProxy or rtpproxy)?
Please, give examples opensips.cfg-file ?

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Opensips1.7 + MediaProxy

LAVerPNZ
not yet. Has not yet received ...
27.02.2014 6:57, pavel@.... :
> Did you get answer or example?



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Opensips1.7 + MediaProxy

Pavel Eremin-3
Ok, i try to post some config lines today.


2014-02-27 11:05 GMT+06:00 Лытаев Антон Викторович <[hidden email]>:
not yet. Has not yet received ...
27.02.2014 6:57, pavel@.... :

Did you get answer or example?



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Opensips1.7 + MediaProxy

LAVerPNZ
Thank you! I Would really appreciate!


27.02.2014 9:09, [hidden email] пишет:
> Ok, i try to post some config lines today.



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Opensips1.7 + MediaProxy

LAVerPNZ
In reply to this post by Pavel Eremin-3
Here is an example CFG-file that works now:
The message "183" prefix and visible IP gateway. And that could be a threat of fraud.
Here: if you use the function topology_hiding (); it does not happen a fair exchange:
"BYE" comes to the message "404", "Not here" rather than "200 OK"
I use client_nat_test to cut off all requests for registration are NAT
, but it does not work!


port=5060
listen=udp:85.85.85.85:5060 #Opensips-server
route{
if (has_totag()) {
    if (loose_route()) {
    if (is_method("BYE")) {
    setflag(1);
    setflag(3);}
    else if (is_method("INVITE")) {
    #topology_hiding();
    record_route();    }
    route(1);}
    else {
    if ( is_method("ACK") ) {
    if ( t_check_trans() ) {
    t_relay();
    exit;}
    else {
    exit;
    }}
    sl_send_reply("404","Not here");
    }
    exit;
}

#initial requests
if (is_method("CANCEL")){
if (t_check_trans())
t_relay();
exit;}

t_check_trans();

# authenticate if from local subscriber (uncomment to enable auth)
# authenticate all initial non-REGISTER request that pretend to be
# generated by local subscriber (domain from FROM URI is local)

if (!(method=="REGISTER") && from_uri==myself) #/*no multidomain version*/
{if (!proxy_authorize("", "subscriber"))
{proxy_challenge("", "0");
exit;}
if (!db_check_from())
{sl_send_reply("403","Forbidden auth ID");
exit;}
consume_credentials();
}

# preloaded route checking
if (loose_route())
{xlog("L_ERR","Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
if (!is_method("ACK"))    sl_send_reply("403","Preload Route denied");
exit;
}

# record routing
if (!is_method("REGISTER|MESSAGE")) record_route();

# account only INVITEs    if (is_method("INVITE"))
{
# if (!src_ip=="85.85.85.11") #CISCO MGW IP
#{
#        topology_hiding();
#        }
setflag(1); # do accounting
}

if (!uri==myself)    ## replace with following line if multi-domain support is used
{
route(1);}

# requests for my domain
if (is_method("PUBLISH")){
sl_send_reply("503", "Service Unavailable");
exit;}

if (is_method("REGISTER")){
#        if(client_nat_test("3"))
#        {
#            sl_send_reply("403", "Not working NAT");
#            exit;
#        }

# authenticate the REGISTER requests (uncomment to enable auth)
if (!www_authorize("", "subscriber"))    {
www_challenge("", "0");
exit;}
if (!db_check_to()) {
sl_send_reply("403","Forbidden auth ID");
exit;}
if (!save("location"))
sl_reply_error();
exit;
}

if ($rU==NULL) {
# request with no Username in RURI
sl_send_reply("484","Address Incomplete");
exit;
}

# do lookup with method filtering
if ((src_ip=="85.85.85.11") && (!lookup("location")))
{
switch ($retcode) {
case -1:
case -3:
t_newtran();
t_reply("404", "Not Found");
exit;
case -2:
sl_send_reply("405", "Method Not Allowed");
exit;
}}

# when routing via usrloc, log the missed calls also
setflag(2);

if (src_ip=="85.85.85.11") {
route(1);}
route(3);
}

route[1] {
# for INVITEs enable some additional helper routes
if (is_method("INVITE")) {
t_on_branch("2");
t_on_reply("2");
t_on_failure("1");}
if (!t_relay()) {
sl_reply_error();};
exit;}
####################################################
route[3] {
prefix("9999");
rewritehostport("85.85.85.11:5060");
if (!t_relay()) {
sl_reply_error();
};exit;
}
####################################################
branch_route[2] { xlog("new branch at $ru\n");}
onreply_route[2] { xlog("incoming reply\n"); }

failure_route[1] {
if (t_was_cancelled()) {exit;}}


27.02.2014 9:09, pavel@................:
Ok, i try to post some config lines today.


2014-02-27 11:05 GMT+06:00 LAVer:
not yet. Has not yet received ...
27.02.2014 6:57, pavel@.... :

Did you get answer or example?



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Opensips1.7 + MediaProxy

LAVer
In reply to this post by Pavel Eremin-3
Pavel, you have not watched an example?