David Roberge | 3 Jun 14:22 2009
Picon

[OpenSIPS-Users] t_relay() for Tel-URI

Hi OpenSIPS users,

 

I have a UAC sending OpenSIPS a SIP INVITE with a SIP RURI.  I need OpenSIPS to rewrite the SIP RURI into a TEL RURI and statefully relay this message to the UAS.

 

Can I use the t_relay() function to forward the modified INVITE to the UAS?

 

Since the TEL RURI does not contains any domain part, how OpenSIPS will be able to forward the message to the correct destination?

 

Many thanks.

 

/David

 

_______________________________________________
Users mailing list
Users@...
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Anil M Pannikode (hotmail | 3 Jun 16:00 2009
Picon

[OpenSIPS-Users] SIP CLient <- TLS --> OpenSIPS <- UDP -> SIP Server

I am having the same issue as the following email which I found in the archive, Do we know if there is solution to this issue ? I tried the suggested solution , however still not working.

 

Anil

 

Bogdan-Andrei Iancu bogdan at voice-system.ro
Sun Aug 31 01:10:56 CEST 2008

Hi,

 

have you tried with:

 

tls_verify_server = 0

tls_verify_client = 0

tls_require_client_certificate = 0

 

Regards,

Bogdan

 

Nachiket Tarate wrote:

>

 

> Hi,

>

 

> I am currently trying to make Secure RTP calls between my SIP client

> and the eyeBeam. When eyeBeam is configured for encrypted calls, it

> uses Secure RTP for media and TLS for SIP signalling.

>

 

> I have configured the OpenSIPs server with TLS support.

>

 

> The scenario is as shown below:

>

 

>

 

>  ----------------    UDP      ------------------    TLS    -------------

> |  My SIP Client |  <----->  |  OpenSIPs Server | <-----> | eyeBeam 1.5 |

>  ----------------             ------------------           -------------

>   Linux Machine                Linux Machine             Widows XP

> machine

>

 

> When a call is made from eyeBeam to My SIP client the call gets

> established properly and the OpenSIPs server acts as a gateway.

>

 

> But when a call is made from My SIP client to eyeBeam the OpenSIPs

> returns the *477 Send failed* response to My SIP client.

>

 

> By enabling the debug informaiton on OpenSIPs server, I found that it

> couldn't do TLS handshake with the eyeBeam and so couldn't send the

> SIP Request from My SIP client to the eyeBeam.

>

 

> In brief the OpenSIPs server can accept the inbound messages via TLS

> but *it can't send outbound messages via TLS*.

>

 

> Can anybody help me to resolve this problem? Please see my

> opensips.cfg file and OpenSIPs server logs attached with this mail.

>

 

> Thanks,

> NT

>

 

> ------------------------------------------------------------------------

>

 

> _______________________________________________

> Users mailing list

> Users at lists.opensips.org

> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

 

 

More information about the Users mailing list

_______________________________________________
Users mailing list
Users@...
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Iñaki Baz Castillo | 3 Jun 18:06 2009
Picon

Re: [OpenSIPS-Users] t_relay() for Tel-URI

2009/6/3 David Roberge <droberge <at> xittel.net>:
> Hi OpenSIPS users,
>
> I have a UAC sending OpenSIPS a SIP INVITE with a SIP RURI.  I need OpenSIPS
> to rewrite the SIP RURI into a TEL RURI and statefully relay this message to
> the UAS.
>
> Can I use the t_relay() function to forward the modified INVITE to the UAS?

Yes (see below)

> Since the TEL RURI does not contains any domain part, how OpenSIPS will be
> able to forward the message to the correct destination?

That's the point. A TEL URI has no information about the real
destination of itself. What your proxy must do is:
- Change the RURI (from SIP to TEL).
- Set the $du variable which is the *real* destination of the request.
  Example:  $du = "sip:1.2.3.4:5080";
- Do "t_relay()".

:)

--

-- 
Iñaki Baz Castillo
<ibc <at> aliax.net>

_______________________________________________
Users mailing list
Users <at> lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Matti Zemack | 3 Jun 18:43 2009

[OpenSIPS-Users] Good intro to mediaproxy setup?

Hi all,

 

Could anyone please point me in the direction of a setup guide regarding mediaproxy.

I seem to get some sort of TLS problem between a dispatcher and the relay...

 

Just trying the simple demo setup.

 

Any help much appreciated.

 

 

Mediaproxy-relay syslog output;

Jun  3 12:10:43 mediaproxy media-relay[32632]: debug: Connected to dispatcher at 172.16.245.128:25060

Jun  3 12:11:23 mediaproxy media-relay[32632]: error: missed 3 keepalive answers in a row. assuming the connection is down.

Jun  3 12:11:23 mediaproxy media-relay[32632]: error: Connection with dispatcher at 172.16.245.128:25060 was lost: TCP connection timed out.

Jun  3 12:11:25 mediaproxy media-relay[32632]: debug: Connected to dispatcher at 172.16.245.128:25060

Jun  3 12:12:05 mediaproxy media-relay[32632]: error: missed 3 keepalive answers in a row. assuming the connection is down.

Jun  3 12:12:05 mediaproxy media-relay[32632]: error: Connection with dispatcher at 172.16.245.128:25060 was lost: TCP connection timed out.

Jun  3 12:12:06 mediaproxy media-relay[32632]: debug: Connected to dispatcher at 172.16.245.128:25060

 

Mediaproxy-dispatcher syslog output;

Jun  3 18:25:10 voipserver media-dispatcher[5732]: error: Could not decode reply from relay 172.16.1.24: ping

Jun  3 18:25:19 voipserver media-dispatcher[5732]: error: Could not decode reply from relay 172.16.1.24: ping

Jun  3 18:25:29 voipserver media-dispatcher[5732]: error: Could not decode reply from relay 172.16.1.24: ping

Jun  3 18:25:39 voipserver media-dispatcher[5732]: error: Connection with relay at 172.16.1.24 was lost: A TLS packet with unexpected length was received.

Jun  3 18:25:51 voipserver media-dispatcher[5732]: error: Could not decode reply from relay 172.16.1.24: ping

Jun  3 18:26:01 voipserver media-dispatcher[5732]: error: Could not decode reply from relay 172.16.1.24: ping

Jun  3 18:26:11 voipserver media-dispatcher[5732]: error: Could not decode reply from relay 172.16.1.24: ping

Jun  3 18:26:21 voipserver media-dispatcher[5732]: error: Connection with relay at 172.16.1.24 was lost: A TLS packet with unexpected length was received.

 

 

Best Regards,

Matti Zemack, Stockhlm, Sweden

 

_______________________________________________
Users mailing list
Users@...
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Picon

[OpenSIPS-Users] OpenSips + RTPproxy NO audio

I'm using Opensips 1.5.2 + RTPproxy 1.2.
Two Real IP with an ATA (ATA A) and another behind NAT (ATA B).
Connecting the ATA B behind the NAT to the real IP, the connection is complentada, traffic and the audio of ATA B to A but to ATA ATA ATA A to B no traffic.
If you connect to the ATA IP connection is a real change and not flame.

Here my configuration:

####### Global Parameters #########

debug=4
log_stderror=no
log_facility=LOG_LOCAL0

fork=yes
children=4

/* uncomment the following lines to enable debugging */
#debug=6
#fork=no
#log_stderror=yes

/* uncomment the next line to disable TCP (default on) */
#disable_tcp=yes

/* uncomment the next line to enable the auto temporary blacklisting of
   not available destinations (default disabled) */
#disable_dns_blacklist=no

/* uncomment the next line to enable IPv6 lookup after IPv4 dns
   lookup failures (default disabled) */
#dns_try_ipv6=yes

/* uncomment the next line to disable the auto discovery of local aliases
   based on revers DNS on IPs (default on) */
#auto_aliases=no

/* uncomment the following lines to enable TLS support  (default off) */
#disable_tls = no
#listen = tls:your_IP:5061
#tls_verify_server = 1
#tls_verify_client = 1
#tls_require_client_certificate = 0
#tls_method = TLSv1
#tls_certificate = "/usr/local/etc/opensips/tls/user/user-cert.pem"
#tls_private_key = "/usr/local/etc/opensips/tls/user/user-privkey.pem"
#tls_ca_list = "/usr/local/etc/opensips/tls/user/user-calist.pem"


port=5060

/* uncomment and configure the following line if you want opensips to
   bind on a specific interface/port/proto (default bind on all available) */
#listen=udp:192.168.1.2:5060


####### Modules Section ########

#set module path
mpath="/usr/local/lib/opensips/modules/"

/* uncomment next line for MySQL DB support */

loadmodule "db_mysql.so"
loadmodule "signaling.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"
loadmodule "uri_db.so"
loadmodule "uri.so"
loadmodule "xlog.so"
loadmodule "acc.so"
/* uncomment next lines for MySQL based authentication support
   NOTE: a DB (like db_mysql) module must be also loaded */
loadmodule "auth.so"
loadmodule "auth_db.so"
/* uncomment next line for aliases support
   NOTE: a DB (like db_mysql) module must be also loaded */
#loadmodule "alias_db.so"
/* uncomment next line for multi-domain support
   NOTE: a DB (like db_mysql) module must be also loaded
   NOTE: be sure and enable multi-domain support in all used modules
         (see "multi-module params" section ) */
#loadmodule "domain.so"
/* uncomment the next two lines for presence server support
   NOTE: a DB (like db_mysql) module must be also loaded */
#loadmodule "presence.so"
#loadmodule "presence_xml.so"
loadmodule "nathelper.so"

# ----------------- setting module-specific parameters ---------------


# ----- mi_fifo params -----
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")


# ----- rr params -----
# add value to ;lr param to cope with most of the UAs
modparam("rr", "enable_full_lr", 1)
# do not append from tag to the RR (no need for this script)
modparam("rr", "append_fromtag", 0)


# ----- registrar params -----
modparam("registrar", "method_filtering", 1)
/* uncomment the next line to disable parallel forking via location */
# modparam("registrar", "append_branches", 0)
/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)


# ----- usrloc params -----
#modparam("usrloc", "db_mode",   0)
/* uncomment the following lines if you want to enable DB persistency
   for location entries */
modparam("usrloc", "db_mode",   2)
modparam("usrloc", "db_url","mysql://opensips:opensipsrw <at> localhost/opensips")


# ----- uri_db params -----
/* by default we disable the DB support in the module as we do not need it
   in this configuration */
modparam("uri_db", "use_uri_table", 0)
modparam("uri_db", "db_url", "")


# ----- acc params -----
/* what sepcial events should be accounted ? */
modparam("acc", "early_media", 1)
modparam("acc", "report_ack", 1)
modparam("acc", "report_cancels", 1)
/* by default ww do not adjust the direct of the sequential requests.
   if you enable this parameter, be sure the enable "append_fromtag"
   in "rr" module */
modparam("acc", "detect_direction", 0)
/* account triggers (flags) */
modparam("acc", "failed_transaction_flag", 3)
modparam("acc", "log_flag", 1)
modparam("acc", "log_missed_flag", 2)
/* uncomment the following lines to enable DB accounting also */
modparam("acc", "db_flag", 1)
modparam("acc", "db_missed_flag", 2)


# ----- auth_db params -----
/* uncomment the following lines if you want to enable the DB based
   authentication */
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
#modparam("auth_db", "db_url",
#    "mysql://opensips:opensipsrw <at> localhost/opensips")
#modparam("auth_db", "load_credentials", "")


# ----- alias_db params -----
/* uncomment the following lines if you want to enable the DB based
   aliases */
#modparam("alias_db", "db_url",
#    "mysql://opensips:opensipsrw <at> localhost/opensips")


# ----- domain params -----
/* uncomment the following lines to enable multi-domain detection
   support */
#modparam("domain", "db_url",
#    "mysql://opensips:opensipsrw <at> localhost/opensips")
#modparam("domain", "db_mode", 1)   # Use caching


# ----- multi-module params -----
/* uncomment the following line if you want to enable multi-domain support
   in the modules (dafault off) */
#modparam("alias_db|auth_db|usrloc|uri_db", "use_domain", 1)


# ----- presence params -----
/* uncomment the following lines if you want to enable presence */
#modparam("presence|presence_xml", "db_url",
#    "mysql://opensips:opensipsrw <at> localhost/opensips")
#modparam("presence_xml", "force_active", 1)
#modparam("presence", "server_address", "sip:192.168.1.2:5060")

# -- nathelper
modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:12345")
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "sipping_from", "sip:pinger-j+PTJLu+TTr8+E6qfaKHagFn4vJuwOZs@public.gmane.org")
modparam("registrar|nathelper", "received_avp", "$avp(i:80)")
modparam("usrloc", "nat_bflag", 6)

####### Routing Logic ########


# main request routing logic

route{

    if (!mf_process_maxfwd_header("10")) {
        sl_send_reply("483","Too Many Hops");
        exit;
    }

    if (has_totag()) {
        # sequential request withing a dialog should
        # take the path determined by record-routing
        if (loose_route()) {
            if (is_method("BYE")) {
                setflag(1); # do accounting ...
                setflag(3); # ... even if the transaction fails
            } else if (is_method("INVITE")) {
                # even if in most of the cases is useless, do RR for
                # re-INVITEs alos, as some buggy clients do change route set
                # during the dialog.
                record_route();
            }
            # route it out to whatever destination was set by loose_route()
            # in $du (destination URI).
            route(1);
        } else {
            /* uncomment the following lines if you want to enable presence */
            ##if (is_method("SUBSCRIBE") && $rd == "your.server.ip.address") {
            ##    # in-dialog subscribe requests
            ##    route(2);
            ##    exit;
            ##}
            if ( is_method("ACK") ) {
                if ( t_check_trans() ) {
                    # non loose-route, but stateful ACK; must be an ACK after
                    # a 487 or e.g. 404 from upstream server
                    t_relay();
                    exit;
                } else {
                    # ACK without matching transaction ->
                    # ignore and discard
                    exit;
                }
            }
            sl_send_reply("404","Not here");
        }
        exit;
    }

    #initial requests

    # CANCEL processing
    if (is_method("CANCEL"))
    {
        if (t_check_trans())
            t_relay();
        exit;
    }

    t_check_trans();

    # authenticate if from local subscriber (uncomment to enable auth)
    # authenticate all initial non-REGISTER request that pretend to be
    # generated by local subscriber (domain from FROM URI is local)
    ##if (!(method=="REGISTER") && from_uri==myself) /*no multidomain version*/
    ##if (!(method=="REGISTER") && is_from_local())  /*multidomain version*/
    ##{
    ##    if (!proxy_authorize("", "subscriber")) {
    ##        proxy_challenge("", "0");
    ##        exit;
    ##    }
    ##    if (!check_from()) {
    ##        sl_send_reply("403","Forbidden auth ID");
    ##        exit;
    ##    }
    ##
    ##    consume_credentials();
    ##    # caller authenticated
    ##}

    # preloaded route checking
    if (loose_route()) {
        xlog("L_ERR",
        "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
        if (!is_method("ACK"))
            sl_send_reply("403","Preload Route denied");
        exit;
    }

    # record routing
    if (!is_method("REGISTER|MESSAGE"))
        record_route();

    # account only INVITEs
    if (is_method("INVITE")) {
        setflag(1); # do accounting
    }
    if (!uri==myself)
    ## replace with following line if multi-domain support is used
    ##if (!is_uri_host_local())
    {
        append_hf("P-hint: outbound\r\n");
        # if you have some interdomain connections via TLS
        ##if($rd=="tls_domain1.net") {
        ##    t_relay("tls:domain1.net");
        ##    exit;
        ##} else if($rd=="tls_domain2.net") {
        ##    t_relay("tls:domain2.net");
        ##    exit;
        ##}
        route(1);
    }

    # requests for my domain

    ## uncomment this if you want to enable presence server
    ##   and comment the next 'if' block
    ##   NOTE: uncomment also the definition of route[2] from  below
    ##if( is_method("PUBLISH|SUBSCRIBE"))
    ##        route(2);

    if (is_method("PUBLISH"))
    {
        sl_send_reply("503", "Service Unavailable");
        exit;
    }
   

    if (is_method("REGISTER"))
    {
        # authenticate the REGISTER requests (uncomment to enable auth)
        if (!www_authorize("189.28.176.69", "subscriber"))
        {
            www_challenge("189.28.176.69", "0");
            exit;
        }
        ##
        ##if (!check_to())
        ##{
        ##    sl_send_reply("403","Forbidden auth ID");
        ##    exit;
        ##}

        if (!save("location"))
            sl_reply_error();

        exit;
    }

    if ($rU==NULL) {
        # request with no Username in RURI
        sl_send_reply("484","Address Incomplete");
        exit;
    }

    # apply DB based aliases (uncomment to enable)
    ##alias_db_lookup("dbaliases");

    if (!lookup("location")) {
        switch ($retcode) {
            case -1:
            case -3:
                t_newtran();
                t_reply("404", "Not Found");
                exit;
            case -2:
                sl_send_reply("405", "Method Not Allowed");
                exit;
        }
    }

    # when routing via usrloc, log the missed calls also
    setflag(2);

    route(1);
}


route[1] {
    if (check_route_param("nat=yes")) {
        setbflag(6);
    }
    if (isflagset(5) || isbflagset(6)) {
        route(5);
    }
    # for INVITEs enable some additional helper routes
    if (is_method("INVITE")) {
        t_on_branch("2");
        t_on_reply("2");
        t_on_failure("1");
    }

    if (!t_relay()) {
        sl_reply_error();
    };
    exit;
}


# Presence route
/* uncomment the whole following route for enabling presence
   NOTE: do not forget to enable the call of this route from the main
     route */
##route[2]
##{
##    if (!t_newtran())
##    {
##        sl_reply_error();
##        exit;
##    };
##
##    if(is_method("PUBLISH"))
##    {
##        handle_publish();
##        t_release();
##    }
##    else
##    if( is_method("SUBSCRIBE"))
##    {
##        handle_subscribe();
##        t_release();
##    }
##
##    exit;
##}

route[4]{
    force_rport();
    if (nat_uac_test("19")) {
        if (method=="REGISTER") {
            fix_nated_register();
        } else {
            fix_nated_contact();
        }
        setflag(5);
    }
    return;
}

# RTPProxy control
/* uncomment the whole following route for enabling RTPProxy Control */
route[5] {
    if (is_method("BYE")) {
        unforce_rtp_proxy();
    } else if (is_method("INVITE")){
        force_rtp_proxy();
    }
    if (!has_totag()) add_rr_param(";nat=yes");
    return;
}

branch_route[2] {
    xlog("new branch at $ru\n");
}


onreply_route[2] {
    xlog("incoming reply\n");

    if ((isflagset(5) || isbflagset(6)) && status=~"(183)|(2[0-9][0-9])") {
        force_rtp_proxy();
    }
    if (isbflagset(6)) {
        fix_nated_contact();
    }
}


failure_route[1] {
    if (is_method("INVITE") && (isbflagset(6) || isflagset(5))) {
        unforce_rtp_proxy();
    }

    if (t_was_cancelled()) {
        exit;
    }

    # uncomment the following lines if you want to block client
    # redirect based on 3xx replies.
    ##if (t_check_status("3[0-9][0-9]")) {
    ##t_reply("404","Not found");
    ##    exit;
    ##}

    # uncomment the following lines if you want to redirect the failed
    # calls to a different new destination
    ##if (t_check_status("486|408")) {
    ##    sethostport("192.168.2.100:5060");
    ##    # do not set the missed call flag again
    ##    t_relay();
    ##}
}


--
Atenciosamente
Daviramos Roussenq Fortunato

_______________________________________________
Users mailing list
Users@...
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Iulia Bublea | 3 Jun 19:33 2009

[OpenSIPS-Users] Opensips CP trunk postgres db implementation

Hi,

The trunk of Opensips CP comes with 2 new features:

1. In what my concern the configurations files, there is one global 
config file in config/db.in.php. And there are the config files for each 
module, if there is a specific db that is used for them, other then the 
one from the global config file.

2. The second new feature and the most important one is the support for 
postgres db.

Regards,
Iulia Bublea

Re: [OpenSIPS-Users] Off route server CDR recording

On Tuesday 02 June 2009 19:51:09 Iñaki Baz Castillo wrote:
> El Martes, 2 de Junio de 2009, Raúl Alexis Betancor Santana escribió:
> > That's imposible to do, not only because it will be a very poorly
> > accurate accounting but also because the ACC module does not "account"
> > based on the initial INVITE message but on the reply (positive or
> > negative) or on the timeout (so no reply).
>
> I understand now what you mean, but it's not totally correct:
>
> ACC module provides script functions to generate accounting (log, db,
> radius. diameter) when processing the request:
>
> http://kamailio.org/docs/modules/1.5.x/acc.html#id2507007
>
> Regards.

I have not checked the source Iñaki, but I feal that it generates the the ACC 
records on reply or when the tm timer fires the sip-timeout, because there 
are no other way of getting the sip_code column filled if it is done JUST 
when the INVITE arrives.

If ...

UAC1      <->  P1                 <-> UAC2
INV          >  setflag(ACC)    >

And just when the INV arrives at P1 it generates the ACC record, that leave 
you on a situation that you will need 2 ACC ops to get the correct ACC 
record, one for writting down the INV ACC record, and other one when the 
reply (or the timeout) comes back, so you could update the INV ACC record for 
filling the sip_reason field.

I repeat .. I have not checked the source code, but for me the ACC record is 
better generated when you have the reply or timeout for the INV request, this 
is why the original poster does not get any ACC record on his DB, because it 
only t_replicate the INVITE and the BYE, so it will never get the replies, 
because he is not getting into the SIP-Path.

--

-- 
Raúl Alexis Betancor Santana
Dimensión Virtual

_______________________________________________
Users mailing list
Users <at> lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Iñaki Baz Castillo | 3 Jun 23:28 2009
Picon

Re: [OpenSIPS-Users] Off route server CDR recording

El Miércoles, 3 de Junio de 2009, Raúl Alexis Betancor Santana escribió:

> > ACC module provides script functions to generate accounting (log, db,
> > radius. diameter) when processing the request:
> >
> > http://kamailio.org/docs/modules/1.5.x/acc.html#id2507007
> >
> > Regards.
>
> I have not checked the source Iñaki, but I feal that it generates the the
> ACC records on reply or when the tm timer fires the sip-timeout, because
> there are no other way of getting the sip_code column filled if it is done
> JUST when the INVITE arrives.

Yes, I also think the same since the function doesn't offer parameters to set 
the "sip_code" and so. However, I remember testing it and it worked.

> I repeat .. I have not checked the source code, but for me the ACC record
> is better generated when you have the reply or timeout for the INV request,
> this is why the original poster does not get any ACC record on his DB,
> because it only t_replicate the INVITE and the BYE, so it will never get
> the replies, because he is not getting into the SIP-Path.

Of course 100% agree.

--

-- 
Iñaki Baz Castillo <ibc <at> aliax.net>

_______________________________________________
Users mailing list
Users <at> lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Dan Pascu | 4 Jun 01:44 2009

Re: [OpenSIPS-Users] Good intro to mediaproxy setup?

You seem to be mixing different versions of the dispatcher and the  
relay. Stick with the latest for both

On 3 Jun 2009, at 19:43, Matti Zemack wrote:

> Hi all,
>
> Could anyone please point me in the direction of a setup guide  
> regarding mediaproxy.
> I seem to get some sort of TLS problem between a dispatcher and the  
> relay...
>
> Just trying the simple demo setup.
>
> Any help much appreciated.
>
>
> Mediaproxy-relay syslog output;
> Jun  3 12:10:43 mediaproxy media-relay[32632]: debug: Connected to  
> dispatcher at 172.16.245.128:25060
> Jun  3 12:11:23 mediaproxy media-relay[32632]: error: missed 3  
> keepalive answers in a row. assuming the connection is down.
> Jun  3 12:11:23 mediaproxy media-relay[32632]: error: Connection  
> with dispatcher at 172.16.245.128:25060 was lost: TCP connection  
> timed out.
> Jun  3 12:11:25 mediaproxy media-relay[32632]: debug: Connected to  
> dispatcher at 172.16.245.128:25060
> Jun  3 12:12:05 mediaproxy media-relay[32632]: error: missed 3  
> keepalive answers in a row. assuming the connection is down.
> Jun  3 12:12:05 mediaproxy media-relay[32632]: error: Connection  
> with dispatcher at 172.16.245.128:25060 was lost: TCP connection  
> timed out.
> Jun  3 12:12:06 mediaproxy media-relay[32632]: debug: Connected to  
> dispatcher at 172.16.245.128:25060
>
> Mediaproxy-dispatcher syslog output;
> Jun  3 18:25:10 voipserver media-dispatcher[5732]: error: Could not  
> decode reply from relay 172.16.1.24: ping
> Jun  3 18:25:19 voipserver media-dispatcher[5732]: error: Could not  
> decode reply from relay 172.16.1.24: ping
> Jun  3 18:25:29 voipserver media-dispatcher[5732]: error: Could not  
> decode reply from relay 172.16.1.24: ping
> Jun  3 18:25:39 voipserver media-dispatcher[5732]: error: Connection  
> with relay at 172.16.1.24 was lost: A TLS packet with unexpected  
> length was received.
> Jun  3 18:25:51 voipserver media-dispatcher[5732]: error: Could not  
> decode reply from relay 172.16.1.24: ping
> Jun  3 18:26:01 voipserver media-dispatcher[5732]: error: Could not  
> decode reply from relay 172.16.1.24: ping
> Jun  3 18:26:11 voipserver media-dispatcher[5732]: error: Could not  
> decode reply from relay 172.16.1.24: ping
> Jun  3 18:26:21 voipserver media-dispatcher[5732]: error: Connection  
> with relay at 172.16.1.24 was lost: A TLS packet with unexpected  
> length was received.
>
>
> Best Regards,
> Matti Zemack, Stockhlm, Sweden
>
> _______________________________________________
> Users mailing list
> Users@...
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

--
Dan
Leon Li | 4 Jun 08:57 2009
Picon

[OpenSIPS-Users] No RADIUS traffic

Hi,

 

I am try to use RADIUS server. However, after configuration, I found there is no RADIUS traffic at all.

 

Log shows:

Jun  4 06:45:59  /usr/local/sbin/openser[396]: rc_avpair_new: unknown attribute 5

Jun  4 06:45:59  /usr/local/sbin/openser[396]: ERROR:auth_radius:radius_authorize_sterman: rc_auth failed

 

But nothing on RADIUS server end.

 

OpenSIPs + radiusclient-ng on one box and RADIUS is on another.

 

My radiusclient.conf is like:

 

# General settings

 

# specify which authentication comes first respectively which

# authentication is used. possible values are: "radius" and "local".

# if you specify "radius,local" then the RADIUS server is asked

# first then the local one. if only one keyword is specified only

# this server is asked.

auth_order      radius,local

 

# maximum login tries a user has

login_tries     4

 

# timeout for all login tries

# if this time is exceeded the user is kicked out

login_timeout   60

 

# name of the nologin file which when it exists disables logins.

# it may be extended by the ttyname which will result in

# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable

# logins on /dev/ttyS2)

nologin /etc/nologin

 

# name of the issue file. it's only display when no username is passed

# on the radlogin command line

issue   /usr/local/etc/radiusclient-ng/issue

 

# RADIUS settings

 

# RADIUS server to use for authentication requests. this config

# item can appear more then one time. if multiple servers are

# defined they are tried in a round robin fashion if one

# server is not answering.

# optionally you can specify a the port number on which is remote

# RADIUS listens separated by a colon from the hostname. if

# no port is specified /etc/services is consulted of the radius

# service. if this fails also a compiled in default is used.

authserver      202.158.212.103:1812

 

# RADIUS server to use for accouting requests. All that I

# said for authserver applies, too.

#

acctserver      202.158.212.103:1813

 

# file holding shared secrets used for the communication

# between the RADIUS client and server

servers         /usr/local/etc/radiusclient-ng/servers

 

# dictionary of allowed attributes and values

# just like in the normal RADIUS distributions

dictionary      /usr/local/etc/radiusclient-ng/dictionary

 

# program to call for a RADIUS authenticated login

login_radius    /usr/local/sbin/login.radius

 

# file which holds sequence number for communication with the

# RADIUS server

seqfile         /var/run/radius.seq

 

# file which specifies mapping between ttyname and NAS-Port attribute

mapfile         /usr/local/etc/radiusclient-ng/port-id-map

 

# default authentication realm to append to all usernames if no

# realm was explicitly specified by the user

# the radiusd directly form Livingston doesnt use any realms, so leave

# it blank then

default_realm

#aarnet.edu.au

 

# time to wait for a reply from the RADIUS server

radius_timeout  10

 

# resend request this many times before trying the next server

radius_retries  3

 

# local address from which radius packets have to be sent

bindaddr *

 

# LOCAL settings

 

# program to execute for local login

# it must support the -f flag for preauthenticated login

login_local     /bin/login

 

Any suggestion will be appreciated.

 

Thanks

Leon

 

 

_______________________________________________
Users mailing list
Users@...
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Gmane