Hi, the current status is following:
=> OpenIMS-Core: - all OpenIMS module compile using Kamailio - "make deb" (i have added "deb-lenny" and "deb-squeeze" targets as well) will build the standard kamailio packages and a new "kamailio-ims-modules" package - You need to adapt the configuration of the OpenIMS-P-CSCF a little, to make it work (basically change some paths); i will add a working config next week - so far, i did only test the P-CSCF-setup with Kamailio, tests of the I-/S-CSCF-modules should will follow in the next days (+ i will add configurations for those components to the branch) - we have a testsetup in place, consisting of the "original" OpenIMS P-/I- and S-CSCF, the Kamailio replacements, a presence/XCAP-server (to make the setup more interesting, thanks to Daniel for his great howto on asipto.com) and the FHoSS. All systems run on dedicated (virtual) machines. - as soon as there is more progress, i can make our repository for debian lenny accessible from the outside world (it currently just has a private IP) => OpenHSS.org (as a FHoSS-Replacement): - a year ago, i started to develop a replacement for Java FHoSS: openhss.org (which would be a direct port from the FHoSS to C with CDP) - due to personal changes (new job, 5 days a week a new city), i "paused" the development - But now, there is good news: I found someone, who will finish the development: Brian "edge" Edginton (http://www.ng-voice.com/our-team/brian/) The full roadmap can be found here: http://www.ng-voice.com/our-solution/roadmap/ (it contains such "ugly" points as add documentation ;-) ) The goal of the project is to create a stable, fast, open-source, feature-rich IMS implementation based on Kamailio and the OpenIMS-Core. For latest updates on our development, please visit our blog: http://www.ng-voice.com/ Kind regards, Carsten 2011/1/7 Daniel-Constantin Mierla <mico...@gmail.com>: > Btw, fyi, Carsten Bock is working on Git branch 'cartenbock/ims' for making > straightforward usage of openimscore modules with latest kamailio. If you > are interested in this kind of platform, maybe you should fetch that branch, > help testing and integration work. > > Cheers, > Daniel > > On 12/3/10 10:56 AM, "Andrés S. García Ruiz" wrote: >> >> >> It works now! Thanks a lot! >> >> Regards, >> Andrés. >> >> El 30/11/10 21:56, Daniel-Constantin Mierla escribió: >>> >>> Hello, >>> >>> the comments at the beginning of the configuration files tells you more >>> about how some features are enabled/disabled. I assume you read them as you >>> enabled authenitcation (by default is disabled) -- you have #!define >>> WITH_AUTH. >>> >>> Maybe in your particular case the best solution is to enable IP >>> authentication and add the IP address of OpenIMSCore in address table with >>> group id 1. >>> >>> Cheers, >>> Daniel >>> >>> On 11/29/10 3:27 PM, "Andrés S. García Ruiz" wrote: >>>> >>>> Thanks for your comment, >>>> >>>> This is my configuration, could you please tell me how to disable >>>> authentication? >>>> >>>> #!KAMAILIO >>>> # >>>> # Kamailio (OpenSER) SIP Server v3.1 - default configuration script >>>> # - web: http://www.kamailio.org >>>> # - git: http://sip-router.org >>>> # >>>> # Direct your questions about this file to: >>>> <sr-users@lists.sip-router.org> >>>> # >>>> # Refer to the Core CookBook at >>>> http://www.kamailio.org/dokuwiki/doku.php >>>> # for an explanation of possible statements, functions and parameters. >>>> # >>>> # Several features can be enabled using '#!define WITH_FEATURE' >>>> directives: >>>> # >>>> # *** To run in debug mode: >>>> # - define WITH_DEBUG >>>> # >>>> # *** To enable mysql: >>>> # - define WITH_MYSQL >>>> # >>>> # *** To enable authentication execute: >>>> # - enable mysql >>>> # - define WITH_AUTH >>>> # - add users using 'kamctl' >>>> # >>>> # *** To enable IP authentication execute: >>>> # - enable mysql >>>> # - enable authentication >>>> # - define WITH_IPAUTH >>>> # - add IP addresses with group id '1' to 'address' table >>>> # >>>> # *** To enable persistent user location execute: >>>> # - enable mysql >>>> # - define WITH_USRLOCDB >>>> # >>>> # *** To enable presence server execute: >>>> # - enable mysql >>>> # - define WITH_PRESENCE >>>> # >>>> # *** To enable nat traversal execute: >>>> # - define WITH_NAT >>>> # - install RTPProxy: http://www.rtpproxy.org >>>> # - start RTPProxy: >>>> # rtpproxy -l _your_public_ip_ -s udp:localhost:7722 >>>> # >>>> # *** To enable PSTN gateway routing execute: >>>> # - define WITH_PSTN >>>> # - set the value of pstn.gw_ip >>>> # - check route[PSTN] for regexp routing condition >>>> # >>>> # *** To enable database aliases lookup execute: >>>> # - enable mysql >>>> # - define WITH_ALIASDB >>>> # >>>> # *** To enable multi-domain support execute: >>>> # - enable mysql >>>> # - define WITH_MULTIDOMAIN >>>> # >>>> # *** To enable TLS support execute: >>>> # - adjust CFGDIR/tls.cfg as needed >>>> # - define WITH_TLS >>>> # >>>> # *** To enable XMLRPC support execute: >>>> # - define WITH_XMLRPC >>>> # - adjust route[XMLRPC] for access policy >>>> # >>>> # *** To enable anti-flood detection execute: >>>> # - adjust pike and htable=>ipban settings as needed (default is >>>> # block if more than 16 requests in 2 seconds and ban for 300 >>>> seconds) >>>> # - define WITH_ANTIFLOOD >>>> # >>>> # *** To enhance accounting execute: >>>> # - enable mysql >>>> # - define WITH_ACCDB >>>> # - add following columns to database >>>> #!ifdef ACCDB_COMMENT >>>> ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT ''; >>>> ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT ''; >>>> ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT ''; >>>> ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT ''; >>>> ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT ''; >>>> ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL >>>> DEFAULT ''; >>>> ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL >>>> DEFAULT ''; >>>> ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL >>>> DEFAULT ''; >>>> ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL >>>> DEFAULT ''; >>>> ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL >>>> DEFAULT ''; >>>> #!endif >>>> >>>> ####### Defined Values ######### >>>> >>>> #!define WITH_DEBUG >>>> #!define WITH_AUTH >>>> #!define WITH_MYSQL >>>> #!define WITH_USRLOCDB >>>> >>>> # *** Value defines - IDs used later in config >>>> #!ifdef WITH_MYSQL >>>> # - database URL - used to connect to database server by modules such >>>> # as: auth_db, acc, usrloc, a.s.o. >>>> #!define DBURL "mysql://openser:opense...@localhost/openser" >>>> #!endif >>>> #!ifdef WITH_MULTIDOMAIN >>>> # - the value for 'use_domain' parameters >>>> #!define MULTIDOMAIN 1 >>>> #!else >>>> #!define MULTIDOMAIN 0 >>>> #!endif >>>> >>>> # - flags >>>> # FLT_ - per transaction (message) flags >>>> # FLB_ - per branch flags >>>> #!define FLT_ACC 1 >>>> #!define FLT_ACCMISSED 2 >>>> #!define FLT_ACCFAILED 3 >>>> #!define FLT_NATS 5 >>>> >>>> #!define FLB_NATB 6 >>>> #!define FLB_NATSIPPING 7 >>>> >>>> ####### Global Parameters ######### >>>> >>>> #!ifdef WITH_DEBUG >>>> debug=4 >>>> log_stderror=yes >>>> #!else >>>> debug=2 >>>> log_stderror=no >>>> #!endif >>>> >>>> memdbg=5 >>>> memlog=5 >>>> >>>> log_facility=LOG_LOCAL0 >>>> >>>> fork=yes >>>> children=4 >>>> >>>> /* uncomment the next line to disable TCP (default on) */ >>>> #disable_tcp=yes >>>> >>>> >>>> /* uncomment the next line to disable the auto discovery of local >>>> aliases >>>> based on reverse DNS on IPs (default on) */ >>>> #auto_aliases=no >>>> >>>> /* add local domain aliases */ >>>> alias="open-ims.test" >>>> >>>> /* uncomment and configure the following line if you want Kamailio to >>>> bind on a specific interface/port/proto (default bind on all >>>> available) */ >>>> #listen=udp:10.0.0.10:5060 >>>> >>>> /* port to listen to >>>> * - can be specified more than once if needed to listen on many ports >>>> */ >>>> port=5060 >>>> >>>> #!ifdef WITH_TLS >>>> enable_tls=yes >>>> #!endif >>>> >>>> ####### Custom Parameters ######### >>>> >>>> # These parameters can be modified runtime via RPC interface >>>> # - see the documentation of 'cfg_rpc' module. >>>> # >>>> # Format: group.id = value 'desc' description >>>> # Access: $sel(cfg_get.group.id) or @cfg_get.group.id >>>> # >>>> >>>> #!ifdef WITH_PSTN >>>> # PSTN GW Routing >>>> # >>>> # - pstn.gw_ip: valid IP or hostname as string value, example: >>>> # pstn.gw_ip = "10.0.0.101" desc "My PSTN GW Address" >>>> # >>>> # - by default is empty to avoid misrouting >>>> pstn.gw_ip = "" desc "PSTN GW Address" >>>> #!endif >>>> >>>> >>>> ####### Modules Section ######## >>>> >>>> # set paths to location of modules >>>> #!ifdef LOCAL_TEST_RUN >>>> mpath="modules_k:modules" >>>> #!else >>>> >>>> mpath="/usr/local/lib/kamailio/modules_k/:/usr/local/lib/kamailio/modules/" >>>> #!endif >>>> >>>> #!ifdef WITH_MYSQL >>>> loadmodule "db_mysql.so" >>>> #!endif >>>> >>>> loadmodule "mi_fifo.so" >>>> loadmodule "kex.so" >>>> loadmodule "tm.so" >>>> loadmodule "tmx.so" >>>> loadmodule "sl.so" >>>> loadmodule "rr.so" >>>> loadmodule "pv.so" >>>> loadmodule "maxfwd.so" >>>> loadmodule "usrloc.so" >>>> loadmodule "registrar.so" >>>> loadmodule "textops.so" >>>> loadmodule "siputils.so" >>>> loadmodule "xlog.so" >>>> loadmodule "sanity.so" >>>> loadmodule "ctl.so" >>>> loadmodule "mi_rpc.so" >>>> loadmodule "acc.so" >>>> >>>> #!ifdef WITH_AUTH >>>> loadmodule "auth.so" >>>> loadmodule "auth_db.so" >>>> #!ifdef WITH_IPAUTH >>>> loadmodule "permissions.so" >>>> #!endif >>>> #!endif >>>> >>>> #!ifdef WITH_ALIASDB >>>> loadmodule "alias_db.so" >>>> #!endif >>>> >>>> #!ifdef WITH_MULTIDOMAIN >>>> loadmodule "domain.so" >>>> #!endif >>>> >>>> #!ifdef WITH_PRESENCE >>>> loadmodule "presence.so" >>>> loadmodule "presence_xml.so" >>>> #!endif >>>> >>>> #!ifdef WITH_NAT >>>> loadmodule "nathelper.so" >>>> loadmodule "rtpproxy.so" >>>> #!endif >>>> >>>> #!ifdef WITH_TLS >>>> loadmodule "tls.so" >>>> #!endif >>>> >>>> #!ifdef WITH_ANTIFLOOD >>>> loadmodule "htable.so" >>>> loadmodule "pike.so" >>>> #!endif >>>> >>>> #!ifdef WITH_XMLRPC >>>> loadmodule "xmlrpc.so" >>>> #!endif >>>> >>>> # ----------------- setting module-specific parameters --------------- >>>> >>>> >>>> # ----- mi_fifo params ----- >>>> modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo") >>>> >>>> >>>> # ----- tm params ----- >>>> # auto-discard branches from previous serial forking leg >>>> modparam("tm", "failure_reply_mode", 3) >>>> # default retransmission timeout: 30sec >>>> modparam("tm", "fr_timer", 30000) >>>> # default invite retransmission timeout after 1xx: 120sec >>>> modparam("tm", "fr_inv_timer", 120000) >>>> >>>> >>>> # ----- rr params ----- >>>> # add value to ;lr param to cope with most of the UAs >>>> modparam("rr", "enable_full_lr", 1) >>>> # do not append from tag to the RR (no need for this script) >>>> modparam("rr", "append_fromtag", 0) >>>> >>>> >>>> # ----- registrar params ----- >>>> modparam("registrar", "method_filtering", 1) >>>> /* uncomment the next line to disable parallel forking via location */ >>>> # modparam("registrar", "append_branches", 0) >>>> /* uncomment the next line not to allow more than 10 contacts per AOR */ >>>> #modparam("registrar", "max_contacts", 10) >>>> >>>> >>>> # ----- acc params ----- >>>> /* what special events should be accounted ? */ >>>> modparam("acc", "early_media", 0) >>>> modparam("acc", "report_ack", 0) >>>> modparam("acc", "report_cancels", 0) >>>> /* by default ww do not adjust the direct of the sequential requests. >>>> if you enable this parameter, be sure the enable "append_fromtag" >>>> in "rr" module */ >>>> modparam("acc", "detect_direction", 0) >>>> /* account triggers (flags) */ >>>> modparam("acc", "log_flag", FLT_ACC) >>>> modparam("acc", "log_missed_flag", FLT_ACCMISSED) >>>> modparam("acc", "log_extra", >>>> >>>> "src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd") >>>> modparam("acc", "failed_transaction_flag", FLT_ACCFAILED) >>>> /* enhanced DB accounting */ >>>> #!ifdef WITH_ACCDB >>>> modparam("acc", "db_flag", FLT_ACC) >>>> modparam("acc", "db_missed_flag", FLT_ACCMISSED) >>>> modparam("acc", "db_url", DBURL) >>>> modparam("acc", "db_extra", >>>> >>>> "src_user=$fU;src_domain=$fd;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd") >>>> #!endif >>>> >>>> >>>> # ----- usrloc params ----- >>>> /* enable DB persistency for location entries */ >>>> #!ifdef WITH_USRLOCDB >>>> modparam("usrloc", "db_url", DBURL) >>>> modparam("usrloc", "db_mode", 2) >>>> modparam("usrloc", "use_domain", MULTIDOMAIN) >>>> #!endif >>>> >>>> >>>> # ----- auth_db params ----- >>>> #!ifdef WITH_AUTH >>>> modparam("auth_db", "db_url", DBURL) >>>> modparam("auth_db", "calculate_ha1", yes) >>>> modparam("auth_db", "password_column", "password") >>>> modparam("auth_db", "load_credentials", "") >>>> modparam("auth_db", "use_domain", MULTIDOMAIN) >>>> >>>> # ----- permissions params ----- >>>> #!ifdef WITH_IPAUTH >>>> modparam("permissions", "db_url", DBURL) >>>> modparam("permissions", "db_mode", 1) >>>> #!endif >>>> >>>> #!endif >>>> >>>> >>>> # ----- alias_db params ----- >>>> #!ifdef WITH_ALIASDB >>>> modparam("alias_db", "db_url", DBURL) >>>> modparam("alias_db", "use_domain", MULTIDOMAIN) >>>> #!endif >>>> >>>> >>>> # ----- domain params ----- >>>> #!ifdef WITH_MULTIDOMAIN >>>> modparam("domain", "db_url", DBURL) >>>> # use caching >>>> modparam("domain", "db_mode", 1) >>>> # register callback to match myself condition with domains list >>>> modparam("domain", "register_myself", 1) >>>> #!endif >>>> >>>> >>>> #!ifdef WITH_PRESENCE >>>> # ----- presence params ----- >>>> modparam("presence", "db_url", DBURL) >>>> >>>> # ----- presence_xml params ----- >>>> modparam("presence_xml", "db_url", DBURL) >>>> modparam("presence_xml", "force_active", 1) >>>> #!endif >>>> >>>> >>>> #!ifdef WITH_NAT >>>> # ----- rtpproxy params ----- >>>> modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722") >>>> >>>> # ----- nathelper params ----- >>>> modparam("nathelper", "natping_interval", 30) >>>> modparam("nathelper", "ping_nated_only", 1) >>>> modparam("nathelper", "sipping_bflag", FLB_NATSIPPING) >>>> modparam("nathelper", "sipping_from", "sip:pin...@kamailio.org") >>>> >>>> # params needed for NAT traversal in other modules >>>> modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)") >>>> modparam("usrloc", "nat_bflag", FLB_NATB) >>>> #!endif >>>> >>>> >>>> #!ifdef WITH_TLS >>>> # ----- tls params ----- >>>> modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg") >>>> #!endif >>>> >>>> #!ifdef WITH_ANTIFLOOD >>>> # ----- pike params ----- >>>> modparam("pike", "sampling_time_unit", 2) >>>> modparam("pike", "reqs_density_per_unit", 16) >>>> modparam("pike", "remove_latency", 4) >>>> >>>> # ----- htable params ----- >>>> # ip ban htable with autoexpire after 5 minutes >>>> modparam("htable", "htable", "ipban=>size=8;autoexpire=300;") >>>> #!endif >>>> >>>> #!ifdef WITH_XMLRPC >>>> # ----- xmlrpc params ----- >>>> modparam("xmlrpc", "route", "XMLRPC"); >>>> modparam("xmlrpc", "url_match", "^/RPC") >>>> #!endif >>>> >>>> ####### Routing Logic ######## >>>> >>>> >>>> # Main SIP request routing logic >>>> # - processing of any incoming SIP request starts with this route >>>> route { >>>> >>>> # per request initial checks >>>> route(REQINIT); >>>> >>>> # NAT detection >>>> route(NAT); >>>> >>>> # handle requests within SIP dialogs >>>> route(WITHINDLG); >>>> >>>> ### only initial requests (no To tag) >>>> >>>> # CANCEL processing >>>> if (is_method("CANCEL")) >>>> { >>>> if (t_check_trans()) >>>> t_relay(); >>>> exit; >>>> } >>>> >>>> t_check_trans(); >>>> >>>> # authentication >>>> route(AUTH); >>>> >>>> # record routing for dialog forming requests (in case they are >>>> routed) >>>> # - remove preloaded route headers >>>> remove_hf("Route"); >>>> if (is_method("INVITE|SUBSCRIBE")) >>>> record_route(); >>>> >>>> # account only INVITEs >>>> if (is_method("INVITE")) >>>> { >>>> setflag(FLT_ACC); # do accounting >>>> } >>>> >>>> # dispatch requests to foreign domains >>>> route(SIPOUT); >>>> >>>> ### requests for my local domains >>>> >>>> # handle presence related requests >>>> route(PRESENCE); >>>> >>>> # handle registrations >>>> route(REGISTRAR); >>>> >>>> if ($rU==$null) >>>> { >>>> # request with no Username in RURI >>>> sl_send_reply("484","Address Incomplete"); >>>> exit; >>>> } >>>> >>>> # dispatch destinations to PSTN >>>> route(PSTN); >>>> >>>> # user location service >>>> route(LOCATION); >>>> >>>> route(RELAY); >>>> } >>>> >>>> >>>> route[RELAY] { >>>> #!ifdef WITH_NAT >>>> if (check_route_param("nat=yes")) { >>>> setbflag(FLB_NATB); >>>> } >>>> if (isflagset(FLT_NATS) || isbflagset(FLB_NATB)) { >>>> route(RTPPROXY); >>>> } >>>> #!endif >>>> >>>> /* example how to enable some additional event routes */ >>>> if (is_method("INVITE")) { >>>> #t_on_branch("BRANCH_ONE"); >>>> t_on_reply("REPLY_ONE"); >>>> t_on_failure("FAIL_ONE"); >>>> } >>>> >>>> if (!t_relay()) { >>>> sl_reply_error(); >>>> } >>>> exit; >>>> } >>>> >>>> # Per SIP request initial checks >>>> route[REQINIT] { >>>> #!ifdef WITH_ANTIFLOOD >>>> # flood dection from same IP and traffic ban for a while >>>> # be sure you exclude checking trusted peers, such as pstn gateways >>>> # - local host excluded (e.g., loop to self) >>>> if(src_ip!=myself) >>>> { >>>> if($sht(ipban=>$si)!=$null) >>>> { >>>> # ip is already blocked >>>> xdbg("request from blocked IP - $rm from $fu >>>> (IP:$si:$sp)\n"); >>>> exit; >>>> } >>>> if (!pike_check_req()) >>>> { >>>> xlog("L_ALERT","ALERT: pike blocking $rm from $fu >>>> (IP:$si:$sp)\n"); >>>> $sht(ipban=>$si) = 1; >>>> exit; >>>> } >>>> } >>>> #!endif >>>> >>>> if (!mf_process_maxfwd_header("10")) { >>>> sl_send_reply("483","Too Many Hops"); >>>> exit; >>>> } >>>> >>>> if(!sanity_check("1511", "7")) >>>> { >>>> xlog("Malformed SIP message from $si:$sp\n"); >>>> exit; >>>> } >>>> } >>>> >>>> # Handle requests within SIP dialogs >>>> route[WITHINDLG] { >>>> if (has_totag()) { >>>> # sequential request withing a dialog should >>>> # take the path determined by record-routing >>>> if (loose_route()) { >>>> if (is_method("BYE")) { >>>> setflag(FLT_ACC); # do accounting ... >>>> setflag(FLT_ACCFAILED); # ... even if the transaction >>>> fails >>>> } >>>> route(RELAY); >>>> } else { >>>> if (is_method("SUBSCRIBE") && uri == myself) { >>>> # in-dialog subscribe requests >>>> route(PRESENCE); >>>> exit; >>>> } >>>> if ( is_method("ACK") ) { >>>> if ( t_check_trans() ) { >>>> # no loose-route, but stateful ACK; >>>> # must be an ACK after a 487 >>>> # or e.g. 404 from upstream server >>>> t_relay(); >>>> exit; >>>> } else { >>>> # ACK without matching transaction ... ignore and >>>> discard >>>> exit; >>>> } >>>> } >>>> sl_send_reply("404","Not here"); >>>> } >>>> exit; >>>> } >>>> } >>>> >>>> # Handle SIP registrations >>>> route[REGISTRAR] { >>>> if (is_method("REGISTER")) >>>> { >>>> if(isflagset(FLT_NATS)) >>>> { >>>> setbflag(FLB_NATB); >>>> # uncomment next line to do SIP NAT pinging >>>> ## setbflag(FLB_NATSIPPING); >>>> } >>>> if (!save("location")) >>>> sl_reply_error(); >>>> >>>> exit; >>>> } >>>> } >>>> >>>> # USER location service >>>> route[LOCATION] { >>>> >>>> #!ifdef WITH_ALIASDB >>>> # search in DB-based aliases >>>> alias_db_lookup("dbaliases"); >>>> #!endif >>>> >>>> if (!lookup("location")) { >>>> switch ($rc) { >>>> case -1: >>>> case -3: >>>> t_newtran(); >>>> t_reply("404", "Not Found"); >>>> exit; >>>> case -2: >>>> sl_send_reply("405", "Method Not Allowed"); >>>> exit; >>>> } >>>> } >>>> >>>> # when routing via usrloc, log the missed calls also >>>> if (is_method("INVITE")) >>>> { >>>> setflag(FLT_ACCMISSED); >>>> } >>>> } >>>> >>>> # Presence server route >>>> route[PRESENCE] { >>>> if(!is_method("PUBLISH|SUBSCRIBE")) >>>> return; >>>> >>>> #!ifdef WITH_PRESENCE >>>> if (!t_newtran()) >>>> { >>>> sl_reply_error(); >>>> exit; >>>> }; >>>> >>>> if(is_method("PUBLISH")) >>>> { >>>> if($hdr(Sender)!= NULL) >>>> handle_publish("$hdr(Sender)"); >>>> else >>>> handle_publish(""); >>>> t_release(); >>>> } >>>> else >>>> if( is_method("SUBSCRIBE")) >>>> { >>>> handle_subscribe(); >>>> t_release(); >>>> } >>>> exit; >>>> #!endif >>>> >>>> # if presence enabled, this part will not be executed >>>> if (is_method("PUBLISH") || $rU==$null) >>>> { >>>> sl_send_reply("404", "Not here"); >>>> exit; >>>> } >>>> return; >>>> } >>>> >>>> # Authentication route >>>> route[AUTH] { >>>> #!ifdef WITH_AUTH >>>> if (is_method("REGISTER")) >>>> { >>>> # authenticate the REGISTER requests (uncomment to enable auth) >>>> if (!www_authorize("$td", "subscriber")) >>>> { >>>> www_challenge("$td", "0"); >>>> exit; >>>> } >>>> >>>> if ($au!=$tU) >>>> { >>>> sl_send_reply("403","Forbidden auth ID"); >>>> exit; >>>> } >>>> } else { >>>> >>>> #!ifdef WITH_IPAUTH >>>> if(allow_source_address()) >>>> { >>>> # source IP allowed >>>> return; >>>> } >>>> #!endif >>>> # authenticate if from local subscriber >>>> if (from_uri==myself) >>>> { >>>> if (!proxy_authorize("$fd", "subscriber")) { >>>> proxy_challenge("$fd", "0"); >>>> exit; >>>> } >>>> if (is_method("PUBLISH")) >>>> { >>>> if ($au!=$tU) { >>>> sl_send_reply("403","Forbidden auth ID"); >>>> exit; >>>> } >>>> } else { >>>> if ($au!=$fU) { >>>> sl_send_reply("403","Forbidden auth ID"); >>>> exit; >>>> } >>>> } >>>> >>>> consume_credentials(); >>>> # caller authenticated >>>> } else { >>>> # caller is not local subscriber, then check if it calls >>>> # a local destination, otherwise deny, not an open relay here >>>> if (!uri==myself) >>>> { >>>> sl_send_reply("403","Not relaying"); >>>> exit; >>>> } >>>> } >>>> } >>>> #!endif >>>> return; >>>> } >>>> >>>> # Caller NAT detection route >>>> route[NAT] { >>>> #!ifdef WITH_NAT >>>> force_rport(); >>>> if (nat_uac_test("19")) { >>>> if (method=="REGISTER") { >>>> fix_nated_register(); >>>> } else { >>>> fix_nated_contact(); >>>> } >>>> setflag(FLT_NATS); >>>> } >>>> #!endif >>>> return; >>>> } >>>> >>>> # RTPProxy control >>>> route[RTPPROXY] { >>>> #!ifdef WITH_NAT >>>> if (is_method("BYE")) { >>>> unforce_rtp_proxy(); >>>> } else if (is_method("INVITE")){ >>>> force_rtp_proxy(); >>>> } >>>> if (!has_totag()) add_rr_param(";nat=yes"); >>>> #!endif >>>> return; >>>> } >>>> >>>> # Routing to foreign domains >>>> route[SIPOUT] { >>>> if (!uri==myself) >>>> { >>>> append_hf("P-hint: outbound\r\n"); >>>> route(RELAY); >>>> } >>>> } >>>> >>>> # PSTN GW routing >>>> route[PSTN] { >>>> #!ifdef WITH_PSTN >>>> # check if PSTN GW IP is defined >>>> if (strempty($sel(cfg_get.pstn.gw_ip))) { >>>> xlog("SCRIPT: PSTN rotuing enabled but pstn.gw_ip not >>>> defined\n"); >>>> return; >>>> } >>>> >>>> # route to PSTN dialed numbers starting with '+' or '00' >>>> # (international format) >>>> # - update the condition to match your dialing rules for PSTN routing >>>> if(!($rU=~"^(\+|00)[1-9][0-9]{3,20}$")) >>>> return; >>>> >>>> # only local users allowed to call >>>> if(from_uri!=myself) { >>>> sl_send_reply("403", "Not Allowed"); >>>> exit; >>>> } >>>> >>>> $ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip); >>>> >>>> route(RELAY); >>>> exit; >>>> #!endif >>>> >>>> return; >>>> } >>>> >>>> # XMLRPC routing >>>> #!ifdef WITH_XMLRPC >>>> route[XMLRPC] >>>> { >>>> # allow XMLRPC from localhost >>>> if ((method=="POST" || method=="GET") >>>> && (src_ip==127.0.0.1)) { >>>> # close connection only for xmlrpclib user agents (there is a bug >>>> in >>>> # xmlrpclib: it waits for EOF before interpreting the response). >>>> if ($hdr(User-Agent) =~ "xmlrpclib") >>>> set_reply_close(); >>>> set_reply_no_connect(); >>>> dispatch_rpc(); >>>> exit; >>>> } >>>> send_reply("403", "Forbidden"); >>>> exit; >>>> } >>>> #!endif >>>> >>>> # Sample branch router >>>> branch_route[BRANCH_ONE] { >>>> xdbg("new branch at $ru\n"); >>>> } >>>> >>>> # Sample onreply route >>>> onreply_route[REPLY_ONE] { >>>> xdbg("incoming reply\n"); >>>> #!ifdef WITH_NAT >>>> if ((isflagset(FLT_NATS) || isbflagset(FLB_NATB)) >>>> && status=~"(183)|(2[0-9][0-9])") { >>>> force_rtp_proxy(); >>>> } >>>> if (isbflagset("6")) { >>>> fix_nated_contact(); >>>> } >>>> #!endif >>>> } >>>> >>>> # Sample failure route >>>> failure_route[FAIL_ONE] { >>>> #!ifdef WITH_NAT >>>> if (is_method("INVITE") >>>> && (isbflagset(FLB_NATB) || isflagset(FLT_NATS))) { >>>> unforce_rtp_proxy(); >>>> } >>>> #!endif >>>> >>>> if (t_is_canceled()) { >>>> exit; >>>> } >>>> >>>> # uncomment the following lines if you want to block client >>>> # redirect based on 3xx replies. >>>> ##if (t_check_status("3[0-9][0-9]")) { >>>> ##t_reply("404","Not found"); >>>> ## exit; >>>> ##} >>>> >>>> # uncomment the following lines if you want to redirect the failed >>>> # calls to a different new destination >>>> ##if (t_check_status("486|408")) { >>>> ## sethostport("192.168.2.100:5060"); >>>> ## append_branch(); >>>> ## # do not set the missed call flag again >>>> ## t_relay(); >>>> ##} >>>> } >>>> >>>> >>>> Thanks a lot, >>>> Andrés. >>>> >>>> El 29/11/2010 15:15, Klaus Darilion escribió: >>>>> >>>>> If you do not want to authenticate the requests then disable >>>>> authentication kamailio.cfg >>>>> >>>>> regards >>>>> Klaus >>>>> >>>>> Am 29.11.2010 12:53, schrieb "Andrés S. García Ruiz": >>>>>> >>>>>> Hi everybody, >>>>>> >>>>>> I'm trying to deploy an IMS network with OpenIMSCore and Kamailio. >>>>>> Since >>>>>> OpenIMSCore has been already tested along with Mobicents, now I want >>>>>> substitute Mobicents for Kamailio. I've also successfully installed >>>>>> Kamailio. I can run it without any problem, but when SIP Publish >>>>>> messages arrive at Kamalio, it answers with "407 Proxy Authentication >>>>>> Required". The IMS presentity is already registered against the >>>>>> OpenIMSCore. How can I solve that problem? >>>>>> >>>>>> The publish message sent: >>>>>> >>>>>> PUBLISH sip:testuse...@open-ims.test SIP/2.0 >>>>>> Route: <sip:ciervo.inf.um.es:5060;lr>, >>>>>> >>>>>> <sip:iscm...@scscf.open-ims.test:6060;lr;s=1;h=0;d=0;a=7369703a74657374757365723031406f70656e2d696d732e74657374> >>>>>> >>>>>> Call-ID: K28QO9PYAE5vn3RNdYOkIEddMEd6yDiqeAW7DwSt6XV. >>>>>> CSeq: 1 PUBLISH >>>>>> From: "testuser01" <sip:testuse...@open-ims.test>;tag=ff123bda >>>>>> To: "testuser01" <sip:testuse...@open-ims.test> >>>>>> Via: SIP/2.0/UDP 155.54.210.135:6060;branch=z9hG4bKa31a.6cba1cd2.0 >>>>>> Via: SIP/2.0/UDP 155.54.210.134:4060;branch=z9hG4bKa31a.71481d13.0;i=1 >>>>>> Via: SIP/2.0/TCP >>>>>> >>>>>> 155.54.190.166:8060;rport=41624;branch=z9hG4bK-d8754z-ce7487ff34be55f9-1---d8754z- >>>>>> >>>>>> Max-Forwards: 15 >>>>>> Content-Type: application/pidf+xml >>>>>> Expires: 30000 >>>>>> Event: presence >>>>>> Contact: <sip:testuse...@155.54.190.166:8060> >>>>>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, >>>>>> SUBSCRIBE, INFO >>>>>> User-Agent: X-Lite IMS-OSGi-Client 0.1 >>>>>> CVS-Mon_Nov_29_10-14-33_CET_2010 >>>>>> Content-Length: 451 >>>>>> P-Asserted-Identity: <sip:testuse...@open-ims.test> >>>>>> P-Charging-Vector: >>>>>> >>>>>> icid-value="P-CSCFabcd000000004cf3708400000002";icid-generated-at=155.54.210.134;orig-ioi="open-ims.test" >>>>>> >>>>>> >>>>>> <?xml version='1.0' encoding='UTF-8'?><presence >>>>>> xmlns='urn:ietf:params:xml:ns:pidf' >>>>>> xmlns:c='urn:ietf:params:xml:ns:pidf:cipid' >>>>>> xmlns:dm='urn:ietf:params:xml:ns:pidf:data-model' >>>>>> xmlns:rpid='urn:ietf:params:xml:ns:pidf:rpid' >>>>>> entity='sip:testuse...@open-ims.test'><tuple >>>>>> id='t6b9a6ab3'><status><basic>open</basic></status></tuple><dm:person >>>>>> >>>>>> id='p34b126e5'><rpid:activities><rpid:Online/></rpid:activities><dm:note>Online</dm:note></dm:person></presence> >>>>>> >>>>>> >>>>>> >>>>>> Kamailio answer: >>>>>> SIP/2.0 407 Proxy Authentication Required >>>>>> Call-ID: K28QO9PYAE5vn3RNdYOkIEddMEd6yDiqeAW7DwSt6XV. >>>>>> CSeq: 1 PUBLISH >>>>>> From: "testuser01" <sip:testuse...@open-ims.test>;tag=ff123bda >>>>>> To: "testuser01" >>>>>> >>>>>> <sip:testuse...@open-ims.test>;tag=b27e1a1d33761e85846fc98f5f3a7e58.3d3a >>>>>> Via: SIP/2.0/UDP 155.54.210.135:6060;branch=z9hG4bKa31a.6cba1cd2.0 >>>>>> Via: SIP/2.0/UDP 155.54.210.134:4060;branch=z9hG4bKa31a.71481d13.0;i=1 >>>>>> Via: SIP/2.0/TCP >>>>>> >>>>>> 155.54.190.166:8060;rport=41624;branch=z9hG4bK-d8754z-ce7487ff34be55f9-1---d8754z- >>>>>> >>>>>> Proxy-Authenticate: Digest realm="open-ims.test", >>>>>> nonce="TPNwMkzzbwZRE1piAM8yHaXGsXvwS16v" >>>>>> Server: kamailio (3.1.0 (i386/linux)) >>>>>> Content-Length: 0 >>>>>> >>>>>> >>>>>> Kamailio log: >>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:628]: SIP Request: >>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:630]: method: <PUBLISH> >>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:632]: uri: >>>>>> <sip:testuse...@open-ims.test> >>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:634]: version: <SIP/2.0> >>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:165]: get_hdr_field: cseq >>>>>> <CSeq>: <1> <PUBLISH> >>>>>> 5(15391) DEBUG: <core> [parser/parse_to.c:803]: end of header reached, >>>>>> state=10 >>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:185]: DEBUG: >>>>>> get_hdr_field: >>>>>> <To> [45]; uri=[sip:testuse...@open-ims.test] >>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:187]: DEBUG: to body >>>>>> ["testuser01" <sip:testuse...@open-ims.test> >>>>>> ] >>>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type >>>>>> 232, >>>>>> <branch> = <z9hG4bKa31a.6cba1cd2.0>; state=16 >>>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:2300]: end of header >>>>>> reached, >>>>>> state=5 >>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:513]: parse_headers: Via >>>>>> found, flags=2 >>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:515]: parse_headers: this >>>>>> is >>>>>> the first via >>>>>> 5(15391) DEBUG: <core> [receive.c:145]: After parse_msg... >>>>>> 5(15391) DEBUG: <core> [receive.c:186]: preparing to run routing >>>>>> scripts... >>>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type >>>>>> 232, >>>>>> <branch> = <z9hG4bKa31a.71481d13.0>; state=6 >>>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type >>>>>> 236, >>>>>> <i> = <1>; state=16 >>>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:2300]: end of header >>>>>> reached, >>>>>> state=5 >>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:513]: parse_headers: Via >>>>>> found, flags=100 >>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:526]: parse_headers: this >>>>>> is >>>>>> the second via >>>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type >>>>>> 235, >>>>>> <rport> = <41624>; state=6 >>>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:1287]: Found param type >>>>>> 232, >>>>>> <branch> = <z9hG4bK-d8754z-ce7487ff34be55f9-1---d8754z->; state=16 >>>>>> 5(15391) DEBUG: <core> [parser/parse_via.c:2300]: end of header >>>>>> reached, >>>>>> state=5 >>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:513]: parse_headers: Via >>>>>> found, flags=100 >>>>>> 5(15391) DEBUG: maxfwd [mf_funcs.c:85]: value = 15 >>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:199]: DEBUG: get_hdr_body >>>>>> : >>>>>> content_length=451 >>>>>> 5(15391) DEBUG: <core> [parser/msg_parser.c:101]: found end of header >>>>>> 5(15391) DEBUG: <core> [parser/parse_to.c:174]: DEBUG: add_param: >>>>>> tag=ff123bda >>>>>> 5(15391) DEBUG: <core> [parser/parse_to.c:803]: end of header reached, >>>>>> state=29 >>>>>> 5(15391) DEBUG: sanity [mod_sanity.c:217]: all sanity checks passed >>>>>> 5(15391) DEBUG: siputils [checks.c:73]: no totag >>>>>> 5(15391) DEBUG: tm [t_lookup.c:1081]: DEBUG: t_check_msg: msg id=1 >>>>>> global id=0 T start=0xffffffff >>>>>> 5(15391) DEBUG: tm [t_lookup.c:528]: t_lookup_request: start >>>>>> searching: >>>>>> hash=41274, isACK=0 >>>>>> 5(15391) DEBUG: tm [t_lookup.c:485]: DEBUG: RFC3261 transaction >>>>>> matching >>>>>> failed >>>>>> 5(15391) DEBUG: tm [t_lookup.c:711]: DEBUG: t_lookup_request: no >>>>>> transaction found >>>>>> 5(15391) DEBUG: tm [t_lookup.c:1150]: DEBUG: t_check_msg: msg id=1 >>>>>> global id=1 T end=(nil) >>>>>> 5(15391) DEBUG: <core> [socket_info.c:501]: grep_sock_info - checking >>>>>> if >>>>>> host==us: 13==9 && [open-ims.test] == [127.0.0.1] >>>>>> 5(15391) DEBUG: <core> [socket_info.c:504]: grep_sock_info - checking >>>>>> if >>>>>> port 5060 matches port 5060 >>>>>> 5(15391) DEBUG: <core> [socket_info.c:501]: grep_sock_info - checking >>>>>> if >>>>>> host==us: 13==14 && [open-ims.test] == [155.54.190.245] >>>>>> 5(15391) DEBUG: <core> [socket_info.c:504]: grep_sock_info - checking >>>>>> if >>>>>> port 5060 matches port 5060 >>>>>> 5(15391) DEBUG: <core> [socket_info.c:501]: grep_sock_info - checking >>>>>> if >>>>>> host==us: 13==9 && [open-ims.test] == [127.0.0.1] >>>>>> 5(15391) DEBUG: <core> [socket_info.c:504]: grep_sock_info - checking >>>>>> if >>>>>> port 5060 matches port 5060 >>>>>> 5(15391) DEBUG: <core> [socket_info.c:501]: grep_sock_info - checking >>>>>> if >>>>>> host==us: 13==14 && [open-ims.test] == [155.54.190.245] >>>>>> 5(15391) DEBUG: <core> [socket_info.c:504]: grep_sock_info - checking >>>>>> if >>>>>> port 5060 matches port 5060 >>>>>> 5(15391) DEBUG: auth_db [authorize.c:239]: realm value [open-ims.test] >>>>>> 5(15391) DEBUG: auth [api.c:85]: auth:pre_auth: Credentials with realm >>>>>> 'open-ims.test' not found >>>>>> 5(15391) DEBUG: auth_db [authorize.c:257]: not authenticated >>>>>> 5(15391) DEBUG: auth [challenge.c:102]: build_challenge_hf: >>>>>> realm='open-ims.test' >>>>>> 5(15391) DEBUG: auth [challenge.c:236]: auth: 'Proxy-Authenticate: >>>>>> Digest realm="open-ims.test", nonce="TPNwMkzzbwZRE1piAM8yHaXGsXvwS16v" >>>>>> ' >>>>>> 5(15391) DEBUG: sl [sl.c:278]: reply in stateless mode (sl) >>>>>> 5(15391) DEBUG: <core> [msg_translator.c:207]: >>>>>> check_via_address(155.54.210.135, 155.54.210.135, 0) >>>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list: >>>>>> destroying list (nil) >>>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list: >>>>>> destroying list (nil) >>>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list: >>>>>> destroying list (nil) >>>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list: >>>>>> destroying list (nil) >>>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list: >>>>>> destroying list (nil) >>>>>> 5(15391) DEBUG: <core> [usr_avp.c:646]: DEBUG:destroy_avp_list: >>>>>> destroying list (nil) >>>>>> 5(15391) DEBUG: <core> [receive.c:289]: receive_msg: cleaning up >>>>>> >>>>>> >>>>>> Thanks in advance, >>>>>> Andrés. >>>>>> >>>> >>>> >>>> _______________________________________________ >>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >>>> sr-users@lists.sip-router.org >>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >>> >> >> >> _______________________________________________ >> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >> sr-users@lists.sip-router.org >> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > > -- > Daniel-Constantin Mierla > Kamailio (OpenSER) Advanced Training > Jan 24-26, 2011, Irvine, CA, USA > http://www.asipto.com > > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > -- Carsten Bock Schomburgstr. 80 22767 Hamburg Germany Mobile +49 179 2021244 Home +49 40 34927217 Büro (Verl) +49 5246 801427 Fax +49 40 34927218 mailto:cars...@bock.info _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
