Dominio y alias en OpenSIPS

Siguiendo el propósito original de estos escritos, continuamos con las configuraciones del proxy OpenSIPS. El post anterior trataba de autenticar los usuarios haciendo uso de MySQL, ahora agregaremos la función de manejar dominios y alias, por lo tanto deberemos realizar modificaciones a nuestro archivo de configuración el cual simbólicamente denominaremos opensips.cfg.3, el cual mostramos a continuación.

Tambien vamos a cambiar una linea en el archivo opensipsctlrc y modificaremos el primer parámetro definiendo el dominio que vamos a utilizar de manera predeterminada al agregar nuevos usuarios: “SIP_DOMAIN=trantor.demerzel.org”

####### Global Parameters #########
debug=3
log_stderror=no
log_facility=LOG_LOCAL0

fork=yes
children=4

port=5060

/* uncomment and configure the following line if you want opensips to bind on a specific interface/port/proto (default bind on all available) */
#listen=udp:192.9.200.161:5060

####### Modules Section ########

#set module path
mpath="/usr/local/lib/opensips/modules/"

/* uncomment next line for MySQL DB support */
loadmodule "db_mysql.so"
loadmodule "auth.so"
loadmodule "auth_db.so"
loadmodule "alias_db.so"
loadmodule "domain.so"
loadmodule "signaling.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"
loadmodule "uri.so"
loadmodule "xlog.so"
loadmodule "acc.so"

# ----- mi_fifo params -----
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
modparam("rr", "enable_full_lr", 1)
modparam("rr", "append_fromtag", 0)

# ----- usrloc params -----
modparam("usrloc", "db_mode",   0)

modparam("usrloc", "db_mode",   2)
modparam("usrloc", "db_url", "mysql://opensips:opensipsrw@localhost/opensips")


# ----- uri params -----
modparam("uri", "use_uri_table", 0)
# ----- acc params -----
/* what sepcial events should be accounted ? */
modparam("acc", "early_media", 1)
modparam("acc", "report_ack", 1)
modparam("acc", "report_cancels", 1)
modparam("acc", "detect_direction", 0)
modparam("acc", "failed_transaction_flag", 3)
modparam("acc", "log_flag", 1)
modparam("acc", "log_missed_flag", 2)
modparam("acc", "db_flag", 1)
modparam("acc", "db_missed_flag", 2)

modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("auth_db", "db_url", "mysql://opensips:opensipsrw@localhost/opensips")
modparam("auth_db", "load_credentials", "")

modparam("alias_db", "db_url", "mysql://opensips:opensipsrw@localhost/opensips")

modparam("domain", "db_url", "mysql://opensips:opensipsrw@localhost/opensips")
modparam("domain", "db_mode", 1)

route{

	if (!mf_process_maxfwd_header("10")) {
		sl_send_reply("483","Too Many Hops");
		exit;
	}

	if (has_totag()) {
		if (loose_route()) {
			if (is_method("BYE")) {
				setflag(1); # do accounting ...
				setflag(3); # ... even if the transaction fails
			} else if (is_method("INVITE")) {
				record_route();
			}
			route(1);
		} else {
			/* uncomment the following lines if you want to enable presence */
			if ( is_method("ACK") ) {
				if ( t_check_trans() ) {
					t_relay();
					exit;
				} else {
					exit;
				}
			}
			sl_send_reply("404","Not here");
		}
		exit;
	}

	if (is_method("CANCEL"))
	{
		if (t_check_trans())
			t_relay();
		exit;
	}

	t_check_trans();

	if (!(method=="REGISTER") && is_from_local())  /*multidomain version*/
        {
              if (!proxy_authorize("", "subscriber")) {
                      proxy_challenge("", "0");
                      exit;
              }
              if (!db_check_from()) {
                      sl_send_reply("403","Forbidden auth ID");
                      exit;
              }

              consume_credentials();
              # caller authenticated
        }


	if (loose_route()) {
		xlog("L_ERR",
		"Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
		if (!is_method("ACK"))
			sl_send_reply("403","Preload Route denied");
		exit;
	}

	# record routing
	if (!is_method("REGISTER|MESSAGE"))
		record_route();

	# account only INVITEs
	if (is_method("INVITE")) {
		setflag(1); # do accounting
	}

	if (!is_uri_host_local())
	{
        	if(is_from_local()) {
			route(1);
	        } else {
			sl_send_reply("403","Not here");
        	}
	}

	if (is_method("PUBLISH"))
	{
		sl_send_reply("503", "Service Unavailable");
		exit;
	}

	if (is_method("REGISTER"))
	{
                if (!www_authorize("", "subscriber"))
                {
                      www_challenge("", "0");
                      exit;
                }

                if (!db_check_to())
                {
                      sl_send_reply("403","Forbidden auth ID");
                      exit;
                }

		if (!save("location"))
			sl_reply_error();

		exit;
	}

	if ($rU==NULL) {
		# request with no Username in RURI
		sl_send_reply("484","Address Incomplete");
		exit;
	}

        # apply DB based aliases (uncomment to enable)
        alias_db_lookup("dbaliases");

	# do lookup with method filtering
	if (!lookup("location","m")) {
		switch ($retcode) {
			case -1:
			case -3:
				t_newtran();
				t_reply("404", "Not Found");
				exit;
			case -2:
				sl_send_reply("405", "Method Not Allowed");
				exit;
		}
	}
	# when routing via usrloc, log the missed calls also
	setflag(2);
	route(1);
}

route[1] {
	# for INVITEs enable some additional helper routes
	if (is_method("INVITE")) {
		t_on_branch("2");
		t_on_reply("2");
		t_on_failure("1");
	}

	if (!t_relay()) {
		sl_reply_error();
	};
	exit;
}

branch_route[2] {
	xlog("new branch at $run");
}


onreply_route[2] {
	xlog("incoming replyn");
}


failure_route[1] {
	if (t_was_cancelled()) {
		exit;
	}
}


Al iniciar OpenSIPS con este nuevo archivo de configuración y tratar de registrar a uno de nuestros usuarios obtendremos un mensaje de error “403 Not here”, esto sucede debido a que ya estamos haciendo uso del modulo domain, por lo tanto si no agregamos un dominio a nuestra base de datos los registros de nuestros usuarios no funcionaran así como diversas opciones que utilizaremos a futuro.

U 192.9.200.151:9112 -> 192.9.200.161:5060
REGISTER sip:trantor.demerzel.org SIP/2.0.
Via: SIP/2.0/UDP 192.9.200.151:9112;rport;branch=z9hG4bK1271529870.
From: ;tag=767316837.
To: .
Call-ID: 7740706.
CSeq: 1 REGISTER.
Contact: .
Max-Forwards: 70.
User-Agent: Linphone/2.1.1 (eXosip2/3.1.0).
Expires: 600.
Content-Length: 0.
.

U 192.9.200.161:5060 -> 192.9.200.151:9112
SIP/2.0 403 Not here.
Via: SIP/2.0/UDP 192.9.200.151:9112;rport=9112;branch=z9hG4bK1271529870.
From: ;tag=767316837.
To: ;tag=c97b4d1cb1f3d0da549e06a8d482ef63.df2e.
Call-ID: 7740706.
CSeq: 1 REGISTER.
Server: OpenSIPS (1.6.1-notls (i386/linux)).
Content-Length: 0.
.

U 192.9.200.161:5060 -> 192.9.200.151:9112
SIP/2.0 401 Unauthorized.
Via: SIP/2.0/UDP 192.9.200.151:9112;rport=9112;branch=z9hG4bK1271529870.
From: ;tag=767316837.
To: ;tag=c97b4d1cb1f3d0da549e06a8d482ef63.df2e.
Call-ID: 7740706.
CSeq: 1 REGISTER.
WWW-Authenticate: Digest realm="trantor.demerzel.org", nonce="4bb1141b0000000a01af2d1d63d119fab0100fa79ee937ec".
Server: OpenSIPS (1.6.1-notls (i386/linux)).
Content-Length: 0.
.

Agregamos el dominio a nuestra base de datos, y volvemos a registrar nuestro usario.

# opensipsctl domain add trantor.demerzel.org
INFO: execute '/usr/local/sbin/opensipsctl domain reload' to synchronize cache and database
# opensipsctl domain reload
# opensipsctl domain show
trantor.demerzel.org

Ahora con el dominio integrado no debe haber problema al registrar nuestros usuarios.

U 192.9.200.151:9112 -> 192.9.200.161:5060
REGISTER sip:trantor.demerzel.org SIP/2.0.
Via: SIP/2.0/UDP 192.9.200.151:9112;rport;branch=z9hG4bK1909185229.
From: ;tag=6334393.
To: .
Call-ID: 2049640879.
CSeq: 1 REGISTER.
Contact: .
Max-Forwards: 70.
User-Agent: Linphone/2.1.1 (eXosip2/3.1.0).
Expires: 600.
Content-Length: 0.
.

U 192.9.200.161:5060 -> 192.9.200.151:9112
SIP/2.0 401 Unauthorized.
Via: SIP/2.0/UDP 192.9.200.151:9112;rport=9112;branch=z9hG4bK1909185229.
From: ;tag=6334393.
To: ;tag=c97b4d1cb1f3d0da549e06a8d482ef63.1e25.
Call-ID: 2049640879.
CSeq: 1 REGISTER.
WWW-Authenticate: Digest realm="trantor.demerzel.org", nonce="4bb1147f0000000b27f40bc9986b6768b9e5eff7d803e607".
Server: OpenSIPS (1.6.1-notls (i386/linux)).
Content-Length: 0.
.

U 192.9.200.151:9112 -> 192.9.200.161:5060
REGISTER sip:trantor.demerzel.org SIP/2.0.
Via: SIP/2.0/UDP 192.9.200.151:9112;rport;branch=z9hG4bK8582808.
From: ;tag=6334393.
To: .
Call-ID: 2049640879.
CSeq: 2 REGISTER.
Contact: .
Authorization: Digest username="1002", realm="trantor.demerzel.org", nonce="4bb1147f0000000b27f40bc9986b6768b9e5eff7d803e607", uri="sip:trantor.demerzel.org", response="e6e9213c7b40f72f6fd24ad4931ee184", algorithm=MD5.
Max-Forwards: 70.
User-Agent: Linphone/2.1.1 (eXosip2/3.1.0).
Expires: 600.
Content-Length: 0.
.

U 192.9.200.161:5060 -> 192.9.200.151:9112
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 192.9.200.151:9112;rport=9112;branch=z9hG4bK8582808.
From: ;tag=6334393.
To: ;tag=c97b4d1cb1f3d0da549e06a8d482ef63.fba9.
Call-ID: 2049640879.
CSeq: 2 REGISTER.
Contact: ;expires=600.
Server: OpenSIPS (1.6.1-notls (i386/linux)).
Content-Length: 0.
.

Podemos crear alias para asociarlos con usuarios previamente registrados, por ejemplo con la finalidad de tener un nombre mas fácil para recordar, o el nombre desde nuestro softphone directamente de una libreta de direcciones o asociar un alias para determinados DID de algún enlace digital. Aquí estamos creando los alias gabriel y ernesto para los usuarios 1001 y 1002 respectivamente.

# opensipsctl alias_db add gabriel@trantor.demerzel.org 1001@trantor.demerzel.org
# opensipsctl alias_db add ernesto@trantor.demerzel.org 1002@trantor.demerzel.org
# opensipsctl alias_db list
Dumping all aliases may take long: do you want to proceed? [Y|N]
Y
Dumping all aliases...

+----------------+----------------------+----------+----------------------+
| alias_username | alias_domain         | username | domain               |
+----------------+----------------------+----------+----------------------+
| ernesto        | trantor.demerzel.org | 1002     | trantor.demerzel.org |
| gabriel        | trantor.demerzel.org | 1001     | trantor.demerzel.org |
+----------------+----------------------+----------+----------------------+

One thought on “Dominio y alias en OpenSIPS

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: