OpenSIPS DB-Authentication with Multi-Domain Support
Starting from the basics, I'm going to show how to use the factory default opensips.cfg file and make it use MySQL DB to authenticate any incoming SIP REGISTER attempt. The default file without any changes will successfully register any user with any password, which in most of the cases is obviously not required.open up the opensips.cfg file
root@Osips-SBC:~#vim /etc/opensips/opensips.cfg
Starting from enabling the required modules to be loaded
Un-comment (remove the #) this line to load the MySQL DB connector module
#loadmodule "db_mysql.so"
Uncomment these modules to load the authentication mechanism
#loadmodule "auth.so"
#loadmodule "auth_db.so"
#loadmodule "alias_db.so"
Uncomment the domain module to enable multi-domain support
#loadmodule "domain.so"
Enable the presence modules
#loadmodule "presence.so"
#loadmodule "presence_xml.so"
Set "usrloc" module parameters to save the SIP user-locations into MySQL DB persistently.
#modparam("usrloc", "db_mode", 2)
#modparam("usrloc", "db_url",
# "mysql://opensips:opensipsrw@localhost/opensips")
Set the authentication_db modules parameters to point to the desired Database.
#modparam("auth_db", "calculate_ha1", yes)
#modparam("auth_db", "password_column", "password")
#modparam("auth_db", "db_url",
# "mysql://opensips:opensipsrw@localhost/opensips")
#modparam("auth_db", "load_credentials", "")
Uncomment DB parameters of Aliases_DB module
#modparam("alias_db", "db_url",
# "mysql://opensips:opensipsrw@localhost/opensips")
Uncomment DB parameters of Domain module
#modparam("domain", "db_url",
# "mysql://opensips:opensipsrw@localhost/opensips")
#modparam("domain", "db_mode", 1) # Use caching
Enable modules to differentiate between different domains.
#modparam("auth_db|usrloc|uri", "use_domain", 1)
Set presence modules parameters.
#modparam("presence|presence_xml", "db_url",
# "mysql://opensips:opensipsrw@localhost/opensips")
#modparam("presence_xml", "force_active", 1)
#modparam("presence", "server_address", "sip:192.168.30.3:5060")
Now in the main route uncomment the following code blocks so that whenever we receive a REGISTER request it verifies its credentials (from DB). If you let these blocks commented any SIP REGISTER request will be successful without any verification.
This is required to authenticate the incoming methods except REGISTER, this is useful in case any undefined user(hacker) tries to make calls from your SIP-Proxy.
##if (!(method=="REGISTER") && is_from_local()) /*multidomain version*/
##{
## if (!proxy_authorize("", "subscriber")) {
## proxy_challenge("", "0");
## exit;
## }
## if (!db_check_from()) {
## sl_send_reply("403","Forbidden auth ID");
## exit;
## }
##
## consume_credentials();
## # caller authenticated
##}
NOTE: Don't uncomment the "# caller authenticated" line.
And this block needs to be uncommented to Authenticate REGISTER requests.
##if (!www_authorize("", "subscriber"))
##{
## www_challenge("", "0");
## exit;
##}
##
##if (!db_check_to())
##{
## sl_send_reply("403","Forbidden auth ID");
## exit;
##}
Once done, Save and Exit. Optionally its Always good to add few extra log lines to see whats going on inside your OpenSIPS. logs lines are important to debug and troubleshoot the configuration file.
xlog("L_NOTICE","[$pr:$fU@$si:$sp]: Processing '$rm' \n");
Put this line Just before the if conditions we uncommented above then save the file.
next thing is define SIP users in OpenSIPS DB
For this first edit the follwoing file.
root@Osips-SBC:~# vim /etc/opensips/opensipsctlrc
Set the SIP DOMAIN and OpenSIPS Database Username/Password.
## your SIP domain
SIP_DOMAIN=192.168.30.3
This will be default domain used if no domain at user definition time is given.
## database read/write user
DBRWUSER=opensips
## password for database read/write user
DBRWPW="opensipsrw"
Save and Exit
Add domains to be used by opensips
root@Osips-SBC:~#mysql -uopensips -popensipsrw opensips
mysql>insert into domain(domain,last_modified) VALUES ("192.16.30.3", now()) mysql>insert into domain(domain,last_modified) VALUES ("saevolgo.com", now())
Restart OpenSIPS
root@Osips-SBC:~#/etc/init.d/opensips restart
Now Add SIP Users.
root@Osips-SBC:~# opensipsctl add 10022 pass10022word new user '10022' added
root@Osips-SBC:~# opensipsctl add 10022@saevolgo.com passw0rd
new user '10022@saevolgo.com' added
Now try registering both users changing realm and password for both and make sure that 10022 user defined for realm "saevolgo.com" works with only its defined passw0rd and not with "pass10022word".
Thank you for sharing @@
ReplyDeletehi Gohar Ahmed.
ReplyDeletehelp me! please
when i use X-lite to make a call, it doesn't work. And wireshark capture that
192.168.1.33 192.168.1.36 SIP/SDP 998 Request: INVITE sip:123456@192.168.1.36, with session description
192.168.1.36 192.168.1.33 SIP 453 Status: 404 Not Found
192.168.1.33 192.168.1.36 SIP 394 Request: ACK sip:123456@192.168.1.36
It has something to do with the "123456", the To-User,part. When you dial it and if its not an online/REGISTERED users then you get this 404-Not Found.
Deletewhen I use X-lite connect to opensips
ReplyDeleteregistration error 401 unauthorized
Verify your Domain/Realm in your x-lite. Also make sure your are entering the right password for the right username. It has to be just these three things or your opensips' DB containing the "location" table is not online.
DeleteI am facing the same error can you help me Please...
DeleteI am using Xlite phone and its giving 401 Unauthorized...
Hi Husnain,
DeleteGood to see that you;ve reached the very end step of this tutorial. Please verify these things quickly.
1- You've defined the user in your DB.
2- You've configurations to use the DB for SIP REGISTERs.
3- The Domain is defined in your DB table domain.
4- The username/password + realm(Domain) is the same as step 1.
Print our any log files where you've the function save("location").
AFAIK the functions for www_authorize() have been changed in newer opensips 1.9 version, please confirm.
Let me know what you get.
--
Gohar
thank you very much !
ReplyDeletenow. my opensips is runing
thanks!
Finally :)
DeleteGood work.
can you install call forwarding on opensips ? thank very much !!
ReplyDeletePlease explain your scenario - I'll see if I can get time for this.
Deletei have 3 users : 1000, 2000, 3000.
ReplyDeleteMy scenario are mplementing call forward on busy or
unanswered.
example : when user1000 call user 2000,user2000 is busy or unanswered
Sorry it isn't a complete description on what you need to do next on busy or unanswered.
DeleteYour specific solution would be something like this:
Use Reply-route and Failure Route :
for capturing Busy SIP responses and once you detect that just simply consult a DB table on what destination to t_relay the call to !!
Unanswered call can also be captured from these two routes. All you need to do is flag a Ringing call in reply route. And in failure route when you see a 408 AND ringing flag is On you can consult DB again and do w.e you like to do with it.
Hi Gohar Ahmed
ReplyDeletei complete setting opensips now i want to use call fowarding. in file opensipscfg, what i need to load and add what command
Thanks very much @@
What exactly do you mean by call forwarding !?
Deleteexplain in simple easy steps what is call-forwarding to you !
Hello everyone, I am working with opensips, and I want to configure it done callforwarding.For example, forwarding from 192.168.1.88 to 192.168.1.99 in the case.
ReplyDeleteLOL @ Tin : This is not a Users list. I'm not sure what is so hard in reading the Chapter:8 of the book "Building Telephony Systems with OpenSIPS"
DeleteRead the chapter 8 and you'll see that they suggest using some DB table to store the destination number's preferences of call forwarding.
Then use the failure-route to detect the "BUSY" and "NO-ANSWER" from destination to route the call to the desired destination number.
I'm very busy to do a new writeup.
See in the opensips.cfg file:
if(!lookup("location"))
{
...
}
Just before the above condition consult the DB table for any preferences for $tU.
If any type of forwarding is found i.e "always","on_busy","on_no_answer" then pick up the desired string from DB. And either send the call directly, OR use Failure_route to detect the "BUSY"/"NO-ANSWER" SIP code and relay the call tom the desired new destination.
Sorry for bothering you.But my idea of making the call forwarding has the following steps.You can consider it correct?
DeleteStep 1: load module avpops.so in /usr/local/bin/opensips/modules
Step 2: create usr_precenses table in mysql
Step 3: write a script call forwarding, add it to opensips.cfg
I think it will be a long discussion here,
DeleteEmail your specific logic/flow suggestions on OpenSIPS users list
OR
Send a Private message to me.
Anyway like I told you I'm busy to make any blog/tutorial these days so all I can do is give you rough quick idea to make this work.
well, hope that you will complete his work.I look forward to hear from you. thank you.
DeleteHi all!
ReplyDeleteThis is my usr_preferences table:
+----+------+----------+--------------+-----------+------+-----------------------+---------------------+
| id | uuid | username | domain | attribute | type | value | last_modified |
+----+------+----------+--------------+-----------+------+-----------------------+---------------------+
| 10 | | 1001 | 192.168.1.55 | callfwd | 0 | sip:1004@192.168.1.55 | 1900-01-01 00:00:01 |
| 11 | | 1001 | 192.168.1.55 | fwdbusy | 0 | sip:1004@192.168.1.55 | 1900-01-01 00:00:01 |
| 12 | | 1001 | 192.168.1.55 | fwdnoansw | 0 | sip:1004@192.168.1.55 | 1900-01-01 00:00:01 |
+----+------+----------+--------------+-----------+------+-----------------------+---------------------+
And file opensips.cfg
http://www.mediafire.com/view/?ut5yqwyeun9yu7w
I call from 1000 to 1001, and test case:
case fwdbusy and fwdnoansw, but it 's not forward. Help me!
Thanks very much!
Well, it was forwarded! LOL
ReplyDeleteLet me know if you still need my code which is just in progress by one of my fellows.
DeleteYes, thank you. Now I'm studying more about the open IMS core.Do you learn more about this field?
ReplyDeleteOk right - I'm writing a new how to which includes media-proxy as well as your call forwarding scenario together. Hopefully by start of next week you'll read about it here.
DeleteYes I do know few things about OpenIMS, but nothing very cool. I suggest you look at integrating OpenIMS core with kamailio IMS modules.
Oh, great.Thank you. I will read your article .And I will find out more about do you say.
ReplyDeletehttp://pastebin.pk/30
DeleteThis configuration worked. Please see.
Very cool, you are very great!
ReplyDeleteHi all, I have a problem, after Opensips authen user, how it forward REGISTER message to FreeSwitch(a media server in dispatcher list) and FS send back 200OK, ignore authen user that FS know user registed or not?
ReplyDeleteI want to use open-sips to register my soft phone . For example I have two media server A and B and open-sips has IP like 192.168.0.1 . I want that when I register my soft with opensip IP as domain then request should be sent to either media server A or B where the phone is created .Is that possible ? Give me some light in right way , thanks in advance...Baum
ReplyDelete